With the retirement after nearly 30 years of New Mexico State University’s chief information security officer John Roberts, Carlos Lobato will assume the duties of NMSU’s interim CISO. (Robert Doyle will assume Carlos’ role as NMSU system’s Information Technology Compliance Officer on an interim basis).
With more than 20 years of professional experience in the corporate and banking industry, higher education and local government entities, Lobato became the first IT compliance officer for the NMSU system in 2012. In 2017, he was appointed by Chancellor Dan Arvizu to the position of chief privacy officer for the NMSU system, where he implemented a privacy program, conducted IT risk assessments, promoted IT and data security-related training and awareness programs and monitored NMSU systems via auditing and compliance activities in support of the university's mission and goals.
He shared his thoughts about plans underway for NMSU’s cyber security:
What is your role as the interim CISO?
Information security is not new for me. I’m a certified, information systems security professional since 2016. (The CISSP credential is recognized worldwide for its standards of excellence.) I had been working with and meeting with John Roberts on a regular basis before his retirement about all the critical projects underway including 2-factor authentication, the best protocol for cyber security.
Just a quick word to reinforce the importance of 2-factor authentication. Your password can be easily compromised. 2FA authentication increases your account security by requiring multiple forms of verification to prove your identity when signing into an application. John did a very good job establishing the foundation for this program and we will continue the programs next steps.
What are your goals over the next few months?
My next focus will be the second phase of the 2-factor authentication project: the formalization of risk-based information security program. I want to make sure we have formal protocols in place and work with senior leadership at the university to ensure the safety and protection of NMSU data. The third phase of the project will involve the entire NMSU community and will be focused on helping everyone in our community understand the role each of us plays in cyber security and protecting our University digital assests. All of us use our phones, our desktops or laptops and learning management systems. Each of us needs to be educated to protect the entire NMSU system. I take pride in ensuring that NMSU’s data is secure. Ultimately, everyone has a piece of the responsibility.
What else would you like members of the NMSU community to know?
I am someone who is always looking for new challenges and I am eager to carry forward NMSU cyber security projects currently underway such as 2-factor authentication. I want to make a difference and encourage members of our NMSU community to reach out to me with questions, suggestions and ideas or best practices they’ve used at other universities. Feel free to contact me at firstname.lastname@example.org.