Hi, I'm Matt Amoroso, and I want to welcome you to our video interview and discussion series. And I'm here with Nasir Memon, our professor here at NYU Computer Science Department. And thanks for spending some time here. >> Sure, my pleasure. >> How many years have you been at NYU? >> And probably before that? >> 18. >> 18 years. >> Yes. >> I'll be darned. How did you get into computer science? What brought you to that, and brought you to, ultimately, to academia? What was your journey? >> That's interesting, so I did a computer science course as an undergrad in my second year, where we did not have computers. We wrote programs on paper [LAUGH]. >> [LAUGH] How did you know if it was right? >> Yeah, the TA would look at it and say, yep, that's right, and that was about it. [LAUGH] >> Really? >> That was it. >> What programming language were you in? >> So we started off with machine language, then assembler, then Pascal, then Fortran, all in one course. And it was a bottom-up approach, as opposed to a top-down approach that we do these days. And I wonder if maybe the bottom-up is the right way to go. >> I think it probably is. I learned on assembler- >> Machine language was the first thing. >> Yeah, of course, and Pascal. >> Right. >> Pascal was, it was hard to get programs to actually run, right? [LAUGH] >> Right, right. >> because it would check to make sure that you did it right, unlike C, where everything runs. >> Sure, but for us, it was the TA who was checking. >> [LAUGH] >> So [LAUGH] the compiler had never compiled a program. >> I'll be darned. >> And I was good at it, but I was not a very a good student in my undergrad. >> No. >> I was not going to classes. And I graduated with a very, very bad GPA of 2.2. But computer science was one course where I could get a B, and B was a very good grade for me in those days, without ever going to class. >> Really? >> Right, and it just came very naturally. And then later on in life, when I became serious and I thought maybe I should do a master's degree, nobody in India would admit me because I had such a bad undergrad GPA. >> Hm. >> And I wrote the GRE and I aced it, I did very well in the GRE, but still nobody would take me. And University of Nebraska here admitted me in computer science. >> Hm. >> That's when I decided to explore computer science, because I recalled how easy it was for me as an undergrad. >> And probably very interesting. >> And very interesting, and so I started to do my master's in computer science in Nebraska. >> In Nebraska, I'll be darned. >> And I had no intention of being in academia. I never thought about it. Not as if I did not want to or something, I just hadn't thought about it. >> What was it like landing in Nebraska for the first time? >> After Bombay, it was insane, really, totally culture shock. >> Did you have a winter coat? [LAUGH] >> [LAUGH] Landed up in September, right? So, August, actually. >> Yeah. >> So it was warm. >> You didn't need it then. >> No. >> But by December, you did. >> By December, I remember walking out without a sweater, out of my apartment, [LAUGH] and come running back in because it was so cold. I didn't expect it. >> So, Nebraska to NYU. How did you come to New York City? >> Careers will take you in different directions. And New York City is, what should I say, a city that many people aspire to go to or look forward to moving to. So, and those were just career opportunities. So I started off teaching in Arkansas. And from there, I moved to Illinois, and from Illinois I came to New York. >> You came here. Now, cybersecurity became an interest at some point. >> So I started off, my first interest was starting in cryptography. So I did my master's thesis in cryptography. I remember attending the CRYPTO conference in Santa Barbara in 89, and I presented a white paper on cryptography. >> People were exploring, probably, public key cryptography, right? >> At that time, yes, at that time. >> You didn't know what was going to happen there ten years on. >> Yeah, yeah, that was in at the time. And a lot of the cryptography that was being done was based on number theory. >> Yeah. >> And my advisor was a group theorist. And so we came up with a technique based on group theory. It was not public key yet. >> You could generate a pair with using group theory? >> Yeah, you can take a group and factor it. >> Okay. >> And then allowing, so it was like solving the knapsack problem. >> Okay, that's cool! Anybody use it? Did it realize itself in a product? >> Lots of papers were written about it, but no, I don't- >> As long as it works, right? >> I don't know if it would really show. >> So that was your first intro to cybersecurity. >> Yes, in that sense. Then I moved away into the world of image compression. I developed image compression algorithms. I participated in JPEG, the image compression standard. And, then the imaging world started seeing watermarking, which was kind of a security problem. >> It is absolutely a security problem. >> So I got attracted to that and started working in that. And then I came here to Brooklyn, and they had a course in information security and privacy, which they hadn't taught for a long time. And they asked me, why don't you teach it, because you've done crypto before? Because to them, crypto and security were the same thing. >> They were synonymous. >> Yeah. >> Still is, to a lot of people. >> I know, unfortunately. >> We need to fix that, right? But it is still [CROSSTALK]. >> So I started teaching it, and then I realized that you can't teach security by just talking about it. You actually have to break things. You have to actually bend things. You have to actually get your hands dirty with stuff. because that's where you understand where the problems happen. And so I started a little lab. When I joined here, they had given me startup money, and I spent my own money to start a little lab. I got one of the students, he's now a CSO in a big bank, to be the TA. And he was actually doing the class, and for being a TA, he didn't have to do the homeworks, because he helped me grade them and design them. And we set up a little room and had created a nice series of labs for the course. And the course was very popular, the students really had a lot of fun doing it. And then I asked myself, you know what, why don't I start a real lab in cybersecurity? So way back in 2000, before security was that an important an concern, we started a cybersecurity lab here and started teaching one of the first undergraduate courses in computer security in 2000. So I got some funding from the National Science Foundation to start a sequence of courses in computer security and network security. And then we started this lab, which we called the Information Systems and Internet Security Lab. And yeah, after that it just kept growing every year. >> It's continuing to grow. >> Yes, yeah. >> Tell us, so today, what are some of the ways that you describe the programs? Is it a lot of students, a lot of courses? I would imagine [CROSSTALK]. >> Sure, it's a very active and robust program. Of course, being a research university, we have as many as close to a dozen faculty members who work in areas related to security, and about 50 Ph.D students who are active in the domain. And then we have a very robust master's in cybersecurity program, which sees a hundred or so, 100 to 200 students, which is offered online as well as on campus and various combinations. And then there are lots of master's and computer science students who simply take a lot of cybersecurity courses. So they may not graduate with a degree in cybersecurity, but essentially they get a degree in computer science and take most of the courses in cybersecurity. We offer almost a thousand different courses. >> Mm-hm, that's awesome. >> In then in the undergrad, we have a minor in cybersecurity. >> Mm-hm. >> And then we also, it's not just research and education, but we also reach out to the rest of the community. We have high school students every summer coming here for summer camps. High school teachers, we teach them cybersecurity so they can go and teach their own students. Even two-year, four-year, college faculty come here in the summers, and we share our curriculum with them so they can go back and teach their students. We also reach out to the rest of the world. We organized the CSAW event, which next year will be running in five countries, and we'll reach- >> CSAW being a lot of poster sessions with judges and winners. >> Capture the Flag. >> Yeah, it's very exciting. I've been one of your judges. >> And hack the chip competition. >> Yeah, it's wonderful, wonderful. >> So we reach out and touch the rest of the world as well in many different ways. And events like CSAW have literally brought people to the discipline, in the sense. After participating in CSAW, they say, hey, security's such a cool thing, maybe I should become a security engineer. And it has led to sort of this increase in interest in cybersecurity among students. >> Now this Coursera that we're doing, you and I chatted about it months and months ago, before we started planning, and here we are. >> Sure [LAUGH]. >> I guess online learning and kind of partnership with some of the really great online learning companies, like Coursera, I guess that's part of what NYU's mission is at this point. Trying to expand and grow the ecosystem. >> Right, right, so online is a way where we can reach out and touch a much larger audience. >> Much larger, right. That whole group, our community watching this video. >> That's right, and we can reach out and give them a good idea as to what are the main problems in cybersecurity, as you've done so in this course, so hopefully. >> Right, no. [LAUGH] >> And perhaps get them interested in doing cybersecurity as well. So that's one reason for going online, you can reach a much broader audience at very low cost. And the second, of course, is that I sincerely believe that technology allows you to create better courses pedagogically. Concepts like adaptive learning, active learning, mastery learning, and things of that sort, which have been shown to be very effective ways of getting across learning experiences. Technology allows us to do that. And I think technology will completely reshape education in the next decade or so, and [CROSSTALK]. >> [CROSSTALK], the on-campus and technology and online. >> Sure. >> I think that's the future of learning, right? >> Sure, yes. >> So for youngsters or others watching who at some point would love to be part of the NYU community, this is probably a way of getting started, right? Just sort of immersing and- >> Right, to see if this is something that interests them. If this is what they have a aptitude for, they have an interest in it, if it excites them. Then they can start taking courses and start joining a degree program, any degree program, and NYU could be one of them. >> You know, I want to ask you a question, I don't want to put you on the spot. But I've noticed that globally, I'd say at the Ph.D level, there seem to be fewer women going into some of the master's and Ph.D programs in computer science. I watch those indices carefully. Do you think we need to reinvigorate a little bit? And it's sort of been my observation that we made a lot of progress in the 80s, 90s, it feels like it's sagging a little bit right now. I don't know if you've seen that at all. >> It's picking up. >> Is it picking up? >> Yeah. >> Glad to hear that. >> It's picking up. >> Because the numbers were depressed- >> Right, I was the department head for three years, just finished my term last year. And one of the major initiatives I'd started was increasing the women enrollment and participation >> Right, we need to do that. They bring a perspective to what we do that can't be [CROSSTALK]. >> You know what's the good news? 46% this year, women. >> In the program? That's for the year. >> Yes, coming in, 46%. >> That sounds like good news. >> Yes, I don't take the credit for it, I think there's a nationwide trend going on which is seeing more women coming into computer science. >> I hope so, because I have been looking and it strikes me that- >> We worked very hard, I used to send every single woman admit a personal letter. >> Yeah. >> And it's not simply about admitting them, it's also about keeping them, nurturing them, providing the right environment, and so, an environment which respects them and allows them to flourish. And I believe we try to do that here at NYU, yeah. >> Hey, are you teaching anything this semester at all? >> No [LAUGH]. How about next semester? You got some plans? >> So yeah, next semester- >> What are you teaching? >> I'm teaching a course called Cybersecurity Law and Technology. >> Wow, I should come and take that! >> It's in the NYU Law School. >> Really? >> Yes, it's me and a lawyer, together, jointly teaching the course. >> That sounds good. >> Half of the students would be from law school, half the students from technology school, and they would be doing joint projects together, so. >> So you're going to be going from the speed of light to the speed of lawyers. >> [LAUGH] >> [LAUGH] That's a big, that's a pretty dramatic. I'm stealing that line from my friend Duncan Sparrell. >> Okay. >> It's a good line. >> It's a good line. In fact, it's part of, we are starting a new online blended program in cybersecurity risk and strategy. >> Which half the courses in the master's program are law school courses, half are technology courses. And we will not shy away from technology, the lawyers will have to learn it. >> Wow. >> We will not dilute it. And the technologists will have to learn now, they will not dilute that. >> That's quite an experiment. >> Yes. >> You might have a big war in the middle of the classroom, right? >> [LAUGH] I don't know. >> You'll have to let me know how that goes. >> Yeah. >> It sounds like fun. >> Hey, did you enjoy our sitdown here? >> Of course, every time. It's always a pleasure talking to you. >> It's always a pleasure talking to my boss. >> [LAUGH] >> [LAUGH] >> Well, in a very narrow context. >> Well, not so narrow, I love being here. I love being part of the team. So thanks for joining. >> Thank you. >> And we'll see you next time.