Aaron Baillio – University of Oklahoma

It doesn’t get any better than this on a Saturday night for the students working in the University of Oklahoma’s Security Operations Center in Norman: a bag of Doritos, a can of Red Bull and hours spent monitoring for computer alerts—the first step in stopping the bad guys.

Three students are working as Tier 1’s in the university’s Learn to Earn Program. While seasoned IT staff can find the slow-paced work fatiguing, Chief Information Security Officer Aaron Baillio says his students get a kick out of responding to system anomalies. When their screens light up, they sprint across campus to sound the potential alarm of a cybersecurity breach. Such youthful exuberance, he says, makes his job of instilling a culture of vigilance on the cybersecurity front rewarding.

Coming to OU in 2015 after 11 years of working for the U.S. Department of Defense, Baillio happily shares his experience with the school. Heading up projects from consolidating the university’s IT operations throughout its three campuses, to beefing up security measures, he’s drawn the students into the mission—a refreshing collaboration, he says.

“The university’s here to promote the education of its students and to  support research,” Baillio says. “There was an intrinsic value in coming here. It spoke to me.”

Changing it up

It’s been a storied civil service career that’s taken Baillio across the country—and around the world—on the frontlines of IT.

While working as a senior information system security engineer in Texas in 2014, OU reached out to him on LinkedIn asking if he was interested in applying for a job. While he wasn’t planning a career move, the opportunity sounded interesting enough to warrant an interview.

“I came here and immediately fell in love with the campus,” he says. “It sparked fond memories of my time at Oklahoma State University in 2005 when I earned my master’s degree in management information systems.”

Hired as OU’s deputy CISO for his experience in network and information systems security controls, Baillio’s been adapting U.S. Department of Defense protocols to fit a higher education model. The OU system was ripe for an overhaul, he says.

“A lot of what was done here before was based on earlier tribal knowledge,” he says, explaining that previous staff tried to understand security breaches after they happened, instead of as they occurred through recording and preparation. “We turned the paradigm on its head.”

Pushing through resistance

Even six years later—with Baillio now working as CISO for the past year—upgrading operations is still a work in progress, Baillio says.

Winnowing down the duplicative efforts of three separate IT Departments across three campuses—the main campus in Norman; the Health Science Center Teaching Hospital in Oklahoma City; and a satellite campus in Tulsa—has been a process.

Now cybersecurity concerns are monitored at the Security Operations Center, a centralized hub staffed by a central networking director, an operations director and students in the school’s work-study program. Started in 2017 with three students, a total of eight students have come through the program since its inception. They’ve gained an opportunity to provide the frontline initiative to triage cybersecurity incidents and their on-the-job experience is even capturing the attention of vendors, who view them as potential job candidates.

“They’ve helped control the number of alerts coming in—an effort that’s gained support from our long-term staff that’s developed scripts, programs and automation,” Baillio  says.

Other students not working in the center are gaining exposure to cybersecurity activities through OU’s Cyber Competition Club, which has about 15 members. Serving as a faculty sponsor, Baillio says the students competed with the National Cyber League and placed better than many veteran teams.

Meanwhile back at OU, new cybersecurity system models were installed for rapid detection monitoring, which was equally important from a legal and compliance perspective. To develop policies internally, Baillio also worked with the Oklahoma Board of Regents to establish a formalized process to document activities and map out policies for how to react to certain events.

“Active monitoring detects suspicious behavior earlier, before it can become pernicious and destructive,” he says.

While these new efforts sounded like a good idea, Baillio’s work was initially met with resistance. Yet it was critical, he says, to reevaluate everything—from tools and infrastructure—to make sure OU was making the best use of its resources.

“Education faces challenges since there are business aspects to running a major university, especially one that carries out Tier 1-level research,” he says. “It was important to stay focused with an open exchange of ideas and collaboration.”

To that end he added the role of adjunct professor in 2019—teaching a cybersecurity essentials class—and was promoted to CISO in 2020. He continues overseeing security operations, streamlining departments, making security upgrades—and of course establishing new pandemic protocols. By upgrading the VPN and installations of Office 365 the systems are available and secure to the remote OU community.

“It’s been all consuming,” Baillio says. “The pandemic pushed us toward addressing security threats. Overall, we’re set up well to accomplish our mission.”