In my last post I told a very short version of my relationship with ISU’s industrial cybersecurity program. Here I’ll address the second motivating factor for a shift in professional direction: a goal I set for myself in 2005 of obtaining a PhD.
In 2016, I told Corey Schou, who had invited me to return to ISU, “I am willing to make a change; and I have two goals: first is to create the world’s best industrial cybersecurity degree program, and second is to obtain a PhD.”
Corey said “Great! I’ll introduce you to one of the best PhD supervisors I know”, and soon I was engaging with Jill Slay — then at La Trobe University in Melbourne.
Jill happens to be one of the world’s leading experts in cybersecurity education. She was co-chair of the international advisory board of the CSEC-17 project that formally established cybersecurity as an academic discipline.
My friends with PhDs had told me that the best thing you can do is find an outstanding supervisor – someone who knows the space, has confidence in your capabilities, and can provide the right level of support, without being overbearing.
Jill was all that plus the sincere belief in the value of each individual. She personifies the power of careful, critical thought. Each time my work hit a roadblock, she expressed confidence and optimism in me and the work I had undertaken.
How did I have time to do the PhD work while simultaneously building industrial cybersecurity degree program at ISU?
Well, I chose the thesis topic “Foundations of Industrial Cybersecurity Education and Training”. So, there was natural and even necessary congruence. In fact, I don’t think I could have built the program without doing the PhD nor done the PhD without actually building the program, because building something right takes time and critical thought; it takes understanding what others have done before, and determining what needs to be done now.
I am pleased to report that in December 2021, The office of graduate research at the School of Engineering and Mathematical Sciences at La Trobe University accepted my PhD thesis.
You can find the thesis at this link in case you’re interested.
It is dense, but makes several important contributions to the field:
- Clarification of differences between industrial cybersecurity and common cybersecurity for use in guiding education and training
- Comprehensive review of current state of industrial cybersecurity education and training guidance documents/efforts
- Proposed workforce development framework for industrial cybersecurity
- Archetype industrial cybersecurity job roles
- Knowledge categories, topics and justifications
- NSA CAE-style knowledge unit for industrial control systems
- Key tasks for each archetype role
- Leverage point for future standard development
- Historic documentation of process used to create the world’s first cybersecurity education and training standards
As you can tell, I am very thankful to Dr. Corey Schou and Dr. Jill Slay. I also need to thank La Trobe University for the full tuition graduate scholarship. I thank the INL, especially Eleanor Taylor, Wayne Austad, Zach Tudor, Shane Stailey, and for always asking “what can we do to help?” and then providing the help! I also thank Dr. Diana Burley of American University for her thoughtful examination of the thesis — which helped me keep the focus appropriately on “foundations”.
I really do think the work makes some strong initial steps towards establishing the foundation; and, I acknowledge that we still have a long way to go!