7 Questions with REN-ISAC's Anthony Newman -- Campus Technology

7 Questions with REN-ISAC's Anthony Newman

We asked the Research and Education Networks Information Sharing and Analysis Center's recently appointed executive director about today's biggest cybersecurity challenges and his goals for REN-ISAC moving forward.

By Rhea Kelly
10/23/23

This year marks the 20th anniversary of the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), the Indiana University-based cybersecurity organization dedicated to safeguarding the research and education data of more than 750 member institutions around the world. To find out what REN-ISAC has in store for the next 20 years, we sat down with Anthony Newman, who was recently appointed as the organization's new executive director.

The following conversation has been edited for length and clarity.

Campus Technology: You have an extensive background in IT — what brought you over to cybersecurity?

Anthony Newman: I came kicking and screaming to security.

My first professional job out of college was as a sysadmin at a small manufacturing plant. And I did everything: I was also the network admin, the mail server admin, the data center admin. So I naturally had to handle security, and back then, I just did a lot of reviewing logs. For years, I did a lot of log analysis and review and firewall management, things like that — things that I didn't really consider security, but were part of the security stack. Even later in leadership roles, I had a hand on that.

I never really had that dedicated security role until I was approached at Purdue for the CISO role, and I initially turned it down. I said, "No, I hate security. It's so much work. You don't get any benefits of it. It's all work, no play. It's running uphill." Knowing my strengths and weaknesses, the CIO at the time said, "Well, why don't you just jump in and see what you can do to make them more efficient and get more done?" I did that for several months, and then kind of walked away said, "That work's done. I'm gonna go back to my job." And again, the CIO said, "Why don't you consider the CISO role?" So I said, "I'll do the interim role." In that role, I kind of fell in love with it and realized what I had been missing for the past 17 years. And now, I don't know that I'll ever work outside this space again.

What keeps me in cybersecurity is the fast pace. I love that it's constantly changing: If you look back five years ago, that's a vastly different world compared to where we are today. Our threats are different, how we handle threat mitigation is different, and a year from now we'll do everything slightly differently as well.

CT: Coming to REN-ISAC, what are your first priorities as executive director?

Newman: We've had great leaders in the past and they set us up for success. The few things I'm doing right now are really around trying to continue that success. For instance, we're looking at our service offerings. We have a core service offering which is really the information sharing piece. Every day of the week, most of our members count on our daily watch report and any type of alerts that we might send. We also do CSIRT activities: We are the CSIRT for higher ed for the U.S. and Canada. And then there are all these other services that have been added over the years, or where members have said, "Hey, we don't have a way to do this. Can REN-ISAC do it?" Those are the things that we're evaluating right now. We have our core mission, but nothing precludes us from doing other things that also help those same members, be it security assessments, penetration tests, or general assessments. Those are all things that we're primed and ready to do.

We also offer some services that I think we can automate more. As a former CISO, I know that CISOs don't have time to buy something, learn everything they can about it, implement it, and then use it in an operational manner. They really need turnkey solutions. For example, we have lots of customers that use our threat intel platform, but it's not turnkey today — and we need it to be turnkey.

E-Mail this page

Printable Format

Featured

Rubrik Upgrades Data Protection Platform for Speedier Threat Hunting

Data security specialist Rubrik is upgrading its data protection platform to allow for quicker recoveries in the familiar backup & recovery process.
Educause Horizon Report: Sustainability Pressures Lead to Increased Cybersecurity Risks

Educause recently released the 2024 Cybersecurity and Privacy Edition of its Horizon Report series, forecasting key trends, technologies, and practices shaping the future of cybersecurity and privacy in higher education.
Study: 1 in 10 AI Prompts Could Expose Sensitive Data

Nearly one in 10 prompts used by business users when interacting with generative artificial intelligence tools may inadvertently disclose sensitive data, according to a study released today by data protection startup Harmonic Security Inc.
Digital Leadership Must-Haves for 2025: A CDO's Picks

Now that he's more than a year and a half into his chief digital officer role at NJIT, we've asked Ed Wozencroft to reflect on his areas of concentration: What work must digital leaders "own" in 2025?