Q&A with Chris Simpson, director of cybersecurity program at National University

Professor Chris Simpson
Professor Chris Simpson


National University recently announced that it was redesignated as a National Center of Academic Excellence in Cyber Defense by the National Security Agency.

Professor Chris Simpson, the program director, started his career in the Navy. In an interview, Simpson spoke about National University’s curriculum and cybersecurity tips that everyone can benefit from.

This interview has been lightly edited for clarity and conciseness.

Q: What is your background in cybersecurity?

Simpson: “I spent 27 years in the Navy. I first got involved in information security back around 2000, when it was kind of a new and emerging field. While I was in the Navy, I served in a variety of different billets that supported information security and information assurance, and after I retired from the Navy, I did some cybersecurity consulting and knowledge management consulting, and I started at National University about 10 years ago as an adjunct faculty member, and have worked my way up to become their director of the center for cybersecurity.”

Q: How has the program at National University grown during the time you’ve been there?

Simpson: “We started a master’s of cybersecurity program in 2011, we became an NSA center for academic excellence in cyber defense education. Universities and colleges can apply for this program. Basically, you demonstrate that you teach specific material, that you have hands-on labs, that cybersecurity is throughout your university, not just one program, and that your university takes cybersecurity seriously, and that you support the community.

“The master’s program is a 13-month program, it has two specializations: One is enterprise cybersecurity management, and the other is ethical hacking and penetration testing. And then about three years ago, four years ago we started a bachelor’s in cybersecurity program.”

Q: How do you keep up with the constantly evolving nature of the industry and the threats that it presents?

Simpson: “We have a class in each program on cyber threat intelligence, so we teach students about where to get reports and how to keep up on the latest trends, and how to take that information and translate it for nontechnical audiences, if they have to brief a manager or CEO on how it can impact the organization.

“The technology is changing. When we first started the program, cloud computing wasn’t that big. Now it’s a huge, huge area so we’re implementing some cloud security classes in our different programs to make it more relevant for students.”

Q: Do you have any tips for people who want to be more cognizant of cybersecurity when they use their own devices?

Simpson: “If you’re a home user or a small business, there are some great government websites out there. They give you some of the basics. Probably one of the biggest things for people to do is pick a strong password and don’t use the same password in more than one place. That’s a common attack that is easily stopped. And for your banking and stuff like that, make sure your provider has multi-factor authentication. That’s where they’ll text you, for example, a four-digit number to validate who you are. That’s another way to enhance your security.”

Q: Is there anything people should be aware of going into the holiday season?

“During the holidays, you do typically see a rise in scams. They’ll send you a holiday greeting with a malicious link. Could be, ‘Hey I’m in trouble, can you wIre me money?’ Shopping scams, it may look like it’s your favorite online retailer but it’s really not, the domain might be a little off. And as we approach tax time, you get a lot of the scams where they call you and say they’re from the IRS and they’re about to arrest you. Obviously that’s false.”

For cybersecurity resources, visit: