Matt Nappi currently serves as the Chief Information Security Officer (CISO) at Stony Brook University, including Stony Brook Medicine. He chairs the University's Information Security Program Council and oversees the Program implementation. He also assists in developing policy and procedure, coordinates the implementation of security related technologies, and helps balance the risk posture of the organization with the mission of the University. He was previously employed as a Sr. IT Security Analyst prior to being appointed to his current position. Matthew has extensive experience as an IT Professional, starting his career in private industry before making his way into higher education. Prior to joining Stony Brook University and specializing in security, he supported critical systems for the University's Hospital as a Sr. Systems Administrator. Matthew holds many well recognized industry certifications, including the CISSP, CISM, GIAC GSEC, GCED, GCIH, GCIA, GSTRT, MCITP and Project+, in addition to a Bachelor's of Science Degree with an IT Network and Design Emphasis. He enjoys sharing his thoughts on security related topics through his blog and collaborating with his peers as a current REN-ISAC and GIAC Advisory board member.
Students with limited professional work experience may lack appropriate knowledge and expectations to work effectively in cybersecurity departments. A carefully implemented program can find the best students for those positions.
CISOs and cybersecurity professionals face the ongoing challenge of effectively communicating real-world risks and threats to campus stakeholders. Use these guiding principles as you consider what (not) to say when discussing technical challenges with nontechnical audiences.
You want to approach security as if you were trying to secure your own physical home, imagining that it is in the worst neighborhood on the planet and must withstand endless attacks from skilled criminals. That is the reality of maintaining a digital home in the 21st century.