Brandeis GPS Blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Tag: Brandeis GPS faculty

Of reasonable security and other mythical creatures

The blue light from the screen of a half-open laptop lights up the keyboard

Written by: Alain Marcuse, Information Security Leadership Faculty

Imagine you are responsible for cybersecurity at your company. Your mission is to support the business, but you’re among the 90% of security leaders who believe they are falling short in addressing cyber risk, according to the 2021 Security Priorities study by Foundry. You are well aware that threats continue to evolve faster than your budget and/or resources; according to the same study, 54% of CISOs expect no increase at all in their budget next year. 

Against this backdrop, cybersecurity threats are certainly not standing still. According to PwC’s 2022 Global Digital Trust Insights report, more than 50% of organizations expect a surge in reportable incidents, over the 2021 rate. In short, the threat landscape continues to grow more rapidly than the resources available to you. 

But the challenge is not only a “simple” matter of balancing resources against threats. Cybersecurity is an increasingly regulated field, governed by sectoral laws such as HIPAA or industry standards such as PCI DSS, state laws such as in Massachusetts or New York, and even extra-territorial laws such as the European Union’s GDPR. Insurance companies are increasingly imposing their own requirements as well, in order to better manage underwriting risk.

In short, you need to make sure security doesn’t interfere with the business, or slow it down; but your primary responsibility is to maintain the organization’s security, in a context where the threats keep increasing, regulations keep multiplying, but the budget made available to you remains flat. 

You are expected to maintain “reasonable security”, but how do you define that, let alone achieve it? What’s deemed reasonable can well be in the eye of the beholder, and also changes over time. Technology evolution also requires updating the concept of what’s reasonable; what made sense in 2012 does not necessarily make sense in 2022. Consider something as simple as password length. PCI DSS 3.2.1, a standard released in 2018 and which still governs security requirements at merchants that use credit cards, requires passwords to be 7 characters long. In 2022, it is estimated that such weak passwords can be cracked within 7 seconds. Is this “reasonable?” If a breach happens, how will you answer “how could you let this happen?”

The key to resolving this challenge is to regularly take the time to take stock of the threat landscape, and the security program’s ability to confront it, by means of a formal risk assessment – whether conducted internally or by an external party. While most security teams are often stretched simply keeping up with day-to-day challenges, it is important to take the time to look at the broad picture and ensure security strategy and tactics are still aligned to the threats, regulations, and business requirements at hand. A risk assessment will also help with prioritizing what initiatives will be undertaken and why, and what risks will be deemed acceptable, making the program more defensible when discussing it with other executives, the Board, or regulators. 

While regular risk assessments provide a frame of reference to enable an answer to the “reasonableness” question, it is important to remember that the reality is that all security programs will fail, in one way or another, sooner or later. Cybersecurity is a form of asymmetric warfare where the enemy is typically better equipped and less constrained than the defenders. As a result, two key elements must be prioritized: defense in depth, and incident response. 

If you have received a breach notification from a company you work with, you will undoubtedly have noticed that the breach was always the result of a “sophisticated” attack, possibly leveraging a “zero-day” vulnerability. By definition, a “zero-day” vulnerability is one for which no patch currently exists. As of mid-2022, 18 such vulnerabilities came to light just this year. Given the near-certainty that some attack vectors will succeed, implementing a defense-in-depth strategy will help minimize the damage, in a cybersecurity version of James Reason’s “Swiss cheese model” metaphor in describing failure of complex systems.

While a defense-in-depth strategy can help minimize the damage, damage will almost certainly happen at some point; it is here that a well-developed incident response program matters most. This is really not dissimilar to good crisis management practice in any other discipline; a well-prepared, well-rehearsed plan for managing and communicating about a cybersecurity incident will go a long way towards mitigating damage, including reputational damage. 

The concept of “reasonable security” may well be an elusive beast, given it can be subjective and/or defined differently depending on the entity or circumstances in which the reasonableness question is answered. But a security program structured on the foundation of regular risk assessments, deploying a well-considered strategy of defense in depth, and supported by a properly-rehearsed incident response plan, will be more likely to be perceived as meeting a “reasonableness” standard.


Alain Marcuse is a professor in the Information Security Leadership program at Brandeis University, and the Chief Information Security Officer at Validity Inc.

For more information about the Information Security Leadership program or other online master’s degrees available at GPS, please visit brandeis.edu/gps.

Q&A with Elizabeth Rosenzweig

Faculty: Elizabeth Rosenzweig

Program: User-Centered Design

Education: Massachusetts Institute of Technology, SM and Goddard College, B.A.

Bio: Elizabeth Rosenzweig is a design researcher whose mission is to use technology to make the world a better place. She believes that the best design comes from good research. This all starts with a user-centered design. From volunteer events, design challenges, and research projects. Elizabeth has been able to push the bounds of the current status quo and innovate. Examples include founding running World Usability Day, producing 4 Patents on intelligent design for image management and organizations, long-term impact on Medicare.gov, yearlong study on body-worn cameras, and other projects. Rosenzweig’s work can be seen at designresearchforgood.org.

 

How did your career journey lead you to User-Centered Design? What has the path been to becoming a design researcher?

I started my career as a photographer and a graphic designer.  I thought that visual art/design was going to be my career journey. But an unexpected development happened when I applied to graduate school and ended up  at the MIT Media Lab.  There I had a front row seat to the development of user centered design, human-computer interaction and UX. My volunteer work at various organizations has confirmed how important our field really is.  It has been an honor and a privilege to be part of this developing field.

 

What design and/or technology trends are currently exciting you?

Intelligent user interfaces (IUI) have been something that has always interested me. In fact I did quite a lot of research on it. Using IUI to help put humans first, through the field of human-centered artificial intelligence(HCAI). HCAI is very exciting to me and has the potential to change the world in a positive way because it includes not only UCD but ethics and goals, 

 

What are your best hopes for the students in your courses?

I hope my students come to know how important our work is to our society.  UCD is our hope for the future, by putting the human at the center of design can ensure we create products and services that help solve our biggest problems.

 

Do you have any advice for Brandeis GPS community members planning a job search in UX?

We can use our UX skills in every aspect of our lives including our job search.  Define your own persona, what are your goals, do you want to do UX design or UX research? In the interviews, what is the persona of the people interviewing you, what are their goals and challenges. Ask thoughtful questions.   Know your strengths and be honest about the areas you need to develop.  Finally, when you’re starting out. It is important to have a portfolio to show people what you’ve done. In the portfolio it’s very important to describe what you did, the use case, and what your role was and how it impacted the project.

 

What is a fun fact about you that Brandeis GPS community members may not already know?

When I was in college I took a job teaching blind people to ski, the training included a full day skiing blindfold. Before that training, I had imagined what it would be like if I were blind, but living a day without seeing made me realize that experience was not one I could even imagine, it was so different then my own experience. That is when I learned the true importance of empathy and how important it is to understand a person’s experience, to put yourself in their shoes so you can develop a product or service that helps them make their lives better.

 

For more information on the User-Centered Design program or any other GPS programs, visit our website.

Faculty Spotlight: Annie Shebanow

What led you to the business and technology fields? Growing up, I loved science technology, and I was fascinated by computers. After finishing high school in Iran, I immigrated to the United States to attend U.C. Berkeley’s Computer Science program. I wanted to be at the forefront of inventing new technologies that could help every person and connect them together like never before. 

After I graduated college, I worked for different Silicon Valley tech companies. As my career progressed, I wanted to do something beyond working for large companies. I wanted to focus on specific areas that I was deeply passionate about, one being agriculture. 

Over time, I started multiple companies, each using some form of computer technology and software to solve problems. Each endeavor was as exciting as the one before it. It wasn’t long before I realized that I loved entrepreneurship. I loved that I could blend my love for business and technology together and see it succeed. 

My hope is others can fall in love with the two like I have. It’s really something else!

What industry trend is currently exciting you? I’m immensely excited by the space industry. We are seeing a space race amongst private companies all the while countries like the United States and China are working to send people back to the moon. NASA’s James Webb Telescope left me in awe by how far it could peer into the cosmos, and I remain on the edge of my seat by what it could potentially discover about life on other planets. I cannot wait for what is to come in space discovery over the next two decades. 

What are your best hopes for Strategic Analytics students who take your courses? My hope is that all my students leave my class wanting to be lifelong learners in this field. Strategic analytics is such an exciting journey. We can sift through enormous amounts of data and information in ways that can solve the world’s biggest problems. This is a lifelong exploration that you can never stop learning from, and my hope is my class helps in this adventure.

What is a fun fact that the Brandeis GPS community may not know about you? Hmm… a couple fun facts: 

  • I love Ted Talk videos! My YouTube suggestions are filled with various talks and I often find myself watching multiple videos a week.
  • My first name is Anna but somewhere somehow in my legal documents it got switched to Annie. Someday it will switch back.
  • I’ve grown deeply passionate about global warming issues and its impact on agriculture. I’m now exploring ways data analytics can help coffee bean research and production!
  • I have a small cat that frequently interrupts my Zoom calls.

For more information on the Strategic Analytics MS or other online master’s degrees available at GPS, please visit brandeis.edu/gps.

Raising the Tide through the NOVA INITIATIVE

We are living in interesting times where it is the individuals like Elon Musk and Jeff Bezos, and not countries, that are reaching for the stars. When new technologies like cell phones are taking a few years to adopt when compared with multiple decades for telephones in prior times. These historically improbable events are happening because of the perfect storm due to our deeper understanding of manipulating life using CRISPR, fashioning of nano machines, exploitation of globally connected data capture, use of cloud based deep learning, to name a few. While all this progress is exciting, it is increasing the disparity between those who have the capabilities and those who don’t. The impact can be seen in the growing economic backwater in middle America when compared with the coasts, where most of the investments and innovation is happening. This is also true of most developing countries that are unable to get on to the technology adoption curve.

At the same time another major shift has occurred that creates room for hope. For the first time in the history of mankind we can now access the raw material, talent and resources needed to create new products. With global supply chains and marketing channels, anyone connected through the internet can develop, market, deliver and support their products and services. The ability to harness the global market brings the economy of scale as well a bigger variation in price point and features.

Navigating through the myriad aspects of a globally competitive new product development is a complex endeavor. Large companies educate their employees through a large number of special courses, internships and external programs. These learning facilities are not available to the vast majority of people not having access to such nurturing eco-systems. Based on first hand experience of leading development across continents for industry, I am convinced that this lack of education in the “Practice of Engineering” is what is holding many of the less developed regions back from being able to participate in the global economy. Some of this practice of engineering is formally being taught in a peripheral sense in an MBA and a myriad of specialized courses in marketing, supply chain, project management etc.

In response, I founded the Nova Initiative which aims to provide structured education focused on teaching how to approach the complex task of developing and executing all the different phases of developing a globally competitive new product. The hope is that this will allow regions, people and companies all across the planet, create value and ensure a lack of extreme disparity.

Written by: Imran Khan, Faculty Robotic Software Engineering

For more information on the Software Engineering program or other online master’s degrees available at GPS, please visit brandeis.edu/gps.

UX is my superpower

Photo of David Lumerman.User experience is all about solving problems, and having a deep understanding of mechanics behind the actions people take gives a UX practitioner more tools to solve these problems.

Like Batman, the world’s greatest detective, you use a combination of the clues found in our surroundings, in user norms like heuristics, and active listening to users, and even the needs and goals of stakeholders to solve the problems, combat evil (or at least bad UX) ands save Gotham City.

This all begins with asking the right question.

As an adjunct professor at Brandeis the “Why” is something I explore with all the students in the program. The “Why” becomes the caped crusader’s utility belt, and all the tools fit into the various compartments. Understanding the “Why” is key to being able to deliver good UX and improvement for the people we are trying to help. Making things better, more efficient and easier to use is the key.

The most successful students in the program can not only relay the information but use this utility belt to extrapolate and apply the lessons to the work they produce.

By building a foundation of heuristics, applying critical thinking and good observation you can successfully tackle any UX task. The tools may evolve, the user’s gulf of understanding may be increased, but the fundamentals of what makes for good UX and good design form the bedrock of the user experience discipline

A good superhero is empathetic.

If you have ever observed participants in a one-on-one usability test you immediately begin to empathize with the people performing the actions. It’s actually one of the hardest things to do when running sessions, to not interject and alleviate the discomfort you are observing. When counseling students it is something I emphasize that you need to be comfortable with their discomfort for the greater good. The greater good of the project, the design and the user experience.

I see this struggle as a good thing. If UX folks are not bothered by the discomfort they are inflicting, maybe they are not empathizing enough.

UX is hard. It’s a relatively new field that fights to gain a seat at the table. I equate it sometimes as running head long into a brick wall, checking the wall for cracks, and shaking it off and doing it again.

The best of us have a passion for running into that wall. If given a choice, be Batman. Always be Batman.

 

Bio

David Lumerman, M.S., has been an Adjunct Professor at Brandeis University since 2017 conducting courses in including User Interface design, User Experience Design, Cognitive and Social Psychology of User-Centered Design, Design Operation and Leadership, and the Capstone in User-Centered Design. During this time he has redeveloped both the User Interface Design and Design Operation and Leadership courses.

Mr. Lumerman is the Corporate Vice President of User Experience at New York Life Insurance, where he develops engaging interaction for New York Life websites, applications and interactive experiences, and has done so for over 20 years. Previously, David developed online games and game shows with Pearson Television and Uproar! Games, most notably the interactive versions of “Family Feud” and “To Tell the Truth.” He earned his Masters degree from Rensselaer Polytechnic Institute and undergraduate degree from the School of Visual Arts in New York City.

An avid outdoorsman, David is proficient in Dutch Oven Cooking and is actively involved in running outdoor programs through the Boy Scouts of America. He has been married for over 30 years to his wife Dvorah, and has two sons, Sam and Henry, who are both Eagle Scouts.

Dave is the recipient of the 2022 “Rabb School Outstanding Teacher Award”.

For more information on the User-Centered Design MS or other online master’s degrees available at GPS, please visit brandeis.edu/gps.

How to Turn Managing Projects into a Career in Project Management

By Leanne Bateman

By the time we reach adulthood, we have already managed many projects in our lives, whether or not we called it project management. We have completed school projects, participated in musical or theatrical productions, played a season or more of a certain sport, and/or completed any number of endeavors that were temporary in nature and resulted in a unique product or service. That’s all a project actually is, though the purpose, complexity and level of effort vary from project to project.

Following this simple theme, we enter the professional working world that will define our effort between (roughly) 9 a.m. to 5 p.m. over several decades until we retire. For many of us, much of our professional work will consist of some level of project management, whether we are directly managing projects or overseeing those who do. The longer we work, the more projects we will encounter since projects are the building blocks of a company’s capability and achievement. For those of us who are naturally inclined toward the organizational aspect of project management, we will enjoy the many benefits of dedicating our time and effort to work on a team focused on delivering a new product or service for the greater good of our company. This is the reward in itself.

Project Management Graphic

Image source: OnlyEngineerJobs.be

For myself, I started my career in information technology. After a few years as an HR Information Systems (HRIS) Manager, I found that the work I most enjoyed was managing HRIS system implementations and other related technology projects, so I decided to focus solely on project management in the next phase of my career. That was several years ago, and I have not looked back.

If you find this is also true for you—that the work you most enjoy is managing or overseeing projects—then there are no rules that say you can’t become a full-time project manager. The best way to do this is to keep managing projects whenever you can, since experience is by far the most important asset in our skill set. You can volunteer for projects at work while approaching your home projects in the same way, since all projects (professional or personal), require a phased approach of initiating, planning, executing, controlling and closing. Both the hard skills and soft skills required in project management get sharper with each project, as long as we continue to focus on continuous improvement of these skills and learn from past lessons. Also, the variety of projects we manage only serves to sharpen our project management skills more while also keeping us interested and learning. At least, this has been true for me.

In addition to gaining experience, I would also recommend the following steps to transition from managing projects to a career (or next phase of your career) in project management:

  1. Read the job postings for a Jr. Project Manager, Project Manager, Sr. Project Manager, PMO Lead, PMO Director and VP of Project Management. These job postings will give you insight into the daily responsibilities and qualifications of project management professionals. This is also a common professional path, though many professionals work as a Project Manager for their entire careers.
  2. Take a class! If you don’t yet have formal training in project management, it is definitely a good idea so you can fully understand and apply project management principles wherever appropriate. Check out Brandeis’s graduate program in Project & Program Management—you don’t need previous project management experience to take a course at Brandeis, just a bachelor’s degree.
  3. If you have a good amount of experience in managing projects, consider professional certification. The Project Management Institute (PMI) is the global governing authority in professional project management. They offer several levels of project management certification, including the industry standard Project Management Professional (PMP).
  4. Continue to hone your soft skills. The skill of communication in particular—verbal and written—is the most important and most commonly used skill in project management. Other soft skills such as leadership, team building, influence, negotiation, and emotional intelligence are critical, and there are endless opportunities to strengthen these skills daily in our personal and professional lives.
  5. Learn, learn, learn! As project managers we never stop learning.

I recommend the steps above because those are exactly what I did. And because my 9-to-5 time is valuable to me, I want to be sure to spend it doing what I most enjoy and what best utilizes and continues to develop my interests, skills and expertise. Transitioning to a career in project management is not for everyone, but it certainly was the best career move I ever made.

Leanne Bateman, MA, PMP, CSM, Six Sigma Green Belt, CIP is the program chair of the Project and Program Management program at Brandeis University Graduate Professional Studies, and the Principal Consultant with Beacon Strategy Group, a Boston-based management firm specializing in project management services. Leanne has 20+ years of project management experience across the areas of health care, biotech/pharmaceuticals, information technology, high-tech manufacturing, human resources, construction, housing/real estate, government, and higher education. 

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Project Management in the Gig Economy

By Leanne Bateman

Leanne Bateman HeadshotIn last month’s blog post, I mentioned that in today’s market, a professional project manager has the option to work as a full-time project manager for a company or work as a project management contractor or consultant. This month, we will focus in on the contract project manager.

Prior to 2008, it was not uncommon to see project manager positions as regular full-time roles (particularly in IT departments) in many U.S. companies. When companies could not find an available full-time project manager to meet their needs, or if they didn’t have the funding for a permanent position, they had the option of hiring a contract project manager for a limited amount of time. This worked out great for the company, who could obtain an on-site PM to either augment their staff to manage several projects or hire the project manager to manage a single project without commitment for future work. It also worked out well for project managers who appreciated the typically higher pay while enjoying the flexibility of working across different departments, companies or industries.

The Rise of the Gig Economy
The rise of contract work in the 2000s came to be known as the “gig economy,” borrowing the term used by musicians to describe their paid show in a club or bar. The gig economy really took off after the significant economic downturn of 2008-2009, as companies went through layoffs and unemployed workers started taking temporary work to sustain their incomes. While the trend formed through dire circumstances and financial instability, growth continued long after the economy stabilized. That rate of growth will continue to increase. Why?

“Gigging”—whether through a set contract or ongoing consulting—tends to offer higher pay per hour to compensate for the lack of benefits. The flexibility is attractive to those who want more control over their work schedules or who seek breaks between contracts. There is also increasing opportunity to work in different companies and different industries, or to start as a contractor and convert to a permanent, full-time position once the compatibility between employee and employer is established.

Today, the gig economy is even stronger than could have been predicted for all levels of employees. The opportunities have stayed on par with the demand, including the rapid expansion of services such as Uber and Lyft as gig jobs offering riders a lower-cost transportation option. In the same way, accommodation services like Airbnb and HomeAway offer alternatives to pricier hotels. For both types of services, individuals are using their personal assets (their cars or homes) to make money through a temporary arrangement.

The Gig Economy and Project Management
So back to project management. The gig economy has been an extremely beneficial environment for both new and experienced project managers. Not only are there numerous opportunities across just about every professional segment and experience level, there is a consistently healthy rate of demand with low to moderate competition. And this demand is expected to increase significantly, eventually overtaking traditional employment by 2027:

The Future of the Gig Economy

Image courtesy of Jessup University

So, if you are one of the traditionally employed project managers interested in taking advantage of the benefits of working as a contract project manager, please be sure to take note of the typical differences before you take the leap.

Benefits Traditional Employment Contract Employment
Paid time off
Healthcare benefits
Employer contribution to Retirement Plan Depends on contract agency
Feeling of inclusion
Higher hourly pay
Flexibility in work schedule
Flexibility to work across different areas
Less involvement in company issues/politics

While contracting as a project manager has great benefits, it isn’t for everyone. But the same could be said for traditional employment arrangements. Whichever you choose, there is a robust demand for project managers, and it’s great to have options!

Leanne Bateman, MA, PMP, CSM, Six Sigma Green Belt, CIP is the program chair of the Project and Program Management program at Brandeis University Graduate Professional Studies, and the Principal Consultant with Beacon Strategy Group, a Boston-based management firm specializing in project management services. Leanne has 20+ years of project management experience across the areas of health care, biotech/pharmaceuticals, information technology, high-tech manufacturing, human resources, construction, housing/real estate, government, and higher education. 

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Meet Liz Pelberg-Schariter – Associate Director of Instructor Recruitment

Have you ever wondered how our Brandeis GPS instructors are recruited and selected? Meet Liz Pelberg-Schariter,  our Associate Director of Instructor Recruitment and Operations!

Liz 1 - Brandeis GPS online education - Faces of Brandeis GPS Blog

Continue reading

© 2022 Brandeis GPS Blog

Theme by Anders NorenUp ↑

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)