Universities sit at the crossroads of open collaboration and high-value risk. From sensitive research and intellectual property to student data and clinical systems, higher education security leaders must protect without stifling discovery. The CISOs featured here operate in some of the world’s most decentralized, complex, and influential academic environments, balancing academic freedom, regulatory pressure, and rapidly evolving threat landscapes with pragmatism, trust, and long-term vision.
Michael Tran Duff — Chief Information Security and Data Privacy Officer, Harvard University
Michael Tran Duff leads Harvard University’s information security and data privacy program with a consultative, trust-driven leadership style. His approach emphasizes transparency, team health, and talent development, fostering a culture where cybersecurity is viewed as an enabler rather than an obstacle to academic excellence.
At Harvard, Michael orchestrates a program that carefully balances privacy, security, usability, regulatory obligations, and academic freedom, an especially critical challenge in one of the world’s most research-intensive institutions. His pragmatic mindset, paired with a bold long-term vision, allows him to navigate competing priorities while maintaining strong governance and risk management. By aligning security strategy with institutional values, Michael ensures Harvard’s community can innovate, collaborate, and conduct research securely at global scale.
Amy Steagall-Hess — Chief Information Security Officer, Stanford University
Amy Steagall-Hess provides overall direction for Stanford University’s information security programs, overseeing policy development, awareness initiatives, annual assessments, vendor risk evaluation, network traffic analysis, and regulatory compliance. As CISO, she leads Stanford’s Information Security Office and works closely with academic, business, and technology leaders to manage risk while respecting the university’s decentralized culture.
With more than 30 years of cybersecurity experience, Amy brings a pragmatic and balanced approach to protecting Stanford’s information assets. Reporting jointly to the CIO and Chief Risk Officer, she guides institution-wide strategies across authentication, disaster recovery, audit, and compliance. Her leadership is shaped by a distinguished 25-year career in the U.S. Air Force, including advanced cyber operations roles, giving her deep expertise in operating within complex, high-risk environments.
Tony Brett — Chief Information Security Officer, University of Oxford
Tony Brett owns and continuously evolves the University of Oxford’s information security management framework, ensuring the confidentiality, integrity, and availability of one of the world’s most prestigious academic institutions. As CISO, he leads Oxford’s central InfoSec team, including OxCERT’s Security Operations Centre and the Governance, Risk, and Compliance function.
Grounded in the NIST Cybersecurity Framework, Tony’s work spans detection, response, recovery, governance, and risk identification across a highly collegiate and decentralized university model. His leadership combines strategic risk management, data protection, and business relationship management with a strong focus on staff development and operational excellence. With prior leadership in Oxford’s Medical Sciences Division IT Services, Tony brings deep understanding of how cybersecurity must enable research, teaching, and administration at scale.
Vijay Samtani — Chief Information Security Officer, University of Cambridge
Vijay Samtani brings nearly three decades of information security leadership across global enterprises, including finance, retail, logistics, and major international events—to his role as CISO of the University of Cambridge. His career reflects a rare blend of technical depth, organizational insight, and crisis leadership under intense public scrutiny.
At Cambridge, Vijay develops and delivers a pragmatic information security strategy that supports world-class research, scholarship, and innovation. He excels at aligning technical and process security with human behavior and institutional dynamics, enabling the university community to safeguard critical insights without constraining discovery. His experience resolving high-profile cyber incidents and building intelligence-driven security capabilities directly informs Cambridge’s approach to resilience in a complex academic ecosystem.
Ashraf Hadi — Chief Information Security Officer, Caltech
Ashraf Hadi is a forward-thinking cybersecurity, infrastructure, and cloud leader with deep expertise in digital transformation, AI governance, privacy, and risk-based security architecture. At Caltech, he leads initiatives that protect sensitive research data and institutional infrastructure while supporting innovation in a highly decentralized academic environment.
His work includes developing a comprehensive Zero-Trust strategy, implementing next-generation SIEM capabilities with AI, enforcing secure DevSecOps pipelines, and strengthening governance across IT and cybersecurity programs. Ashraf collaborates closely with legal, compliance, research, and academic stakeholders to align security with institutional goals. With experience spanning government, healthcare, finance, and higher education, he brings a secure-by-design and privacy-by-design mindset to Caltech’s evolving research and technology landscape.
Donna Tatro — Interim Chief Information Security Officer, Princeton University
Donna Tatro has spent nearly three decades at Princeton University, steadily expanding her leadership responsibilities across enterprise infrastructure, technology, and security. In 2025, she stepped into the role of Interim CISO, bringing deep institutional knowledge and a collaborative leadership style to Princeton’s cybersecurity program.
Donna oversees critical services including networking, cloud platforms, identity management, data centers, and IT-enabled infrastructure systems. She is deeply committed to Princeton’s academic mission, working closely with campus stakeholders to ensure technology and security capabilities meet the university’s evolving needs. Her background in enterprise infrastructure and emerging initiatives such as AI governance uniquely position her to integrate cybersecurity into Princeton’s broader digital strategy with clarity and purpose.
Jeremy Rosenberg — Assistant Vice President for IT & Chief Information Security Officer, Yale University
Jeremy Rosenberg oversees the strategic direction and operational execution of Yale University’s cybersecurity program while also leading foundational IT infrastructure services. He manages a 120-person organization spanning security, network services, enterprise storage, and cloud operations, supporting Yale’s academic, research, clinical, and cultural missions.
As a senior advisor to university leadership, Jeremy balances strict regulatory requirements with the open collaboration essential to a world-class research institution. His responsibilities extend to infrastructure planning for capital projects and delivering cloud and compute foundations for Yale’s AI initiatives. By integrating cybersecurity with high-availability infrastructure, Jeremy ensures Yale’s digital environment remains resilient, scalable, and aligned with institutional priorities.
Guardians of Knowledge in an Open World
Higher education cybersecurity is unlike any other domain, open by design, decentralized by necessity, and invaluable by nature. These leaders safeguard the intellectual engines of society while preserving the freedom that fuels discovery. Their work ensures that universities remain trusted stewards of knowledge, innovation, and research in an era where digital resilience is fundamental to academic excellence.