IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

University of Arizona CISO: Not Just Tech, but Human Behavior

Coming to IT from the field of archaeology about 20 years ago, the University of Arizona's CISO Lanita Collette has prioritized human-centered organization, training and effective management in cybersecurity.

Lanita Portrait 03-web.jpg
University of Arizona
About 20 years ago, before she was the University of Arizona’s chief information security officer and deputy CIO, Lanita Collette worked as an archaeologist for the Navajo Nation as part of a training program for Indigenous students at Northern Arizona University. In the field, she increasingly uncovered something unexpected – a drive to work in information technology.

Around that time, Collette managed local area networks, databases and desktop support as her team’s lab director and the research department’s tech liaison. Despite holding a bachelor's degree in anthropology from Bryn Mawr College and a master's in archaeology from Arizona State University, she had an abiding interest in technology.

“As often happens, if technology doesn’t intimidate you and you’re good at it, then you end up doing all of the tech work for your department,” she said. “Archaeology is fairly tech-dependent. Whether you are out on the landscape or in the lab, everything you do is reliant on tech of some kind or another.”

Collette became connected with the university’s IT community through the departmental liaison program, which led her to an opening to lead Northern Arizona’s PC support team. She landed the position in 2000, when higher ed institutions were hungry for fresh IT talent.

“That kind of gave me the opportunity I needed to move over,” she said.

Over the next 17 years, Collette gradually worked her way up through the IT ranks at Northern Arizona, as CISO and then deputy CIO before moving to the University of Arizona in 2017, where she is now CISO and deputy CIO.

From about this time, she and her team set their sights on improving the university’s network, including virtual private networking (VPN) services.

“There are many VPNs, set up for various purposes, across the university, but when the pandemic required a move to remote work, it was a central VPN everyone relied on,” she said. “We were glad we were well-prepared for this move.”

“We had the ability to expand it to serve a broader population as we needed, and it is supported 24/7, 365 by a central team that’s highly skilled,” she said. “We wanted to ensure people can rely on central systems that are highly secure and supported 24/7 versus relying on a mixture of departmental services.”

According to Collette, the central VPN proved useful during COVID-19, which catalyzed the school’s digitization efforts needed for online learning.

She said the pandemic helped push higher ed institutions to meet an already growing demand for flexible online learning options, where security and central management are key.

“Life is complicated, people need to work,” she said. “We need to meet students where they are.”

In the realm of cyber threats targeting the education sector, such as ransomware and phishing, Collette said universities must also protect intellectual property and research from malicious cyber criminals here and abroad.

Collette said research faculty are encouraged to engage in rigorous cybersecurity and insider threat training on this front.

“One concern we have that K-12 does not have is that we’re highly engaged in research, some of which is controlled research,” she said, noting the need to maintain trust in research partnerships with governmental agencies concerned with national security.

Collette said the institution’s efforts toward centralization also answer needs for security and visibility. The university finished much of its work to install a centrally managed network in the winter of last year, which increased its security capabilities and allowed limited staff to address issues more efficiently than before.

“One of the big changes over the last year is visibility across the network. We have [in the past] always allowed individual departments to set up their own networks with their own equipment, with their own security posture,” she said. “You can’t secure things that are in chaos.”

Collette's time in the social sciences was two decades ago, but she said her interest in people remains. She noted that her roles require more than technical knowledge – that formulating IT policy, guidelines and training programs also demands an acute ability to work with and understand others.

“It’s not just tech, it’s also human behavior,” she said.
Brandon Paykamian is a staff writer for Government Technology. He has a bachelor's degree in journalism from East Tennessee State University and years of experience as a multimedia reporter, mainly focusing on public education and higher ed.