This is one in an occasional series of profiles of Carolina’s IT professionals who serve as liaisons in the Information Security Liaison (ISL) program, led by the Information Security Office within ITS.
Position: Operations and Incident Handling Specialist for the Information Security Office
Education: Master of Science in Information Science from UNC-Chapel Hill (2013), Bachelor of Arts in Religious Studies from UNC-Chapel Hill (2007)
Career: Prior to coming to the ISO in January, worked for Eshelman School of Pharmacy for 15 years as a Technology Support Technician (2007 – 2009) and Analyst (2009 – 2023)
Personal: North Carolina native, current Durham resident. Adopted a rescue dog, Shug, who is his energetic companion on hikes and jogs. Enjoys listening to local radio stations (favorite program is The Funk Show with Howard Burchette every Saturday 4 – 7 p.m. on WNCU) and (crudely) playing along with his Jazzmaster-like custom guitar made by a friend from high school (Hallman Guitars) and his Fender Telecaster
We’re glad to have you at ITS, but wasn’t that a big move after 15 years at the School of Pharmacy?
Upon my departure, the outpouring of gratitude from faculty and staff for my years of service was truly humbling. I’m deeply proud of the accomplishments shared with my former SOP-IET colleagues, particularly our work to support the School’s research mission and our efforts to establish technology governance and risk management processes that simultaneously empowered stakeholders while reducing redundant costs, improving lifecycle planning and, consequently, improving outcomes/project viability.
What do you see as the biggest information security threat in the next year?
There’s a massive amount of alert data that the Information Security Office is reviewing daily; staying head-above-water in the data deluge and not missing high fidelity signals in a sea of noise is incredibly challenging. This is my current area of interest/focus: how can we improve our reporting? Phishing, of course, is a perennial threat. I think some of the security mechanisms that we’re planning (e.g., Carolina Key, Conditional Access Policies, and Domain-based Message Authentication, Reporting & Conformance) are going to add mitigation and help us all in that area. Also, securing the software development supply chain. Asking questions like: what software is in the environment? What are the upstream dependencies and potential vulnerabilities of the components that make up our systems? Do configurations meet our governance and compliance criteria, etc.? Just in my first few weeks, we’re already involved in a discussion around a configuration management database solution.