Cybersecurity Pathways: What Dr. Yi Ting Chua Wants Students to Understand About Cybercrime, Prevention, and Careers
Written by:
University of Tulsa
• Mar 23, 2026
Pop culture has long painted the hacker as a lone figure hunched over a keyboard in a darkened basement. However, according to Yi Ting Chua, PhD, an assistant professor at the School of Cyber Studies at The University of Tulsa, that image isn’t just outdated — it fundamentally misrepresents how cybercrime works, who commits it, and what we can do to stop it.
In an interview, Dr. Chua explains how cybersecurity pathways are shaped as much by people as by technology. Her work offers a compelling case for why the cybersecurity field needs more than technical expertise — it needs scholars, practitioners, and professionals who think critically, ask questions, and seek to understand online group behavior.
How a Stolen Credit Card Changed Everything
Dr. Chua’s path into the field began with a surprising discovery during her master’s degree. Her starting point wasn’t computer science: “My background is actually in criminal justice, and I was at first interested in looking at policing work.” However, when she joined a research program led by Dr. Thomas Holt, her future PhD adviser, she encountered stolen data marketplaces for the first time.
“It blew my mind away because I didn’t realize you can buy a stolen credit card for less than a dollar on some of these marketplaces,” she recalls. The revelation was a turning point. Recognizing that cybercrime was a rapidly growing and understudied area, she dove in.
Today, Dr. Chua’s research spans online offender communities, stolen data marketplaces, the unintended harms of cybersecurity countermeasures, and the social dynamics that influence criminal behavior online. As Dr. Chua’s successful career illustrates, cybersecurity career pathways don’t always start with a single “type” of student. They start with curiosity, a desire to tackle real-world problems, and the willingness to study what’s actually happening online.
The Group Behind the Screen
The image of the lone hacker isn’t just a myth — it’s a dangerous misconception that can misdirect both public understanding and law enforcement strategy.
“A lot of cybercriminals actually work in groups nowadays,” Dr. Chua clarifies. For those aiming for roles in threat intelligence or security operations, this is a crucial practical insight. It suggests where cybercriminal skill development happens, how credibility works, and why certain criminal tactics spread quickly.
Dr. Chua also notes that criminal communities continue to evolve online: “Increasingly we see people shifting away from the forum style interaction to Discord or Telegram groups [to conduct criminal activities].” Furthermore, many spaces are “more vendor-driven, so they’re more about transactions, they’re selling information.”
Understanding hacker group dynamics has real implications for how cybersecurity professionals disrupt criminal activity.
Different Cybercriminal Pathways
Dr. Chua emphasizes that pathways into cyber offending aren’t one-size-fits-all. Different types of cybercrime draw different populations with distinct motives through varied routes.
“There are different types of cybercrime and the pathway [into them] differs quite a bit,” she explains.
Pathways Into Hacking
Take hacking: For those who end up in malicious hacker communities, peer association is often the defining factor. “A lot of time they are associating with other peers who are already in the community,” she explains.
Those communities have their own socialization rituals — norms around effort, competence, and earned respect. “You don’t just go on there and demand help,” she says. “You have to show … that you have put in effort … then people are more willing to help. But you have to prove that you are competent.” Norms like these in forums where criminals communicate can accelerate hacker skill building and reinforce criminal group behavior.
Cyberbullying and Cyber Stalking
For cyberbullying and cyber stalking, however, the pathway looks quite different. “If we’re looking at cyberbullying or cyber stalking, a lot of that is more similar to what we see with traditional bullying.” Research shows that many perpetrators were themselves victims first, mirroring patterns seen in traditional bullying. “They are often victims themselves. So, they end up becoming bullies to other people,” Dr. Chua explains.
When Well-Intentioned Cybersecurity Advice Fails
One of the most striking threads in Dr. Chua’s research is her examination of how well-intentioned cybersecurity advice can backfire. Her award-winning work on unintended harms challenges the assumption that more security controls always mean better outcomes.
Example: Survivors and Their Digital Accounts
Consider the standard advice given to survivors of intimate partner violence: delete your accounts, throw away your phone, go offline. “Those are all well-intentioned,” Dr. Chua acknowledges, “but at the same time, so many of the resources or services that you need access to are now online-based.” Cutting someone off from digital access may, in practice, cut them off from the very help they need.
AI Raises the Stakes and the Need for Good Judgment
When asked about emerging trends, Dr. Chua doesn’t hesitate: “Artificial intelligence has definitely been helpful to the cybersecurity community.” She adds that there’s been “increased utilization of AI models to help with detection,” but warns that “malicious actors are not bound by the same ethical concern issues and framework that we have.”
That means that defenders who use AI ethically may fall behind: “It feels like they’re always a few steps ahead of us,” she says, because “by the time we address all those ethical concerns we try to run a study, they may have moved on to other techniques.”
She’s also concerned about accessibility: “There are AI models that are trained on malicious data, where their sole purpose is to help craft phishing emails or malware codes,” making it possible for people with little technical knowledge to automate or generate phishing emails or malware. The result: “AI lowers the entry barrier for people who want to try it out or engage in [criminal] behavior.”
How then can cybersecurity professionals and businesses better use AI tools? Dr. Chua’s answer is direct: “I would say critical thinking.” With AI, “it is a tool, but you still need to have the expert knowledge. … There are still instances of hallucination, where it’s just making up information that does not exist.” Her advice: “Step back, reflect on it, make sure it makes sense before you do it.”
Humanizing Cybersecurity Education
Dr. Chua grounds classroom learning in real-world stories, artifacts, and decision-making under material constraints.
When teaching Introduction to Cyber Criminology, for example, she often draws on nontraditional content such as YouTube interviews, victim quotes, and news clips, as well as historical footage:
“I have news clips from 20 years ago to showcase to students — this is what a virus did and the impact it had on society back then,” she says, prompting students to ask whether the field is truly improving, and how.
She also runs hands-on simulations in which students act as chief information security officers (CISOs) launching new products, and they must navigate real trade-offs: “Oh, we found a bug. … But you only have this much money. So, how do you allocate this?” The goal is to convey that cybersecurity’s costs extend beyond technical resources — “it’s not just money; it’s the time, it’s the anxiety, the uncertainty.”
She also builds communication skills directly into coursework. Students get to choose their own cybercrime topics and present their posters to an audience of their peers. Dr. Chua believes in empowering students to explain their ideas in many different formats and to different audiences, including nontechnical professionals.
Ultimately, Dr. Chua’s pedagogy is human-centered: “It’s not just about the technology, but the humans who are impacted. … The goal of the course is to introduce them [students] to the other side of the equation so that they can have a more holistic understanding.”
Ready to Pave Your Cybersecurity Pathway?
Dr. Chua’s professional journey shows that cybersecurity doesn’t belong only to coders. “My background is in criminal justice … cybersecurity is not just about the technology,” she says. In fact, “we do want people who are from different backgrounds into the cybersecurity community,” because those perspectives shape better interventions, designs, and training. “You can still be involved.”
If you’re interested in the human side of cybercrime, such as how people enter cybercrime pathways, how communities shape behavior, why defenses can backfire, and why critical thinking matters alongside technical skill, Dr. Chua’s perspective points toward a broader, interdisciplinary way to learn and lead in cybersecurity. Explore the online Master of Science (M.S.) in Cyber Security program at The University of Tulsa to see how you can strengthen your technical foundation; sharpen your critical thinking; and prepare for roles across security operations, threat intelligence, governance, and more.
Recommended Readings
C-Suite and Cybersecurity Professionals: How They Collaborate
Visualizing the ROI of a Cybersecurity Degree
7 Network Security Skills for Professionals
Sources:
Europol, Internet Organized Crime Threat Assessment 2025
Police Practice Research, “‘The Name of the Game’: Policing Perspectives on Cybercrime Disruption”
MIT Technology Review, “AI Is Already Making Online Crimes Easier. It Could Get Much Worse.”
New America, “The Rise of Youth Cybercrime: Social Trends and Interventions”
Victims & Offenders, “Social Opportunity Structures in Hacktivism”
