Heslen’s emphasis on strong preparation stems from his personal
experience; in particular, the steep learning curve he faced when he
decided to retrain relatively late in his military career. When he left
Augusta 25 years ago, he never expected to return, let alone be teaching
cyber intelligence. After graduating from University of Georgia, he was
commissioned into the Air Force as an Intelligence Officer. As his career
progressed, he had assignments at Ramstein Air Base in Germany and
Defense Intelligence Headquarters in Washington, D.C.
He spent the next decade working in counter-terrorism and counter-
intelligence.
“Towards the end, I was getting really tired of it,” Heslen explains.
“You’re looking at a lot of message traffic and intel reports from different
sources and agencies in order to try to anticipate and stop terrorist attacks.
After a couple of years, you get to the point where there are a lot of false
positives. I think you just get tired of dealing with it.”
For Heslen, the growing field of cyber intelligence offered a refreshing
change. Despite his naturally reserved demeanor, his enthusiasm is palpable
as he describes it.
“It’s a totally new way of thinking—you know, just the remoteness with
which adversaries can act. With terrorism, you have to be very close to
your target and generally there is a lot of physical evidence. But with cyber
intrusions, they could be anywhere in the world and intrude into your
computers. There’s also the sleuthing nature of having to trace the hops
backward to find out who it is.”
What started Heslen on this new path was an incident much earlier
in his career, while he was at Forward Operating Base (FOB) Salerno in
Afghanistan in 2008. Russian forces had seeded the area around the base
with thumb drives infected with a sophisticated malware.
“Apparently someone actually picked one up and plugged it into a
classified computer, releasing the malware into the NSA system,” Heslen
explains. “Five months later, the Pentagon discovered that the same
malware, Agent.BTZ, had infected the Secretary of Defense’s computer. It
was a really, really big deal and it scared a lot of people. The Department of
Defense actually banned all thumb drives after that.”
When a general later asked why thumb drives were banned, someone
told him that Heslen had been in Afghanistan and might be able to explain.
“So he called me in and I told him the little I knew,” Heslen says. “I think
at that point I kind of became ‘the cyber guy’ because cyber intel was really
nascent at that time—at least where we were, not a lot of people were doing
it.”
From then on, Heslen started learning whatever he could about the
subject in his spare time. As his interest grew, he eventually received
permission to retrain as a cyber analyst—an experience that would later
shape the way he teaches and designs courses for MAISS.
On his first day as a cyber intelligence analyst, Heslen told his boss that
he didn’t have much of a computer science or technical background.
“He said that’s fine because we need guys at the strategic level,” Heslen
recalls. “We need you to study our adversaries—how they organize
their cyber infrastructure and paradigm, and understand what type of
information they’re after and why.”
Heslen’s first assignment was to spend six months writing two papers
to assess what Iran’s and China’s cyber capability would look like in fifteen
years.
“I studied the history of their cyber development, what organizations
they had and how they had changed—that sort of thing. These papers
became a large part of one of the classes I now teach.”
20 | #WeArePamplin · Spring 2019
Students in the MAISS program can take electives in cyber security with the
School of Computer and Cyber Sciences, which has classes in the newly opened
Georgia Cyber Center. (Photo by Gabi Moore)
When Heslen was hired at Augusta University, he was asked what kind
of classes he could design to benefit students here.
“I started thinking, ‘What would I have wanted to know when I walked
through the door as a cyber intel analyst that first day? What would’ve
benefited me the most?’ I worked backwards from there.”
The result was courses like Introduction to Cyber Intelligence and
Cybersecurity Policy, which he now teaches in MAISS.
In contrast with the technical training required to actively defend
a computer network, Heslen’s focus—and the focus of MAISS—is on
the broader, interdisciplinary knowledge required to support strategic
approaches to security. Proactive efforts to understand why threats develop
and to predict where they are likely to arise next requires robust analytical
and research skills that enable decision makers to contextualize and
prioritize threats appropriately. Without these, security can devolve into a
series of reactions to threats.
That’s why Heslen’s courses include vital contextual knowledge, such
as the history of the Internet and the first cyber attacks, or how particular
geopolitical factors influence the technology tools that countries develop in
an attempt to gain an edge over their adversaries.
The longer one talks with Heslen, the more two things become clear: the
world will continue to face a seemingly endless sea of new and unnerving
threats, but the next generation of security providers and decision makers
will be exceptionally well-trained thanks to Heslen and MAISS.
Read more about MAISS on AU Jagwire: https://jagwire.augusta.edu/archives/
tag/master-of-arts-in-intelligence-and-security-studies