Inaugural Cohort of MICS — Commencement Address
On January 13, 2020, I delivered the following address as the student speaker for the Masters of Information and Cybersecurity class of 2019 at the UC Berkeley School of Information Winter Commencement Ceremony.
In truth, preparing to give this speech meant thinking back over all the moments that led us here. The moments we shared in the program, yes, but also the moments that led us to pursue becoming Master’s of Information and Cybersecurity. In doing so, I actually watched our first class again and listened to our initial self-introductions — our histories and the reasons we came — strangely, statements I’ll likely hear again in some form from the newest cohort during tomorrow’s Meet and Greet.
During the program, we’ve spent countless virtual and physical hours together working on projects, lifting each other up, teaching what we know and learning from each other. Looking back through the lens of our shared experience, a theme comes sharply into focus. It’s not a theme I would have chosen, but when we look at the field of cybersecurity, when we look at the people we’ve shared this experience with as classmates, the faculty and staff, the families who’ve struggled behind us, we see persistent, meaningful, sacrificial acts of service.
Since the very first lecture, the now chief architect for the city of Los Angeles has beat the drum with one truth, and Terry you’re right! “It’s just too hard!”
Not completing the program, though it was certainly challenging enough to make each of us question our abilities to do it at some point. Not developing a curriculum and defining a Master’s in Cybersecurity — though I’m sure they had similar moments of doubt and frustration through this. Not securing a system against most knowns, known unknown and unknown, unknown threats — phrases that just kept on coming as we went through the program. Not securing a system in design, or teaching small medical offices how to protect their data and achieve some level of HIPAA compliance. Not helping a small NGO here and around the world learn how to protect themselves, not protect an intentionally poisoned DOE system against themselves.
Those things are hard, but they’re not too hard.
The only thing that’s too hard is doing any of those alone.
By choosing this path and pursuing cybersecurity we chose a hard problem, but we’ve shown we know the solution over and over again in many different ways — serving each other.
Like you, I started this program because I wanted to increase my personal value in the field. I wanted to expand myself by learning more about the things I’ve done for the last 20+ years. I don’t know if I achieved that yet, but all of you have made a difference in me.
From that very first lecture when Heather, Karel, Terry, and Josh put the rest of us on notice by meeting twice BEFORE the first live session, I knew I needed to engage with all of you. I knew that the things I’d learn through the courses would challenge me, but the real growth would come from you.
In that first lecture, I learned that there’s a notional distrust of government and power, and then there’s JM. What I thought was just a task-based focus on governmental control because we were asked to address Russia’s use of cyber, actually had nothing to do with the assignment whatsoever, and that I would continue to learn and sharpen my perceptions about government control, privacy and true cybersecurity at the nation-state and corporate feudal state through JM in every lecture — on every topic.
In truth, we face threats from other individuals, corporations and governments alike, and we bear the responsibility of fighting for freedom in new ways, in the vast frontier of technology. We face the need to fix policies that change far slower than technology. We must overcome this by engaging in the policy space and working to inform laws and policymakers that their devices and the devices of their children provide utility and pose a threat. We face critical infrastructure weaknesses within systems built before the interconnected world, now connected and lying vulnerable to attack. We face big medical’s burden of big budgets spent on new technology while even the IT staff makes consistently bad cybersecurity decisions. (I left your name out, Heather, to protect the “innocent”)
And that was just the first class!
In the very next course, we were challenged with math that made no sense, using material that meant I had to disclose my attendance to my security officer, and finding out that Alice and Bob have a friend who is PERPETUALLY up to no good. But seriously, as much as we learned about the breadth of the cyber problem in Beyond the Code, we learned about the depth of the problem in doing cryptography well. Well that, and don’t use NSA primes.
As we advanced through the program, we did so many things together, but just a couple of examples:
In the Cyberforce competition right up the hill at LBNL where we faced, head-on, the challenges of securing a bad Industrial Control System implementation. In Citizen Clinic, helping an NGO learn some of the very basics of privacy and security when they intersect against hostile nation-state actors. We met at DEFCON twice to inspire each other to hone our technical skills.
With every course we faced and every shared experience, I saw over and over, not the need for more people like me, or for me to become better by myself, but for us to continue to grow together to accomplish great things. While I can fight my way through the math,
I want Aaron and Matt there to make me feel stupid about it.
I want Terry behind me waving his arms and forcing me to meetings.
I want more time getting inspired by Karel and his unceasing passion
We probably need Ken’s quad charts
We need Heather in the boardroom making our case for better cyber investment.
We need Josh who will just keep pushing to get it done, no matter what or who stands in the way.
We need Cameron working to break stuff while Zach works to fix it.
We need Serena’s drive to keep it simple for the little guy.
We need Steve working right here on campus.
We need Eric to eventually quit going to school and join us on the battlefield
We need to continue to grow and learn from JM’s unwavering commitment to freedom and the effects of technology on those freedoms.
We need so much more of each of us.
At some point, during one of the hundreds of times I worked with Lisa through issues or concerns brought by the cohort, or an idea of how to make it better, I couldn’t tell you what we were talking about, she said that some people need the title to do the work while others will just do it. I guess I must have been one of the people that needs the title to do the work because I will cherish the opportunity you all gave me to serve you throughout the program, even as you all helped me and each other every day.
In 20 months, we haven’t solved the technical problems facing cybersecurity, but we have learned or at least been further convinced that in a field so broad and in the face of a chasm so deep, we need each other, across all disciplines, to influence the behavior of one programmer, to secure the data of one patient, to influence the policy of one government, to hide the identity of one user or to overcome the next threat, the one after that and the one after that. We learned that we serve each other in a fight that never ends and that it is too hard to do alone.
