Richard Buckland says....‘My main fear is that we do not have enough people that understand cyber’
In India, there's a very large divide between academics and the industry, but in Australia, UK or USA, how in tune are professors and students with cybersecurity and related threats?
In cyber security in particular, there is a big gap between theoretical knowledge and practice. Bodies of knowledge take time to build up inside the security regions and new fields and its happening all around us now and we also have a problem. No sooner anyone becomes good at it, there is so much money to be made working in industry that there is a great temptation for all the strong academics to join the industry.
One of my students was offered a car as a signing bonus just to work for them. So there is a gap, but engineering has always had this gap. And the way we solve it as engineers is we have experts that teach the students the things that they need to know. When we are doing a topic on forensic, I get top forensic experts from major companies coming and teaching them. When we are doing something on reverse engineering, we get top engineers to come in. So academics need not have to be the sole source of knowledge. It is even a problem for companies; it is not even a difference between industry and university; even within the industry there are many companies who cannot employ people with sufficient expertise. So again we have to rely on the industry people sharing and helping each other. There are just not enough well-trained and experienced people to go around especially when the demand is growing so quickly. The engineering solution is you do not have the teacher being the expert, but the students do have to be taught by the experts.
One another benefit we have at UNSW is because we have been teaching for the past 20 years, my former students are placed with senior positions in large companies around the world so I have a large group of students who are happy to come back and help other students this is a tradition which we usually follow. About 5 years ago, I was teaching the first years and I didn’t have enough students so I put a word out and my whole lot of former students who are working as global engineers took time off and came back and gave 20% of their time and ran tutorials for free because I said, we need to help each other and help the next generation.
As somebody who's seen digital threats like scamming and phishing, what's your one great cyber fear?
My main fear is that we do not have enough people that understand cyber. That would pre-assumedly be fixed in a generation or two but I see in the future that there is a massive shortfall of knowledge. As children we learn to cross roads safely and we now instinctively cross the roads safely without having our parents around us. This is because the knowledge of road safety has been there. But cyber is new to my parents, people my age or yours don’t really understand cyber security so we don’t give our children instinctive understanding and there are no in-built reaction. There are no rules like you should never cross at the intersection or when there is a car coming one should pause, nothing sort of handbook is available in cyber. So my biggest fear is because the world doesn’t have enough trained people and because cyber education isn’t good enough here and it’s a universal problem. But we will make decisions now we are walked into the future.
In India, if you are extremely good at technology like security experts, would you say they would be chosen for their talent or training? How much is talent important and how much is training?
I think we have this myth that it is all metro talent and it’s not something you can learn and it all comes from the old days where there were not many ways to learn computing when it was a new subject. While most of the senior people are now self-taught but we found that training helps a diverse range of people so if you are not a traditional sort of computing student but if you go through our courses I find that you do just as well.
In particular the issue of women in computing is very important. Probably, at least half the time in our training program for high school and first year computing students, it is a girl who tops. Our women are just fantastic and most of our Indian women students are amazing. The industry of computing benefits from having women because computing is for everyone.
You speak about wanting to teach unconventional students, kids with special needs, how would you think they relate to technology? Are they more comfortable in that scenario and thus achieve great fear?
I think the way, at least in Australia, we have been taught for a long time is to target students who look, act and think like their teachers have a similar goal. In the world there are children with special needs who just have difficulties doing some things like Excel and other things, children in the fast range of students.
I think that if we just cater for one sort of person, whom we miss out or mankind misses out, from all the vast range of potential people and we particularly see this in India. There is a sort of stereotype that the people have and it is very dangerous to not have diversity. So in computing around the world, particularly in my teaching at UNSW we are focusing more on non-technical as well as technical skills. We define them for computing programmes and projects to work, for example like Google.
WhatsApp and FB are trying to regulate fake news, keeping that in mind is it possible for us in this age of massive trolling to be empathetic or find empathy? Do you think people's persona on social media is genuine?
Of course everyone is faking it. In a way, when you walk down the street you’re faking it. When we construct ourselves to what we should look like it’s very hard to be honest and authentic in everything you do. It’s human to think of other people observing you and then adjust your behaviour, and because of that there is a problem.