IT Security and Risk

Security Operations

The Security Operations team is responsible for detecting, investigating, and responding to cybersecurity threats across the university. They monitor network and system activity, manage firewall and endpoint protections, and use threat intelligence to proactively identify risks. The team also plays a key role in maintaining the university’s security posture through continuous vulnerability management, and works to protect institutional data through monitoring and data loss prevention controls. This group is organized into five focus areas:

• Security Response Team (security@tamu.edu)

• • • Security incident triage and response
    • Incident investigation & threat intelligence
    • Major incident response coordination

• System & Asset Security (security@tamu.edu)

• • • Security posture for network-connected devices
    • Vulnerability management program (app and web)
    • IT asset management platform (Axonius)

• Cloud & Application Security (cloud-security@tamu.edu)

• • • Public cloud security configuration and automation 
    • SaaS security config and compliance monitoring
    • Application/container security & Secure SDLC
    • Systems and application penetration testing

• Network Security (network-security@tamu.edu)

• • • Firewall configuration, management, and policy review
    • Network monitoring, segmentation, and DNS security
    • VPN services and zero-trust network access solutions
    • Wireless security and coordination with network engineering

• Data Security (security@tamu.edu)

• • Data loss prevention (DLP) strategy, tools, and monitoring
  • Monitoring for data oversharing and breach indicators in cloud platforms
  • Insider threat analysis and investigation

Security Engineering

The Security Engineering team is responsible for managing the core security infrastructure and platforms that support the university’s cybersecurity operations. They manage critical platforms for identity and access management, multi-factor authentication, and certificate services, ensuring secure access to systems and data. The team also operates our security telemetry and analytics tools, as well as email and cloud security platforms, which provide the foundation for monitoring, threat detection, and data protection across the university. It has three focus areas:

• Identity Security (identity@tamu.edu) 

• • Identity governance and the NetID lifecycle
  • Authn/authz (Entra, CAS, Shibboleth)
  • Duo MFA
  • Certificate issuance and Identity of Things

• Security Analytics (security-engineering@tamu.edu) 
  • Elastic SIEM and EDR
  • Log aggregation and security telemetry

• Security Platforms (security-engineering@tamu.edu) 

• • Email and cloud data security
  • Core Internet protocol security (Email, DNS, etc)
  • Platform and compliance automation 

IT Risk & Compliance 

The IT Risk & Compliance team ensures the university meets its security governance, risk, and regulatory compliance obligations across academic, administrative, and research activities. They manage risk assessments, policy development, audit readiness, and compliance with federal and state regulations such as HIPAA, FERPA, and TAC 202. The team also supports secure and compliant research through close collaboration with the Vice President for Research, and works closely with the Chief Compliance Officer to manage university privacy and IT accessibility risks. This group is organized into three teams:

• Risk, Policy & Compliance (it-policy@tamu.edu) 

• • Federal, state, and local compliance (HIPAA, FERPA, etc)
  • IT policies & controls catalog management
  • Annual risk assessments, audit readiness, and System audit liaison
  • Contract, security, and risk reviews for procurement
  • State-mandated reporting (TAC §202, TGC §2054, etc)

• Research Security & Compliance (it-security@tamu.edu) 

• • Research data security and compliance
  • CUI and CMMC program oversight
  • IT ancillary reviews for human research
  • Grant and research contract review
  • eDiscovery and digital forensics

• IT Accessibility (it-accessibility@tamu.edu) 

• • Designated Digital Accessibility Officer (DAO) for Texas A&M
  • Federal and state compliance and associated audits
  • Accessibility compliance reviews for all information resources
  • Web accessibility consulting and remediation

Virtual Security Teams (VSTs)

To tackle risk areas that cut across our traditional security silos, we created “virtual teams”: small, mission-driven groups that draw experts from multiple verticals while letting them stay embedded in their day jobs. This matrix approach gives us immediate access to the right skills and lets us respond to emerging threats more quickly. By aiming a virtual team at a narrowly-defined, high-impact domain we can iterate quickly and bring the right expert to the problem. 

• Endpoint Security (endpoint-security@tamu.edu)
  Our Endpoint VST brings together specialists from threat intelligence, network operations, incident response, and governance to ensure end-user devices remain a hardened, trusted entry point into the university environment. The Endpoint VST is a single point of contact for anyone in Technology Services with questions related to endpoint security: security policies for devices; troubleshooting problems and compatibility issues with security agents; or providing guidance on device configuration or hardening.
  

• AI Security (ai-security@tamu.edu)
  Composed of cloud, application, identity, and network security engineers, the AI VST exists because of the unique security challenges presented by modern AI platforms and technologies. This team will focus both on securing our own AI infrastructure, and also addressing novel threats from AI-driven agents and threat actors. The AI VST delivers guardrails that let researchers build with confidence while keeping the institution’s data, models, and users safe.