January is here, students have returned, and a new semester has started. 2024 was a big year for the Security & Risk team, and we achieved some significant milestones. To highlight just a few: we launched a new virtual team focused on Endpoint Security; made significant progress on our identity infrastructure modernization efforts with SailPoint; and saw over 30,000 devices added to our Elastic stack through the security agent standardization project.

At our fall all-hands meeting in September, I introduced our FY25 strategic priorities: 

• Modernizing identity and access
• Platform and process documentation
• Cyber hygiene and security posture 
• Security agent standardization

The first thing to notice about this topic is that it seems like two topics pushed together. That’s because these two concepts go hand-in-hand: cyber hygiene encompasses the foundational practices that safeguard our systems, while security posture measures how effectively those practices—and others—work together to protect, detect, and respond to cybersecurity threats. At its core, security posture reflects the collective health of our IT infrastructure and our resilience against ever-evolving risks.

You’re going to be hearing me and the leadership team talk a lot about security posture over the next year. I’m increasingly interested in reframing the way we think about our day-to-day activities around the concept of improving the university’s security posture, because maintaining a strong security posture isn’t just about responding to threats—it’s about proactively building resilience. Our security posture is the collective result of all the activities we do to protect our environment: from scanning for vulnerabilities to applying patches, managing configurations, and analyzing telemetry data. Every action we take feeds into this larger goal, creating a comprehensive defense against potential threats.

I don’t want us to see “security posture” as just another buzzword—it’s the comprehensive measurement of our organization’s cybersecurity health. Think of it as a full-body health check-up for our IT infrastructure, where multiple vital signs come together to paint a complete picture of our security wellness. The results of vulnerability scans, for instance, are not just numbers—they’re actionable insights that help us prioritize and remediate issues, further strengthening our overall posture.

What makes our approach unique is how these different elements work together. Just as a doctor doesn’t diagnose based on a single test, we don’t rely on isolated security measures. Instead, we take signals from multiple sources to create a dynamic, responsive security environment. I’ve talked before about how public health can be used as a metaphor for understanding the work performed by security professionals. Following this metaphor, IT support technicians and systems administrators are like clinical health practitioners: they are responsible for the activities that comprise good cyber hygiene practices—actually applying the patches or correcting a vulnerability. As cybersecurity professionals, we are more akin to public health officials: watching numbers and statistics at a population level, and helping to direct resources and priorities where it will make the biggest overall impact.

To support this effort, we are launching a series of targeted campaigns in 2025, starting with a campaign targeted to IT professionals that is focused on three key elements of cyber hygiene: proactive patch management; effective credential hygiene; and accurate asset inventory. Using data from Axonius and engaging with our colleagues across Technology Services, I believe we can see substantive improvements in these key metrics over the next semester. So keep an eye out for emails, webinars, and other activities that will be announced over the next few months, and please encourage your colleagues from other verticals to attend what events they can! This campaign is an essential part of our mission to foster a culture of cybersecurity and operational excellence. Together, these efforts will enable us to build a stronger, more resilient security posture across the university.

• There have been several major wins for the Elastic project. We are now ingesting 8.4 billion log entries per day, and have over 30,000 hosts reporting into the Elastic stack. At the same time, we saw a 56% reduction in Elastic indices—resulting in increased performance, and reduced costs. This has been a phenomenal effort from several teams across Security & the organization, and the scale that we have grown into with Elastic is impressive.
  
  
• The CISO and Security team members presented at a TEES-hosted cybersecurity “barn raising” event in December; other participants were the TEES Cybersecurity Center, GCRI, agency cybersecurity teams, researchers involved in cybersecurity research from across the System, and peer institutions like Georgia Tech, Arkansas, and UIUC.
  
  
• Garrett Yamada presented some of the Identity Security team’s work on Duo Enrollment Stations, federation, and platform documentation at the Internet2 Technology Exchange; we’re told this session received the most audience engagement overall at the conference!
  
  

📈 Just in the last month:

• 5.8B log events collected per day
• 24 petabytes of network data scanned
• 124M mail messages scanned for spam, phishing, viruses; 91M messages blocked at gateway
• 5.1M Entra authentication events
• 3.3M Duo auth events across 167k active NetIDs 
• 170k devices tracked in the IT asset management system

Sign in with a NetID to see this content

You should have received a notification about our spring all-hands meeting that is scheduled for Wednesday, February 12 @ 11am. This time, our all hands will be held at the CIR building on the RELLIS campus. Check your email for details and directions! If you did not get that email, please reach out to Kyle Levenick.

As always, I thank you all for your hard work and dedication. I depend on you to share your ideas and suggestions with me, and I encourage you to schedule a meeting with me at any time if you want to talk.

Adam Mikeal

Associate Vice President and Chief Information Security Officer