Just a Standard Blog
College students: Learn about our Summer Undergraduate Research Fellowship (SURF) and apply to join us.
As more everyday objects, such as cars and even refrigerators, connect to the internet, new opportunities for cyberattacks open up. So, keeping our technology safe and secure is more important than ever.
As a cybersecurity student and summer intern at NIST, I’m learning firsthand about the role people play in cybersecurity.
You may think that most cybersecurity incidents result from technological errors, but this is a common misconception. As I conducted preliminary research for my internship as part of the Summer Undergraduate Research Fellowship (SURF), I was surprised to learn that human error accounts for more than 80% of cyberattacks.
Human error can take various forms. Employees can ignore password requirements or create weak passwords. In other cases, staff members may accidentally put a system at risk, such as by clicking a link in a phishing email.
These examples illustrate the need to consider human factors, specifically how people think and operate, in cybersecurity. Despite the significance of human factors, many organizations fail to address these issues when designing cybersecurity guidelines and procedures. As a result, they may miss opportunities to identify and prevent breaches.
This summer, I am interning at NIST’s NICE Program, which promotes cybersecurity education, training and workforce development. I am conducting a case study on human factors in cybersecurity. This involves reviewing various research publications on these incidents and analyzing the human factors that may have caused them.
To further narrow down my research, I’m emphasizing supervisory errors and their possible role.
For example, I’ve researched the 2011 attack by the hacker group Anonymous on the technology security company HBGary. Top executives’ poor password management was among the issues that contributed to the attack. Soon after, the company’s security firm, HBGary Federal, went out of business.
NIST offers the NICE Workforce Framework for Cybersecurity (NICE Framework), a nationally recognized resource that organizations use to educate and train their employees and to help prevent cyber incidents like the one that happened at HBGary. Within the framework, there’s a defined role for managers, called the Program Management Work Role. This work role and others offer guidance on how managers can strengthen cybersecurity in their organizations.
I hope my research can be incorporated into the guidance for this work role. This would allow organizations to better educate their supervisors on how to reduce avoidable human errors and create a more robust cybersecurity workforce.
As I write this a little over halfway through my internship, I can say it has been immensely enriching.
I’m fortunate to work under a great mentor and a supportive team filled with bright minds. I’ve gained valuable professional experience and research skills that I will be sure to use as I continue my education.
One of the most memorable experiences was attending NICE Director Rodney Petersen’s testimony before the House Homeland Security Committee. It was a very interesting glimpse into the inner workings of our government departments.
Additionally, living on my own has allowed me to further develop important life skills, such as budgeting and time management.
Having grown up in the 2000s and 2010s, I was surrounded by technology from a young age. I believe this was the catalyst for my growing interest in the field.
I knew early on that I wanted to study a technology-related field in college and potentially pursue it as a career. This led me to pursue a computer science degree at Hampton University, a historically Black university in Virginia.
However, after realizing that I didn’t enjoy the math aspect, I switched to cybersecurity. This opened my eyes to a new side of technology that I hadn’t looked at in detail before.
After finishing my undergraduate education, I plan to pursue a master’s or law degree. After that, I’m keeping my career options open, but I know that I want to work in the technology sector.
The SURF program has given me invaluable experience working a federal job. I hope to intern at Google, Microsoft or another tech company in the future to explore work in the private sector. In a perfect world, I’d love to work in the video game industry, whether it be in cybersecurity or a different role.
My best advice for future interns is to keep an open mind. Don’t be afraid to explore a variety of topics and change course if needed. The path of research is never a straight line.
Don’t feel like you need to know a ton about your topic to start either. The point of research is to learn and explore.
You won’t always get the results you expect — or the results you want — but you’ll always come out of it learning something new.
Miles Walker brought up an interesting tropic in light of what has recently happened at social security. Unfortunatly there are no easy fixes with technology you either build it, sell the software and hope that someone contracts you with regards to a possable back door you left unsecured. For the most part I am from the older generation and I am barely past 55....I was
Forced to send the support team for my passwords app an email begging them to reset the app so that I could regain my information because with the 2f authentication threw microsoft or google there was No Way I could do it on my own. So seeing the writting in the wall like former President Bidden has...I have decided to reduce technology in my life and leave vital portal data in the care of my children because
I don't have the time in my retirement for the stress and anxiety which will further rob me of my retirement years. What will happen in the future? I don't know but I suggest to you young man to focus ypur energy on creating a patent for an app that will give the owner a Rublic cube like cypher of a password which is uncrackable by the human mind....That is not to say that A.I. can't figure it out someday but
Someday isn't hear yet and not many
folks earn the income for a super A.I. computer and when your cyber security software company
makes you a millionair someday....You'll remember this conversation and
Do
Something to help the Eldery and most vulnerable in your
Society.
Respectfully,
Thomas
In my opinion, this work is a valuable, readable contribution to the education of the workforce in any private or government organization, at each tier of that organization.
For many in the c-suite tier and the next two tiers, this work should serve as their wake-up call.
Very useful. jes
Good work Miles. You have a bright & wonderful future. Pursue & protect it with all you have.
What are you writing miles we didn't have technology in the 70s. You ever have someone continuously beep your beeper for 30 minutes straight until you found a pay phone that worked to call them. Lol
Great post Miles,
It's awesome to hear about your journey as a cybersecurity student and your experience at NIST! Your focus on human factors in cybersecurity is incredibly important, especially considering how often they contribute to breaches. It's surprising how many organizations overlook this aspect when designing their cybersecurity protocols. Your case study on supervisory errors, like the one involving HBGary, highlights just how crucial management practices are in preventing cyberattacks.
It sounds like your internship has been both enriching and eye-opening, giving you valuable insights into the intersection of technology, human behavior, and cybersecurity. Your advice for future SURF students is spot on—research is all about exploration and learning, even when things don’t go as expected.
Best of luck with the rest of your internship and your future endeavors in cybersecurity! It’s clear that your passion and dedication will take you far in this field, whether you end up in tech, law, or even the video game industry. Keep pushing boundaries and exploring new avenues!
Cheers,