Meet CIS's New Vice President: A Profile of Michael Pickett
For this edition, we step back from the security front lines and profile Michael P. Pickett, CIS's new Vice President and CIO.
Pickett, who started at CIS on July 1st, comes to Brown after a 24-year association with Duke University, most recently as its Deputy Chief Information Officer. He began work there in 1983 as a systems coordinator in the Duke Medical Center, leading the team that created and supported the medical center’s first local area network (LAN).
He continued his involvement with workstation and network development, creating distributed client server applications in a variety of administrative and clinical areas. In 1992 he was appointed Associate Chief Information Officer, becoming part of a senior leadership team that created the campus-wide Office of Information Technology. He began his deputy CIO appointment in 2002.
Before arriving at Duke, Pickett did his undergraduate and graduate work in Psychology and Education at the University of North Carolina at Chapel Hill. He has taught at both UNC-Chapel Hill and Duke University’s School of Business.
Q: What was it that drew you to Brown and the position of CIS's new Vice President and CIO?
A: The opportunity to work at an institution like Brown and to work with people I knew and respected to help achieve Brown’s goals. A close family friend recently attended Brown and she had helped my wife and I realize what a special place it is.
Q: In the few weeks that you've been in your position at CIS, what have you observed about Brown that is similar to and different from your time at Duke?
A: Brown is much smaller as an institution since it doesn't include hospitals as part of the organization. This allows you to actually know most of the folks that help make it run. Both Brown and Duke are very ambitious institutions that aren't afraid to try new ideas - Duke because it is so young, and Brown because of its distinctive signature among the IVYs.
Q: In your role as Deputy CIO at Duke, among your many responsibilities, you oversaw systems administration and security efforts for its Office of Information Technology. What were some of the high-level security concerns that were tackled by OIT staff?
A: Retention and deletion of networking and email data; network traffic policies; guidelines for response to requests for information (internal and external); best practices for firewalling; policies for handling sensitive information (SSNs, credit cards, etc); policies concerning when email contents can be shared.
Q: What critical security issues do you see that Brown needs to address both in the short and long term? What role do you see the CIS VP taking?
A: We need to have a campaign to eliminate the sensitive information that is stored on desktop systems. We need to identify, minimize and ensure the security of sensitive information stored on local servers. We need to eliminate the need to use SSNs outside of payroll/tax functions. We need to create checklists for quickly addressing security breaches (who, what, when). We need to educate our user community on best practices. The VP/CIO needs to help educate the university community and to help make security of Brown data a priority.
Q: Policy development and implementation are part of your varied work experience. Here at Brown, several key policies have been implemented since the IT Security Officer’s arrival four years ago: Acceptable Use, Network Connection, Email, Copyright Infringement, Passwords, and Account Management. The document “Guidelines for Safeguarding Information”, developed last year, is in the process of becoming policy. While this will come out of CIS, it defines data stewardship roles and responsibilities campus-wide and is very much a Brown rather than IT policy. What was the process at Duke for implementing a campus-wide policy such as this? Do you see yourself becoming involved in any way with supporting the policy development and implementation process here at Brown?
A: The governance structure of universities vary widely and usually include variations depending on whether the policy applies to faculty, students or staff. My experience has been that we should create as few new policies as possible and instead help to interpret existing policies as they apply to the use of technology. Where new policies are needed, there needs to be a process to obtain input widely and depending on the scope of the policy, to take it to senior administration for approval. I am very interested in becoming involved in the evolution of policy development at Brown.
Q: Is there anything else you'd like to add?
A: I am honored to work with the staff, faculty and students at Brown and to be a part of this admirable institution.
Q: Finally, a couple of personal questions. First, when you’re not tackling the demands of an IT VP, what do you do to relax?
A: Fly fishing, reading, working on cars, trips with my family and dog.
Q. What one adjective would best summarize Michael P. Pickett?