Kogod School of Business

Info For

Our Approach to Learning


Exploring the Intersection of Economics, Policy, and Cybersecurity: A Focus on Bug Bounty Programs and AI Impact

Navigating the evolving landscape of information security and technology ethics with new Kogod School of Business professor Jiali Zhou.


Kogod School of Business professor of information technology and analytics Jiali Zhou.


The Kogod School of Business prides itself on preparing students for the issues that they’ll face during their careers. Cybersecurity issues are no exception; technology is interwoven into every aspect of business and policy, and ensuring that systems and data are safe is vital to keeping businesses afloat. Kogod students can learn the ins and outs of cybersecurity from expert faculty who have devoted their careers to tackling its challenges.  

New information technology and analytics professor Jiali Zhou fits right in with Kogod’s mission. Zhou’s research is centered around the economic and policy aspects of information security, and he’s looking forward to joining a faculty that’s just as interested in tackling these topics.  

“I was impressed by AU’s strong focus on research and teaching in information security—it’s a perfect fit for my research interests,” he said. “I’m excited to be part of such a dynamic and innovative community, and I’m looking forward to meeting everyone at Kogod.”  

Zhou joins Kogod from the Hong Kong University of Science and Technology, where his research focused on how information security interacts with economics and political decisions. Companies and governments work hand-in-hand with information technology experts, and figuring out how to best utilize that expertise is as much a business question as a scientific one.  

Information security has traditionally been viewed as a technical issue, but policymakers and business leaders increasingly realize that economic and policy issues have a significant impact."


Jiali Zhou

Professor of Information Technology and Analytics, Kogod School of Business

“I’m interested in studying how organizations and governments can optimize their information security strategies and policies to minimize risk and maximize the benefits of IT," Zhou explained. 

Zhou has been particularly interested in the effectiveness of bug bounty programs that companies use to learn about vulnerabilities from the public. Through a bug bounty program, potential hackers or other users receive a reward if they tell a company about an exploitable weakness that they’ve found. Though big-name companies such as Microsoft, Alphabet, and Meta have successfully utilized these programs to bolster their security with help from the public, other companies such as Oracle have been more skeptical. Is it really the best idea to reward would-be hackers by paying them for reporting vulnerabilities that they may have taken advantage of themselves? Zhou hopes to get a clear answer to that question through his research. 

“I’m interested in these programs from a practical and a theoretical perspective since the philosophy is so different from conventional security practices,” he said. “Organizations traditionally keep their security work in-house and discourage outsiders from looking for weaknesses in their products, but now there are entire programs encouraging outsiders to identify those weaknesses. It motivates me to understand how bug bounty programs differ from traditional security protection and how companies should choose between them.”  

Zhou is particularly interested in the questions brought up by bug bounty programs—questions that need to be approached from multiple perspectives. These programs raise economic questions (how much is the reward for reporting vulnerabilities, and where does the money come from?) and technical questions (can the systems handle the risk of letting unauthorized people explore them?). Beyond that, however, Zhou notes that bug bounties represent a shift in how firms look at technology—another aspect that excites him.  

“Rather than viewing hackers exclusively as enemies, organizations and policymakers can benefit from utilizing hacking resources to enhance their security,” he explained. “This represents a change in the mindset of improving information security.”  

Now that Zhou is bringing his cybersecurity expertise to Kogod, he’s looking forward to imparting it to his students to support their career goals. Regardless of whether they go into a strictly technical role, digital issues will definitely come up in their work. Zhou knows how important it is to understand how to identify and address them.

Kogod students should know what cybersecurity risks their organizations might be exposed to and how to balance the need for security with the need for usability and convenience in technology systems."


Jiali Zhou

Professor of Information Technology and Analytics, Kogod School of Business

“They also need to know how to effectively communicate the importance of cybersecurity to non-technical stakeholders in their organizations. These are just some of the important questions they should keep in mind," he explained.

As important as recognizing these issues is developing the ability to adapt to new ones. Zhou brings this philosophy into his research; going forward, he’s particularly interested in the continued adoption of AI technology and the latest batch of security questions it raises. In particular, he’s concerned with the ability to misuse AI to suit individual or firm needs and its potential impact on society at large.  

“As AI becomes increasingly integrated into business decisions, there are many risks that need to be addressed; individuals can manipulate their features to get desired outcomes from AI models, or the use of AI could exacerbate inequality and undermine social welfare,” he said. “By exploring this area further, we can work toward creating a safer and more equitable environment for the application of AI, which has the potential to positively impact individuals and society as a whole.” 

These are just some of the topics that Zhou hopes to tackle through his work at Kogod. As the semester begins, he’s looking forward to developing his teaching skills and continuing his research. He joins a faculty with a wide range of expertise in the IT field, and he’s thrilled to work with them to continue to pursue his goal of expanding his knowledge of information security.  

“As a researcher, my goal is to generate insights that can help firms and governments make better information security decisions,” he said. “As a professor, my goal is to impact the Kogod community positively and to contribute to the school’s mission of preparing students for successful careers in business and beyond.”