91߹

Skip to main content
University of 91߹Logo

Security Services

What We Do

NU ITS Security Services helps protect the university’s information systems, data, and digital services so students, faculty, and staff can learn, teach, and work with confidence. We actively monitor networks for potential threats and respond to incidents such as phishing, malware, and unauthorized access.

Our team works to manage security risks and support compliance with requirements like FERPA, HIPAA, and research data protections. We also make it easier for people to access the systems they need safely through identity and access management tools, including multi-factor authentication and single sign-on.

We strengthen the university’s overall security posture by identifying and addressing vulnerabilities and by offering training and awareness programs that help our campus community recognize and prevent cyber threats. We safeguard sensitive data and collaborate with researchers to support secure, compliant partnerships and innovation.

How We Align

ITS Security Services supports the University of Nebraska’s mission by helping create a secure, reliable environment for teaching, research, and service. By protecting data and safeguarding access to learning systems, the team helps ensure a stable academic experience.

The division supports research excellence by securing sensitive data and helping meet sponsor requirements, reducing the risk of disruptions. These efforts help maintain trust across the university community.

ITS Security Services also enables innovation through the secure use of new technologies and promotes a culture of shared responsibility by helping the campus community make informed, security-conscious decisions.

Our Team and Structure

Our division is structured around five main teams to maximize our subject matter expertise, collaborate broadly with each other and with our partners, and provide outstanding service to faculty and academic leaders across the NU System.

Security Program Management

  • Lead: Matthew Long, Information Security Officer
  • What We Do: Actively identifies IT compliance with legal, regulatory, and policy requirements while managing risks effectively. Develops and maintains an IT vulnerability management program and IT security metrics
  • Areas of Focus: Governance (Executive Memorandums, ITS Standards, IT Controls, and IT Metrics), Compliance (Reviews, Assessments, and Audits), Risk Management & Third-Party Risk Management (Reviews and Assessments), Vulnerability Management (Reporting and Coordination: Tenable Nessus, Prisma Cloud), Security Awareness (Annual and Focused Security Training)

Identity & Access Management

  • Lead: Ryan Rumbaugh, Manager
  • What We Do: Actively defines and manages identities representing persons, objects, and other assets requiring access to university information systems. Ensures that only authorized entities can access the right resources, with the right access, at the right time. IAM encompasses authentication, authorization, identity lifecycle management, and access governance, thereby enabling the secure and efficient operation of university systems while protecting sensitive data.
  • Areas of Focus: Identity Governance & Administration (SailPoint, Identity Integrations, Identity Self Service, Service Accounts), Access Management (Grouper, Active 91߹, Microsoft Entra), Authentication Services (Single Sign-On: Shibboleth, Microsoft Entra), Multi-Factor Authentication (Duo, Microsoft Authenticator, YubiKey)

Security Operations

  • Lead: Ricky Keim, Interim Manager
  • What We Do: Actively monitors IT systems and data to identify anomalies and signs of compromise. Continuously reviews intelligence sources, searches for and identifies cyber threats, promptly reports any suspicious or unauthorized events, and coordinates appropriate responses.
  • Areas of Focus: Log Analysis, Splunk Alerts and Analysis, Email Security (MS365, Proofpoint) Threat Intelligence (ISACs, Stinger), Endpoint Detection & Response (Palo Alto Cortex XDR, MSP Norlem)

Security Engineering

  • Lead: Phil Redfern, Director 
  • Other Area Leads: Shawn Aguirre, Security Architect; John Ross, Manager, Platform Security; Ricky Keim: Manager, Network Security.
  • What We Do: Actively safeguards the university against cyber threats and prevents cybersecurity incidents from occurring or reoccurring. Ensures IT security requirements, architecture, and asset life cycles properly align with the university's IT risk tolerance and established IT policies, standards, procedures, and practices.
  • Areas of Focus: Security Architecture (Technical Design & Integration of IT Security), Application Security (Secure App Development, Web App Firewall, Web App Vulnerability Management, SSL Certificates), Network Security (Firewalls & VPN, Edge & LPV Network Access Control), Platform Security (Enterprise Endpoint Management, Privileged Access Management, Cloud Security, Secure Remote Access, Cybersecurity Asset Management)

Incident Response/Business Continuity/Disaster Recovery

  • Lead: Eric Haffey, Director
  • What We Do: Manages time-critical incidents and response activities for high-impact incidents. Coordinates the development and maintenance of IT business continuity and disaster recovery plans and exercises to validate. Assists General Council by facilitating eDiscovery and litigation processes within university IT systems.
  • Areas of Focus: Incident Response (Processes, communications, recovery, and after-action reviews), Disaster Recovery (Assist ITS teams in defining and regularly testing recovery processes), Business Continuity (Processes to ensure continuity of IT operations), Forensic Analysis (Review systems, logs, and alerts to identify sources of compromise), eDiscovery (Aid General Council with legal or FOIA requests for data from IT systems)

The Security Services Division is led by Rick Haugerud, Interim CIO of University of Nebraska-Lincoln and Assistant Vice President for Security Services in NU ITS. Rick’s role is to collaborate and lead a team to ensure Security Services helps create a safe and secure environment that minimizes risk and enables the university community to do their work through transformative technology. For questions, contact the ITS Security Team.

Meet Our Team