Ashley Zeman: Hello everyone, thank you so much for joining us today for this info session about the online Master of Science in cybersecurity program at St Bonaventure University. Before we get started, I wanted to cover a few housekeeping items. We are in broadcast only mode which means you can hear us, but we cannot hear you. Please feel free to type any questions you may have throughout this presentation in the Q and A box at the bottom of your screen, and we have reserved some time at the end to answer your questions.
Ashley Zeman: Here are our speakers for today, webinar. I'm Ashley Zeman, I'll be your moderator. I'm joined by Marcos Fayez, an admissions counselor for the program whom I'm sure many of you who have already spoken with or have received emails from. Marcos can help you answer questions about the admission process, and also assist you in getting all of your application materials submitted to the selection committee.
Ashley Zeman: We're also joined by Dr. Hossein Sarrafzadeh who's the director of the Cybersecurity Program at St Bonaventure and he's also a professor within the program. Well linked to the Information and Communications Technology industry, Dr. Sarrafzadeh has strong connections to the international research and academic communities. Leveraging networks with an industry, academia and government in the field of IT security and computational intelligence, Dr. Sarrafzadeh has made contributions through publications and patented systems in the areas of cybersecurity, intelligence systems and the Internet of Things, and cloud security.
Ashley Zeman: Dr. Sarrafzadeh has developed one of the world's first real-time facial expression and gesture recognition systems. He also developed a novel vision-based targeting advertising system which has been patented in New Zealand and internationally. Dr. Sarrafzadeh also has led the establishment of New Zealand's first cybersecurity center in partnership with the National Institute of Information and Communications Technology of Japan. He's also been instrumental in the founding and development of the center for computational intelligence for environmental engineering and the Internet of Things in China, and the National Institute for Water and Atmospheric Research in New Zealand. He's also the founder of the Western New York cybersecurity Center and the St Bonaventure University Security Operation Center. So, we'd love to give a warm welcome to Dr. Sarrafzadeh, thank you so much for joining us.
Dr. Hossein Sarrafzadeh: Thank you very much, Ashley, and it's great to be here.
Ashley Zeman: Great. Well here's a quick look at our agenda for today and what we'll cover in this presentation. First, we'll talk a little bit about St Bonaventure University and the online cybersecurity program. Then we'll dive into the admissions process, and finally leave time for any questions you might have at the end. So, with that, Marcos I'll turn it over to you to tell us a little bit about St Bonaventure and the online experience.
Marcos Fayez: Thank you very much, Ashley, and a welcome everyone to the webinar. I'm sure I've again, spoken with a lot of you so far. I just want to touch on some of the facts of the school. We are a private not-for-profit university, a Catholic University, and with that in mind we do follow the Franciscan tradition, as you can see on the slide. Now, I think that ties in really well to cybersecurity. As you know in the cybersecurity industry, it's important you have a strong moral and ethical code. And likewise, that's our mission statement here at St Bonaventure. So, I think that ties in really well.
Marcos Fayez: And then also academic excellence through personalized attention. With this being an online program, it's important that we offer that personalized touch to our learning environment and I think we definitely touch on that. And then in regard to some national rankings, just recently we were ranked number one in the state of New York, and best value school by the 2018 US news. As you can see we were also number two in the north for best regional university, based on values, again by the 2018 US news. Just recently we were also ranked one of the best 384 colleges by The Princeton Review. And then also we are accredited by the Middle States Commission on Higher Education. I think these facts speak to the combination of our tuition as well as the quality of our programs here and I want to touch now so on the overview of our program, our cybersecurity program. All in all, you're looking at a total of 30 to 33 credit hours to complete the program. Now the determination on that is made once you apply, there is a foundational course in Computer Networking that has the potential to be waived based on your background and how it relates in regard to computer science.
Marcos Fayez: This program is designed with the full-time working adult in mind. It is a 100% online. It is asynchronous, so it can be completed at your leisure. There's no required log in times. Now in regard to the curriculum, we do pride ourselves on the fact that it's based on a rule of demand. As you know cybersecurity is an ever-changing industry. So, it's important that our curriculum matches those changes and remains up-to-date in regard to the latest in the industry. There's two facilities on campus that relate directly to our cybersecurity programs. Ashley mentioned them initially. And Dr. Hossein will actually elaborate on how those facilities directly relate to our programs as well.
Marcos Fayez: Now in regard to the online experience, with the formatting of our program each class is seven weeks in length. With that in mind you get a one week break in between classes if you take the program continuously. Now with the virtual learning environment I think we do a good job, as I mentioned on a previous slide, of really offering a personalized touch to be able to interact with your faculty as well as your fellow students while in our program. And as I mentioned, there's no set log in times. It is an asynchronous program, so it really allows for flexibility for somebody who might have a very strenuous work schedule during the week. So, you have that flexibility to work on the weekends or early mornings, or late evenings, whatever you'd prefer. We really offer that flexibility. Now in regard to content of the courses, we really pride ourselves on a hands-on learning experience. And Dr. Sarrafzadeh, then will really touch on that component as well. And then again, on top of having the faculty at hand you also have access to a student success advisor or coach while you're in our program. And their job is to ensure academically your reaching your goals while you're in attendance.
Ashley Zeman: Great. Thank you so much Marco. So now Professor Sarrafzadeh will tell us a little bit more about the program details, the curriculum and the demand that exists for cybersecurity professionals today.
Dr. Hossein Sarrafzadeh: Hello everyone and welcome to this webinar. I'm Hossein Sarrafzadeh, the Director of the Cybersecurity Master's Program. The area of cybersecurity has been in the news over the past few years as being a threat. A threat to national security, a threat to your pockets, and the risks that it poses. But if you start studying cybersecurity it all of a sudden becomes an opportunity for you. The cybersecurity job market has close to a million job openings at the moment and there's more than 300,000 cybersecurity jobs in the US alone which are unfilled. Demand for cybersecurity professionals is expected to rise to the level of six million globally by 2019. There was a projected shortfall of 1.5 million according to very credible sources. That has now been updated and the shortage in 2019 is going to be three million, which is double what they thought it would be.
Dr. Hossein Sarrafzadeh: So, I'm hoping that through this program we will be able to help address this human capital crisis in cybersecurity. And we will do our best to differentiate you as a specialist who can grab one of these jobs. Not only that, but some of the highest paying and some leadership jobs in cybersecurity. I'll tell you what the curriculum includes and what the facilities are that will help you achieve that.
Ashley Zeman: Great. You can go ahead and dive into the curriculum.
Dr. Hossein Sarrafzadeh: Okay. So, the curriculum consists of four different parts. So, we designed the program so that it addresses offensive cybersecurity, defensive cybersecurity, enterprise cybersecurity, and other concepts like AI machine learning, data mining, that relates very closely to cybersecurity, and our new area that contribute to cybersecurity that are a differentiating factor putting us hopefully ahead of the criminals. And we will teach you those techniques, and I'll tell you how we provide for that.
Dr. Hossein Sarrafzadeh: Offensive security is very important. We're going to teach you how to attack, and you can't defend unless you know how an attack takes place. So, there's a course called Cyber 501 called The Foundations of Cybersecurity Ethical Hacking and Penetration Testing, and that course teaches you how an attack takes place and teaches you how to do an attack. It'll be practical, hands-on, so hopefully at the end of this course you will have done well, and you will be able to become a beginning ethical hacker and a penetration tester. I want to tell you that penetration testers are in demand. Their salaries are close to and possibly over $100,000 mark.
Dr. Hossein Sarrafzadeh: Defensive security. There are two courses in defensive security, Cyber 502 and Cyber 504. Advanced Cybersecurity and Cybersecurity Forensics. There are three courses in enterprise cybersecurity. That is really your specialization. So, not only you learn offensive security, defensive security, but also a wider area called enterprise cybersecurity. Enterprise networks will be taught first so you learn what an enterprise network is like and how it works, how it's designed and implemented. Then you learn about enterprise security and risk management and system hardening and protection of an enterprise system.
Dr. Hossein Sarrafzadeh: Now, what is really cool in my view is the other courses that we teach as a part of the curriculum, and those are machine learning in Cyber 509. So, you learn how machine learning can be applied to cybersecurity. And that is what really has put technology ahead. Any technology that uses machine learning is ahead of the ones that don't use it. So, we're going to teach you that. And there is a Cyber 508, Applied Data Mining and Applications in Cybersecurity that teaches you how we mine cybersecurity data and how we make sense of that.
Dr. Hossein Sarrafzadeh: When I talk about the cybersecurity center, I'll tell you how we do that at St Bonaventure University. And there are other important concepts to enterprise security, applied cryptography. You'll learn in that course various basic concepts of applied cybersecurity and then some applications like cryptocurrency. Cyber 505, Secure Software Design is another course that teaches you about designing a secure software. If you don't have a background in computer networks and we feel you would benefit from this course, we will ask you to take Cyber 500. And a lot of you might like to take that and to brush up on your computer networks knowledge. So, that's basically the curriculum in a nutshell.
Dr. Hossein Sarrafzadeh: What we do ask you to do is to certify, all the students are encouraged to certify. That's industry certification. When you get a degree, especially a master's degree, you open up opportunities in cybersecurity leadership to yourself, but when you get these certificates that we encourage you to take, you also open up opportunities for yourself to get higher salaries. And the lowest level of certification, industry certification, that we encourage you to do is CompTIA Security Plus. If you already have that, then that's great, otherwise we would advise you, encourage you, to do this.
Dr. Hossein Sarrafzadeh: EC Council Certified Ethical Hacker certificate, Cyber 501 actually prepare these for about 40% of that course, and the certification. We have a partnership with the EC Council, so you get heavy discounts and vouchers to do the examination, so it'll be a lot cheaper for you to do that. If you have some industry experience, then you can do the CEH, if you don't, our partnership allows you to be exempted from prior experience.
Dr. Hossein Sarrafzadeh: CISCO certification is also encouraged and CCNA security, CCNP security, and CCNA Cyber Ops are the certification areas that we encourage you to do. We also have a partnership with Cisco, we're a Cisco Academy. So, you get access to all the certifications plus the discounts that you can get to certify.
Dr. Hossein Sarrafzadeh: Now, the next thing I want to get into is the facilities on campus, which make our program and the courses that we teach very unique. We gained a lot of publicity for being the home of the Western New York Cybersecurity Research Center. This is a collaboration with National ICT Japan, the Canadian Institute for Cybersecurity, the New Zealand Cybersecurity Center, the local company that has a partnership with our Silo City IT and various other partners like Ryerson University in Canada. What we do in the center and you are welcome to request a visit if you're close by and come and visit. Or we might be able to give you a visual tour of that. What we do in the center is to use data mining and machine learning, as I will tell you after this slide, as monitoring of attacks on Western New York. We're extending this to the whole of New York.
Dr. Hossein Sarrafzadeh: So we'll be monitoring attacks and traffic that comes to New York and we'll be mining that data, making sense of the trends in the attacks to this part of the country and apply that globally, because we have partners in Japan and Canada and New Zealand and we compare the data and we try to make sense of the global attack picture and then design tools to combat that. We also do alerting, and all of this uses data mining and machine learning. I will show you a demo after this slide once I've explained another facility that we have on campus. We are opening a student-operated security operation center in partnership with Silo City IT. It is a hands-on operations center, it employs students, we pay the students, we have a senior cybersecurity analyst who support the students and we open this center in December. So, it'll be very soon up and running. We are going to be teaching security operation centers in our courses. So that will be a new course possibly in the future that will be added.
Dr. Hossein Sarrafzadeh: Now I want to show you a video of what we have in the center which I think is a cool video, and I hope you will like it.
Dr. Hossein Sarrafzadeh: Ashley? Excuse me.
Ashley Zeman: Yes, I'm playing the dark net video right now.
Dr. Hossein Sarrafzadeh: Excellent, that's fantastic. So, all of you are familiar with dark web. What the dark web is, is an alternative to the World Wide Web that we're used to. And in that there's a lot of criminal activity going on. What we're talking about here, what you see on the screen, is the dark net. It's the unused IP addresses that we are monitoring. So, what you see here is, each of these arrows that you see on the screen is a suspected packet, so it's basically considered an attack or an attempted attack. The data that we collect through this, is the ports that are being targeted, the IP addresses that the attack is coming from, various other information, and the packet data itself. We log all of this data and then we start working on it. This is in real time, it happens as we speak.
Dr. Hossein Sarrafzadeh: That data is logged, we create what's called a support vector machine which is a classification of all this data so that when a new attack comes in we can classify it on one of those support vectors which is a machine learning technique. And when a new attack comes, we either are able to classify it, or we can't, and that is code for us, we have a new attack. We also do mining of this data and we find trends within the data, and we share that with law enforcement and various other bodies that we think should know about it. The color coding shows us what kind of attack we are dealing with. For example, the yellow arrows that you see on the screen are a DDoS attack. We can collect a lot of intelligence through this tool.
Dr. Hossein Sarrafzadeh: The next video that I want to show you is an alerting system. In the alerting system, we monitor companies. I'm done with this video and we can show the other video which is a monitoring system. We're deploying the monitoring system into companies. So, what you'll see on the screen is all these circles with other smaller red circles around them. For example, this circle is a company that's been attacked multiple times, and this is a new attack that is coming in, and we know where it's going so we notify the company that we are monitoring. What you see here is a company in trouble but that's not a problem, we know, and that's our test company. We test the company every second, and we send an attack to it so that we make sure it is live and it's working. So, with this tool, and with the other tools that we have, which I don't have time to show you, we collect a wealth of data that is anonymized and then made available to our students who can do projects on them, and our faculty to do research on this.
Dr. Hossein Sarrafzadeh: We've got a huge facility here in Olean at St Bonaventure University, collaborator across the world that you can benefit from hopefully, in your program. I am happy to answer any questions when the time comes. And I'll pass over to Ashley.
Ashley Zeman: Great. Thank you so much, professor. Now, I'm going to have Marco talk through the application process, next steps, deadline and then we will open it up to questions. So as a reminder, feel free to type your question. At the bottom of your screen there's a box that says Q and A. You can type any questions in there and then we'll open up for questions right after this slide. Go ahead, Marco.
Marcos Fayez: Great. Thank you, Ashley. In seeing a lot of your names that are in attendance, I've gone over the application process with quite a few of you who already. But if you have not applied, I want to focus on you as well. And with our process, there's four steps to the application process. Put that in mind that a bachelor's degree is required. Generally, we prefer it to be in a technical-based program of study. However, if you do have relevant work experience as it relates to IT, computer science, cybersecurity, that can also qualify you for our program. Now, we do expect a minimum GPA of 2.5 from your undergrad.
Marcos Fayez: And then, there is a police clearance aspect that's needed as well, like a background check of sorts. For that piece, you can contact your local police department and whatever they offer in the form of a background check or police clearance will be suitable. Now, there's no GRE or GMAT requirement. If you're not familiar with that, it's almost like an exam needed to qualify for admission to certain programs. We do not have that requirement. And then, we would need a copy of your resume, as well as official transcripts from any university or college you attended before here. So, with that being said, that's it. There's four steps; to reconfirm there's application, your resume, your transcripts, and the police clearance. It's that simple. Those four steps complete the admissions process here at St Bonaventure.
Ashley Zeman: Okay, great. Can you talk a little bit about when the next program is starting and when we should get everything in by?
Marcos Fayez: Great question. Our next start time is January 21st, with an enrollment deadline of January 4th. When it... And with it being November 28th, that does kind of set a little bit of urgency in regard to finishing up your application file. And I will gladly work with all students who wanted obviously to continue the application process or start it. Because that January 21st start is fast approaching, and it'll be here before we know it.
Ashley Zeman: Great. And also, just keep in my mind with the holiday season upon us, oftentimes we're closed at St Bonaventure that week of Christmas. So, if you're able to get your materials in earlier, that's always encouraged prior to the holiday break.
Marcos Fayez: Great point, Ashley. I can't emphasize the urgency enough. With the holiday season that's possibly 10 to seven days towards the end of December that it will be really hard for you to retrieve your transcripts from whatever school you attended. So, it's best we start this process as soon as possible.
Ashley Zeman: Great. Alright, and with that I will open it up to questions. Looks like we've already gotten a few questions already. Let's see here. A few questions from Shaun, and I'll refer these to you professor because I think they are more technical questions. What systems are we using for pen testing, Kali Linux, Unix or something else?
Dr. Hossein Sarrafzadeh: Well, we're using cloud-based facilities for pen testing and we are also are setting up a remote facility for students to practice their pen testing skills. If you want more detail, just please contact me and I can send you the details of the tools that we use. But most cloud-based labs are used, but also a facility here for your testing and for your practice outside of the classroom in terms of the lab.
Ashley Zeman: Okay, great. Another question from Shaun. Are we focusing on endpoint security?
Dr. Hossein Sarrafzadeh: Not necessarily. The only thing that we focus on... Endpoint security will be covered in the courses, but the course has multiple aspects to it. So, it's not limited to endpoint security although endpoint security is one of the areas that is covered.
Ashley Zeman: Okay, great. A couple more technical questions for you. This one's from Johnny. In the secure software development machine learning courses, are they taught around actual programming languages or pseudocode?
Dr. Hossein Sarrafzadeh: We realize that it's not all programming languages. It'll be mostly pseudocode. Although examples of secure software coding in different languages will be shown. Java is a focus. Python is also, as far as I know. But it's up to the professor to decide what programming languages. The focus will be pseudocode and the techniques that are used. And there are various tools in software security that will be introduced in that course, so you can use the tools to produce secure software and those tools will also be presented to you.
Ashley Zeman: Okay, great. And then in terms of... Another question here from Mark. In terms of the coding background that's needed, can you speak a little bit more specifically on what skills would be necessary to enter the programming program? He's asking about Python and Linux, etcetera.
Dr. Hossein Sarrafzadeh: Well, Linux is actually a must and it will be covered, not in great detail, in 501, I believe and also 500. In both of those courses Linux will be briefly covered and resources will be provided for you to go away and learn more. So, Linux is a must, no, but you can learn it through the courses that are being taught. Programming languages like I said, Python and Java would be... Or an equivalent programming language. For example, if you can program in C++, that would be also okay. So, you need to know at least one programming language. You need to be familiar with Linux. If you're not, then Linux is covered but it's almost expected that you know a programming language. That's why we require either work experience or a bachelor's in computer science.
Dr. Hossein Sarrafzadeh: Now, there's some good news for you. This hasn't been confirmed yet but I'm pretty sure we will do this. We're designing a certificate which will bridge you into the master's program but that's not yet available. If you are interested, you don't have necessarily the background in operating systems requirements and the programming language requirements, watch this space. We will be announcing a certificate that bridges you into the master's.
Ashley Zeman: Okay, great. Thank you so much. Can you expound a little bit about the lab scenario? Tell us a little bit more about those. This is a question from Paulo.
Dr. Hossein Sarrafzadeh: What scenario? I didn't hear you well.
Ashley Zeman: Tell us a little bit more about the lab scenarios. What types of scenarios will be in the course work?
Dr. Hossein Sarrafzadeh: Well look, there's two types of labs. On-premise labs that we will be using, but we'll use them at a later stage. We initially start with cloud-based labs. You will have labs, for example, on tools like Wireshark. These will be introduced in 501. Nessus, for example; Burp suite. These are the tools that we will be introducing initially for you to familiarize yourselves. And we use Amazon, AWS facilities, to set up the labs for you to do those experiments. But later on, as you become more of an expert, we do have labs, on-premise labs, that our server will allow you to work with, and attack, do open testings on, so that it's not only cloud-based labs that you work with.
Ashley Zeman: Okay, great. Another question from Johnny here. In this field, it seems SIEM software experience is necessary for cybersecurity roles. Does the program offer any opportunity to configure these types of tools?
Dr. Hossein Sarrafzadeh: What type of tools?
Ashley Zeman: SIEM.
Dr. Hossein Sarrafzadeh: SIEM. SIEM, oh yeah, yeah. Well, look, the security operations center is actually a SIEM SOC. We're using different... We have a lab with different SIEM software but there's a particular SIEM software that we're using in our security operations center. So, yes. The answer is SIEM... And we're thinking of adding a new elective course to the program security operations center. It's not yet included. SIEM and SIEM software is going to be a part of your curriculum. However, we're adding a new specialized course on SIEM and security operations center.
Ashley Zeman: Okay. Thank you so much. Another question here about the admissions process. How long does it take to get a decision once you apply to the program? Marcos can you tell us that?
Marcos Fayez: That's a great question. As long as I'm able to obtain at the minimum, an unofficial transcript, a completed application, and a resume, I generally have a turnaround time of about a day for a provisional decision.
Ashley Zeman: Okay, great. Wow, very fast. Okay, another question here. Tell us about how students are able to network and engage in an online environment versus a traditional on-campus setting? Professor would you like to take this one?
Dr. Hossein Sarrafzadeh: Well I can take parts of it. Obviously, the online environment allows for networking. Some of the assignments that will be given will be group work, so hopefully you'll be able to use the platform to network together and work together. There's also activities that will be created within the courses for you to work together. And I'm hoping that you'll be able to use the forums, which are I believe, a mandatory part of the course, for you to get into the forums and talk to one another and have conversations and discussions. We are also hoping to create opportunities for our students to join trust networks. These are networks where cybersecurity professionals get in, and someone has to vouch for you to get into those forums and trusted networks. So, we will do everything we can, not only for you to network together but also to provide opportunities for you early on to network with the various forums and trusted networks that I am, and our faculty are, a part of, to get in there.
Dr. Hossein Sarrafzadeh: Our faculty, actually all of our faculty, one of the criteria for their selection is that they have industry experience. One of our faculty members who has a PhD in cybersecurity got his first industry certification when he was 15 years old. So, you can see that these people will be well-connected, and the professors are encouraged to connect the students to those trusted networks. Obviously, this will take a bit of time and that trust building will have to happen for that to be expedited.
Ashley Zeman: Okay, great. Thank you so much. And then we have a question about whether the program is considered part-time or full-time. Marcos can you speak to that?
Marcos Fayez: Yeah, in regard to that, our program isn't your traditional structure. You take one class at a time. Runs on a 7-1-7 model. As I mentioned, each course is seven weeks in length. So, you could take a course and potentially take a break and start the course up again in the next course when you have the time. But ideally you go through the program one at a time with the one week break and then start the next course and continuously work your way through the program.
Ashley Zeman: Great. Alright, and it looks like we just have time for one final question. I do have a list of all your questions so anything that we weren't able to answer today I'll forward along to Marcos and he'll reach out directly with answers for you. And Marcos can also assist you in getting in touch with Dr. Sarrafzadeh with any technical questions that he's not able to answer. So, we will definitely follow up with you.
Ashley Zeman: The final question is why choose a master's degree program over a short-term certificate program? And then, we also have a question about whether or not there'll ever be a PhD program offered. So, I don't know, professor, if you can speak a little bit to the demand in the marketplace and why a master's degree specifically is a good choice.
Dr. Hossein Sarrafzadeh: Yes, I can speak to that and the master's program prepares you for a leadership role in an enterprise, and the salary in those areas are quite high. And the job security that you get with a master's degree, and especially with a master's degree like ours which is unique and it's in enterprise security, there isn't that many of these programs around even in the country or globally. The salary levels go up with a master's degree, I believe. You learn some cool technology like machine learning, data mining, in this program. That opens up new career opportunities like researching in malware analysis, researching in threat intelligence, and various other career options that you wouldn't have without a master's.
Dr. Hossein Sarrafzadeh: And like I said, it opens you up for managerial roles in cybersecurity. Some of those roles could be Chief Information Security Officer in a big enterprise. Obviously, maybe not at the beginning, but with a couple of years of experience if you don't already have that. A Senior Security Analyst could be another role that you could get much, much easier with a master's degree. It also opens up international opportunities for you, both to collaborate and also to find work. And a lot of the new jobs that are coming along, let's say with the Department of Homeland Security, I'm aware are in areas of applying machine learning, blockchain, and things that we do cover in these courses. There was an article in Washington Post, and I'll end my comments with that, if you want job security look to cybersecurity and that's in general. And a master's in cybersecurity will make you more employable in higher paying jobs.
Ashley Zeman: Great, thank you so much, professor. Well, that's going to conclude our question and answer session for today. So, we'll wrap up. Thank you so much everyone for joining us. Like I said, Marcos will follow up with each of you and answer any additional questions that you may have or anything that we didn't have the chance to get to you today during this session. And an on-demand recording of this webinar will be emailed out to you tomorrow. So, feel free to access the recording at any time or pass it along to anyone that may be interested in the program. Again, this concludes the webinar. Thank you again and have a great rest of your day.
Dr. Hossein Sarrafzadeh: Thank you very much, Ashley. It's been great to talk to our potential students, and I hope to have you in the program.
Ashley Zeman: Great, thank you so much.