Years at current job: I have been the Information Technology Security Officer here for more than three years now.

Job duties: Oh wow, my duties here at KU are very broad. I am responsible for really making sure the whole "gambit" of information security is carried out at KU, including security awareness initatives, information risk analysis, information risk mitigation, incident handling, security consulting, assisting with security policy development, implementation and compliance.

What's the biggest challenge facing your department right now? Really it's security awareness at all levels of our community. I believe everyone has the best intent to be secure and do their job securely, but threats and vulnerabilities at KU change every day. Faculty, staff and students just need to know how to manage them.

What is the most common breach of IT security? This pretty much relates back to Security Awareness. It's basically either users clicking on something they shouldn't have, either accidental or intentional. Someone putting a system or device onto our network without really thinking about the repercussions of what could happen. We have seen workstations and servers get completely compromised on our network in less than 30 seconds.

What do you like most about your profession? I came from the corporate world. Implementing security in that type of environment was really pretty easy. I came here for the challenge. When I took this job, I was told it would be almost impossible to implement anything secure at KU. So I really enjoy the challenge.

How does your office deal with individuals who attempt to gain unlawful access to the KU network? We have procedures in place ranging from how to deal with minor incidents to how to handle escalated security incidents that may involve outside entities such as law enforcement.

Are unauthorized attempts to access the KU network a common problem? Yes, what campus users don't realize is that while their computer is connected to our network, their system is constantly being "probed" by machines looking for ways to access a system. On average our campus gets probed more than 100,000 times a day. Because of this, unpatched, or insecure systems get compromised very rapidly, usually resulting in that person or department losing data or loss of productivity.

What aspects of your job might others not realize you're involved with? Assisting with compliance and security consulting. We are seeing an increase in requests for this service, but as a whole this is usually a service that many departments don't realize we offer.

What steps can computer users at KU take to make sure they are not vulnerable to hackers or other security risks? There are several basic steps users can take. Patch your systems. KU has its own Microsoft update server for Windows Patches. Install and update your antivirus software. Be leery and cautious while viewing and opening e-mail, especially attachments. A lot of the infections and compromises happen because a virus was sent looking like it was sent by someone they know. Know what type of data you deal with every day and be cautious in how you deal with it. KU falls under several state and federal regulations, credit card use, FERPA, HIPAA, Graham Leach Bliley are just a few. All of this information has to be protected in very specific ways.