When a passenger aboard a United Airlines' flight in April bragged that he was able to control the aircraft by hacking into the in-flight entertainment system, Dan Glass ('00, '03 M.S.), chief information security officer for American Airlines, was called in to brief the airline's board of directors about the claim and its impact on the airline industry.
Glass is responsible for identifying potential security breaches at the airline, from cyberattacks on flight controls and passenger information to the equipment used by ground crews. The April incident, investigated by the FBI, made his job more important than ever. Based at American's corporate headquarters at DFW International Airport, he works to keep customer and company information secure by protecting the airline's massive networks, data and computer systems from attack.
"As the world's largest airline serving more than 530,000 passengers on 6,700 flights a day," he says, "we are targeted by many external threats, great and small."
In today's wired world, people rely on computers and the Internet for almost everything they do, whether it's airplane navigation, security and ticket sales to travel, email and cellphones to communicate, online stores and credit cards to shop, or equipment and medical records to stay healthy. It is imperative to protect sensitive personal and business information -- not just by detecting and responding to cyberattacks, but by preventing them.
Glass and other alumni are using their tech savvy and best business practices to help protect global computer networks and data for some of the largest companies. They are part of a growing field in high demand -- cybersecurity professionals who have specialized industry knowledge and technology backgrounds capable of fighting today's most sophisticated cybercriminals.
The National Security Agency and U.S. Department of Homeland Security designated the center a National Center for Academic Excellence in Cyber Defense Research, making UNT one of about 60 such research centers in the U.S. And UNT's New College at Frisco, an off-site instructional facility, opening in January, will place an emphasis on preparing students and helping professionals further their careers in cybersecurity and forensics fields, among other concentrations.
"With our emphasis on cross-disciplinary initiatives," Dantu says, "graduates of our programs are well-prepared for careers with today's top employers."
For Glass, it's critical to ensure that the airline's security policies, procedures and guidelines are always followed in order to keep its extensive financial data and other information secure, as well as its passengers and employees. Working with the U.S. Department of Defense, he keeps a close tab on travelers flagged as threats and is privy to classified information from federal agencies.
"Our flight and ground crews depend on my organization to protect this information and to get our customers to their intended destination safely," says Glass, who began his career at American as an information security architect and served in other security roles before being promoted to his current position.
"We protect private information for our millions of customers and more than 100,000 global employees," he says. "And we take this responsibility very seriously."
A transfer student who double-majored in economics and finance, he also has a master's degree in information technology management from UNT. His experiences working as a junior finance analyst at Nortel Network and a help desk analyst for PepsiCo, a job he landed through the UNT Career Center, helped prepare him for the work he loves. He also gained valuable experience while working as a computer system manager in UNT's then Computing and Information Technology Center.
"I recall lessons I learned in courses as a student when discussing cyber insurance with underwriters, contract law with lawyers, budgeting and accounting," says Glass, who also credits his success to supportive faculty mentors like Kari Battaglia, lecturer in economics, and Leon Kappelman, professor of information technology and decision sciences.
"UNT gave me such rich experiences and a toolbox to lead the technology and cybersecurity risk management programs," he says. "When I graduated to seek out success in the private sector, I had an advantage."
When patients check into any of the 40 Children's Health locations in the Dallas area, their personal information is gathered by doctors and nurses to create an electronic health record.
This information, which includes their Social Security number, medical history, address, phone number and other sensitive information, is protected under the Health Insurance Portability and Accountability Act, and therefore privacy is of utmost concern.
It's also the kind of sensitive information that cybercriminals want, says Anita Karim ('04), an information security architect helping to protect and secure the hospital system's sensitive data such as financial and medical records.
"Our goal is to ensure that our data is protected and secure for our patients," she says. "It's important to monitor our network and environment but also to educate our employees on what they can do to keep patients' data secure."
Karim reviews software tools that can better help the hospital monitor and track suspicious activities on its network. She's also responsible for conducting internal network audits to ensure that the hospital's policies and procedures are being followed.
Cybercriminals are constantly evolving with new technology, says Karim, who earned a biology degree at UNT and teaches technology courses for the Dallas County Community College District and Colorado Technical University. She also is a board member of the DFW Health Information Management Systems Society and a member of the Information Systems Security Association and Association for Executives in Healthcare Information Technology.
"At Children's Health, we are proactive about protecting children's data by staying up to date with the new vulnerabilities and risks," she says. "Knowing that I can make a difference to help prevent harm to our patients' data is really important."
Karim, the first in her family to go to college, credits UNT's supportive faculty and strong academic programs for giving her the foundation she needed. While a student, she landed a job at a healthcare software company that was a vendor for electronic health records, piquing her interest in technology.
"UNT helped me to learn that you have to work hard and work smart," she says. "For me, that means keeping up with technology. As technology grows and changes, so does the security we use that goes with it."
In Tom Bresnahan's ('85, '92 M.B.A.) most recent assignment for PepsiCo in Dallas, as head of global cyber risk management and resiliency, he implements processes to identify threats, protect data systems, detect vulnerabilities, respond and recover.
Bresnahan has gained a global perspective, working for 13 companies in diverse areas such as IT, corporate audit and supply chain management with big names like Exxon, Mobil Oil and PepsiCo. He helped establish PepsiCo's information security program, serving as its acting chief information security officer and growing his career as chief information officer of PepsiCo Brazil before his recent transition back to information security.
"Cybersecurity is more relevant than ever as organizations retool and digitize for growth," Bresnahan says. "The cyber threat landscape is ever changing and requires continuous vigilance."
Born in the U.S. to missionary parents, Bresnahan spent 10 years as a child in Mexico before his family returned to Denton.
One of eight children, seven of whom attended UNT, he enrolled on a soccer scholarship where he led the top 10 nationally ranked team in scoring. He sampled business computer information systems -- a forerunner of UNT's information technology and decision sciences program in the College of Business -- and was impressed with the vision and quality of the professors building the program. He took classes with his wife-to-be, Jacque Vogel ('91, '92 M.B.A).
"It was a unique field and just evolving," he says. "UNT was at the leading edge."
One of the key ways consumers reduce their vulnerability to cyber threats is by using antivirus programs on computers and other devices, says Shameka Johnson ('07), an information security specialist at Intel Corp. She works as part of a team making sure that security best practices are followed daily to protect Intel's IT systems and assets. She also has been involved in the development of Intel Security products, such as True Key and McAfee antivirus products, which protect millions of consumers.
"Being involved in these security products before they go to market is exciting," says Johnson, who has spent her career in computer programming, including working as an information security analyst for UT Southwestern Medical Center and as a web security engineer at McAfee. She is a member of the Information Systems Audit and Control Association, is certified through the Certified Ethical Hacker program and participates in industry forums driving today's security standards and governance.
Intel, like any company or organization, is vulnerable to threats, says Johnson, a subject matter expert in governance, risk and compliance at Intel. She helps determine threats and vulnerabilities to the company's key business units, products and services.
"Managing IT risk is core to managing any organization," Johnson says. "Understanding IT systems and their associated risk is important to helping companies reduce their cost of compliance, increase network security and protect information assets."
When organizations fail to recognize that risk management is key to their survival, they can set themselves up for serious security breaches, financial losses and possibly compliance fines, she says.
Johnson, who earned her bachelor's degree in applied technology from UNT, says faculty members and her father encouraged her drive to work in the computer field.
"My father introduced me to computers at 8," she says. "UNT faculty and advisors reassured me about the path I wanted to take."
Johnson has formed a nonprofit organization, Girls Into Fitness and Technology, to inspire young girls to pursue engineering and technology careers, as well as health and fitness.
"I want to make an impact by increasing the number of women who choose cybersecurity, technology and engineering-related career paths," she says.
UNT alumni not only safeguard records for consumers and businesses. They also are behind the creation of some of the very security software these industries rely on to protect their data and assets.
Tawfiq Shah ('13, '15 M.S.), a UNT computer science and engineering graduate, works at Richardson-based Armor, where he's developing innovative solutions to protect companies.
As an international student from Nairobi, Kenya, Shah was drawn to UNT's computer science and engineering program and its highly respected faculty, like Dantu, Krishna Kavi and Mahadevan Gomathisankaran.
"I have always been inspired by secret agent movies like Mission Impossible," says Shah, who earned his bachelor's in computer science with a minor in math and a master's in computer science specializing in security at UNT. "The technology was cool and I wanted to be on the cutting edge of innovation."
Today, Shah is pursuing that desire as a senior research engineer at Armor, where he creates cloud solutions for healthcare, financial, retail and other industries that help to minimize the dwell time, or the amount of time it takes to identify cybersecurity threats. Armor's specialized cloud programs, such as Armor Complete, are a resource for healthcare companies needing secure cloud infrastructures to comply with HIPAA and to help prevent data breaches.
He also works to imitate the tactics and techniques that cybercriminals use so that he can help in developing security architectures to prevent them from infecting computer systems with malicious viruses.
Shah says the work is important to helping Armor researchers create innovative solutions for companies to detect and remove new and ever-evolving cyberthreats from their networks.