Professor leading Computing Security as Department Chair and led Cyber Defense team
Bo Yuan is associate professor and chair of the Computing Security department at Golisano College. Yuan has taught at RIT for more than eleven years and is also the head coach of the college’s national championship-winning cyber defense team. He was instrumental in helping the college achieve its designation as a Center for Excellence in Cyber Defense Education from the Department of Homeland Security and National Security Agency.
How did you get your start in computing?
During my undergraduate studies, I took some computing courses even though my major was mathematics. At that time, computer science resided in the math department. We had to use punch tapes to program, and we had to submit them to a human operator and wait for results the next day. The computer was as big as a large, air-conditioned, dustless room. During my doctoral studies, I took some courses that required heavy programming as well. I remember we implemented many optimization algorithms including the Simplex Method in Linear Programming with FORTRAN. Before joined RIT, I was a staff scientist in a small local startup company. I programmed mainly in C and Perl to implement and test new ideas, some of which were patented later. In summation, computing has always been a part of my professional life.
What drew you to computing security?
My involvement in computing security resulted from a natural progression in the curriculum development after I joined RIT eleven years ago. Initially, I was teaching wireless data networks and security. When we were establishing a bachelor of science degree in information security, I took on the challenge of developing and teaching a computer virus and malicious software course. I didn’t realize how much I didn’t know before I agreed to take on the task. In the end, I believe my background in computing and mathematics really helped me. I’ve learned a lot during the process; it was at that time that I realized computing security would be a significant discipline for the future and we should participate in this new area of study.
How do you approach coaching the cyber defense team and what was it like to win the national championship?
The role of a coach in the Collegiate Cyber Defense Competition (CCDC) is limited. Coaches are not allowed in competition rooms with students, and even not allowed to discuss with students the specific challenges during the competition period at regionals and nationals. One of my main contributions as a coach is taking care of logistics and selecting a good team of students to represent RIT. We have a good process to identify talented students, and we are very proud of RIT teams. The students are very professional, academically strong, and great team players. We put more emphasis on the learning aspects of CCDC; during the process, team members learn a great amount of cybersecurity knowledge and techniques that is often not covered in classes. Winning the national championship title was just icing on the cake.
What are some of the emerging trends you see in computing security?
Computing security as a discipline is still in its infancy. It is a very broad area of multi-disciplinary study with related topics ranging from hardcore mathematics and engineering to human psychology and physiology. In the future, we might see fewer and fewer software or hardware vulnerability-based security breaches as developers become more security conscientious, which includes things like better coding practices and rigorous software testing. We might instead see more social engineering-based attacks that target the weakest link in security regimens: the users and operators themselves. Vulnerable software or hardware can be fixed and replaced, but humans will never be “fixable.” We might see more collaborative research activities between computing security and human-computer interaction that aim to mitigate human errors in security operations and handling sensitive information. In the near future, we might see great progress being made in the science of security that overlaps with computing security. One day, we might be able to discover laws in computing security that are analogous to Newton’s laws of motion in physics, Ohm’s laws in circuit analysis, or even Einstein’s general relativity theory.
What advice would you give a student who is interested in computing security?
Computing security is based on fundamentals of computer science and should not be learned in isolation. Students who are interested in computing security should establish solid foundations in programming, mathematics, and physics. Mathematics will teach students abstract reasoning skills; physics will teach students how to model real world phenomena with mathematics; and programming teaches students computational thinking, how software is built, and skills for rapid prototyping and creating new tools. Our adversaries are strong, so students need to compete not only at a high level of academic knowledge, but also at a level of practical experience and good common sense. Students should have a habit of lifelong learning and continuously challenging themselves. As future computing security professionals, students need to be people of integrity, hold high ethical standards, and always stay vigilant and question the obvious.