Secrets, Lies, and (re)Org. Charts: Separating Information Security from IT Services at UNBC
At BCNET Connect 2019 a debate session was held to explore the organizational relationship between Information Security and IT Service Delivery: “The relationship between CISOs and CIOs can be complex; while the former are tasked with ensuring the security of an organization’s information assets, the latter have more diverse and often conflicting sets of priorities. This can result in a tension between the two roles that has the potential for either a dysfunctional dynamic or one that can result in optimal solutions to difficult problems. “ The outcome of that debate was that while it was likely a good idea to separate security from services, most universities and colleges were not ready to make the change. However in the spring of 2020, with a fresh pandemic underway, UNBC began the process of reorganizing IT service delivery and security into separate departments, with a CISO reporting to the executive alongside the CIO. In this session, Trevor Fuson (CIO, UNBC) and Dave Kubert (CISO, UNBC) will share the story of that separation, the successes (and maybe a few not quite success) encountered, and some of the lessons learned after nearly two years apart. Audience participation and questions are encouraged! Answers will be given! Some will be truthful!
Dave KubertChief Information Security Officer | University of Northern British Columbia
Dave is the chief information security Officer at the University of Northern British Columbia. He’s spent his career in academia working in Unix systems administration, network engineering, and software development before finally surrendering the last vestiges of his soul and moving into information security. Dave’s professional interests include redefining the role of information security in organizational structures, risk governance, walking a fine line, and being in over his head.