The job of a CISO is one of constant change and unexpected challenges.  One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars.  This is an audience not known for slow-motion progress. They need results, and they expect them quickly.  At a large university, the responsibility of a CISO is dizzying.

The challenge is not one to be underestimated; the University of Oxford consists of 39 Oxford colleges, which are financially independent and self-governing, but relate to the central University in a kind of federal system. There are also six permanent private halls, which are similar to colleges except that they tend to be smaller.  Therefore, the obligations for any CISO are immense.

I had the opportunity to speak with Graham Ingram, who serves as the CISO at the University of Oxford.  Graham’s responsibilities include governance, risk and compliance, and security operations for the collegiate university, with additional involvement in counter-fraud, data governance, and digital transformation.  Prior to this role Graham was the Chief of Staff for Deloitte Government and Public Sector cyber team.  Throughout his life, Graham has also been my brother, which was another challenge for him to tackle as well!

Philip Ingram: What do you see as essential skills for a modern CISO? 

Graham Ingram: A modern CISO must be business focused and able to move the cyber dialogue into the mainstream board discussions; one that balances benefits with the risks. Risk discussions can often be unduly negative and difficult to engage with.  Being a security evangelist can be counterproductive. You come across as trying to promote a belief system rather than a realistic necessity. (Read more...)