Andy Herman’s curiosity was piqued while attending a family physicians conference. He wondered: Are these physicians really ready to move to electronic health care record systems?
At the time, Herman was in medical school and hadn’t really thought about cybersecurity. The medical industry was incentivizing physicians to make the move but not really training them in the potential pitfalls of keeping the data secure.
It opened his eyes to another career path. He decided to pursue the cybersecurity field and enrolled in the University of Washington Information School’s Master of Information Management program, and its information security specialization.
“Cybersecurity is such a great field to be working in right now. You hear about hacks and breaches, but do people really know what to do about that?” he asked.
To help answer that question, Herman founded the UW student group of the international organization ISACA, whose mission is to “define the roles of information systems governance, security, audit and assurance professionals worldwide.” The UW ISACA student group was registered in March 2016 with the university and is the 77th student chapter of ISACA. It has grown quickly and now has almost 200 members.
Annie Searle, iSchool lecturer and UW ISACA academic advisor, notes that, from the outset, Herman reached out to both undergraduates and graduate students, with a special recruiting emphasis on pathways to professional careers.
“I’ve been involved with ISACA for over 15 years, so It was easy to say yes to Andy and become the group’s academic advisor,” said Searle. “There really is no other formally organized group concerned with security, risk and audit. I’m proud of the work the chapter is doing."
The goal of UW ISACA is to develop a network between students and professionals in the field. They hold presentations and meetings to further the understanding of cybersecurity among the group’s members, who range from undergrads to Ph.D.s with majors as diverse as philosophy and informatics.
Monthly topics hosted by the group focus on technology and policy. Invited speakers have come from the Cloud Security Alliance discussing policy work and local security firms demonstrating how easy it is to hack a system.
The recent DDoS attack using the ‘Internet of Things’ that affected Dyn is an example of something most people outside of the security profession hadn’t thought about. Your webcam or baby monitor can be hijacked for malicious purposes. Herman said the group will tackle the topic at future meetings.
“Most of the questions I get from students are about whether their mathematics or arts degree can translate into a career in cybersecurity,” he said. “Most of the time, I answer ‘why not?’ You develop a passion for a topic and you use your subject matter expertise to pursue it.”