John O'Brien, EDUCAUSE CEO and President, talks with Mike Corn, CISO for the University of California San Diego, and Cheryl Washington, CISO, for the University of California Davis, about the increasing relevance of the Chief Information Security Officer role.
Chief Information Security Officer
University of California, San Diego
President & CEO
Chief Information Security Officer
University of California, Davis
John O'Brien: Welcome to our community conversation about cyber security. I'm thrilled to welcome Cheryl Washington, a new member of the EDUCAUSE board and the CSO at University of California, Davis, as well as Mike Corn, CSO at University of California, San Diego. Welcome to both of you. So Cheryl, you are the first CSO on the EDUCAUSE board ever which is a big deal for us. It seems kinda like a milestone and really firm evidence of the way that the stature and influence of CSOs in our community is growing. What does it feel like on your end of things?
Cheryl Washington: It actually feels like the right move at the right time for all the right reasons. First, I appreciate the board having the confidence in me and inviting me to join. I also think that given the growth and importance of cybersecurity across our communities, it's a clear signal to me and to others that all of us are beginning to see the significance, importance, and relevance of security. And having conversations, not just within the IT communities, but across the organization. I think the appointment of a CSO on this board and I dare say any board, in my opinion reflects the need for these conversations to be had at levels that perhaps traditionally they were not had. And that is at the leadership level. It's really important for leadership and members of that community to be actively engaged in cybersecurity. And so this appointment I hope will not be the last, but rather a strong indicator that organizations, particularly those of us in higher education, should look to see where we best position the security officers.
John O'Brien: Michael and Cheryl. When I think about the last year, everybody's job is hard. There's not an easy one in the mix. But I have to admit, when I think of the responsibilities of a security officer, it really makes my head hurt. I think about the fact that your job before was sort of focused on protecting the perimeter. Now, the threats come from everywhere, including or especially at the homes where people are working. And then meanwhile, on top of just the hard job of protecting us, you're always balancing this expectation that higher education is going to be this sort of reckless and free exchange of ideas. How in the world do you balance that even on a daily basis? Michael, why don't you start?
Mike Corn: There's several dimensions to it that I think are worth talking about. And I do want to pick up for a second on Cheryl's response about her being on the EDUCAUSE board because I think it feeds into this. First of all, I couldn't be happier that Cheryl was put on the board. I mean, she's someone we all respect nationally within the UC system. And as a colleague, I'm tickled pink. But one of the challenges I think we as a field face is that C in our title. I think many of us took that to mean we were campus executives. And yet I don't think we often act like campus executives. I think too often, we're too director of security-ish and not really engaged in that C-suite level discussion of risk. And this is where, this is why it's so important to see Cheryl in this position. But this also feeds into the question you asked. What we are doing these days is no longer just securing our perimeter or securing end points. We're part of the national discussion about cybersecurity and national security and business continuity for the country. We just saw an oil pipeline shut down. People are hoarding gasoline. This is a conversation we need to be part of.
Cheryl Washington: As of late I've begun, I started to think more and more about work-life balance. The job is without question far more stressful and it's not stress that is manifesting itself just because what's happening on my campus. As Mike pointed out, I have to think a lot more globally today than I had in the past. I think about my university. I think about our health system. I think about our system that is the collective University of California system. I think about what's happening in the state. I think about what's happening in the country, and I also think about what's happening geopolitically. And all of these pieces have to come into play as I think about the maturing of our programs and the threats that we face today or that we may face tomorrow. So Mike is spot on there as well. So how do I address this? Collaboration. I am absolutely convinced that there's not a single CSO in the world who can do it all by him or herself. It's just too big of a job. And I think one of the advantages that we have, particularly in higher education, is this ability to be open, candid, and want to talk to one another. I tell my colleagues, and Mike has heard this a lot from me, particularly as of late because he has some fantastic programs. I'm gonna steal what you have and I'll adapt it to my institution's needs. So I'm not trying to invent or reinvent the wheel every time I'm faced with a new challenge. So that's one tactic that I take to continue marching towards my objectives and goals. And that is to protect this institution. We have some advantages, and I think through our organizations, EDUCAUSE, RIN, and others, we have forums where we can have these conversations very openly with our colleagues and try to find that path forward for us. But there's no question. This is a tough job.