Protecting Princeton information through systems and relationships

Donald

Manger of IT Security Operations

By the Numbers

  • A central information security team of eleven

A day in the life 

I work in the OIT Information Security Office (ISO).  Our team works to improve the security posture across campus. We’re protecting systems. We’re protecting our faculty, students, and staff.  We’re protecting devices. All, while ensuring that Princeton’s research and teaching missions are unencumbered. We see a lot of new security challenges come across the wire. On an external level, security changes all of the time. At an internal level, however, when you’re incorporating security into everyday life for another person, it has to be more deliberate. In OIT, we want to ensure that we are protecting the University as a whole, that we’re protecting research as a whole, that we’re securing the community, but it can’t be just our jobs to worry about information security. With security, it has to be everyone’s job. So, in all that we do, we try to be very transparent. Security is sewn into everyday life here. It’s a team effort, so we want to make sure that we empower the people we support. In a sense, we are working to make information security a part of what people are, not something that they do.

A people-first approach

This year was the first time that I worked at the First-year Student Check-in event at Princeton. Here, you get to meet the new crop of students coming in. It was a great opportunity to speak to them about information security and how we rely on them to secure themselves and their property. When I worked at the OIT Help Desk, a student came to the office to meet one of the other Technical Support Specialists. She was appreciative that we (as an organization) were a part of her journey throughout her time at Princeton, and that we made a very big difference. To see our efforts manifest externally, that it’s not just us helping an individual, but us helping them to be able to protect themselves, their families, and their things,-- that’s huge and very meaningful to me.

Path to Princeton OIT

Shortly after moving to New Jersey, I worked at the Institute for Advanced Study which neighbors Princeton University. I was a contracted IT support specialist there. It was an interesting role, but I was longing for something more permanent ; I wanted to   expand on my skill set and professional experience. A position with the OIT Support and Operations Center gave me an opportunity to grow..  It was a night-shift position that appealed to me at the start because my wife worked days. This shift allowed us to work and for me to be home in the morning for my son. . This position was also my start to a career at Princeton. The skills and institutional knowledge that I learned on the job at the SOC led to my move to the Information Security Office

When security is a part of your everyday life and you don’t even notice it in the foreground? That’s perfect. We did our job in the background.

OIT and my career

Years with Princeton OIT:  7
Years with Princeton:  11
Roles within OIT:  Support and Operations Center temp > IT Support Specialist >  IT Security Specialist > IT Security Operations Lead > Manager of IT Security Operations

In my field, certifications are important. The Certified Information Systems Security Professional (CISSP) program ran under the sponsorship of the ISO last year. It was exciting to see so many CISSPs graduate. That ideology of programmatic and cultural information security is spreading throughout the campus. Last summer I earned my  GIAC GMON, which is an information security continuous monitoring certification from SANS. Having the opportunity to incorporate that knowledge daily makes our department stronger. As much as I talk about cohesion within our team, OIT as a whole is also very cohesive.We always avail ourselves to each other, and that makes for a very strong group. Plus, there is never a dull moment. It’s always changing. It’s always exciting. Whether it’s learning, being given the opportunity to teach someone, or simply to be there for your fellow co-workers, I say it all the time: We are family. It goes beyond the office.

You see this very cohesive unit working together toward this programmatic and cultural vision of IT and information security so that we can have a strong security posture for Princeton University.