The CISO’s Perspective
I believe we all started 2020 with the best of intentions. We got off to a good start, but the wheels started wobbling around the end of February. COVID-19: Who would have guessed that a novel Coronavirus—a new strain not previously seen in humans—would dramatically alter our work, life, family, friendships, business, economy, values, our whole world?
Then came the warnings:
Wash your hands! Don’t touch your face! Wear a mask! Stay at least six feet from others you do not live with! Clean everything—all the time!
There was no way the UW–Madison pandemic contingency plan could have imagined all that occurred as 2020 played out. Let’s take a moment to give applause to the people who made tough choices and provided leadership and strategies that carried us through. We should also honor those who kept things running with a constant stream of tactical guidance, new ideas, process changes, and tools that focused on keeping safe while continuing the core missions of teaching, research and outreach.
Families suffered loss of livelihood and loved ones, health care workers were driven to exhaustion while working in dangerous situations.
Oh, and then there were other issues: shrinking budgets, remote work, online course delivery, video meetings, police brutality, racism, politics, stimulus checks to save our economy, sports without fans in the stands, cyber-attacks, experts on the news and talk shows with different viewpoints and strategies, delays in starting the 11th season of “Blue Bloods”—lions and tigers and bears, OH MY!
When we wake up on Friday, January 1, we will still have many of these problems. Where we go from here is up to us.
Will we be content with our situation or will we take on the challenge of defining normal in terms like adaptability, adventure, compassion, courage, flexibility, innovations, persistence, rationale, and resourcefulness?
Will we find opportunity in the place of chaos? Will our “normal” include occasions to gather together in the same room and not just in a Teams/Webex/Zoom mosaic?
If we are committed to doing more than is necessary to just survive—we win!
Forecast for 2021
Here are the things you can expect to see in 2021:
- The Office of Cybersecurity will continue pressing on a revision to our Information Security Program and Cybersecurity Strategy. This should take the rest of January and part of February to get into top shape and ready for university leadership buy-in.
- The UW IT Talks Technical project will move toward a set of terms that better express information technology and technical terms in a manner that is inclusive and respectful of the diversity that is the UW and the IT profession.
- A new Cybersecurity Awareness training tool will debut in February when we introduce “micro-learning” as the primary method to promote and document our understanding of cybersecurity. This will be a campus-wide launch and promises to be much more effective with promoting true awareness, and not just checking a box on a compliance audit.
- New risk management tools are rolling out that will simplify the intake process and lead to faster and higher quality for information technology risk assessments. Greater visibility for what has already been assessed will be a new feature.
- We will continue to seek opportunities and technology that allows for optimal visibility for our IT assets and cyber-health assessments that are comprehensive, secure, better orchestrated, automated to the extent possible, and with automated remediation where supported.
As 2020 gives way to 2021, my challenge to the Cybersecurity Community is to seek and do meaningful work, be challenged to serve the university community, know that your skills are more meaningful than last year and that your talents are being used for the good of all, “to influence people’s lives beyond the boundaries of the classroom,” and that you will “never be content until the beneficent influence of the University reaches every family of the state.”
—Bob Turner, Chief Information Security Officer, UW–Madison