UA CISO Shares Best Practices With Peers

May 29, 2019

How do you hire information security professionals on a higher education budget? That’s one of the questions Lanita Collette, Chief Information Security Officer at the University of Arizona, faced on stage at the 17th Annual Educause Security Professionals conference.

Lanita was invited to present at two different sessions at the conference, the premier forum on best practices for security in high education. Two other team members from UA’s Information Security Office also attended to learn about successful programs at other universities and to network. Over 900 from 48 states and several international universities attended the May event in Chicago, IL.

Lanita’s first session was a panel discussion, “Evolving the Art of Recruiting and Hiring in Information Security.” Her answer to the difficulty of competing with industry is creating an attractive, inclusive culture. One of her advantages is being a woman CISO, which encourages non-majority candidates that they’ll find a welcoming workplace.

Helen Patton, from Ohio State University, recommended rethinking how jobs are posted. Do you need to have an exact degree or qualification? Or would advertising for people with specific attributes attract better fits?

Along with colleagues from the University of Colorado system, Harvard University, and the University of Wisconsin system, they discussed wide-ranging topics including how to ensure postings are gender-neutral, internships, how to retain top talent, and the strengths of the higher education mission.

Additionally, Lanita presented “David and Goliath: Small and Large Institution Information Security Collaboration” with the CISOs from Northern Arizona University, Arizona State University, and Yavapai Community College.

There are challenges related to geographic separation and differences in missions. But collaboration between institutions provides many benefits, including shared lessons learned, feedback on experiences with different security products, better pricing from vendors, and strategizing around audit processes.

This year’s event contained more than nine different education tracks and 66 breakout sessions offering a wide variety of educational opportunities for all participants: Strategic Leadership; Incident Management & Response; Security Architecture & Design; Cyberthreat Intelligence; Governance, Risk & Compliance; Privacy; Security Awareness, Communications & Training; Identity & Access Management; and Security Operations & Engineering.

Educause is a non-profit organization dedicated to advancing higher education through the use of technology.