With 25 Years of Experience, Lecturer Dustin Navarro Brings Real-World Context to the Latest Infosec Topics
Lecturer, Computer Science
IT Manager, Water Utility in California
MS, Boston University (MET’13); BS, University of California, Davis
What is your area of expertise?
My area of expertise is in information security. I have experience in both the private sector in the legal industry and in the public sector. In my day-to-day I direct the security of a critical infrastructure, so much of what I teach is based on real applications in this space. While I have a broad security background, my focus is on incident response, including vulnerability management, cyberforensics, and disaster recovery.
Please tell us about your work. Any current projects underway?
My responsibilities include the program management and security of enterprise systems (financial, billing, maintenance, reporting) for critical infrastructure. Currently, we are in the process of the annexation of another utilities service area. This extensive project will encompass taking over billing and financial systems and transitioning new customers. This initiative has significant infosec implications, as annexed systems need to be reconfigured, secured (and segmented), audited, and managed. There are significant compliance requirements (including PCI) that need to be managed during this process.
As for recent engagements, this past January I attended the 2020 California Society of Municipal Finance Officers (CSMFO) Annual Conference, where I shared “Not Just Another ERP Presentation: Two Agencies’ Experiences,” which covered lessons learned and best practices for a Financial ERP Implementation.
How does the subject you work in apply in practice? What is its application?
At BU, I instruct across several areas of infosec and cyberforensics. Students hear “real-life” applications of the lesson through my experiences within the industry. Each semester, I incorporate into the coursework challenges we see securing infrastructure. For my digital forensics courses, recent discussions have focused on the emergence and evolution of ransomware in both the public and private sectors. I like to provide real examples of challenges that may emerge during an investigation. Incident response is a key topic in forensic investigations.
What courses do you teach at BU MET?
Currently, I teach Digital Forensics and Investigations (MET CS 693) and Mobile Forensics(MET CS 694). I have also taught courses in network and database forensics.
Please highlight a particular project within these courses that most interests your students. What “real-life” exercises do you bring to class?
The emergence of ransomware in the industry has been a very important topic to cover in the coursework. In the labs, students learn how to determine if something is encrypted, what type of encryption may be in use, steps to take if encryption is detected, and best practices when trying to defeat encryption. In the past, the “time sensitivity” of dealing with encryption has not been a major topic. Now detecting and defeating encryption has become an important part of the incident response process. There are implications to the business or end user to consider.
As a part-time faculty member, you straddle the professional and the academic worlds. What do you consider to be the unique value this brings to the classroom?
I love being able to speak to students about the “real” challenges we see in the day-to-day industry. Providing them with context through real examples is key, and makes the course as topical as it can be. I have worked within information technology in both the legal and public sector for over 25 years. That is a lot of lessons learned! Being able to share those experiences and provide context to coursework is a joy.
I firmly believe that part-time faculty can provide valuable industry experience—key context that will enhance the student’s learning.