Fall is finally here, and I know that we’re all hoping for cooler weather any day now. It was wonderful to see so many of you at our fall all-hands meeting last week, and also to host our colleagues from System Cyber Security.

We covered a lot of ground in that meeting—I introduced our updated core principles, and we talked about our new strategic priorities for the upcoming school year. We’ll be expanding on these topics (especially the core principles) in the monthly newsletter over the next few months. This month we are going to take a high-level look at our new strategic priorities, and what that means for your work over the next year.

FY25 Strategic Priorities

Last year, I called our big-picture priorities for the year “themes”. The idea was that they were topics that would guide our decision making around projects and initiatives, and help us prioritize resources. The themes from last year were very broad: zero-trust security; reducing data silos; and process improvement through automation. We made significant progress on all three across multiple major projects.

This year, I’m narrowing our focus a bit, and clarifying what these items really are: strategic priorities. These priorities will help guide our decisions around resource allocation and where we spend our time. In no particular order, this year’s priorities are:

  • Modernizing identity and access
  • Platform and process documentation
  • Cyber hygiene and security posture 
  • Security agent standardization

Texas A&M is a big place, and we have a lot of projects and initiatives in flight at any given point. These “strategic priorities” can always serve to remind us of the big picture—if we have to decide between two competing efforts, which one will advance one of these priorities more effectively? All four of these priorities intersect multiple teams, and involve almost every person in our org. Because they cut across our teams, it will require continual focus on cross-team collaboration to make the type of progress we want to see.

I’ll talk about each one of these priorities in more detail in upcoming newsletters. This month, let’s examine security agent standardization. In this case, there is actually an ongoing project being managed through the PMO with this exact name. Currently, a wide range of various security agents are installed on university devices, leading to management complexities and inconsistent security configurations. Standardizing these agents will improve overall device performance, streamline management practices, and ensure all devices adhere to high security standards.

Part of this project is providing clarity to our colleagues in the rest of Technology Services. Before other IT pros ever started doing any work on devices, the security team wrote and published dozens of pages of new documentation on endpoint security: from policy on device management to a guide on prohibited software to installation guides for the required security agents.

The effort towards standardizing security agents on endpoints will continue for most of this next year. While we won’t be the ones removing and installing agents, or changing security configurations, our role as subject matter experts in cybersecurity means that we will be ready to step in with advice, consultation, and assistance whenever it is needed.

Next month, we’ll talk about platform and process documentation, and how the security agent standardization project is an excellent test case for something you will hear me say repeatedly over the next year: enterprise-class services demand enterprise-class documentation.

New Team Members & Organization Updates

  • We have been working hard to fill open positions on our teams, and I want to welcome Cody Martz both to Texas A&M and to the Security team! He will be working with Chris Wiley on network security: firewalls, network segmentation, VPN and network overlays, and lots of other matters related to the Next Gen Aggie Network project. If you see him in the hallway, please give him a welcome!

  • After an extensive search, Robert Stricklin was selected to lead the Cloud & Platform Security team. Robert started in this role in August, and has been a great addition to our leadership team. Ask him about email security… It's his favorite topic 😉.

  • Aaron Brender retired this summer, and Paul Wiggins has taken over Research Security & Compliance. As part of this transition, forensics will be moved into this team in order to better align that with other research-related compliance activities.

  • As mentioned at our all-hands meeting, we are consolidating risk and compliance teams into a single group that will be reporting to Joe Mancha. This means that IT Accessibility, Research Security & Compliance, and IT Risk Management will all be part of a larger group called  . This brings all compliance functions under one umbrella, providing better collaboration across those teams and ensuring consistency in policy.

Wins & Successes

  • SailPoint took over provisioning of Auth and M365 accounts in August, joining Google and Duo as the next major service to have accounts managed by SailPoint. Phase I will wrap up in October when account deletions are moved to SailPoint, moving us into Phase II with a focus on customer-facing applications like Gateway.

  • Accounts created for new student applicants are now Duo-protected; previously, this group was one of the few categories of NetID that did not require MFA. This is critical to establishing a secure environment as early in the account lifecycle process as possible.

  • We are collecting 3.3 billion log entries per day, now that students are back; a significant increase from the approximately 2.5 billion per day that we saw during the summer months.
  • The Cybersecurity Apprenticeship Program (CAP) is growing! We hired a new cohort of 11 new CAP students last week, and more importantly, the program itself is also expanding its scope. Over a 2–3 year period, CAP students will now get to work directly with our security and risk professionals on multiple teams, providing hands-on experience in all aspects of modern cybersecurity operations.

Security by the Numbers

📈 Just in the last month:

  • 70.9% of all network connections from the internet blocked at firewall
  • 25 petabytes of network data scanned
  • 30k computers monitored with security agents
  • 89.5M mail messages scanned for spam, phishing, viruses; 55.3M messages blocked at gateway
  • 3.6M auth events recorded across 289k active NetIDs
  • 172k devices tracked in the IT asset management system
  • 3.3 billion security events logged every day

Major Project Updates

Sign in with a NetID to see this content

 

Wrapping Up & Reminders

I’m really looking forward to this next year, and all that we will accomplish together. The previous year was a year of change—we replaced several major platforms with new technology, reorganized team structures, and pushed our capacity to the limit (go check out the January newsletter for a reminder). This year our focus will be on maturation: growing our teams and improving our processes. Our new strategic priorities reflect that.

As always, I thank you all for your hard work and dedication. I depend on you to share your ideas and suggestions with me, and I encourage you to schedule a meeting with me at any time if you want to talk (it doesn’t have to be about work!).

 

Adam Mikeal

Associate Vice President and Chief Information Security Officer