Elevating Education: A Conversation with Bhavani Thuraisingham, Taylor L. Booth Education Award Winner
Bhavani Thuraisingham’s impact transcends excellence within education, as she has made countless efforts within bridging the gaps between industry and academics. Additionally, she is the Founders Chair Professor of Computer Science, the Founding Executive Director of the Cyber Security Research and Education Institute (2004-2021), and the Co-Director of the Women in Cyber Security and Women in Data Science Centers at the University of Texas at Dallas. She is also a visiting senior research fellow at King’s College, the University of London.
As a result of her many achievements, she has received the 2023 Taylor L. Booth Education Award for “…Outstanding Leadership in Cyber Security Education and Data Science Education, as well as Mentorship of Members of Systemically Marginalized Groups.”
What inspired you to go into education?
First, I was born in Colombo Sr-Lanka and am of minority Tamil origin. My parents, especially my mother, instilled the importance of being educated in addition to getting degrees in my sisters and I. Therefore, right from an early age I was passionate about educating the world. I used to dream about joining the United Nations, traveling around the developing countries, and educating students at all levels. However, being a woman of South Asian origin, marriage was a priority for my family. So, since my father had passed away when I was 16, my maternal uncle arranged my marriage when I was 20 in 1975 as I was finishing my undergraduate degree in Math and Physics at the University of Ceylon. My husband was finishing his PhD in Physics at the University of Cambridge, England. I joined him in England and started my graduate work at the University of Bristol, and then we moved to the US in 1980 as soon as I finished my PhD. I took visiting faculty positions for two years, as my son was a baby at that time, and subsequently I worked in the commercial industry (Honeywell), Federal Research Lab (MITRE), US Government (NSF) and after 24 years joined academia full-time in 2004.
Throughout the 24 years prior to joining academia, I was always educating various types of students including at university as adjunct professor and also defense contractors and industry professionals, among others. Being a woman and coming from a minority group in Sri-Lanka, I understood the challenges faced by marginalized communities. Therefore, once I joined academia, in addition to educating students, I also started teaching courses in developing countries, including in Africa (pro-bono). More recently, I joined Professors Without Borders and participated in panels in the developing world. It gives me great satisfaction when I see my students around the world learn and thrive in their work.
Honor your colleagues achievements. Nominate Someone for a Major Award Today!
Can you tell us about your philosophy on education and why it is important to educate students at all levels?
Psychologists have said that education must start at a young age. I have worked with K-12 students during the past several summers and have observed firsthand how important this is. Also, every time I FaceTime with my young grandchildren, I see that they have learned something new almost every day. However, not everyone has access to high quality education. Even in a superpower like the US, there are so many people from rural communities who do not have access to a good education system. I believe that even if we cannot get a quality education when we are young, it is never too late. The important thing is to get students motivated so that they get a thirst for learning. This is less difficult to accomplish when the students are young. Nevertheless, one must look to the future and regardless of whether you are 5 or 65, it is important to learn something new every day.
I have had a 43-year career and even now I believe it is important for me to learn something new everyday, such as solutions to research problems or new areas like Quantum Computing. Being educated improves your mind. That gives you the ability to be open to new ideas, environments, and situations. You cannot be truly educated without having an open mind and questioning what you learn. To me, education is not just about getting degrees. Yes, degrees are important, and they give us a living. While degrees do contribute to our education, we have to go beyond and read the works of famous scientists, engineers, mathematicians, and philosophers to understand how they made discoveries and learn from their examples.
Education has to infiltrate every aspect of our life, including the way we learn, the way we take care of our health, and the way we live. It took me a while to get truly educated, and I feel that I am still learning. However, I do have a more enriched life now because of that.
With decades of experience in teaching cyber security and data science, what are some key insights you have gained about effectively conveying complex technical concepts to students?
I have been working at the intersection of cyber security and data science for 38 years since I joined Honeywell. At that time, they used to be called Computer Security and Data Management. While at Honeywell, I used to give various tutorials at conferences and teach classes at the University of Minnesota. Then while at MITRE, I taught courses in these subjects at the MITRE Institute as well as at AFCEA (Armed Forces Communications and Electronics Association) and taught courses at numerous US Government organizations including in Stuttgart, Germany. Many of the students were from federal labs as well as from the industry. This was not part of my job description but I thoroughly enjoyed teaching. I joined academia full time 19 years ago as a tenured professor, and teaching courses at the intersection of cyber security and data science became top priority for me.
I now spend several hours during the first couple of lectures of a class (that also includes recorded talks on Zoom) telling students why they should be learning cyber security and data science. Of course, they want to get good jobs. I explain to them that they are not going to be twenty-five forever. One day they will find themselves to be sixty-five and still healthy and wanting to work many more years. But then they must compete with the 25-year-old students, especially in software development. So, I give them motivational talks on how to excel as software developers (since I started my industry career as a senior software developer, I understand some of the challenges) and explain to them reasons for doing a PhD.
Then I tell them that it is important to have a deep understanding of the subject because without that you are building a house of cards. I explain complex concepts like cyber-attacks and deep learning algorithms with examples so that the students understand what these concepts are about. With cyber security, you need to have a solid grounding on the problems before you jump into developing solutions. Similarly, it is important to explain to students the difference between deep learning and machine learning from 40 years ago.
These discussions and examples really motivate the students to develop a passion about learning. I tell them that the A grade will come if they truly get educated in various complex areas. I also tell them that while it is important to start with the less difficult concepts, they must challenge themselves to solve complex problems.
As the Founding Executive Director of the Cyber Security Research and Education Institute at The University of Texas at Dallas, how did you contribute to the development of the curriculum and capacity-building in the field of cyber security and data management?
When I first joined academia, my focus was on establishing my research program and getting research funding. This is a must for a successful career for a professor. Within three years I got substantial amounts of funding, such as a large DoD MURI and grants from several agencies. In fact the awards I had received from IEEE such as the IEEE Fellow in 2003 and the IEEE CS (Edward J. McCluskey) 1997 Technical Achievement Award gave me a lot of credibility and helped me establish my academic research career.
I also introduced new courses on Integrating Cyber Security with Data Science during the first three years. Around early 2008, I started focusing on developing a curriculum in cyber security. I was fortunate because NSF had started a fairly new program called SFS (Scholarship for Service) to educate US citizen students in cyber security. So, I recruited a colleague to join our team, and together we wrote proposals to NSF and won our first large education grant in 2010. Since then, I have focused on writing proposals for renewing SFS as well as writing capacity development proposals for curriculum development in areas like Secure Cloud Computing and Big Data Security and Privacy.
These grants enable our students to learn important concepts and focus extensively on experiential learning. I consulted specialists who work in education research to help with our curriculum development.
I believe that, in general, to be a good educator one must also be a good researcher. That is, the research we conduct through grants from numerous agencies is used to contribute to our curriculum. Then, by educating our students, they get motivated to do research. This is the cycle that has worked successfully for us.
As we get into new areas in cyber security research, we also focus on developing curriculum. For example, we received $20M USDOT National University Center in Transportation Systems Cyber Security with Clemson University as the lead this year. I am so grateful for us to be part of this prestigious national center as I am learning about new technologies in Transportation Systems and examining cyber-attacks on such systems (e.g., autonomous vehicles and drones).
Sometime next year, I plan to develop a new curriculum in this important area together with the team. It is important to note that you cannot do everything yourself or everything at the same time. I strongly believe in delegation and team efforts, and also accomplishing tasks in an organized way.
In your experience, what are some of the unique challenges faced by systematically marginalized individuals in pursuing careers in computer science and cyber security? How can these challenges be addressed effectively?
As a woman and being from a minority group in Sri-Lanka, I understand the challenges faced by marginalized communities. While in Sri-Lanka we had to score many more points than the majority group in college entrance exams. Even if we did very well in the exams, it did not mean we could get a place in college if the places allocated to the students in my ethnic group were filled. I learned at a young age that life is not fair; you have to maximize the opportunities in front of you and not get despondent. This experience has helped me in my career.
I believe that there is some subconscious bias in the workplace. We work mostly with educated people, and I believe there is little or no intentional bias. Nevertheless, people tend to want to work with people who are like them. For example, many female students approach me to do their PhD with me. So those from privileged groups, especially in industry, have a significant advantage. They are mentored by those in the higher administration, and so they know who to talk to and what to say.
I would like to share my experience earlier in my career, as I believe that the best way to explain a problem and a solution is to speak from my own experiences. My career was stagnating a little when I was in my mid to late thirties and one extremely destructive colleague was trying to undermine me as this person heard that I might get the position to head Data Science at the federal lab I was working for and wanted to sabotage it. But I was very fortunate as someone higher up (a lady) really liked the work I did for her, and she heard some of the comments that were made about me such as “Bhavani is not a team player”, “Bhavani is not technically good”, even though none of the others in the lab had better technical credentials than mine and managed multiple team research projects for government agencies. Unfortunately, some of the higher ups were questioning these stories. Then this wonderful woman advised me that excellent work is not enough, I had to provide more evidence of my work. That’s when I contacted my mentor, the late Prof. CV Ramamoorthy from UC Berkeley (and a strong supporter of the IEEE Computer Society), and we strategized for almost four hours one evening. I wrote to all my sponsors in Washington D.C. to write support letters for me. They were such glowing letters about my work and what I had done for them, and my boss was pleased. My boss, who really wanted me to get the position, had all the evidence he needed and made a strong case for me to the higher administration, and I got the position.
A major lesson I learned is that it is crucial to have a mentor in the organization to thrive in your work. Therefore, over the past six years, I have talked to various marginalized groups about succeeding in one’s career and stressed the importance of finding a mentor who can speak on your behalf at important meetings. If not for this wonderful woman, I would not have even known that there was a problem. Then of course you must do your part and that is work hard, be consistent, learn to communicate your ideas and strive to be the best. But to have a truly productive workplace, there must be institutional support to ensure that everyone thrives in their work. I would also like to add that while no country is without challenges, I strongly believe that had I not come to the USA, I would never have had such opportunities and a productive career. One great thing about the US is that, in general, people are willing to listen to what you have to say, and that does not happen everywhere.
Looking ahead, what do you believe are the most pressing educational needs in the areas of cyber security and data science? How can academia and industry collaborate to address these needs and prepare future professionals in these fields?
To address the challenges we face today, especially with Cyber Attacks and technologies such as ChatGPT, our students need both breadth and depth in their education. It is not enough just to focus on one area, such as data security and privacy. While we need to specialize in something if we are to do a PhD, it is also important for someone working in cyber security to understand AI and related technologies, performance aspects as well as policy issues.
One of my areas of focus now is to explore how ChatGPT can be used to solve cyber security problems. So, we need educated professionals to educate our students. However, it is not possible for one person to do it all. This means universities must use strategic hiring in multiple areas, and together as a team we develop curriculum.
Another major problem I see is there is not enough industry participation in our education efforts. Companies are busy developing products and gaining a competitive edge. They need us to produce qualified students for them. However, I would like to see them participate in our curriculum development efforts. Many universities now have senior design projects that are funded by companies. These companies work with the students and guide them with the research. But one such effort is not enough; we need company professionals to work closely with academia and be involved in the student progress at all levels.
Companies should think of their long-term strategy. That is, funding a student and eventually hiring the student is not enough. Companies must provide resources to their professionals to work closely with the students and professors and provide their inputs to the research and education efforts. This way, our students will understand the problems companies encounter daily.
It is also important that universities give presentations to companies as to how our students are being educated to get their feedback. And, we do not have to do it just locally. We now have Zoom (and other technologies) and so we can give presentations to companies across the countries. Such industry-university collaboration is critical if we are to produce a workforce to solve the challenging problems we are faced with today.
In cyber security, it is equally important that we have government participation. In fact, we are doing that with a multi-university education collaboration effort with research problems being given by the federal labs and government agencies. Students then work on semester-long projects collaborating with multiple universities. This way our students learn about the cyber security challenges and cutting-edge solutions as well as teamwork. In summary, we need collaboration and partnerships between academia, industry, and the government to develop a truly educated workforce.
More About Dr. Bhavani Thuraisingham
Dr. Bhavani Thuraisingham is the Founders Chair Professor of Computer Science, the Founding Executive Director of the Cyber Security Research and Education Institute (2004-2021), and the Co-Director of the Women in Cyber Security and Women in Data Science Centers at the University of Texas at Dallas. She is also a visiting senior research fellow at Kings College, the University of London since 2015 and was a Cyber Security Policy Fellow at New America Foundation 2017-8. Dr. Thuraisingham is an elected Fellow of several prestigious organizations including the IEEE, the ACM, the AAAS, the NAI (National Academy of Inventors) and the BCS (British Computer Society).
Her research, education, and outreach efforts have been on integrating cyber security and data science/machine learning for the past 37+ years including at Honeywell Inc., The MITRE Corporation, the National Science Foundation, and Academia. Her recent focus has been on developing scalable trustworthy machine learning-based solutions for tackling the cyber security challenges as well as on aspects of cyber security policy, risk, and governance. She has delivered over 200 keynote/featured addresses, over 100 panel presentations including at Fortune Media, Dell Technologies World, and Lloyds of London Insurance, written 16 books, published over 130 journal articles and over 300 conference papers, and has 7 US patents. She has also written opinion columns on security for venues such as the New York Times, WomensDay.com, Inc. Magazine, the Legal 500 and the Connected World.
Over her 43-year career, Dr. Thuraisingham has educated a global community including students in the US academia, members of several US federal agencies and industry contractors, students in developing countries such as those at the University of Dschang in Cameroon, Africa, the general public in DFW via the public libraries, and high school students. She also participates in panels for Professors Without Borders. She is a strong proponent of diversity, equity and inclusion and out of the 22 PhD students she has graduated at the university, 11 are women and others include members from the African American, Hispanic American and the LGBTQ+ communities.
In addition to the prestigious IEEE CS 2023 Taylor L. Booth Education Award, Dr. Thuraisingham has also received multiple research and leadership awards including the IEEE CS 1997 (Edward J. McCluskey) Technical Achievement Award, the ACM SIGSAC 2010 Outstanding Contributions Award, 2013 IBM Faculty Award, the ACM SACMAT 2018 and 2019 Test of Time Awards for papers published in 2008 and 2009, and the Dallas Business Journal 2017 Women in Technology Award. She received her PhD in Computability Theory from the University of Wales, UK and earned her higher doctorate (D.Eng) from the University of Bristol, England for her published work in Secure Data Management. She also has a certificate in Public Policy Analysis from the London School of Economics.