Princeton recently began a search to appoint an inaugural chief information security officer to lead and oversee University policy and strategy for its informational security, according to a recent job posting.
The University currently employs an information technology security officer, Anthony Scaturro, although he is not a “chief.” University Spokesperson Martin Mbuguadeclined to compare the newly created position with the old one, arguing that such a comparison wasn’t useful. He also declined to confirm if Scaturro’s current job post will respond directly to the new CISO.
The University also announced the appointment of an inaugural executive director of Career Services on Monday. The new position will outrank Career Service’s current highest officer, Director Beverly Hamilton-Chandler.
Mbugua explained that the two security positions will complement each other and provide the University with much-needed additional resources to serve its community.
Scaturrodeferredcomment to Mbugua.
Mbugua also declined to comment specifically on whether or not Scaturro was under consideration for the new CISO position, citing the need to keep the personnel search process private.
Whoever fills the position will, according to the job ad posted on the University’s employment website, “play a critical role in addressing the larger institutional issues of information security policy and practice, data governance, risk assessment and business continuity.”
Mbugua characterized the creation of the CISO position as “yet another step” in improving the University’s technological safety in the ever-changing and volatile realm of information technology.
“It’s important to have someone who is responsible for information security, and in an organization the size of Princeton it … absolutely makes sense,” computer science and public affairs professor Edward Felten said. “The University does a lot of different things — it’s an employer, it has student records, it has health-related records, and there’s a lot of research that people on the outside might want to get outside access to as well.”
The Harvard Crimson recently published an article exploring how Harvard, which already employs a chief information security officer, is under a constant barrage of attacks by hackers.
“We’re seeing things in the tens of thousands a day,” Harvard IT Department Chief Information Security Officer Christian Hamer told The Crimson.
Felten said he didn’t doubt that Princeton faced a similar volume of attacks on a regular basis.
“Any big institution is going to be constantly under attack, whether it’s a university or a company,” he said.
Mbugua didn’t elaborate on the number of attacks that Princeton experiences. He also said, however, that the University's creation of the new CISO position was simply a logical and natural “next step” in further developing the University’s IT security, rather than a response to these attacks.
“As you can imagine, no institution can claim to be immune … from attacks,” Mbugua said. “[These attacks] are expected and that is part of the reason why IT security is an important part of what the University does.”
According to the job ad, the CISO position will only directly oversee one staff member from the Office of Information Technology, although the ad noted that the resources and responsibilities of the position were expected to grow in the future. The ad also said the CISO would spend a lot of time collaborating with the University’s leadership as well as departmental, technical and administrative staff.
Like Harvard, fellow Ivies Dartmouth College, Yale University and Columbia University all have dedicated “chief information security officers,” while Brown University, Cornell University and the University of Pennsylvania have “chief information officers.”
Mbugua said that Princeton’s decision to create the new position was based on internal factors independent of the IT security situations at other universities.
“Each institution has its own set of unique needs and circumstances,” Mbugua said.