Mike S.

Director, Security Operations Center — ISC Office of Information Security
Portrait photo of Mike S.

ISC service(s) or programs/projects:  All aspects of University information security

Length of time in ISC:  Joined ISC in 2016

Previous work experience:  16 years at Eastern University as systems admin, network admin, senior technical director


Tell us about a challenge at Penn that made you proud to be part of ISC.

Working with ISC’s Office of Information Security team and groups across campus to put a campus firewall in place. That was a big effort. There were other small firewalls all over the place, but no one firewall at the border. People in my field outside of Penn were shocked that that we didn't have such a thing. A lot of the reason we didn’t was a fear that putting these big, wide-reaching controls in place would have a negative effect on open expression. Part of the success was to really bring home to researchers and IT leaders at Schools and Centers across the University that we weren't sacrificing open expression for security. We were able to mobilize support around the University, working with ISC Information Security analysts in communicating, reporting out what we saw in the traffic, and meticulously working through all the details to finally put a border firewall in place at Penn. I was proud of that effort. I was new to the team, so it sticks with me as a big early win. I feel like we've maintained a good deal of that momentum.

What’s an interesting technical or business problem you’ve faced with ISC?

Email consolidation, security, and message authentication have been very interesting and challenging. At Penn, we have a unique and complex email ecosystem and getting folks to coordinate to authenticate email using the modern tools that are available has been not only a technical challenge, but it's also been an institutional challenge because we have dozens and dozens of third level domains that require the same level of care that the upenn.edu address space does. Schools and Centers have their own third-level domains, their own email systems. So the centralization of email routing, the security controls that have been put in place, and most recently the push to authenticate email using modern techniques have just been huge challenges. I've been working on these for two years now, and we’re starting to see some successes. As we can publish to vendors and other entities that we are controlling our email in a modern way, they can trust that messages coming from and going to Penn’s domain are authentic. This has a positive impact on Penn’s reputation, in addition to raising the deliverability rate for both incoming and outgoing mail. We take email for granted, but it’s critical to the mission and business function. So this project is an interesting challenge, but it’s also a big important thing.

What do you like best about working with colleagues across Penn?

I love everyone in OIS. I really do. I genuinely like all the personalities. Everyone is hardworking, they’re intelligent and thoughtful. I’ve been blessed to have one of the best teams on campus. I’m speaking now of the five (including me) folks in the Security Operations Center. But it extends to the Security Architecture team as well. We’re a highly collaborative department, and it’s not by dictate. Everyone on my team comes to work every day excited about finding something, helping somebody, making some progress, and we do that in a very collaborative way. And I don't know how I would have handled a pandemic and remote work if not for that high level of collaboration and cooperation from everyone on my team.

How do you stay connected with colleagues in our hybrid work environment?

I’ve been working remotely full time since the pandemic hit. Within our group we meet a lot; we use the collaboration software every workday. We have meetings on the calendar that are not compulsory—you can just drop in or drop out. And we use the collaboration tools to work through problems when they come up. We end up talking about things in our personal lives too, just as you would if you were sitting in the office across from somebody for a bunch of hours—it’s inevitable in a good way. Another way we maintain connections across campus is by scheduling regular consultations with Schools and Centers. Doing the work of outreach, developing quarterly agendas, and so on. We explain what our strategies are, things that we've been working on, and then create follow-ups from that discussion to keep us working together on products and projects and initiatives. it's just natural in this position to be talking with so many people that it doesn't feel like I'm not connected.

What do you appreciate most about the time you spend on campus?

I like catching up with people in person. I especially enjoy seeing people who have moved around within ISC or taken other positions within Penn. And last but not least, the halal truck across from 3401 Walnut. Any time I’m on campus, there’s a chicken and pita with both white sauce and hot sauce on the books for my lunch, for sure.

What are you passionate about in your free time?

Well, I don’t have a lot of free time. My wife and I have six children. Five are still at home. When I’m not carting them around to sports and different events, I’m an avid Philadelphia Union fan—season ticket holder. I love music and like to play guitar. My kids range in age from 25 to 4. I have one in law school, and one’s in preschool, and they’re all awesome people.

What else would you like people at Penn to know about you?

I’m really thankful. I feel like I have the best job in the world at one of the best institutions in the world, hands down. That is constantly affirmed. Whether it's the direction that the University moves on bigger issues, or the collaboration I experience in the Office of Information Security, ISC, and the Schools and Centers, I mean this is just a great place.