Spring Break is here, and with the warming weather, Texas wildflowers are right around the corner. Whether you are heading out for a well-earned break this week, or holding down the fort on campus, I hope you find some time to recharge.
Last month was a busy one—not only did we kick off the Cyber Hygiene Campaign, but we also had one of our biannual all-hands meetings. Since we only get the chance to bring everyone together twice a year, it was great to see so many familiar faces, share updates, and spend time as a team.
Meanwhile, the Cyber Hygiene Campaign has been in full swing, and the early results are encouraging! This month, we’re talking about why we selected the three metrics we are tracking for the campaign: OS patching, vulnerability remediation, and inventory accuracy.Choosing the Right Metrics
When we launched the Cyber Hygiene Campaign, we knew we couldn’t track everything—so we focused on three core areas: patching cadence, vulnerability remediation, and inventory accuracy. But with so many different aspects of cybersecurity available for measurement, why did we land on these three? Simply put, these three data points give us the biggest bang for the buck. Improvements in these areas have the biggest impact on overall security posture, the highest potential for improvement, and provide the most immediate, measurable results.
Read on to see why these fundamentals are the backbone of good cyber hygiene—and how improving them now sets us up for long-term success.
Patching Cadence: The first line of defense
- Why it matters: Operating system patches are like vaccines—they protect against known threats before they can cause harm. Outdated OS versions leave systems exposed to exploits that attackers actively exploit.
- Why we’re tracking it: By ensuring that systems are regularly updated, we reduce the number of devices vulnerable to attacks like ransomware or privilege escalation exploits. OS patching is a fundamental, high-impact habit—and getting this right is a huge step toward a healthier security posture.
Patching Vulnerabilities: Closing the doors hackers use
- Why it matters: While OS patching is critical, it’s not the whole story—many security flaws exist in third-party software, misconfigured applications, or outdated drivers. Unpatched vulnerabilities are among the top ways attackers gain access to networks.
- Why we’re tracking it: By focusing on known vulnerabilities—especially those marked as critical—we can identify and close gaps before they are exploited. We’ve already seen measurable improvements in this area across campus, but there’s still work to do.
Inventory Accuracy: You can’t secure what you can’t see
- Why it matters: If we don’t know what devices exist in our environment, how can we protect them? Untracked systems can miss patches, fall outside security policies, and serve as hidden entry points for attackers.
- Why we’re tracking it: Accurate inventory data means better decision-making and faster incident response. It also helps with lifecycle management—ensuring old, unsupported devices aren’t quietly sitting around, waiting to be exploited. By improving inventory accuracy, we strengthen every other security control we have in place.
🚀 Small Habits, Big Impact
Cyber hygiene is not about perfection—it’s about progress. By focusing on patching, vulnerability remediation, and inventory accuracy, we’re building the right habits that will improve security across the entire institution. And as we improve these areas, we set the foundation for tackling even bigger security challenges in the future.
This is why we use the health care analogy: just as regular exercise, a balanced diet, and annual checkups reduce the risk of disease, these basic security practices significantly lower our exposure to cyber threats.
Wins & Successes
- The Elastic project continues to grow. We are ingesting nearly 10.9 billion log entries per day, with a single high peak of 12.5 billion! There are now over 34,000 hosts reporting into the Elastic stack. This has been a phenomenal effort from multiple teams across Security & other verticals, and the scale that we have grown Elastic is impressive.
- The Cyber Hygiene Campaign was launched to all Technology Services employees. This effort will focus on improving our security posture by focusing on patching, password hygiene, and accurate inventory management.
- The Security Agent Standardization project has been moving along. The vast majority of endpoints across campus have been transitioned off of CrowdStrike to Elastic, and servers are ~30% complete.
Security by the Numbers
📈 Just in the last month:
- 10.9B log events collected per day
- 9 petabytes of network data scanned
- 141M mail messages scanned for spam, phishing, viruses; 86.4M messages blocked at gateway
- 12M Entra authentication events
- 3.6M Duo auth events across 239k active NetIDs
- 109k devices tracked in the IT asset management system
Major Project Updates
Sign in with a NetID to see this content
Wrapping Up & Reminders
There are two upcoming events associated with the Cyber Hygiene campaign. Mark your calendars to attend and support your fellow security team members:
- Cloud Vulnerabilities and You: Patching Your Cloud Environments (a Technically Speaking event) by Robert Stricklin and Chris Hall on March 26th @ 1:30 pm
- Security Hackathon with Elastic & 1Password: Join us on April 22nd at the Kyle Field Press Box for a full day of hands-on security challenges, technical deep dives, and expert-led discussions
As always, I thank you all for your hard work and dedication. I depend on you to share your ideas and suggestions with me, and I encourage you to schedule a meeting with me at any time if you want to talk.
Adam Mikeal
Associate Vice President and Chief Information Security Officer