University CISOs are breaking open the cybersecurity ‘black box’ on campus

University chief information security officers said their once-technical roles are becoming more advocacy and education based.
hands opening box
(Getty Images)

Collaborating with IT users across the college campus is becoming increasingly important for college chief information security officers, speakers said Thursday at StateScoop and EdScoop’s virtual Cybersecurity Modernization Summit

A decade ago, cybersecurity leaders were seen purely as technical leaders, said Leo Howell, CISO at the Georgia Institution of Technology. Now, their role is to break open the “black box” of cybersecurity — educating users, forging cross-departmental collaborations and presenting cybersecurity as “not just a necessary evil” but something that can offer institutions a “competitive edge” in business.

“We are part sales, part professor, part teacher and part confidant,” said Tom Siu, CISO at Michigan State University, on the evolving CISO role.

Siu said one needs to have a good relationship with colleagues outside of cybersecurity to spot organizational weaknesses.


“Know yourself, know your enemy,” Siu said. “If you don’t really know your environment, you can only go so far in understanding a threat actor, or an adversary, who will be taking advantage of vulnerabilities or issues in your environment.”

Building trust has become so central to campus IT security that it’s part of Donna Kidwell’s job title at Arizona State University, where she is the chief information security and digital trust officer.

Through working with campus partners, security leaders can leverage the skills and expertise of other people and use their insights to find vulnerabilities and anticipate new ones, Kidwell said.

“We don’t want to just spend all of our time fighting off bad guys,” she said. “We want to think beyond that.”

Latest Podcasts