The Office of the Chief Information Security Officer (CISO)

The IT Security & Risk team is led by the Assistant Vice President & Chief Information Security Officer (CISO) as a part of the Division of Operations within Texas A&M Technology Services. Our responsibilities cover a broad spectrum of security disciplines to ensure a comprehensive defense, and our team is structured to provide this coverage across three primary areas:

Security Operations

Through Security Operations, we establish and maintain robust defenses across the university's digital landscape. This includes managing how users access our systems and data securely, protecting the university’s network infrastructure, and safeguarding the vast array of devices, from servers to personal computers and mobile devices, connected to our network. We also focus on securing university data, whether it's stored in the cloud or communicated via email, and ensuring the applications used by our community are safe and resilient against attacks.

Governance, Risk & Compliance

Our Governance, Risk & Compliance (GRC) function ensures the university meets its obligations under federal, state, and Texas A&M System regulations. We proactively manage IT risk, support research security compliance for grants and contracts, guide departments in audit readiness, and oversee IT policy and accessibility.

Education & Outreach

Education & Outreach are vital components of our strategy. We empower our students, faculty, and staff by fostering cybersecurity awareness, providing training, and promoting secure computing practices throughout the university community.

We operate under a set of core principles to guide our security efforts:

1. Secure by Design
2. Focus on Risk
3. Trust Users (and get telemetry)
4. Approach Everything with Automation in Mind
5. Reduce Complexity and Remove Silos

We believe that a positive working relationship between security and our users is built on a foundation of trust, transparency, and informed consent. We strive to be open about our goals and empower our campus community to make rational and informed decisions about security risks.

To continue enhancing our security posture, our strategic priorities for FY25 include:

Modernizing Identity & Access

This involves work on our core Identity Governance and Administration (IGA) infrastructure; modernizing and enforcing protocols like OIDC, SAML, and DMARC; and enhancing authentication/authorization systems like Entra, Shibboleth, and Duo.

Platform & Process Documentation

We are committed to providing clear documentation to our IT partners about our security platforms and services. Our platform documentation is available at docs.security.tamu.edu.

Cyber Hygiene & Security Posture

Launch a campaign designed to bolster our cybersecurity posture and ensure we continue to protect our university's digital resources focusing on three key areas: Proactive patch management; enterprise credential management; Asset lifecycle management

Security Agent Standardization

This strategic initiative brings clarity and consistency to the security agents installed on University devices. This initiative enhances security oversight, streamlines management processes, and ensures all devices adhere to appropriate security standards. By standardizing the security agents across the University, we aim to improve overall device performance, facilitate compliance with regulatory requirements, and provide a uniform security framework that protects sensitive academic and research data.