February 28, 2026

Higher Education Cybersecurity Risks: Insights from a CISO at DeVry University

Vaibhav February 27, 2026
Higher-Education-Cybersecurity-Risks-Insights-from-a-CISO-at-DeVry-Universitydata
Post Views: 12

Higher education institutions face a unique challenge in balancing the need for academic freedom with the need to protect against cyber threats. Fred Kwong, Vice President and Chief Information Security Officer (CISO) at DeVry University, shared his insights on how to strike the right balance between these competing interests.

A Multi-Faceted Approach to Managing Cyber Risk

According to Kwong, DeVry University takes a multi-faceted approach to managing cyber risk. The university separates its systems into two distinct categories: those used by students and those used for back-end operations. This separation of systems helps to limit exposure and reduce the risk of a breach.

According to Kwong, DeVry University takes a multi-faceted approach to managing cyber risk.

The Role of the Cyber Risk Committee

The university’s Cyber Risk Committee, which includes representatives from various departments, plays a critical role in assessing and mitigating risk. The committee reviews potential risks and determines the likelihood and potential impact of each threat. If a risk exceeds the university’s acceptable threshold, the committee works to identify compensating controls and assigns ownership of the risk to a specific individual or department.

Protecting Student Data

Kwong noted that the way student data is handled has changed significantly over the past decade. Modern learning management systems (LMS) have centralized student data, making it easier to access and analyze. However, this centralization also increases the risk of a breach. To mitigate this risk, Kwong emphasized the importance of having full visibility into data flows and ensuring that appropriate controls are in place.

The Rise of Hybrid Learning

The rise of hybrid learning has also introduced new challenges for higher education institutions. With students accessing university systems from unmanaged devices all over the world, the traditional campus-centric security perimeter is no longer effective. Kwong noted that institutions must evolve their defense capabilities to address this new reality. This includes implementing AI-based email protection, phish-resistant multi-factor authentication, and identity verification.

Protecting Learner Accounts

To defend against account compromise in environments where thousands of students are logging in from unmanaged devices, DeVry University focuses on protecting learner accounts. The university uses detective controls such as threat hunting and monitoring the dark web for signs of account compromise. Kwong also emphasized the importance of educating students on how to spot phishing attacks and protect their accounts.

Securing Research Computing Environments

When it comes to securing research computing environments, Kwong noted that faculty often require maximum freedom to conduct their research. However, this freedom must be balanced with the need to protect sensitive or federally regulated data. To address this challenge, DeVry University encrypts all sensitive data, hardens systems, and implements security kits to ensure visibility. The university also segments the environment to limit access to sensitive areas.

Implementing Defensive Layers

Ultimately, Kwong emphasized that the key to balancing academic freedom with cybersecurity is to implement defensive layers throughout the identity lifecycle. This helps to reduce the probability of unauthorized access and shortens the time to detect and recover from a breach. By taking a proactive and multi-faceted approach to cybersecurity, higher education institutions can protect their students, faculty, and staff while also preserving academic freedom.



About Author

Vaibhav

See author's posts

More Stories

Third-Party-Patching-Mitigating-Risks-in-a-Shared-Business-Ecosystemdata

Third-Party Patching: Mitigating Risks in a Shared Business Ecosystem

Vaibhav February 27, 2026
RESURGE-Malware-Alert-CISA-Warns-of-Dormant-Threat-on-Ivanti-Devicesdata

RESURGE Malware Alert: CISA Warns of Dormant Threat on Ivanti Devices

Vaibhav February 27, 2026
Russian-Cyberattacks-Linked-to-Missile-Strikes-ATT-CK-Advisory-Council-Exposes-Predator-Bypassing-iOS-Security-Indicatorsdata

Russian Cyberattacks Linked to Missile Strikes: ATT&CK Advisory Council Exposes Predator Bypassing iOS Security Indicators

Vaibhav February 27, 2026

Latest Cyber Security News

Advanced-Threat-All-in-One-RAT-Combines-Credential-Theft-Ransomware-DDoS-and-Moredata

Advanced Threat: All-in-One RAT Combines Credential Theft, Ransomware, DDoS, and More

Vaibhav February 27, 2026
Protecting-AI-Autonomy-Open-Source-IronCurtain-Safeguard-Layer-for-Autonomous-AI-Assistantsdata

Protecting AI Autonomy: Open-Source IronCurtain Safeguard Layer for Autonomous AI Assistants

Vaibhav February 27, 2026
Hyderabad-Businessman-Loses-2-65-Crore-in-Social-Media-Investment-Scamdata

Hyderabad Businessman Loses ₹2.65 Crore in Social Media Investment Scam

Vaibhav February 27, 2026
Four-Arrested-for-Impersonating-Customs-Officials-Using-Pakistani-IP-Address-for-Fraudulent-Activitiesdata

Four Arrested for Impersonating Customs Officials Using Pakistani IP Address for Fraudulent Activities

Vaibhav February 27, 2026
Third-Party-Patching-Mitigating-Risks-in-a-Shared-Business-Ecosystemdata

Third-Party Patching: Mitigating Risks in a Shared Business Ecosystem

Vaibhav February 27, 2026
en_USEnglish
en_USEnglish