Midterms are right around the corner, and then Spring Break just after that. It’s always amazing to me how quickly the semester passes. Summer heat will be here before we know it — enjoy the cooler weather while it lasts!

You’ve heard me talk at length about the importance of continual improvement, and why we strive to build a culture that values continual learning. In The Phoenix Project, Gene Kim says that “Improving daily work is more important than doing daily work.” That’s a bold claim, but over time I’ve come to recognize the truth hidden inside that paradoxical statement. It’s about never being satisfied with the status quo, and constantly pushing ourselves to improve and grow. As security professionals, that message should resonate strongly.

Our third major theme for the year—process improvement through automation—really fits inside the broader category of continual improvement. But I chose to highlight automation because it is a particularly powerful tool that encourages us to look at our processes from a different perspective. In order to automate something, you have to break it down to its component parts, and often that allows us to eliminate waste and unnecessary steps. In order to automate, all the parts need to be addressable as code, or through APIs, which syncs nicely with other things we value, like infrastructure as code, and automation pipelines.

There are many processes and workflows across the university that have bottlenecks created by engagement with our team, and even a small amount of automation can have dramatic, positive returns for the university. Areas like the identity lifecycle, telemetry and log aggregation, vulnerability management, and of course our various risk and compliance workflows are all places that have potential for automation. Of course, many of our platforms already have some amount of automation baked in. But there is lots of potential for automation gains in the boundaries between tools and platforms, and that needs a smart human to glue things together.

So how do we get there? Experiments. Finding efficiency gains through automation will require lots and lots of small experiments—that’s the only way that this type of improvement happens. But lots of experiments happening in our org means that most of those experiments will fail; that’s the nature of experimentation. And that’s OK. In fact, it’s great! Failure means that experiments are happening—it’s proof that learning and growth is occurring. This is one of the key aspects of a learning culture: failure is seen as potential for growth.

I recognize that if I want you all to feel confident in running experiments in automation, then you need assurance that any associated failures won’t be held over your head; next month we’ll be talking about blame-free culture, and why we value learning over blame. Of course, there are smart ways to reduce risk in experiments, too: an agile approach, small cycles, MVPs. I’m confident that if we embrace a growth mindset around automation efforts, we will make tremendous progress.

• Sean Sikorski starts as a new Security Analyst II in Security Operations & Forensics on March 1. Mr. Sikorski worked for HDC during his time as an undergraduate here at Texas A&M, and has been working as a Cybersecurity specialist in the manufacturing sector in the meantime. When you see him at the all-hands meeting next week, say hi and welcome Sean back to Aggieland!
  
  
• Austin Dalton, a Security Analyst II in Security Operations & Forensics since 2019, will be leaving the university for a new opportunity. We will miss his talents, and wish him all the best on his next steps.

• IT Security & Risk was well-represented at the 2024 Tech Summit in Frisco in February. There were seven presentations given by our team members, covering topics ranging from SSO to DevOps to SSDLC. Kudos to Adam Mikeal, Shem Miller, Robert Stricklin, and Garrett Yamada!
  
  
• As a reminder of the importance of the automated tools that monitor our data and platforms, the Proofpoint CASB platform secured 113 student transcripts from accidental public exposure.
  
  
• An AWS network firewall was deployed in February with policies that block threat signatures, network traffic from Belarus and Russia, and a list of over 250 prohibited domains. This is a significant step towards moving our cloud recourse into compliance with boundary protection controls required by NIST 800-53.

📈 Just in the last month:

• 97.6% of all network connections from internet blocked at firewall 
• 42.6B cyber attacks and malware blocked
• 137 petabytes of network data scanned
• 57k computers monitored; with 4.4B endpoint processes analyzed
• 111.9M mail messages scanned for spam, phishing, viruses; 64M messages blocked at gateway
• 2.3M auth events with Duo recorded across 293k active NetIDs
• 171k devices tracked in the IT asset management system

Sign in with a NetID to see this content

Reminder — We have our spring All-hands meeting next Tuesday, March 5th @ 11am. We’re meeting at the Hildebrand Equine Center in room 708 (a map was included in the email invitation). These meetings are a great opportunity to meet new team members, and reconnect with colleagues. Lunch is provided (pizza and sandwiches).

I know I always say this, but I want you to know I mean it every time: I thank each one of you for all your dedication and hard work. I depend on you to share your ideas and suggestions with me, and I encourage you to schedule a meeting with me at any time if you want to talk.

Adam Mikeal

Associate Vice President and Chief Information Security Officer