When Agnes Chan joined the Northeastern faculty in 1977, the internet hadn’t been born and cybersecurity consisted of a lock on the computer room door. The malevolent army of trolls, malware, automated bots, and human hackers that plague us today were still locked in the minds of science fiction writers.
Yet 41 years later, Chan is poised to retire as one of the founding faculty of the university’s acclaimed Cybersecurity and Privacy Institute and the principal architect of several graduate and undergraduate programs in this rapidly growing field.
Even as Chan prepares to retire, there is nothing backward-looking about her perspective. Although Chan looks forward to travel and spending time with her grandchildren, she plans to remain active as a professor emeritus, continue her research, and participate in the continued evolution of cybersecurity education.
According to the Department of Homeland Security, there are nearly 300,000 unfilled cybersecurity jobs in the United States—a number that is likely to skyrocket to 1.8 million globally by 2022.
“This is a major problem in our country and the world as a whole,” Chan said. “It’s a relatively new field, there aren’t enough students, and there is a major shortage of qualified instructors.”
In addition to her many professional accomplishments, colleagues describe Chan as a warm and generous person who is always willing to provide advice and assistance.
“She has been a delight to work with—thoughtful, resourceful, and creative,” said Carla Brodley, dean of the College of Computer and Information Science.
Guevera Noubir, director of Northeastern’s cybersecurity graduate programs, described Chan as a visionary in her field who recognized the challenges in cybersecurity and the importance of cyber education long before it was a national issue.
“She is hard-working, pleasant, reliable, open to questions, and a very good advisor,” said Noubir, who’s worked with Chan to develop several education programs and grant proposals over the past 17 years. “It has been a joy to talk with someone who shares my beliefs on ethics and the direction of education in the field.”
Founder and architect
Chan said her biggest accomplishment has been her role in designing Northeastern’s cybersecurity programs, which have received millions of dollars in funding from the National Security Agency, the Department of Homeland Security, and the National Science Foundation.
“I’ve done a lot of work with the NSA, so I understand what the government and the country needs,” she said. “From there you can project what the private sector needs.”
Although large industries have begun to respond to the flurry of massive data breaches over the past five years, she said smaller companies don’t have the resources to implement sophisticated security measures.
As a result, she said, security must be created at the programing level, which is why training in this field is so important throughout the college curriculum.
During the past decade, Chan designed several masters degree programs and the university’s interdisciplinary PhD program in information assurance. These efforts led to a $4.5 million NSA grant to provide scholarships to graduate and undergraduate students.
In 2012, Chan helped Northeastern win a spot among eight universities nationwide in a collaborative course with the NSA in which the agency provides students with real problems it needs to solve.
“The NSA has a lot of important problems and doesn’t have the personnel to devote to all of them,” Chan said. “At the same time universities have students who need to learn how to solve real-world problems. They’ll be helping the country while they’re learning the research methods needed to identify and fix security holes.”
In 2016, Chan worked with Noubir to design and launch a new course looking at one of the most formidable challenges in cybersecurity—cloud computing. One of the reasons this is such a daunting security issue is that each cloud system is unique. With this in mind, students designed and built a security testing system that can be easily reconfigured to work with multiple systems.
Through her work, Chan played a key role in winning Northeastern three designations as a Center of Academic Excellence from the National Security Agency and the Department of Homeland Security—Research, Cyber Operations Education, and Cyber Defense Education.
Breaking down the silos
Chan said the biggest challenge she faced during her four decades at Northeastern was breaking through the culture barriers in academia that resist an interdisciplinary approach to complex problems.
“Every one of us is trained in a specific discipline,” she said of academics. “Our PhD training focuses on depth rather than breadth, and because we’re trained that way, we think that way.”
The university has made great strides in this direction, hiring faculty based on their openness to looking at problems from perspectives that lie outside their comfort zone, Chan said. But there is still much work to be done in this regard.
“We’re still fighting the siloed mindset.”
She said cybersecurity is an excellent example of the need for an interdisciplinary approach.
“The NSA has outlined the fundamental knowledge students need, and they know that technology alone can’t solve the security problem,” she said. “You’re still dealing with humans—and it’s usually human error that creates the security problem. So students need training in psychology and the law and in criminology. You need to know how to develop the technological evidence.”
Computer science has come a long way from the days when the PDP-11 was the size of a refrigerator and PhD students like Chan had to punch a pattern of holes into piles of envelope-sized cards to communicate programing instructions to the computer’s brain.
Chan hasn’t been fazed by wholesale change that evolves at a cyber-speed that leaves many of her generation in a state of vertigo.
“That was the fun part,” she said. “You never get stagnant. You’re always learning. I like challenges and puzzles, and there were always new questions that no one had the answers to.”