Five questions for Brad Judy
October is widely known as the spookiest month of the year and not just because of Halloween. It’s also Cybersecurity Awareness Month, when we consider how to protect ourselves from cybercriminals lurking in dark corners on the internet.
Fortunately, Brad Judy, CU’s Chief Information Security Officer (CISO), and the university’s cybersecurity teams make things a lot less scary. Every day, they’re hard at work navigating the latest cyberthreats to keep CU and its information secure while shining a light on how we can reduce our risks online.
Judy began his long history with the university as an undergraduate at CU Boulder in the 1990s when he installed hardware and software in computer labs on campus while earning his degree in sociology. He joined Boulder’s information technology team full-time after graduating and worked there for more than a decade, transitioning to the campus’s information security team before leaving briefly to take a job in another state.
Upon moving back to Colorado in 2012, Judy rejoined CU, this time on the information security team at system administration. As he approaches his 26th year with the university, and to help kick off Cybersecurity Awareness Month, Judy spoke with CU Connections about everything from his top priorities as CISO, to what we have in common with cybercriminals, to what he loves about Colorado.
1. What are your priorities as CISO?
The majority of cybersecurity work at CU is happening on the campuses, so a big part of my job is doing whatever I can to support the campus cybersecurity teams and make their jobs easier. That includes achieving efficiencies on the tools they use and aggregating licenses to lower costs. My team also develops many of the campuses’ training and educational tools.
I’m also focused on working with university leaders at system administration to ensure they’re informed about current risks and the work we’re doing to mitigate them. And then of course, my team and I oversee the operational cybersecurity for system administration, actively working to protect various systems, including those for HR, finance and other units.
2. How is AI affecting cybersecurity?
Many people are turning to AI to make their jobs easier and their work more efficient, including cybercriminals. Just as we’re seeing AI being introduced to cybersecurity tools to add efficiencies, we’re also seeing criminals use AI to create phishing messages and write code for cyberattacks. Criminals are using AI for the same reasons so many of us use AI: They’re trying to make their lives easier and spend fewer hours working.
As people at CU start using AI in their jobs, CU’s cybersecurity teams and I are focused on ensuring that they’re using it safely. We strive to fully understand these tools and how they work so we can help people make informed decisions about how to use them appropriately, what types of data they should share and what types of business functions should rely on them.
3. How do you keep pace with rapidly evolving cyberthreats?
Like any field that moves fast, it’s a challenge to stay on top of things in cybersecurity, and it requires us to be informed about many other issues as well, including the broader news. We’re affected by global politics and shifts in business. You can wake up one morning and some national or global event changes your entire workday.
One of the things we ask candidates when they apply for cybersecurity positions at CU is how they stay informed. There’s no shortage of tech communication sources, including various websites, Mastodon, social media and countless others, and we use a wide variety. We also rely on each other because there’s so much information out there. We’re more than happy to share with each other. We have great teams, great people with an immense amount of experience and a lot of new ideas.
We also talk to our peers at other institutions around the country and, in some cases, around the world about what they’re seeing or a problem we’re trying to tackle. I love the community we have in higher education and cybersecurity.
4. What is one thing we all can do to stay safe – or safer – online?
The biggest thing is to listen to your gut. If something seems off, don’t be afraid to ask about it. If you get an email from your boss, but it doesn’t sound like your boss, call or text them to confirm they sent it. If you get an urgent email about an Amazon order, don’t respond via email – go to your Amazon account and see if you have anything in your order history. It’s better to ask the question than to fall for something. Criminals exploit the fact that people are busy and that they want to be helpful. They’re going after human nature.
Everyone has a role in cybersecurity at CU. Of course, the depth of that role depends on your job. But being thoughtful about the information you’re handling and how you handle it is probably the single biggest responsibility we all have.
5. How do you unplug from work?
I often have some sort of hands-on creative project going on. I just finished building a table lamp from a 1950s television I gutted, for example. I have a bunch of antique furniture around the house that I’ve picked up at thrift stores, stripped down and restored. I also like getting off the beaten path and I love that we’ve got a little bit of everything in Colorado – from major sports teams to art museums to science to beautiful outdoors and terrific weather. I can often be found in many of the small music venues around Denver when I’m not working. We have a great music scene here.
For more information about Cybersecurity Awareness Month at CU, including resources, webinars and other activities, visit www.cu.edu/cam.
