New team created in Enterprise Security: Information Security Architecture

As members of the LITS division can attest, technology is always changing and evolving. And, unfortunately, bad actors are doing the same: constantly advancing how, where, and when they attack systems and exploit vulnerabilities.

It is in large part due to these factors that Brad Sanford, LITS Chief Information Security Officer, has created a new team within Enterprise Security. Information Security Architecture is now the fourth team under Enterprise Security:

  • Threat, Vulnerability, and Incident Management – led by Derek Spransy
  • IT Risk and Compliance – led by Nataliya Bykova
  • Security Infrastructure – led by Andy Efting
    and now
  • Information Security Architecture – led by Mike (Mo) Davidson

In our current, budget-conscious state (thanks a lot, COVID-19), the new Information Security Architecture team was staffed with existing personnel within Enterprise Security and the larger LITS division.

Team members:

  • Zachery Cox moved to the new team from Derek’s Threat, Vulnerability, and Incident Management team
  • Chris Dehner moved to the new team from Nataliya’s IT Risk and Compliance team
  • Mike Chilcott moved to the new team from Nataliya’s IT Risk and Compliance team
  • Mike Davidson (also known as Mo) joined Enterprise Security to manage the new team, after having spent nearly 15 years in Enterprise Applications supporting Emory’s PeopleSoft applications. Danny Bridges is the new manager of the PeopleSoft Administration team.


photo of team

The newly formed Information Security Architecture Team. As a mini “Pet of the Week,” see if you can find Mo’s dog, named Harley Davidson.

The Information Security Architecture team is the new home for Security Reviews and Cloud Security Architecture. The team is already deeply involved with the design and implementation of security controls for the Enterprise Cloud Services (ECS) offering that will be running Emory applications in our AWS landing zone. This is the service that was previously known as the Cloud Infrastructure Migration Project (CIMP). Also in the AWS space: AWS at Emory. The team will continue to collaborate with the LITS Architecture team (led by Steve Wheat) to ensure that appropriate security controls are included in our cloud solutions – as they continue to advance Emory’s capabilities for our researchers, and the RHEDcloud Foundation, by leveraging the flexible and scalable computing architecture at AWS.

Zach Cox will be the primary team member focused on cloud security technology. For security reviews, Mike Chilcott will continue his focus of performing security reviews for Emory Healthcare entities. And Chris Dehner will continue his focus of security reviews primarily supporting the University and the schools.

Nataliya Bykova’s team (which has been doing security reviews for several years) will continue to do IT Compliance Assessments against HIPAA security rules, PCI, GDPR, FISMA and GLBA.

Feel free to reach out to Mike (Mo) Davidson if you have any questions about the new team, its role, or any other aspects of this new organizational element.

This entry was posted in Projects and Processes and tagged . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>