About IS

Information Security

Report an Incident

Consulting & Architecture

Your starting point for information security. We promote, design, and develop secure architecture across Penn State. Our key initiatives include secure enclaves, Authority to Operate, and guideline development. We’re always happy to provide answers and guidance for general security consulting questions. If you have a cybersecurity question and aren’t sure where to start, start with us!

focus

FOCUSED ON YOU

Cybersecurity is a partnership. As a customer-focused group, we work closely with units, colleges, and campuses to promote cybersecurity holistically and collaboratively; not just as an afterthought or lone project. Our projects vary in scope from large enterprise-wide initiatives to localized college research projects and administrative needs.

If you have any question, concern, or need, please don’t hesitate to reach out to us. We would love the opportunity to partner with you to strengthen cybersecurity across Penn State.

Services

Secure Architecture Design

Need to build a new information system? Want to make sure it’s secure? Our team can give input on how to build a secure system and maintain the integrity of your information.

Authority to Operate

All information systems processing or storing Level 3 or Level 4 data under University Policy AD95 must have an authority to operate (ATO).

Learn more about ATOs here.

Secure Enclaves

Secure enclaves help to ensure that Penn State’s most valuable information remains secure.

Learn more about Secure Enclaves here.

Subject Matter Experts (SME) for IS compliance

Our team collaborates with the IS GRC compliance team to provide the technical expertise required to maintain compliance in your area.

Security Consulting

Have a question? Need some input? Our team is here to help you with your project, big or small. We have the right expertise to guide you through any challenge.

Subject Matter Experts (SME) for projects

Have a local project that involves any technology? Our experienced staff can sit in on project meetings to help you find a secure and compliant solution.

Regulatory Compliance

Our team collaborates with the IS GRC compliance team on regulatory compliance and sensitive research to  meet government requirements. NIST 800-171 and CMMC are two that have a large impact on research.

Requests for Proposal (RFP)

Looking to source new services, hardware, or software? Our team can help you work through the security side of an RFP.

Cloud Initiatives

Partnering with the EIT cloud team, we can help you understand and design your system for the cloud.

involved

GET US INVOLVED

Consulting & Architecture offers consulting for a wide array of cybersecurity projects, services, and initiatives. Don’t see what you need here? Email security@psu.edu; we can help or find the right contact person for you.

Working on an ATO or enclave? Please reach out to use through your existing ATO record in ServiceNow, or email enclaves@psu.edu.

Meet our team

Randy Hegarty

Randy Hegarty

Cyber Information Assurance Analyst

 

Focus areas: Enterprise firewall, general security consulting, Office 365 for level 3 and 4 data, requests for proposal (RFP), exemptions and exceptions, change advisory board, incident response, secure information system design, SME for security projects.

Randy has spent the majority of his 27 years at Penn State working in information security. He was part of the first central security team that was formed at Penn State which was the precursor to other iterations of security at the University. Prior to his time at Penn State he was employed by a large defense contractor. He has an extensive background in secure infrastructure, intrusion detection, and system design. Randy’s experience and expertise allows him to apply a wealth of knowledge into helping consult on and design systems that are not only secure but also meet the needs and challenge of complex university environments.

Sean Woleslagle

Michael Morgan

Cyber Security Systems Engineer

 

Focus areas: Infrastructure, networking, endpoint management, cloud development, compliance frameworks, NIST, ITAR, virtualization, VDI, CMMC, system security plans, secure enclaves, authority to operate, process maturity.

Mike is a Cyber Security Systems Engineer with the Consulting & Architecture group within Information Security. Mike graduated in 2005 from Penn State with a BS in Information Technology minoring in business. Prior to joining IS, he worked for over 7 years in Penn State’s College of Engineering as the Senior Systems Analyst managing infrastructure, security, and compliance frameworks for critical research projects. Before his time at Penn State, Mike was an administrator and later IT Manager for General Dynamics, a global aerospace and defense company. Mike has also worked at ESPN as an associate systems administrator. Outside of work, Mike volunteers with Penn State’s Men’s Ice Hockey team as an in-game statistician tracking advanced statistics, video editor, assists with in-game playstyle/strategy adjustments and other operational duties. He also enjoys golf, playing guitar, and attending PSU sporting events; primarily Football and Wrestling.

Jason Behory

David Stucky

Cyber Information Assurance Analyst

secure

JOIN THE CONVERSATION

Join in the conversation on Yammer: