Main Nav

Reflections on EDUCAUSE 2004 Annual Conference

It has been just over 5 years since a show of hands at the annual Seminars in Academic Computing indicated that probably less than 10 percent of colleges and universities had a full time security professional.  We know from a survey conducted by the EDUCAUSE Center for Analysis and Research (ECAR) in April 2003 that 30 percent of our institutions had a full-time dedicated security officer at the time and that there had been a steady increase since about 1994.

I would speculate that the ranks of security staff have grown considerably even since the ECAR study of 1 + years ago.  There are two indicators that support my conclusions:  1) the exponential growth in attendance in our annual Security Professionals Conference (from 100 in its inaugural year in 2003 to 250 last year), and 2) the growing numbers of individuals with the titles of “director of information security” or “chief security officer” who are attending and presenting at our annual EDUCAUSE conference.  It is the later that I find particularly encouraging because it suggests that individuals with responsibility for security are being recognized within the management ranks of their organizations and are increasingly finding EDUCAUSE as a place where they can contribute and grow professionally.

Another positive result of the recent EDUCAUSE annual conference was the interest and participation in a number of security-related sessions.  The pre-conference seminars were particularly well attended:  Incident Handling and Response (36), Security & Identity Management for Small Colleges (42), Disaster Recovery & Business Continuity (41), Patch Management (19), Security Awareness, and Effective Practices (59)  To my surprise, the sessions identified as “best practices” that often focused on technical subjects were extremely popular.  It was just last year that we debated whether or not there would be demand for seminars that focused on technical aspects of security at the EDUCAUSE annual conference.  The need for more full-day (instead of half-day) seminars was also apparent.

Unfortunately, it is difficult to search the attendee database to get an accurate assessment of how many security professionals were in attendance at EDUCAUSE 2004.  This type of determination is complicated by the fact that not everyone “responsible” for security has the word in their job title.  Additionally, the “Primary Title Classifications” used by EDUCAUSE contain broad categories such as “Senior IT Staff” or “Support IT Staff” which casts a pretty wide net.  Although there is a search feature that will allow you to sort attendees by “Individual Areas of Knowledge/Experience” in which “Security” is one of the options, this feature begins with the caveat:  “Note that not all individuals have recorded their area(s) of knowledge/experience.”  Nonetheless, the resulting 161 search results includes a number of individuals with security as part of their job title.

I think it is encouraging that the annual EDUCAUSE conference is increasingly becoming a forum where security professionals in higher education will meet to receive professional development and to network with other IT professionals.  This is not to say that it will – or should – replace the more specialized national conference now known as the annual EDUCAUSE & Internet2 Security Professionals Conference.  Nonetheless, the growing demand for content and increasing number of security professionals present at the annual EDUCAUSE conference is an indication of the significance of cybersecurity to colleges and universities.

Tags from the EDUCAUSE Library