By Derek Shue and Laurel Skurko. Robert Smith, systemwide IT policy and security director at UC Office of the President, who specializes in cybersecurity, has been an important member of the UC’s IT community for the past 12 years. On the eve of his retirement this June, the UC IT news team had the opportunity to learn more about his journey in creating the Information Technology, Policy and Security (ITPS) community of interest.
Two skills important in Smith’s IT career – accounting and communications
Smith comes to the field of technology through business. He identifies two skills that were critical to his success: accounting and communications. Early in his career, a mentor explained that accounting was the “language of business.” Since then, Smith took it upon himself to take courses in accounting while completing his BA in Business Administration at Cal State Long Beach. He graduated in the top 5 of class (Beta Gamma Sigma). Through accounting, Smith learned how organizations functioned – through the need for funding to support each expense. For example, in an early sales role, Smith learned how funding affected the way contracts were structured. Based on his understanding of accounting, he could help nurture a sale. He has continued to use his accounting skills to help IT teams reach their objectives through the lens of financial feasibility.
Communications is also a crucial skill in IT, according to Smith. From his early career in working with engineers at Symantec (manufacturers of Norton Antivirus software) and IBM Watson Research Center (1998-2005) to his more recent role at Abbott Vascular Devices (2006-2011), and throughout his career, Smith emphasizes that communication skills have been crucial to his teams. “I was often the least intelligent person in the room,” says Smith, adding, “But I found that I could add value by distilling points and facilitating communication.” He explained, “The community I inherited, ITPS is one example of that. I gathered bright minds from around the UC system – and sometimes outside the system as well – and helped them exchange insights, questions and updates regarding information security that is relevant to others in the room.”
What Smith chooses to be excited about – the UC is a digital enterprise and why cybersecurity is core to the mission
Smith emphasized that he finds the university’s mission inspiring, and explains, “There’s something for almost anyone to get excited about [in the mission],” he says. In addition to serving students, patients, researchers and public service, Smith adds that the people also inspire his work. He especially enjoys talking to students and staff and hearing about their stories – including their struggles and successes – along with their words of wisdom.
Smith specified that, in particular, he is inspired by the transformative work of medical teams at the university, from those training doctors to fight diseases to those pioneering new medical techniques. His passion circles back to his area of specialization – cybersecurity. He underscores, “The UC is a digital enterprise. Therefore, in order for [advances in medicine] to occur at the university, it needs to be secure,” and adds, “And I get to play a role in that. For me, supporting that research and care delivery, along with the students’ engagement and success, are the things I choose to get excited about.”
He has also worked hard to expand the ITPS community he has helped build over the years. He explained, “The ITPS community discusses a broad range of topics, focused primarily on information security, but which also include resilience, culture, change management, and project management approaches.” One of the main goals of ITPS is to make sure that information from top leadership and select workgroups, as well as thought leaders at locations, is available through “skip level communication,” defined by Smith as the ability to take information that may be closely held but valuable to a broader audience and making it available more broadly.
Why and how did Smith take on the ITPS community – how a vision became a reality
“ITPS provides an opportunity to engage and ask questions and get the benefit of others’ experience,” explains Smith. The community has grown from 80 members in 2015 to over 600 today. Smith attributes its success to the willingness of leaders and other stakeholders to share their thinking and their process, along with their successes and failures.
Originally, ITPS was a chartered subcommittee of another committee originally called The IT Leadership Council (ITLC). At one point, the ITLC was making changes in their standing committees and had planned to disband ITPS and charter a new committee called the IT Security Committee, which would be led by the system-wide Chief Information Security Officer (CISO). Realizing that ITPS still had a role to play, Smith spoke up and proposed that he would be interested in preserving and leading ITPS in parallel with the IT Security Committee. He explained, “I was at UC Riverside at the time, and, for me, being connected to ITPS was very valuable. It gave me access to information that I needed to know but was not able to acquire in any other way.” His proposal was approved, allowing the university to maintain both cybersecurity teams.
Smith then reformed ITPS as a “UC community of interest,” sponsored by the system wide CISO’s office, and began building the community. The community grew through a grassroots effort, and, as members began to share the value of the community with their colleagues, ITPS continued to grow, with over 20% (about 150) now attending each monthly zoom meeting. Smith adds, again with profound humility, “I don’t deserve any credit for that. It’s the power of the knowledge of the people that you see and their willingness to share and work with others that drives that success. But that metric [150 attendees among over 600 members] just speaks volume about the value that is derived from the community.”
It’s the power of the knowledge of the people that you see and their willingness to share and work with others that drives that success.
What is on the horizon for cybersecurity – knowing what we don’t know
The pandemic has greatly impacted Smith and the field of cybersecurity, forcing people the move to an entirely digital footprint. Smith confirms what others have said – that there has been a decade of transitioning to the digital world done in the first 2 years of the pandemic. This transition to digital also provides an opportunity for ransomware and other attacks on the digital infrastructure. As a result, UC and other higher education institutions are subject to increasing cybersecurity needs to support mission delivery, while simultaneously facing increasing demands from the federal and state governments. The rise of ChatGPT and Artificial Intelligence (AI) are also coming together to dynamically transform business and will certainly lead to a future that looks much different two to three years from now. Smith and his colleagues continue to ask themselves, “Do we have the right policies? Do we have the right approaches? How do we do enough to meet all these external expectations, but at the same time, allow our students, faculty and researchers to do the work that makes UC the leading public research university in the world, with the free and open exchange of ideas?” He adds, “Each of these questions will certainly be a challenge for my role. They will also be a challenge as well for our students, faculty, researchers and staff.”
“All of this is dynamic: we’re inventing/ innovating, while attackers are doing the same. And this while the government is figuring out how to apply the right regulatory scheme to show their constituents that they have done enough to look after their interests. All of this will make it exciting and challenging and will keep us busy for years to come.”
About the Information Technology Policy and Security (ITPS) Community of Interest
The UC Information Technology Policy and Security (ITPS) group is a community supported by the office of the Systemwide Chief Information Officer (CISO), Jay Panchal. This systemwide group is open to all UC information security professionals and any member of the UC community who is interested in cybersecurity.
ITPS provides a forum for peers to share information regarding cybersecurity programs, case studies, risk management, threat briefings, and training. The group shares information via a standing call on the second Wednesday of every month at 9 a.m. and with emails to its members.
To be added to the listserv, contact Monte Ratzlaff, Cyber-Risk Coordination Center (C3) Program Director, Robert.Smith@UCOP.edu
[Cover image caption / #AltText: Robert Smith leading his last ITPS meeting at the University of California in June before retiring.]
Interviewee
About Robert Smith
Robert Smith retired at the end of June and will be greatly missed after 12 years of service to the university. Smith originally pursued a degree in business administration, specializing in accounting and finance. His interest in technology inspired him to purchase his first personal computer, and eventually work in a hobby electronics store, which began his career in tech. Since then, he has never looked back. Along the way, he worked in product marketing and product engineering, and eventually received a patent for an original invention. He then began running IT at UC Riverside student affairs, before finding his most recent position, systemwide IT policy and security director at UC Office of the President, which has allowed him to blend his administrative, technical, and security capabilities.