The Hunt for New Hackers

Although the average salary among cybersecurity professionals is over $90K and an additional 500,000 workers with the right training could get a job in the U.S. right now if they wanted to, few students realize these jobs exist and that they don’t have to be Sherlock Holmes or some “basement weirdo” to succeed. Through its Applied Cybersecurity Lab and Scholarships for Service (SFS) program, LSU is connecting a diverse set of students with hands-on research projects in partnership with industry, as well as guaranteed jobs after graduation.

 

 

Cyberattacks have plagued Louisiana in recent years at great cost and disruptions for businesses, government, and residents. Hackers have entered computer systems to steal data and plant malicious code, including ransomware, where attackers encrypt critical data and make it inaccessible for legitimate users until they pay a fee. Governor John Bel Edwards went as far as to declare a state of emergency in 2019 as hackers targeted several Louisiana school systems, and more recently, shuttering 79 Louisiana Office of Motor Vehicles locations and forcing the City of New Orleans to “clean” over 3,400 of its computers, according to a local official. Meanwhile, computer systems and networks grow increasingly complex, offering cyber criminals new and seemingly mysterious ways to enter and hide.

“It takes a great deal of expertise to be able to tell what’s even happening,” said Golden G. Richard, III, self-described “benevolent hacker” and LSU professor of computer science with a joint appointment in the LSU Center for Computation & Technology where he’s the Associate Director for Cybersecurity. “The world is hungry for push-button solutions, but it takes a tremendous amount of knowledge and research to create these tools, ensure that they work, and update them as new threats arrive. It’s near-impossible to keep up, but we have to try, right?”

 

The lab offers an unusual bridge between academia and industry, allowing students to do cutting-edge research to find solutions to some of the most pressing problems experienced in the field.

A veteran of national security, incident response, and cybersecurity education in Louisiana and Maryland, Richard leads the LSU Scholarships for Service (SFS) program with $3.4 million in support from the National Science Foundation. The program pays students to study advanced cybersecurity for up to three years at the undergraduate, graduate, or doctoral level. The service component begins after graduation. Students commit to working in cybersecurity jobs in federal, state, local, or tribal government for the same length of time they received support at LSU.

“That’s the really exciting part,” said Ryan Maggio, an LSU computer science student from Slidell, Louisiana, who just defended his doctoral dissertation (with no requests for revisions) and will graduate with a Ph.D. this May. “A few of the national labs look like great opportunities; it seems like cool research is going on there, especially when it comes to securing energy infrastructure, which really speaks to me.”

Aside from the SFS program, Maggio is also a member of the LSU Applied Cybersecurity Lab, directed by Richard, where Maggio did much of the work that went into his dissertation. The lab offers an unusual bridge between academia and industry, allowing students to do cutting-edge research to find solutions to some of the most pressing problems experienced in the field, through close collaboration with Andrew Case, director of research at Volexity, a national leader in incident response and threat intelligence (including for the presidential debates last fall), and core developer of Volatility, an open-source memory forensics framework for incident response and malware analysis. Case is one of the top memory forensics experts in the world and co-authored The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, the leading textbook on the subject. Case co-advises LSU students and also develops grant proposals together with Richard.

 

“My industry position gives me daily insight into what the most sophisticated malware and attacker toolkits actually look like and how they operate. I also see the situations where current defensive technologies are unable to handle these threats in a timely and accurate manner—or, in some cases, at all. Our research focuses on these gaps.”—Andrew Case, director of research at Volexity, a national leader in incident response and threat intelligence, and close collaborator of the LSU Applied Cybersecurity Lab

 

Memory forensics is the analysis of a computer’s physical memory, which stores all of the data that flows through a computer (keys typed, files viewed and modified, passwords entered, websites visited, etc.). It is the most difficult and highly technical part of the much larger field of digital forensics, which also includes storage forensics (what you might see on the television show CSI as they try to recover photos or other data from a phone or laptop) and network forensics.

“My role in the LSU Applied Cybersecurity Lab is to provide an industry perspective on topics that are relevant to actual practitioners in the field,” Case said. “The gap between what many academic institutions study or research and the problems actually faced by the industry is well known in our community, but as part of this group, I help ensure students’ research is immediately impactful to investigators around the world, and gives students a tremendous advantage when applying for jobs and internships.”

Case recently helped Maggio develop new and nimble software to help rapidly and accurately analyze sophisticated malware that spies on users, called spyware.

“Honestly, working with Andrew can be pretty intimidating at first,” Maggio said, “He doesn’t ever stop working and it’s pretty great motivation to not slack off, actually. That being said, he always somehow has time to help anyone who needs it, and I don’t think anyone in our lab has encountered a problem that survived being run by Andrew.”

Case motivates the significant time he spends helping students with their projects by the need he sees on a daily basis for more students like Maggio to enter the cybersecurity workforce.

“My industry position gives me daily insight into what the most sophisticated malware and attacker toolkits actually look like and how they operate,” he said. “I also see the situations where current defensive technologies are unable to handle these threats in a timely and accurate manner—or, in some cases, at all. Our research focuses on these gaps.”

 

A majority of the world’s companies and governments are at risk for cyberattacks because of the global lack of cybersecurity professionals. For every two, three more are needed.

According to a recent cybersecurity workforce study by (ISC)²—an international association for cyber, information, software, and infrastructure security professionals and source of one of the top cybersecurity organization certifications—a majority of the world’s companies and governments are at risk for cyberattacks because of the global lack of cybersecurity professionals. For every two, three more are needed. In the U.S., there are about 500,000 empty seats, and the demand for qualified practitioners keeps growing. Especially now, as ecommerce is skyrocketing, companies move business online, and more people work from home on personal networks.

Another perk of the LSU SFS program is that students are able to secure professional certifications—the top item hindering career progression, if you ask those already working in the industry.

“This is something I had always considered, but was either priced out of, or didn’t have the time for,” Maggio said.

 

“Cybersecurity seems like a perfect field for me to get involved in, so I’m wholeheartedly pursuing it.”—Karley Waguespack

As Maggio is getting ready to leave the Applied Cybersecurity Lab, sophomore Karley Waguespack, who was born in Lafayette, Louisiana and grew up in New Iberia, just started. She recently left a campus job to spend as much time as possible reading about operating systems, networks, and kernel-level malware and other “essential topics” to fast-track her way into research. She plans on applying to the SFS program as a way to get to graduate school.

“I am very excited because the group has given me considerable direction in a complex and diverse field,” she said. “Being part of the group means I get glimpses of what graduate students are working on. I've also received a lot of advice and suggested readings and discovered that I enjoy delving into the inner workings of systems.”

“Cybersecurity seems like a perfect field for me to get involved in, so I’m wholeheartedly pursuing it,” Waguespack continued. “This summer, I’m aiming to get an internship within the Department of Defense.”

Case appreciates how Waguesback is open to exploring completely new topics in the field as well as experimenting with toolkits and frameworks she’s not yet familiar with.

“These are the attributes I’ve seen leading to the most success in our constantly evolving industry,” Case said.

About how Maggio’s work already before graduation is being used to drive the development of the latest memory forensics algorithms and approaches, he said:

“Ryan chose to stick with his quite difficult research path even while knowing that significantly easier projects existed. His doctorate is well-deserved.”

There is a strong link between higher education and jobs in the cybersecurity industry, according to the (ISC)² study. Professionals are likely to have at least a bachelor’s degree. This means higher education is key to one of the fastest-growing and highest-earning STEM professions (the average salary among cybersecurity professionals with certifications in North America is about $93,000). According to the Pew Research Center, the wider category of “computer workers” now make up the majority of the entire STEM workforce outside healthcare. There are now more computer workers than there are engineers, architects, physical scientists, life scientists, and mathematicians combined.

 

“We’re not all competing to be the one-and-only Sherlock Holmes; rather, we need 500,000 investigators on all levels.”—LSU Professor Golden G. Richard, III

Beyond excellence in research with direct impact on industry, a priority for Richard in directing the LSU Applied Cybersecurity Lab and SFS program is to make sure all students have access to these profitable and readily available careers. Among the 20 students in his core research group—some of whom have graduated since the group started in 2017—10 have been underrepresented minorities, 8 of them women. Meanwhile, there is a significant gender gap in computer-related occupations; the share of women in the workforce has actually gone down over the past 30 years (from one-in-three to one-in-four).

“In our field, approaching a security problem the same way every time quickly leads to less security,” Richard said. “That’s why non-standard backgrounds and different perspectives are huge assets. Also, we’re not all competing to be the one-and-only Sherlock Holmes; rather, we need 500,000 investigators of all kinds on all levels.”

Some of the projects the students in the Applied Cybersecurity Lab have been working on is related to another National Science Foundation grant, Secure and Trustworthy Cyberspace, which Richard and Case applied for and received in 2017. That $1.1 million award has focused on improving digital forensics and malware analysis, including both defensive and offensive techniques.

“Since its inception, our group has evolved from short weekly meetings where everyone gave quick updates to a true research team involving deep collaboration, weekly presentations, and joint publications,” Case said. “Through Golden’s efforts at LSU, students take classes where they learn both the theoretical components of computer security as well as gain hands-on experience with the tools used daily in the industry. This is the pipeline needed to develop a skilled and robust cybersecurity workforce that will properly meet the needs of organizations, whether in government, the military, or industry. If we cannot protect and defend our networks, this leads to the loss of intellectual property, national security secrets, and private and personal information.”

 

“The generous SFS scholarship has meant more time to focus on research without being super-stressed about money, which is a pretty great feeling.”—Ryan Maggio

Entry to the field, however, can be daunting, argued Waguespack.

“Before joining this research group, I never really knew where to get started since it’s such a complex and diverse field,” she said.

Maggio agreed.

“Hacking was still kind of a black box to me, even though I took some programming classes in high school and got a computer science minor,” he said. “Then learning about all of the deeply technical aspects of this ongoing cat-and-mouse game that is taking place worldwide got me very interested. The generous SFS scholarship has meant more time to focus on research without being super-stressed about money, which is a pretty great feeling. Being able to work towards finding someplace where the culture and job really suit you seems invaluable, too. I think my main takeaway is that the people you work with are the most important thing, as our lab is filled with smart and driven people.” 

 

Self-described ‘Hacker’ and Cybersecurity Expert Joins LSU Faculty

LSU Awarded $3.4 Million NSF Cybersecurity Training Grant

Crimer: Crime Prevention Through Crime Prediction

 

 

Elsa Hahne
LSU Office of Research & Economic Development
ehahne@lsu.edu