UCD’s Prof. Liliana Pasquale on Filling the Cybersecurity Talent Gap

Christa Miller: As the cybersecurity talent gap continues to widen, a number of universities are developing programs to fill it. Among them is University College Dublin, which has just launched its brand new Master of Science in Cybersecurity program. Joining the Forensic Focus Podcast to talk about it today is Dr. Liliana Pasquale, UCD program director. Welcome, Liliana.

Liliana: Hi. Thank you, Christa, for the introduction.

Christa: Absolutely, and thank you for joining us again today. So I’m going to start off, I know UCD and I think you’re probably best known among our audience as having the Master’s of Science program in Forensic Computer and Cyber Crime Investigation that has been there for a number of years. Were you finding that there was high demand for adjacent, but separate knowledge for cybersecurity?

Liliana: Oh yes, definitely. Like, we have always had a lot of inquiries for the Master’s Forensic Computer and Cyber Crime Investigation, especially from people who are not qualified to apply because they don’t work in law enforcement, because this program is particularly targeting people working in law enforcement.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


A few years ago, we did have an alternative. We had a Master’s in Digital Investigation & Forensic Computing, but that stopped running. So we didn’t have anything to offer to, you know, those who didn’t work in law enforcement. And also, actually what we noticed is that people who graduated from the Master’s in Forensic Computer and Cyber Crime Investigation actually ended up working in cybersecurity and in the consulting sector for security.

So, one of the reasons why they changed their career path was that they could bring investigative skills, people skills, and some authority that could outweigh their lack of experience in cybersecurity. So that’s why we thought that this Master’s could actually cope with the lack of cybersecurity expertise in this field, especially for people who are currently having a full-time job.

Christa: And that actually leads to my next question, because this is a part-time program for full-time employees. Were there any particular lessons learned from the forensic computer program that you were able to port over to this new one?

Liliana: Yes, definitely. So the Master’s in Forensic Computing was developed over a number of years and every year it kept changing and there were a lot of lessons learned, but one of the most important things was that the majority of people wanted to be able to study while they were working, especially if they already had an established career.

So we wanted to offer the opportunity to students to have skill and to be able to do a Master’s while they were working. So this was one of the main lessons learned.

But at the same time, what we found very useful was to allow students to attend occasional workshops in UCD, because that’s very important because they will allow them to do networking and get a set of contacts after they graduate. So that’s something that we found very beneficial from the Master’s in Forensic Computing.

Christa: Oh, okay, yeah. And I was wondering about that too, the in-person workshops, ’cause that was another question, is the impact of the Zoom era, right, of the pandemic on learning and networking.

Liliana: Yes. So of course, you know, considering the current situation, we can’t ignore the fact that certain students may not be able to attend this workshop in person, but at the same time, it’s important to the student, the possibility to attend and have face-to-face interaction with the lecturers and with other students.

Especially because some of the assessment will request students to work in groups as well and it’s important that students form a set of contacts and do networking. So that’s the main reason, but what we will also allow is that remote attendance will be allowed in exceptional situations, for example, if there is another COVID pandemic, it’ll be necessary to also take that into account.

Christa: I know you recently recorded a webinar with UCD where you mentioned having recruited adjunct professors who are practitioners. And I think that that factors into what we’re talking about in terms of networking. What is the mix of professional and academic expertise in this program?

Liliana: Yes. So, first of all, I believe it’s important to have models that are taught or are informed by practitioners due to the fact that these skills will be used in a career that is constantly evolving. So having someone from outside to inform some of the models, it’s extremely important. These modules are at the moment Leadership in Security and Incident Investigations, sorry, Incident Response. Sorry about that.

Christa: No, I know what you meant.

Liliana: So why is that that’s the case? Because Leadership in Security really is focusing on some skills, for example, communicating with security to executives, gaining increasing security investments, tracking strategic threats, recruitment, and also managing and retaining security talent.

And these skills are really acquired in the field, so if you’re working in the field. And regarding also incident response, this module is informed by practitioners who have many years of experience in the field, because, you know, one of the main objectives of the module  is to understand and learn from major incidents that happened in the past and how the incident response process was conducted.

So it’s extremely important to have someone in the field that informs or teaches these types of modules. However, some of the modules are more research-orientated and will be run by academics.

Christa: So what is the balance between the academic research that advances the field in one regard and the practical outcomes and professional projects that you talked about in that webinar with regard to the leadership and communication skills you’re talking about? How do you anticipate that they will inform each other?

Liliana: Yes. So, first of all, UCD has substantial security expertise. So we have several academics with an active role in security research in different domains. And so, these academics were best suited to teach some of the modules of the Master’s.

But it’s very important to ensure the interaction between practitioners and researchers, and this will be enabled in different ways. So one thing we are working on is to build an advisory board of practitioners, which will inform the practical projects the students can choose at the end of their career path.

However, we also envision that some of these projects may require investigating innovative research solutions. And so that’s one of the ways in which we will enable collaboration between practitioners and researchers.

But we also have one module in particular that will be offered at the end of the Master’s, which is Trends in Cybersecurity. And this module will also be informed by practitioners because we’ll cover the recent technical cybersecurity trends. So this module really will address novel cybersecurity trends in practice, but also in research.

So these are some of the ways in which we are planning to trigger this collaboration, this synergy between practitioners and researchers.

Christa: Okay. One thing that stuck out to me as I was going through the different modules was how the year one module starts with a foundation in leadership, like, legal and regulatory and risk assessment aspects of cybersecurity.

So, even before it gets to the technical aspects, and I think kind of building on your last answer about the intersection between professional and academic, how does this foundation of these sort of almost soft skills support the more technical courses later on?

Liliana: Yes. So that’s a very good question. The rationale behind this decision is based on the fact that we want to support two types of students, in a sense: students who aim to pursue a managerial career in cybersecurity, but also students who want to go more in-depth into the technical cybersecurity skills.

So in order to do that, our idea was to offer the modules that will support the managerial skills first, which are also the less techy and the more foundational.

For example, information security covers the main cybersecurity concerns such as asset vulnerability, threats, we cover threat modeling. So we cover basic cybersecurity knowledge, and also we will offer modules that will be helpful to managers or people who want to communicate with executives in cybersecurity, such as leadership in security, or cybersecurity laws and regulation.

For example, we envision someone who is for ensuring that the company complies with cybersecurity laws such as the GDPR. And then, you know, if someone decides to get the certificate and leave, he or she can do that. I see. And then, you know, we will allow those more interested in the technical skills to continue to pursue or diploma or a Master’s.

Christa: I see, I see.

Liliana: So that’s the main rationale behind that.

Christa: Yeah, no, that makes sense. What do you feel will set the program apart from other cybersecurity programs?

Liliana: Yes. So before proposing this Master’s, of course, we looked at the competition and what was available around, and there are a few things that make this Master’s unique.

One is the offering of a blended learning approach where we will combine online lectures with online live sessions and occasional workshops, which is something other programs don’t provide.

We will also offer the possibility to take a research or a professional project, which is something quite unique.

And also, one characteristic aspect of our Master’s is really the fact that we support students who want to pursue a managerial career in cybersecurity, as well as those who want to pursue a more technical career in cybersecurity. And this is ensured by offering models such as leadership in security, cybersecurity laws and regulation that were not provided in other programs.

And last but not least, the curriculum was informed by the ACM Cybersecurity Curricular Guidelines. So the modules that were included in the Master’s were suggested by these curricular guidelines.

So that’s I think the distinguishing points, so some programs can have some aspects of this, but as far as I’m aware I could not find another program that has the combination of all these aspects.

Christa: Makes sense, wow. So what is the most important thing that you would like listeners to take away from our conversation today?

Liliana: Yeah, so I just would like to point to two main advantages of doing a Master’s in cybersecurity in UCD. One is that if you have a full-time job, you can still do it, you can still up-skill because we are putting in place a lot of ways to facilitate part-time learning.

And the second, you know, we aim to really fix the cybersecurity skill gap. So we expect that students who terminate the Master’s or get even a certificate in cybersecurity will be able to secure a very good and well-paid job and to also pursue their aspirations in cybersecurity. So these are the two things I would like to just highlight from the program.

Christa: Good. All right. Well, Liliana, thank you again for joining the Forensic Focus Podcast to talk about it all.

Liliana: Thank you. Yeah, thank you for inviting me.

Christa: Absolutely, absolutely. I look forward to hearing more as the program progresses, and looking forward to seeing the research that comes out of it and so on. So thanks also to our listeners, you’ll be able to find this recording and transcript, along with more articles, information and forums at www.forensicfocus.com. Stay safe and well.

Leave a Comment