The Next Cyber Whiz Might Be an English Major
By Dr. Lynn M. Houston
September 20, 2020
Given the frequency of phishing emails, the devastating consequences of identity theft, and the large sums paid after ransomware attacks, cyber professionals rarely have to answer questions from friends and family about how their degrees or training apply to the “real world.” Not so for English majors! Yet, the skills that students acquire in liberal arts programs may be exactly what cyber security teams need.
A STEM education alone may not train students in the communications skills necessary to solve the information security problems of the current and future eras. The field of engineering had to confront this truth after the 1986 Space Shuttle Challenger explosion, when the NASA spacecraft broke apart shortly after takeoff and killed all seven crew members aboard. The scientific explanation for the disaster is the failure of the O-rings, or rubber gaskets, on a booster engine. This is only partially correct. As documented in several sources, including Allen McDonald’s book Truth, Lies, and O-Rings, some of the engineers working on the shuttle knew that the O-rings would not function properly below a certain temperature. However, they struggled to communicate this fact and its consequences in a way that their supervisors could understand. The Space Shuttle Challenger disaster was not caused by faulty science, but by a failure to communicate.
The field of cyber security contains its own examples of disasters that might have been avoided had an English major been consulted. Consider the 2016 hack of the Central Intelligence Agency’s Center for Cyber Intelligence, where an employee stole classified information about the CIA’s cyber tactics, which was then published on the Internet by WikiLeaks. The official report on the incident describes “an agency more concerned with bulking up its cyber arsenal than keeping those tools secure” whose internal “security protocols were ‘woefully lax’.” What would it have taken for someone working in that office, where they were developing cutting-edge cyber weapons, to stop and double-check the security of their own information systems? It would have taken an extreme capacity for self-reflection, which is rarely cultivated in STEM fields but is the daily focus in humanities disciplines. The study of other cultures—their art, literature, religion, and history—provides students with practice in the constant back and forth between other world views and their own. The result is deeply critical thinkers who know how to ask tough and compelling questions about the world around them.
Cyber team successes also speak to the increasing need for the kinds of skills cultivated in humanities disciplines. In late 2016, Operation Glowing Symphony provided a new model for cyber offense by targeting ISIS social media accounts to prevent them from communicating propaganda. This joint endeavor represented a complex attack on ISIS designed to “deny, degrade, and disrupt [their] media” by corrupting their website content, deleting their cloud-stored files, locking them out of their accounts, purchasing relevant domain names before they could, and otherwise making it difficult for them to proselytize in any online venue. The kind of research necessary to plan this operation—the study of communication patterns, human behavior, user psychology, the interpretation of large amounts of textual data, and the way stories can influence someone’s sense of identity—overlaps with the content of a typical liberal arts program with coursework in communications, rhetoric, linguistics, cultural studies, sociology, psychology, philosophy, and literature. A group at the National Security Agency known as the Russia Small Group task force is now using Operation Glowing Symphony’s model to fight against election interference. This team is concerned, in part, with ferreting out fictitious identities created on social media for the purposes of spreading disinformation and influencing votes to benefit America’s adversaries. Such tasks are squarely in the wheelhouse of a typical humanities graduate, who has read a lot of literature and studied patterns related to how people communicate and connect with each other. Once threat actors started harnessing social media as a weapon against democracy, the problem of cyber security began to look a lot more like a field called the digital humanities, which studies the cultural elements related to how people use internet technology. In 2019, the Alliance of Digital Humanities Organizations put together an annual conference that included papers on such compelling topics as “Digital and computational approaches and applications in literary and linguistic fields, including computational text analysis, stylometry, authorship attribution, natural language processing and computational linguistics . . . games studies, hacker culture, networked communities, digital divides, digital activism . . . Emerging technologies such as physical computing, single-board computers, minimal computing, wearable devices, and haptic technologies.”
Yet, discussions surrounding hiring liberal arts graduates in technology jobs tend to limit the contributions of such employees to putting restraints on unbridled technology creation, as if they can only provide an ethical conscience to the organization as a kind of cultural check. Liberal arts majors can do much more than police the engineers of emerging technology: they can help create it and ensure its security. For a little over $100, students can purchase a few months’ subscription to one of several online educational programs that provide hands-on, virtual labs where students can conduct threat hunting and malware analysis in simulated environments with easy instructions for beginners. According to the assistant editor of the Harvard Business Review, “Many tasks that once required specialized training can now be done with simple tools and the internet. For example, a novice programmer can get a project off the ground with chunks of code from GitHub and help from Stack Overflow.” Many easily-accessible resources exist to teach the basic technical skills needed for entry-level work in cyber security, but teaching good communication skills takes longer and is more involved.
(U.S. Marine Corps photo by Lance Cpl. Haley McMenamin)
Artificial Intelligence is certainly a growing area that makes the case for a new set of skills. Two leaders in the industry, Brad Smith and Harry Shum, believe that graduates from liberal arts programs are uniquely positioned to contribute to the future of the human-machine interface:
[…] skilling-up for an AI-powered world involves more than science, technology, engineering, and math. As computers behave more like humans, the social sciences and humanities will become even more important. Languages, art, history, economics, ethics, philosophy, psychology and human development courses can teach critical, philosophical and ethics-based skills that will be instrumental in the development and management of AI solutions.
One way to reverse engineer the professionals we need for the influx of AI in cyber operations might be to hire an employee who has stellar communication, critical thinking, cultural studies, and research skills, then train them in the required technical skills on the job. To start, companies should reimagine office culture, so STEM professionals developing technical products can work directly alongside the humanities specialists managing any related branding and social media content. Look to company technical writers for people who might be eager to make the leap from writing about technology to creating it. Cyber security employers should also consider changing the way they write job announcements and diversifying the venues where they recruit or host career fairs so that they can elicit interest from humanities students. A search of the Proquest academic database shows that 412 doctoral dissertations and masters theses were completed at U.S. universities in 2019 in the field of the digital humanities, an area of study that would produce a graduate who has mastery of both the social and technical domains.
In a recent cyber security dissertation, a Capitol Technology University student surveyed 11 managers of cyber threat hunting teams to discover what skills are most needed for success in the field. The study identified a list of seven traits, but the majority of them were not necessarily technical capabilities: along with knowledge of IT, incident response, and automation were the abilities to analyze, make decisions, think like an attacker, and communicate. Four out of these seven could be learned through humanities curricula that foster critical thinking, problem-solving, psychology, creativity, use of the imagination, as well as written and oral briefing skills.
As cyber security becomes increasingly tied to problems of social unrest and discord, the field is going to need the kinds of skills taught to English majors and other humanities graduates. A liberal arts program provides a solid foundation in critical and creative thinking, listening and communications skills, research, self-reflection, and the capacity for lifelong learning, all of which are necessary in the quickly evolving domain of cyberspace. In the era of social media, “smart home” devices, and now pandemic telework, security has become extremely personal, linked to personal lifestyles and values and what people do in their homes. Their individual decisions are rooted in cultural values and how they conceive of the balance between their working and non-working lives. Cultural study, empathy, and storytelling—the subjects English majors learn—are among the skills that can help solve the problems facing the next generation of cyber warriors.
About the Author
Lynn M. Houston holds a Ph.D. in English from Arizona State University, an MFA in creative writing from Southern Connecticut State University, and a B.A. in English, Spanish, and Art History from Hartwick College. She taught college-level English for well over a decade. After changing careers to technical writing and completing a certificate program in cyber security at Harford County Community College, she was selected for a special assignment with the Environmental Protection Agency’s Office of Information Security and Privacy as part of the Federal Cyber Reskilling Program.