Beyond the Desk: Alex Grob on his passion for cybersecurity and cyberlaw
Author: Kelly Chan
Date: 02.11.22
How did you come to work for Northeastern’s Khoury College?
In my last year as an undergrad, I was a TA for CS4500 and CS5500, and the professors I was TAing for said, “Hey, we could really use your help after you graduate. Would you want to work here?” And that’s how that happened. So I went from being a TA to doing this full-time, helping out with the course logistics and all the course technology needs. This became somewhat involved as I supported the course in providing the architecture needed for students to build applications that not only mimicked what they might encounter in the future career but also a place to showcase their skills. That has disappeared mostly now, as classes have changed.
Our interim dean, Alan Mislove, then approached me and asked if I was interested in helping out with the Khoury Admin Portal that he started building. Back then, two and a half years ago, it was mostly just course scheduling, but it started growing to TA hiring and a lot of faculty-related administrative work. It has just kept growing and growing, and that’s where we are today.
How have you grown as your role has evolved at Khoury College?
Working in a team is very different from working individually. I think that’s been the biggest growth for me — working on larger scale projects, but also on larger teams. It leads back to what I really liked while working with students [as a TA], which was seeing them grow. Now I see my co-op students grow, where they come in and obviously have little experience with what we’re doing. Then by the end of it, they’re very self-sufficient, and they can tackle anything at that point that we throw at them. They’ve been awesome that way, just seeing them grow from having only worked on small, contained class projects to a codebase that is used by a large population daily and the related maintenance tasks that come with supporting such an application.
I know you have also just finished your master’s degree in cybersecurity at Khoury College. How did you decide to pursue cybersecurity?
It’s been a long interest from when I was much younger and started cracking Windows passwords on my personal machine — nothing illegal. I just had a curiosity of how [computers] work and messing around with computers and seeing what happens. Back then, I would also read about large breaches in the news, and it’s just always concerning. How do these large companies lose data or get breached? How is that possible? Then I just started digging more into that.
I think what really kicked it off for me is when I was on co-op at State Street. My boss had extra training credits from a yearly training budget, and what really stood out to me was a course through EC-Council called ethical hacking (CEH).
A lot of it was focused on social engineering, as the weakest link in most organizations is just the human. You can social engineer people to give away passwords or leak data. That was really something that stuck with me because they were talking about how you counteract social engineering. How do you train people to see these things, like phishing emails or scam-type emails? How do you actually prevent people from clicking on them? Technology is constantly evolving, but the human element isn’t. With so much of our work world revolving around email, it’s just such a faucet to errors or breaches.
Within cybersecurity, you have a particular interest in cyberlaw. What is cyberlaw, and why did it interest you?
Cyberlaw in general is the laws and regulations concerning computer devices. How do we legislate to situations that we now have, like border searches of cell phones? During the start of the pandemic, I took Khoury College’s cyberlaw class where they talked about how we apply case law to new situations because there’s generally a lack of legislation that is specifically written for our current digital age.
What motivates me now with cyberlaw is that we’re in this era where there’s not a lot of legislation, at least not in the U.S. We rely on good faith from not only the government, but also companies that store data on you. Think of Facebook. Are they really making a good faith effort to keep your data safe? And on the flipside, should the government have all these rights to spy on you? There are arguments pro or against, but it raises questions like, who really needs your data? And how does your data differ from something that’s physically in your room versus digitally on your computer?
How does your passion for cybersecurity and cyberlaw play a role in your current job at Khoury?
I’m in a position to decide what data we store because I build applications. With that, I have to ask, “What data do we need — necessarily need — to do this function?” and “What data do we not need?” A lot of it is governed by rules and regulations, but I think there’s also just an ethical obligation not to store data you don’t need.
Thinking more along the lines of privacy, I see what data we really need to provide services to our faculty, staff, and students, and we err on the side of caution. We try to store the minimal amount of data possible, and I think that’s very important to us. We don’t store personalized things, and we limit [the data to] exactly to what the program that we’re building needs to do to ideally have the best security around.
What do you recommend for interested students to learn more about cybersecurity and cyberlaw, or to get involved on campus?
I personally enjoy reading from Ars Technica, which is a more generic tech blog, and I enjoy their high-quality reporting. Also, a big thing of what I keep an eye out for, which is really specific to my job, is Common Vulnerabilities and Exposures, or CVEs, which are just essentially reported issues in software.
There’s also a really cool student group, called NUCCDC, and they go to cybersecurity competitions. I have a few friends who are involved, and they always speak so highly about it. They learn skills that are hard to learn otherwise in the classroom because they’re hacking real things in a safe environment-type situation that is extremely hard to replicate in a classroom.
Also, I work with NU Sandbox, which is quite a large student club that works on projects for the university, third parties, and for the college. For Khoury, they mainly work on the Office Hours app. As an undergrad, I used to be a part of Northeastern’s ACM club, one of the main computer science associations, and they have weekly meetings where they have networking and speaker series to get people to connect.
Students should definitely get involved because a) it’s fun and b) you can make a difference. It doesn’t need to be a difference on an international scale. You can just make a difference in people’s lives around you, as big or as small as you want it to be. You can have a lot of impact with your software — that’s the beauty of computer science.