Tom Davis

Tom Davis

Chief Security Officer

Contact Information

Tom is Indiana University's Chief Security Officer.  In this role, Tom provides executive leadership and specialized expertise to the development and management of programs related to physical access and security, personal protection, surveillance, the security of institutional and personal information, and the security of information technology.  Tom also directs the efforts of the University Information Security Office (UISO).  The UISO is responsible for university-wide security standards administration, technical risk assessment programs, security reviews and consulting, technical security resources, and technical responses to security incidents.

Before his current appointment, Tom served as IU's Chief Information Security Officer.  Tom has worked in the security field since 1991, is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CISM), and holds a Bachelor of Science in Computer Science from Indiana University (1987).

Selected Presentations

  • "Building an Information and IT Compliance Program," EDUCAUSE Security Professionals Conference, May 2012
  • "Payment Card Industry Data Security Standards — Are You at Risk for a Fine?," Center for Applied Cybersecurity Research Indiana Higher Education Cybersecurity Summit, April 2010
  • "Getting Things Done Panel: A Practical Approach," IU Statewide IT Conference, October 2009
  • "Writing an Information Security and Privacy Program," EDUCAUSE Security Professionals Conference, April 2009
  • "Writing an Information Security and Privacy Program," EDUCAUSE Annual Conference, October 2008
  • "Security and Finance: Bridging the Communication Gap," Treasury Institute PCI-DSS Workshop, May 2007
  • "Payment Card Industry Data Security Standards," IU Treasury Business Seminar, August 2006

Selected Publications

  • Q&A: Indiana University's key to safeguarding confidential data, FierceCIO, March 2011
  • Conway, W., Davis, T. (2009). Data Security: Noteworthy Outcomes From 2009 PCI Community Meeting: NACUBO Business Officer, vol. 43, no. 4, 16-18
  • Davis, T. (2009). Me and My Job, SC Magazine For IT Security Professionals, vol. 20, no. 1, 15
  • Davis, T. (2009). Security Requires More Than Technology, EDTECH Focus on Higher Education
  • Pyrillis, R., Roberts, V. (2008). Burst of Vitamin 'C' - Pointers from CIOs and CISOs on getting the most value from systems teams: EDTECH Focus on Higher Education, vol. 4, no. 1, 38-40

Professional and Service Activities

  • Ivy Tech Information Security Curriculum Advisory Board
  • NACUBO Technical Representative to the Payment Card Industry Security Standards Council
  • Co-chair, Higher Education Information Security Council's Information Security Guide Editorial Board
  • Higher Education Information Security Council Leadership Team Member
  • Past chair, Committee on Institutional Cooperation Security Working Group
  • EDUCAUSE Security Professionals Conference 2006 Program Committee Member

Honors and Awards

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Selecte