| by Jessie Raymond

News Stories

Brown, Geoff

Geoff Brown, who is winding down his tenure as both New York City’s chief information security officer and the first-ever head of New York City Cyber Command, will be sharing his expertise in defending against digital crimes as a professor of cybersecurity in the Nonproliferation and Terrorism Studies (NPTS) program. 

In February of 2021, the Institute hosted Brown for a remote talk titled Preventing Hackers from Taking a Digital Bite Out of the Big Apple. At the same time, Philipp Bleek, associate professor in the NPTS program, and Jeff Knopf, NPTS chair, began consulting with Brown about how to build a cybersecurity program within NPTS. They told him they would be creating a couple of part-time positions and were looking for faculty. “I know some people,” Brown said. At the time, he never considered himself for such a role, which would have required him to move his young family across the country.

But as ongoing COVID restrictions made remote learning a viable model, Brown saw an opportunity to apply for the position, with the understanding that he could do most of his teaching from New York. As a 1999 graduate of Middlebury College, he says he already felt a connection to MIIS. “I have a very soft place in my heart for Middlebury itself,” he says.

The Growing Threat of Cyberattacks

Cybersecurity, Brown says, is closely tied to “things people don’t always think about, like continuity of operations. There’s a whole concept of resilience, which I think permeates a lot of our national and international discussion now, and it should and could be applied to food supplies, pandemic response, disaster recovery from weather events. And it certainly applies to cybersecurity in a very significant technical way.”

He says computers have proven an easy point of access for criminals. Until international law catches up with it, cybercrime is often more profitable and less risky than physical crime. “The criminals who are perpetrating different schema to steal cryptocurrency or ransom major companies or do other industrial espionage can make more money than attempting to rob a modern bank,” Brown says. Cybercrime has also given rise to the very lucrative business of defending against it, he adds, pointing to multibillion-dollar companies working exclusively in cybersecurity.

Knopf says cybercrime is a form of asymmetric warfare, in which actors who can’t compete with the U.S. in terms of military strength can still pose real threats to the country. “People who are potential adversaries or potential security threats don’t try to go toe-to-toe with us, army against army,” Knopf says. “They pick asymmetric means: nonstate actors carrying out terrorist attacks, getting WMD of various kinds—nuclear, biological, or chemical weapons.” He points out that those two types of asymmetric warfare—proliferation (WMD or weapons of mass destruction) and terrorism—are right in the NPTS program’s name. “And cybersecurity totally fits that same intellectual rubric,” he says. “Cyberattacks are another asymmetric means of going after somebody.”

Teaching Cybersecurity

Brown says he is looking forward to bringing students a fuller picture of the kinds of people needed in cybersecurity. “It’s not all people who speak ones and zeroes… . It’s incredibly important for people not to be afraid of this discipline because they associate it with technology.” Pointing to himself as an example—he majored in American literature—he says, “I am not a scientist, you know?” 

If we try to address cybersecurity internationally, strictly through a technology lens, then we’re ignoring the fact that cybersecurity events only happen because people do things.
— Geoff Brown

Brown doesn’t discount the importance of technology experts in the field, but he wants students to understand there is just as much need for people who understand human behavior. “If we try to address cybersecurity internationally, strictly through a technology lens, then we’re ignoring the fact that cybersecurity events only happen because people do things.”

Though Brown won’t officially start teaching until next semester, he flew out to Monterey this fall to teach a two-weekend workshop, Cybersecurity: An Operational Perspective. On the first weekend, he taught the basics of setting up a cybersecurity shop inside an organization. The next weekend, the students role-played a tabletop exercise based on an actual incident that Brown dealt with in New York.

At the Institute, Brown will also get involved with the Cyber Collaborative, which Knopf describes as “sort of an umbrella for anything cyber-related we do at MIIS.” And he’ll be helping a team prepare for the Cyber 9/12 Strategy Challenge, an annual event sponsored by the Atlantic Council that challenges student teams from around the country and internationally to respond to a mock cyberattack.

A New Chapter

Brown is excited to start teaching. “Every day that I show up, I’ll bring to the students the ability to have a conversation about what’s actually happening. And then over time, they’ll help me figure out the best ways to communicate that. That’s a two-way street, and I’m learning myself.” He stresses that Middlebury’s mission—to “prepare students to lead engaged, consequential, and creative lives, contribute to their communities, and address the world’s most challenging problems”—resonates with how he envisions his role. “They want people in the fight,” he says, “not observing the fight.”