About IS

Focus areas: General security consulting, cloud architecture, Office 365 security, PCI-DSS, information classification, Authority to Operate, secure enclave design and build, presentations, enterprise initiatives, requests for proposals (RFP), standards guidance, secure network, and system architecture, NIST standards, Cybersecurity Maturity Model Certification (CMMC), research collaboration and cyber security.

Kyle has has worked at Penn State for thirteen years and has been involved with Information Security for ten years. During his time at IS, he worked on a variety of key initiatives and services as an analyst and engineer before becoming the Information Security Architect. Kyle believes in balancing security with usability to support the goals of the University and that security cannot be a one size fits all approach. He enjoys building relationships with University personnel to understand their needs and help design approaches that are both secure and allow work to continue without introducing unnecessary complexities.

Focus areas: Enterprise firewall, general security consulting, Office 365 for level 3 and 4 data, requests for proposal (RFP), exemptions and exceptions, change advisory board, incident response, secure information system design, SME for security projects.

Randy has spent the majority of his 20 years at Penn State working in information security. He was part of the first central security team that was formed at Penn State which was the precursor to other iterations of security at the University. Prior to his time at Penn State he was employed by a large defense contractor. He has an extensive background in secure infrastructure, intrusion detection, and system design. Randy’s experience and expertise allows him to apply a wealth of knowledge into helping consult on and design systems that are not only secure but also meet the needs and challenge of complex university environments.

Focus areas: cyber risk, Cybersecurity Maturity Model Certification (CMMC), NIST standards and frameworks, Authority to Operate (ATO), general security consulting, ATO compliance, requests for proposal (RFP), exemptions and exceptions, secure information system design, SME for security projects.

Andy splits time between the IS Consulting and Architecture team. and the Privacy Compliance and Risk team. This unique dual role allows him to focus on both the technical sides of cyber security as well as the compliance implications. Andy is able to build processes and workflows that help projects navigate the complex waters on both the cyber and compliance sides. He is also able to utilize this experience to help mature Penn State’s CMMC program and stay on top of current requirements for this critical work. Prior to joining IS, Andy was involved in the security program and vulnerability management for Penn State IT. 

Focus areas: Infrastructure, networking, endpoint management, cloud development, compliance frameworks, NIST, ITAR, virtualization, VDI, CMMC, system security plans, secure enclaves, authority to operate, process maturity.

Mike is a Cyber Security Systems Engineer with the Consulting & Architecture group within Information Security. Mike graduated in 2005 from Penn State with a BS in Information Technology minoring in business. Prior to joining IS, he worked for over 7 years in Penn State’s College of Engineering as the Senior Systems Analyst managing infrastructure, security, and compliance frameworks for critical research projects. Before his time at Penn State, Mike was an administrator and later IT Manager for General Dynamics, a global aerospace and defense company. Mike has also worked at ESPN as an associate systems administrator. Outside of work, Mike volunteers with Penn State’s Men’s Ice Hockey team as an in-game statistician tracking advanced statistics, video editor, assists with in-game playstyle/strategy adjustments and other operational duties. He also enjoys golf, playing guitar, and attending PSU sporting events; primarily Football and Wrestling.

Focus areas: Core infrastructure, cloud development, virtualization, Office365, endpoint hardening and management, securie information system design, general security consulting, enterprise wide initiatives, research security. 

Jason started his career in IT at a small defense contractor as a network administrator working with application developers on research contracts for the Navy. From there then moved into a systems analyst role at a large corporate bank where he was responsible for implementing and maintaining much of the institution’s core IT infrastructure. Just prior to joining Penn State, he was a Senior systems analyst at IUP managing the university’s IT infrastructure. His primary focus was on the secure systems and services supporting the student information system. He was also heavily involved with the university’s identity and access management (IAM) systems and services.