So the BAS starts in the Fall of 2017 but the application process for the BAS starts in January. Do you expect it to be full?
It starts on January seventeenth. From polling the students, I expect it to be full but we don’t really know until we see who applies. I’m expecting it to be because there’s a lot of interest.
There are twenty-four spots in the first cohort, but if there’s a lot of interest we may add a second one. We really want people to know about it if they are interested. Now is the time to come in and talk to an advisor and figure out what this program is about, what credits they already have and what credits they need. The program is open to anyone who has an IT-related 2-year degree from a community college in Washington state or a combination of work experience and some college credit.
So it could be really great for working professionals who have a two-year degree and some work experience. These people may be finding that there is a barrier to advancement without a four-year degree.
We haven’t done the scheduling yet but the intent is that the classes would be held either on weekends or evenings to accommodate the working people. Then in 2018 an online option would be available. The National Science Foundation gave us a grant to put the program online and at that point we will have agreements with forty-four states—so those students can also take the degree.
Is it common for a Community College to offer a four year degree?
In Washington state it is. I think Florida also allows it.
These degrees are a BAS, Bachelor of Applied Science, which indicates more technical, hands-on skills.
It’s not common for the Applied Technology degrees to be at a university.
This is a very technical program that includes three certifications —cloud computing, industrial control systems data, and mobile and wireless.
I would have expected that a student who gets a two-year degree at Whatcom would move on to Western, but if they did that it wouldn’t be an Applied Science Degree?
Until recently it would’ve been Computer Science.
That’s very different than networking and IT.
We have developed a two plus two with students that want to go on to Western. That degree—two years at Whatcom plus two at Western—started about two years ago. Western agreed to accept Whatcom’s CIS courses as part of the Western bachelor degree in computer and information systems security degree, which is pretty unique. That degree continues.
But the new BAS degree is a little different. It focuses heavily on applied skills, including Cisco networking and Industrial Control Systems Security.
So this two plus two path would give you a fairly robust education. At Whatcom you would get the Networking and the Computer Security and at Western you would get Cryptography, Calculus II, and Probability.
The two plus two degree with Western is a good degree, but it does require Calculus and Physics. Ours is a little more hands-on and focused on network administration and operations.
Several years ago we had a conversation with Jim Straatman at Faithlife. He was looking for someone who knew OpenStack.
Right. I remember when that was happening, yes.
That is why the cloud certification is in WCC’s BAS degree. We included the certificate based on feedback from a local employer.
Which, you have to understand in cloud computing anymore. That’s the way the world turns. So the Applied Science degree sort of doubles down on the infrastructure and network security?
There are some odd-ball things in there like Embedded Systems and Supply Chain, but graduates of this degree are going to get good jobs.
The shape of this degree is informed by a local employer in this industry who said, “I have need for a fill-in-the-blank,” and that informed the way the program was constructed.
Right. And the same with the Industrial Control Systems (ICS). We started getting students who got jobs at municipalities, and even a couple who were hired by refineries and they have specialized equipment so that our students could learn about those systems and how to secure them.
How long have you been teaching in this field?
Since 1999. But I’m not teaching right now. In addition to building this new program, I am the principal investigator for Cyberwatch West, which Whatcom Community College hosts.
Cyberwatch West is a National Science Foundation (NSF) regional center for cybersecurity education. There are four around the country. We have approximately 110 member institutions—Universities and Colleges—from across a fourteen state region. And with grant funding from the NSF we help our member institutions advance their cybersecurity programs and curriculum. So in Montana for example, we’re working with some colleges there to introduce cybersecurity as an area of study. We have a model curriculum that can be used, so those schools and their faculty won’t necessarily have to start from scratch in building their programs—they can build on the successful work of others. We can help establish a pathway from community colleges to universities like the one we’ve built here.
We also sponsor some competitions and provide faculty training. Lots of other things to advance cybersecurity education.
A big part of the mission of Cyberwatch West is to help other schools attain the distinction of being a Center for Academic Excellence, a designation that the NSA gives to schools that meet certain standards of cybersecurity training excellence. Whatcom was the first institution on the west coast to earn that distinction, and now through Cyberwatch West we’re able to help other schools attain it also.
A big part of the work is to ensure that everyone’s voice is heard. It’s pretty common to focus on big communities and institutions with a lot of resources.
Right. I wouldn’t ever think about communities colleges in Montana for cybersecurity. Maybe San Francisco or Seattle, but I imagine that’s what everybody assumes. Hence the need for Cyberwatch West.
Yes. And depending on the location in the country, colleges are going to have different needs.
Take Montana for example: there’s a very strong oil industry which means demand for education in ICS. That demand isn’t as strong in other areas. So it’s our job to help meet the needs of each community.
What do people most often misunderstand about building a cybersecurity program at a community college?
I think people rarely realize how good community colleges are at this type of thing.
There’s a sitcom about that.
[laughs] Yeah, I used to watch that.
Community colleges are very good at workforce development, and this is part of that. We are very good at applied teaching. For instance, I am a CCNP (Cisco Certified Network Professional), and my students learn how to actually work on Cisco networks. There’s a lot of theory too, but you actually to practice so that when students complete one of my courses they’re ready to do the job. That’s always been my focus: getting students ready to do a job.
Faculty with work experience can bring that in. You know what’s important if you’ve actually done the job.
How did you get into this field?
I was the network manager at Skagit Valley College, so I took care of the wide area network. That experience has been helpful for the teaching. If you’ve actually lived through it, if you’ve seen the network meltdown in front of you, it’s a lot different than if you’re just talking about it.
I’ve always had an interest in how things work. I’ve always liked figuring things out.
When was that? When were you the Network Admin down there?
I left there in ’99.
And how many other women did you know who were Network Administrators at the time?
I knew one.
And is it still that way, or are you seeing a shift?
I’m seeing more. I don’t see the same kind of assumptions. I have all kinds of stories—most women in this field do. When I first started teaching I had a student walk into class who wanted something, and the student walked up to my lab aid (who was a man) and asked him, assuming that he was the teacher and I was the assistant.
Oh no! That poor guy. He probably felt awful.
Yeah. The assumption was that the woman is the helper.
I don’t see that quite as much anymore. One of the reasons that I have all the certifications that I do is to help establish my credibility, which is not necessary for other people.
What are you most excited about for this field?
The internet of things is the latest deal. That’s very interesting.
Some unique security challenges with the internet of things.
Yes. It’s following the pattern of other spaces in which we think of the security after the fact. It’s kind of surprising to me that it’s still happening that way.