CyberWire Daily - Encore: Sal Aurigemma: How things work. [Education] [Career Notes]
Episode Date: June 23, 2024Associate Professor of Computer Information Systems at the University of Tulsa Sal Aurigemma shares how his interest in how things worked shaped his career path in nuclear power and computers, Being i...ntroduced to computers in high school and learning about the Chernobyl event led Sal to study nuclear engineering followed by time in the Navy as a submarine officer. On the submarine, Sal had to understand how systems worked from soup to nuts and that let him back to IT. As a computer engineer, Sal spent a lot of time on network troubleshooting and was eventually introduced to cybersecurity. Following 9/11, cybersecurity took on greater importance. Sal's research focuses on behavioral cybersecurity. To newcomers, he suggests heading into things with an open mind and doesn't recommend giving users 24-character passwords that have two upper, two lower, and two special characters that cannot be written down. We thank Sal for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
My name is Sal Arajema.
I'm an associate professor of computer information systems at the University of Tulsa.
I've always been interested in how things work, even when I was in high school.
Computers came around, and I think I was a sophomore or a junior in high school when my high school got the first computer lab, and they were teaching us BASIC.
And I think the first thing I did was, you know, write one of those adventure-type text-based programs
where, you know, you choose A or B if you want to run away, if you want to fight the dragon and die, that kind of thing.
Choose A or B if you want to run away, if you want to fight the dragon and die, that kind of thing.
And it was fun for the game, but then trying to figure out how the computer worked and how it did stuff has always interested me. So, you know, when I went to college, I ended up getting a nuclear engineering degree.
And it was one of those things kind of like with cybersecurity.
I never planned on liking nuclear engineering or cybersecurity, but something piqued my interest.
And Chernobyl actually piqued my interest before I went into college. I read about it and I was like, wow,
I'd like to know more about, you know, how nuclear power works. And next thing you know,
I was silly enough to go get a degree in it. Then once I got my degree in nuclear engineering from the University of Florida,
I ended up going into the Navy as a submarine officer.
And my job was to fight the ship.
You are collecting information, being able to, if required, you know, attack the enemy if there is one.
But a lot of it is just understanding how systems work from soup to nuts.
I mean, when you qualify on a submarine
today or even back in the old days, you have to be able to draw every system and every valve
and understand what every component does so that if the component fails, what is the impact on
anything else in the ship? So that's always interested me. And that's what kind of led me
to go back to my interest in IT when I decided to get out of the Navy,
was the world is evolving. Everything is transitioning to information and data.
And wow, it seems more and more complicated every day. I think I should learn more about how that works. What I think of a computer engineer nowadays in college
is very different than what I was doing.
I think of a computer engineer as someone nowadays
who designs components of the next generation's computers.
What I was doing was everything from project management
to Unix and Windows system administration,
a lot of training, a lot of system implementation,
and probably 50% of my time is on network troubleshooting
because, wow, did we have lots of network problems.
And that was actually probably still to this day my favorite thing,
which is why one of the classes I teach is networks and troubleshooting.
And it's just a lot of fun trying to figure out
why the packet didn't get from point A to point B.
why the packet didn't get from point A to point B.
That's kind of what led me in my professional career to stick with IT.
And then over time, I found myself, I guess,
fighting with cybersecurity more and more
because the government was slowly getting more interested
and caring about security.
Because we've all heard about the big cybersecurity exercises in the late 90s that showed how
you could take down the power grid or you could take down the communication system.
And the government doesn't always move so quick.
And the Department of Defense sometimes is even slower.
But there came a point in my career after 9-11 where we had
all these operational requirements and cybersecurity requirements coming in from two different parties,
the people that needed to get things done and the people that were tasked. It was their job to keep
systems secure. And I see even to this day, there is still a gap between the security purists and those folks
that are just trying to do their jobs and get their tasks done.
And that's kind of really where I focus my research on behavioral cybersecurity, is trying
to get people to be more secure, but also understanding why they don't do the things
they know they should be doing.
And there's probably a pretty good reason as opposed to just stupid users.
There are different perspectives
on just about everything in cybersecurity.
So there's that challenge of privacy versus security.
They go hand in hand, but at times they conflict.
And be open-minded to the fact that what you know about cybersecurity fits your biases and your experiences.
And don't assume that everyone else knows as much as you or that you don't know as much as other people.
So it's a very nebulous statement.
don't know as much as other people. So it's a very nebulous statement. I guess what I would say is I wish I was more open-minded earlier on about the technical and procedural challenges with
cybersecurity because I made so many mistakes by just reading the rule and saying that's the way
it has to be and then coming to find out that people can't accomplish their mission if I give
them a 24-character password that has two upper, two
lower, two special characters, and they have to have it for 17 different systems, and they can't
use a password manager, and they can't write it down. So going forward, I think my main goal when
I teach my students, and also with my research, is to try to find ways to elevate security while not necessarily throwing away the tasks and increasing the level of effort so much that it's just not worth doing.
Thank you. you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.