Darraj: with new breed of threats, existing cyber solutions “don’t work anymore”

Cybercriminals have become increasingly adept at finding and exploiting network vulnerabilities, while existing security infrastructure is being overwhelmed by a new generation of threats, says Dr. Emily Darraj, who has been working tirelessly to raise awareness about the urgency of the problem – and get the word out about possible solutions.

An alumna of Capitol Technology University’s doctoral program in cybersecurity, Darraj combines a professional career at a federal contractor with an academic and teaching vocation.  In addition to authoring a regular column, at her company, on secure code and other cybersecurity-related topics, she has led webinars and participated in conferences and panel discussions, and is currently involved in preparing a white paper on securing medical devices.

Darraj is also a doctoral faculty member at Capitol, helping to guide students through the same pathway that she successfully completed in 2013. She teaches courses on research literature and on contemporary issues in information assurance. Darraj took time from her busy schedule of work, writing, research and teaching to share her thoughts on the key current and emerging issues in the field.

What do you see as the top concerns at the moment?

One major priority is to continue to secure the code, because that’s how adversaries are getting in. They’re finding vulnerabilities within the code. The process of securing it, though, is challenging, in part because of the human factor. Many people don’t understand why they need to have it so secure. They don’t understand the ways in which the hackers think and how they can come in and enact breaches.

That means we’re constantly looking for ways to help developers understand how to harden the code and use the tools that are out there to ensure that the constructs they are creating have everything that’s needed to make sure they are secure.

Another big issue -- and we’re going to continue to see more of this -- is the emergence of advanced persistent threats. Our networks are getting hammered by any number of nefarious actors based in locations around the globe, including China and Russia, using remote access tools to get in. Meanwhile, current security infrastructures don’t work anymore. We’re up against malware that can bypass the signatures in the .dat files for antivirus software and firewalls, and by the time an antivirus company is able to create new signatures, it’s already too late. So the malware gets into the networks – and the federal networks are often not as secure as people think they are, in any case – and they go in and plunder intellectual property.

What prompted you to do a doctoral degree, and why did you do it at Capitol?

I have a huge passion for this field. So when I heard that Capitol was offering a doctorate in information assurance (now cybersecurity), it immediately got my full attention. And after finding out more about the curriculum and the dissertation process, I was totally sold.

It was a wonderful experience. I truly enjoyed and appreciated all my professors, and their teaching styles. And what I really loved was the way Capitol gives you a straight shot to the dissertation. You don’t have to go through numerous hurdles before focusing in on your project; instead, you complete your core coursework and then go straight to the dissertation. That was extremely appealing.

What are your ongoing activities and areas of interest?

I’m committed to helping to get the word out by publishing more and through giving presentations. I want to be able to take the cybersecurity and forensic skill sets that I have and apply them to areas where people could be harmed as a result of vulnerabilities being exploited – for instance, in medical devices. It would be very fulfilling to know that I’ve created a document or paper with countermeasures to protect their lives and health from nefarious threats. The white papers would enable  people to understand where the vulnerabilities are, while helping the medical and security industy put the right countermeasures in place. That’s my goal: to take the knowledge I have and apply it to areas that are currently very weak, and thus help protect people.