We survived the big freeze of 2024 🥶❄️. This time, the winter storm didn’t stay around long enough to freeze that many pipes, even if it did delay the start of classes.

Last month we looked back at all the things we accomplished in 2023. In this month’s newsletter you’ll find updates on some of our major projects, and we are announcing an organizational change to better serve our customers.

Usually, a team within security has a fairly well-defined area of responsibility. However, that’s not always the case. For example, we have a number of different agents that get installed on servers and end user devices across campus, and each agent is managed by different teams:

• EDR agents (Crowdstrike and Elastic) are primarily managed by the Security Operations team
• The DLP agent (Proofpoint DLP) is the responsibility of the Cloud & Platform Security team
• Vulnerability scanning agents (Tenable) which are installed on any server with open firewall ports are managed by the System & Application Security team

There are logical reasons why management of these platforms is distributed, but it creates challenges when there are problems that demand coordination between these teams. Also, it’s hard for groups outside of security to get help when they don’t have a single point of contact; someone might suspect a security agent is causing a problem with a customer’s laptop, but they aren’t sure which agent might be at fault.

To that end, we have created a new Endpoint Security virtual team. Why is it “virtual”? There are no new positions, and no supervisory changes are happening in Workday; instead, the virtual team is composed of one member from five of our security verticals that have existing responsibilities related to endpoints:

• GiGi Carbo - Cloud & Platform Security
• Brandon Howell - Security Operations & Forensics
• Shem Miller - Identity Security
• Francesca Vargas - System & Application Security
• Paul Wiggins - IT Risk, Policy & Compliance

This team will retain their current reporting structure, but when matters related to endpoint security arise, they will work together under the coordination of the designated team leader to find solutions. They will take on a variety of responsibilities: defining security policies for agents; publishing criteria for when agents are to be installed on endpoints; hunting down problems and compatibility issues with security agents. Most importantly, this team will provide a single point of contact for the rest of Technology Services when they have questions related to endpoint security.

This team will be headed up by Francesca for the first 6 months, and we expect to rotate the leadership of this team around the members as time goes on. 

It’s always great to welcome new members to our team! Kevin Glueck has joined the IT Risk, Policy & Compliance team, where he will be joining the Field Team, and working on our next generation of compliance: automation, compliance as code, and continuous assessment.

But life is a series of meetings and partings, and Stephen Pampell is leaving his position as lead of the Cloud & Platform Security team to take a new role as Director in the University Libraries. He will be greatly missed! While we are sad to see him leave, we are equally happy for his new venture. I’m sure we will have many opportunities to collaborate on challenging projects together, like building a framework for container security on campus.

We will be posting Stephen’s position in the coming weeks, so if you are interested or know someone that is, keep an eye out for that!

• Stephen Pampell and the Cloud & Platform Security team led a Technically Speaking discussing email security changes. This was incredibly successful, and was attended by over 400 IT professionals across the organization. The tools the team has created have been put to great use so far, and we are seeing fantastic results.

• We have fully migrated over to Elastic! This transition went as smoothly as it possibly could, and I am not aware of any issues that have cropped up due to the change. I am incredibly impressed and proud of our team; we now see 100% coverage for log ingestion from syslog collectors, and 66% more systems are sending data into Elastic than was present under Splunk — including seven unique data sources that were previously never monitored!
  
  
• From a performance perspective, Elastic is already outperforming Splunk in terms of speed. Firewall data ingestion into Elastic has significantly reduced latency; going from an average of 40 minute lag with Splunk to an average of 5–8 seconds under Elastic.

📈 Just in the last month:

• 99% of all network connections from internet blocked at firewall 
• 49.7B cyber attacks and malware blocked
• 154 petabytes of network data scanned
• 57k computers monitored; with 4.4B endpoint processes analyzed
• 146.8M mail messages scanned for spam, phishing, viruses; 109.3M messages blocked at gateway
• 23M auth events with Duo recorded across 293k active NetIDs 
• 150k devices tracked in the IT asset management system

Sign in with a NetID to see this content

In last month’s newsletter, I recommended a great article about email: How to Write Email with Military Precision (go check it out!). This month’s recommendation is about another central feature of our technology-communication landscape: calendars. We all have to juggle meetings and meeting invitations, and I’m sure we have all experienced the phenomena of Meetings That Should Have Been Emails 🙄. One easy way to ensure that meetings are productive and efficient is to always include an agenda in a calendar invitation. It doesn’t have to be long; a couple sentences or even a few bullet items are enough. Including an agenda shows respect for all your invitees, and helps participants use their time wisely.

Let’s make a rule: all calendar invitations we send from now on will always include an agenda. To that end, if you get an invitation without an agenda, you have my permission to respond with a “Maybe” and politely request an agenda before you decide whether or not to accept.

As always, thanks for all your hard work! I encourage you to share your thoughts and suggestions with me at any time, and you are always welcome to schedule a meeting with me.

Adam Mikeal

Associate Vice President and Chief Information Security Officer