Click here to receive your FREE subscription to Campus Technology
Opinion
Thrown into the Deep End
7/11/2006
Brian T. Nichols, Louisiana State University
Many institutions have created high-level positions with responsibility for IT security and policy –and some are newly established posts. What’s required to navigate these relatively uncharted waters?Brian Nichols shares lessons learned after nearly one year as Louisiana State University’s very first chief security and policy officer.
When appointed as Louisiana State University’s first chief IT security and policy officer last year, I was energetic and ready to go. I can recall sitting across the table from the CIO when I accepted. “Brian, you’re the first of your kind here, so there’s no roadmap to follow,” he told me. “Hmm,” I thought, “I’m being thrown into the deep end. I hope I learn to swim fast!”
As I complete my first year I’d like to share some thoughts on what any new CISO needs to know. Those long in the profession will certainly relate, but perhaps my observations will have greater value for anyone starting out, or considering a career as a CISO. Here are seven things I wish I’d known as I hit the water “in the deep end.”
1. Find out what others are doing. This is a growing profession, with many opportunities to get together with peers. My first month on the job, I attended conferences and visited a university known for its state-of-the-art security and policy function. The conferences and on-site visit provided opportunities to network, meet colleagues, learn how others had established security and policy functions, and more importantly, what mistakes others had made. It gave a vision of what I was striving to build at my institution – a model home if you will. What I learned was that others had experienced “growing pains” in establishing security and policy functions. I learned I wasn’t alone in the deep end!
2. Share information. Part of becoming a member of this community is giving back as you’re taking from it. One way to share information is to join an Information Sharing and Analysis Center (ISAC). ISACs provide a means to obtain information from reliable sources, report anonymously, and obtain expertise. The REN-ISAC at Indiana University’s Global Network Operations Center is an effort to improve network security in higher education. By “linking up” with an ISAC, you’re no longer in the deep end by yourself.
Recommended Reading
- Getting the Money Right
A clear sign that online and distance learning is maturing is that we are struggling with how to organize and fund these programs on an ongoing basis.
- Technology and Campus Services
Can auxiliary services be mission-critical? You bet they can. With tuition on the rise, Auxiliary Services departments at a variety of colleges and universities are proving that they can innovate and still save their parent institutions cash.
- Ad It Up
Commercials on television tend to enrage me and laugh tracks are guaranteed to give me a headache. Plus, where do people find the time to watch TV?
- What Is the Purpose of an Electronic Portfolio? Is the Answer the Key to Your Successful Implementation?
Among many themes, Margaret Price explores the theme of purpose in her Viewpoint. One purpose of ePortfolio is to reflect on change from a beginning to a later point in time. In a future Viewpoint, Margaret will return to the SpEl.Folio and we’ll see how her thinking and her project have evolved.
- Making Faculty Smarter about Smart Technology
If you’re not also enabling the ‘why’ or ‘what’ behind the tech tools you give your faculty, you’re not enabling effective use of those tools.
- Smashing the Shackles of Intentionally Dysfunctional Technology
Until last week, it hadn’t "clicked" inside my head that the Library of Congress could or would make specific exemptions to copyright laws.
