Main Nav

HEISC Mission

The Higher Education Information Security Council (HEISC) was established in July 2000 to provide coordination for the higher education sector. The HEISC mission is to support higher education institutions as they improve information security governance, compliance, data protection, and privacy programs. HEISC accomplishes this work through volunteer groups supported by professional EDUCAUSE staff, as well as collaborations with other organizations that address information security and privacy in higher education. HEISC actively develops and promotes information security leadership, awareness, and understanding; effective practices and policies; and guidance for the protection of critical data, IT assets, and infrastructures. Read the HEISC charter for more information.

2016 Strategic Priorities

  • Advance Information Security Strategies in Higher Education
  • Continue to Build the Information Security Profession
  • Strengthen Foundations

Major Areas of Focus

HEISC Advisory Committee

The HEISC Advisory Committee is responsible for ensuring progress in meeting the strategic priorities of the council. To accomplish this, it creates and monitors working groups and sponsors other activities, annually reviews the strategic priorities to see if changes are needed, and annually sets objectives for the working groups that will produce tangible outcomes furthering the goals of the council.

EDUCAUSE engages the HEISC Advisory Committee on a regular basis to identify and obtain the resources needed to accomplish the goals of the council, including recruiting human resources; developing and implementing strategies to engage higher education institutional leadership, association executive leadership, and corporate leadership in furthering the goals of the council; ensuring effective communication and collaboration with Internet2 and REN-ISAC working groups; and periodically assessing the functioning of the council and, when appropriate, overseeing the change process.

  • Cathy Bates, Associate Vice Chancellor and Chief Information Officer, Appalachian State University
    HEISC Co-Chair
  • Sol Bermann, Privacy Officer, University of Michigan-Ann Arbor
    Higher Education Chief Privacy Officers Working Group Co-Chair
  • Tammy Clark, Chief Information Security Officer, The University of Tampa
    Information Security Guide Editorial Board Co-Chair
  • Lanita Collette, University Information Security Officer, Northern Arizona University
    2017 Security Professionals Conference Program Committee Chair
  • Patricia Falcon, Information Security Policy & Awareness Specialist, Brown University
    Awareness & Training Working Group Co-Chair
  • Susan Grajek, Vice President, Data, Research, and Analytics, EDUCAUSE
    EDUCAUSE Staff Liaison
  • Joanna Lyn Grama, Director of Cybersecurity and IT GRC Programs, EDUCAUSE
    EDUCAUSE Staff Liaison
  • Lisa Ho, Campus Privacy Officer, University of California, Berkeley
    Higher Education Chief Privacy Officers Working Group Co-Chair
  • Cathy Hubbs, Chief Information Security Officer, American University
    Governance, Risk, & Compliance Working Group Co-Chair
  • Brian Kelly, Chief Information Security Officer, Quinnipiac University
    2018 Security Professionals Conference Program Committee Chair (and 2017 Vice Chair)
  • Kim Milford, REN-ISAC Executive Director, Indiana University
    REN-ISAC Liaison
  • Christopher Misra, Chief Technology Officer, University of Massachusetts, Amherst
    Internet2 Liaison
  • Dave Nevin, Chief Information Security Officer, Oregon State University
    Technologies, Operations, and Practices Working Group Co-Chair
  • Sharon Pitt, CIO and AVP of IT, Binghamton University
    HEISC Co-Chair (incoming)
  • Tom Siu, Chief Information Security Officer, Case Western Reserve University
    Technologies, Operations, and Practices Working Group Co-Chair
  • Valerie M. Vogel, Program Manager, EDUCAUSE
    EDUCAUSE Staff Liaison
  • Adam Vedra, Associate Director of IT and CISO, Calvin College
    Governance, Risk, & Compliance Working Group Co-Chair
  • Jim Webb, Chief Information Security Officer, Appalachian State University
    Information Security Guide Editorial Board Co-Chair
  • Ann West, Associate Vice President, Trust and Identity, Internet2
    Internet2/InCommon Liaison
  • Melissa Woo, Vice Provost and CIO, University of Oregon
    HEISC Co-Chair (outgoing)
  • Wiam Younes, Information Security Training & Awareness Coordinator, Carnegie Mellon University
    Awareness & Training Working Group Co-Chair
  • Steve Zoppi, Vice President, Internet2
    Internet2 Liaison

HEISC Working Groups

HEISC has established a number of working groups and committees to pursue projects and initiatives that are part of a coordinated strategy for higher education. Engage with the council to help improve information security in higher education–consider volunteering for a working group. You can learn more about each working group, review our HEISC Working Group Membership Guidelines, or contact us for more information.

EDUCAUSE recognizes that participation in HEISC activities and projects may be considered continuing professional education (CPE) credit-earning activities for a number of industry security certifications (e.g., CISSP, CRISC, CISM, CIPP, etc.). To that end, the EDUCAUSE Cybersecurity Initiative has developed the following principles to help volunteers claim CPE credit related to their HEISC participation. Read more about HEISC volunteer CPE guidelines.

HEISC Partnerships


cpeguidelinesheiscfinal2015.pdf72.8 KB
heiscwgmemberguidelinesfinal2015.pdf75.67 KB

Get Involved with HEISC

Volunteer to write an article or guest blog, serve on a working group, or join the Security Professionals Conference program committee.



Joanna Grama
Joanna Grama
Director of Cybersecurity and IT GRC Programs

Valerie Vogel
Valerie Vogel
Program Manager, Cybersecurity Program

Want to Learn More?

For general information about HEISC or the EDUCAUSE Cybersecurity Initiative, please contact us: