Home > Security

Computerworld - In April, J. Brice Bible left his job as interim CIO at the University of Tennessee to take on the CIO post at Ohio University. Several major, nationally publicized data security breaches had recently occurred, the previous CIO had resigned, and two IT staffers had been fired for their alleged roles in the security breaches.

Your first day on the job, you had to jump right into problems from the past. How did that feel? I was literally walking into a river of alligators, but thats not always a bad thing. It can be a character-building thing. I saw a unified university  everyone from the board to the president to the provost to the faculty to central IT to the students. There was a community interest not just in fixing the problems, but in making the situation better and stable over the long term. I was very pleased to see everyone want to pull in the same direction and want to work together.

Dossier

Name: J. Brice Bible Title: CIO Organization: Ohio University Location: Athens, Ohio Last book read: Black Wind, by Clive and Dirk Cussler Favorite vacation destination: Appalachian or Rocky Mountains First job: "I was born on a dairy farm, so I was born working." Job he wanted as a child: "I wanted to play football for the Miami Dolphins, and I was going to be a cowboy in Wyoming. That was my 10-year-old dream." Fantasy job: "Can I go back in time and be the sixth musician for The Eagles? Id play rhythm guitar. It doesnt matter."

How did you approach the job? It was a unique experience, and it still is. I had to gather as much information as rapidly as I could to try to get a solid sense of what was going on, of what had happened and what was available to go forward, and how prepared we were from a technical and university point of view. I did a lot of listening, had a lot of conversations with anyone who had been affected. I wanted to hear their goals, their expectations, what they saw as solutions and what things they thought needed to be done. I continue to do that. I am still in listening mode.

From a technology point of view, there are some basic things that have to happen to have not just a secure IT system, but a reliably performing, efficient and flexible [one]. You must have a modern, reliable, redundant, pretty flat-level network. You have to look at the operations of IT in terms of the servers and storage, operating systems, middleware and your authentication strategies. The more unified those are and standardized on fairly open standards, then the more likely that youll have a stable, reliable environment.

I believe the IT staff needs to see a vision, not just a road map, and know their role in getting there. IT doesnt run by a CIO alone or even by management. Its the technology people, the experts, who make it happen, so I spend as much time as I can engaging them in the conversation. Maybe we dont have the pavement all the way 100 miles out, but were at least starting to get it roughed in.

When you arrived, were the IT staff members disillusioned or scared about their jobs and the department? Have you seen a difference since you arrived? Disillusioned is a good word. I think they were concerned about where we were going from there, concerned about stability and having a cohesive plan. I guess youd have to ask them if we are getting there. The feedback were getting is that were taking the right steps forward.


How much has been accomplished so far or is under way in making needed changes? At this time last year, a 20-point improvement plan was brought forward by the university [to begin to fix the IT system problems]. We were already starting a lot of these initiatives [when I arrived]. I took that report and turned it into a pseudo- strategic plan. So what Im doing is focusing our resources around each of these and making sure that we line those up with a governance model. Obviously, these are long-term goals. Im looking at a five-year plan.


Was it tough to get started here after the IT staff firings, the CIOs resignation and the publicity from the data security breaches? It was, and it still is. The university has some challenges, absolutely. Were a lot of those challenges different than at other universities? Probably not. Whats happened, though, is that because of all this, our president, our provosts, our vice president, our students and faculty and IT  theyre all willing to talk about it. Do you know how many CIOs would give anything to get their university leadership and students and faculty engaged in a substantive conversation about their dreams and visions for IT? This is a great opportunity for me to be a part of that conversation and not be out there waving my arms and saying, Hey, come and listen to me. They want to talk about it.

A few years from now, well remember what happened, and well have learned from it, and we will not go back. But youll see some tremendous progress in IT and the university because everyones willing to be a part of the solution. It sounds like Im running for office now, doesnt it? But its true.


If you were the CIO when the breaches occurred, what would you have done differently? Thats probably not fair, because I have 20/20 hindsight and 12 months of time have passed since the problems came up. One of the things [is], if you do have an incident, you need to be careful about how you react to that one incident, because you dont know what other rocks will be turned over. Thats why youre not going to hear a single CIO guarantee that this isnt going to ever happen again. You cant guarantee that, because you just dont know whats out there.  Interview by Todd Weiss

Read more about Security in Computerworld's Security Topic Center.