Information Security professionals protect our institutions' most important and private information. This path will help you identify and navigate an Information Security career by increasing your understanding of the knowledge, skills, and experiences needed to begin, transition, and advance your career.
Explore the professional pathway through information security to help you determine your goals—or guide others to define theirs. John O’Brien, President and CEO of EDUCAUSE speaks to Bella Abrams, Director of Information Technology at the University of Sheffield and Phil Ventimiglia, Chief Innovation Officer at Georgia State University on the 2022 Top 10 IT Issues.
The EDUCAUSE Security Pathway Toolkits provide individuals and mentors an opportunity to identify strengths and gaps, then select activities to leverage those strengths and develop in select areas. The toolkits support the development of an action to improve immediate performance and foster readiness for long-term professional goals. Select the appropriate toolkit for your needs below to get started.
Entry-level positions in cybersecurity include job titles like information security specialist, information security analyst, network technical specialist, and computer forensics analyst. In these roles, your duties and responsibilities may include helping to prevent data breaches, network attacks, and other threats. You work to protect your institution's digital resources and information technology systems and to prevent hackers from disrupting normal business activities. Additionally, you help faculty, staff, and students learn and engage in good information security practices on the job and at home.
Degree in Computer Science or related area and/or equivalent of education and experiences; select network and security certifications; and experience working with select compliance standards.
Entry-level positions for teaching and learning may support faculty to apply learning technology to courses, coordinate and maintain digital resources for the institution, or assist in curriculum or instructional design. People who perform these tasks may have job titles like instructional technologist, instructional designer, computer learning lab coordinator, learning management system administrator, instructional technologist, multimedia designer, and faculty development specialist.
Associate's degree, bachelor’s degree, certifications in user and instructional design, or equivalent experience
Entry-level positions in innovation include job titles such as instructional innovation specialist, business transformation project manager, and systems integration and innovation coordinator. These positions work in some capacity helping to support innovation to advance institutional strategies.
Associates degree, bachelor’s degree, or equivalent experience.
Early level positions in information technology include job titles such as user support specialist, data analyst, desktop support technician, and network operations analyst. These positions work in some capacity helping to support institutional technology or data operations, or to maintain the institution's digital environment.
Associate degree, bachelor’s degree, ITIL or IT service management training (see take action for more information), or equivalent experience. Certifications such as CompTIA A+, ITIL Foundation; vendor specific certifications such as Microsoft, AWS, for service and support roles. Certifications around data analytics and vendor specific certifications, such as Oracle or Microsoft for those working with data and databases.
Information security specialists are in charge of developing and implementing security measures for their organization. They are responsible for analyzing security procedures and suggesting changes to upper management for increased efficiency and extra security. Information security specialists present their findings to managers and recommend new technologies or policy modifications.
Information security network specialists, also known as computer support specialists, set up, support, and maintain local area networks (LANs), wide area networks (WANs), and other networking systems in their organization. These professionals also install routers, switches, firewalls, and network-related software programs for their organizations.
Information security analysts are responsible for conducting system analysis and providing technology project leadership for their organization. One of their main duties is coordinating operational procedures related to information systems and their management.
Forensic computer analysts are responsible for analyzing computer-based information for forensic evidence within their organization. They process large amounts of data to find specific items on behalf of their organization. Tasks performed by forensic computer analysts may include handling computer hard drives and storage devices to analyze user patterns, using different computer programs to recover information from damaged media devices, and preparing detailed reports after running computer analysis software applications, among others.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
Looking at cybersecurity as a career path can be intimidating, but many working in this field didn't start out with intentions to work in cybersecurity. In this podcast, we ask several higher education cybersecurity professionals how they would encourage others to consider cybersecurity as a career option.
Ahmed El-Haggan, Vice President and CIO for Coppin State University, talks about the importance of expanding your definition of diversity.
Cindy Mitchell, Chief Information Officer for Colby College, reflects on her learning over the years and translates that into professional advice.
In this episode, we ask higher education information technology leaders about their biggest career misstep and how they course corrected.
Take our competency self-assessment for early-career cybersecurity professionals to evaluate your skills and abilities and to help you identify your strengths and growth opportunities in the areas of cybersecurity team performance, resource management, leadership practices, project operations, and more.
Explore and join any of the Security, Privacy, and Identity Community Groups to share strategies about information security governance, compliance, data protection, and privacy programs or other security-related topics.
Learn about the Young Professionals Community Group that is specifically for those in the early stages of their career.
Become an EDUCAUSE ambassador and help your organization get the most out of its membership by connecting colleagues with beneficial resources.
Find a mentor who has a role you may want eventually and can speak to the professional advancement journey. Connecting with a mentor with information security expertise can also help you understand the latest trends and issues.
As someone in the earlier stages of their information security career journey, connect with others in a group mentoring format around specific topics related to your field, e.g., governance, privacy, or security training.
Support EDUCAUSE conference planning by reading proposals for special topic events.
Review and consider a volunteering opportunity, like leading a community group, or submitting an article for EDUCAUSE Review.
Read the latest on everything information security, privacy, and risk-related in the Cybersecurity and Privacy channel of EDUCAUSE Review. Have a topic you'd like to see covered or an article to contribute? Become a contributor.
Submit a proposal for a session and/or poster at the Cybersecurity and Privacy Professionals Conference and leverage our Presenter Concierge services.
Attend events focused on key topics in the field of cybersecurity, including the annual Cybersecurity and Privacy Professionals Conference.
Go to the EDUCAUSE Annual Conference, which includes information security professionals and sessions designed for, and attended by, the global community of higher education IT professionals.
Listen to the Cybersecurity as a Career Path podcast.
Earn your microcredential at the Data Literacy Institute, which helps professionals develop the foundational knowledge needed to facilitate effective data-informed decision-making while getting hands-on practice with each step from data creation to leading change through data storytelling and data governance.
Don’t miss the latest research, resources, and events related to information security and privacy. Subscribe to our Weekly Update: Information Security.
Explore how to put the principles of DEI into practice and the learning and engagement opportunities to deepen your understanding.
Mid-level positions in cybersecurity include job titles like information security analyst, information security penetration tester, information security engineer, information security consultant, information security advisor, information security manager, information senior security engineer, manager of information security and systems operations, and senior manager of research computing. In this role, your duties and responsibilities may include designing security systems, conducting reviews and audits, assessing systems for gaps, and recommending solutions.
Bachelor's degree in computer science, information systems, communications, or related fields, or similar certified coursework in applicable fields of study. Foundation knowledge and skills may include working knowledge of common software application packages, equipment platforms, reference database systems and sources, and training methods and a basic understanding of networks, data communication, and multimedia systems.
Mid-Level teaching and learning roles include job titles like project manager, instructional designer, and faculty development manager, and typically require expertise in educational technology and learning design. People in these positions are beginning to have leadership responsibilities and may coordinate teams or training. At this level, people continue to develop the competencies and relationships they will need to assume senior and executive roles in the field.
Bachelor's or master’s depending on career goals and institutional expectations. Consider obtaining relevant certifications to user and instructional design, curriculum development, and project management.
Mid-level positions in innovation include job titles such as digital innovation librarian, associate director of research and innovation, and program manager for innovation and digitization. Professionals in these positions are often in management-oriented roles with responsibilities for supporting or maintaining a specific area related to innovation. They may also supervise entry-level staff.
Master’s, MBA, or doctoral degree based on personal goals and institution’s expectations.
Mid-level positions in information technology include job titles such as operations support manager, manager of client services, or manager of reporting and analytics. Professionals in these positions are often in management-oriented roles with responsibilities for supporting or maintaining a specific area within information technology. They may supervise entry-level staff.
Bachelor's, master's degree (or equivalent experience), ITIL or IT service management training, depending on career goals and institutional requirements (see take action for more information).
The information security engineer may serve in a technical, educational, and leadership role focused on securing both the physical and virtual aspects of an information environment. Implement, manage, and integrate systems that support the information security office’s mission to identify and remediate threats to the confidentiality, integrity, and availability of information in the institution's information ecosystem. Manage information security projects of significant institutional impact and importance; work closely with other staff responsible for enterprise technology infrastructure operations; and serve as a subject-matter expert/consultant to various groups.
Information security penetration testers plan and execute tests, document their methodologies, create detailed reports about their findings, and might be involved in designing fixes and improving security protocols. These professional will assist with penetration tests and other technical security assessments; assist developing and evaluate novel security testing capabilities and methodologies; help mentor junior penetration testing staff; and transition their knowledge and expertise to the broader community.
Information security advisors evaluate security systems to determine the potential risk of a breach. They develop policies and procedures that minimize the risk to properties, employees, and computer systems.
The information security consultant conducts regular audits across departments or teams that work with data. The consultant helps spot possible areas of vulnerability in the flow and storage of data and helps implement solutions. This typically includes the use of rules and standards for what data is available to certain employees, establishing tiered access to the data in a company, and implementing hardware and software protocols that secure all aspects of the organization’s IT assets against unwanted intrusion.
The information senior security engineer is responsible for the development, implementation, and management of technical systems and controls necessary to safeguard information and assets. The position will work directly with technical and non-technical staff to protect the confidentiality, integrity, and availability of sensitive data and systems.
Information security managers monitor the channels through which information flows into and out of an organization's information network. Managers are responsible for observing all of the operations occurring across the network and managing the infrastructure that facilitates those operations.
This lead role collaborates closely with research faculty; oversees research cyberinfrastructure efforts; leverages large-scale data and computational systems; supports custom software, hardware, and workflows; facilitates engagements between researchers and specialists; and works with administration and community partners to provide sustainable support structures for all aspects of research IT needs.
Information security systems operations managers hold a senior-level management role. They are responsible for overseeing an organization's operations, with particular regard to information technology, data security, and business continuity. The role requires strategic oversight in covering all elements of information technology security in an organization.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
Having a satisfying cybersecurity career can feel elusive, even for a seasoned cybersecurity professional. In this session, we’ll talk about things that all security professionals, of all levels and backgrounds, need to know and do, in order to achieve professional success.
Bill Dillon, former Executive Vice President for NACUBO, notes the importance of letting stakeholders influence the information-sharing process.
In this video, Tracy Schroeder, Vice President, Information Services & Technology at Boston University shares advice for aspiring female leaders.
Lorem ipsum dolor sit amet.
Take our competency self-assessment for mid-level professionals to evaluate your skills and abilities, and to help you identify your strengths and growth opportunities in the areas of communication, team development and optimization, financial management, project management, and more.
Assess your data literacy skills and abilities by taking the Data Literacy competency self-assessment. Understand your strengths and weaknesses in the areas of data security and privacy, data management, data analysis, and more.
Lead and facilitate a Community Groups that dovetails with your interests and expertise, like a DEI-focused or a leadership-focused community group.
Learn more about the National Initiative for Cybersecurity Education (NICE) and their mission to promote and coordinate a robust community working together to advance an integrated ecosystem of cybersecurity education, training, and workforce development
Find a mentor or become a mentor who can speak to the challenges of being in cybersecurity leadership roles. Consider a mentor who is in a different size institution or organization to learn about different approaches.
Create and lead an EDUCAUSE Mentoring Circle around an information security topic e.g., Vendor Assessment, Risk Management, Security Metrics.
Become a Working Group member and collaborate closely with your peers from a variety of institutions to define solutions for new and existing challenges and create useful resources for the community.
Have an idea that you think would benefit from focused attention? Have you started a project you would like to share with the broader higher education community? Propose a topic for a Working Group.
Read the latest on information security, privacy, and risk in the Cybersecurity and Privacy channel of EDUCAUSE Review. Have a topic you'd like to see covered or an article to contribute? Become a contributor.
Submit a proposal for a session and/or poster at the Cybersecurity and Privacy Professionals Conference.
Go to the EDUCAUSE Annual Conference, designed for, and attended by, the global community of higher education IT professionals.
Take part in our cybersecurity webinars featuring lively panel debates and cutting-edge insights. You can sign up for forthcoming webinars or review recordings and slides from past presentations.
Enhance your technical skills with these seven top security certifications.
Take a course from the SANS Institute, which empowers cybersecurity professionals with knowledge and skills.
Take a deep dive into our Library page of key resources in the Cybersecurity Program.
Learn more about cybersecurity roles at https://www.cisa.gov/cyberjobs.
Explore how to put the principles of DEI into practice and the learning and engagement opportunities to deepen your understanding.
Advanced-level information security positions include information security manager, information security associate director, information security officer, information security architect, information security engineer, assistant director of information security, information security senior director, and others. People in those roles monitor the organization's information technology security system, are in charge of the institution's security risk management program, and act as advisors to executives.
Bachelor’s degree in Information Security, Information Systems, or Computer Science or relevant experience. Certified Information Systems Security Professional (CISSP) or other equivalent certifications typically preferred. Information security, networking, server administration, and project management experience typically preferred.
Advanced teaching and learning positions include job titles like senior instructional designer, director of academic technology, teaching and learning center director, and director of online learning. Professionals in these roles provide strategic oversight at the departmental level and usually lead teams. While not at the executive level yet, people in these roles are often the most senior representative subject matter expert in educational technology or learning design.
Master’s, EdD, or PhD depending on career goals and institutional expectations.
Advanced-level positions in innovation include job titles such as director of innovation and instructional technology, director of lean transformation, and director of digital innovation and ecosystems. Professionals in these positions are responsible for directing and leading the operations of large innovation-related projects, often with managers and other staff reporting to them.
Master’s, MBA, or doctoral degree based on personal goals and institution’s expectations
Advanced level positions in information technology include job titles such as director of analytics, director of client services, and director of network work services. Professionals in these positions are responsible for directing and leading the strategy and operations of large areas of information technology, often with managers and other staff reporting to them.
Bachelor's, master's degree (or equivalent experience), certification in project management or change management, ITIL or IT service management training, depending on career goals and institutional requirements (see take action for more information).
Information security managers are in charge of maintaining security protocols throughout their organizations. They are responsible for creating strategies to increase network and internet security related to different projects. They handle a team of information technology professionals to ensure easy access to data while maintaining high standards in terms of confidentiality and general data security.
Responsibilities of this role include directing the activities of integrated risk management team leads, analysts, and coordinators performing these functions; mentoring and motivating staff; measuring performance; and making continuous improvements. This role also acts as advisor to information technology and other executives on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.
Information security officers monitor the organization's information technology system to look for threats to security, establish protocols for identifying and neutralizing threats, and maintain updated anti-virus software to block threats.
An information security architect is responsible for the network and computer security for the organization. At the early stages of the security life cycle, the security architect acts as a project leader to plan, research, and design elements of security. The security architect starts by creating a general design, planning intended features and functionality.
Professionals in this role will work alongside customers, software developers, enterprise architects, information security, internal audit, compliance, and other stakeholders to build information security strategies and programs. Professionals contribute to enterprise-level policies and standards, lead incident response activities, and remediate security issues. They'll improve the ability of the organization to protect the confidentiality, availability, and integrity of their and their community's information assets.
Professionals in this role are responsible for the security risk management program, including building and maintaining roadmaps for initiatives and projects, risk assessments, incident response, operational management, regulatory and policy compliance, and ensuring the institution adheres to federal, state, and local regulatory controls.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
What inspires you? Inspiration, motivation, and admiration are all qualities that either help us get to the next step in our career or our personal lives or simply help us get the morning started.
Keith McIntosh, Vice President & Chief Information Officer at the University of Richmond, shares his advice on the three relationships a CIO should cultivate.
Recognizing the motives and drives of your staff can provide great insight into running an efficient IT organization.
The gap will continue to widen between institutions that are starting to engage in digital transformation and those that have not. We asked five institutional leaders to share their unique projects that reflect a shift to Dx.
Take our competency self-assessment for advanced-level professionals to evaluate your skills and abilities, and to help you identify your strengths and growth opportunities in the areas of communication, team development and optimization, financial management, project management, and more.
Attend a Member QuickTalk to connect with others on timely information security topics like risk management, and security awareness.
Become a mentor through our One to One Mentoring program and provide guidance and support to an information security professional who is early in their career.
Volunteer for group activities or become a leader of the Cybersecurity Community Group, formed to identify problems and share strategies about information security governance, compliance, data protection, and privacy programs.
Join an advisory or member committee and help shape EDUCAUSE program content by providing guidance and support to a particular area or lending your expertise to the development of events.
Start or lead information security projects leveraging digital transformation, which help advance your institution’s mission. For more resources, check out our Dx library page.
Contribute articles to the Cybersecurity and Privacy channel of EDUCAUSE Review.
Facilitate a Webinar, QuickTalk, or session at the EDUCAUSE Annual Conference.
Give guest lectures at your institution to engage with, raise awareness of, and better understand information security needs of students, faculty, and other key stakeholders.
Facilitate Webinars, Learning Labs, and Institutes to stay connected and share knowledge. Find out more about serving as an institute faculty member.
Attend professional development opportunities focused on key topics in the field of cybersecurity, including the annual Cybersecurity and Privacy Professionals Conference.
Take part in our cybersecurity webinars featuring lively panel debates and cutting-edge insights. You can sign up for forthcoming webinars or review recordings and slides from past presentations.
Explore EDUCAUSE’s library pages of relevant resources in the Cybersecurity Program.
Stay current on the key trends, emerging technologies, and practices shaping the future of information security with the Horizon Report, Information Security Edition, developed by a global panel of leaders from across higher education.
Browse our Information Security Guide—put together by the Higher Education Information Security Council (HSEIC)—featuring toolkits, case studies, effective practices, and recommendations to help jump-start campus information security programs and initiatives.
Explore how to put the principles of DEI into practice and the learning and engagement opportunities to deepen your understanding.
Unit executive level positions are typically members of the senior leadership team and work with constituents across the institution—faculty, staff, and students—to develop and deliver a comprehensive security and privacy program, including liaising with the campus general counsel on risk management and compliance activities. These positions may exist in Colleges of Medicine, Colleges of Law, or perhaps at a campus within a multi-campus district. Unit executives will need to have some familiarity with each level of information security work, from the strategic to the technical.
Advanced degree in computer science, information technology, or related field. CIPP/US, CISSP, CISM, GIAC, or equivalent certifications, depending on career goals and institutional expectations.
Unit executive level roles in teaching and learning include job titles such as associate vice president online education, and associate provost for academic technology and innovation. These roles are often referred to as the Chief Academic Technology Officer, which can be a formal job title or a more informal institutional designation. Leaders in these roles guide institutional strategy in academic technology, online learning, and learning innovation.
PhD or EdD depending on career goals and institutional expectations.
Executive-level positions in innovation include job titles such as assistant vice chancellor for instructional innovation and support, chief digital transformation officer, and chief innovation architect. Professionals in these positions are responsible for providing leadership for large areas and sometimes multiple departments within the institution, usually involving strategic planning, budget oversight, and institutional leadership for innovation initiatives.
Master’s, MBA, MFA, JD, or doctoral degree based on personal goals and institution’s expectations
This pathway represents a role that is increasingly complex and diverse and requires individuals who can embrace technological and human aspects of innovative practice and transformational changes. It requires individuals to build and maintain relationships inside and outside of institutions. This often includes effective relationships with board members or Regents, and community leaders such as City Officials. The Institutional executive must also be prepared to make complex decisions in a politicized atmosphere. While it is unreasonable to expect executives to know everything, that have to be skilled at forming questions and questioning. The ability to communicate very complex concepts in generally understandable terms is critical. The role is expanding beyond cost and performance responsibilities to drive transformation through IT as a core driver of of value through shaping of culture, workforce, and technological shifts that enable new educational and operational models. The institutional executive also acts as a mentor and coach, to elicit growth and performance of those within the IT organization and to drive digital literacy across the enterprise. Finally, they must be able to speak truth to power, to uncover weaknesses and be vulnerable and humble in the pursuit of excellence. They are hired for strategy and fired for operations and thus must balance their efforts to drive innovation and change, while maintaining operational integrity, security, and reliability of IT services. They must realize that they are primarily in the people business. They are able to recognize chaos driven by factors outside of institutional and leadership control, and plan for various scenarios and possible realities in advance.
Master's or advanced/doctoral degree (or equivalent experience), in business or management, higher education administration or law. ITIL or IT service management training, depending on career goals and institutional requirements (see take action for more information).
An information security director is responsible for implementing, designing, managing, and allocating all the technology security measures within an organization. Information security directors have knowledge of technology strategy, enterprise architecture, and other security-related concepts similar to those of a chief information security officer. They may report directly to a chief information security officer and will take on this executive role in smaller organizations.
An information security director is typically responsible for implementing, designing, managing, and allocating all the technology security measures within an organization. This role oversees and directs the activities of integrated risk management team leads and is in charge of overseeing information technology security measures throughout a variety of organizations. They are responsible for every aspect of security, from protocols and incident response to staffing and budgets.
The deputy chief information security officer is responsible for partnering with the chief information security officer in maintaining an organization-wide, global information risk management program and cybersecurity organization. Other responsibilities may include managing a staff of information security analysts; collaborating with security officers to identify needs, requirements, and gaps in institutional security programs; developing and delivering security-related services for use in conducting risk assessments and overseeing risk assessments; coordinating the planning and delivery of strategic security services; leading working groups to maintain systemwide policies; developing metrics to measure the effectiveness of institutional security programs; and developing and managing operating and special-purpose budgets, among others.
Security consultants assess all security measures for their organization or for client organizations. They analyze security systems, study potential breaches, and supervise the implementation of solutions. They may oversee security operations for their organization, helping the organization to understand where their cybersecurity measures may need patching. The person in this role is primarily responsible for execution of various engagement security objectives within assigned areas. This includes performing security assessments, participating in project scoping, leading meetings with clients, and independently conducting testing. An information security consultant will also have strong communication skills, including the ability to participate in project reporting and clearly articulate security issues to the client and internal team.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
John O'Brien, EDUCAUSE CEO and President, talks with Mike Corn, CISO for the University of California San Diego, and Cheryl Washington, CISO, for the University of California Davis, about the increasing relevance of the Chief Information Security Officer role.
Freeman Hrabowski and Jack Suess on Successful President/CIO Collaboration
Many colleges and universities want to innovate. But are they ready to innovate? Watch this video on keeping pace with innovation.
Lorem ipsum dolor sit amet.
Complete this Digital Transformation (Dx) Institutional Self-Assessment to understand your institution’s capabilities for digital transformation in strategic innovation; data and analytics; institutional alignment, flexibility and agility; diversity, equity and inclusion; and transformation of work and skills.
Use EDUCAUSE Analytics Services to identify peer institutions, learn more about technology solutions, and benchmark resources through the Core Data Service.
Seek an executive coach to support critical transitions. EDUCAUSE offers one-on-one meetings with professional executive coaches at its annual conference and online.
Host a Member QuickTalk to connect with others on timely cybersecurity topics like vendor assessment and workforce retention.
Become a mentor through our One-to-One Mentoring program and help provide guidance to a mid-level or advanced information security professional looking for career support.
Join an advisory or member committee and help shape EDUCAUSE program content. You can provide guidance and support to a particular association area, lend your expertise to the development of our flagship events, or volunteer to review presentation proposals.
Start or lead information security projects leveraging digital transformation, which help advance your institution’s mission. For more resources, check out our Dx library page.
Give guest lectures at your institution to engage with, raise awareness of, and better understand information security needs of students, faculty, and other stakeholders.
Serve as an EDUCAUSE Institute faculty member for the New Managers Institute for Cybersecurity Professionals.
Present ideas and best practices at the EDUCAUSE Annual Conference or other industry events.
Attend professional development opportunities focused on key topics in the field of cybersecurity, including the annual Cybersecurity and Privacy Professionals Conference.
Cultivate opportunities to serve on boards: advisory boards, governing boards, policy boards—in the private and public sectors.
Browse our Information Security Guide—put together by the Higher Education Information Security Council (HSEIC)—featuring toolkits, case studies, effective practices, and recommendations to help jump-start campus information security programs and initiatives.
Renew your commitment to diversity, equity, and inclusion. Use EDUCAUSE’s DEI book recommendations list for suggestions provided by community members, and watch this CIO Minute video about how to improve organizational diversity.
We’ve developed a toolkit of resources for new chief information security officers to help you connect with others across campus and maximize your impact in your new role.
Explore how to put the principles of DEI into practice and the learning and engagement opportunities to deepen your understanding.
Under the general direction of the vice chancellor, president, and/or CIO, institutional executive-level positions are typically responsible for the development and delivery of a comprehensive, university-wide or district-wide information security and privacy program. These positions help inform and provide strategic guidance around information security to the CIO, the members of the institutional senior management team, the Board of Trustees, and the broader institutional community.
Advanced degree in computer science, information technology, or related field. CIPP/US, CISSP, CISM, CCSP, CEH, GIAC, or equivalent certifications, depending on career goals and institutional expectations.
Institutional Executive Teaching and Learning include job titles such as Chief Online Learning Officer; Vice-Chancellor, Academic Affairs; and Associate Vice President of Academic Affairs. These roles are typically positioned at the institutional or district level of the organization and are responsible for providing institution-wide leadership, supervision, guidance, and direction for all educational programs, faculty and staff, and instructional policies and procedures. They may also provide leadership and supervision for academic support services, including tutoring, testing and assessment, and library services.
PhD or EdD depending on career goals and institutional expectations.
Institutional executive-level positions in innovation include job titles such as chief learning and innovation officer, vice president for research and innovation, and vice president for strategy and innovation. Professionals in these positions work with other executives and provide leadership for institution-wide initiatives and strategy.
Master’s, MBA, or doctoral degree based on personal goals and institution’s expectations.
Early Level Information Technology lorem ipsum
Recommended education for Info Sec early level
The chief information security officer provides institutional community awareness and training, strategic guidance, and technical leadership for a comprehensive, institution-wide information security and IT risk management program. This role typically directs an Office of Information Security composed of identity and access management, privacy, security consulting, and operations. This position may develop and lead outreach, communication, and education efforts to raise university-wide awareness of information security risk, requirements, and solutions; provides strategic and technical guidance and oversight in the design and implementation of appropriate security processes for university-wide information systems; recommends and oversees the monitoring of computing practices to prevent and recover from security breaches, and directs the handling of security incidents when breaches occur. The chief information security officer may oversee both the technical and policy aspects of digital identity as well at the institution’s privacy program and cyber compliance program.
This role is typically responsible for leading both technical implementation of systems and communication of security requirements to management and security leadership. Additionally, this person may be responsible for leading investigations into security threats, working with internal and external groups to ensure the cybersecurity program is operating effectively and efficiently, and developing strong partnerships across the organization to ensure information assets are protected at the appropriate level. This position may also coordinate with senior IT security leaders to set direction and operation of the group; prepare roadmaps, guidelines, and direction for the department; communicate critical threats and remediation efforts for the enterprise; create, analyze, and communicate security metrics to senior leadership; design and monitor secure access to the network infrastructure; participate in emergency response team activities; and develop detailed proposals and plans for new information security systems that would enhance or enable new capabilities for network or host systems.
The vice president of information technology security will plan and implement hardware, software, cybersecurity, databases, network resources, telecommunications, cabling, card access software, security cameras, and other information technology processes for the entire Institution. They may also direct information technology research, making recommendations for improvements and communicating changes; lead and train information technology department staff; establish department goals to support college priorities; monitor and report on information technology projects; provide appropriate professional development for college technology users; create and maintain a culture of exemplary customer service and quality; consistently report on daily work orders, project updates, data retrieval, and recommendations; and serve as the primary communicator for all technology-related updates and issues.
A Chief Privacy Officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access. Other elements of the CPO job include maintaining a comprehensive and current knowledge of both corporate operations and privacy laws, as well as communicating details of the company's privacy policy to staff and customers alike. The CPO is typically the organization's point person for media and other external inquiries about privacy-related matters. To effectively meet the challenges of the job, the CPO must work in cooperation with other C-level executives, particularly those whose areas of concern overlaps, such as the Chief Information Officer (CIO), the Chief Security Officer (CSO), the Chief Data Officer (CDO) and the Chief Compliance Officer (CCO). In some instances, the CPO oversees multiple roles handling both compliance and legal consultation on data privacy matters. They are also the Data Point Administrator for GDPR and other International Data Privacy Regulatory bound agreements.
The Chief Data Officer (CDO) is the chief data strategist at the institution and is responsible for leading data governance and fostering a data-driven decision-making culture to enable effective student success strategies. The CDO provides strategic leadership for and overall management of data processes and systems including the utilization of data to support student success. This includes the effective use of data for reporting, analysis, and actionable insight; the management and coordination of institutional data for a wide range of uses including accreditation; external reporting; student enrollment; course offering optimization; student engagement; retention and success; and student support services.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.
Two IT leaders discuss a cyberattack that occurred at each of their institutions and share insights into preparing for future threats.
Looking at info techas a career path can be intimidating, but many working in this field didn't start out with intentions to work in cybersecurity. In this podcast, we ask several higher education cybersecurity professionals how they would encourage others to consider cybersecurity as a career option.
Watch this video with Keith McIntosh, Vice President & Chief Information Officer at the University of Richmond, as he discusses the 3 most important relationships to develop at your institution.
Lorem ipsum dolor sit amet.
Complete this Analytics Capabilities Institutional Self-Assessment to understand your capabilities in the areas of workforce, data governance, data management, leadership, and data-informed culture.
Look for opportunities to build relationships with information security leaders outside of higher education by participating in leadership and networking programs.
Seek an executive coach to support critical transitions. EDUCAUSE offers one-on-one meetings with professional executive coaches at its annual conference and online.
Support the advancement of higher education through the use of information technology by becoming a member of the EDUCAUSE Board of Directors. Learn more by joining this Member QuickTalk on the topic.
Give guest lectures to engage with, raise awareness about, and better understand information security needs of students, faculty, and other key stakeholders.
Attend or speak at higher education events to advocate for cybersecurity and privacy concerns.
Serve as an EDUCAUSE Institute faculty member for the Senior Directors Institute and share your experience and expertise with senior cybersecurity professionals.
Join the Cybersecurity and Privacy Professionals Conference Program Committee, which brings together information security and privacy professionals, information technology staff, and others from across the higher education community.
Attend trainings and conferences outside the higher education industry.
Go to the EDUCAUSE Annual Conference, designed for, and attended by, the global community of higher education information technology professionals.
Expand your perspective of information security by reading books and articles on the topic from the corporate or nonprofit sectors.
Serve on the Horizon Report, Information Security Edition panel of higher education experts to help other stay current on the key trends, emerging technologies, and practices shaping the future of information security.
Explore how to put the principles of DEI into practice and the learning and engagement opportunities to deepen your understanding.
Throughout and beyond your information security career, there are ways to keep contributing and providing thought leadership to the profession that may fall outside of the particular career levels identified above. Explore ways to make connections, to continue leading, and to support other professionals and institutions with your hard-earned expertise and experience.
Look for opportunities to build relationships with information security leaders outside of higher education by participating in leadership and networking programs.
Join the Cybersecurity and Privacy Professionals Conference Program Committee, which brings together information security and privacy professionals, IT staff, and others from across the higher education community.
Attend trainings and conferences outside of higher education.
Serve as faculty for the EDUCAUSE institutes and other programs to stay connected and share knowledge. Find out more about being a faculty member at EDUCAUSE and how to apply.
NOTE: Salary data varies significantly by location, institutional type, and many other factors and should not be used for benchmarking. Job descriptions should be consulted for specific salary information. Average salary ranges sourced from various employment sites and active listings.