2023 COVA CCI CybER Conference
The Coastal Virginia Center for Cyber Innovation Cybersecurity (COVA CCI), southeastern Virginia’s node of the Commonwealth Cyber Initiative, hosted its 2nd annual Cybersecurity Education and Research Conference (CybER Con) on September 20-21, 2023, at Old Dominion University, Norfolk, Virginia. During this 2-day conference participants from across Virginia heard from a variety of speakers on cybersecurity related topics. The keynote speakers included Dr. Luiz DaSilva, Executive Director of the Commonwealth Cyber Initiative; Randy Marchany, Information Security Officer, Virginia Tech; Sandy Radesky, Associate Director for Vulnerability Management, Cybersecurity and Infrastructure Security Agency (CISA); and Renata Spinks, CEO of CyberSec International and former Assistant IT Director/Deputy CIO of Information, Command, Control, Communications, and Computers (IC4), United States Marine Corps. Additionally, there were two panel discussions related to experiential learning opportunities supported by COVA CCI and CCI and multiple breakout sessions with presentations including commercialization of research, bridging the cybersecurity talent gap, internships and apprenticeship programs, and other research topics.
Randy Marchany focused his keynote discussion on the cybersecurity trends over the past 30+ years and how many of the same problems still exist today. He said, “If we look at cybersecurity over the past 30 years, we see most of the mistakes made in the early 2000s are still around today in 2023. We see recent security standards have been “cut and pasted” from existing standards.”
He provided numerous examples how we keep making the same mistakes and provided some practical examples of how to fix them. “Take the time to use multi-factor authentication in addition to your passwords. Understand the privacy rights you give up when you install aps on your smart devices. Keep your home devices on a separate network segment from your work computers at your home.”
Renata Spinks talked about the important of making a difference when given the opportunity. She provided examples of how as a black female in a male dominated organization, the United States Marine Corps, she had to stand out and prove her abilities. She said, “Having a seat at the table is important, but being a voice in room is the game changing play.” She went on to say, “Articulating vision and strategy with intellectual rigor based on audience and ensuring decision making is done with high confidence in the information or position you are providing is how we fight and win as cyber warriors no matter the role. Education, Training, Mentoring and service to one another are the critical tenants to the whole of cyberwarfare effort and that is how we win!”
Sandy Radesky spent much of her time talking about how government, industry, and academia all support each other protecting the country from cyber-attacks. She said the one key thing she has learned in her years of working in the federal government is, “We can’t do this [protect our critical infrastructure and citizens] without partnerships. Everyone in this room can help to make a difference in cybersecurity. Whether you are representing the research community, academia, a student, industry partner, or government partner, you can be the difference-maker to help your community and defend the nation against adversaries; ultimately, helping us all to become more secure by design.”
She went on to discuss how government and industry place demands on the system by pushing boundaries to ‘get things done faster’, ‘get resources and supplies in the same day’, ‘transfer funds in seconds’, etc. She explained that cybersecurity considerations are done as an afterthought and not part of the initial design of the system or equipment. “The foundation of the technology delivered isn’t being built with cybersecurity upfront; the culture of technology and innovation historically has lacked cybersecurity; cybersecurity is known as an add-on, branded as a burden, and an additional cost without the return.”
Sandy concluded her remarks by talking directly to the students attending the conference. She called them to consider federal service as an option and used her own story to illustrate the value of service. She said, “Consider working in federal service, even if it’s not your lifetime career choice – serving is a chance to contribute to something bigger than yourself. When I first joined the Air Force, 25-ish years ago now, I couldn’t have projected me standing up here addressing this audience today. I couldn’t have projected being given an opportunity to build trust with the American people through our program to secure election infrastructure or being able to build on fabrics like our Common Vulnerabilities and Exposures (CVE) and Known Exploited Vulnerabilities’ (KEV) programs – now which expanded to almost 300 partners, 40 of those being international countries. Even if Serving in this capacity isn’t your route, I’ll say it again, ‘CISA can’t do this without partnerships.’ Keep becoming that cybersecurity evangelist that you are…. Your contribution to defending and building a secure by design fabric for the future and in this community is valued and is making a difference.”
All of the speakers focused on the importance of working together to solve the complex problems revolving around cybersecurity issues and the value of soft skills, such as being able to write and speak effectively, being just as important as hard technical skills.