Dr. Jeffrey Morris is our guest on this edition of The Means Report. He talks about the path to a solid career in Cybersecurity at Augusta University. Watch our interview and learn how you can get the skills you need to succeed. Be sure to join us for The Means Report Monday afternoons at 12:30 on NewsChannel 6.

Welcome back to “The Means Report”. We appreciate you staying with us. Great information about Medicaid, and in the closing segments of that interview, great information about the health of our children and how we can all contribute to improving that. Thank you so much Dr. Hartman for your time. And thank you to Dr. Jeffrey Morris. He is with the AU School of Computer and Cyber Sciences where he serves as an assistant professor, a very busy man, and we appreciate Dr. Morris, you coming to “The Means Report” today to talk about all things cyber.

Thank you for having me.

Absolutely. We had reported what felt like our hundredth story on something cyber related the other day, so I said “okay, we need to do a segment on this because it’s in the headlines all the time”. What are you seeing on campus? Are you seeing more students interested in this field every year, every semester?

Absolutely, since the beginning of the school, growth has been tremendous. Every semester we have more and more students showing up, enrolling in our various cyber programs. So yes, we’re trying to keep ahead of the growth as we hire more faculty every year. It’s been quite the run.

I think about college life and I remember taking this thing way back in the day called CS 101, this freshman level computer science course. And basically it taught you about coding and creating programs on a very rudimentary level. Are you teaching that in your class or are you going deeper into the cyber field?

I don’t teach any of the general computer science. I teach all of the cybersecurity courses. So we do have a course that every one of our students take regardless of their major. And it’s a combined class on intro to networking and intro to cybersecurity. So every one of our students has at least some exposure to what is going on with how to use networks and then how to be safe on networks.

Is the technology constantly changing? I would doubt that you have a textbook, maybe you do. If it is, I would guess it’s online because aren’t things constantly changing, you have to maybe tweak your lesson plans at least semester to semester?

Absolutely. Almost every class is different. I usually start my classes off with what happened in cyber in the last 24 or 72 hours, showing them that how quick cyber changes. I’ve told all my students throughout the courses they’re taking that if you’re gonna be in cyber, you’re in a constant cycle. You can’t say “okay, I’m good right now. I’ve learned all the material that was given to me and I’m good”. And it doesn’t work that way. My classes change from semester to semester. I mean every semester I’m updating at least one of my classes to new textbooks, new software, new techniques that come out. So it’s very challenging.

Take me inside the world of cybersecurity. When I picture somebody learning how to spot something bad, malware or a hacker or anything like that, I picture them sitting at a computer and then I don’t know what they’re looking for after that. How might a student or somebody in the real world spot something that’s not right on a network?

Well really comes down to you can’t spot the abnormal thing unless you know what normal looks like. So very much it’s like being at home, you know when something isn’t right because that is your environment. So for cybersecurity specialists, it’s very much the same thing. They spend a lot of time learning what normal is and then when the abnormal things happen along with all of the programs and other technology to help them spot those things. It’s a little harder for people at home. But then again, you know your network, you know what right looks like. And so you just have to understand that you have to be open to, well, you know, that email didn’t look right or this pop-up box or why is my wireless signal a lot slower than it used to be? So you just have to understand that, hey, what is not right?

Is it possible for networks to glitch or to get messed up if you will outside of anything nefarious? Does it happen sometime where things just break? And here’s why I ask, and I’m not asking you to speculate on what happened, but the day before we taped this edition of “The Means Report”, huge network problems with the city of Augusta. You know, their 311 line was down, you couldn’t call certain numbers. They didn’t say it was because of hacking or anything bad. Is it possible sometimes that systems just break down?

Absolutely. I mean, electronics are like anything else. They break, and when it happens, it’s usually at the worst possible time. So most organizations, almost all big organizations have a plan. But sure, electronics burnout, it’s an integrated system. Maybe somebody upstream had a problem and everybody downstream was being affected. So sure, there’s a lot of different ways, maybe the building that had the city’s main servers had a power spike. I mean, we all have them around here. Look at all the construction going on downtown Augusta. So either by accident or scheduled power outage, I just got a email myself from Georgia Power telling me next week they’re taking my power out for a day because of construction in the area. And it happens to Augusta University, it happens to downtown Augusta. So it’s not necessarily always the nefarious hacker doing bad things.

All right, back to your students, how are they doing when they leave AU? We used to say when all the news was coming out that Augusta was becoming the cyber capital of the world, that all of these jobs were available, is that still true? Is it still pretty easy to get a job when you graduate from the cyber field?

I think so. Most of my students tell me they have immediate success when they walk out the door. I’ve seen several of our students that graduated from Army ROTC that are now out at Fort Gordon as second lieutenants in the cyber branch. I’ve got other students come back and tell me that they’ve got jobs with various cyber companies that have moved because of the center of gravity of cyber that Augusta has become. Others have gotten jobs out at Fort Gordon doing various cyber jobs. And then we have two scholarship programs specifically in the School of Computer and Cyber Sciences. One of them, scholarship pays for all of the tuition and all the fees for the students. And then they get a job with the federal government somewhere doing cyber. And the other one is sponsored by the Department of Defense. Same thing, they pay for all the costs, buy you a laptop, everything’s paid for, and then you get a cyber job when you walk out the door with the Department of Defense.

Is there a specialty that a lot of these students are going into, a particular part of the cyber world where there’s a great need? What are these people doing when they go to work each day?

It is very different. So it all depends on who hires you and then the role that you’re hired for. Just like any other organization, lots of different roles. You can say that you’re in cybersecurity, well are you a cyber analyst, are you a threat hunter? I mean it goes on and on and on about all these different work roles. So it just depends the job that you get within the field.

Let me ask you about some things for regular folks, people at home. You mentioned that you can tell when things aren’t right with your network at home. You’re right, you can tell when your computer and your devices aren’t acting normally. Should we buy antivirus software? That used to be a big thing, but now it seems a lot of the computers that come out, I don’t wanna say don’t get viruses, but I don’t hear about those products as much. What do you think?

A lot of it is because so many computers now have it installed. But you should have some form of antivirus software on your computer because they’re no longer just antivirus or antivirus or anti-malware. They’re firewalls, they’re all integrated together or may be called a antivirus software. But it does lots of other things. Plus the majority of the operating systems today have security tools built into them. But yes, it is definitely worth getting a antivirus software if your computer doesn’t come with one installed.

Sometimes when I’m creating an account on a new site, it will ask if I want the computer, for lack of a better way to put it, suggest a password for me instead of doing the usual password, ABC, 123, or whatever people use. Do you recommend accepting a suggested password from a website?

It depends on how and why it’s doing that. Google, for an example, Google Chrome has a password manager that will remember your passwords and it will suggest proper and tough passwords. But password manager, there’s many, you know, trying to remember all those passwords from every site. So I suggest that a password manager is a good program.

But then you need a password to get into password manager, right?

You have a master password, but the nice thing is is you make something really ridiculous and then you write it down and you keep it at home. So that way you only need it once. But once you have one, they install on your phones, your tablets, your computer, and then that way it plugs in for you, it remembers passwords, it will generate you a very good password, and it remembers it as well. And the technology behind these things are such that the companies that run the passwords, not a web browser based password manager, but like several others, all that information on their servers is encrypted. They have no idea what your passwords are. So it’s a much better way of dealing with reusing the same password. We all do it. Or using something very similar.

Probably my last question, and I know it’s probably too complicated to answer in the time we have left, but if you can just hit a high point or two. Is phishing still a problem out there where somebody will try to take your personal information by getting you to click on a link in an email? And how do you know that something doesn’t look legit when you open one of those emails?

I’ll take the first one, yes. Phishing is still a problem. It’s very easy to generate bad emails. I mean, there are automated programs to do it and it costs nothing for the criminals to send out millions, tens of millions of these emails. So you have to be very careful of what comes in. I mean you know what is normal for your inbox, if something pops up that is strange or not from someone you know, be very careful with it. And then two, again, your anti-malware software helps you in case you do click on a link. But the most important thing is you have to understand that phishing is out there, people are still trying to take your information, or unfortunately trying to encrypt your computer and then hold a hostage for you to pay to get the the key back. But again, it comes down to thinking about what you’re doing when you’re on the computer.

People need to beware. Be careful. Well, there are about 10 questions that I didn’t get to, Dr. Morris, so I hope that you’ll come back. Your information has been awesome and I hope you’ll be a guest again.

Oh, absolutely.

Great. That’s good to hear. We will have Dr. Morris back to talk about other things that can help us navigate the world of cyber.