Aviva Zacks of Safety Detectives had the opportunity to sit with Dr. Gregory Hall, Research Scientist at the Center for Cybersecurity at the University of West Florida. She asked him about his department’s focus on helping retired veterans get trained for cybersecurity jobs.
Safety Detectives: Can you tell me about your background including how you got into cybersecurity?
Dr. Gregory Hall: I’m a graduate of the University of West Florida, where I got a bachelor’s degree in 1993 and a master’s in 1994. I got my Ph.D. in computer science from the University of Idaho, and my first job was at Texas State University. At the time it was called Southwest Texas State, and I taught there from 1997 until 2006. My predominant area of research was in software engineering and quality assurance, and security was considered a part of the quality assurance field from the software engineering perspective.
I started developing an interest in a field that had yet to be named digital forensics, and as that interest grew and I began to research in that area, a government contractor company called ManTech came to town. They were brought in to talk about the potential collaborations with the university. I told them about my interest in digital forensics and they had jobs in that area. One thing led to another, and I got hired away from the university into a federal contractor for digital forensics. And I did that for a while in San Antonio Texas until they closed the forensics group down and moved me into the cyber defense group which was penetration testing, vulnerability analysis, etc. And eventually, that group shut down and I got moved into what was then the intrusion operations divisions, which was essentially offensive cyber operations, which is the more common term for it now.
I’ve been on both the defensive and offensive sides of cyber in my career. I worked for Endeavor Systems, the Harris Corporation, Endgame, the Air Force malware analysis lab in San Antonio, and finally, the University of West Florida, my alma mater in cybersecurity at their newly formed center for cybersecurity. Now I’m a research scientist in a joint appointment between UWF Center for Cybersecurity and the Institute for Human and Machine Cognition, IHMC, in Pensacola. I do most of my work in threat intelligence, malware analysis, and adversary behavioral understanding and prediction.
SD: What do you love about cybersecurity?
GH: The part that I love about it is being able to do things outside of a more rigid software engineering type of approach. It’s a more free-flowing, “what happens if I do this” type of tech job. If you’re a software dev, you’re trying to build a product that does a thing and you’re focused on building and doing and making that specific thing. Here, on the outside, you get to be the devil’s advocate and you get to poke things and do things that the developer didn’t intend to see, like what types of strange behavior you can cause a device to perform.
It’s constantly changing, constantly evolving. The attack surfaces are changing. The strategies to defend, the strategies to attack—it’s always that cat and mouse game. And so, somebody puts up a defense and so some other wise guy comes up with a way around the defense, and then that changes.
SD: What are some of the services that the Center for Cybersecurity at UWF offers?
GH: One of our main focuses is on workforce development. The Center for Cybersecurity is a part of the University of West Florida. At the Center for Cybersecurity, we focus primarily on workforce development for people who are transitioning careers. Therefore, our career pathways and our training pathways target the NIST, NICE framework work roles and align our training offerings in sequences.
Right now, we’re transitioning military and first-responders through a grant from the NSA—National Security Agency—in their Centers for Academic Excellence Program. We’re trying to help people who are leaving the military, going into their next careers, and helping to bridge what’s predicted to be a 500,000-job gap in the United States for cyber professionals. Trying to get those people transitioning careers and give them a mechanism into entry-level cyber jobs that don’t require a full four-year degree is what the center is all about.
SD: What are the current cyberthreats?
GH: Naturally, everybody hears about the ransomware threats and the US has been hit by a few big ones, but I think for me the biggest concern is the shift in the targeting that the ransomware threats are starting to hit critical infrastructure. They’re starting to go after things like manufacturing such as the meat processing plants.
As other targets get better protected, the adversaries are starting to move to the things that are a little bit easier, and I don’t think the adversaries used to be particularly interested in critical infrastructure and manufacturing. But as the target surfaces get harder and harder to breach with things other than social engineering attacks, a lot of these plants and factories have been running old software and old hardware for a long, long time and not practicing good cyber discipline and they’ve gotten away with it because nobody has come after them. I think adversaries are now looking at them a lot harder.
As we’ve seen with the gas pipeline interruption, these attacks have the chance to have a societal impact as opposed to a financial impact on a small segment. The big threats I see right now are as the adversaries are starting to target our infrastructures. And COVID-19 is a perfect example. The rise in ransomware attacks against hospitals is quite high, and I’m sure a lot of that didn’t get reported and was settled behind the scenes but it shows how the bad guys would be willing to shut down hospital operations during the pandemic in order to make a profit.