Episode Transcript
- Wythe Whiting
- Rob Straughan
- Kish Parella
- Tom Camden
- Rob Fure
- Jeff Schatten
- Michael Hill
- James Dick
- Sascha Goluboff
- Harvey Markowitz
- Caleb Dance Podcast
- Amanda Bower Podcast
- Richard Bidlack Podcast
- Megan Hess Podcast
- Stephanie Sandberg Podcast
- Taha Khan Podcast
- George Bent Podcast
- Nadia Ayoub Podcast
- Tyler Lorig Podcast
- Elizabeth Knapp Podcast
- Jan Hathorn Podcast
- Rob Mish Podcast
- Brian Murchison Podcast
- Sybil Prince Nelson Podcast
- Elliott King Podcast
- Mark Rush Podcast
- Mikki Brock Podcast
- Howard Pickett Podcast
- Julie Woodzicka Podcast
- Karla Murdock Podcast
- Janet Ikeda Podcast
- Bill Hamilton Podcast
- Johanna Bond Podcast
- After Class Podcast
W&L After Class
With Guest Taha Khan
Episode Transcript
Ruth Candler
Welcome to W&L After Class: The Lifelong Learning Podcast. I'm your host, Ruth Candler. In every episode, we'll have engaging conversations with W&L's expert faculty, bringing you again to the Colonnade even if you're hundreds of miles away – just like the conversations that happen every day after class here at W&L. You'll hear from your favorite faculty on fascinating topics and meet professors who can introduce you to new worlds and continue your journey of lifelong learning. Our guest today is Assistant Professor of Computer Science Taha Khan. Taha joined W&L in 2020 after completing his PhD at the University of Illinois, Chicago. His research focuses on computer security, privacy and human computer interaction, including cybercrime. Prior to earning his doctorate, he completed his undergraduate degree in electrical engineering at Lahore University of Management Sciences in Pakistan. Taha, we're so happy to have you with us today.
Taha Khan
Thank you. It's a pleasure to be here.
Ruth Candler
So cybersecurity is a complicated topic, but it basically means protecting a computer or computer system against unauthorized access or attack. There are a lot of bad guys out there. We've all heard the terms malware, ransomware and phishing. What are the differences among these nefarious agents? And how do their attacks affect us in everyday lives?
Taha Khan
So to better understand how these different nefarious characters and individuals operate, we first need to take a little bit of insight into how the cyber world around us has evolved over the past 20 to 25 years. So back in the day, when we see – when we talked about the internet, the internet was just something normal that was something that was coming up. And if someone did some kind of malicious activity on the net, it was mostly just for fun. Because there wasn't any kind of commerce being conducted over on the internet, you couldn't essentially gain a lot of financial benefit out of performing malicious activities and breaking down websites and breaking into systems. And these people or these individuals that were doing these kinds of nefarious activities back in the day, we refer to them as script kiddies. So people who would write scripts, sitting in home or just out of fun.
Ruth Candler
Did you say script kitties?
Taha Khan
Script kiddies, yep.
Ruth Candler
[Laughing]
Taha Khan
That's an internet slang for hackers that are trying to play around and break systems.
Ruth Candler
Gotcha.
Taha Khan
So script kiddies were the big deal back 20 years ago. But today, what most cybercrime is revolving around is financial gain. And it's more organized, and it's more diversified. And we've got different types of nefarious actors that operate today. And they have different motives, and they have different specializations. And in some cases, we also see that these nefarious actors are sometimes not looking for financial gain, but they're looking to control information or to spy on individuals. So some examples of these modern day actors could be social engineers who are trying to socially engineer other individuals and get sensitive information out of them; people who are targeting high-level professionals, and this process is known as spear phishing, where instead of sending phishing emails or phishing out there, just in the wild, you're doing some kind of targeted phishing on specific individuals where you know that you can gain a lot of incentive on a lot of benefit, financial or otherwise benefit on. There's hackers, individuals and groups, who specialize more on the technical aspects. There can be insider threats for governments and employees. So that's also one thing that's very common with these kinds of nefarious actors. And sometimes these actors can be governments. And what's important to note [is] that each of these actors have different capabilities, and they operate according to their capability. So for example, a government has a lot more control, and they can modify a lot more things about the cyber infrastructure that an individual hacker won't be able to do.
Ruth Candler
They certainly do make our lives difficult, don't they?
Taha Khan
Oh, yeah. Oh, yeah. And then talking a little bit about what kind of effects they have on individuals as a whole, and that's spread out all across the spectrum. So, there's obviously, today, we know that from cyber breaches and the acts of cyber criminals, there's definitely a financial loss associated with that. But in addition to that, there's also economic losses. And a good example of that would be the recent Colonial Pipeline hack, where we saw that when ... the pipeline was not functional, the gas prices surged, and there was a shortage of gas, and overall sometimes, and I see that these financial and economic factors build into, in effect, the overall well-being by causing certain psychological effects. And these are some things that we might not hear about in the news. So for example, if certain individual got hacked or had their identity compromised online, they would have a hard time for the next couple of days trying to recover or fix the issues that they had faced.
Ruth Candler
It used to be that you could spot a phishing scheme a mile away. And lately, however, it seems that hackers have become much more sophisticated in their attacks. To protect ourselves, we really need to be more proactive instead of reactive. In your opinion, what are the most important measures we should be taking proactively to protect ourselves?
Taha Khan
Yeah, I think this is very essential, not for just people who are working in technology or cybersecurity, but everyone across the globe or everyone across the spectrum because technology has just become so much integrated in our daily lives. And the most fundamental step that everyone can take is to take individual actions that would protect their online identities. Now one thing in regards to that is passwords because passwords essentially allow us to log into certain websites that are specialized for us that are unique to us and are behind the login wall. So people should be focused on not reusing passwords. And the issue here is that if you reuse passwords, if your Spotify account has the same password as your bank account, then if Spotify as part of a data breach, your password is out there, attackers will try to reuse that password in different websites. And if you're reusing that password across different websites, then it would not just be one website that's compromised but actually multiple websites that have essentially been compromised. So what are good passwords? Secure passwords, as more recent research has shown, are not random characters and digits, but are actually passwords that are made up of random English language words. And they tend to have a higher entropy and are actually easier for users to remember because they're actual English words, and they are harder for attackers to break. And people should also practice in changing passwords from time to time. I think that's a great thing and that keeps their password secure. Another step that individuals can take is enable multi-factor authentication, especially on critical websites and services. In addition, one other thing that can be quite helpful is the use of a VPN or a virtual private network if they're using a public Wi-Fi or are in a public area. So, for example, if you're connecting internet from a coffee shop or airports or restaurants, I think they should be using a VPN. And that's a different question of what VPNs are trustworthy and which ones are not, and I've actually done some research on that. And what I feel like is that any free VPN comes at a price, so I encourage individuals to use paid VPNs because they are usually more transparent in their privacy policies. Other things that individuals can do is educate themselves on how to better identify scams and phishing emails and text messages. And what I've seen recently is that I've been getting a lot of spam text messages that have some kind of link, and that text message is crafted in such a way that, "Oh, you made a payment to Person X of $200." And "click here to verify the payment or to decline that payment." And it would be a text message instruction so click-baity that you would right away want to click that link. And it's usually a scam link.
Ruth Candler
That's frightening, very frightening.
Taha Khan
Oh, yeah.
Ruth Candler
So you had said, you know, creating a password for different sites, you know, when you forget your password, different organizations will ask different key phrases. And they're always like the same list of 20 or whatever, where it says, "What is your mother's maiden name? What is your favorite pet's name? Where were you born?" And it seems like – it's almost like they're collecting that data, because I'll be on a site, they'll ask that question. I'll be like, I'm not sure I've given that information before. Is that – are they collecting extra data? Or am I just not remembering?
Taha Khan
So what you were mentioning are security questions that websites usually have just to verify an individual's identity in case they've forgotten a password. And these questions are structured in a manner so that they would be unique to an individual. So for example, a pet name and your mother's maiden name, or your childhood friend, or your first car, etc. And what's important here is that even though they're unique, depending on what information [a person] shares online publicly, a cybercriminal could actually infer a lot of this information from other websites. For example, if someone has a really public Facebook profile page, their friend lists are public, it wouldn't be too hard to find out who their mom is, or going through their pictures you could figure out, or in reading a caption, what their pet name is. So in addition to having secure passwords, I feel like security questions are a great thing to verify an individual's identity, but it's also an individual's responsibility to make an informed decision on what they decide to share online publicly with other individuals. And they should be aware that sharing too much information can lead to potential doxxing or even a leak of personal information if there's a data breach. And what I try to view this as is that we can't control what's going to happen in the future because we don't know what companies, what organizations, may be part of a data breach. But we are currently responsible of controlling our presence and controlling the information that we put out there for others to access.
Ruth Candler
Good to know. My daughter works in cybersecurity, and in early December, she and her colleagues were working around the clock. She shared with me that the Federal Trade Commission issued an alert warning companies of a new vulnerability in their computer system, which was identified as Log4J. This vulnerability was actually discovered by users of Minecraft, a hugely popular video game. And unfortunately, the FTC announcement also alerted hackers. Software engineers hurried to protect their computer systems against hackers who would try to gain access to their systems in yet what seemed another race of good against evil. In your opinion, Taha, should the FTC have acted differently?
Taha Khan
I think the FTC did the right thing. So what the Log4J vulnerability was, is what we call a zero-day vulnerability: something that was new, and something that had not previously been discovered. So zero-day vulnerabilities are usually a big thing for IT individuals because they require updating information and updating systems. So actually, the vulnerability, when it was previously announced, it was announced by Apache, which is the organization that has developed Log4J. And they had announced it on uncertain message boards and resources where technology professionals usually go and access that information or read off of, but regular companies, not everyone's going there and reading that. So where the FTC stepped in was to make a more general public announcement of this vulnerability so that regular individuals and companies who might be using this vulnerable software could go ahead and update that software. And this was an example of the way Log4J was fixed is how usually vulnerabilities, when identified in large pieces of software that are being used widely, are fixed. An individual who is acting in good faith tells the company or the organization that they found a vulnerability, the company goes ahead and fixes that vulnerability and releases an updated version. And then it's the job of the other companies who are using that software or organizations to go ahead and update their systems so that their previous versions are invalid, and they've updated the vulnerable versions with the ones that are more secure.
Ruth Candler
This is a great segue to discuss your work on protecting computer systems from covert and side channels, another means by which hackers can hijack digital information for nefarious reasons. When you introduce these hazards, to me, it reminded me of how in the movie "Ocean's Eleven," thieves rented an office space next to their targets and used it to bypass a building security system. Would you explain to us the difference between covert and side channels and give real life examples of each?
Taha Khan
Yeah, of course. So the fundamental difference between a side channel and a covert channel is the number of actors who are participating. So in a side channel, you only have one malicious actor who's using some kind of shared resource with an entity that's legitimate. And they're trying to use some kind of inference mechanism to learn about activities or extract information from that legitimate individual or entity. So for example, an example of a side channel would be if I'm on a shared network with someone, I could look at their traffic-browsing patterns, just by the amount or volume of traffic that their computer is generating at a given point in time, and try to infer what kind of browsing they're performing. So for example, if someone's browsing Wall Street Journal, their computer wouldn't be generating a lot of traffic because they'd spend most of the time reading an article and not loading information off the web. But let's say if someone's watching a YouTube video or watching Netflix, their computer could be generating a lot of traffic. So an example of a side channel here would be looking at the traffic patterns, and to be able to look at them you have to be on a shared network or a shared wire where both of you are sharing the same resources and looking at someone else's pattern to infer something. Now covert channels are slightly different here. In covert channels, you have two malicious entities who are trying to communicate on a channel that's not intended for that purpose of communication. Now in computer networks, information is transferred in bits and bytes. And one example of a covert channel computer networks is that you'd use certain bytes that are not allocated as part of protocols and use them to encode certain bits and pieces of information that the other individual receiving those bytes would be able to decode. And one of the requirements of establishing a covert channel is you need to have an agreed-upon protocol between these two malicious entities we're trying to communicate. Because without that protocol, you wouldn't be able to make sense of what's being communicated.
Ruth Candler
That makes me want to go watch "Ocean's Eleven" again with that perspective. Well, you've spent part of your doctoral research measuring the cost of typosquatting. And for those who may not have heard of this term before, typosquatting is when people register a website like facebok.com instead of facebook.com. That is using one O instead of two. And they use this bogus site for spammy advertising or phishing for passwords. In your research, Taha, you figured out a way to measure how much time people lose because of these schemes. And you also put dollar value on it, which I thought was fascinating, especially because of all the time I've spent creating, remembering and recovering passwords. I have sometimes wondered how much money all that time is worth. Can you give us a few examples of the costs of cybercrime in terms of time lost and what we can do to manage these costs,
Taha Khan
Of course. So going back to how we were able to put dollar value to that time loss of typosquatting, what we essentially did in that study was, we were able to figure out the federal wage per hour. And using those results, we were able to determine how much time is actually lost to typosquatting for a given individual, throughout a year. And we then scaled that up with the federal wage and the U.S. population. So giving an estimate of the time loss, and its corresponding lost productivity in financial terms, because of the act of typosquatting. So, like you said ... cyber crime leads to lost productivity. And you can have more basic versions of this, for example, the times someone spends reading a spam email or typosquatting or dealing with online scammers, even though they might not end up being a part of that scam, but they still have, they spend some time interacting, and that's time in lost productivity. But there's also more complex versions where it's hard to put an exact dollar value and there's lost productivity in terms of time. So for example, if someone's a victim of credit card fraud, and if you ended up giving your credit card information to a phishing website and they now used your credit card information to purchase some items, and you didn't realize until the fact your statement came out. So that when you realize that, then there's a whole process of filing claims and following up with a company. So there's this additive cost of looking at and fixing things that have been damaged as a result of this cybercrime. And another example could be going back and trying to reset passwords if you suspect that a certain website has been breached. Or if you were, like I said, reusing passwords on different websites. And sometimes these costs can be associated with denial-of-service attacks. So denial-of-service attacks essentially focus on bringing down a system, and when a system is not functional, then you can't be productive and then there's lost productivity. So that's also another kind of cost that is associated with cybercrime. What we can essentially do to manage these costs is just focus on good security and privacy practices so that we're less likely to be a victim of one of these scenarios where there's going to be an associated cost for remediation.
Ruth Candler
Yeah, the old saying "time equals money" is pretty true here, isn't it? You also conduct research on security vulnerabilities in the cloud, which more and more is becoming a part of our everyday life. What are the most alarming security threats to cloud storage and what can people do to protect themselves here?
Taha Khan
Yeah, so this is a topic I'm super interested to talk about because it was part of my dissertation. And what's happening with the cloud right now is that these modern services such as Google Drive and Dropbox, they've existed for almost a decade now. So Dropbox has been in since 2007. Drive has been since 2012. And what's happened is that they've accumulated a lot of users who've put in a lot of information or data in the cloud over these years. And because storage is cheap, people eventually never end up going back and revisiting these files and deleting them. And the main challenge here, the main risk here, is that in case of a data breach or a hack, there might be information that's lying on the cloud there that may no longer be helpful or useful. But it could still contain sensitive information. So for example, if I had my tax returns from 2015 lying in my cloud, I mean, those old tax returns aren't essentially providing any utility. I mean, I'm done filing my taxes for that year, but they still contain sensitive financial information. So what users can essentially do is make sure that [they] revisit files from time to time that are present on their cloud, make sure that if there's information that's no longer useful, they can go ahead and manage that. Now, that was one of the goals of my dissertation was to use machine learning to identify such files and provide a system for users to automatically manage them or provide them with feedback or suggestions, which would, by listing the files that are more more likely for this kind of management. And we've actually created a web app, which is still in its early stages, but users can log into their Google Drive accounts on our web app. And they would then be provided with a list of files identified by our machine learning classifiers, which are more likely are ready for management. So they can either go ahead and delete those files if they're no longer useful or they can manually put encryption on those files or protect them if they feel like they might contain sensitive information. And they would still want to keep them on the cloud. So that's an added layer of security that individuals can put on their files.
Ruth Candler
Wow, wow! So how far away are you from having that launch?
Taha Khan
So we're essentially focusing only on the summers because I have, I'm busy teaching most of the [year] here. So the last summer, we were able to do a proof of concept web app, and we did some testing. The main challenge here is that we are running a lot of API services with Google and the cost really adds up. Because we collect a lot of information, we have to collect a lot of information about the files to be able to decide which ones are worthy of management. So for example, if there's images, we'll look for certain objects in these images, and a part of that is, what we use for object identification of these images is a third-party API provided by Google. And that is costly, because there's an associated cost with a number of requests. So we're still working on either porting that to our local systems or looking for alternatives that may be more sustainable.
Ruth Candler
As an expert in cybersecurity, what keeps you up at night?
Taha Khan
Honestly, I fear about the consequences of this thing that we call the internet if it were to ever break down. Or let's say if there were really large-scale cyberattacks on physical infrastructures, such as factories or power plants or places like airports, where there would be a cost to human life. So I feel like focusing on how to properly secure the systems that are now connected to the internet is really essential. And this is something that does concern me from time to time.
Ruth Candler
Then on a more positive note, what excites you about the future of cybersecurity?
Taha Khan
So positively, I feel like there's a lot of potential for growth in this field and a lot of room for training individuals, and the students of today who are going to be the professionals of tomorrow, to go and work in this field and provide the services that are going to be soon needed by individuals and organizations all across the spectrum. And I feel like cybersecurity specialists are going to become more like accountants. So when tax season comes every mom and pop shop will go to their family accountant to get their taxes done. And it's going to be similar in a way that these small businesses – and not just large organizations, but small businesses as well – are going to try to go and find a cybersecurity specialist who can audit their systems, who can make sure that the payment systems they're using are up-to-date. And if they're storing any credit card or financial information, all that is secure. So I think this is going to be something that's we'll see in the near future. And this really excites me, because then we can train more people and teach more people about cybersecurity and get them interested.
Ruth Candler
What a concept, huh? That's something to look forward to. I'm also fascinated by white hat hacking. These are the good guys, they're academics and other ethical hackers who work with software companies by helping them discover security flaws. It gives them time to patch the vulnerabilities before information about them becomes public. Can you tell us more about the bright side of hacking?
Taha Khan
Yeah, of course. So what I really like about cybersecurity as a field [is] that it's a combination of offensive and defensive strategies. And what you mentioned as white hat hacking is a defensive strategies. And if it weren't for these white hat hackers, there would be a lot of vulnerabilities that would go unnoticed. And what essentially differentiates between a white hat hacker or a black hat hacker is just the intention. Because both of these hackers are using the same set of tools – the set of tools and systems available to both of these individuals are the same, whereas a white hat hacker would focus more on identifying a vulnerability and following the correct ethical steps of reporting that, whereas a black hat hacker would then go ahead and try to benefit in an illicit manner if they find a vulnerability.
Ruth Candler
A variety of organizations and businesses have been targeted. These include hospitals, schools and the one you just mentioned, oil and gas companies. These attacks affect everyone. The most recent attack that I'm aware of also created an interesting marketing opportunity for Philadelphia cream cheese. During the Christmas holiday, my family had fresh bagels, but we could not find cream cheese anywhere. I discovered that in October, a cyberattack against Philadelphia brand cream cheese contributed to a nationwide cream cheese shortage before the holidays. For those who were planning to have cheesecake for Christmas, Kraft offered to pay customers $20 each to compensate them for the absence of their Christmas cheesecake, and they called it spreadthefeeling.com. Taha, are these attacks becoming so commonplace that companies are actually looking for ways to turn them into marketing opportunities?
Taha Khan
Right, that's a great observation, and I feel like this may be true for only a one-off instance. But if we started seeing trends of companies experiencing cyber attacks and they were turning them into marketing opportunities, that would essentially raise some flags. And this honestly depends on the nature of the company that's attacked. So the example you just gave me about Kraft, I mean, they are a food production company. So they're providing different types of dietary products to individuals, and I feel like they did that thing just out of a good gesture. Whereas let's say if your bank got hacked, or your bank was a victim of a cyber crime or large data breach, it would be hard for them to spin that off as a marketing opportunity because they are holding a lot of people's financial information. So that would be challenging for them. And could cause – actually, in turn, could could negatively affect your reputation. And in addition to what usually happens when there is a cyber attack is there's a whole investigative follow-up process. So ... teams come in, and they try to find the source of an attack. And let's say if it was an outdated software that caused the breach or an attack, they would go ahead and fix it, and they would generate a report. And then it's usually the case where other organizations may even be using that sort of software. So they would also get informed and would be required, or at least wise, to update that. And depending on the nature of the attack, sometimes federal agencies do get involved, as we saw in the example of the Colonial Pipeline or the Equifax data breach, where credit information was compromised. So if companies were to use this as a marketing opportunity, and not be honest with their customers, I think this would raise some flags and it wouldn't fly long term.
Ruth Candler
Yes, that makes sense. Taha, I'd like to shift gears a little bit and talk about you. Your life story is very interesting. You were born in Pakistan, lived in the U.K. as a child, and then returned to Pakistan as a 10-year-old. You completed your undergraduate degree in Pakistan before coming to the United States for graduate school. Is there anything about your youth in Pakistan that you miss?
Taha Khan
Yeah, I definitely miss spending time with my family. So I was 17 years old when I left home, it was back in 2007. And I haven't been back home quite a lot since. I do spend – I do miss spending time with my old friends in my hometown, but most of them have moved out, and just the general simplicity of life that how simple it used to be back in the day.
Ruth Candler
How would you compare college in Pakistan to college in the U.S.
Taha Khan
I feel like in the United States, there's a lot more opportunities in terms of areas and domains that one can explore in college, so there's more freedom to study and explore because there are a lot more resources and a lot more faculty. So I was fortunate enough to go to a good school in Pakistan where I had good faculty who trained me in computer science and electrical engineering. But let's say there aren't any really, really good schools for architecture, or agriculture and stuff like that. So I feel like in the United States, if someone wanted to pursue a career in something that's not technical, there's a lot more opportunities.
Ruth Candler
When you moved to the United States to complete your doctorate at the University of Illinois, Chicago, was this the first time you had been to the U.S.?
Taha Khan
Oh, yes.
Ruth Candler
What was it like moving to the United States for you?
Taha Khan
It was a really cool experience, and I was particularly fascinated about the fact that I had traveled the whole ocean and it took a 14-hour flight to get here. So that was quite a memory.
Ruth Candler
Yeah, the 14-hour flights, they hurt.
Taha Khan
Oh yeah.
Ruth Candler
So moving to the U.S. as an international student, what advice would you give to other international students who find themselves in that same situation?
Taha Khan
Right, so most people coming from other countries might experience that it's quite a big change because there's a different system that they might experience as, as back in their home countries. But the good thing about having a system here is that it's really easy to learn. So for example, I had not driven before and I learned driving here in the United States.
Ruth Candler
Hopefully not in Chicago. Did you learn in Chicago?
Taha Khan
Oh yeah, in Chicago, and unfortunately, I failed twice. So what the cool thing was my friend, who lives down in Urbana, which is a two hours drive down from Chicago, had a car. So the two times I failed, I took my driving test down in Urbana. But then the third time, I took it in Chicago and I passed.
Ruth Candler
I would have thought it would be the opposite. Hopefully you didn't have to parallel park in Chicago.
Taha Khan
Oh yeah. We went to that DMV that didn't make people parallel park.
Ruth Candler
[Laughs] Well, British Backpacker magazine named Pakistan as the best travel destination of 2018. Pakistan is known for its eco tourism, and the Pakistani people are known for their hospitality. How would you describe Pakistan to someone looking for a travel destination?
Taha Khan
I think it's a really cool place to visit. One suggestion I do have is that when you visit certain areas, it's better to have local individuals with you who already have an experience exploring. Pakistan is really known for some of the mountains that they have in the north, so we have a lot of climbing and mountaineering community – international climbing and mountaineering community that go visit there and like to climb these mountains, and generally, given the size of Pakistan, it's quite diverse. So there's four provinces, and in addition to visiting the north, which is very scenic and very beautiful, there's a lot of history in some of the big cities. For example, Lahore is a very old city, and there's a lot of history and historic buildings there. And similarly, Karachi, which is one of the coastal cities, is fairly cool, and they have one of the best foods in Pakistan.
Ruth Candler
Okay, so I am a foodie and always curious about different ethnic foods. What Pakistani food do you miss the most? And what American food do you miss most when you're back in Pakistan?
Taha Khan
So I honestly miss a lot of the street food that I used to eat there, which, you know, kind of food trucks you had in Chicago were similar in comparison, but not quite. But when I'm back in Pakistan, I honestly really miss eating Mexican food, because that's something that's really hard to find. We have our chains of larger fast food restaurants, such as McDonald's and Burger Kings and KFC, but, like, finding good local Mexican food is almost impossible. So I really miss eating Mexican food when I'm back home.
Ruth Candler
That's great. Well, you come from a family of academics. Your mother and brothers have PhDs. What do you all discuss when you are gathered around the dinner table?
Taha Khan
So our version of the dinner table is everyone on FaceTime and inside of boxes because we're all in different time zones.
Ruth Candler
Modern-day dinnertime.
Taha Khan
Oh, yeah. And what we usually when we do talk about academics, it's usually like, whose research is the, I wouldn't say the best, but like, we try to sell our research in our own words. So I work in cybersecurity, my mom, she's a biologist, my brother, who's working in computer science, but he's working in computer vision and augmented reality. So he likes to talk about the projects he's doing. So we share experiences in general and talk about research some from time to time, so that's cool. It's nice to have other people in the family who get your research or have been through similar experiences
Ruth Candler
I'll bet. So you moved from Chicago to Lexington, how are you adjusting to small town life?
Taha Khan
I honestly kind of like it. I've spent six and a half years in Chicago, and it has a special place in my heart. And there's always things that I'm going to miss about Chicago, but I did want to move to a small town and experience life how it is in a smaller town. And I also wanted to be in a place that's not as flat as the Midwest, so Lexington is a good change and there's there's a lot to do outdoors, which I love.
Ruth Candler
What else do you like doing in the time that you're not on campus?
Taha Khan
I usually go out hiking with my wife, and usually – we've been to the Blue Ridge Mountains a couple of times. And I also have a motorbike, so when it's riding season, me and my friend we take a ride out once in a while.
Ruth Candler
Yeah, the Blue Ridge Parkway is a great location to do that, isn't it? Yeah. To wrap things up, I'm curious you began your time here at W&L during a pandemic. So your first year here was unusual to say the least, but much of W&L remains the same. What have you most enjoyed about your experience here?
Taha Khan
I feel like teaching has been the best part and the fact that the students here are great. And they're really appreciative and very respectful. And I truly, really value that coming here at W&L. And in general, I feel like everyone's been super supportive in helping generally newer faculty to get established and start their own independent program at W&L, so that's been great.
Ruth Candler
So, in closing Taha, if you had one piece of advice in cybersecurity to give graduating students today, what would it be?
Taha Khan
I would advise them to stay up-to-date on what's going around in the technological world out there. We're living in a very fast-paced environment and things are changing at a very rapid rate. So keeping up to date on what's new, what's exciting, and what are the things that we should look out for is essential.
Ruth Candler
That's great. Well, Taha, thank you so much for joining us today.
Taha Khan
Oh, yeah, it's been a pleasure. Thank you so much.
Ruth Candler
And thank you, lifelong learner, for listening today. We hope you'll visit our website, wlu.edu/lifelong, where you can find out more about today's topic of cybersecurity as well as a truly great selection of W&L After Class discussions, covering everything from 15th century Florence to the genetics of the black widow spider silk, to the science of smell. Take a look and, until next time, let's remain together not unmindful of the future.
W&L at Home
- Mindful Technology
- The Williams School: Not Just a Business School
- Real World Solutions
- Into the Vault
- A Good Education is a Habit of Mind
- The AI Revolution
- Paying It Forward
- The Case for Getting Outside
- Making the Strange Familiar and the Familiar Strange
- Walks With A Noise
- Studied Carelessness
- Absolut(e) W&L
- Russia Then and Now
- Accountant or Detective
- The Story Goes
- Protect Yourself!
- Art on the Wall
- Along Came a Spider
- The Nose Knows
- No Stone Unturned
- She's Got Game!
- All the World's a Stage
- Can They Say That?!?
- When You're a Statistical Improbability
- Let's Get Real… About Surrealism
- Not to Get Political But ...
- Which Witch?
- Real Opportunity for All
- Your Implicit Bias is Showing...
- The Pursuit of Happiness
- Enter the Clearing the Mind Abode
- Beer, Bacteria and Bison
- The New Social (Justice) Network
- Ralph Ellison Walks Into a Jazz Bar