Information Security professionals protect our institutions' most important and private information. This path will help you identify and navigate an Information Security career by increasing your understanding of the knowledge, skills, and experiences needed to begin, transition, and advance your career.
John O’Brien, President and CEO of EDUCAUSE speaks to Bella Abrams, Director of Information Technology at the University of Sheffield and Phil Ventimiglia, Chief Innovation Officer at Georgia State University on the 2022 Top 10 IT Issues.
The EDUCAUSE Security Pathway Toolkits provide individuals and mentors an opportunity to identify strengths and gaps, then select activities to leverage those strengths and develop in select areas. The toolkits support the development of an action to improve immediate performance and foster readiness for long-term professional goals. Select the appropriate toolkit for your needs below to get started.
Early-level data professional positions include visualization specialist, data wrangler, data engineer, and a focus on analysis. Roles often have "analyst" at the end of the title (e.g., data analyst, research data analyst, data governance analyst, institutional research analyst, etc.) In these roles, duties and responsibilities may include building data models and assessing, preparing, and analyzing institutional data to provide timely reports, analyses, and visualizations to stakeholders and answering ad-hoc questions.
Bachelor’s or Master's degree or equivalent experience.
Entry-level positions in cybersecurity include job titles like information security specialist, information security analyst, network technical specialist, and computer forensics analyst. In these roles, your duties and responsibilities may include helping to prevent data breaches, network attacks, and other threats. You work to protect your institution's digital resources and information technology systems and to prevent hackers from disrupting normal business activities. Additionally, you help faculty, staff, and students learn and engage in good information security practices on the job and at home.
Degree in Computer Science or related area and/or equivalent of education and experiences; select network and security certifications; and experience working with select compliance standards.
Entry-level positions for teaching and learning may support faculty to apply learning technology to courses, coordinate and maintain digital resources for the institution, or assist in curriculum or instructional design. People who perform these tasks may have job titles like instructional technologist, instructional designer, computer learning lab coordinator, learning management system administrator, instructional technologist, multimedia designer, and faculty development specialist.
Associate's degree, bachelor’s degree, certifications in user and instructional design, or equivalent experience
Entry-level positions in innovation include job titles such as instructional innovation specialist, business transformation project manager, and systems integration and innovation coordinator. These positions work in some capacity helping to support innovation to advance institutional strategies.
Associates degree, bachelor’s degree, or equivalent experience.
Early level positions in information technology include job titles such as user support specialist, data analyst, desktop support technician, and network operations analyst. These positions work in some capacity helping to support institutional technology or data operations, or to maintain the institution's digital environment.
Associate degree, bachelor’s degree, ITIL or IT service management training (see take action for more information), or equivalent experience. Certifications such as CompTIA A+, ITIL Foundation; vendor specific certifications such as Microsoft, AWS, for service and support roles. Certifications around data analytics and vendor specific certifications, such as Oracle or Microsoft for those working with data and databases.
Information security specialists are in charge of developing and implementing security measures for their organization. They are responsible for analyzing security procedures and suggesting changes to upper management for increased efficiency and extra security. Information security specialists present their findings to managers and recommend new technologies or policy modifications.
Information security network specialists, also known as computer support specialists, set up, support, and maintain local area networks (LANs), wide area networks (WANs), and other networking systems in their organization. These professionals also install routers, switches, firewalls, and network-related software programs for their organizations.
Information security analysts are responsible for conducting system analysis and providing technology project leadership for their organization. One of their main duties is coordinating operational procedures related to information systems and their management.
Forensic computer analysts are responsible for analyzing computer-based information for forensic evidence within their organization. They process large amounts of data to find specific items on behalf of their organization. Tasks performed by forensic computer analysts may include handling computer hard drives and storage devices to analyze user patterns, using different computer programs to recover information from damaged media devices, and preparing detailed reports after running computer analysis software applications, among others.
Kenneth Gyan, Director of Information Technology, University of North Carolina at Chapel Hill.
Insuh Pak, Analytics Engineer at University of California, Santa Cruz
Melissa Meehan, Web Services Director, SUNY Buffalo State.
Rebecca Graetz, Senior Instructional Designer, University of Wisconsin-Oshkosh
Take the self-assessment for early-career cybersecurity professionals to evaluate your skills and abilities and to identify your strengths and growth opportunities in the areas of cybersecurity team performance, resource management, leadership practices, and project operations.
Review the "Top Ten Ways to Discover a Cybersecurity Career That Is Right for You" in this webinar.
Explore and join any of the cybersecurity and privacy Community Groups to share strategies about information security governance, compliance, data protection, and privacy programs or other security-related topics.
Learn about and join the Young Professionals Community Group for support in the early stages of your career.
Become an EDUCAUSE ambassador and help your organization get the most out of its membership by connecting colleagues with beneficial resources.
Find a mentor who has a role you may want eventually and can speak to the professional advancement journey. Connecting with a mentor with information security expertise can also help you understand the latest trends and issues.
Consider a volunteering opportunity, like reviewing proposals or submitting an article for EDUCAUSE Review.
Read the latest on information security, privacy, and risk in the Cybersecurity and Privacy channel of EDUCAUSE Review or submit an article for consideration.
Submit a proposal for a session and/or poster at the Cybersecurity and Privacy Professionals Conference.
Complete the Presenter Concierge series to help you create an outstanding presentation by focusing on the practices adopted by the most effective speakers, presenters, and facilitators.
Go to the EDUCAUSE Annual Conference and connect with a vibrant community of higher education professionals working with technology.
Listen to the Cybersecurity as a Career Path podcast and learn more about becoming a professional in this area.
Earn your microcredential at the Data Literacy Institute, and develop the foundational knowledge needed for effective data-informed decision-making while getting hands-on practice with each step from data creation to leading change.
Become familiar with EDUCAUSE programs and services for cybersecurity and privacy professionals and plan your engagement in each of the areas.
Apply for an EDUCAUSE scholarship to support your professional learning.
Mid-level positions in data include highly proficient individual contributors and people managers. Often, job titles that include “Lead” are individual contributor positions that may include project management responsibilities: Lead Data Engineer, Lead Analytics Engineer, Lead Data Analyst, or Principal Analyst. As lead individual contributors, duties and responsibilities may also include participating in teams of other data professionals and working with key stakeholders to deliver data product solutions. Professionals at this level may support central services with enterprise/institutional data or specialize within functional domain data. Similar versions of these job titles with “Manager” or “Associate Director” include people management duties such as performance management and professional development: Associate Director of Institutional Research, Data Services Manager, or Data Governance Manager. As a manager, duties and responsibilities may include leading teams of other data professionals and managing stakeholders to deliver data product solutions. Mid-level professionals may support the development of technical skill sets of early-level professionals within an area of expertise, manage central services with enterprise/institutional data, and/or specialize within functional domain data.
Master’s, MBA, PhD, or equivalent experience.
Mid-level positions in cybersecurity include job titles like information security analyst, information security penetration tester, information security engineer, information security consultant, information security advisor, information security manager, information senior security engineer, manager of information security and systems operations, and senior manager of research computing. In this role, your duties and responsibilities may include designing security systems, conducting reviews and audits, assessing systems for gaps, and recommending solutions.
Bachelor's degree in computer science, information systems, communications, or related fields, or similar certified coursework in applicable fields of study. Foundation knowledge and skills may include working knowledge of common software application packages, equipment platforms, reference database systems and sources, and training methods and a basic understanding of networks, data communication, and multimedia systems.
Mid-Level teaching and learning roles include job titles like project manager, instructional designer, and faculty development manager, and typically require expertise in educational technology and learning design. People in these positions are beginning to have leadership responsibilities and may coordinate teams or training. At this level, people continue to develop the competencies and relationships they will need to assume senior and executive roles in the field.
Bachelor's or master’s depending on career goals and institutional expectations. Consider obtaining relevant certifications to user and instructional design, curriculum development, and project management.
Mid-level positions in innovation include job titles such as digital innovation librarian, associate director of research and innovation, and program manager for innovation and digitization. Professionals in these positions are often in management-oriented roles with responsibilities for supporting or maintaining a specific area related to innovation. They may also supervise entry-level staff.
Master’s, MBA, or doctoral degree based on personal goals and institution’s expectations.
Mid-level positions in information technology include job titles such as operations support manager, manager of client services, or manager of reporting and analytics. Professionals in these positions are often in management-oriented roles with responsibilities for supporting or maintaining a specific area within information technology. They may supervise entry-level staff.
Bachelor's, master's degree (or equivalent experience), ITIL or IT service management training, depending on career goals and institutional requirements (see take action for more information).
The information security engineer may serve in a technical, educational, and leadership role focused on securing both the physical and virtual aspects of an information environment. Implement, manage, and integrate systems that support the information security office’s mission to identify and remediate threats to the confidentiality, integrity, and availability of information in the institution's information ecosystem. Manage information security projects of significant institutional impact and importance; work closely with other staff responsible for enterprise technology infrastructure operations; and serve as a subject-matter expert/consultant to various groups.
Information security penetration testers plan and execute tests, document their methodologies, create detailed reports about their findings, and might be involved in designing fixes and improving security protocols. These professional will assist with penetration tests and other technical security assessments; assist developing and evaluate novel security testing capabilities and methodologies; help mentor junior penetration testing staff; and transition their knowledge and expertise to the broader community.
Information security advisors evaluate security systems to determine the potential risk of a breach. They develop policies and procedures that minimize the risk to properties, employees, and computer systems.
The information security consultant conducts regular audits across departments or teams that work with data. The consultant helps spot possible areas of vulnerability in the flow and storage of data and helps implement solutions. This typically includes the use of rules and standards for what data is available to certain employees, establishing tiered access to the data in a company, and implementing hardware and software protocols that secure all aspects of the organization’s IT assets against unwanted intrusion.
The information senior security engineer is responsible for the development, implementation, and management of technical systems and controls necessary to safeguard information and assets. The position will work directly with technical and non-technical staff to protect the confidentiality, integrity, and availability of sensitive data and systems.
Information security managers monitor the channels through which information flows into and out of an organization's information network. Managers are responsible for observing all of the operations occurring across the network and managing the infrastructure that facilitates those operations.
This lead role collaborates closely with research faculty; oversees research cyberinfrastructure efforts; leverages large-scale data and computational systems; supports custom software, hardware, and workflows; facilitates engagements between researchers and specialists; and works with administration and community partners to provide sustainable support structures for all aspects of research IT needs.
Information security systems operations managers hold a senior-level management role. They are responsible for overseeing an organization's operations, with particular regard to information technology, data security, and business continuity. The role requires strategic oversight in covering all elements of information technology security in an organization.
Jay James, Senior Cybersecurity Operations Lead, Auburn University.
Todd Barber, Executive Director of Enterprise Applications and Data Services at The University of Tennessee Health Science Center
Melissa Barnett, Data Governance Manager, Georgia State University.
Steve Burrell, Vice President & CIO, Northern Arizona University
Lorem ipsum dolor sit amet.
Take our self-assessment for mid-level professionals to help you identify your strengths and growth opportunities in the areas of communication, team development and optimization, financial management, and project management.
Assess your data literacy skills and abilities by taking the Data Literacy self-assessment. Understand your strengths and weaknesses in the areas of data security and privacy, data management, data analysis, and others.
Learn more about the National Initiative for Cybersecurity Education (NICE) and their mission to promote and coordinate a community working together to advance an integrated ecosystem of cybersecurity education and training.
Learn more about professional mentoring, and how to form and plan for a successful relationship.
Become a Working Group member and collaborate closely with your peers from a variety of institutions to define solutions for new and existing challenges and create useful resources for the community.
Have you started a project you would like to share with the broader higher education community? Propose a topic for a Working Group.
Read the latest on information security, privacy, and risk in the EDUCAUSE Review Cybersecurity and Privacy channel or submit an article for review.
Attend the EDUCAUSE Annual Conference or other events, designed for, and attended by, a global community of higher education professionals working with technology.
Join our cybersecurity webinars featuring lively debates and the hot topics. Sign up for upcoming webinars or review recordings and slides from past presentations.
Enhance your technical skills with these seven top security certifications.
Take a course from the SANS Institute, which empowers cybersecurity professionals with knowledge and skills.
Take a deep dive into key resources in the field of cybersecurity.
Stay current with Top IT Issues, Technologies, and Trends to know what's important and where to focus your planning and management activities.
Advanced-level positions in data and analytics include job titles like Director of Institutional Research, Director of Data Analytics, Director of Data Governance, Director of Data Architecture, and Deputy Chief Data Officer. These roles may be responsible for monitoring the operational functions of the team but are also engaged and embedded into the business units around campus to help other unit leaders make data-driven decisions. These roles may also lead a team of individuals, sometimes multiple teams.
Master’s, MBA, PhD, or equivalent experience.
Advanced-level information security positions include information security manager, information security associate director, information security officer, information security architect, information security engineer, assistant director of information security, information security senior director, and others. People in those roles monitor the organization's information technology security system, are in charge of the institution's security risk management program, and act as advisors to executives.
Bachelor’s degree in Information Security, Information Systems, or Computer Science or relevant experience. Certified Information Systems Security Professional (CISSP) or other equivalent certifications typically preferred. Information security, networking, server administration, and project management experience typically preferred.
Advanced teaching and learning positions include job titles like senior instructional designer, director of academic technology, teaching and learning center director, and director of online learning. Professionals in these roles provide strategic oversight at the departmental level and usually lead teams. While not at the executive level yet, people in these roles are often the most senior representative subject matter expert in educational technology or learning design.
Master’s, EdD, or PhD depending on career goals and institutional expectations.
Advanced-level positions in innovation include job titles such as director of innovation and instructional technology, director of lean transformation, and director of digital innovation and ecosystems. Professionals in these positions are responsible for directing and leading the operations of large innovation-related projects, often with managers and other staff reporting to them.
Master’s, MBA, or doctoral degree based on personal goals and institution’s expectations
Advanced level positions in information technology include job titles such as director of analytics, director of client services, and director of network work services. Professionals in these positions are responsible for directing and leading the strategy and operations of large areas of information technology, often with managers and other staff reporting to them.
Bachelor's, master's degree (or equivalent experience), certification in project management or change management, ITIL or IT service management training, depending on career goals and institutional requirements (see take action for more information).
Information security managers are in charge of maintaining security protocols throughout their organizations. They are responsible for creating strategies to increase network and internet security related to different projects. They handle a team of information technology professionals to ensure easy access to data while maintaining high standards in terms of confidentiality and general data security.
Responsibilities of this role include directing the activities of integrated risk management team leads, analysts, and coordinators performing these functions; mentoring and motivating staff; measuring performance; and making continuous improvements. This role also acts as advisor to information technology and other executives on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.
In conjunction and in collaboration with other information technology systems and applications administrators, this position will assist in conducting network and information systems audits meant to identify, harden, and mitigate potential and actual security threats in the form of scanning, monitoring, and testing the network and systems for vulnerabilities. This position shall assist information technology management in ensuring the compliance of University systems to federal, state and local laws, rules, and ordinances; will develop controls to enforce IT security policies and compliance; will advise on the development, documentation and maintenance of disaster recovery plans; review risk assessments and support cyber incident response plans. The ISO along with the Security Analyst will be responsible for the configuration, deployment, optimization, and management of IT security-related tools. The role typically works with various departments on alert escalation and resolution and provides risk analysis metrics to leadership based on the output of these tools and is also responsible for assessing potential threats, such as malware or phishing alerts, and determining the validity of the alert and determining the best course of action to protect assets.
An information security architect is responsible for the network and computer security for the organization. At the early stages of the security life cycle, the security architect acts as a project leader to plan, research, and design elements of security. The security architect starts by creating a general design, planning intended features and functionality.
Professionals in this role will work alongside customers, software developers, enterprise architects, information security, internal audit, compliance, and other stakeholders to build information security strategies and programs. Professionals contribute to enterprise-level policies and standards, lead incident response activities, and remediate security issues. They'll improve the ability of the organization to protect the confidentiality, availability, and integrity of their and their community's information assets.
Professionals in this role are responsible for the security risk management program, including building and maintaining roadmaps for initiatives and projects, risk assessments, incident response, operational management, regulatory and policy compliance, and ensuring the institution adheres to federal, state, and local regulatory controls.
What inspires you? Inspiration, motivation, and admiration are all qualities that either help us get to the next step in our career or our personal lives or simply help us get the morning started.
Ravneet Chadha, Associate Vice President and Chief Data Officer, at University of Arizona
Andre Jenkins, Deputy Chief Information Security Officer, University of Pennsylvania.
Victoria Getis, Senior Director, Teaching & Learning Technologies, Northwestern University.
The gap will continue to widen between institutions that are starting to engage in digital transformation and those that have not. We asked five institutional leaders to share their unique projects that reflect a shift to Dx.
Take our self-assessment for advanced-level professionals to help you identify your strengths and growth opportunities in the areas of communication, team development and optimization, financial management, project management, and more.
Attend or propose a Member QuickTalk to connect with others on timely information security topics like risk management, and security awareness.
Engage with other associations, like the National Association of College and University Business Officers (NACUBO) to broaden understanding of perspectives and issues.
Serve as a mentor to a new cybersecurity professional.
Join the Cybersecurity Community Group that identifies challenges share strategies around information security governance, compliance, data protection, and privacy programs.
Join an advisory or member committee and help shape EDUCAUSE programs by providing guidance and expertise to a particular area.
Start or lead information security projects leveraging digital transformation, which help advance your institution’s mission.
Facilitate Webinars, Learning Labs, and Institutes to stay connected and share knowledge. Find out more about serving as an Institute faculty member.
Read about how to master change leadership at the enterprise level.
Attend professional development opportunities focused on key topics in the field of cybersecurity, including the annual Cybersecurity and Privacy Professionals Conference.
Take a look at the Showcase Series that takes a closer look at the EDUCAUSE Top 10, spotlighting the most urgent issues identified by the higher ed community each year.
Stay current on the key trends, emerging technologies, and practices shaping the future of information security with the Horizon Report, Information Security Edition, developed by a global panel of leaders from across higher education.
Encourage your team to apply for an EDUCAUSE scholarship to support their professional learning.
Learn how to put principles of DEI into practice using the EDUCAUSE Guide to Diversity, Equity, and Inclusion.
Ensure your entire team understands how to manage and respond to an incident.
Leverage this research to to significantly shorten your learning curve to be an effective change leader.
Data professionals at the executive level typically report to a member of the President's Cabinet and are responsible for institutional data strategy and operations involving data governance, management, and analytics. These positions provide leadership and oversight for centralized and distributed teams involving all aspects of the effective and ethical use of data. Depending on institutional needs and maturity, these positions may be highly focused on specific aspects of data strategy and operations where only working knowledge of other component disciplines may be needed.
Master’s, MBA, PhD, or equivalent experience.
Unit executive level positions are typically members of the senior leadership team and work with constituents across the institution—faculty, staff, and students—to develop and deliver a comprehensive security and privacy program, including liaising with the campus general counsel on risk management and compliance activities. These positions may exist in Colleges of Medicine, Colleges of Law, or perhaps at a campus within a multi-campus district. Unit executives will need to have some familiarity with each level of information security work, from the strategic to the technical.
Advanced degree in computer science, information technology, or related field. CIPP/US, CISSP, CISM, GIAC, or equivalent certifications, depending on career goals and institutional expectations.
Unit executive level roles in teaching and learning include job titles such as associate vice president online education, and associate provost for academic technology and innovation. These roles are often referred to as the Chief Academic Technology Officer, which can be a formal job title or a more informal institutional designation. Leaders in these roles guide institutional strategy in academic technology, online learning, and learning innovation.
PhD or EdD depending on career goals and institutional expectations.
Executive-level positions in innovation include job titles such as assistant vice chancellor for instructional innovation and support, chief digital transformation officer, and chief innovation architect. Professionals in these positions are responsible for providing leadership for large areas and sometimes multiple departments within the institution, usually involving strategic planning, budget oversight, and institutional leadership for innovation initiatives.
Master’s, MBA, MFA, JD, or doctoral degree based on personal goals and institution’s expectations
This pathway represents a role that is increasingly complex and diverse and requires individuals who can embrace technological and human aspects of innovative practice and transformational changes. It requires individuals to build and maintain relationships inside and outside of institutions. This often includes effective relationships with board members or Regents, and community leaders such as City Officials. The Institutional executive must also be prepared to make complex decisions in a politicized atmosphere. While it is unreasonable to expect executives to know everything, that have to be skilled at forming questions and questioning. The ability to communicate very complex concepts in generally understandable terms is critical. The role is expanding beyond cost and performance responsibilities to drive transformation through IT as a core driver of of value through shaping of culture, workforce, and technological shifts that enable new educational and operational models. The institutional executive also acts as a mentor and coach, to elicit growth and performance of those within the IT organization and to drive digital literacy across the enterprise. Finally, they must be able to speak truth to power, to uncover weaknesses and be vulnerable and humble in the pursuit of excellence. They are hired for strategy and fired for operations and thus must balance their efforts to drive innovation and change, while maintaining operational integrity, security, and reliability of IT services. They must realize that they are primarily in the people business. They are able to recognize chaos driven by factors outside of institutional and leadership control, and plan for various scenarios and possible realities in advance.
Master's or advanced/doctoral degree (or equivalent experience), in business or management, higher education administration or law. ITIL or IT service management training, depending on career goals and institutional requirements (see take action for more information).
An information security director is responsible for implementing, designing, managing, and allocating all the technology security measures within an organization. Information security directors have knowledge of technology strategy, enterprise architecture, and other security-related concepts similar to those of a chief information security officer. They may report directly to a chief information security officer and will take on this executive role in smaller organizations.
An information security director is typically responsible for implementing, designing, managing, and allocating all the technology security measures within an organization. This role oversees and directs the activities of integrated risk management team leads and is in charge of overseeing information technology security measures throughout a variety of organizations. They are responsible for every aspect of security, from protocols and incident response to staffing and budgets.
The deputy chief information security officer is responsible for partnering with the chief information security officer in maintaining an organization-wide, global information risk management program and cybersecurity organization. Other responsibilities may include managing a staff of information security analysts; collaborating with security officers to identify needs, requirements, and gaps in institutional security programs; developing and delivering security-related services for use in conducting risk assessments and overseeing risk assessments; coordinating the planning and delivery of strategic security services; leading working groups to maintain systemwide policies; developing metrics to measure the effectiveness of institutional security programs; and developing and managing operating and special-purpose budgets, among others.
Security consultants assess all security measures for their organization or for client organizations. They analyze security systems, study potential breaches, and supervise the implementation of solutions. They may oversee security operations for their organization, helping the organization to understand where their cybersecurity measures may need patching. The person in this role is primarily responsible for execution of various engagement security objectives within assigned areas. This includes performing security assessments, participating in project scoping, leading meetings with clients, and independently conducting testing. An information security consultant will also have strong communication skills, including the ability to participate in project reporting and clearly articulate security issues to the client and internal team.
John O'Brien, EDUCAUSE CEO and President, talks with Mike Corn, CISO for the University of California San Diego, and Cheryl Washington, CISO, for the University of California Davis, about the increasing relevance of the Chief Information Security Officer role.
Rana Glasgal, Vice Provost for Data & Analytics at Northeastern University
Kate Hash, Assistant Vice Chancellor for Customer Experience, University of North Carolina at Chapel Hill.
Many colleges and universities want to innovate. But are they ready to innovate? Watch this video on keeping pace with innovation.
Lorem ipsum dolor sit amet.
Complete this Digital Transformation Institutional Self-Assessment to understand your institution’s capabilities for digital transformation in strategic innovation; data and analytics; institutional alignment, flexibility and agility; diversity, equity and inclusion; and transformation of work and skills.
Use EDUCAUSE Analytics Services to identify peer institutions, learn more about technology solutions, and review benchmarking resources.
Engage with other associations, like the Association of Governing Boards of Universities and Colleges, and broaden your leadership.
Explore and join any of the cybersecurity and privacy Community Groups to share strategies about information security governance, compliance, data protection, and privacy programs or other security-related topics.
Serve as a mentor to a current cybersecurity professional or someone considering a career in information security.
Start or lead information security projects leveraging digital transformation, which help advance your institution’s mission.
Teach in one of the EDUCAUSE leadership and management Institutes to stay connected and share knowledge. Find out more about serving as an Institute faculty member.
Attend or speak at higher education events to advocate for cybersecurity and privacy concerns.
Learn more about effective cybersecurity governance at your institution.
Browse our Cybersecurity and Privacy Guide featuring toolkits, case studies, effective practices, and recommendations to support information security programs and initiatives.
Leverage EDUCAUSE’s DEI book recommendations for suggestions provided by community members.
Learn more about how to improve organizational diversity in this CIO Minute interview.
Encourage your team members to apply for an EDUCAUSE scholarship to support their professional learning.
Learn more about the Higher Education workforce with our suite of reseach reports.
Under the general direction of the vice chancellor, president, and/or CIO, institutional executive-level positions are typically responsible for the development and delivery of a comprehensive, university-wide or district-wide information security and privacy program. These positions help inform and provide strategic guidance around information security to the CIO, the members of the institutional senior management team, the Board of Trustees, and the broader institutional community.
Advanced degree in computer science, information technology, or related field. CIPP/US, CISSP, CISM, CCSP, CEH, GIAC, or equivalent certifications, depending on career goals and institutional expectations.
Institutional Executive Teaching and Learning include job titles such as Chief Online Learning Officer; Vice-Chancellor, Academic Affairs; and Associate Vice President of Academic Affairs. These roles are typically positioned at the institutional or district level of the organization and are responsible for providing institution-wide leadership, supervision, guidance, and direction for all educational programs, faculty and staff, and instructional policies and procedures. They may also provide leadership and supervision for academic support services, including tutoring, testing and assessment, and library services.
PhD or EdD depending on career goals and institutional expectations.
Institutional executive-level positions in innovation include job titles such as chief learning and innovation officer, vice president for research and innovation, and vice president for strategy and innovation. Professionals in these positions work with other executives and provide leadership for institution-wide initiatives and strategy.
Master’s, MBA, or doctoral degree based on personal goals and institution’s expectations.
Early Level Information Technology lorem ipsum
Recommended education for Info Sec early level
The chief information security officer provides institutional community awareness and training, strategic guidance, and technical leadership for a comprehensive, institution-wide information security and IT risk management program. This role typically directs an Office of Information Security composed of identity and access management, privacy, security consulting, and operations. This position may develop and lead outreach, communication, and education efforts to raise university-wide awareness of information security risk, requirements, and solutions; provides strategic and technical guidance and oversight in the design and implementation of appropriate security processes for university-wide information systems; recommends and oversees the monitoring of computing practices to prevent and recover from security breaches, and directs the handling of security incidents when breaches occur. The chief information security officer may oversee both the technical and policy aspects of digital identity as well at the institution’s privacy program and cyber compliance program.
This role is typically responsible for leading both technical implementation of systems and communication of security requirements to management and security leadership. Additionally, this person may be responsible for leading investigations into security threats, working with internal and external groups to ensure the cybersecurity program is operating effectively and efficiently, and developing strong partnerships across the organization to ensure information assets are protected at the appropriate level. This position may also coordinate with senior IT security leaders to set direction and operation of the group; prepare roadmaps, guidelines, and direction for the department; communicate critical threats and remediation efforts for the enterprise; create, analyze, and communicate security metrics to senior leadership; design and monitor secure access to the network infrastructure; participate in emergency response team activities; and develop detailed proposals and plans for new information security systems that would enhance or enable new capabilities for network or host systems.
The vice president of information technology security will plan and implement hardware, software, cybersecurity, databases, network resources, telecommunications, cabling, card access software, security cameras, and other information technology processes for the entire Institution. They may also direct information technology research, making recommendations for improvements and communicating changes; lead and train information technology department staff; establish department goals to support college priorities; monitor and report on information technology projects; provide appropriate professional development for college technology users; create and maintain a culture of exemplary customer service and quality; consistently report on daily work orders, project updates, data retrieval, and recommendations; and serve as the primary communicator for all technology-related updates and issues.
A Chief Privacy Officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access. Other elements of the CPO job include maintaining a comprehensive and current knowledge of both corporate operations and privacy laws, as well as communicating details of the company's privacy policy to staff and customers alike. The CPO is typically the organization's point person for media and other external inquiries about privacy-related matters. To effectively meet the challenges of the job, the CPO must work in cooperation with other C-level executives, particularly those whose areas of concern overlaps, such as the Chief Information Officer (CIO), the Chief Security Officer (CSO), the Chief Data Officer (CDO) and the Chief Compliance Officer (CCO). In some instances, the CPO oversees multiple roles handling both compliance and legal consultation on data privacy matters. They are also the Data Point Administrator for GDPR and other International Data Privacy Regulatory bound agreements.
The Chief Data Officer (CDO) is the chief data strategist at the institution and is responsible for leading data governance and fostering a data-driven decision-making culture to enable effective student success strategies. The CDO provides strategic leadership for and overall management of data processes and systems including the utilization of data to support student success. This includes the effective use of data for reporting, analysis, and actionable insight; the management and coordination of institutional data for a wide range of uses including accreditation; external reporting; student enrollment; course offering optimization; student engagement; retention and success; and student support services.
Emily Harris, Director of Cybersecurity, Marist College
Looking at info techas a career path can be intimidating, but many working in this field didn't start out with intentions to work in cybersecurity. In this podcast, we ask several higher education cybersecurity professionals how they would encourage others to consider cybersecurity as a career option.
Shawn Miller, Associate Provost for Digital Learning and Strategy at Rice University.
Lorem ipsum dolor sit amet.
Be deliberate about investing in the professional development and growth of your team members. Encourage them to assess their current skills as a starting point to create a professional roadmap. Go to "Assess" under each professional level.
Take the Higher Education Generative AI Readiness Assessment designed to provide a sense of your institution’s preparedness for strategic AI initiatives.
Thinking about a senior leadership role? Participate in complimentary one-on-one executive career coaching with an executive recruiter at the annual conference and online.
Learn more about becoming an EDUCAUSE Board Member and to advance higher education, serving as the voice of community members in EDUCAUSE governance and ensuring that the association is responsive to the needs of our diverse community.
Attend a Member QuickTalk to connect with others on timely information security topics like risk management, and security awareness.
Facilitate Webinars, Learning Labs, and Institutes to stay connected and share knowledge. Find out more about serving as an Institute faculty member.
Give guest lectures to engage with, raise awareness about, and better understand information security needs of students, faculty, and other key stakeholders.
Join the Cybersecurity and Privacy Professionals Conference Program Committee, which brings together information security and privacy professionals, IT staff, and others from across the higher education community.
Review the EDUCAUSE Welcome and How-To Kit for Chief Privacy Officers in Higher Education.
Serve on the Horizon Report, Information Security Edition panel to help others stay current on key trends, emerging technologies, and practices shaping the future of information security.
Keep up with federal policy developments with implications for higher education
Throughout and beyond your information security career, there are ways to keep contributing and providing thought leadership to the profession that may fall outside of the particular career levels identified above. Explore ways to make connections, to continue leading, and to support other professionals and institutions with your hard-earned expertise and experience.
Take the Higher Education Generative AI Readiness Assessment designed to provide a sense of your institution’s preparedness for strategic AI initiatives.
Look for opportunities to build relationships with information security leaders outside of higher education by participating in leadership and networking programs.
Join the Cybersecurity and Privacy Professionals Conference Program Committee, which brings together information security and privacy professionals, IT staff, and others from across the higher education community.
Attend trainings and conferences outside of higher education.
Facilitate Webinars, Learning Labs, and Institutes to stay connected and share knowledge. Find out more about serving as an institute faculty member.
Learn about the latest solutions in artificial intelligence, cybersecurity, data governance, and others.
Prepare your team to support the transformation of your organization by learning how to be change practitioners, at any professional level.
