Tom Davis

Acting Chief Assurance Officer

Physical Security and Access / University Information Security Office
2709 East 10th Street
Bloomington, IN



As acting chief assurance officer for IU, Tom Davis oversees and advises university leadership on strategy, policy, and execution for a variety of cybersecurity areas designed to maintain an appropriate level of assurance in university operations and activities.

He also is the founding Executive Director and CISO of the OmniSOC - a new cyber-security operations center shared service for multiple universities. In this role, he provides executive leadership to establish the OmniSOC and its services based on the needs of founding members Indiana University, Northwestern University, Purdue University, Rutgers University, and the University of Nebraska.

Before his current appointment, Davis served as Indiana University's Chief Security Officer and provided executive leadership and specialized expertise to the development and management of programs related to physical access and security, personal protection, surveillance, the security of institutional and personal information, and the security of information technology. Davis also directed the efforts of the University Information Security Office. The UISO is responsible for university-wide security standards administration, technical risk assessment programs, security reviews and consulting, technical security resources, and technical responses to security incidents.

Davis has worked in the security field since 1991.

Honors & Awards

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Selected into Indiana University Information Technology Leaders Program (ITLP), 2007

Presentations and Publications

  • "Building an Information and IT Compliance Program," EDUCAUSE Security Professionals Conference, May 2012
  • Q&A: Indiana University's key to safeguarding confidential data, FierceCIO, March 2011
  • "Payment Card Industry Data Security Standards — Are You at Risk for a Fine?," Center for Applied Cybersecurity Research Indiana Higher Education Cybersecurity Summit, April 2010"
  • Conway, W., Davis, T. (2009). Data Security: Noteworthy Outcomes From 2009 PCI Community Meeting: NACUBO Business Officer, vol. 43, no. 4, 16-18
  • Davis, T. (2009). Me and My Job, SC Magazine For IT Security Professionals, vol. 20, no. 1, 15
  • Davis, T. (2009). Security Requires More Than Technology, EDTECH Focus on Higher Education
  • Getting Things Done Panel: A Practical Approach," IU Statewide IT Conference, October 2009
  • "Writing an Information Security and Privacy Program," EDUCAUSE Security Professionals Conference, April 2009
  • Pyrillis, R., Roberts, V. (2008). Burst of Vitamin 'C' - Pointers from CIOs and CISOs on getting the most value from systems teams: EDTECH Focus on Higher Education, vol. 4, no. 1, 38-40
  • "Writing an Information Security and Privacy Program," EDUCAUSE Annual Conference, October 2008
  • "Security and Finance: Bridging the Communication Gap," Treasury Institute PCI-DSS Workshop, May 2007
  • "Payment Card Industry Data Security Standards," IU Treasury Business Seminar, August 2006

Other Activities

  • Ivy Tech Information Security Curriculum Advisory Board
  • NACUBO Technical Representative to the Payment Card Industry Security Standards Council
  • Co-chair, Higher Education Information Security Council's Information Security Guide Editorial Board
  • Higher Education Information Security Council Leadership Team Member
  • Chair, Committee on Institutional Cooperation Security Working Group
  • EDUCAUSE Security Professionals Conference 2006 Program Committee Member