Skip to toolbar

About OIS

Office of Information Security

Consulting & Architecture

Your starting point for information security. We promote, design, and develop secure architecture across Penn State. Our key initiatives include secure enclaves, Authority to Operate, and guideline development. We’re always happy to provide answers and guidance for general security consulting questions. If you have a cybersecurity question and aren’t sure where to start, start with us!



Cybersecurity is a partnership. As a customer-focused group, we work closely with units, colleges, and campuses to promote cybersecurity holistically and collaboratively; not just as an afterthought or lone project. Our projects vary in scope from large enterprise-wide initiatives to localized college research projects and administrative needs.

If you have any question, concern, or need, please don’t hesitate to reach out to us. We would love the opportunity to partner with you to strengthen cybersecurity across Penn State.


Secure Architecture Design

Need to build a new information system? Want to make sure it’s secure? Our team can give input on how to build a secure system and maintain the integrity of your information.

Authority to Operate

All information systems processing or storing Level 3 or Level 4 data under University Policy AD95 must have an authority to operate (ATO).

Learn more about ATOs here.

Secure Enclaves

Secure enclaves help to ensure that Penn State’s most valuable information remains secure.

Learn more about Secure Enclaves here.

Subject Matter Experts (SME) for OIS PCI compliance

Our team collaborates with the OIS compliance team to provide the technical expertise required to maintain PCI compliance in your area.

Security Consulting

Have a question? Need some input? Our team is here to help you with your project, big or small. We have the right expertise to guide you through any challenge.

Subject Matter Experts (SME) for projects

Have a local project that involves any technology? Our experienced staff can sit in on project meetings to help you find a secure and compliant solution.

Office 365 Security

We work to promote secure solutions within Office 365. Allowing Level 3 and Level 4 data in O365 is our current area of research and focus.

Requests for Proposal (RFP)

Looking to source new services, hardware, or software? Our team can help you work through the security side of an RFP.

Cloud Initiatives

Partnering with the EIT cloud team, we can help you understand and design your system for the cloud.



Consulting & Architecture offers consulting for a wide array of cybersecurity projects, services, and initiatives. Don’t see what you need here? Email; we can help or find the right contact person for you.

Working on an ATO or enclave? Please reach out to use through your existing ATO record in ServiceNow, or email

Meet our team

Kyle Crain

Kyle Crain

Information Security Architect - Team Lead


Focus areas: General security consulting, cloud architecture, Office 365 security, PCI-DSS, information classification, Authority to Operate, secure enclave design and build, presentations, enterprise initiatives, requests for proposals (RFP), standards guidance, secure network, and system architecture.

Kyle is the team lead for the Consulting & Architecture group. He has worked at Penn State for 11 years and has been involved with the Office of Information Security for eight years. During his time at OIS, he worked on a variety of key initiatives and services as an analyst and engineer before becoming the Information Security Architect. Kyle believes in balancing security with usability to support the goals of the University and that security cannot be a one size fits all approach. He enjoys building relationships with University personnel to understand their needs and help design approaches that are both secure and allow work to continue without introducing unnecessary complexities.

Randy Hegarty

Randy Hegarty

Cyber Information Assurance Analyst


Focus areas: Enterprise firewall, secure the border initiatives, general security consulting, Office 365 for level 3 and 4 data, requests for proposal (RFP), exemptions and exceptions, change advisory board, incident response, secure information system design, SME for security projects.

Randy has spent the majority of his 20 years at Penn State working in information security. He was part of the first central security team that was formed at Penn State which was the precursor to other iterations of security at the University. Prior to his time at Penn State he was employed by a large defense contractor. He has an extensive background in secure infrastructure, intrusion detection, and system design. Randy’s experience and expertise allows him to apply a wealth of knowledge into helping consult on and design systems that are not only secure but also meet the needs and challenge of complex university environments.

Andy Bowen

Andy Bowen

Cyber Security Systems Engineer


Focus areas: Infrastructure design and build, Cloud initiatives and infrastructure, cloud enclave design and build, application and system logging with Splunk, data centers, next gen firewall technologies, core networking, general security concerns and initiatives, requests for proposal (RFP), Office 365 for level 3 and 4 data.

Andy is a Cyber Security Systems Engineer with the Consulting & Architecture group within the Office of Information Security. Andy has worked for Penn State for over 5 years and has a deep background in systems administration, infrastructure, and network technologies and designs. Before coming to OIS, Andy worked in Penn State IT on the Windows administration team and also oversaw the management of the central Splunk instance. Andy’s strong background positions him and the Consulting & Architecture group in a unique position to blend security with the operational needs to develop approaches to security that take all aspects of the information system into account.



Consulting & Architecture has two Yammer groups.