October is here, and brings with it once again Cybersecurity Awareness Month (since 2004!). It’s a good opportunity to talk to friends and family about basic cyber hygiene practices, like password management and software updates. Be on the lookout for some messaging to our campus community as the month progresses! 

At our fall all-hands meeting in September, I introduced our FY25 strategic priorities: 

  • Modernizing identity and access
  • Platform and process documentation
  • Cyber hygiene and security posture 
  • Security agent standardization
In last month’s newsletter, we talked about standardizing security agents. This month, we’re going to dive deeper into what we mean by platform and process documentation.

Strategic Priority: Platform & Process Documentation

Let’s take a minute to talk about the different types of documentation that exist for IT and cybersecurity disciplines. I think most documentation that we create falls into one of three broad categories, mostly driven by its audience. First is documentation intended for our customers (AKA “public documentation”): reset a password, or register a new Duo device are examples in this category. Typically these are KB articles, and are written for our students, staff, and faculty. The second category is the most detailed, and is written to document specific team workflows and practices (AKA “internal documentation”): how to configure the backup server or where is the script that installs the certificate. These docs are written for other members of our team, and help train new team members and preserve our team practices and knowledge. You’ll often find this category of documentation in a wiki, or a tool like Notion. 

There’s a third category that sits in the middle of these other two: I call this platform documentation. This documentation is written for other IT pros who consume the platforms that we provide; platforms like Elastic or Axonius or NetID authentication. This category of documentation is often the most challenging to write, and unfortunately, is usually the most neglected. Delivering this type of documentation is a strategic priority for us this year, and is something that I want each of you to prioritize whenever we are building security tools and platforms. We’re writing these docs in plain Markdown, and using GitHub for version control and to automatically generate a documentation site at http://docs.security.tamu.edu/. If you have documentation that you or your team can contribute, please reach out to Garrett Yamada, and he can help get you started.

Documentation as a first-class citizen means that we treat it with the same importance as the platforms and tools themselves. When we provide services to other teams, we aren’t just delivering technology—we’re delivering documentation, training, and tools as core components of those platforms. By ensuring that our documentation is comprehensive, consumable, and thoughtful, we make it easier for other teams to quickly understand and use the services we provide. This is more than just a convenience: solid documentation is a hallmark of professional, scalable systems, and this directly supports the broader Technology Services priority of providing enterprise-class services to the university.

In many ways, documentation serves as the "front door" to our platforms. When it's clear and effective, we reduce barriers to adoption for our services. That enables other teams to onboard faster and troubleshoot issues independently. This means less back-and-forth between teams, more streamlined operations, and a smoother overall experience for our customers. The quicker and easier other teams can adopt our services, the more agile and effective we become as an organization.

This focus goes beyond technical manuals, too. Policy, process, and workflow documentation are critical parts of our service. Our controls catalog, for example, is more than just a compliance checklist—it’s a vital form of documentation that helps ensure that security measures are followed consistently and effectively across the organization.

By investing in thorough, up-to-date documentation, we don’t just make things easier for ourselves and the teams we support—we build a foundation that can scale with the needs of the university; because enterprise-class services demand enterprise-class documentation.

Wins & Successes

  • The Duo Enrollment Stations project has been completed — there are multiple self-service stations that are located at key locations across campus (like Evans Library, Zachry, and the Memorial Student Center), allowing students to self-enroll their devices into Duo quickly and easily

  • The Cloud & Platform team has worked with ProofPoint to implement their newest AI-driven email security tools within our environment; this will identify advanced attack patterns using machine learning & behavioral analysis; we are the first public customer to receive this added product, which has been configured in a listening-only mode for now

  • The Cybersecurity Apprenticeship Program (CAP) is growing! We hired a new cohort of 11 new CAP students this semester, and more importantly, the program itself is also expanding its scope. Over a 2–3 year period, CAP students will now get to work directly with our security and risk professionals on multiple teams, providing hands-on experience in all aspects of modern cybersecurity operation

Security by the Numbers

📈 Just in the last month:

  • 3.3B log events collected per day
  • 17 petabytes of network data scanned
  • 131.8M mail messages scanned for spam, phishing, viruses; 92.8M messages blocked at gateway
  • 5.8M Entra authentication events
  • 3.8M Duo auth events across 195k active NetIDs 
  • 172k devices tracked in the IT asset management system

 

Major Project Updates

Sign in with a NetID to see this content

 

Wrapping Up & Reminders

You should have received a notification about a Technically Speaking event next Thursday, Oct 17 @ 10:30AM. I’ll be speaking about one of our core security principles: Trust Users and Get Telemetry. I’ll talk about the importance of trust and transparency in creating a cooperative security culture, and how this directly impacts our ongoing security agent standardization project, and our approach to privilege escalation for end users. I know we talked about this several times already, but this is for our colleagues in other Technology Services teams—encourage them to attend if they have questions!

As always, I thank you all for your hard work and dedication. I depend on you to share your ideas and suggestions with me, and I encourage you to schedule a meeting with me at any time if you want to talk.

 

Adam Mikeal

Associate Vice President and Chief Information Security Officer