Interview of the Week - Dr. Sandra Blanke
During Cybersecurity Awareness Month Security in Color plans to highlight different women in the field of Cybersecurity / Information Security, in an effort to give voice to an underrepresented yet talented and diverse group.
Dr. Sandra Blanke
Accolades: CISSP, CRISC, and Ph.D. in Computer and Information Systems
Current Position: Director for the Center of Cyber Security Education and is the Ellis Endowed Chair in Management Technology
Organization: University of Dallas - Gupta College of Business
I graduated, this past May, from the University of Dallas with my Master's Degree in Cybersecurity. One of my most interesting, and challenging, class was lead by Dr. Sandra Blanke, who teaches courses in Cyber and Technology within the Masters and Doctoral Programs in the UD - Gupta College of Business. Her work spans over 20 years and includes a wealth of research and development in the field of Cybersecurity. I have learned so much from her work with the University and outside initiatives, including the George S. Sturgeon Women in Cybersecurity Scholarship. Read more about this incredible voice in the field below.
Thank you for taking the time to be interviewed for Security In Color. Would you mind doing a brief introduction of yourself or our audience?
Hello Dominique and thank you for asking me to be part of your Cybersecurity blog. I am the Director of Cybersecurity at the University of Dallas, an Associate Professor in Cybersecurity and the Ellis Endowed Chair in Management Technology. My role as the Director of Cybersecurity deals with maintaining our Center for Academic Excellence (CAE) accreditation with the NSA/DHS, teaching Cybersecurity courses, interfacing with graduate cyber students in the UD masters program, developing new cybersecurity courses for our cyber program, interfacing with cyber vendors, hiring permanent and adjunct cyber professors and a whole host of other responsibilities. Prior to my work at the University, I was a Director at Verizon working in Network Operations, Engineering and Customer Service roles.
You have your Ph.D. in Computer and Information Systems. Can you give some insight into your decision for pursuing this pedigree and the types of opportunities available to those looking to perhaps go into the research aspect of Information Security?
As I was starting to think about my “Life after Verizon” I started thinking about what I wanted to do next. I was taking an early retirement offer and knew I was at the time too young to fully retire. So I started researching Ph.D. programs that would allow me to continue to work and travel meeting my Verizon responsibilities and also be a Ph.D. student. At the time there were a very limited number of Ph.D. programs that offered this amount of flexibility. So I started my search talking with others that had been my mentors over the years and then looked for schools that would offer a Ph.D. in Information Systems or Information Assurance. I created a shortlist of the schools that met my strict requirements. Then I visited Nova Southeastern University and became clear they had the program credentials and their program offered the flexibility that I needed. For individuals interested in working in Cyber research I would definitely say earning a Ph.D. is the right approach. In a Ph.D. program you will learn how to research and also earn the credentials that will qualify you to research and possibly teach in Cybersecurity. As far as opportunities, I would consider consulting firms that publish annual reports in cybersecurity, vendors that use research in the development of new products and schools that value applied research where you can offer and use your business experience and your research skills. Some firms and schools that come to mind are Dark Shadows, Gartner, Verizon and of course the University of Dallas.
As a Professor of CyberSecurity and Emerging Technology for graduate and doctoral students, what are the key takeaways students should emerge with in order to be successful in their careers as Security Professionals?
As a graduate of our program students currently in the cyber field will quickly realize their Master's Degree qualifies them for that next level promotion and provide a gateway toward opportunities into very prestigious companies. As a student without the on the job training, they will learn the skills that will help them obtain positions where they can grow and gain the on the job training. We have alumni working in major cyber vendor firms, for the government, small business and non profits building cyber programs, creating cyber awareness programs, developing cyber compliance programs to align with GDPR, SOX, GLBA and other legal aspects of protecting and maintaining confidentiality and integrity of electronic data. Some of the key takeaways including a strong understanding of Cyber frameworks, realizing cybersecurity is not just technology and technical components but process, procedure, compliance oral and written communications.
Being certified in Risk and Information Systems, what would you say is the biggest risk facing organizations today? How can organizations and Security Professionals alike prepare to tackle this?
The biggest risk that organizations face today is becoming complacent and thinking a cybersecurity breach will not happen to their organization. So, often they find themselves not being prepared for any cyber breach whether it be an employee that makes a mistake and responds to a phishing attack, an employee, vendor or outsider that intentionally takes information and sells it on the black market, a systems patch that is overlooked and not implemented, a ransomware attack that finds the company unable to access their systems – there are numerous ways that electronic information can be breached. In order to get started securing an organization a good first step is to start with the NIST Cybersecurity Framework. I believe the 5-Step process of Identify, Protect, Detect, Respond and Recover is a very simplified way to think about creating a cybersecurity program in all organizations. I would suggest that every organization review the NIST CSF at https://www.nist.gov/news-events/news/2018/04/nist-releases-version-11-its-popular-cybersecurity-framework. There are many links within this URL that have beneficial information and I feel strongly that building a CSF for each and every organization is important.
Security in Color’s name was chosen for two reasons - to change the narrative of Information Security being seen as boring, black and white so to speak, as well as wanting to increase diversity in the field. How do you think the industry can change this narrative and increase the visibility of diversity?
I have never thought of Cybersecurity as boring – I think it’s a very exciting field that requires constant education, training, networking and just staying involved to keep current and stay abreast of the next big thing. I have seen the field change and evolve over the years while bringing attention and support to the demographics in cybersecurity. For example, at the University of Dallas, we have a Scholarship for Women in Cybersecurity. I believe this is one way to get more women in this field increasing the talent pool and diversity at the same time. I am also seeing summer programs for younger students. I believe an overall focus on Science, Technology, Engineering and Mathematics (STEM) is good for Cybersecurity and all other STEM disciplines.
Want to be featured on our site, or know of someone who deserves to be heard? Submit your nominations at SecinColor@gmail.com