Dan Jones, director of information technology (IT) security for the University of Colorado Boulder, has been named interim chief information security officer for the CU system. In his new dual role, Jones will coordinate IT security efforts with system and the campuses.
Leonard Dinegar, senior vice president and chief of staff, said Jones will work closely with campus security principals to protect private data pertaining to students, patients, faculty and staff, and will present reports to the IT Governance Board, the president's leadership team and, as necessary, to the Board of Regents and/or its audit committee.
"Dan has many years of expertise in the IT security industry and will be an integral member of system's information security team," Dinegar said.
The evolution of the new position began five years ago, Dinegar said, when the campuses were just beginning to build strong infrastructure for information security. At that point, there was a great need for a full-time centralized information security post at the system level.
The strengthening of those functions at the campuses, combined with budget cuts, led to the decision to no longer have a full-time position at the system level. Dinegar said groups on all campuses were consulted before pursuing the new arrangement, and that approval was unanimous.
"This is a tremendous opportunity that will better allow for shared development of effective information security practices," Jones said. "There is much good work being done on each campus to protect university information resources and there needs to be someone to coordinate and provide support to those efforts. Likewise, as we are making investments in security technology, we should be coordinating so as to ensure we are making the most efficient use of university resources."
Though Jones still will be based in Boulder, he will work at 1800 Grant St. in Denver one day each week (Tuesday) as a part of his systemwide role.
"While many have indicated that having an individual with campus experience will be beneficial in the chief information security officer role, there are advantages to spending time at the system offices," Jones said. "This will further help me keep in tune with critical university functions, allowing me to adjust our security efforts as needed. Ultimately, the information security program exists to support the mission of the university. If our security efforts are not in harmony with the institution's goals, the security program cannot succeed."