Information Security Basics

Earlier today The Pennsylvania State University announced a sophisticated series of attacks to the network within its College of Engineering. It is a disturbing occurrence on so many levels — primarily from the fact that this has become the new normal for us in Higher Education. Notice I didn’t just say Higher Education IT — this is an issue that belongs to all of us. Our networks and the access they provide is the critical life blood to accessing the knowledge and colleagues that empower us to teach, learn, make discoveries, and connect with the world. A good friend of mine once told me, “when we lose our connection to the Internet we cease being a research institution.”

If you want to know what keeps CIOs up at night the list starts with information security challenges. To that end, I want to make this as clear as possible … it is time we all make information security a priority in our work. While we are committed to a strong IS stance, we can do things that are low hanging fruit here at SBU — strong pass phrases instead of weak passwords, changing pass phrases on a regular basis, don’t leave your work station logged in when you walk away, update your operating system when prompted, question links in emails, keep virus protection software up to date, and in all the instances when you are unsure of the legitimacy or threat ask a colleague who might have an answer.

It constantly amazes me at how much doing just those things systematically can positively influence our overall security stance. I am asking for your help and your cooperation to take personal responsibility for assisting the campus and to make it a conversation about all of us and not one about information security against us.

From PSU President Barron in a message to the community …

“In the coming months, significant changes in IT security protocols will be rolled out across the University, and all of us as Penn Staters will need to change the way we operate in the face of these new and significant challenges. University leaders are developing a detailed plan that will include even more robust monitoring for malicious activity across Penn State. Over time, individual users also will see changes including the implementation two-factor authentication on major university systems, stronger password management practices, and enhancements to system and software administration.”

#SBUDoIT All Hands Reflection

Earlier this week we held a DoIT All Hands meeting in Frey Hall. I can’t say for sure, but I think we had somewhere around 150 or more people there. The turn out was great and I really appreciated seeing so many now familiar faces. I am not a huge fan of large All Hands meetings, but when done right I see the value. This one was designed as a combination of a recap of the past year (my first on the job) and a look forward to where we are headed, what our priorities are, and to do a deep dive into the new DoIT Values. We decided to create a video to help communicate these things so we could reuse it across various media and in other venues. I am particularly proud of the team that produced the video. I thought it was a great way to kick off the meeting.

We decided to kick things off with a full five minutes of timed slides highlighting service awards, new hires, retirements, and a whole bunch of pictures from my first year on campus. I timed it to “Truckin'” by the Grateful Dead to keep it light. It was a way to share lots of stuff, show off the human aspect of who we are as an organization, and help people smile.


I was struck by the thoughtful attention and questions that emerged from the session. I thought the questions were very good and were aimed at the more strategic level … they were stretch questions for the most part and people seemed engaged. It is such a difficult thing to balance information with interactivity … we got close, but I do think we can do a better job.

We sent out a survey following the event and have gotten solid feedback (keep it coming). A little early insight from the feedback includes the notion that we need to have a more diverse set of speakers (something that I recognized as I was putting the finishing touches on the agenda). We will do a better job at that going forward — and that means I would like to see people from all parts of DoIT contributing in the future. I also see that people want to do more of these … some even suggesting every month … I can’t pull that off, but we could settle into a good pattern of twice a year with some other events mixed in as well. Several people want to expand it so we can have some break out sessions and I would like to explore that. All in all it seemed as though people were pleasantly surprised with the time we spent together. Always room to improve and I listen to that feedback critically.

What I really tried to do during my update was to contextualize how and why our DoIT Value statements are actually a very important driver of our organization. For each statement I tried to hit home at least three examples of why that value is important and how we are manifesting our work through them. Some are easy to get, like “communicate,” while others like, “grow” are much more nuanced. I think I spent more time with grow than any of the others … I am particularly interested in focusing quite a bit of energy in building a strong organizational foundation around that value.

At the end of the day I had a blast talking to everyone. It surprised me how much energy was put into the event and the intellectual toll it took on me that afternoon. It was time well spent, but it was draining. The networking time afterwards was also a highlight — lots of people stayed and talked to me and each other. A huge thank you to everyone who attended and who put so much effort in making the time together worthwhile. The great news is that we will be getting together again in a few weeks at the first annual DoIT Football Tailgate — that should be a great time!

A Year of Posts

Screen Shot 2014-08-03 at 12.02.06 PMIt is hard to imagine I am arriving at my one year anniversary of joining Stony Brook University. Yesterday marked one year since I walked out of my office at Penn State for the last time after 15 years and in the next nine days it will mark a year since I walked into my new office at SBU. I am going to work on a reflection, but for now I just want to share that this space has been helpful for me to work through some ideas in public. And while I didn’t write as much as I hoped, I did get at least something out each month — I did get 52 posts in for the year so I guess an average of one a week isn’t too bad. There were times when I even got some comments and that is something I truly appreciate and hope for more of. I am starting to see other people around DoIT use the SB You platform to write and reflect — that also makes me smile as it is one indicator of an engaged organization. Perhaps over time more of us will find voices either through original posts or through the act of leaving comments.

I think using a platform like this is a great illustration of our DoIT Values, number one in particular, “Communicate: We are committed to engagement, communication, and sharing information with a human voice.” With that in mind I will commit to writing and sharing more and I hope that each of you consider how you can show a belief in our shared value. It doesn’t have to be through blog posts, but finding time to share your view of how we do our work in an authentic way is a critical part of what we do.

New York State CIO Conference

It has been so hectic that I failed to share my thoughts on the 2014 NYSCIO gathering that I attended. It was my first one and my first time getting to spend time around the amazingly beautiful Finger Lakes. This event was once again held in Skaneateles, NY and if you haven’t made the five hour trip, consider it worthwhile. The event was exceptional and I not only learned quite a bit, but got to engage in great conversations with new and old colleagues.

I really liked the quick hitting format of the event. Most sessions were panels so there were a diversity of perspectives shared during each 75 minute block of time. It was all in a general meeting room, so the agenda was set for all of us, in other words, no changing rooms. The event packed as much content into the format as possible, with a dinner reception as a kick off with Dr. Satish K. Tripathi, President, University at Buffalo giving a great talk, “Threats and Opportunities for Information Technology in Higher Education – A President’s Perspective.” I found it valuable in terms of how a President of a University views IT and how to help shape that view. Exceptionally smart discussion.

The next morning was the meat of the meeting with sessions presented by Gartner on The Higher Education CIO World in 2014, a panel on Preparing for Changing Enrollment Demographics that I found fascinating as I am newer to that conversation at the VP level and it is outside of my direct area, another panel titled, the Digitization of Education: Selected Instructional Uses of Technology & What Higher Ed CIOs Need to Know About Them that I really enjoyed and had plenty of take aways from, and a closing session that was a real highlight titled Data Loss Prevention – How a lot of effort can potentially save you a lot of money. Each session provided depth and some real world stories that I made sure to write down. The day wrapped up with a reception and dinner at a local vineyard with a keynote from NYU’s CIO, Marilyn McMillan.

I ended up having to leave earlier than expected and missed a chance to see my old friend and colleague Brian Alexander whom I greatly admire and respect. I have seen Brian on numerous occasions, but it is was a drag to miss the chance to hear him talk. I did however spend lunch with him the day before talking about trends and the world as he sees it. Brian recently started his own consulting company and was also just joined the New Media Consortium as their research director. Leaving early also meant missing Jeff Selingo, who I also really enjoy and respect. Because of that I have vowed to read his book, “College (Un)Bound: The Future of Higher Education and What It Means for Students” … knowing Jeff it will be well worth it. Below are some unedited thoughts and highlights from a few of the sessions.

Higher Education CIO in 2014

  • The position of “Chief Digital Officer” (or someone serving in a like role) is set to triple in the next year to focus on adaptive eTextbooks, MOOCs, Mashware, and other new forms of digital technologies in the ed tech space
  • Next phase will be digitalization leading to education as a digital business — providing new service delivery and business models. This will continue to challenge enrollment, libraries, IT departments, and curricular design.
  • When we are talking through this new form of leadership, it isn’t solely about technical capabilities, but about all the issues surrounding technology in the context of higher education expectations and change
  • A critical idea is to produce “technology showcases” to make the community more aware of IT offerings
  • “Every budget is an IT budget”

Digitization of Education

  • At NYU, they have a critical governance group … Faculty Committee on the Future of Technology Enhanced Education. This is something we need to consider doing in a functional way.
  • Creation of a studio for the construction of small pieces to enhance resident instruction called the “Blended Learning Studio.” Contains a Smart Board, lighting, camera, provides safe practice space, very little editing, spend about an hour with each faculty member and then use their own time after that. It sounds a lot like the Media Commons approach at PSU with the One Button Studio.
  • Instructional Technology Support at NYU


  • “You can’t stop stupid, you can only slow it down.”
  • “If you cannot enforce a policy, don’t write them.”
  • Data classification policy … 1. Sensitive: PII/PHI/Student, 2. Confidential: contract — no government fine, 3. Internal: proprietary, 4. Public: on the web freely available
  • “We let people do anything they want unless it is wrong” at Columbia
  • Losing 5000 SSN can cost close to 500k … we need to make this very clear to institutional leaders that

Sharing Experiences & Growth

We walk around with a shared value in DoIT that is focused on all of us and our growth.

We will actively hire great people, develop the growth of our staff, promote a diversity of voices, and support our staff.”

I want so badly to make sure that we as an organization find ways to support growth in a systematic way through professional development. It is a struggle to do that however — events are limited, interests are all over the place, funding is always an issue, and finding time is a complicated endeavor.

SB You Aggregate ResultsWith those thoughts as context, I’ve been discussing how important it is for us all to share our experiences at conferences, training events, and growth opportunities through participation through IT Travel & Training Reports. I’m not thinking of ultra formal reports that end up in a manger’s email, I am thinking about ways to share experiences widely so that all of us in DoIT and beyond can learn from each other. I am willing to share most thoughts on such events in the open, but I also understand that everyone isn’t comfortable with that, so I wanted to offer ways for both to happen.

Participation allows us to:

  • Share our experiences with a diversity of people
  • Help each other evaluate opportunities
  • Help ensure that training dollars are used wisely and the community can learn from other experiences

Share Your Experiences

Travel and training takes time and money. Let’s work to maximize that investment across Stony Brook by sharing information. Let your peers know where you went, what you did, and what you thought by sharing your experiences in SB You and the “IT Travel and Training” group in Yammer.

To get started:

  • We’ve created a standard list of questions that can be found in the “IT Travel and Training” group in Yammer as a guide to sharing your experiences. Simply use those to create a shareable report in Yammer.
  • Or if you’re like me and you are already blogging your experiences using SB You, please add the tag “sbuittravel” to your blog posts, and then share links to your posts in the IT Travel and Training group. By using this tag, all results can be aggregated together into a single search result.

Screen Shot 2014-07-13 at 2.33.34 PM

When we all share, our contributions can be shared with the Stony Brook community and we can all grow and learn together.

Delighting People

Running through my feeds tonight and came across this quote from Seths Blog

Do your work, your best work, the work that matters to you. For some people, you can say, “hey, its not for you.” Thats okay. If you try to delight the undelightable, you’ve made yourself miserable for no reason.

I’m not going to wax poetically about it, but it does raise some interesting thoughts given we have a DoIT value that stresses our intent to work to delight our users. Specifically …

3. Satisfy: We will work to delight our customers in the innovative delivery of our solutions and services.

Maybe it is an important thought to recognize that it can’t be done all the time and accept that? I’m not sure if that is defeatist or realistic. I wonder what people think.

Summer Coffee

We just posted a new invite for Coffee with Cole … all I can say is that I love these. Each time I have one I leave feeling so energized by the interactions. I enjoy the informal setting and the opportunity to just sit back and talk to one another.

When I was at Penn State, my CIO held similar sessions and I never attended — I guess I figured since I worked for him on a regular basis that it wasn’t for me. He always told me otherwise, but I wanted to leave a seat for others to get a chance to hang out with him. I just simply didn’t understand how different getting together over coffee creates a different dynamic. The conversations are about us in a very different way when it isn’t a staff meeting, an IT Partners gathering, or a meeting in general. It gives us a chance to get to know one another in a more holistic way and that is the win. Its funny, when I told my old boss I was adopting this idea he immediately told me how much I would love it and how much I would learn. As was typical with Kevin, he has been right. So sign up — no matter who you are or what you do at Stony Brook. It is a chance to engage in ways that are so rare at work. Oh, and you get to be in a group selfie!

CWC Selfie ... Sorry, Terry!

CWC Selfie … Sorry, Terry!