Mike Rodriguez, EJ Gamarro and Juventino Cano make up DePaul's Information Security team. (Photos courtesy of Rodriguez, Gamarro and Cano)Technology is constantly evolving and as more data and processes move online, cybersecurity is more important than ever. At DePaul, a small but mighty Information Security team helps protect Blue Demons from digital threats.
Mike Rodriguez, director of Information Security, has led the team since 2022. EJ Gamarro and Juventino Cano, both Double Demons, work as information security analysts and have served at DePaul for nearly 30 years combined.
“Our primary role is incident response – we’re here to protect the institution from threats in the cyber world,” Rodriguez says. “This could be a response to anything from an email phishing scam targeting the university community to working through critical issues with vendors, such as last summer’s CrowdStrike incident.”
In July 2024, CrowdStrike, a third-party cybersecurity company, distributed a faulty software update, causing a broad system outage that left users vulnerable to threats. This incident caused hundreds of DePaul computers to crash and become unavailable to users. Rodriguez, Gamarro, Cano and more than 50 Information Services staff members spent more than five days on recovery efforts. Thanks to their efforts, the impact on the university community was minimal.
In addition to direct incident response, the team also continuously monitors for threats, manages security infrastructure, rapidly identifies and remediates vulnerabilities and implements robust security controls across systems and networks. By maintaining a strong incident response posture, conducting security and third-party assessments, fostering a culture of security awareness among employees, the team proactively protects the entire campus community. While DePaul’s digital orbit may seem smaller than other organizations in the private sector, the team must constantly assess various moving parts across the university’s networks.
“There are two ‘worlds’ we monitor – the IT systems hosted at DePaul and the non-DePaul systems, such as those hosted in the cloud. Both are secured differently, and we have to continually educate ourselves and the campus community about information safety as technology evolves,” Gamarro says. “In general, our craft is keeping up with the bad guys and what is going on in the broader field of cyber threats.”
Beyond DePaul and non-DePaul hosted systems, the team also monitors and secures access of a diverse user population to university online resources and data.
“We have students, faculty, staff, retirees and more that can access our various systems. A faculty member might log in from Mexico over spring break. A retiree might log in for the first time in several years. A student could connect their new personal laptop to the network,” Cano says. “All these instances raise unique flags in our system and are part of the grid we keep an eye on. Providing Blue Demons a safe digital environment while they work toward that cap and gown is so rewarding. We want to make sure everyone feels their information is protected while they focus on what is most important.”