Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Talk ColumnCybersecurity News

Studying the 'Wicked Problem' of Cyber Security

Cyber crime has been referred to as a “wicked problem,” and its solution may well lie in stronger education.

security talk feat
November 5, 2013

Frederick R. Chang, a recognized national expert in cyber security, recently joined Southern Methodist University to develop a multidisciplinary program to tackle the most pressing cyber challenges facing individuals, business and government today. Chang previously served as the director of research at the National Security Agency in 2005-2006, where he was awarded the NSA Director’s Distinguished Service Medal. He has held several senior executive positions at SBC Communications, positions at both the University Texas at Austin and the University of Texas at San Antonio, and was most recently president and chief operating officer of 21CT Inc., an intelligence analytics solutions company.

 

A recent report by a Google security executive said that “passwords are dead.” Do you agree with that?

Studies of user password use continue to reveal disturbing trends:

  1. passwords are not “hard” enough,
  2. passwords are reused between different user accounts, and
  3. passwords are not changed often enough.

Combined with the fact that computer processing power continues to improve, these trends mean that passwords represent an ever growing security risk. Cognitively, passwords are too cumbersome: it has been said that the best password is the one you can’t remember. The human memory problem is compounded by the fact that we are now entering our passwords from our multiple mobile devices. We are growing weary of passwords. Passwords aren’t going away any time soon, but I’m eagerly looking forward to the many new technologies that are being developed that will provide supplemental/additional authentication methods.

 

What type of program are you going to develop at SMU, and how will it be different from other programs?

My particular research interest is in the area of information assurance – defending and protecting critical systems and data. I’m looking forward to working with my colleagues at SMU and beyond on a wide range of topics such as software assurance, social sciences and security, insider threat and hardware security. First, we will conduct broad programs of research aimed both at helping to create a science and engineering of cyber security and addressing national cyber security priorities. Second, we’re going to apply an interdisciplinary approach to problems, incorporating elements from disciplines outside of the traditional technical areas associated with cyber security such as law, business and the social sciences. And third, we are going to help close the skills gap in cyber security by educating SMU students to meet the demand for trained cyber professionals. The key to our program at SMU is that it will be multidisciplinary.

 

What is the single most pressing issue with regards to educating people about cyber security?

It is the fact that the cyber security problem is proving to be extremely resistant to solution. As a result it has been referred to as a “wicked problem.” Research in computer security dates back to more than 40 years ago. I’d like to teach a foundations course for students of all majors that lays out what every educated person should understand today about security and privacy to be a responsible citizen. It’s not just how the technology works that’s important, but the consequences of that technology that you may not know about. How do I make myself safer in cyberspace? How do I afford myself more privacy? Hopefully it will be an opportunity for community outreach.

 

How can this program at SMU have a national and global impact and reach?

Cyber security is an economic security issue. If someone has an idea for a better mousetrap, and another country steals that information and starts developing that product, what should have been good U.S. jobs will now get created somewhere else. So methods and technology we develop at SMU to protect business interests will have widespread economic impact for the country at large. We intend to seek research partners to develop methods to protect and defend our national interests. Our charge will go beyond research – to the nuts and bolts of educating strong, innovative engineers who can take jobs to stop sophisticated cyber attacks against our government, our critical infrastructure and businesses. We expect the men and women we teach to be on the frontlines, protecting our economic and national resources.

 

What can security executives do to educate themselves?

There are two types of companies: those that are compromised and know it, and those that are compromised and don’t know it. You should work hard to implement a rigorous and robust defensive regime, but just because you’ve done that doesn’t mean you’ve prevented all forms of compromise. You can stop the vast majority of attacks with a strong defensive posture – and you should do your best constantly to improve your defense, but you also have to accept the reality that today, your defensive posture may not be enough. So in addition to your investment in defense, think through your investment in monitoring, analysis, incident response and recovery.

KEYWORDS: cyber security education security thought leaders security training University security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • hacker

    RSA 2018: In the Golden Age of Cyber Crime we have a People Problem

    See More
  • sec strategies feat

    Studying the Pros and Cons of Proprietary Wireless Surveillance

    See More
  • Security newswire default

    Why the Security of Confidential Documents is a Problem for Enterprises

    See More

Related Products

See More Products
  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • 150 things.jpg

    The Handbook for School Safety and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing