When Brian Kelly had the opportunity to join Educause to further the association’s burgeoning cybersecurity program, it was hard to pass up.
“What I learned over maybe 10 years as a practitioner is that Educause is the go-to place to get connections, get resources, get documents that I could use,” Kelly told EdScoop in a recent interview. “Joining was something I really wanted to do because I felt like I was such a consumer of it for so long.”
Kelly joined the association in March after a 13-year career as the chief information security officer of Quinnipiac University in Connecticut.
“I’ve been part of Educause for over 12 years, so I came in knowing the products and services the cybersecurity program provided to the community,” Kelly said. “I’m excited to join from the collaboration perspective.”
Now, more than 8 months into the role, Kelly said he’s gearing up for the association’s annual security professionals conference that will take place in Bellevue, Washington, in April.
“We were in Chicago back in May, and we had 900 attendees, which was the largest,” Kelly said. “We’re expecting 1,100 this year, so that speaks to the importance that our community feels [around cybersecurity].”
The conference is an opportunity for Educause and Kelly to gather the higher education IT community — and specifically the cybersecurity portion of that community — for educational opportunities and network. One big plus of the event, Kelly said, is to inspire leaders working in a field that is so often dominated by negative press about breaches or cyberattacks.
“There’s sort of a burnout or frustration, because in the media, often CISOs are only seen when there is a breach or when there’s a ransomware attack,” Kelly said. “The only time we talk about cybersecurity is often in a losing context, but we’re doing some really important and really good work.”
Kelly said the conference, as well as Educause’s overall cybersecurity program, is an opportunity to highlight the wins in higher education around cybersecurity.
“I want to sort of shed light and showcase where we’re succeeding, where we’re winning,” Kelly said. “[I want to] take opportunities to really be a leader in saying, ‘You know, we’re not always failing. Here’s an institution that’s doing something really well.'”
Kelly, along with a cohort of other association leaders and campus technology staff, also works on the Higher Education Community Vendor Assessment Tool, an effort to provide vendors and higher ed IT staff a means to evaluate the security preparedness of various pieces of technology. The project will in 2020 enter its fifth phase, which is to promote public awareness of the tool.
Bridging the gap between IT and leadership
The shift to a more pragmatic, big-picture cybersecurity thought leader is a change for Kelly. As a higher education CISO, Kelly was used to regularly working on code and having a first-hand look at how Quinnipiac was fighting against cyberattacks. At Educause, he’s spending less time on code, instead working to facilitate collaboration among university CISOs.
“Personally, the transition’s been hard to disconnect from that tinkerer and operations [brain],” Kelly said.
To fill that void, Kelly works as an adjunct instructor for Naugatuck Valley Community College in Waterbury, Connecticut, where he teaches classes in cybersecurity. In that role, he has the opportunity to advise, mentor — and yes, work directly on code — with students.
“I’m still in it,” Kelly said. “My wife will be the first to tell you that if your hobby is the same thing as your job, then it’s not a hobby. There really isn’t such a thing as doing it on the side. But I think that perspective helps me.”
In his role with Educause, though, Kelly leans on that CISO experience to help higher ed technologists with one of the biggest challenges they face day-to-day — communication with senior leadership.
“I think, for me, taking the mentality of how do we talk to the provost? How do CISOs message to the provost? How do they message to the president?” Kelly said. “How they message is important, because I’ve done both the technical hands-on work, and building those [communications]. I think as far as the program goes, we’re going to focus on amplifying that.”
Ultimately, for Kelly, it all circles back to community.
“I feel like a community builder,” Kelly said. “Knowing what the need is, listening for that, and then connecting the individual that has that need with someone that’s already further along in that maturity continuum is so important. It’s an exciting position to be in.”