The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Category: Faces of GPS (page 1 of 4)

When the Wrong Person Leads Cybersecurity

By Matthew Rosenquist

Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.

I am unhappy to report that the industry has a pervasive problem that few want to discuss: a propensity to enlist inexperienced or unsuitable professionals to lead cybersecurity. It is time to change that caustic and enabling behavior by first recognizing the problem.

As an example, recently in the news, there was criticisms for someone appointed with the responsibility to lead the cybersecurity effort for the 2020 Olympics, but had never used a computer. How does someone who has never used a computer and has difficulty answering basic questions about USB drives, be tasked with building a cybersecurity program to protect the digital security, privacy, and safety for hundreds of thousands of people?

Downward Spirals

Sadly, I have seen similar situations play-out over and over again across academia, business, and government sectors. Far too often, poorly suited people are appointed such roles and it simply does not make sense. Let’s be clear, most are truly knowledgeable and accomplished in their primary field, but a transition to security is a significantly different domain. Engineering and product management executives focus mostly on static problems where there is a solution and desired end-state. Whereas in cybersecurity, we face a highly dynamic set of threat agents, people who are creative, intelligent, motivated, and dynamic, who will adapt to any solution. There is no permanent fix for cybersecurity as it is an ongoing competition to managing risks between defenders and attackers.

Human nature, overconfidence, and a lack of understanding the challenges begins to shape a counterproductive mindset. It is common for a professional from a different discipline, transplanted and put in charge of cybersecurity, to believe their prior expertise is equally applicable to the new challenges. Somehow, magically, they think they are as proficient and insightful at an adjacent domain as their previous profession. To those experienced in adversarial challenges who have seen this unfold, it is an affront to common sense. It is no surprise that such dangerous situations most often result in momentous failure.

For years, the turnover rate in cybersecurity leadership positions across the industry has been very high, with most Chief Information Security Officers (CISO) only lasting 2 to 4 years. When surveyed, CISO’s cite a lack of executive management support or insufficient budgets were the pervasive motivators. But that is only one side of the story as many CISO’s have been let go.

I have always been curious what C-suites and board had to say. When I ask company leaders about a change in cybersecurity leadership, I often hear that an outgoing CISO was ineffective, could not communicate risks well, and demanded significant budget increases every year yet the organization did not show a commensurate benefit. Events culminated when a severe incident occurred and then the C-suite or board chose to find a new security leader.

With the shortage of CISO’s in the industry, those displaced quickly find another company and continue their ‘training’. This musical-chairs routine does not serve the company or overall industry needs very well and simply transplants problems from one organization to another.

Masters of All

This mistake occurs regularly with technical personnel, probably as cybersecurity is generally characterized as a technology problem by the unacquainted. An accomplished engineer or architect is put in charge of security and now with ‘cybersecurity’ in front of their title they truly believe they are a risk expert. They are not. Being savvy in technology vulnerabilities and exploits is far different than understanding the massive breadth involved in managing risk. Most are unwilling to admit their shortsightedness in the breadth and depth of the challenges and their arrogance simply becomes a hinderance to seeking the needed help to be successful.

Ego can be such a major hindrance when the fear, of being perceived as not understanding a problem or knowing an answer, limits your actions. It is typical for a person in such a quandary to retreat back to familiar areas they know, resulting in defining the problem and solution only in the terms of technology. This ignores the behavioral, adversarial, and process aspects that are crucial to managing risk. With blinders on, they continue to push forward regardless, thus the car wreck begins.

Cybersecurity is more than just a ‘tech’ problem and will never be ‘solved’ with technology alone (two pervasive misconceptions from engineers first joining cybersecurity). They are likely doomed. I have seen this happen countless times and can spot it a mile away. It is like an automobile accident happening in slow motion with an overconfident driver continuing to push forward as metal bends and glass shatters.

Enlarged Version of Cybersecurity Domains

Part of the issue is that people, who are experts in one field, assume they understand the entire problem set in another adjacent but ambiguous field. It is not until they are in the new role, that they then experience the unforeseen challenges of a different world.

Imagine a hospital. Would you promote the engineer who developed a defibrillation tool to be an emergency room doctor? No. Although tools and technology play a crucial role in medicine, it is not the same as predicting, preventing, detecting, and responding to health risks for patients across their lifespan. The same applies in cybersecurity. Technology is the battlefield, not the war. Understanding the terrain is important, but must be combined with a keen assessment of your opponents, and the ability to operationally maneuver in advantageous ways.

This is true in other fields as well. Aeronautical engineers aren’t promoted to fighter pilots and textbook publishers aren’t necessarily good grade school principals, so why do organizations make the mistake of a taking a software engineer or business-line product manager and expect them to be successful in leading cybersecurity?

Two Scenarios: Vastly Different Chances for Success

Now, I did say this is a recipe for failure most of the time. There are some, very rare situations, where an insightful but inexperienced person takes a cybersecurity leadership role and succeeds. It is possible. I have only seen it a handful of times and in every case that person was realistic about their knowledge and checked their ego at the door.

Guaranteed Failure:

An engineer, project manager, or business executive is put in charge of cybersecurity. They are confused or intimidated by security practitioners in their organization and respond by immediately surrounding themselves with like-minded, yet similarly security inexperienced people. They add other engineers, marketing, and legal people to their core echelon, inadvertently creating a self-reinforcing ineffective group-think team. Congratulations, an inexperienced leader has just encircled themselves with a cushion of people who don’t have the knowledge to challenge poor directives or independently deliver sustainable success. If you wonder what conversations with them are like, take a look at the Dilbert cartoon, specifically the ‘manager’ character. That is pretty close. Funny from afar, but frustrating up close.

Ineffectual organizations tend to grow fast, spend a lot of money, make hollow promises, tell a story of difficult times that are turning around, but have no real strategic plan, prioritized goals, or clearly defined scope with organizational roles and responsibilities. They seek non-existent cure-all solutions, and their long-term stratagem is to hope nothing bad happens while they battle daily issues. Even worse, the proficient security personnel, that may have been part of the team, will likely leave such a caustic environment for a better employer. That breaks my heart when I see capable people who want to make a difference, driven away. When quality employees begin jumping-ship en-masse, it is a sure warning sign.

The easiest way to detect this situation early on, is to look at their metrics, or lack thereof. If a security organization operates without the benefit of tangible metrics, it is a likely sign they have not defined or are not tracking against goals, roles, objectives, and probably aren’t measuring or tracking risk. What they are doing is responding to issues, self-marketing, rapidly growing the team, consuming significant resources, slowing down the business, and the looking for people to blame when their ineffectiveness becomes apparent. These orgs don’t last. They implode. People quickly leave and executive oversight will soon look past the whitewash to cut budgets, headcount, and eventually replace the leaders.

Potential for Success:

An engineer, project manager, or business executive is put in charge of cybersecurity. They understand they are not a security expert, so they assemble a team who has experience and talent in protecting digital assets, understanding threats, can articulate risks, and are intimate with the technology in use. They build an organization structure that is comprised of operations, engineering, and risk intelligence teams. Then listen and learn. Great leaders bring in the best people and let them excel. They quickly get clarification on the business goals and expectations from executives and customers. They then identify prioritized objectives, define a scope, derive the supporting measurable goals, identify areas in need of immediate attention, and establish the measures & metrics necessary to track progress.

Governance issues are addressed and a strategic process capability is embedded to constantly improve the organizations risk management ability to predict, prevent, detect, and respond to threats. They establish both the tactical plans necessary for immediate survival and day-to-day management, but also define a long-term directional strategy that takes into account the ever-evolving threat landscape, technology changes, and shifting expectations for security, privacy, and safety.

Proficient security workers thrive in such organizations and rarely leave. With a strong plan and capable team in place, leaders can effectively communicate and advocate across the organization. If all of these elements land in place, with the proper support, even an inexperienced security leader can have a chance at success.

Unfortunately, it rarely happens.

Failure is Expensive

Cybersecurity is difficult. It becomes exponentially more problematic when someone who lacks the necessary mentality or skills comes in and makes it profoundly worse. Cleaning up an ineffective legacy security program is painful, expensive, and time consuming. Simultaneously, a poor risk posture opens the door to more attacks and greater impacts until a capable security program is instituted.

We must understand that cybersecurity, like many other highly specialized roles, requires a depth of insight and experience to lead. I will echo Sun Tzu’s “…do what is great while it is small” and recommend putting a good leader in place the first time to build an effective and sustainable cybersecurity organization.

Let’s all break the silence and openly discuss the cycle of poor cybersecurity leadership, for everyone’s benefit.

For more insights on the challenges and required strategic deliverables, read my post Cybersecurity Fails Without Strategy.

Interested in more insights, rants, industry news and experiences? Follow me on Steemit and LinkedIn for insights and what is going on in cybersecurity.

Read the article as originally published here.

Matthew Rosenquist is a member of the Brandeis GPS Information Security Leadership advisory board. He is a Cybersecurity Strategist for Intel Corp and benefits from 28 years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Governance and the case for bringing cybersecurity out of IT

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

Information security governance is perhaps the most challenging aspect of cybersecurity.

Governance, while not a four-letter word, is often discussed with the same grumble that one uses when speaking about the dentist or aged fish. The basics of governance revolves around the advancement that simple accountability and transparency deters calamity. One cannot predict and avoid all disasters — think volcano here — but at the same time, one cannot grade one’s own homework.

It works well until there is a real test and someone else has the red pen. I think it was the queen of corporate governance, Nell Minow, who said, “watched boards change.” I agree, and would say this observation can be applied all the way down the corporate chain into an organization: those that change are the ones who are watched as objectively as possible.

So what does this have to do with cybersecurity, and why is governance hard in the cybersecurity space? There are a number of reasons for this perception. First, boards have been bamboozled by jargon and an IT executive tier that has been unclear and unsure of what and how to report on security. (For those of you on boards, when was the last time you had a security executive discuss the direct link between spend and the measured reduction of risk?). Indeed, in a Bay Dynamics/Osterman Research survey, “the majority (85%) of board members
believe that IT
and security executives need to improve the way they report to the board.”

While I am not a fan of standards for standards’ sake, the ISO/IEC 38500:2008 Corporate governance of information technology has the following useful definitions:

  • Corporate governance: The system by which organizations are directed and controlled.
  • Corporate governance of IT: The system by which the current and future use of IT is directed and controlled. Corporate governance of IT involves evaluating and directing the use of IT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using IT within an organization.
  • Management: The system of controls and processes required to achieve the strategic objectives set by the organization’s governing body. Management is subject to the policy guidance and monitoring set through corporate governance.

Security leaders should tack these definitions to their wall.

When it comes to how security leaders can set the right direction for the board and make sure the Board has the right information for strategic oversight, I think it is a “two-way street.” Boards need to come to the security business and ask questions and security leaders need to come to the Board with improved reporting. Perhaps an improvement would be an approach that keeps the security report separate and distinct from that of technology. For organizations where information security, or cybersecurity, does not report to IT— bravo! You have taken a step toward greater transparency. The inherent mission of IT is accessibility and availability and the inherent mission of security is possession (control), protection and integrity. These missions are often in conflict, and managing them under the same leader (often a technology leader), could result in a Head of Security who does not have the chance to challenge or push back against the IT Executive who writes their performance assessment and controls their compensation.

We can better coordinate, manage and govern our complete security capabilities by bringing cybersecurity out of IT and taking a more holistic approach to incorporating physical and facility security, fraud and loss mitigation, and the other components converging security capabilities, data collection, management, and ultimately governance.

An organization’s board and business management must be in alignment where spend and the use of emerging technology are converging for the business. Security leaders should consider the following approach to champion governance:

  1. Above all, be transparent and accountable. Don’t tell the board what they want to hear or what you think they want to hear (they know when they are being managed). Represent the security program objectively. Characterize how security investments support the delivery of value for the business and supports organizational objectives.
  2. Do the hard work to consistently measure, monitor and report on security risk, and to provide the analysis between security investments and the execution to mitigate or manage risk and reduce or limit potential impact.
  3. Share performance and achievements of security resources — these drive the execution of a program and they are where the rubber meets the road for execution of the security program. Just like other business function, people are what drive success for a security program.
  4. Demonstrate how cybersecurity is aligned with and supports the strategic planning and objectives of the business and the expected business outcomes. Often the inherent conflict between the IT mantra of constant access and availability will be in conflict with cybersecurity’s mission of possession, protection and integrity, but the two do not have to be contentious, but IT needs a peer who can hold IT accountable if needed, not a lackey who does what they are told.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps.

Faces of GPS: Meet Kathryn Wight – Director of Partnership Engagement

Did you know that Brandeis GPS helps companies develop stronger workforce pipelines?

Kathryn Wight Headshot

As Director of Partnership Engagement, Kathryn works with employers to understand their organizational needs and determine opportunities for Brandeis GPS to help upscale their employees. These corporate partnerships provide tuition scholarships and/or trainings and continual conversation around educational support.

Born and raised in Carlisle, MA, Kathryn received her degree in psychology and criminal justice from North Carolina’s Elon University. Upon graduation, she chose to remain in the south for a while. After spending some time working as a paralegal, she decided not to pursue a law career and made her way to higher education. 

Kathryn spent eight years at The College of William & Mary before her New England homecoming. She first served as the recruitment manager for the school’s undergraduate career center, working with employers to schedule their on-campus visits and planning career fairs. From there, she spent a few years counseling Master of Accounting students and managing employer relations for all master level programs in the Raymond A. Mason School of Business.

In her role at GPS, Kathryn focuses on helping companies envision how an educational partnership with Brandeis can help cultivate a strong employee benefits program. She finds meaning in building personal connections with partners and gaining a better understanding of how GPS programs and courses can help fill the unique needs of each organization she works with.

Kathryn’s favorite part of her job is all the people she gets to meet and learn about companies from startups to large Fortune 500 firms.

Outside the office, Kathryn is a runner who likes to travel and explore different food and wine cultures. She is currently planning a wedding (that is now less than six months away). She is also a dog lover and enjoys spending time with her five-year-old niece. 

Learn more about our corporate partnership options on our website or contact Kathryn Wight at kwight@brandeis.edu or 781-736-8725.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Security and the Internet of Things

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

Love it or despise it, the Internet of Things (IoT) has forever altered human thinking and interaction. Increased telemetry from our bodies through wearable tech and app analysis of data about our health and personal space has led to discovery, identification and interactions with others through apps and smart devices that is the new norm. How will this explosion of devices change our mission objective as security leaders and professionals?

The term IoT is generally applied to “endpoint” objects such as devices, wearables, cameras, chips, toys, and other objects that can be accessed through a connection such as WiFi or other carrier signals and interacted with via the internet. Examples that have become pervasive would be FitBit wearable’s, iWatches, Alexa or Google Home devices, Nest thermostats, and medical devices such as insulin pumps. While these devices are limited in capability, often just one or two functions or a binary state of on/off, the numbers of devices and the absence of uniform minimum security standards from manufacturers present a problem (several actually) for our IT departments Infrastructure management and security professional.

We can easily find statistics about the number of devices that have emerged in earnest since 2008. The 2017 Cisco Visual Networking Index provides a comprehensive view of some of those numbers. Two of my favorite highlights from this report include:

  • There will be 3.5 networked devices per capita by 2021 (global population 7.875 times 3.5)
  • IP traffic in North America will reach 85 EB per month by 2021 (And North America will not be the highest trafficked global region)

While I am not sure where that bandwidth comes from (I cannot get great consistently streaming bandwidth for Netflix sometimes), what worries me more is patching, tracking and controlling devices. Now, I am not suggesting we control all devices, but I need to control the ones that are on my network because they will increase the potential surface of attack for our networks by orders of magnitude. The more devices you add, outside of implemented and effective controls, the quicker your organization will suffer a breach. Therefore, if you don’t get roles such as patching right you will be lost under the crushing weight of IoT adoption rates. We have to get the “basics” right to ensure we have a foundation capable of integrating IoT devices. We will also need to assess risk and device configuration and a number of other areas we will not venture into here.

In the world of cyber security, people and data are what we most are accustomed to thinking about protecting and defending against. How do we wrap our heads around the potential problems of IoT where the numbers are so much higher? I would submit that we undertake the following approach:

  1. Get the basics right. There will be a lot of debate about what “get the basics right” means but at a high level, I am referring to:
  • Have a comprehensive security program based on risk, with regular assessments
  • Identify where all your data is located and ensure it is appropriately categorized
  • User access, and privileged access, is controlled and re-certified (access for IoT devices as well)
  • Network traffic is premeditated and segmented and network information is logged and monitored (must also scale)
  • Systems management has KPI’s and documented configuration baselines or employs a CMDB
  • Change Management and patching are religiously observed and followed
  • There is a formal incident management/response process (and adjust and augment IR for IoT)
  • There is a crisis and contingency management plan that is tested and updated annually

Yup, that was just step 1. Get all this right and you can start to think about being able to control IoT in your ecosystem.

2. Determine the level of increased risk, or changed risk, related to data loss or breach from #3.

3. Augment your information management or data governance policies and processes to encompass IoT increased data creation and interaction.

4. Determine the physical limits or extensions of IoT devices. Can users outside your physical location use devices or access devices inside your physical location? Do you need to limit (or attempt to limit) the carrier signal outside your four walls?

5. Hire a competent and qualified leader to bridge between security and IT. Brandeis Information Security Leadership graduates are great candidates.

IoT is a big problem that can seem overwhelming, where unpatched devices can increase your threat surface by orders of magnitude. Remember, getting the basics right will see you treating IoT with the same risk strategy that has allowed you to manage technology risk.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps.

Image source: https://www.personneltoday.com/wp-content/uploads/sites/8/2015/06/wearable-tech-wearable-technology.jpg

Information Security has the perfect mindset to facilitate decision-support red teaming

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

We hear the term “red team” liberally used these days, applied in the security space for both force-on-force scenario testing (subverting hardened facilities and assets) and in the information security space, primarily referring to “white hat” hacking to assess security posture for systems, devices, network perimeters and web applications.

A “red teamer” in the decision support or strategic space is formally trained and uses critical thinking tools and techniques to provoke analysis, stress test strategies, plans and perspectives. At the heart of this work is the modeling or reframing of the problem space from the adversaries perspective.  Red teamers and Security Pros are by nature contrarians, and it is this contrarian mindset we want to capitalize on.

While cybersecurity “red teaming” as penetration testing is vital to an organization’s testing of its security and data protection posture, it has a narrow scope. However, everyone these days in this space wants to refer to his or her work as red teaming. The practice of decision support red teaming is the area that I am submitting an organization can immediately benefit from and are not currently employing. This is an area where your security team can add value by adopting the tools and techniques to facilitate red teaming. Information security professionals are diverse thinkers and often “see” across the entire enterprise. Equipping them with red team tools and techniques can enhance their value in guiding the organization to make better decisions.

Red teaming and the value of a premortem

So how do we do it?  How do we immediately capitalize on our existing stance as contrarians to serve as strategic red teamers? There are a number of available tools such as the U.S.Army’s Applied Critical Thinking Handbook, and Bryce Hoffman’s Red Teaming. We start with, most importantly, is buy-in and genuine support from the top of the organization, and the admission that we will trust our decision to conduct red team analysis and we will be true to the results. There are a number of short tools to use to try this, one of the most straightforward is to have your security staff conduct a premortem on your most important security project for the upcoming year.

The basic approach of the premortem is to visualize, prospectively, about the project failing and using this to illuminate the cause(s) of the failure.  This is not a risk assessment. We are not speculating on what could harm our project, we are identifying what actually caused the failure. This is pathology; we are engaged in diagnosis, not prognosis. Supplies needed are easy to acquire, you will need paper or index cards and pens/pencils and a white board or projector.

  • The leader (security staff facilitator) level sets with the group by reading out the summary from the business case or a summarized version of the project. The leader tells everybody that they should assume that their team, the project team, has made the decision to go forward and that the project has gone forward and has concluded. We are in the future now, a year into the future, and the project has been an utter failure. It has crashed and burned with no redeeming outcome or benefit.
  • Exercise: Each player (project team member) takes the paper in front of him/her and writes a brief narrative or cause of the failure. Take 5 minutes and work in silence.
  • The facilitator collects the paper or cards and generates a list of all the points on a whiteboard or projector. The facilitator can now work with the group to solicit further failure ideas, inspired by the list.
  • Engage in a game to further determine the top five causes for the failure. [A practical note here: if you conduct a premortem and determine a set of failures that are agreed universally by the group as being actual failures, you have a fundamental problem with your project. Stop it immediately and take a step back and rethink the plan.]

Red teaming is best conducted with as diverse a group as possible, and often times those who have had the least to do with the project plan formation can provide insights into points of failure. As you look to expand your tool set in the future, a master’s degree in security leadership can help engender this contrarian mindset and improve the value of security in your organization.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Image source: LeadX.org

Meet our newest GPS faculty members

The first week of the October session is here and we are excited to introduce the newest Brandeis GPS faculty members. These industry leaders come to Brandeis GPS with expertise and established networks within their fields. We have no doubt that the knowledge and experience they bring will provide for meaningful learning opportunities in the online classroom.

Garrett Gillin – RDMD 110: Principals of Search Engine Marketing

Garret Gillin Headshot

Garrett Gillin, MBA, is a co-founder and Principal at 215 Marketing, a Google Premier Partner agency located in Philadelphia, PA, where he oversees the development and execution of integrated digital marketing initiatives with a concentration on programmatic advertising, marketing automation, and advanced analytics.

Todd Chapin – RUCD 185: Design for Non-screen User Experiences

Todd Chapin HeadshotTodd Chapin is a co-founder and Chief Product Officer at ShopClerk.ai. He has experience in product management and UX, as well as expertise in personal mobility, speech recognition, and e-commerce. He has worked at Zipcar, Audible, and Nuance Communications. He has graduate and undergraduate degrees in Human Factors Engineering from Tufts University.

Ernest Green – RSAN 160: Predictive Analytics

Ernest Green Headshot

Ernest Green MS, MBA, PMP, is Vice President of Data Mining at a large financial institution in Dallas, TX. Prior to this role, he worked as a Data Scientist with General Motors and has 10+ years of diverse analytics experience. He holds multiple college degrees and most recently completed a Master’s in Predictive Analytics from Northwestern University. His research and expertise are in analytics, machine learning, natural language processing and artificial intelligence.

We are so pleased to welcome these new faculty members to Brandeis GPS and look forward to seeing how they bring their expertise to their online classrooms.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Brandeis graduate student publishes new book on AI and Robotics

We are excited to announce that Brandeis Project and Program Management student, Francis Govers, recently published a book, Artificial Intelligence for Robotics. Govers provided us with the following description:

Artificial Intelligence for Robotics starts with an introduction to Robot Operating Systems (ROS), Python, robotic fundamentals, and the software and tools that are required to start out with robotics. You will learn robotics concepts that will be useful for making decisions, along with basic navigation skills.

As you make your way through the chapters, you will learn about object recognition and genetic algorithms, which will teach your robot to identify and pick up an irregular object. With plenty of use cases throughout, you will explore natural language processing (NLP) and machine learning techniques to further enhance your robot. In the concluding chapters, you will learn about path planning and goal-oriented programming, which will help your robot prioritize tasks.

By the end of this book, you will have learned to give your robot an artificial personality using simulated intelligence.

What you will learn

  • Get started with robotics and artificial intelligence
  • Apply simulation techniques to give your robot an artificial personality
  • Understand object recognition using neural networks and supervised learning techniques
  • Pick up objects using genetic algorithms for manipulation
  • Teach your robot to listen using NLP via an expert system
  • Use machine learning and computer vision to teach your robot how to avoid obstacles
  • Understand path planning, decision trees, and search algorithms in order to enhance your robot

Francis Govers’s paperback and e-book can be found on Amazon here.

For software engineers seeking to develop an advanced set of robotics technology skills, Brandeis GPS offers an MS in Robotic Software Engineering. For more information about the part-time, fully online program, contact the  GPS office: 781-736-8787, gps@brandeis.edu, or submit your information.

Top 10 data scientist Charles Givre becomes new Strategic Analytics program chair

Headshot of Charles GivreBrandeis GPS is delighted to announce the appointment of Charles Givre, MA, CISSP, as the new chair of our online MS in Strategic Analytics program.

In his role as chair, Charles ensures high course quality and provides the industry insights that keep the program’s goals and outcomes current and relevant. He also recruits and mentors faculty, and advises students on program and course requirements.

Charles is a Vice President and Lead Data Scientist at Deutsche Bank in the Chief Security Office (CSO), where he leads an international team of data scientists working on security challenges. He has a passion for solving difficult problems with data and using data in unique ways to drive business decisions. In fact, Charles was recently named as one of the Top 10 Data Scientists you need to know right now by Enterprise Management 360.

With over 10 years of experience in the intelligence community in various organizations, Charles has a lot to share with the data science community. Charles regularly presents classes and presentations at international conferences including Strata, BlackHat and the Open Data Science Conference. His research interests include adversarial machine learning as well as improving analytic efficiency. He is a committer to the Apache Drill project and has co-authored a book on the topic.

Charles received undergraduate degrees in Computer Science and Music from the University of Arizona before getting his MA from Brandeis University. Then, he went on to work at the CIA and Booz Allen Hamilton before starting in his role at Deutsche Bank.

Learn more about the part-time, online Master’s of Science in Strategic Analytics here.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Meet Theo Groh: Founding Partner of Wheelhouse Web and Student of Brandeis GPS

Business owner and matriculated student at Brandeis GPS uses knowledge from Master’s program to grow his business and help achieve long-term professional goals.

Theo Groh is a matriculated student in the Brandeis Graduate Professional Studies (GPS) Master of Science in Digital Marketing and Design. Theo was hesitant to go back to school while working full-time growing his business, Wheelhouse Web – a web, communications, and marketing solutions company based in New Hampshire. Theo is three classes into his degree, and is already seeing GPS help with his long-term professional goals:

  • To build his new company into a thriving and financially stable company that can provide full time employment, benefits, and a growing return to himself and his business partners.
  • To develop his marketing skills to truly have his company be a one stop shop for digital marketing.
  • To grow his company to the point that allows them to take only the clients they absolutely want to take and allows them to work with clients promoting social or environmental change.

Headshot of Theo GrohTheo is among many students who are full-time professionals that are looking to enhance their careers with the benefits of a high-quality graduate education in niche fields with the convenience and flexibility of online learning designed for working professionals.

He has already made progress toward his professional goals, and says that, “So far, GPS has helped me expand the range of digital marketing services I offer and boost my confidence in my skill set. I believe it has also helped strengthen my professional resume, which has helped attract and retain clients.”

What first caught Theo’s attention about GPS was that it is completely online, allowing him to work full-time, is practical and relevant to the work he wants to do, and doesn’t require GRE or standardized test scores.

“I really liked that the degree was specifically in Digital Marketing and Design, not just in Marketing or an MBA with a marketing focus,” said Groh. “That was important because if I was going to go back to school, I wanted a degree that was very specific to the field I was in, very relevant to the work I was doing, and could help me in my business by helping certify to clients that I knew what I was doing.”

GPS offers 13 different master’s Programs in professional fields:

Theo says, “I think what I value the most about GPS is that I am in a class full of working professionals in my field being taught by an expert working professional in my field.”

GPS instructors are industry leaders who also work full-time outside of GPS, bringing real-world experiences and knowledge to their classrooms. And because class sizes are capped at 20 for GPS classes, students like Theo can network within their classes to build connections within their fields.

Before founding his new company in July 2017, Theo worked in New Hampshire politics, independent school admissions, outreach, and marketing. His education at Brandeis GPS has also enriched his political volunteer commitments and outside hobbies. Since starting his most recent class, Writing for Digital Environments, Theo has taken on a long-term personal goal of online food writing, committing to do a monthly blog post on local New Hampshire food and drinks for Stay-Work-Play New Hampshire.

Theo’s experiences in politics, which may seem unrelated to Digital Marketing and Design, informed his work ethic and gave him experiences that help him bring diverse experience to his business and his classes. He says of his time working in politics,

“During that time, I was working 14-18-hour days 7 days a week for months on end during campaign season… I learned that I had it in me to do that kind of work. Like doing endurance training, my experience working in politics showed me what I was made of and taught me what my capabilities and limits were. If I could work long hours in an extremely high-pressure environment for low pay in politics, often for challenging bosses, I knew I was capable of working hard and succeeding in almost any environment. It taught me not to be afraid of hard work and gave me the confidence I needed to start my own business.”

Theo’s business “aims to be the trusted web design and digital marketing choice of dynamic small businesses, striving non-profits, and thriving schools.”

In order to help him reach his goals and the goals of his company, his MS in Digital Marketing and Design at GPS offers the following program outcomes:

  • Build and actively manage digital marketing campaigns across social media, website and mobile platforms.
  • Have a comprehensive working knowledge of digital and social media platforms.
  • Write appropriate content for online and digital audiences.
  • Develop thorough digital marketing campaigns that integrate multiple channels.
  • Track results of digital advertising through analytics tools and use the data to inform future marketing decisions.
  • Use advanced media tools to enhance digital strategies.
  • Communicate the value of digital marketing as it relates to an organization’s overall marketing strategy.

Theo has found that his class assignments help his real-world experiences in business, and says, “I really love the assignments where we have to pick existing companies and talk about how they do on a particular aspect of marketing. I think it’s a great way to learn, and it helps me with my company because a big part of what we do with our small business clients is going in and analyzing what they are currently doing for digital marketing and providing them with advice and services to improve their marketing. I also like the assignment we have in [Writing for Digital Environments] of picking an organization or business that needs help with their marketing. I think it’s a great challenge, something I love to do in my business, and this assignment is helping me think about the best ways of doing that.”

Not only have his GPS classes enhanced his professional life already, but Theo’s professional experiences have enhanced his learning. In his GPS classes, he engages in discussions with professionals at varying levels of their careers in the Digital Marketing and Design field, allowing for rich learning from instructors and peers.

Content contributed by Digital Marketing and Design student Lily Gardner with permission.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Set Your GPS, the Next Stop is Your Dream Job

A Boston-area native finds Brandeis GPS Digital Marketing and Design program course offerings align best with her professional goals.

Brittany Sullivan grew up in Norwood, MA about 25 minutes outside of Boston. It’s also about 17 minutes from the Reebok International Headquarters, a place Brittany has wanted to work at for as long as she can remember.

Brittany Sullivan Brittany set her sights on becoming the next digital marketing manager at Reebok, something she would need to work very hard for. But that hard work is not without its rewards, including better job prospects and a higher annual salary. According to a 2015 Georgetown University study called “The Economic Value of College Majors”: “College graduates with a bachelor’s degree earn an average annual salary of $61,000 over the course of their career, while those with a graduate degree earn $78,000 annually.” With undergraduate degrees becoming more common, a master’s degree can really give you added skills and more confidence to pursue and land your dream job.

Some of the subjects Brittany felt passionate about weren’t offered during her undergraduate degree in marketing. Her college offered more generic marketing classes that didn’t focus on digital media. She researched a few different programs, but found the list of courses offered by Brandeis GPS to be the most focused on her professional goals.

Why Enroll at Brandeis GPS?

Brandeis GPS works around your schedule. There are many students currently enrolled who also work a full-time job, just like Brittany. Because Brandeis GPS offers part-time online classes, students can work full time and study when it’s convenient for them. Not sure if a master’s program is for you? Or are you worried about the increased workload? Brandeis GPS will let you take two classes as a trial before officially applying to the program. This can help a potential student gauge if he/she will be able to continue working a full-time job and attend class in-person or online. Recent college grads who are new to the workforce might not be ready to work and take classes at the same time.

Brittany knew she was interested in marketing, but things can change. Brandeis GPS offers 12 master’s degrees, from software engineering to project management. Brittany had the freedom to change and not have to leave the GPS program. But she was concerned about working a full-time job and going to school. In fact, she was all set to take two classes, but after meeting with her student adviser, she decided to start with one and see how it went.

Need Directions?

Everyone learns in different ways and at different speeds. There are a lot of questions to ask yourself before getting a master’s degree at any school, like how long you intend on working in your chosen field, or if there are any financial concerns. Student advisers can help answer these questions and more. Let them be your guide through this exciting transition into higher education.

The GPS program offers small classes, giving the instructor more time for 1-on-1 interaction. Every instructor has virtual office hours or can meet virtually by appointment.

For students who have never taken an online class, the structure can seem foreign at first and maybe a little intimidating. Brittany could continue working at her job, thanks to the flexibility that online classes offer.  GPS faculty are trained to teach online, so that you can focus on learning. In addition to extra training, professors are active professionals in their fields to ensure you are receiving the most up-to-date information and instruction. Even during online classes, students are encouraged to comment on their peers’ work, some assignments also will require students to work as a group.

The Road Ahead

“We should not judge people by their peak of excellence; but by the distance they have traveled from the point where they started.”
― Henry Ward Beecher

By the end of Brittany’s graduate program, she will be one step closer to her dream job at Reebok. She will be a valuable employee because she invested in her future.

This is Brittany’s first course at Brandeis and there will be many more. She knows she is on the right path with the Brandeis GPS program.

Content contributed by Digital Marketing and Design student Andrew Scarella with permission.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Older posts

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)