“You’re going to get attacked,” said Dave Schroeder, a National Security Research Strategist at the University of Wisconsin – Madison. “It’s about how you respond.”
While speaking on what he learned from his 12 years in the military working in cryptology and cyber operations, Schroeder’s emphasis is simple and direct.
“You’re always going to be compromised, the attackers are going to get into your system. It’s a cat mouse game and we’re always going to be fighting and evolving to stay one step ahead of attackers.”
This constant growing and learning is what has kept Schroeder an enthusiastic member of the cyber security industry for so many years. Schroeder started out as a direct commission cryptologic warfare officer in the Naval Reserve for 10 years and is now a Wisconsin Army National Guard cyber warfare officer on the 176th Cyber Protection Team. Like others who have the privilege of pursuing their passion, Schroeder is involved in as many like-minded organizations as possible. In addition to his military service and 28 years at UW Madison, he holds multiple professional titles including board member for both the Wisconsin Security Research Consortium and the Wisconsin Information Security Center, mission liaison for the Intelligence and Security University Research Enterprise, and researcher on the Cyber Defense PhD program at the Beacom College of computer and cyber sciences at Dakota State University.
Schroeder is constantly looking through the lens of cyber security, even during everyday tasks and events.
“I’m always looking for how something could be defeated,” said Schroeder. “Like how a security control could be defeated or worked around.”
On a recent trip to the swimming pool with his family, Schroeder recalls a pool employee who unlocked their locker for them after they lost their key. Schroeder honed in on the fact that the employee didn’t verify that the locker was Schroeder’s before giving him access. No security questions verifying what was in the locker, no verifying ID’s or phone passwords, just blind trust, said Schroeder. He understands that not everyone has his experience in cyber security and thinks like he does, which allows him to think of all the worst-case scenarios that this lapse in security could enable: someone trying to steal his identity, hack into his phone or other accounts, etc.
“All of cyber security and all security regimes are still dependent on people doing the right things,” said Schroeder.
There are areas of innovation and research within cyber security that are focused on people doing the right things, said Schroeder. Research and technology involving the ethics, laws, and policy are necessary areas of cyber security that need just as much attention as defense. As more countries and people in general have access to technology and can get involved in this cat and mouse game, the ways in which people defend themselves may become more damaging to their opponent. This leads to concerns of what should be legally allowed in terms of cyber security and threat defense, and which agency is responsible for implementing this action, said Schroeder.
Being in the university environment, Schroeder sees countless computer science undergraduates with ambitions of working as software developers at large corporations who may be unable to get jobs because the market has become saturated.
“One of the draws to working in cyber security might simply be getting a job right now because there are so many open positions in this broad umbrella of cyber security,” said Schroder. “To borrow the sound bite that gets deployed often by the White House and CISA, there are over 700,000 unfilled cyber security positions, and that number grows every year. There’s a lot of job security, there’s a lot of demand.”
The field of cyber security is not only comparable in pay to software development, but it’s a genuinely exciting field to work in that allows individuals to do something good for others, said Schroeder. He references a hospital on the east coast that was recently hacked and unable to assist its patients for multiple days. Cyber security professionals were responsible for returning that hospital back to its functioning state.
“It’s exciting because you’re like a detective,” said Schroeder. “As a defender, you’re always looking for new ways to anticipate what that next move is or detect anomalous activity. There’s anything from policy, to law, to forensics, to security analysis and cyber threats. There’s a lot going on in cyber security. It’s not just one thing and it’s not only technical.”
Aside from hundreds of thousands of jobs, there’s also billions of dollars in funding including Department of Defense SBIR and STTR grants as the military seeks threat prediction and prevention. Much like other agencies, the DoD also seeks research and technology that will allow them to get valuable insight out of their vast amount of data. However, there are extra challenges to overcome when working with the Department of Defense.
Along with getting used to the military’s long list of acronyms, one of the barriers of working with the DoD is having the ability to work with classified information. To the first “language barrier”, just do it, get creative, and work with local military members or veterans with experience in the military cyber arena to start making connections, said Schroeder. The funding is worth it and there are programs like the Center of Technology Commercialization that can help individuals connect. As for the challenge of working with classified information, the Wisconsin Security Research Consortium has a sensitive compartmented information facility. This SCIF is an enclosed area which allows qualified researchers and individuals to work on a novel idea or small business focused on providing some capability to the government involving classified information.
Schroeder sees the opportunities that cyber security offers, and he wants to create awareness and partnerships within UW Madison, which, compared to its peers, has very little involvement in cyber security education and research. UW Madison does have a partnership with Army AI Integration Center and will begin enrolling active duty Army officers for data engineering graduate degrees this fall. The university can be taking this partnership even further with researchers and industry partners who would like to work on the most challenging problems in AI, said Schroeder.
Other colleges in the University of Wisconsin system are participating and taking advantage of DoD funding including UW Oshkosh, UW Stout, and UW Whitewater, the latter two of which are designated as National Security Agency Centers of Academic Excellence. Schroeder lists several other opportunities available to UW Madison researchers, such as the CIA Digital Innovation Directorate Digital Hammer Broad Agency Announcement, INSURE Academic Consortium, and the U.S. Cyber Command Academic Engagement Network.
“Through working together, we could bring better solutions for issues that haven’t been thought of before,” said Schroeder. “I think consortia and these kinds of partnerships that are willing to reach out cross institutionally and get after some of these problems are really going be successful. No one institution is going to be able to do everything.”
To hear more from Dave Schroeder and other experts, join us on February 8th and 9th for the Wisconsin AI Summit, hosted by the Center for Commercialization.