John Jay graduate students Stephanie Gootman and Christine Vega have made a lasting contribution to the growing body of knowledge on cybersecurity while earning significant new lines on their résumés — they had their research papers published in the Journal of Applied Security Research.
Titled “Securing Cyberspace: Man versus Machine,” Vega’s paper focuses on the importance of cybersecurity and protection, while Gootman focused on last year’s hack of the federal Office of Personnel Management, in a paper titled “OPM Hack: The Most Dangerous Threat to the Federal Government Today.” Both students were surprised to hear the news, and both commented that they were mostly preoccupied with achieving good grades in the class, and did not expect to be published.
The papers appear in the October-December 2016 issue of the journal.
“I focused on OPM because it was so large scale, and it shook the federal government to its core,” said Gootman, a first-year graduate student pursuing her master’s in Protection Management. The OPM hack affected nearly 20 million employees whose sensitive personal information was. “In terms of security, one of our biggest concerns is assets and info that can be stolen and used to conduct economic espionage and it really affects the foundation of government,” she said.
Professor Robert McCrie of the Department of Security, Fire and Emergency Management was thrilled by his students’ achievement. “John Jay students have been successfully published in this journal and others in the past, but never two at the same time,” he noted. Gootman, he added, “wrote a brave critique that deserved a wider audience, and now has received it.”
Gootman herself was ensnared in the OPM hack after applying for an internship with a government agency, only to learn subsequently that her personal information had been stolen. She said that this partly inspired her work. “This is something I’m passionate about and it’s a topic that I spent months researching,” she said.
A native of East Brunswick, N.J., Gootman said she came to John Jay after interning at the Red Cross and meeting several John Jay students who spoke highly of the emergency management program. She currently works for the federal government as an emergency management specialist. “It works out that I got the job but I got my info taken in the process,” she laughed.
Gootman and Vega have a shared concern that the general public is insufficiently aware of the dangers posed by cyber threats. Vega, a second-year student in the Protection Management program, recalls a past job at a nonprofit in which this issue became particularly apparent. The IT manager sent out a fake email as a test, in which he asked employees to respond with their username and password — a classic phishing technique used by hackers worldwide. To Vega’s dismay, nearly all employees responded with their credentials, proving to her and the IT manager that there is a serious lack of awareness or willingness to protect the integrity of data.
Vega’s article stresses responsibility. “Everyone depends on this machine [the computer], but humans are the only ones that can solve this problem,” she pointed out. “It’s not only employees getting hacked, but your trade secrets, copyrights, your legal documents. . . . Your competition could find out everything you know.”
“IT security represents a great risk to our national coherence. No organization is immune, as Vega observes,” said McCrie.
Vega is currently a crisis management analyst at Goldman Sachs, where, she said, “a lot of what I’m learning from John Jay is now getting applied.” She grew up in Staten Island and earned her bachelor’s degree at Pace University. She decided to pursue a master’s at John Jay while interning with the New York City Office of Emergency Management, and has her sights set on a long-term goal of working as a continuity planner.