University Information Security Officer
In his role as University Information Security Officer, Andrew manages a team of security engineers and analysts. We are responsible for university-wide security standards administration, technical risk assessment programs, security reviews and consulting, technical security resources, and technical responses to security incidents.
Andrew started his career with IU in 1999 as a security engineer. He is a SANS Certified Inutrusion Analyst (GCIA) and Certified Windows System Administrator (GCWN). He obtained his Bachelor of Science in Physics from Purdue in 1996.
- Third-Party Assessments: Not Just a Questionnaire, EDUCAUSE Security Professionals Conference, 2013.
- Assessing the Security Posture of Third-Party Service Providers (with David Escalante), EDUCAUSE Enterprise Information & Technology Conference, 2011.
- InCommon Assurance Profiles (with Kim Milford), EDUCAUSE Security Professionals Conference, 2009.
- “Cloud Services: Policy and Assessment” (with David Escalante), EDUCAUSE Review, June 2011.
- SANS Security Essentials textbook, Volumes One and Two, 2003. Topics include cryptography, host-based intrusion detection, vulnerability scanning, password assessment and management, sniffers, and Internet protocol packet analysis.
Professional and Service Activities
- Technical Advisory Group (TAG) Chair, Reseach and Education Networking Information Sharing and Analysis Center (REN-ISAC), 2011-. The TAG provides technical guidance to the REN-ISAC.
- Security Assessments Project Team Co-Chair, EDUCAUSE Higher Education Information Security Council (HEISC) Governance, Risk, and Compliance (GRC) Working Group, 2010-2011. This team investigated third-party assessment frameworks.