The Assistant Vice President and Chief Information Security Officer works within Information Services and Technology and is responsible for the development, implementation, and maintenance of institutional information security-related infrastructure, applications, policies, procedures, and training on all Boston University campuses, including Identity and Access Management services. The position provides thought leadership and expertise with regard to major trends in cybercrime and the regulatory environment, as well as best practices for mitigating risk of data beach, denial of service, or use of technical infrastructure for unlawful purposes. This leadership includes risk assessment, strategic planning, and outreach within the BU community, as well as representing BU at conferences and other external cybersecurity-related events. The position also leads and continuously develops a team of information security professionals in the provision of security-related technology services, including but not limited to incident response; intrusion detection/prevention; end-point protection; identity and access management; vulnerability management; DMCA, HIPAA, PCI, and research compliance services; and security awareness.

The Executive Director, Information Security at BU IS&T is responsible for the development, implementation, and maintenance of institutional information security-related infrastructure, applications, policies, procedures, and training on all Boston University campuses, including Identity and Access Management services. The position provides thought leadership and expertise with regard to major trends in cybercrime and the regulatory environment, as well as best practices for mitigating risk of data beach, denial of service, or use of technical infrastructure for unlawful purposes. This leadership includes risk assessment, strategic planning, and outreach within the BU community, as well as representing BU at conferences and other external cybersecurity-related events. The position also leads and continuously develops a team of information security professionals in the provision of security-related technology services, including but not limited to incident response; intrusion detection/prevention; end-point protection; identity and access management; vulnerability management; DMCA, HIPAA, PCI, and research compliance services; and security awareness.

I am the Information Security Officer at Boston University, with enterprise-wide responsibility for the BU Information Security program. BU is the one of the largest private research universities in the country with 33,000 undergraduate and graduate students from more than 130 countries, nearly 10,000 faculty and staff, 17 schools and colleges, and 250 fields of study.I am responsible for all aspects of Information Security including related compliance efforts, governance, policy development and enforcement, vulnerability management, incident response, investigations, daily security operations, and awareness. I am also the BU HIPAA Security Officer.

I am the Information Security Officer at Boston University, with enterprise-wide responsibility for the BU Information Security program. BU is the one of the largest private research universities in the country with 33,000 undergraduate and graduate students from more than 130 countries, nearly 10,000 faculty and staff, 17 schools and colleges, and 250 fields of study.I am responsible for all aspects of Information Security including related compliance efforts, governance, policy development and enforcement, vulnerability management, incident response, investigations, daily security operations, and awareness. I am also the BU HIPAA Security & Privacy Officer.

As the manager of the Engineering, Planning, and Architecture group within Information Security, I lead a team of 3 charged with standardizing security practices in new solution design and development. In the single year I held this position I lead the team in developing a new TOGAF-aligned framework for security architecture that meshed with the institution's existing ITIL, Prince-2, and TOGAF processes. Our streamlined approach reduces the effort required by both this team and the broader project teams to ensure compliance with our security requirements in the design phase. Simultaneously, I represented security in the Architecture Review Board and assisted with the development of Architecture Principles and Architecture Standards for the University.While leading the team I actively participated in a dozen projects, assessing security risks and revising specifications and implementation plans to maximize security objectives while retaining required business functionality.In parallel, I supported and mentored others in the engineering portion of Information Security: designing, implementing, and maintaining security systems including Intrusion Detection/Prevention, Log Management, Incident Tracking and workflow, File Integrity Monitoring, and Netflow Analysis.

As Information Security Architect I lead the University's efforts to standardize security practices in new solution design and development. I participated in dozens of projects, assessing security risks and revising specifications and implementation plans to maximize security objectives while retaining required business functionality.In parallel, I supported the engineering portion of Information Security: designing, implementing, and maintaining security systems including Intrusion Detection/Prevention, Log Management, Incident Tracking and workflow, File Integrity Monitoring, and Netflow Analysis.

During this time frame, security at the University was divided into two groups and my group was part of the Systems Programming team. We had authority over the security practices of the academic portion of the University and influence with the administrative functions. I developed and lead the University's incident response team while simultaneously developing its tools and techniques. I built several database driven web applications that remain in use to support incident response and complaint processing, and laid the ground work for much of the centralized security infrastructure of the University. I extensively authored presentations and advisories on vulnerabilities and the remediation of them.In addition to programming I administered Unix systems for the broader Systems Programming team, including developing a customized Jumpstart for Sun Solaris systems with capabilities that more closely mirrored Kickstart than was available from the vendor which minimized installation time-to-service.I also managed and maintained services for the University including various software packages and daemons, including AFS, NTP, and helping to architect a scalable mail relay infrastructure to meet the University's growing needs.

Managed and maintained UNIX systems for the University. During my tenure I supported up to 150 server simultaneously, including the Information Technology central server which supported over 100 employees of the unit in their daily operations. My responsibilities included planning and executing installations and upgrades, maintaining both the operating system, its daemons, and locally built software on the systems (emacs, e.g.). Performed day-to-day administration tasks include break-fix, account management, quality assurance, and capacity planning. At the end of this position I acquired some of the security responsibilities that were formalized in my transition to Systems Programming.

My career path started in computer operations where I was responsible for the daily operation of the enterprise backup system, including care and feeding of the tape library and scheduling backups and restores. We provided hardware support for dozens of systems racked in the data center and many distributed locations, including vendor relationship management. We had extended operations hours and provided a first line of response for Systems Administration outside of business hours.