Wiam Y.

Information Security Training Officer — ISC Office of Information Security
Portrait photo of Wiam Y.

ISC service(s) or programs/projects:  Training and awareness for ISC and School/Center initiatives; manage simulated phishing program across Penn

Length of time in ISC:  Joined ISC and Penn in 2017

Previous work experience:  Information security training at Carnegie Mellon 2008-2017, CERT project between Carnegie Mellon and Ministry of Communication of Qatar 2006-2008, technology management for CM’s Information Network Institute 2004-2007, Ed Tech consultancy for K-12 schools.


Tell us about a challenge at Penn that made you proud to be part of ISC.

I like working with everybody at ISC. They’re people who are extremely knowledgeable and experienced in their fields. When they sit together and share information, it’s as if you are sitting in a lecture, but in the form of a discussion — and you are learning from everybody at the same time. So on every project I haven’t been just a participant; I’ve learned a lot from each team member on that project. It’s like a seminar, and I love it.

What’s an interesting technical or business problem you’ve faced with ISC?

It took me a long time before I was able to start the simulated phishing program in ISC and at Penn. When I first came to Penn, I had the experience — eight years of running simulated phishing — but it took several years for people to accept simulated phishing at Penn. People came to see its educational value. More recently, the campus community has engaged with simulated phishing as a useful tool to prepare their constituencies to recognize phishing messages. Now they’re very happy we’re doing it!

What do you like best about working with clients?

They’re respectful! I enjoy working with my Penn colleagues because everybody respects others regardless of their role, and that is something that you can’t find at every educational institution — or some organizations. Here at Penn it’s prevalent, and I appreciate that.

How do you stay connected with colleagues in our hybrid work environment?

It is a challenge maintaining connection with ISC and Penn colleagues, but easier with my immediate Office of Information Security team members. We meet as a staff once a week on Teams to exchange updates on what we are doing. Then we have a social hour every Friday, where we also talk about our personal life and interests, and that keeps us connected. Every time I come to campus I try to connect with my colleagues in the Office of Information Security or elsewhere at Penn to go for coffee or a meal — where we can reconnect on a work and personal level. OIS also holds team-building gatherings where we come together in person to work and then socialize.

What do you appreciate most about the time you spend on campus?

Ah, it’s so vibrant! You feel the campus come alive with a lot of energy. Students walking with faculty, everybody’s busy talking. Even those who are walking alone, you sense that they’re talking to their own brains about something. You see that on their faces, and it’s so interesting. I make it a point to walk around on campus to feel that energy, and it makes me so happy.

What are you passionate about in your free time?

I run a nonprofit that works with immigrants and refugees. Through that I create opportunities to bring cultures together, allowing people to express themselves and build an environment of acceptance. For example, last spring, as part of one of our programs for women’s empowerment, I created an event “Weddings and Cultures.” We had ladies from Afghanistan, Ukraine, Russia, the Middle East, and India. Each group presented how they celebrate weddings, so they came with their food, music, dance, traditional clothing. Not all of them spoke English, but they could share an exchange of cultures without speaking a word, and appreciate one another’s creativity and artisanship!

What would you like people at Penn to know about you?

I’d love to see more opportunities for interaction between researchers and those who are applying their work. In ISC, we apply a lot of these tools and practices but we don't always have the researchers’ involvement. It’s nice when we have direct exchange between research and application like the two hands together, since we are an educational institution.