UIT Leadership Spotlight: Corey Roach, Chief Information Security Officer
Where are you from originally?
I'm a Utah native. Growing up, I moved around the Salt Lake Valley, but I've always lived in Utah.
What led you to the University of Utah?
I worked mainly in the finance sector before joining the university. I also ran a small technology consulting business. When an opportunity to focus on technology and work on a significant project presented itself, I jumped on it.
Can you describe the path you took to IT leadership?
My path to executive leadership has been a little unusual because rather than spending much of my career in business and management, I came up through the technical ranks.
I began my career at the university as a technical liaison during the construction of student housing and the University Guest House in Fort Douglas for the 2002 Olympic Village. Then I stayed on to manage technology across the 75-acre site.
I most enjoyed the challenge of the security aspect of technology, so when an opening became available in the university's fledgling Information Security Office, I lobbied hard to get the spot. I must have called and emailed the manager of the group every other day for a month.
While working in the Information Security Office, I tried to take advantage of any opportunity to expand my technical knowledge or my business acumen. I eventually became a lead engineer and specialized in security engineering and incident response.
When ISO grew to a size that leadership decided it needed to be split into separate functional teams, I took over management of the Enterprise Security team, which aligned with my areas of expertise.
While managing the ISO-ES team, several opportunities to take an interim leadership position presented themselves during periods of transition, and I took advantage of them to expand my management skillset and learn the role of executive leadership.
How would you describe your leadership style and/or philosophy?
I believe my leadership style has evolved with my role.
Early on, I'd say I was a democratic-style leader. I led a group of highly talented and knowledgeable technical professionals, and we were focused on achieving the objectives given to us by university leadership. I'd facilitate gathering input from each member of the team, and I'd cast the deciding vote where necessary.
As the scope of my responsibilities has expanded, I've had to become a more strategic leader. I factor in the university's goals, the current threat landscape, the resources available, and input from subject matter experts to form strategic initiatives that I feel will best protect the university from risk while also enabling the organization to achieve our broader mission.
I also strive to be a mentor and coach. I try hard to create progression paths within my organization because I believe people enjoy work more when they are provided with opportunities to grow and learn. A lesson I learned early in my career that has stuck with me is that the best managers want to see their employees’ capabilities grow, even if that means they eventually move on to bigger and better things.
What do you enjoy most about your role at the U?
I enjoy the challenge of doing information security at a university more than anything else. Hospitals and universities are probably the most difficult environments to try to protect. It's like trying to secure a very diverse and constantly evolving city with many different needs and levels of sensitivity.
As frustrating and stressful as it can sometimes be, I suspect I might get bored doing this job anyplace else.
What do you find most challenging about your job?
The diversity of technology and security needs is probably the biggest challenge at the university. Rarely does one size fit all when it comes to security solutions at the university. However, this challenge is one of the things that keeps the job interesting.
What are some of your hobbies?
Is there a fun fact about yourself that you'd like to share?
When I was young, I used to tell people that I wanted to grow up to be a "hacker" long before computer security was a mainstream job. Telling people that I wanted to be something they thought was synonymous with "criminal" got me in trouble with adults more than once.
Is there anything else that you think our readers would like to know about you?
My philosophy about information security is that its purpose is to facilitate the use of technology for faculty, staff, and students in a way that minimizes risk to themselves and the university. Security works best when it's least intrusive. If you spot a security problem, you feel like security is getting in the way, or you have an idea about how we can improve security at the University of Utah, please reach out to me or any other member of the ISO team.
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.