People of ACM - Elizabeth Hawthorne

August 22, 2024

How did you initially become interested in cybersecurity? How is the field doing in terms of encouraging more participation from women?

I became interested in cybersecurity in an unanticipated way. I had taught a variety of computer science courses at the lower division collegiate level for several years. At a SIGCSE conference, I attended a presentation on secure coding and incorporated that material into my introductory programming courses. The students loved it! Their excitement made me more and more curious, and I started studying and getting involved with colleagues in the information assurance field, which was the term used prior to cybersecurity. This newfound passion led me to earning a post doctorate in digital forensics and cyber investigations from the University of Maryland and two cybersecurity industry certifications: Certified Information Systems Security Professional (CISSP) and Certified Computer Forensics Examiner (CCFE). In addition, I was one of 10 faculty nationwide selected to participate in the 2013 summer cybersecurity training and research experience for college faculty that was sponsored by the National Science Foundation and located at the New York University - Polytechnic School of Engineering in Brooklyn, NY.

I've been a member of WiCyS since its inception in 2014. At that time, only about 11% of the cybersecurity workforce were female and the supply of qualified cybersecurity technicians and professionals was not meeting the gro wing need. At the annual conference this April, we celebrated the 10th anniversary of WiCyS, and the number of women in cybersecurity had increased to nearly 25% over the past decade. WiCyS along with its industry and academic partners are committed to gender parity and will continue its efforts toward reaching that goal as soon as possible. Some of the initiatives include the Google cybersecurity certification program, (ISC) ² certified in cybersecurity program, the SANS executive cybersecurity exercise program, the Target cyber defense program, and the WiCyS mentorship program.

What role do community colleges play in undergraduate computing education? What is an example of a longstanding challenge computer science educators and administrators are facing at the community college level?

I was a community college educator for 30 years and served as Chair of the ACM Committee for Computing Education in Community Colleges (CCECC) for a number of years. Community colleges in the United States play an extremely important role in undergraduate education in general and computing education in particular. According to the American Association for Community Colleges (AACC), there are over 1,000 public community colleges throughout the United States serving over 6 million credit students, which represents about one third of all undergraduate students. In 2021-2022, community colleges awarded over 849,000 associate degrees and nearly 22,800 baccalaureate degrees. Public community colleges provide an essential and inclusive entry point into higher education with 58% being female, 32% being first generation, 27% being Hispanic, 12% being Black, and 9% holding a prior bachelor's degree. According to the Community College Research Center at Columbia University, nearly half of all baccalaureate degree holders in the United States began their undergraduate education at a community college.

Most community colleges offer associate degree programs in computer science, information technology, and cybersecurity. Generally, Associate Science degrees are intended for transfer to four-year colleges and universities, while Associate in Applied Science degrees are designed for immediate employment into the workforce upon graduation. Typically, but not always, computer science associate-level programs are transfer degrees and information technology and cybersecurity programs are workforce degrees. You can read more about the community college environment and degree offerings from the ACM CCECC computing curriculum guidelines . Computing education at community colleges is more in line with the general higher education population. For community college enrollments in all computing disciplines during 2021-2022, 23.3% were female, 15.8% were Black, 24.4% were Hispanic, 40.4% were White, and 11.6% were Asian. More information about enrollment and retention at the associate-degree level is available from the ACM NDC-Study 2021-2022: Tenth Annual Study of Non-Doctoral-Granting Departments in Computing and the Computing Enrollment and Retention: Results from the 2021-22 Undergraduate Enrollment Cohort. Also, ABET currently offers accreditation for associate degree programs in cybersecurity and will soon be accrediting associate degree programs under their general computing criteria, both within its Computing Accreditation Commission.

There are two interrelated examples of longstanding challenges facing community colleges when it comes to computing education. First, nontraditional students at community colleges need more support services, such as additional hours of access to faculty, tutoring, and computing and cybersecurity facilities. Faculty at community colleges commonly teach five or more courses every term. Online support services and distance education are helping community colleges meet this challenge. The second has to do with some state funding models that are based upon completion rates of credentials. Many computing students at community colleges transfer to four-year colleges before completing either an associate degree or a certificate. To address this challenge, more and more community colleges are either entering into or strengthening transfer partnerships with four-year colleges and universities.

What is one example of how CS2023 differs from CS2013?

I had the privilege of serving for three years on the Steering Committee for CS2013 and serving for four years as Co-Chair of the ACM Education Board, jointly overseeing the CS2023 initiative to fruition. The core foundational computer science knowledge from CS2013 to CS2023—such as software development fundamentals, foundations of programming languages, operating systems, and system fundamentals—stayed consistent over the decade with appropriate modernizations.

However, one of the major differences that I'd like to highlight between the two computer science curriculum recommendations is the significant prominence Artificial Intelligence (AI) has in CS2023. Only a decade prior, there was a knowledge area in CS2013 called Intelligent Systems that contained optional tier-2 core and elective AI content that a computer science program could include or exclude depending on its focus. In contrast, CS2023 recommends 12 required core hours, 18 specific knowledge area hours, and optional elective hours for AI. The changes in the AI curriculum are quoted from the final CS2023 report (p. 65) as follows:

• The name was changed from “Intelligent Systems” to “Artificial Intelligence” to reflect the most common terminology used for these topics within the field and its more widespread use outside the field.
• An increased emphasis on neural networks and representation learning reflects the recent advances in the field. Given its key role throughout AI, search is still emphasized but there is a slight reduction on symbolic methods in favor of understanding sub-symbolic methods and learned representations. It is important, however, to retain knowledge-based and symbolic approaches within the AI curriculum because these methods offer unique capabilities, are used in practice, ensure a broad education, and because more recent neuro-symbolic approaches integrate both learned and symbolic representations.
• There is an increased emphasis on practical applications of AI, including a variety of areas (e.g., medicine, sustainability, social media). This includes explicit discussion of tools that employ deep generative models, such as ChatGPT, DALL-E, Midjourney, and Perplexity that are now in widespread use.
• The curriculum reflects the importance of understanding and assessing the broader societal impacts and implications of AI methods and applications, including issues in AI ethics, fairness, trust, and explainability.
• The AI knowledge area includes connections to data science through (1) cross-connections with the Data Management and other knowledge areas, and (2) a sample Data Science model course.
• There are explicit goals to develop basic AI literacy and critical thinking in every computer science student, given the breadth of interconnections between AI and other knowledge areas in practice.

Because of the explosive growth and importance that AI now plays in computer science education and society at large, subject matter experts from the Association for the Advancement of Artificial Intelligence ( AAAI) served for the first time on a steering committee for computer science curriculum since the seminal 1968 CS guidelines. ACM is grateful for their willingness to share their AI expertise to the ultimate benefit of the broader computer science education community. You can read more about CS2023 in the June 12, 2024 CACM Blog by the Education Board co-chairs.

How is cybersecurity education, in particular, being reshaped due to changes in the field?

Cybersecurity education continuously needs to undergo changes to keep pace with the increasing industry demand for skilled technicians and professionals. The field is constantly evolving, with adversaries frequently changing their tactics, so cybersecurity defenders must also adapt at an even faster pace. The rise of technologies—including the Internet of Things (IoT), artificial intelligence, blockchain, quantum cryptography, and cloud computing—is rapidly expanding the potential attack surface of the cyber threat landscape.

Cybersecurity is a relatively new discipline as a separate degree program, with the oldest programs (called information assurance) being no more than 25 years old. Recent research published in the ACM Technical Symposium on Computer Science Education spotlights the fact that cybersecurity degrees vary dramatically across colleges and universities, with wide differences in the types of programs (e.g., policy vs technical) along with the number of cybersecurity-specific courses. Many educational institutions are still focused on training students for traditional IT roles rather than specialized cybersecurity positions, creating a gap between the skills taught in academic programs and the competencies required by employers.

Professional societies are playing a key role in shaping the quality and direction of cybersecurity education programs. Professional associations like ACM advocate for the interests of the cybersecurity profession, including the needs of academic programs. They also facilitate collaboration between academia, industry, and government to advance cybersecurity education and research. They provide forums for sharing knowledge, best practices, and resources across stakeholder groups. Professional societies develop standards, guidelines, and frameworks that define the core knowledge areas and competencies for cybersecurity technicians and professionals. They provide input on the knowledge and skills students need to be successful in cybersecurity careers. Curriculum guidelines serve as benchmarks for academic programs to align their curricula and ensure consistency across the field. To that avail in 2017, ACM, IEEE-CS, the Association for Information Systems Special Interest Group on Information Security and Privacy, and the International Federation for Information Processing Technical Committee on Information Security Education came together to jointly published Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity (CSEC 2017).

Additionally, CSEC 2017 was used by ABET's Computing Accreditation Commission to inform the development of their initial cybersecurity program criteria. To date, 36 degreed programs in cybersecurity—including both associates and bachelors—are accredited by ABET around the globe. CSEC 2017 is the seminal curricular guidelines by professional computing societies and is due for updating, particularly given the recent technological advances, especially in artificial intelligence (AI), that compel changes to cybersecurity education. The ACM Education Board is planning a revision of CSEC 2017 in the near future.

Why was Rendering History: The Women of ACM-W, a rewarding effort? How can people access this book?

I have always enjoyed working with Gloria Childress Townsend, who is the editor of Rendering History: The Women of ACM-W. I was fortunate to have served on the ACM-W Council with Gloria. This compilation of personal journeys by the women of ACM-W was her brilliant idea, and when she invited me to share my story, I was honored and immediately agreed.

Writing my story for inclusion in a book published by ACM was rewarding for many reasons. First, it was mind-blowing that I would be considered in the group of pioneering ACM women. I have always admired Grace Murray Hopper and her good friend Joyce Currie Little, who was responsible for getting me started as an ACM volunteer when I started my career in academia as an assistant professor of computer science. Second, it made me stop and reflect upon my early days—both personally and professionally—that led me to the dynamic computing field. I had never really thought about my journey before. Third, during the writing process I discovered how much I had learned from all the incredible computing professionals who I met along the way. Collectively, they have made me the computing professional that I am today.

I share the opening paragraph of my journey as a teaser:

"My story begins in Philadelphia, PA where I was born not too far from the University of Pennsylvania, the famed birthplace of the first general-purpose electronic computer called the Electronic Numerical Integrator and Computer (ENIAC). Although I came along 16 years after the birth of the ENIAC, my story is similar to the Women of the ENIAC. When ENIAC was finally unveiled at the University of Pennsylvania in February 1946, two women had created the test run that wowed the media. But their work and that of four other women who helped get ENIAC off the ground, was literally erased. These women were Kathleen McNulty Mauchly Antonelli, Jean Jennings Bartik, Frances (Betty) Snyder Holberton, Marlyn Wescoff Meltzer, Frances Bilas Spence, and Ruth Lichterman Teitelbaum. Archival photos now show both women and men working on the massive machine, but the articles and pictures published at the time featured only men."

You can read the rest of my story and the fascinating stories of many other successful ACM women in Rendering History: The Women of ACM-W, available for purchase from the ACM Digital Library if you are not a subscriber, or as a free download if you are a subscriber. The book is also available for purchase from Amazon.com in various formats. The book was published in celebration of ACM-W's 30th birthday. I highly recommend it—it's an enjoyable read.