From Hacker to Cyber Defender with LSU’s Dr. Golden Richard III
March 29, 2022
Growing up, Dr. Golden Richard III’s fanatical devotion to computers led him to clean parking lots for a year, simply to buy a single $600 floppy drive. After 40 years, Golden is still driven by the constantly shifting world of computer science — a world of stolen encryption passwords, ransomware negotiators, high-tech chess, and sophisticated attacks. Here at LSU, Golden is educating the next generation of highly technical cybersecurity professionals ready to defend and solve these issues.
Interviewees Biography
Golden Richard has more than 40 years of practical experience in computer science. He is a Professor of Computer Science and Engineering, the Associate Director for Cybersecurity in the LSU Center for Computation and Technology, and the Director of the Applied Cybersecurity Lab. Richard is also a Fellow of the American Academy of Forensic Sciences.
Transcript
[00:00:00] President William F. Tate IV: Welcome to “On Par with the President." For this episode, we're focusing on the world of cybersecurity and joining me is an expert in forensic science and cybersecurity. Golden Richard III. Golden is a Professor of Computer Science and Engineering. The Associate Director of Cybersecurity in the LSU Center for Computation and Technology and the Director of the Applied Cybersecurity Lab. "On Par with the President" is a podcast that is focused on the LSU community and members of that community who are doing great things.
A golfer who can play par golf is at the very top of the game. They're the very best of the best. And so the whole point of the podcast is to talk to extraordinary people who are affiliated with LSU. Thank you, Golden, for being on the podcast. How are you doing?
[00:01:04] Dr. Golden Richard III: Fine. Thanks for having me.
[00:01:06] President William F. Tate IV: Well, it's exciting.
And the way this works is just like golf. We're gonna tee off right now. Please describe for us why you call yourself a hacker.
[00:01:17] Dr. Golden Richard III: I first was introduced to computers in the 1970s, late 1970s, and I lived two blocks from a RadioShack, actually. And, sort of optimized my time in RadioShack studying computers, sometimes avoiding going to school because RadioShack was only open from nine to five. And so students now have an alternative legal path, but my path was essentially, partially truancy and really like fanatical devotion to studying computer science.
[00:01:50] President William F. Tate IV: Wow.
That's interesting way to think about it. We're not promoting truancy, but I'm glad you applied your intellectual skills in this area called cyber security. Talk to us about, what do you think some of the big changes have been, the paradigmatic shifts that have
happened in your field?
[00:02:10] Dr. Golden Richard III: I mean the big, the big changes in computer science in general would be vastly increased resources that we have. So my first computer system had 4k of Ram and I cleaned parking lots for a year to earn $600 buy a single floppy drive, which stored 156 kilobytes of data. So that, but the thing that's really, I think, changed cybersecurity more than anything, it's not necessarily the computing speeds.
It's the fact that we have ubiquitous connectivity now, and so the fact that literally everything is connected to the internet from doorbells to cell phones to computer systems makes cybersecurity a lot more challenging than it was originally, because, you know, computer viruses in the 1980s were transmitted by people sharing floppies and stuff.
Right? It wasn't the case that you simply turned on your computer system and, you know, were outraged that someone hacked your computer.
[00:03:15] President William F. Tate IV: I know you've been working really hard to get various designations for the LSU cyber program. Why don't you talk a little bit about that process?
[00:03:22] Dr. Golden Richard III: The premier designation that NSA offers is the Center of Academic Excellence in Cyber Operations designation and roughly 24 schools nationwide have this designation.
Now those schools tend to be the ones that are razor focused on very high-tech applied cybersecurity. Recently, there's been a revamping of that process at NSA and for 2021 and 2022, LSU was the only school in the entire United States that was invited to apply, and so we've just completed the application and we're really, really hopeful that that's gonna come
about.
[00:03:59] President William F. Tate IV: Cyber is part of our Pentagon that we talk about in our strategic planning effort, a five-sided figure to protect the future of the state: agriculture, biomedical science, coastal research, defense, where we are talking about cybersecurity and energy. What do you see as the future role of cyber here at LSU?
[00:04:20] Dr. Golden Richard III: So our goal was and is to create truly exceptional, deeply technical, cybersecurity professionals and that's largely underway, but designations like the CAEC one and increasing the size of the faculty and so forth is gonna make that process a lot easier. But I mean, you know, that our goal is to create essentially the best cybersecurity students and professionals anywhere.
[00:04:51] President William F. Tate IV: Help us understand, just as individuals, that new technologies are emerging all the time. They rely upon personal data. They're documenting our preferences and habits. How can we benefit from these new technologies while maintaining our personal security?
[00:05:06] Dr. Golden Richard III: There's a stream of technology coming out that, you know, always involves compromising some private information and, you know, the sort of avalanche of that technology will eventually just eliminate privacy completely unless you pick and choose. So there's no way that these things don't chip away at your personal security, you have to just be diligent and choose the ones that mean the most to you.
And, you know, the other extreme would be just not using computers at all. So I have a fountain pen ready for when it all goes down.
[00:05:44] President William F. Tate IV: It's not possible anymore. It's virtually impossible.
[00:05:48] Dr. Golden Richard III: It'd be hard.
[00:05:50] President William F. Tate IV: Autofill with passwords. I get them all the time. Autofill with passwords and credit card information.
How much risk is involved with autofill for the user?
So generally anything that you find convenient when it relates to cybersecurity is a compromise of security. If it feels like, "Wow, I'm saving some time, or this is so much easier," then it's probably a mistake. But the primary danger is that autofill works when someone sits at your keyboard. So if you're not in the habit of locking your computer or you don't have good passwords and can, you know, someone can easily compromise, like the first level of defense, which is your login password. Then they simply open a browser and can do banking and all kinds of stuff.
[00:06:34] Dr. Golden Richard III: So I would use it cautiously and I would encourage not to have the same login password as say their banking password and so forth.
[00:06:42] President William F. Tate IV: Got it. So what makes a secure password?
[00:06:45] Dr. Golden Richard III: Yes. Here we go. So the problem with many password schemes that are suggested, are those strong passwords that are created automatically, is there's streams of digits and letters and symbols and so forth.
And the only way to really deal with that is to write them down, right? And so, that's a bad plan. I create diverse passwords by stringing together deliberately misspelled English words. So you don't wanna string together English words, and you need the password to be relatively long, but if you string together English words into a phrase that you remember easily, and the misspelling sort of makes sense to you in a way, those are pretty, those are pretty secure.
[00:07:30] President William F. Tate IV: Well, we've seen recently in the invasion of Ukraine, how prior to invading physically, the cyber attacks happened in Ukraine, where they shut down the education and foreign ministries there. We know that hospitals, schools, and other companies are being hacked. How often are these breaches occurring and are hackers generally successful in accomplishing their goals?
What is it gonna take for us to prevent all of this from happening.
[00:08:02] Dr. Golden Richard III: So I think the depressing answer to the last part of the question is we don't know. We're just sort of diligently trying. There's news that some hacking groups that are implementing ransomware campaigns are making tens of millions of dollars per month.
The fact that we see new job descriptions in cybersecurity, maybe the most amusing of which is, Ransomware negotiators that are, you know, making $500, $600 an hour, just to communicate with the hackers that have attacked a company and negotiate settlement is pretty telling. The idea behind that job is essentially, you know, a neutral party that's not gonna get angry and call the hackers names and stuff the bad hackers names and so forth is worth $600 an hour. When the company's putting up, you know, $200,000, $300,000 in Bitcoin to get their files back, it's worth paying that money.
[00:08:59] President William F. Tate IV: Wow.
So that's a whole new area where you need technical expertise and the ability to negotiate and be a mediator, if you will.
[00:09:10] Dr. Golden Richard III: Yeah. Development of malware, you know, originally started as essentially demonstration of programming prowess and so forth, and when it became monetized, in terms of, you know, being able to purchase a months use of a million computers to do a denial of service attack or launch ransomware campaigns that make hundreds of thousands of dollars or millions of dollars for one incident, it just, you know, made the offensive people a lot more interested in pulling it off.
[00:09:43] President William F. Tate IV: Are we learning anything from these cyber attacks? Are people sharing information so that you have a way to better defend and be on offensive as you describe?
[00:09:51] Dr. Golden Richard III: Yeah, absolutely. So every time there's an attack.
For example, we get samples of the malicious software that was used, typically, and those are analyzed from top to bottom to see how the attack was carried out, and then you can build defensive measures and so forth. And so one of the classes we teach at LSU is reverse engineering, and in that class, students look at Malware samples and tear them apart and understand essentially every single step that's involved in whatever the attack was. But the problem is, of course, new attacks are developed immediately thereafter, so...
[00:10:27] President William F. Tate IV: This sounds like high tech chess.
[00:10:31] Dr. Golden Richard III: It is. It's high-tech exhaustive chess. So I think once your stamina is gone, your career in cybersecurity is over, because, if your feeling is, I just can't wake up another day and see yet another technical outrage, then you're probably done, because it's every single day. There's a new attack, and I think the thing that doesn't really make the news because, people, sort of, don't believe these things are even possible are the, you know, really, really high-tech attacks where, you know, encryption passwords are being broken by listening to the fan noises that computers make, or that the hard drive in your computer can be used as an illicit microphone to hear what's happening in your office.
I mean, we blame people for being susceptible to cyber attacks, and imagine that they didn't exhibit proper, you know, cyber hygiene or something, but the average person I think doesn't really realize how technically sophisticated some of these attacks are so they're very ill-prepared to deal with defending themselves.
I mean, I think a real-world example would be people imagine that when their office is secure, the locks are not tampered with, and there are no holes in the walls and stuff that their stuff is secure, but the cyber attacks these days seem as though, you know, sort of a ghost-like presence can walk through the wall, tamper with your stuff, and then walk out and you don't even realize that it's happened.
[00:11:59] President William F. Tate IV: Wow.
[00:12:00] Dr. Golden Richard III: It's sort of hard to paint a bleak enough picture, and yet I manage to smile every day, so...
[00:12:07] President William F. Tate IV: Well, that's something. I have to tell you that this is very sobering. Now, you're the faculty lead for Firestarter.
[00:12:15] Dr. Golden Richard III: Yes.
[00:12:16] President William F. Tate IV: A partnership between LSU and the state. Can you tell me more about that program and what you hope to accomplish?
[00:12:22] Dr. Golden Richard III: So we're really, really grateful to the Board of Regents for providing funding for this. Using the Firestarter funds, we've built 25-seat cyber range inside CCT. So this is a dedicated laboratory, with high-end computer systems and projection, so forth, where we can stage, like enterprise-level or even internet-level cyber campaigns, both to teach students essentially what real offensive and defensive scenarios look like.
[00:12:55] President William F. Tate IV: Well, you've been extremely successful at securing grants, and one of your recent grants is over $3 million grant from the National Science Foundation to establish the LSU Scholarship for Service Program. Can you describe the program for us, and what you hope to accomplish with that? What your vision in that area?
[00:13:15] Dr. Golden Richard III: So
Scholarship for Service is a National Science Foundation program that essentially provides cybersecurity scholarships for students that are interested in federal service. And so this makes it possible for students to have an actual living wage while studying. SFS scholarships pay undergrad students $25,000 per year, plus tuition, plus development funds, and so forth and grad students on the order of like $32,000 per year.
So they can actually have a comfortable living. And in addition to federal service, it's also allowed that these students, become faculty members or even instructors in cybersecurity to pay off their service. Very excited about that.
[00:14:02] President William F. Tate IV: That's exciting that you're doing that and that it's happening here at LSU. I know you're a committed mentor as well. You work with the National Security Agency to bring in students who receive internships and work with you in cybersecurity at the federal level. What does this mean to you as a teacher? And what do you want people to know about that program?
[00:14:23] Dr. Golden Richard III: So the Center of Academic Excellence in Cyber Operations internship involves students becoming fully cleared, and they get a TSSTI security clearance, and then go to NSA for 12 weeks to get instruction and work on a really interesting, mission-critical project with NSA employees. That experience that I have in the summer is one of the most fun things that I do, because teaching inside there, and working on problems that you'd not legally be allowed to work on anywhere else.
And just seeing, sort of, what the world needs to be more secure is truly amazing. And the students that go through that training, I think their eyes are open so wide, they almost never shut again. And I think 90, more than 90% of the students that go through the internship, take jobs at NSA and stay, because they just can't imagine working somewhere else.
[00:15:20] President William F. Tate IV: Well, I hear that there are a dearth of students who are going into this area that there's an endless supply of need, if you will. The demand is quite high, but we don't have the supply of students. So what's your pitch to students who might be thinking about this area and might wanna study here at LSU.
[00:15:41] Dr. Golden Richard III: Yeah. So the numbers vary. You hear numbers like 500,000 empty seats, a million empty seats. The point is that there's virtually inexhaustible need and not much supply. One thing you can pitch is money, because, for example, all the students that are in my lab that are graduating are holding six-figure offers and trying to figure out which one to pick and that's undergrads and grad students.
And that's not people with PhDs. It's just bachelors and masters typically. PhDs might make even more than that. Um, but I think pitching the money angle may not be fair because work-life balance is certainly possible, but it's not something you would do just for money, because there's a lot of intellectual strain, I think.
So I think you have to really love it. I mean, if you like solving interesting problems and taking things apart and stuff, that would be, sort of the basic level where you'd pitch like a high schooler. If you love computers and love solving very, very difficult problems and love making lots of money then that's a start.
[00:16:42] President William F. Tate IV: That's your pitch.
[00:16:43] Dr. Golden Richard III: Yeah, that's my pitch.
[00:16:45] President William F. Tate IV: All right. Well in addition to cybersecurity, I understand you are passionate about photographing musicians while they perform, and apparently you have some Louisiana recipes in your back pocket. We talked a little bit about that before. What are some interesting kind of pictures you've taken?
[00:17:02] Dr. Golden Richard III: I've taken a lot of images and I've focused really on hard rock, I think and heavy metal and so forth. And I'm semi-retired now, because I just don't have the time anymore, but 10 years ago or so I was doing it quite often. I think probably the most memorable thing is, I got a opportunity to be the photographer on a crew, a heavy metal cruise ship, where music was played 20 hours per day with a four hour break sometime in the early, early morning. I don't know. A thousand crazy heavy metal people screaming on a boat, headed to The Bahamas, and photographing 20 hours a day was pretty fun. Came away with a lot of nice images from that.
[00:17:47] President William F. Tate IV: Got it. So what's your favorite Louisiana dish? And do you make it, or do you eat it at restaurants?
[00:17:55] Dr. Golden Richard III: So I eat things at restaurants and make them, and I tend to, I try to seek out things at restaurants that I don't or can't make. Well, I think the gold standard actually for Cajun stuff is gumbo. I have definitely tasted better gumbo than I can make.
Maybe another one would be etoufee and I would be surprised if someone could make a better etoufee than me, because I've tried really, really hard, and I think I'm the master of that now, but I'm not the master of gumbo. I'm still after that one. Cajun food is really diverse and awesome. Yeah.
[00:18:32] President William F. Tate IV: Well, professor Richard, we're thankful you're here at LSU, and we're thankful for what you're doing to protect and defend our information. I am really excited to see the things that you're going to get done here at LSU. So thank you for your time and for being on "On Par with the President."
[00:18:49] Dr. Golden Richard III: Thanks.