By Barry Zepel
Anyone aware of last year’s reports about Russian hacking of the Democratic and Republican parties’ computer networks will be familiar with the term “cybersecurity.” As hackers attempt to invade network systems via the Internet – to either damage them or steal proprietary information – cybersecurity has become among the highest priorities for governments, corporations and many other types of organizations.
David Schuster, an SJSU faculty member since 2013, won a National Science Foundation Early Career Development Award grant of $516,000 over five years to conduct research on strengthening cybersecurity and computer network defense. The approach that Schuster and his team of SJSU students are taking in their research is very different than what most people might expect. Schuster is an assistant professor of psychology – not computer science or information technology.
“My field within psychology is called human factors psychology,” Schuster said. “Human factors psychologists study things like the design of a technological device – such as a smartphone – to determine the easiest way to make that device most intuitive for any person to operate with a minimum of frustration. Human factors psychologists study both the technology side and the human side.”
Schuster and his 14 assistants – seven graduate students and seven undergraduates – are focusing their research on the people hired to defend computer networks, not on the technology itself. Two of his graduate students are paid through research assistantships, while two undergraduates are compensated through scholarships; other students are volunteers. They all are dedicated to their research assignments in the Virtual Environments, Cognition and Training Research Laboratory managed by Schuster, located in the newly renovated Dudley Moorhead Hall.
“We aren’t studying the individual using their computer at home and wanting to remain safe on the Internet,” Schuster explained. “Rather, we want to get to know the cybersecurity professionals charged with protecting the computer network systems of organizations like corporations, governments, universities and school districts – organizations across all sectors.”
Schuster notes that no organization can protect its computer network by simply using or turning on some security software.
“There is at some level someone who is making decisions that determine the effectiveness of that organization’s line of defense against a cyber attack,” he said. “We are studying those people; learning who they are, what their role is within the organization, what decisions they make on an ongoing basis, and how those decisions impact the overall cybersecurity of their organization.”
Soham Shah, an undergraduate majoring in computer science, said he spends 10 to 12 hours per week working in Schuster’s lab. The research matches his intellectual passions.
“My interest has been to know more about cybersecurity,” Shah said. But beyond that, “I am learning how to think. Being part of the lab and doing the research is broadening my horizon and lending me a unique perspective.”
Ian Cooke, a second-year graduate student working on his master’s degree in research and experimental psychology, feels the tasks he takes on in Schuster’s lab are a perfect fit with his interests and goals.
“I live for this kind of stuff. I love research,” Cooke said. “I love working on projects that are actionable in some way (like) developing a tool to facilitate some socio-technological need to solve problems, as opposed to simply recognizing them. That’s what I am doing here.”
Schuster, as the grant’s principal investigator, gives credit to his students for “their work ethic, determination and contributions to the research.”
“We’re really one unified team at the moment, as we’re all working towards similar milestones,” Schuster explained. “I continue to be impressed by what the students are capable of, and how they rise to new challenges. With research, there’s one new unexpected challenge after another.”
Ultimately, Schuster’s goal is for their research findings to help determine ways for cyber security employees to make better decisions that more effectively protect their organizational computer networks.