This is the first in an occasional series of profiles of Carolina’s IT professionals who serve as liaisons in the Information Security Liaison (ISL) program, led by the Information Security Office within ITS.
Hínár György Polczer
Position: Technical Support Analyst, Biology IT Support, Department of Biology, for more than 20 years
Education: Bachelor’s and master’s degree from UNC-Chapel Hill School of Information and Library Science
Personal: Originally from Hungary, martial arts instructor, certified acupuncturist, training as an EMT
IT support for the department: Two full-time employees plus work-study students. Support about 60 labs, about 90 faculty members, administrative staff, research staff, undergraduate researchers. Primarily face-to-face support and face-to-lab support.
What’s the biggest security threat and how do you handle it?
Being there and responding individually to questions and issues is the most important part of what we do. One of the biggest issues we’ve had over the last couple years is faculty and postdocs running their own Linux boxes and servers that we don’t know about it. We get a notification from Security or Networking asking “Hey, what is this box doing?” Some have gotten compromised, luckily nothing major.We want to make sure that people can get their work done, but it’s hard to manage if we don’t know about it. We try to mitigate the risk and try to help them as much as we can. It’s a careful balance of making things secure but ensuring that faculty members feel that what they need to get done is not made difficult.
What other challenges do you confront?
When ITS or we roll out changes, some of our customers feel we are making it harder for them to get their work done. A few months pass by, and they get used to it, and then it’s fine. As one example of an immediately accepted change, though, was making the Onyen password expiration longer. It was a huge positive for faculty members.I try to be flexible. I also try to get people to use the resources that UNC offers, like OneDrive instead of their personal Dropbox or Google docs. I think user education has been the biggest thing. Luckily, we have gotten people who are not sure if something is phishing to reach out to us and ask if it is legit or not. I’d much rather get those emails than need to remediate things.
Because we are a research lab-based department, another challenge is we have to run a lot of old operating systems and machines because they are running special equipment that cost thousands of dollars to update and replace. We try to get them all disconnected from the network as soon as they are not supported.