What are some of the lessons you learned as CISO of Brown University?
I have, of course, learned many, many lessons here at Brown, both personally and professionally. There are a few that stand out for me though. First and foremost is the value of information sharing. CISOs in higher education are focused on sharing best practices, policies, project plans and more, all to create a more secure academic community. This is especially important given the amount of federation and sharing with other institutions across the country and around the world.
Another lesson is surely the recognition of the differing needs (and demands) of the three unique populations: faculty, students and staff. In many areas, one size does not fit all, and this needs to be taken into consideration when considering any technology, process or policy. Lastly, from a personal perspective, I’ve learned patience, as all decisions are well thought out and discussed in depth before actions may take place.
How do you keep up with emerging threats? It must be difficult to plan a yearly budget with such a fast-paced threat landscape.
Keeping up with emerging threats means to be always reading, listening, attending and participating. It’s impossible to keep up with everything on your own, so I lean on others to help in identifying key areas to look at or address. This can be peers, working groups, websites, conferences, vendors and magazines. I also find that participating in affinity groups is of immense value. I have three higher education groups I can query on any given topic, all with actives listservs for information and research sharing. There is also the national Educause consortium that is a wealth of information.
In addition I also participate as a founding member with Wisegate, a private invitation-only community of senior information technology professionals. Getting prompt answers from experienced and trusted colleagues in the community is of immense value. As for budget, you are correct in indentifying the difficulty of planning a yearly budget. While I do plan three years ahead, emerging areas in need of addressing can brought forward to the university’s IT Governance Committee for funding that may be needed and not in the current budget.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.