Friday, July 14, 2017

Cybersecurity research: What and How

Friday July 7, 2017, I was asked by the folks at SANS.EDU to help the graduate students submit research proposals to be evaluated by the STI research committee. It was fun work, and a glimpse at a new, (to me), part of the research process at STI.

In the first batch there were a number of potentially great proposals, but only one student took the time to clearly articulate what she was going to do and how she was going to do it. Not surprisingly, when this proposal reached the committee for a go/no go decision, the answer was go, (approved), and several faculty members volunteered to be the advisor on the project.

The experience led me to wonder, "what is the difference between the successful project proposals and the ones we evaluate as not yet ready?" From the title of the blog post you can probably guess the answer is the successful students clearly articulate what they are going to do and how they are going to do it. Before we examine that, let's take a minute to define a Cybersecurity Research Proposal. There are, amazingly, three key words to consider:

    Cybersecurity: all of the proposals fell into the realm of computer security, so we don't need to belabor this point. We can leave Better methods of picking daisies to some other worthy institution.

    Research: we ran into some problems here.  Research is studious inquiry. Research is not regurgitation of already published information, or an opportunity to recount one's personal experience.

    Proposal: this is where the student defines what they are going to do and how they are going to do it.

As mentioned, most of the proposals had potential in the sense that the topics were timely and interesting. So where did so many miss the mark?  There seemed to be two major pitfalls, overly broad topics, (failure to succinctly define "what") and research process that cannot be practically accomplished, (failure to pragmatically understand/define how).

Since it is frustrating to be sent "back to the drawing board", here are a couple suggestions for success the first time through the process.

1) Know what you want to do. Ideally, your topic will be something that you want to learn more about, or that will benefit your employer. In the best of all possible worlds your topic will satisfy both conditions. If you do not know what you want to do, you will not be able to explain it in the proposal. That results in "fuzzy writing" which ends up frustrating all parties, student and advisor. Only you can know what you want to do.

2) Use the literature search part of the process to explore the uniqueness of your proposal. If there are lots of papers, tutorials, YouTube videos, etc on "Using Wireshark to monitor the TCP/IP 3 Way Handshake", it could be an indication that ground has already been covered. However, keep in mind that just about everything you can imagine has been published on the Internet in one form or fashion. The published material may not be supported by studious inquiry and/or empirical results. In that case, you may still have a valid topic and this is a discussion you should have with your advisor.

Summary: if your research proposal: reflects studious inquiry, covers new ground and adds to the body of knowledge, clearly explains what you intend to do and how you intend to do it, then the odds are better than average it will be accepted the first time.

No comments:

Post a Comment