This is the second in an occasional series of profiles of Carolina’s IT professionals who serve as liaisons in the Information Security Liaison (ISL) program, led by the Information Security Office within ITS.
Position: Desktop Computing Administrator and lead ISL at the School of Education
Education: University of Louisville, Bachelor of Music
Personal: Dad to two girls, loves film and instant photography, cellist/multi-instrumentalist
IT support for the department: Supports about 110 faculty and staff and roughly 600 students
What facet of information security do you find most interesting?Like many of us in the IT world, I’m a generalist. I learn things that I need to accomplish objectives. I pick up other things along the way. I’ve never worked in a shop where I could devote time and attention to just one specific aspect of security. Over time, I have gained an appreciation for and an understanding of how all the pieces fit together and how security is a thread that runs through everything that you do. You can’t design a system and then slap security on top of it. You need to design security into the system.
If I had to pick one area that I feel most connected to and where I do the most of my work, it’s awareness and education. A lot of what we do comes down to educating our users. That can be explaining why MFA (multi-factor authentication) is worth the small inconvenience. It’s super important.
I also enjoy hearing about what’s new in the threat landscape, and I love digging into a good security article and trying to understand how that fits into the bigger picture.
What information security issue currently holds your interest?I’m interested in following the development of blockchain and non-fungible token (NFT) and how that is going to potentially transform commerce. There’s talk about using NFTs to validate ownership of real estate. But then you have security issues around the key management and around wallets and making sure that people aren’t having their land stolen because someone stole their crypto wallet. There’s going to be movement in that space over the next decade or so. This first decade of it has been about seeing what’s possible and testing the waters. People are going to find a broader use for it. Security will develop around it. I’m interested to see how that all shakes out.
What do you see as the biggest threat to your users? What is the main thing you try to talk to them about?The biggest threat overall is not understanding the threats that are out there and why they need to adhere to certain practices. Phishing is an obvious example. We do a lot to educate our users on phishing. People think that if they are just checking out a website and didn’t download anything and didn’t enter any credentials, then it’s all good. Anybody can be victim to something like that and the impact can be huge.
We are lucky that we have a solid security team. But people are going to make mistakes. The best thing that we can do is educate them to look for threats and use safe computing practices.
That’s why the ISL program is helpful. We generalists are keyed into what’s happening with security at the University and beyond. We apply that information to our specific departments and help our users learn good practices. That helps everybody.