The FireOak team has extensive experience with higher education. Our management team has over 20 years of experience directly supporting higher education institutes of all sizes, and our team of consultants collectively has over 60 years of experience working in this sector. Some recent examples:
Information security maturity assessment. For a small liberal arts college with a new Chief Information Officer (CIO), we conducted a holistic information security assessment, examining over 300 aspects of the organization’s existing information security program. We conducted a series of hands-on technical evaluations and examined key policies, procedures, job descriptions, and training materials. We also spoke with a cross-section of stakeholders from the campus community, including faculty, administrators, students, as well as relevant external vendors. Through the assessment, we recommended a set of actionable, cost-effective, prioritized next steps aligned with the organization’s unique characteristics, culture, technology stack, infrastructure, in-house expertise, and budget.
Cybersecurity capacity development. A college without a dedicated Chief Information Security Officer (CISO) was interested in taking on more security operations in-house, so they reached out to the FireOak team for capacity development and training. We started by conducting an external vulnerability assessment. We worked closely with the college’s IT team using a “train-the-trainer” model to teach them how to collect vulnerability data, analyze findings, and prioritize remediation based on current threat intelligence and organizational characteristics.
Physical/Cybersecurity Penetration tests. At several colleges and universities, we conducted penetration tests at the intersection between physical security and information security. For this type of penetration test, we evaluated vulnerabilities around several types of “one-card” systems, i.e., systems where a single identification card is used on campus by students, faculty, and staff for point-of-sale, print release, library check-out, and door access purposes.