Cybersecurity Co-Director David Schwed

While mastering technology is a prerequisite for being a cybersecurity professional, understanding the psychology of a cyber-criminal is indispensable for protecting against the theft of an organization’s assets. “In order to be good at what we do,” said David Schwed, co-director with Lev Feldman of the cybersecurity master’s program at the Katz School of Science and Health, “we need to think like the bad guy.” Ninety percent of hacking incidents, said Schwed, involve people who fall prey to scams. That’s why, he said, IT professionals install tools on computers and other electronic devices to scan links that might contain malware. “People are your weakest link when it comes to security,” he said. “We can’t stop people from doing it, so that’s what we’re trying to educate students about. If I’m trying to break into an organization, how am I going to do it? And then from there, we try to establish defenses for it.” Hackers employ surprisingly low-tech methods at times to infiltrate an organization’s computer systems. Schwed said they’ll pose as couriers who are recognizable to an organization and then once inside they plant listening devices or keystroke loggers on the back of keyboards that vacuum up passwords. Or, hackers will drop USB sticks in an organization’s parking lot or other high-trafficked areas, and unsuspecting employees will retrieve them and insert them into their office computers, unleashing malicious code. Schwed himself is a security professional who has spent a career searching for vulnerabilities, hoping to find weak links in computer systems before criminals can exploit them. He has 21 years of experience in information technology, information security and risk management, and he helped build the information technology infrastructure for Citigroup before joining the Katz School. He said the Katz cybersecurity program offers an elective course on Cybercrime, Cyberwar and Threat Actors, which examines the profiles of hackers, members of organized crime, and nation-states that conduct espionage. “We discuss what they’re after—money, information or intelligence, and who the potential targets are and how they’re going to execute their schemes,” he said. “We talk about how there’s intrinsic value to some types of data that are a target in financial services, health care and retail, among others.” The Katz School program develops students’ technological and managerial expertise to plan, implement, upgrade, monitor and audit cybersecurity protocols and procedures, as well as mastery of state-of-the-art technologies and practices. Students gain cybersecurity know-how in systems architecture, operating systems, applications, endpoints, securing data, networking, cloud security and software development. They also analyze threat landscapes and security frameworks, as well as legal, compliance and audit frameworks; develop internal and external communication strategies to promote a cybersecurity culture; and prepare for industry certifications, including CISSP, CISM, CRISC and CEH. “Students get hands-on experience with threat mitigation, detection and defense,” said Schwed of the 30-credit program. “And then when they graduate, they have access to jobs at the biggest companies in the heart of New York City, which is a global epicenter for cybersecurity.” He said an important component of the program are guest speakers from the cybersecurity industry. He recently brought in a cybersecurity professional who rolled out a smart vacuum in class to demonstrate how simple it is to tamper with the machine’s brain. From a nearby computer, he uploaded software that swapped the unit’s Siri-like voice for his own, putting the vacuum under his command. Since those machines are already pre-programmed with a floor's layout, they can yield important information. Too many cybersecurity professionals, he said, just throw technology at a problem. “They ask, ‘Do we have a firewall? Do we have data loss prevention? Do we have network access control?,’ without stepping back and asking what they’re trying to protect against internally and organizationally.” A good cybersecurity professional at Coca-Cola, for instance, would try to protect the formula for Coke, but would be more likely to defend Planned Parenthood from hackers who are hostile to its mission rather than the theft of its data. “Someone using a telecommunications interface, like PRI technology, could flood the phone lines of Planned Parenthood by setting up a computer to make multiple calls at once,” said Schwed. “Their lines would be busy all day, preventing people from making appointments, and the perpetrators wouldn’t have hacked anything. “Our program is about doing this kind of risk-based analysis to determine what the bad guy is after and how they’re going to get it.” The Katz School of Science and Health is an academic powerhouse in the heart of New York City. It offers master's programs in five sectors that are redefining the economy: Artificial Intelligence, Cybersecurity, Biotech and Health, Digital Media, and Fintech. In the lab, classroom and clinic, we lead with kindness, integrity, generosity and a commitment to making the world safer, smarter and healthier. Click here for information about the Bright Futures Scholarship Initiative that offers a total fixed tuition of $25,000 for science and technology master's degrees.