North Carolina Central University—a school of approximately 8,000 students—is located in Durham, about a dozen miles or less from locations like Dell, Cisco, and Lenovo, where tough security protocols prevent just any old device from connecting to their networks.

“If you walk into one of their places, your phone stops working, right?” said Leah Kraus, who has to have a more open approach as CIO of a university.

In addition to overseeing the operation of administrative computing services, the NCCU website, campus-owned desktops and laptops, and classroom tech like smart boards and videoconferencing, Kraus and her team of about 60 staff members welcome a variety of devices that both off- and on-campus students can connect to a network.

Xboxes are welcome—as are PlayStations, Apple TVs, printers, and any other aspects of what Kraus calls a “living learning environment,” saying, “If it connects to a network, we try to support the student in having it connected to our campus network so they can do their work as well as their leisure.”

Kraus spoke with IT Brew about the unique risks and responsibilities of a university environment that welcomes so many connections.

The following responses have been edited for length and clarity.

What does a university IT team have to contend with that traditional IT teams do not?

We standardize on certain software and hardware, but if a researcher needs a specific device that needs to be connected to a specific piece of equipment, I, as CIO, can’t say, “Well, no, you can’t have that.” I’m the approver for every tech purchase on campus…if it has to go through our IT security for review, then it does that, but typically it’s a grant and it’s this piece of equipment, and we can find ways of securing around it.

What would you say to somebody who says: “How do you let all these Xboxes on campus?!”

That’s the point of having a very strong network segmentation and trusting your network engineers to build it out so you can do that. There was a time where folks were even saying, “We can’t do Bluetooth,” and, “We can’t do this.” What is the return on investment with that argument?

Our livelihood is students. It’s not widgets, right? Almost half of our students live on our campus. If they are not happy, then they’re going to be out on social [media]…It’s a real return on investment discussion. What’s the risk mitigation? What’s the risk analysis? Can we risk this? And yes, because you’re mitigating it.

How do you secure that kind of setup?

The guest network doesn’t touch anything. We have a separate student network, a separate faculty network, a staff network.

Read the rest here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

It’s no secret that there aren’t enough cybersecurity cooks in the kitchen: Surveys have shown that demand continues to outpace supply, even as hundreds of thousands of new roles were added to the global workforce last year.

Hiring to fill the estimated global deficit of 2.72 million cybersecurity roles isn’t going to happen overnight. In the meantime, industry leaders told IT Brew, recruiters should be rethinking the way they’re going about the hiring process by finding less traditional candidates, and by involving hiring managers who understand the complexity of the open jobs.

Don’t Ctrl + Paste job ads

“The trend of understaffing for cybersecurity has persisted for years because of the complexity of the issue at hand,” Candy Alexander, CISO at NeuEon and international board president at the Information Systems Security Association, wrote to IT Brew via email. Alexander added that HR departments often don’t understand the roles they’re recruiting for, cobbling together job listings from “other bad job descriptions” or relying on keywords to filter candidates.

That’s why it is common to “see an entry-level position that requires three years or more experience,” Alexander continued. “Or a CISO position that requires hands-on contributions, which is like having a VP of manufacturing that requires them to work on the assembly line. It just doesn’t make sense.”

And don’t just Ctrl + F résumés

One major first step is to ensure hiring managers who understand open roles are involved in the screening and interviewing process, Alexander told IT Brew. But recruiters should also realize certs and specific technical skill sets aren’t the only kind of experience that matters.

For example, a “financial analyst would be a great infosec analyst or GRC (Governance, Risk, and Compliance) analyst that is responsible for spotting trends in issues,” Alexander wrote. “Or a project manager…would be great at managing a risk or compliance program by following up on risk mitigation tasks.” (That’s another area where filtering applications by keywords can be a problem, Alexander added.)

A recent Trellix survey showed widespread concern about the risks associated with the dearth of cybersecurity professionals. To ease the shortage, a 2018 report suggests, recruiters need to court candidates from underrepresented groups and non-traditional backgrounds.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: 33,000. That’s the number of hours one federal cabinet department spent responding to the Log4j vulnerability, which CISA’s cyber safety review board has called an “endemic vulnerability.” (Cybersecurity Dive)

Quote: “You just visit the website and you have no idea that you’ve been exposed.”—Reza Curtmola, NJIT computer science professor and coauthor of a study showcasing a hacking technique that can be used to de-anonymize website visitors (Wired)

Read: Blind internet users are frustrated by new accessibility tools powered by AI, which seem to create more problems than they solve. (the New York Times)

IT’ll cost ya: But with Electric’s free IT-cost calculator, you can get an estimate of the time and money your biz spends on IT-related tasks. Not crazy about your result? Electric can save you 50% on IT costs with their lightning-fast support. Calculate here.*

^{*This is sponsored advertising content.}