From time-to-time on this blog we like to take a moment to connect with those folks on the front lines of the cybersecurity battle, to give you a direct look into the issues they’re facing every day. Today, we sat down (virtually) with Sherry Horeanopoulos, the Information Security Officer at Fitchburg State University.
For some quick background, Fitchburg State University, located in Fitchburg, Massachusetts, is a public institution dedicated to integrating high-quality professional programs with strong liberal arts and sciences studies. Founded in 1894, the university now has more than 30 undergraduate programs and 22 master's degree programs, and 7,000 full and part-time students.
Thanks Sherry for taking the time to chat with us today. To start things off, we were wondering if you could share with us what you feel was most important about managing the remote working and learning environment we all found ourselves in this past March?
Great to be here; thanks for having me. It’s been an interesting time, to say the least. When the global pandemic rolled around, we knew that we needed to ensure that both students and faculty were up and running on virtual technologies quickly. Things needed to work right away, in order to set the tone for remote learning success.
What has it been like leading cybersecurity for a college, during a worldwide pandemic?
One thing that the pandemic and the new learn-from-home situation thrust upon us was the need to revaluate policies and restrictions to make sure students and faculty could access everything they needed to work and learn remotely, while still remaining protected.
Because we have such robust monitoring tools, such as Cygilant, it was easy for us to be aware of everything going on in and around our networks. To keep everyone up and running without interruption, we found ourselves relying even more heavily on the tools we use to monitor.
What are the biggest challenges you are currently facing?
For higher education institutions, such as Fitchburg State, that have traditionally been focused on brick-and-mortar education, it’s clear that now is the time to reimagine what the future of a college education will be. I suspect that very few institutions of Higher Education will be going back to a 5 day per week teaching in a classroom system of education. The nature of education is being forced to change and we’ll all have to change with it.
At the same time, those of us in education need to remember that one of the most important parts of the college experience is being on campus, living with others and experiencing new social interactions. This coming year will force a reinvention of higher education – and maybe the social aspect won’t come back for a little while – which means on the security front, we’ll need to continue to balance security and availability.
No longer can we spend our time trying to “defeat against the end user.” We now we have to find ways to monitor the end user, ensure there aren’t any security-related issues and adjust behavior if there are concerns. The typical “block and notify” approach will become more of a “notify and then block” approach.
Why is getting this balance correct so important?
More so than ever before, experiences need to be pleasant for both employees and faculty. The better the experience, the more apt both are to remain with the institution. Retention is huge consideration, especially in this day and age.
To provide and support a pleasant experience, we need to be a provider of technology, but still remain vigilant. Our work just needs to be done more behind-the-scenes, in a way that’s less obvious to the end user.
How has Cygilant helped you improve your security posture?
When we first started with Cygilant it was to address PCI compliance. Everyone we spoke with beforehand said that handling compliance was a 2-3 person job – and we knew our budgets didn’t support hiring new employees to implement our technology plan. Because we needed assistance, we decided to go with Cygilant - so we could have access to an experienced security team that could help us with compliance, and more.
The advantage of working with Cygilant – and the key to us expanding our relationship through the years – has been the access we get to that expert team. We’ve had essentially the same team for years. They know us; we don’t find ourselves having to explain or re-explain key aspects of our network structure to them. They understand our environment, what we have, and how we operate. You can’t put a price on that.
The value of having an outside team constantly taking a look at our network environment is easy to see. Put simply, they can see things we don’t. Having that safety net is incredibly valuable.
How would you best describe your partnership with Cygilant?
With Cygilant, I know I don’t have to monitor my network as closely myself. We are very comfortable with the knowledge that our Cygilant team is watching and telling us about the most important things to deal with – and just as importantly, telling us what we don’t have to worry about.
I know I’m going to get the most valuable information I need from Cygilant to get to the bottom of a problem. You get constant feedback, very efficient communications, and the knowledge that you’re covered – and there’s no one wasting of my time with repetitive explanations. That’s the value of having a partner who really knows you. It’s like having a dedicated employee on your staff.
To finish up, are there any interesting anecdotes you can share about working with Cygilant?
Actually there is one that happened fairly recently. We received a message from our SOC team the other day – they had identified a repeating instance of new accounts being added to the system and alerted us that we needed to take a look urgently. It was just the way our system adds new student accounts – so not an issue – but that’s exactly what you want from a SOC-as-a-Service partner – immediate monitoring and contact if there’s something THEY would recognize as an issue. If it were a test, they would have passed with flying colors!
Thanks so much for your time, Sherry. If you’re reading this and would like to know more about Cygilant’s work with Fitchburg State, click here, or if we can help your educational institution get a better handle on its cybersecurity, don’t hesitate to drop us a line at any time.