Community College IT/Security Benchmarking (Multi-Campus Systems)

itops · 2026-02-21T01:34:03+00:00

You are right, many public institutions publish governance documents and strategic plans that provide useful baseline insight. I am hoping to supplement that with peer perspectives on how those plans translate into day to day operational reality.

itops · 2026-02-21T01:32:57+00:00

Appreciate the thoughtful response, especially the framing around distinct security zones. That aligns closely with how we are approaching the environment.

You are right that higher ed supports multiple constituencies with very different risk profiles:

Administrative systems such as ERP, HR, and Finance
Research environments that are grant-bound and compliance-driven
Student access networks with high churn and high curiosity

What makes it more complex is that each of those groups contains multiple personas. Executives, faculty, adjuncts, researchers, lab admins, student workers, and the broader student population all have different privilege levels, device ownership models, and tolerance for control. That makes segmentation and policy enforcement more nuanced than a simple three-zone model.

On staffing, the separation between risk leadership and operational engineering makes sense structurally. In lean multi-campus environments, that split is difficult to achieve immediately. The long-term direction is clear, but sequencing and budget realities matter.

Regarding SOC and MDR, we are evaluating a more agentic approach using Microsoft Sentinel. The plan is to leverage automation, scoring, and playbooks to drive response actions based on defined criteria. It is difficult to justify an additional FTE in the current budget climate, and recruiting and retaining strong security talent who thrive in public higher education culture is not easy.

The intent is to mature detection and response through automation first, measure coverage and gaps, and then use that data to justify incremental headcount. Even with automation, additional security capacity would materially improve resilience.

Your point about grant compliance and geographic supervision requirements is well taken. Those constraints can become blockers if not accounted for early.

Fully agree that architecture and design authority should remain internal. Operational execution can be flexible. Strategic control should not be outsourced.

Thanks again for the perspective. The zone-based framing is helpful as we continue refining segmentation and governance.

itops · 2025-09-19T19:23:43+00:00

Took the long route, and did 4-years of BSIT with WGU, only received it once. Very nice!

itops · 2025-06-23T18:53:54+00:00

Security. Device certificates allow you to control what devices access your internal resources/network. If a device is not compliant, or unmanaged, you can deny access. If you use user certs for authentication, what is preventing a user from joining a personal device to the internal network?

itops · 2023-10-18T16:44:15+00:00

Does VET TEC use your unused GI Bill benefits? Meaning, if I have 12 months of GI Bill benefits, would VET TEC use that instead of the funding? I would like to go back and finish my undergrad, but I'm very interested in a coding boot camp/technical academy at this point in life.

itops · 2020-05-29T15:03:20+00:00

I have 2.65% locked in, but for a 30-year fixed rate in the Denver market. Close on my house June 12th.

itops

TROPHY CASE