Today, February 6, Paul Rivers takes the helm as UNC-Chapel Hill’s next Chief Information Security Officer (CISO) and Assistant Vice Chancellor for Information Security. The role was previously held by Dennis Schmidt, who retired in April 2022 after 24 years with the University.
Rivers brings strong qualifications from previous leadership roles in cybersecurity, including as CISO and HIPAA Security Officer at both Yale University and the University of California, Berkeley and as cybersecurity adviser to the audit committee of Brookhaven National Laboratory. He has also held significant positions outside of higher education, most recently as Director of Security and Compliance at Amazon Web Services. Prior to his time at Yale, Rivers was a cybersecurity executive consultant to Fortune 500 clients.
The blend of private sector and higher education experience will be a boon to Carolina. “It is no hyperbole to say that Paul is perfect for the role, for what we need to do, for what we hope to accomplish and for UNC-Chapel Hill,” wrote J. Michael Barker, Vice Chancellor for Information Technology and Chief Information Officer, in his announcement. “Paul brings an unequaled blend of cybersecurity and technology expertise inculcated during his nearly 30-year career.”
Advancing our strategic vision
At ITS, Rivers will lead the Information Security Office and Identity Management units. As CISO, he will continue to develop the campus Information Security Liaisons program and engage directly with campus leaders, principal investigators, research center and institute directors, colleagues in adjacent compliance roles, peers across the nation and other University constituencies.
“My first goal is to listen and understand,” said Rivers. “With that context, we can revisit Carolina’s cybersecurity roadmap, reassess what is working well and determine what areas we would like to focus on next.”
Rivers said that he hopes to “work backwards, so to speak, from the mission outcomes, and adapt our cybersecurity approaches to fit the mission and the specific environment.”
In his announcement, Barker underscored how impactful that mindset will be, saying that Rivers “will advance our strategic vision of making information security compliance routine rather than extraordinary. Paul’s approach emphasizes sound operational practices, fundamental capabilities and risk differentiation that neither under protects nor over encumbers us.”
Drawn to Carolina
Barker noted that Rivers was drawn to the opportunity for multiple reasons. First, to re-join higher education and engage across the full breadth and depth of activities at UNC-Chapel Hill. And second, because the ITS Security and the Identity Management teams are high performing, with sound foundations, effective working relationships across campus (and peers) and track records of individual and unit excellence.
For Rivers, the mission of Carolina as a leading public research university was a huge draw. “The nature of cybersecurity in research universities is also an especially rewarding challenge,” he said. “It requires meeting the growing cybersecurity threats without compromising the values of privacy, academic freedom, collaboration and experimentation that are fundamental to a research university.”
In this vein, Rivers said he was especially excited to get to know the research community and emphasized an approach to understanding existing security hurdles so that he, and ITS, can “help remove this friction in order to accelerate the cutting-edge research happening at Carolina.”
“I am very much looking forward to getting to know and work with the Carolina community,” said Rivers. “When my family and I visited the area and saw the beauty of the state, we knew this is where we wanted to be. We’re grateful that we now have that chance.”