Sal Aurigemma: How things work. [Education]
Sal Aurigemma: My name is Sal Aurigemma. I'm an Associate Professor of Computer Information Systems at the University of Tulsa.
Sal Aurigemma: I've always been interested in how things work, even from when I was in high school and computers came around and I think I was a sophomore or a junior in high school when my high school got the first computer lab and they were teaching us BASIC. And I think the first thing I did was write one of those adventure type text-based programs where, you know, you choose A or B. If you want to run away, if you want to fight the dragon and die, that kind of thing. And it was fun for the game. But then trying to figure out how the computer worked and how it did stuff has always interested me. So, you know, when I went to college, I ended up getting a nuclear engineering degree. And and it was one of those things, kind of like with cybersecurity. I never planned on liking nuclear engineering or cybersecurity, but something piqued my interest and Chernobyl actually piqued my interest. Before I went into college. I read about it and I was like, wow, I'd like to know more about, you know, how nuclear power works and next thing you know, I was silly enough to go get a degree in it.
Sal Aurigemma: Then once I got my degree in nuclear engineering from University of Florida, I ended up going into the Navy as a submarine officer and my job was to fight the ship. You are collecting information, being able to, if required, you know, attack the enemy if there is one. But a lot of it is just understanding how systems work from soup to nuts. I mean, when you qualify on a submarine today or even back in the old days, you have to be able to draw every system and every valve and understand what every component does so that if the component fails, what is the impact on anything else in the ship? So that's always interested me and that's what kind of led me to go back to my interest in IT. When I decided to get out of the Navy was the world is evolving, everything is transitioning to information and data and wow, it seems more and more complicated every day. I think I should learn more about how that works.
Sal Aurigemma: What I think of a computer engineer nowadays in college is very different than what I was doing, I think of a computer engineer is someone nowadays who designs components of the next generation's computers. What I was doing was everything from project management to Unix and Windows system administration, a lot of training, a lot of system implementation, and probably 50 percent of my time is on network troubleshooting because, wow, did we have lots of network problems. And now is actually probably still to this day my favorite thing, which is why one of the classes I teach is Networks and Troubleshooting. And it's just a lot of fun trying to figure out why the packet didn't get from point A to point B.
Sal Aurigemma: That's kind of what led me in my professional career to stick with IT, and then over time I found myself, I guess, fighting with cybersecurity more and more because the government was slowly getting more interested and caring about security, because we've all heard about the the big cybersecurity exercises in the late 90s that showed how you could take down the power grid or you could take down a communication system. And, you know, the government doesn't always move so quick and the Department of Defense sometimes is even slower. But there came a point in my career after 9/11 where we had all these operational requirements and cybersecurity requirements coming in from two different parties, the people that needed to get things done and the people that were tasked, it was their job to keep systems secure. And I see even to this day, there is still a gap between the security purists and those folks that are just trying to do their jobs and get their task done. And that's kind of really where I focus my research on behavioral cybersecurity is trying to get people to be more secure, but also understanding why they don't do the things they know they should be doing. And there's probably a pretty good reason as opposed to just stupid users.
Sal Aurigemma: There are different perspectives on just about everything in cybersecurity, so there's that challenge of privacy versus security. They go hand in hand, but at times they conflict and be open minded to the fact that what you know about cybersecurity fits your biases and your experiences. And don't assume that everyone else knows as much as you or that you don't know as much as other people. So it's a very nebulous statement. I guess what I would say is I wish I was more open minded earlier on about the technical and procedural challenges with cybersecurity because I made so many mistakes by just reading the rule and saying that's the way it has to be. And then coming to find out that people can accomplish their mission if I give them 24-character password that has two upper, two lower, two special characters and they have to have it for 17 different systems and they can't use a password manager and they can't write it down. So going forward, I think my main goal when I teach my students and also with my research is to try to find ways to elevate security while not necessarily throwing away the tasks and increasing the level of effort so much that it's just not worth doing.