When I first entered graduate school at the University of Virginia, the legendary Bill Wulf gave the incoming class a rather strange pep talk. He had us look at the economics of our industry to see that the graduate degree we were pursuing might not be worth the money, compared to just going into industry. That was particularly true for PhD students. His goal, of course, was to have students be intellectually honest about why they had chosen graduate school and to encourage people who were there for the wrong reasons to come to terms with it earlier instead of later.
The other thing he talked about left a lasting impression on me. He implored us to give back to the greater computer science community at some point in our careers through public service. Wulf himself gave selflessly, serving as president of the National Academy of Engineering for more than a decade, getting involved with the National Research Council, and otherwise contributing to academia through his involvement with professional societies, journals, and magazines.
As I found success in computer security, first as an academic and then in industry, I took his message to heart and looked for ways to give back. Especially once I was firmly entrenched in industry, I felt the drive to find ways to serve, even if small. For a few years, I scratched that itch by working as an adjunct professor at Virginia Tech while working full time. At another point, I strongly considered taking a full-time job as a program manager for a federal research agency (which partially involves awarding research grants), and although it came down to an economic decision, I'll always have a tinge of regret.
When I was approached to serve as editor in chief of IEEE Security & Privacy magazine, I leapt at the chance to once again bring service to the industry. I've personally found it an enjoyable job, but after serving my two-year term, it's time for me to step down. While the job was rewarding, it was also vastly more time consuming than I expected, which wasn't originally an issue for me but is now a significant one.
Much of the job is administrative and not particularly exciting—assigning papers to associate editors, ratifying or rejecting decisions, and hounding reviewers to complete their job in a timely manner. The fun part is driving the magazine's content:
• setting the editorial calendar, picking both the topics for special issues and the editors for those issues;
• soliciting submissions on the magazine's behalf to help ensure we have the most timely and interesting content possible; and
• selecting associate editors to shepherd the magazine's various departments.
But none of this happens in a vacuum. As you can see on the masthead, we have an extraordinarily talented editorial board, and I consult with them heavily, particularly the associate EICs. The staff is the behind-the-scenes workhorse, doing almost everything that doesn't require area expertise. Any success this magazine has had in my term is due more to the great knowledge and hard work of these groups of individuals than me. I'm lucky to have been part of such a great team and proud to have been able to bring a few new faces into the fold.
I'll continue to make a smaller contribution to the magazine in 2013 and beyond, but I'm happy to step aside and give my successor, Shari Lawrence Pfleeger, the chance to serve. Pfleeger has been an amazing contributor to the magazine from its inception, and I have no doubt that her time at the helm will produce an amazing magazine.
As for those readers who are also interested in giving back to the community, one easy way is to offer services as a reviewer, which generally requires simply contacting someone on the editorial board with a quick overview of your skill sets. There are also several organizations dedicated to providing a public service to the community, such as the Cloud Security Alliance and the Open Web Application Security Project (OWASP). Both have local chapters that meet regularly and are always happy for volunteers. You can even volunteer to talk to kids at local schools, whether it be about basic computer security practices (a good idea for middle schools and high schools) or jobs in the field (good for high schools and colleges). For those readers in the US, the Department of Homeland Security is expected to soon start the CyberReserve, akin to the National Guard, for responding to incidents. Outside the US, lobbying where you can for your country to adopt a similar program would be valuable.
However you do it, I hope to see many of you contribute something. Even the smallest contribution will help make the online world a better place.