Jay Gallman

Risk Advisor
Duke University
Durham, North Carolina,
UNITED STATES

Biography

Jay has spent a 35-year career in Higher Ed IT, with experience in desktop support and management, application support, networking, and virtualization. IT security has been a focal point throughout his career.

In 2018 he joined the Duke University IT Security Office where he is a Risk Advisor, Jay focuses on Risk and Compliance issues. In the role of a consultant, he works with researchers to understand their workloads so that he can explain what is necessary for compliance with regulatory requirements like NIST SP 800-171. He also stays abreast of changes in the research regulation space to keep others up to date regarding their potential impact on the university.

Additionally, his responsibilities include vendor security risk assessments, and outreach activities for the campus.

Jay is currently one of the group leaders for the EDUCAISE HEISC 800-171 Compliance Community Group and an active member of the Regulated Research Community of Practice.

In May 2023 he was on the organizing committee for the Regulated Research Community of Practice 1 Day SSP Workshop and in 2020-21 was on the steering committee for The CUI Workshop Series sponsored by Purdue.

EDUCAUSE Publications

Cybersecurity and Privacy Perspectives on the EDUCAUSE 2023 Top 10 IT Issues
- October 31, 2022
- Article
- Author
EDUCAUSE community members offer cybersecurity and privacy perspectives on the 2023 Top 10 IT Issues.
NIST SP 800-171 Overview
- September 16, 2022
- Policies, Guidelines, Plans and Toolkits
- Author
This overview provides a review of the timeline that introduced NIST SP 800-171 "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations" as a compliance framework, an overview of the control families for the 110 controls and a discussion of the impacts and concerns for higher education.
NIST SP 800-171 Toolkit
- September 16, 2022
- Policies, Guidelines, Plans and Toolkits
- Author
In this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation.

See All Publications by Jay Gallman

EDUCAUSE Presentations

Putting the Pro (and the Cure!) in Procurement: Third-Party Security and Privacy Reviews (separate registration is required)
- Cybersecurity and Privacy Professionals Conference , May 1
Advanced System Security Plan Workshop (Separate Registration is Required)
- Cybersecurity and Privacy Professionals Conference, May 1
HEISC 800-171 Community Group (CG) Meeting (Open to All)
- EDUCAUSE Annual Conference 2022, October 27

See All Presentations by Jay Gallman

Memberships

EDUCAUSE

Member

EDUCAUSE Involvement

Cybersecurity and Privacy Professionals Conference 2025
- Member: 2024 - 2025
EDUCAUSE Community Surveys
- Member: 2022 - Present
NIST 800-171 Compliance Toolkit
- Member: 2021 - 2022
HEISC Advisory Committee
- Member: 2021 - Present
Community Group Leaders
- Member: 2021 - Present

Jay Gallman

Risk Advisor

Duke University

Durham, North Carolina, UNITED STATES

Biography

EDUCAUSE Publications

Cybersecurity and Privacy Perspectives on the EDUCAUSE 2023 Top 10 IT Issues

NIST SP 800-171 Overview

NIST SP 800-171 Toolkit

EDUCAUSE Presentations

Putting the Pro (and the Cure!) in Procurement: Third-Party Security and Privacy Reviews (separate registration is required)

Advanced System Security Plan Workshop (Separate Registration is Required)

HEISC 800-171 Community Group (CG) Meeting (Open to All)

Memberships

EDUCAUSE Involvement

Cybersecurity and Privacy Professionals Conference 2025

EDUCAUSE Community Surveys

NIST 800-171 Compliance Toolkit

HEISC Advisory Committee

Community Group Leaders

Durham, North Carolina,
UNITED STATES