When Andy Herman joined the Information School’s Master of Science in Information Management program, he went looking for other students who shared his interest in cybersecurity.
When he found that there wasn’t a cybersecurity-focused student group, Herman (pictured above) joined with some friends to create one. He chose to affiliate with ISACA, a worldwide organization that supports people who work in information security, risk management and related fields.
Now, five years later, Herman has long since handed over the reins of ISACA, but he’s too attached to let it go completely. He now leads the governance, risk and compliance team within Mixed Reality at Microsoft, but continues to stay connected with the group’s new leaders and its academic advisor, Annie Searle, an iSchool associate teaching professor.
“When we started ISACA, it was not the intent to have it burn out after a year,” Herman said. “We wanted to have a legacy.”
The group formed in spring 2016, and by the fall had 200 members. Herman and his fellow leaders organized events to allow students to connect with and learn from each other and professionals in the field. They invited guest speakers and held workshops to help students explore security and information management from a variety of perspectives.
In the years since Herman started the group, it’s continued with new students leading the effort. Elizabeth (Liz) Crooks was the president of ISACA in 2018. She had come to the iSchool planning to study information security, so was particularly excited to find ISACA. She says that ISACA was a valuable way to help students understand how broad the field of information security is — including jobs in compliance, risk management, auditing, software engineering and more. After graduation, she worked at Coalfire, a cybersecurity consulting company, and she now works for a law firm that focuses on privacy and data security.
“I think ISACA is really valuable because it gives students another doorway into the professional world,” she said. “It’s a way to get connected with professionals and potential careers and learn more about the overall profession. The iSchool does good conceptual and hands-on work, but it’s still incredibly valuable to hear what those folks do in their day-to-day and the types of things they’re thinking about.”
Like Herman, Crooks wanted the group to lay a good foundation that would allow it to continue to flourish and help students for years to come.
This year, Nicola Kalderash is carrying on the effort as ISACA’s new president. Kalderash, who is earning his MSIM, says that recent news events, such as the SolarWinds hack, are important reminders of the value of cybersecurity. He believes that everyone needs to understand cybersecurity, even if it’s not directly part of their job.
“We will all be in roles where we will be dealing with information that is private and confidential,” he said. “You need to know how to protect those assets.”
With that in mind, Kalderash is working this year to expand the group’s reach, including by teaming up with other student groups such as Women in Informatics and the Informatics Undergraduate Association. He also stresses the importance of looking at cybersecurity from many different angles.
“We need diversity of thought. We need a diverse workforce, both in education and background,” he said. “Hackers have various points of view, so we need that in the field as well.”
As advisor, Searle is pleased that ISACA continues to offer opportunities for students from across the University of Washington to learn together. She says that it’s important to consider the variety of cybersecurity threats, both international and domestic, and to be prepared for them.
“ISACA is a global organization,” she said. “It’s a phenomenal opportunity for students to network with people already in the industry with a lot of experience.”
Herman hopes that the group he started will continue to expand its influence beyond the university. He dreams of teaching members of the community, such as elderly people who may be targets, how to keep themselves safe.
“How can a student group grow from being a think tank to influencing the community beyond the University of Washington?” he said. “Everyone in the field of cybersecurity will impact the world in one way or another. Let’s start small and drive some of the cultural changes that are needed to hopefully run ourselves out of a job.”