Welcome back, and welcome to a new year! We survived the holiday break with no major incidents 🎉, and now we have a couple weeks of a breather before students return.

Last month we talked about zero trust, one of our major themes for this school year. In this month’s newsletter you’ll find updates on happenings in our org and our major projects, and we’re taking a moment to reflect on the sheer amount of stuff that happened last year—seriously, y’all, we did a lot.

2023 was a whirlwind year for us. We tackled ambitious projects, celebrated big wins, and even witnessed some major university changes—all while keeping our research, systems, and data safe and secure.

Project Powerhouse

We launched, migrated, and implemented a lot of cutting-edge tools to fortify and evolve our defenses. We addressed things both big and small—ranging from password management to migrating our entire SIEM infrastructure to Elastic. We replaced three major tools this year with new technologies: Splunk→Elastic, Spirion→Proofpoint DLP, and Rsam→OneTrust. Our efforts towards improving the endpoint experience for our users have made some great strides. New tools like AdminByRequest and 1Password are improving the endpoint experience for end users. Infrastructure like Cribl and Proofpoint provides better telemetry for on-prem and cloud resources. Platforms like Axonius provide better operational insight to systems managers, and SailPoint is providing us with a path towards reliability for our entire identity infrastructure.

Winning Streaks

We notched up some serious victories this year:

• The migration from Splunk to Elastic was, to put it mildly, a massive undertaking. We now have more data sources in Elastic than we ever had in Splunk, which lets us use our telemetry in more efficient and actionable ways.
• We implemented a robust CASB solution and formally launched our pen testing program – protecting data both on-prem and in the cloud. 
• Great strides have been made in our IT asset management platform, Axonius. It has grown to over 300 users and 150,000 devices, utilizing over 35 different data sources. It is now a critical tool used by sysadmins across campus.
• On the first day of fall classes we responded to a global Duo outage, implementing a workaround that got us operational within 30 minutes. Responding to a dramatic increase in phishing attacks in the fall, we increased our account security by enabling risk-based authentication in Duo – in the first month of having this turned on we mitigated over 20 account takeovers.
• We onboarded a new class of CAP students in October after an extensive and competitive interview process, and the Security Operations team has already conducted specialized training in cybersecurity threat hunting and other advanced topics.
• Agent-based vulnerability scanning is now required for all new firewall port openings.
• The first-ever tabletop exercise in years, with a diverse stakeholder team from across the IT organization, was a resounding success. Identity Security led a Technically Speaking about authentication, identity, and zero trust, and we hosted an Elastic-led GenAI training session that was attended by developers from across campus. 

Organizational Changes, Big and Small

Quite a lot has changed this year across the organization:

• From a University perspective, we lost a president and gained a new one. This was a massive change whose impact was felt at nearly every level of the organization. 
• We also saw some notable changes inside Technology Services. Groups and functions inside the research vertical were redistributed to other parts of the org, and the IT Operations vertical gained a new executive director, and reorganized systems administration staff under that role.
• Within Security, we introduced dedicated verticals for Cloud & Platform Security and Research Security & Compliance. Other teams were realigned to focus on emerging threats, and position us for future growth. Our team grew by several new positions in 2023, including a new Program Director position, which is focused on product and project management, and vendor relationships.
  
  

This section could go on for much longer, with wins both large and small. When you look back over the year, and all the things we accomplished, remember this: our team has stepped up to every challenge and made significant strides while also managing the day-to-day security tasks that never stop.

• Matt Lee has joined the Systems & Application Security team, where he will be working on pen testing and application security. Matt is new to Texas, so make sure to say Howdy and give him some good BBQ recommendations!
  
  
• Chris Hall has joined the Cloud & Platform Security team, and will be focused on cloud network security. Chris is coming from the cloud operations group, and will continue to work closely with that team to protect our cloud environments.
  
  
• Shem Miller has joined the Identity Security team, and will be focused on the delivery & launch of SailPoint and ongoing identity program support.
  

• 100% of 2023 risk assessment initial review work completed by Dec 19, 2023; remediation and follow-up will continue into early 2024
  
  
• Identity Security deployed new internal team documentation platform with 50% more content, facilitating greater velocity for new hire onboarding (and serving as a test for similar work in other security verticals)
  
  
• Firewall data ingestion into Elastic has significantly reduced latency; going from an average of 40 minute lag with Splunk to and average of 5–8 seconds under Elastic

Stephen Pampell and the cloud security team will be presenting a virtual Technically Speaking at the end of the month on email security, and the complexities of modern email delivery requirements. Gmail and Yahoo are ramping up enforcement of the DMARC standard beginning in February, and getting a message into someone’s inbox will soon require passing a series of very complex and technical protocols. You’ll learn more than you ever wanted about DMARC, SPF, DKIM, and the wonderful (complicated) world of email security.

This isn’t just intended for email admins — anyone who manages an application that sends or receives email should attend. Please help spread the word as you talk to your colleagues across campus, and let them know that if they interact with an application that sends email, they will probably find this useful.

📈 Just in the last month:

• 99% of all network connections from internet blocked at firewall 
• 50B cyber attacks and malware blocked
• 170 petabytes of network data scanned
• 58k computers monitored; with 4.7B endpoint processes analyzed
• 127.6M mail messages scanned for spam, phishing, viruses; 76.7M messages blocked at gateway
• 20M auth events (2.6M with Duo) recorded across 293k active NetIDs 
• 153k devices tracked in the IT asset management system

Sign in with a NetID to see this content

As we start a new year, I’d like to share a great article about how to write better email: How to Write Email with Military Precision. The overall approach described in this article is about clarity and efficiency, and I’d encourage everyone to give it a read and consider applying the ideas as often as possible. 

I am always so proud of the things this team accomplishes, and your dedication to the security of Texas A&M data and resources. I know we’ll do great things together this year! I encourage you to share your thoughts and suggestions with me at any time, and you are always welcome to schedule a meeting with me.

Adam Mikeal

Associate Vice President and Chief Information Security Officer