NEWS: The California National Primate Research Center Hydra Development Team Wins the Silver IT Security Award at the 2025 UC Tech Awards 

Overview 

The California National Primate Research Center (CNPRC) Hydra Development Team won the Silver IT Security Award at the 2025 UC Tech Awards for their work on the Aegis Risk Management Application. Aegis is a centralized application designed and developed on the CNPRC Hydra platform to streamline risk assessment, tracking, and mitigation across the CNPRC, the Office of Research, and ultimately other UC Davis departments by integrating security frameworks, automating compliance processes, and providing real-time risk visibility. 

The Challenge 

The University of California faces an increasingly complex cybersecurity landscape, requiring robust risk management to protect sensitive research, student data, and critical infrastructure. Before the development of the Aegis Risk Management Application, risk assessments at the CNPRC and UC Davis units were fragmented, relying on disparate spreadsheets, email-based tracking, and inconsistent compliance documentation. At the CNPRC, the lack of standardization led to poor communication of risks, assessment inefficiencies, delayed mitigation efforts, and increased exposure to security risks and regulatory non-compliance, which were identified during a UC Office of the President security audit. 

Building the application required overcoming multiple challenges. Technically, we needed to integrate diverse security tools, import data, and determine compliance with UC-specific policies—while ensuring a flexible and scalable system that could adapt to the evolving risk landscape. Stakeholder coordination added another layer of complexity, as IT security teams, compliance officers, and various leadership groups had distinct needs and risk perspectives. Achieving consensus on risk-scoring methodologies, mitigation workflows, and reporting structures required extensive collaboration and iterative development. 

To solve these challenges, Aegis was designed as a centralized risk management platform to simplify risk assessments, track mitigation efforts, and provide real-time risk intelligence across multiple units. Aegis eliminates manual inefficiencies by creating a structured, user-friendly system with automated workflows and integrated data sources, enhancing the university’s ability to manage security risks proactively. 

The Approach 

The CNPRC team was honored to be awarded the Larry L. Sautter Silver Award for Innovation last year for the Hydra Application Development Platform. Building on our long-term vision to leverage the Hydra platform this year, we continue to drive innovation with the Aegis Risk Management Application, a transformative solution designed to enhance risk assessment, compliance, and cybersecurity resilience.  

The development of Aegis aligns directly with UC’s mission of safeguarding institutional data, ensuring compliance, and proactively managing IT security risks to protect research, education, and infrastructure. The application was designed to streamline risk management, enhance security hygiene, and strengthen compliance through seamless data integration, automation, and comprehensive risk visibility.  

To achieve these goals, our team implemented a strategic approach that ensures Aegis serves as a centralized risk management platform, leveraging data from multiple UC security tools and frameworks:  

• Automated Audit Vulnerability Import – Aegis integrates the Hydra data ingestion service to automatically import the UC Office of the President IS-3 Action-Risk Matrix with vulnerabilities identified by the UC Office of the President Forta Digital Defense vulnerability assessment tool. Additionally, risks identified through the CNPRC operational risk management process were also integrated. This ensures that UC security teams have real-time access to the latest risk findings and can efficiently track remediation efforts.  

• Tenable API Integration – Aegis was designed to support integration with the UC Davis-IET Tenable system API, allowing for automated retrieval of vulnerability data, asset management, and seamless interoperability with other security tools. This enhances UC’s ability to proactively detect, assess, and respond to security threats.  

• Vendor Risk Assessment (VRA) Management – The application includes a dedicated module to track VRA requests and link them to ServiceNow incidents generated during the VRA process. This improves third-party risk visibility and ensures vendor security compliance aligns with UC policies.  

• Advanced Analytics and Reporting – Aegis integrates with the CNPRC MicroStrategy business intelligence platform, providing robust analytics, visualization, and reporting capabilities. This allows security teams and administrators to analyze trends, track risk mitigation progress, and generate compliance reports more efficiently.  

By consolidating and automating risk data management, Aegis eliminates manual inefficiencies, enhances cross-departmental collaboration, and ensures UC security teams can proactively manage vulnerabilities, third-party risks, and compliance obligations. Its design directly supports UC’s broader cybersecurity mission, helping safeguard institutional assets and improving UC’s overall security posture. 

The Impact 

The impact of Aegis has been significant, providing a scalable, sustainable, and adaptable solution for managing cybersecurity risks at the CNPRC. Since its implementation, the system has transformed how risk is identified, assessed, and mitigated:  

• Risk Assessment Efficiency – Aegis has reduced the time required to complete security risk assessments significantly, enabling faster identification and mitigation of vulnerabilities. Spreadsheets were eliminated and risk assessment time has been reduced by over 50% using the tool and risk assessment guide.  

• Increased Risk Visibility and Accountability – The CNPRC has documented and tracked more security risks using Aegis, leading to risk reduction and proactive communication of security vulnerabilities. Over 250 risks have been assessed with 82 risks being actively managed.  

• Stronger Compliance and Audit Readiness – Using Aegis will lead to fewer compliance gaps, improving adherence to IS-3 requirements, and reducing audit preparation and remediation time.  

• Broad Applicability – While developed initially for the CNPRC, Aegis’s modular design makes it adaptable for other units with the Office of Research and UC Davis, offering a replicable model for improving IT security risk management in academic and research settings.  

By enhancing collaboration between the CNPRC, UC Davis Information Security Office (ISO), and UC Office, Aegis is enabling proactive risk management, reducing assessment time, and strengthening institutional security posture.  

Aegis exemplifies the CNPRC’s commitment to safeguarding UC digital resources, ensuring compliance, and fostering a proactive cybersecurity risk management culture by providing a modern, effective, and scalable IT security risk management solution.  

What’s Next 

Aegis was conceptualized in 2022-23 following the UC Office of the President security audit and subsequent review meetings. The application was designed, developed, and deployed in 2024, with its initial launch occurring in Q4 2024. The project has been fully operational and actively used, with ongoing refinements to expand its functionality and adoption across UC Davis departments. 

Meet the Award-Winning Team 

Team Name: CNPRC Hydra Development Team 
Award Category: IT Security 
Location: UC Davis – California National Primate Research Center 

2025 Silver IT Security Award Winners: 

• Brian Spray – CIO; CNPRC-IT; UC Davis
•  Alexander Isaac Wayne Haslam – Applications Development Manager; CNPRC-IT; UC Davis  
• Vaishnavi Krishna Sagaram – Lead Developer; CNPRC-IT; UC Davis 
• Brad Thomas McKelvie – Developer; CNPRC-IT; UC Davis 
• Andrew Winter – IT Systems & Security Supervisor, CNPRC-IT; UC Davis 

Read More 

Read the team’s complete UC Tech Awards application

Learn more about the UC Tech Awards Program

Contact 

[Cover image of Laurel Skurko accepting the award on behalf of this team with UC CIOs Matthew Gunkel, Aisha Jackson and Molly Greek is courtesy of Andrew Castro]