Building a Student-Run SOC to Meet Threats Head-On
The New CISO - A podcast by Steve Moore - Joi
Categories:
On today’s episode, Aaron Baillio, the CISO of the University of Oklahoma, joins us to speak about his transition from the Department of Defense to higher education, how he managed merging teams, and how incorporating students into his SOC has benefitted everyone. The Switch from DOD to Education Before Aaron worked for the University of Oklahoma, he worked for the Department of Defense for 11 years. He reflects on how the DOD is primarily concerned about keeping secrets, whereas The higher education space is ultimately about giving away all the secrets. He loves how open the community to exchanging ideas. Listen to the episode to hear more on what he learned in his transition. Education vs. Commercial Aaron also discusses the intrinsic values in education: how everything you do is meant to support the student and to help educate and prepare them for life. The DOD, however, is all geared towards supporting the solider. He finds it very satisfying to be among young people. It’s also important to note that the salary in the education sector is about 12-13% less than commercial area. However, the education will offer free tuition for dependents, like children, and provides a better work-life balance, as they can’t compete with the salary. Aaron also speaks on the different security perspectives between the Department of Defense and education. Listen to the episode to hear how one field offers very ad hoc or tribal knowledge, whereas the other provides methodical training. Changes in the Job When Aaron first began, there was already a CISO, and then 9 months later, the CISO left. He had to learn how to adjust while still adjusting to the job. Then, 4 years later the CISO leaves again but during immense change for the university. Aaron rose to the occasion and moved into the role. His advice during times of change in your institution is to perform at least at the same level, if not better, than before the change. He iterates that you cannot slack. He learned that he had to let go of some of the technical information, and focus more on management side of the job, as well as learn the multiple layers of politics. Taking on the Leadership Role Fortunately, Aaron felt like he was supported by the university during his transition to a new role. He gives advice on what to do if your institution doesn’t support you. He encourages the listeners to get involved with charitable organizations or read books and listen to podcasts on leadership. However, when you’re practicing leadership, you will learn more, so it’s best to join organizations. Centralization at OU Campuses were so disorganized and disconnected But then a years ago, they acquired a new president, who wanted to centralize and consolidate the campuses Each campus had its own IT department and budget, so he had to oversee how to integrate this with grace and rationality Biggest hurdle was standardizing the technology While the faculty are the state employees and working towards tenure, they also act like contractors because they receive grant money and don’t want to conform to a standard way of doing things Managing people’s feelings was the greatest difficulties The people who didn’t want this amount of change left the organization Student Incorporation Aaron tells the story of a student coming to him and asking to learn cybersecurity. This sparked him to begin teaching a class on the 10 domains. Listen to the episode to hear his story. He also discusses how the industry wants people to have experience to get any job in cybersecurity, but they can’t get experience without a job. It became clear to Aaron that graduates out of OU were struggling to get jobs because they didn’t and couldn’t have