April always seems to show up faster than I expect each year. The end of the academic semester is rapidly approaching, and finals will be here before we know it.

The Cyber Hygiene Campaign has been a major initiative this semester, introducing the campus to the concepts of cyber hygiene, and focusing on a targeted number of important metrics. This month, we’ll talk about what comes next: how do we move from a one-time effort into a cyber-aware culture?

As we wind down the Cyber Hygiene Campaign this month, it’s worth taking a moment to recognize the progress we’ve made. Across the university, we’ve seen a meaningful uptick in patching rates, faster vulnerability remediation, and real improvements in how units track and manage their assets. That’s no small feat—especially in a distributed environment like ours, where collaboration and coordination are everything.

There’s another major effort that has been underway since last year, and is also approaching some closing milestones: the Security Agent Standardization project. This has been an enormous undertaking involving IT professionals across the entire campus, and the result is better coverage of endpoints and more security telemetry than has ever been available to us before. From the perspective of our colleagues in the operational teams, clear direction on which agents are required means that it is simpler to maintain compliance with their fleet.

🔄 From Campaign to Culture

Good cyber hygiene isn’t a one-time project—it’s an ongoing habit. Just like we don’t stop brushing our teeth when a dental checkup is over, we can’t stop paying attention to patching, vulnerabilities, or inventory compliance just because a website comes down. These are foundational practices that need to become part of day-to-day operations across Technology Services, not just something we focus on during a campaign. 

The next step in this journey is making these hygiene metrics a permanent part of how we measure and maintain our security posture. That means continuing to track them, talk about them, and act on them—not because there’s a campaign happening, but because they’re essential to keeping our systems safe and our data secure. Think of it as moving from “project mode” into “operational mode”—a shift from sprints to a sustainable pace.

💡 What Comes Next

In the coming months, you’ll still hear about patching cadence, vulnerability remediation, inventory accuracy, and security agent compliance—but in a more integrated way. These aren’t side efforts anymore; they’re core to how we evaluate risk, respond to incidents, and make strategic decisions. You’ll see these areas showing up in dashboards, planning meetings, and future security initiatives—because they touch every part of what we do.

Thank you for leaning in during this campaign and helping move the needle; I know that the progress we’ve seen has only been possible due to a lot of hard work performed by Security & Risk teams in the background. The habits we’ve built over the last few months don’t just improve our immediate posture—they create a stronger, more resilient foundation for everything that comes next.

• The Elastic platform continues to grow. We are ingesting nearly 10.9 billion log entries per day, with a single high peak of 12.5 billion! There are now over 34,000 hosts reporting into the Elastic stack. This has been a phenomenal effort from multiple teams across Security & other verticals, and the scale that we have grown Elastic is impressive.
  
  
• A Technically Speaking event: Cloud Vulnerabilities and You—Patching Your Cloud Environments was held in March as part of the Cyber Hygiene Campaign. Amazing effort has been made by employees across all verticals in Technology Services, and the results are evident in the metrics: improved patching rates and more accurate asset inventory data.
  
  
• The Admin By Request project has completed, and tracking related to ABR agent installation is now part of the Security Agent Standardization project. The vast majority of endpoints across campus have been transitioned off of CrowdStrike to Elastic, and servers are ~60% complete. 

📈 Just in the last month:

• 10.9B log events collected per day
• 8 petabytes of network data scanned
• 154.1M mail messages scanned for spam, phishing, viruses; 101.3M messages blocked at gateway
• 9.1M Entra authentication events
• 2.6M Duo auth events across 241k active NetIDs 
• 114k devices tracked in the IT asset management system
  

Sign in with a NetID to see this content

There is one final event associated with the Cyber Hygiene campaign coming up on April 22nd: a Cyber Hackathon! There are multiple sessions scheduled throughout the day, and there will be food, games, and an amazing view of Kyle Field from the Press Box! Mark your calendars to attend at least 2 of the sessions, and invite your friends and colleagues:

• 9:00–9:45 AM – 1Password: SSH Key Management & Advanced Platform Usage
  Learn how to protect SSH keys and strengthen your credential hygiene using 1Password’s advanced capabilities.
  

• 10:00 AM–12:00 PM – Elastic Capture the Flag (CTF)
  Test your skills in a gamified threat detection and response scenario using Elastic’s security stack. Solve real-world challenges and compete for bragging rights!
  

• 1:30–2:30 PM – Elastic Observability Workshop
  Explore how to use AI-powered insights to monitor system metrics, track infrastructure health, and simulate user experience with synthetic monitoring.
  

• 3:00–4:00 PM – 1Password: Secrets Management for Developers & Engineers
  Dive into 1Password’s developer tools, including their Secrets CLI, APIs, and container sidecar solution for securely managing secrets in CI/CD workflows.
  
  

As always, I thank you all for your hard work and dedication. I depend on you to share your ideas and suggestions with me, and I encourage you to schedule a meeting with me at any time if you want to talk.

Adam Mikeal

Associate Vice President and Chief Information Security Officer