You are here:

CISO Roach presents on academic freedom, data security at SAINTCON

Chief Information Security Officer Corey Roach

Chief Information Security Officer Corey Roach

By Larrisa Beth Turner

With Silicon Slopes and a rapidly growing tech sector, Utah often draws some of the country’s biggest tech conventions. While the homegrown SAINTCON cybersecurity conference doesn’t draw the largest crowds, it sells out every year to security and IT professionals, as well as people interested in computer security.

The annual SAINTCON (Security Advisory and Incident Network Team Conference) features presentations and activities that provide various levels of security instruction and training, from fundamentals to advanced techniques.

It’s not unusual to find UIT employees at the Provo conference, either as attendees or speakers. This year, Chief Information Security Officer Corey Roach spoke during the leadership track.

In his presentation, Roach addressed the oft-tense dynamic between academic freedom and data security.

“Historically, in higher-education, ‘academic freedom’ has often been a phrase used as a trump card to avoid implementing data security,” he wrote for the SAINTCON website, describing his presentation. “I make the case that data security is not the antithesis of collaboration and innovation, but rather an integral part in providing educators, scientists, and researchers an environment where learning and discovery can flourish.”

Instead of an “us-versus-them” approach, Roach takes a more modern stance.

“Data security, when done properly, is there to support the business,” he said. “At a university, our business is academia — teaching and learning — which includes academic freedom.”

Roach suggests a few ways information security leaders can help business leaders and security professionals better understand each other’s roles, goals, and decisions, as well as improve relationships.

  • Mentor new security pros in information security. Mentor experienced security pros in business and risk management.
  • Keep security pros informed on business goals and initiatives.
  • Explain risk decisions made by business leadership to security pros.

 

Last Updated: 12/18/19