Graduate Cybersecurity Programs: Meet the Faculty

Graduate Cybersecurity Programs: Meet the Faculty

Hossein Sarrafzadeh, program director for the cybersecurity graduate programs, presented an overview of the online Master of Science in Cybersecurity and online Graduate Certificate in Cybersecurity, and four of the program faculty introduced themselves and their background in cybersecurity.

Katie Macaluso: Hello everyone and welcome to our webinar! Thank you so much for joining us today to learn more about the online graduate cybersecurity programs offered by St. Bonaventure University. We have a full presentation today so we're going to go ahead and get started right away.

Before we jump in, here's a quick look at some housekeeping items. I just want to mention that we're in broadcast-only mode so that means that you can hear us, but we can't hear you. Should you have any questions during the presentation, please type them into the Q&A box at the bottom of your screen. We'll be sure to save time at the close of the presentation to address those.

Alright, our next slide, here's a quick look at our agenda. We'll be starting out with some welcome and introductions of everybody on the webinar, we'll talk a little bit about St. Bonaventure University and then the two graduate programs: The Online Master of Science in Cybersecurity and the Online Graduate Certificate in Cybersecurity. We'll feature some presentations from four of our accomplished faculty members and then finally, we'll save room for Q&A at the end.

Katie Macaluso: So without further ado, here are those of us on the webinar. I'm your moderator for today, my name is Katie Macaluso, and I'm joined by our admissions team, Marcos Baez and Elizabeth Comino, as well as our Program Director, Hossein Sarrafzadeh as well as four of our faculty members: Javad Shamani, Mark O'Connell, Mikhail Sudakov and Pouya Ghotbi. I'll leave more time for them to introduce themselves in just a little bit. So at this point, I'm going to go ahead and turn it over to Elizabeth to share a little bit more about St. Bonaventure.

Elizabeth Comino: Hi, everyone. To get us started, I just wanted to share a little bit about St. Bonaventure University. We are a private non-profit Catholic Franciscan university. We were founded in 1858. While the cyber program is 100% online, we are very proud of the tradition that we have with our university located in Western New York.

We are dedicated to academic excellence with our program. We give a lot of personalized attention to our students. We want to prepare you to go out into your professional careers and lead personal lives that are very valuable. We are ranked number one in New York state and number two in the north for the best regional university value by U.S. News & World Report, and we're also consistently ranked by The Princeton Review as one of the nation's best colleges. We are regionally accredited by the Middle States Commission on Higher Education. Next, we'll share a little bit more with you about our cyber program.

Hossein Sarrafzadeh: Hello, my name is Hossein Sarrafzadeh and I'm currently in New Zealand for the summer. I'm actually from New Zealand. It's, believe it or not, 7 AM in the morning on Wednesday actually, so I'm a day ahead of you. I was hired out of New Zealand to lead the cybersecurity program at St. Bonaventure University in 2016. I have a PhD in Computer Science, specializing in machine learning and artificial intelligence and I've applied those to cybersecurity as a part of my research. So my specialization is machine learning and data mining for cybersecurity.

I started New Zealand's first cybersecurity program in 2009. I created a cybersecurity research center in New Zealand and ever since I've come to St. Bonaventure University, I've created this new master's program and new certificate program which I'll be talking to you about. I've created Western New York's Cybersecurity Research Center in collaboration with National ICT Japan, Canadian Institute for Cybersecurity and a number of local companies.

Hossein Sarrafzadeh: To tell you a little bit about the cybersecurity program and its strengths, I can name a couple of things first, and that's the Cybersecurity Center, which I mentioned. The Cybersecurity Center does research in monitoring of attacks on Western New York and analyzing those attacks. It does machine learning, opinion mining, data mining and various other projects that are in the center, either funded by the university or externally and the students are allowed to use the data produced at the center and have access to the research in the center.

Hossein Sarrafzadeh: We also have a Security Operations Center and that Security Operations Center allows students to work in the Center while they study. We have partnerships with the EC Council and CISCO. This gives you free access to online materials and huge discounts, up to 65% on certification that is provided by the EC Council such as the Ethical Hacker certificate which teaches you ethical hacking and pen testing and also a range of CISCO certificates. The program is 100% online. You have access to your professors who are accomplished people in their fields. All of our faculty have industry certificates in their area of expertise, so they're hands-on people, they've had years of experience in the industry. Actually, one of them and he will tell you, he got his first cybersecurity certificate when he was 14. So with all of that, I'm telling you that the program is a solid program and it provides a range of topics which I'll be covering. We were also ranked number 11 in the security degrees hub in the country as a master of cybersecurity program.

Hossein Sarrafzadeh: The online master's in the cybersecurity program is 30 to 33 credits. You can complete it in as few as 18 months. Each course is seven weeks long, so you can do one course at a time. And if you need to brush up on your networking, then we might recommend that you do a networking for cybersecurity course prior to starting it to get you started in the networking basics and concepts that relate to cybersecurity.

The program is designed for busy working professionals, and we were getting a lot of applications from people who were police officers and the FBI and in various areas of the workforce who didn't have preparation for the master's program. So we've created a certificate program, a graduate certificate program, which I'll be talking about to get those who wanted to do the master's program but didn't have the preparation into it. We were actually getting, and then rejecting five applications out of every six that we were getting before the certificate was designed and approved by the state of New York. So now if you don't have a degree in computer science or don't have the background for cybersecurity Master's, a certificate program will give you that. We do real work, course work. We use cloud-based labs which will allow you to do cybersecurity practice without damaging anything, and you do it like in the real word, because our servers are there and then they're virtualized so that you can use them without any damage to the infrastructure.

Hossein Sarrafzadeh: Now one of the key things that makes our program stand out is the range of topics that we provide in the course, and that is we teach you Offensive Security. We teach you how to hack but then we teach you how to defend, Defensive Security. We also teach Enterprise Security which makes you employable in more advanced roles. We teach you cryptography. We teach you software security. In addition to all of that, we teach you machine learning and data mining which are cutting edge areas that are applied to cybersecurity. This makes our program really popular amongst the students, and you can see the testimonial that was taken from one of the students in the program. We try to keep our students as happy as it is possible with the content and with the delivery.

Hossein Sarrafzadeh: The online graduate certificate in cybersecurity, like I said, is a bridging program that bridges people who lack the background, for example, in programming, in networking and various other areas into cybersecurity. It's a stand-alone program because in that program, we teach you ethical hacking, pen testing and various topics in cybersecurity in addition to programming as well as networking and the basics of computing. So you could graduate with a graduate certificate in cybersecurity, but this graduate certificate not only allows you to go out to work, but it also prepares you for our master's program or basically a master's in cybersecurity, and it's designed for busy working professionals, although if you're a fresh graduate, you could also do this and get into the field of cybersecurity. So it's your key into cybersecurity advanced programs, like the master. Now it's time to start introducing our faculty members.

Mohammad Javad Shamani: Hi. This is Dr. Mohammad Javad Shamani. I got my bachelor from Iran University of Science and Technology in IT engineering. I got my Masters in information security from University of Tehran. And finally, I got my PhD from University of New South Wales in Electrical Engineering. I started my IT journey at the age of 14 and I got my MCP at the age of 15. From the age of 15 onward, I'm studying and working. So, a couple of my positions I’ve held... I was a network technician and engineer. I've started my journey with data, then network admin, network security designer. I was information security specialist for a couple of years, cybersecurity specialist after my master. And then at the end of my PhD, I was cybersecurity researcher. Then right now, I'm a trainer, consultant and SME for a couple of polytechnics organizations and St. Bonaventure University.

Mohammad Javad Shamani: So my areas of expertise are network forensic, incident handling, continuous monitoring, log analysis and site design. Right now for St. Bonaventure University, I teach 500, CYB-500 and CYB-501. In CYB-500, what we do is just we prepare students for future units and courses. So it's based on networking, but practical networking with security respective. So it's mostly hands-on experience and labs, and they try to troubleshoot by themselves with no help. But in CYB-501, it's about ethical hacking and penetration testing. So they try to understand the fundamental steps in these two category. Nothing else with me, and just I'll pass it to Mark.

Mark O'Connell: Thank you, Javad. Hello to all who are interested in St. Bonaventure University cybersecurity program. My name is Mark O'Connell and I'm one of the adjuncts and in particular I teach enterprise networks. A little bit about me first, I have a 35-year career, almost exclusively in IT related matters and specializing in Info Security. For the first eight years or so, I was a U.S. Air Force captain in charge of Info Security on mainframes both at the SAC underground command post in Omaha and in various offices in the Pentagon. After that, I was a consultant for Arthur Andersen and Company again on mainframe Info Security. For those of you who are younger, look up Arthur Andersen, a company that no longer exists. It's an interesting tale! After that I was a tech services manager at Washington Metro Transit Authority, the people who run the trains and buses in Washington DC, where I was in charge of all PC land rollout, Info Security, mainframes, networks and databases.

Mark O'Connell: After that, for 19 years I was a network engineer, change manager and data center director for Verizon, the telephone company in their all manner of capacities related to network infrastructure, change management and Info Security. And for the last four years I've been a consultant with a company known as Livingstone where I consult U.S.-wide and even worldwide in software asset management as well as information security. And for at least 10 years I've been an adjunct teacher at various colleges teaching them all manner of Info Security classes in particular related to enterprise networks but also security fundamentals, homeland security, firewalls as well as business related classes including corporate finance, cost and price and dozens and dozens more classes. I have both a BS and MS in computer science and an MBA from Georgetown University in Washington, D.C. I look forward to seeing each and every one of you either online or on campus, on St. Bonaventure University. And now I turn the discussion over to Mikhail. Take it away, Mikhail.

Mikhail Sudakov: Hello and welcome! My name is Mikhail Sudakov. I work full time in the field for LEO Cyber Security, which is a security company. I am cybersecurity architect and analyst. And if you're wondering what does that mean exactly? What do I do? Well, I do a little bit of everything. I am a developer of security applications and software. I am a registered hacker and I regularly conduct penetration tests and software hacks. I have a couple of offensive security designations. I am a threat hunter. I am a security analyst. I am a public speaker. I am a teacher. I am a pretty big gamer. And most importantly, I am human. So prior to joining Leo, I actually worked for St. Bonaventure University and I was developing some applications as well as doing some information security work for them. And also in my final year of that I was teaching undergraduate course of cryptology for the bachelor's in computer science.

Mikhail Sudakov: And before that, I also graduated from St. Bonaventure University and I did my undergrad and then MBA in 2012. So for the cybersecurity program, I teach a course of applied cryptography and, it's actually more of cryptology than just cryptography. Cryptology includes many fields, cryptography being only one of them. Some of the other important fields of cryptology are cryptanalysis and steganography. We will not be covering steganography all that much if at all. Now as I mentioned here, there is a huge emphasis on cryptanalysis or breaking codes. In fact, you will be doing more of cryptanalysis and breaking codes than you'll be doing cryptography or writing codes because I strongly believe in security by offense. And in order to truly understand how something works, you must take it apart.

Mikhail Sudakov: So one of my favorite phrases is the phrase I don't know, among others. I believe these are very empowering words. Never be afraid to say, "I don't know. I don't understand. Teach me." In the security field we very much value that, your curiosity, your endless curiosity, your desire to learn. And the words 'I don't know' are the very beginning of that. And these are just some of my personal beliefs. That's just me. Some agree, some disagree. I strongly, very strongly believe, in defense by offense. Now, I don't mean delivering the first punch. I mean testing your own defenses constantly, all the time. That's how you get better. You attack yourself, you see where you're weak. Never be afraid to admit your own weaknesses and work on them. I also believe that prevention, I put useless here in quotes because, well, it's not really useless. However, it is evidence that in today's security field a lot of emphasis goes on prevention and prevention.

Mikhail Sudakov: And honestly, if somebody wants you bad enough, they're going to get you. That's why I said prevention is, I don't believe in prevention. It's detection and mitigation. They will get in. So spending too many resources on stopping them is not going to bode well for you. Detect as soon as possible and mitigate as soon as possible. I strongly believe that if you are to be able to protect, well, you have to know how to attack. Because unless you know what your adversary is targeting and what they're going after and all their tactics and how they're going about their offensive, how in the world will you be able to detect and mitigate all those threats well, if you don't know what is coming at you? And finally try harder. Harder and harder, harder than you can believe. We very much value those people in this field that exhibit this quality. Never stop. Always stay hungry, thirsty. Always improve yourself. And you will do very well in this field. And next, I'll pass this over to Pouya Ghotbi.

Pouya Ghotbi: Thank you, Mikhail. Hello everyone. My name is Pouya Ghotbi. I'm from Melbourne, Australia. So I just want to give you a quick overview of my expertise and experience in the security field. So I've been in the IT industry for around 20 years, out of which 10 years I've been focused on security. And that includes different areas of security including software security, cloud security, network security, penetration testing, identity and access management and most recently privileged access management or PAM. So most of my experience has been around design architecture and also implementation of very complex security systems, typically in tier one companies like banks, telcos, especially in Australia I've been involved in the four big banks in Australia and telcos, but start of my career, I have worked with a smaller companies and smaller industries as well. So I've got a wide range of expertise and experience in the field.

Pouya Ghotbi: So currently I work as a solutions engineer which is like a presales role. So I'm involved in the sales cycle, technical sales for the company that I work in, that is the number one leader in this privileged access management industry called CyberArk. So in terms of my education, I've got a bachelor's degree in software engineering and I've got a master's in computer science from RMIT University in Australia. And my teaching background has been quite extensive. I used to be a sessional lecturer and also head tutor and tutor for more than around 15 courses, around networking, security, software security, things similar to that. So also, I'm a public speaker. I've run different courses around security here in Australia.

Pouya Ghotbi: So the other thing I just wanted to touch on was my certifications, industry certifications. I've got various certifications from Microsoft, Cisco, Check Point, F5, FireEye, Splunk, a bunch of others. I just want to quickly touch a little bit on the course that I teach, which is secure software design. It's a unique course that we've designed for St. Bonaventure University. I did courses around securing the software during the software development life cycle. We look at the methods, techniques and procedures and principles that we can use to secure software and address all the vulnerabilities at root, so before it actually gets out to production and before it is exposed. So naturally after that, you've got penetration testing and other testing. We talk about a lot of quite up to date industry standards, industry tools that I've used for security testing as well, like SAST, IAST, SCA tools and things like that. If you're interested, please have a look at the course overview and see how you can benefit from this course. I think that's all for me. Thank you so much and I'll just pass it on to Hossein. Thank you.

Hossein Sarrafzadeh: Thank you very much Pouya. It's Hossein again. And we're going to talk about the application process.

Katie Macaluso: Very good, yeah, I'll pass that over to Marcos.

Marcos Baez: Hi, good afternoon. My name is Marcos. I'm one of the advisors for the cybersecurity program here at St. Bonaventure. The admissions process for this program is pretty simplified. All that we ask is, you have your undergrad degree, your bachelor's degree in a computer science related field. That'll qualify you to bypass our certification program. Now if you don't have a relevant background, whether it be through your work experience or undergrad, with our new certification program, you now also have a pathway into our master's program. With your undergrad, we do require a minimum GPA of 2.5, and you'd also be required to provide us with a police clearance due to the sensitive nature of cybersecurity.

Marcos Baez: It's important, there is nothing unethical in your background as it relates. And then also there's no GMAT or GRE requirements, which can be the case with similar programs and also business-related programs. That's an exam you'd have to take. So again, not a requirement with our program. Now with all that being said, we are currently accepting applications for next session. Our next deadline is coming up and classes do start at the end of August. Once the presentation is over, hang tight, we will open the floor for question and answers as well as an outline for admission if you decide you want to proceed.

Katie Macaluso: All right, so with that said, it is time for our Q&A session. This is the chance that you can ask any questions you might have about the program. To this side of the presentation slides is a box for submitting questions. We'll do our best to get through as many as we can today. I'm going to go in right now actually and take a look at what questions we have. Our first question is, how long does this program take and what is the fastest I could complete it? Should I send this over to you Marcos?

Marcos Baez: Sure. So the program can be completed in as little as 18 months. Now keep in mind if it's determined you need additional foundation courses, it could stretch out the length of the program. But 18 months would be the minimum time needed to complete it.

Katie Macaluso: Okay, great. All right. Our next question is, would you consider an information systems a comparable degree? I'll toss it over to you, Hossein.

Hossein Sarrafzadeh: Yes. Well, it depends on the courses that you've done in your program. If you've done programming and networking, then yes, otherwise you can do those two courses or if you choose to do the certificate, two of the courses in the certificate program are transferable into the Master’s program. Actually, yeah, yeah, two of the courses are transferable. So you could either do the certificate or do courses from the certificate, depending on what courses you've done. So if you've done programming and networking in your undergraduate course, then yes, and it is an information systems course, then it is acceptable as a Bachelor's that qualifies for the Master's.

Katie Macaluso: Okay, very good. Our next question is, is asking if there is a graduation ceremony and a parchment on, I guess just kind of asking in general, is it the same as if you were completing a degree on the campus and participating in the graduation ceremonies? Hossein, can I ask for you for that one as well?

Hossein Sarrafzadeh: I think it would probably be optional if they wanted to attend an on-campus graduation. So you'd graduate with a degree from St. Bonaventure University and as such, you're entitled to attend the graduation ceremony. However, because our students are from multiple states, and they're far away, some of them, like we have people from LA, San Francisco, Chicago, it would be very difficult to require them to attend the on-campus ceremony. It's not compulsory, but you could request to attend the ceremonies.

Katie Macaluso: Okay, terrific. Our next question is, would a basic level of Python programming be sufficient to start the program?

Hossein Sarrafzadeh: I'll let Mikhail answer that question, if you don't mind, Mikhail?

Mikhail Sudakov: Yes. So for the last session of the course, Python was not included, but I am including it for all the future sessions. So yes, if you know your way around Python, the overall requirements for the programs are not that great, actually. So yeah, if you know your way around the programming language, Python included, you should have no issues understanding that.

Hossein Sarrafzadeh: Yeah, so the two, I mean we teach Python programming in our certificate course, so Python would be very appropriate, but if you program in Java or any modern language, that would be sufficient.

Katie Macaluso: Okay, terrific. Our next question is, I have a BS and BA background along with military and law enforcement experience. Do I need to do the certificate program first?

Hossein Sarrafzadeh: The certificate, it depends actually on what courses you've done in your undergraduate program and what your undergraduate degree is in. However, we designed the certificate program for specifically people in law enforcement, in the police force, in the military who have had some experience with IT or security even so that, that program bridges them into the Master's. So yes, I would recommend highly that you do the certificate because you get an initial degree, an initial graduate degree and then you can move into the Master's. And part of the certificate will be counted towards your Master's. You would benefit I believe doing the certificate first, and then getting into the Master's. However, we could, if you didn't want to do the certificate, we could look at your background, your experience, and all of that and advise as to what the best course is. So our recommendation is that you do the certificate. However, we could look at things case by case.

Katie Macaluso: Okay, very good. Our next question asks what should I expect in terms of exams and other homework assignments within the online courses?

Hossein Sarrafzadeh: It varies from course to course. So, I would like to ask Mikhail to talk about that again, but there'll be quizzes, hands-on experiences. For example, in the certificate program, one of the courses is, it teaches you about computer hardware, how it's set up. So, we're going to teach you how to assemble a computer in that course, if you haven't had any experience with computing. Then in that course one of the examinations would be to put together a computer from components and we will help you get used components at a very low price or if you have something at home that you don't want to use, or you can go to a store that sells computers and they might provide you with a used one free of charge and then you can take it apart and put it back together. So that's would be a type of exam, so practical exams plus analyzing code and detecting problems within that code examinations. So it varies from professor to professor. So I'll ask Mikhail to add what he does in his course.

Mikhail Sudakov: For the one I do in the cryptography course; the emphasis is hugely on hands-on. There is a quiz every week, there is a final which I'm actually strongly considering just dropping all together. Basically all you will be doing is doing things. So yes, there will be a lot of theoretical material and I'll just check in quizzes each week to make sure that people are on the same page, but I would say 60% to 70% of your grade is just you're doing stuff. You are making things, breaking things, very little of, first of all, in mine, there's no reading of outside material period, so there's no, like I don't have you read a chapter and then do a quiz on that. It's all hands-on.

Katie Macaluso: Okay, great. Well, thank you both for the detailed answers on that. Our next question asks, "How long does it take to get a decision once you apply to the program?" I'll pass that to you Marcos.

Marcos Baez: Well, it's completely dependent on the student. Again, there's documentation needed to complete an admissions file. Generally, once we gather all documentation, we should have a decision within a day or two, once your file's able to be reviewed.

Katie Macaluso: Okay, so pretty fast.

Marcos Baez: Very streamlined.

Katie Macaluso: Once everything is in. Okay, great.

Alright, well, I think that is all of the questions that we have time for today. We want to thank you all for joining us for today's presentation about the online graduate cyber security programs, we'll be sending out a recording to you, once it's available, so that you can view this in more detail later and I would encourage you to reach out to Marcos or Elizabeth for more information or to schedule an appointment to talk or to begin your application when you're ready to do so.


Thank you so much for attending, and we hope you have a great rest of your afternoon. Thank you.