Q&A with Michael McKay of Rutgers University

With 22 years of military experience, McKay served as professor of military science and directed the university's ROTC program for three years on the New Brunswick campus when he first arrived in 1985. He then was named associate director of what is now known as the Center for Advanced Information Processing. A graduate of the U.S. Military Academy, McKay received his master's degree in business management from Central Michigan University.

McKay spoke with Ed Tech about the issues he confronts as CIO, especially the role IT plays at the university with regard to security.

ET: What is your top-of-mind issue right now?
McKay: You know the three things about buying a house–location, location, location. Well, the three things about running a network are–security, security, security. I look at security as being a leadership issue. We publish a computing guide that gives leaders, deans, directors and vice presidents the basic elements of information technology, including security and standards that they can implement in their individual departments.

We are trying to demystify IT to make sure that, say, people in the English department have the basic knowledge of security and that it's not just something technical people handle.

ET: Can you elaborate further on what you mean by demystifying IT?
McKay: I mean if you have a dean in the engineering department and he's on the IT committee, you have to try and educate that person on IT issues. Then, in a very short time, with just a little bit of knowledge, that person can take a leadership role in ensuring that certain IT standards are maintained.

I've been very pleased with the cooperation from my colleagues. During the early years of the Internet, the use of firewalls and other means of security were considered draconian because the university was supposed to be an open environment. The proliferation of hackers, viruses and spam has caused all members of the university community to become much more tolerant of the measures needed to secure, protect and maintain their access to Internet technology.

ET: What other issues are on your radar?
McKay: We've had power outages on our campuses, so we purchased a generator for our large computer data center, and we're in the process of installing a generator for our administrative services building. So in the event of a power outage– and let's say we're in the middle of getting payroll out–we can handle it.

ET: Because security is a major issue, how do you check and monitor your security initiatives?
McKay: We're very methodical about taking the appropriate precautions for all the servers and the sensitive data on them. We check and audit all the time. To help secure our network, one of the things we do prior to students arriving on campus is encourage incoming students to create their network identification and password, so that they're integrated by the time they get on campus.

ET: How do you manage wireless security?
McKay: Two to three years ago, wireless was really proliferating and we saw it as a huge security problem. So we had an administrative council meeting–the highest echelon of leadership at the university–and we came in and gave a 20-minute primer on wireless. And I'll tell you what, we got a resounding response to that meeting and the information we supplied helped administrators make the right decisions about wireless implementation and security. We found that informing top administrators about IT and making IT a function of administrators' responsibility, instead of somebody else's down the line, empowers administrators in their decision-making about IT issues.

ET: Have you had pockets of resistance throughout your tenure at Rutgers?
McKay: Sure, but mostly from people who didn't want to get involved. But what I see happening now is a “convergence,” where everybody needs the network, so campus leaders now realize that they have to get involved. Here's an example:

If we have a security problem, and we identify a system that's causing the problem, and if we can't quickly identify and rectify the problem, we take the whole unit off of the network. That's a [serious] move to shut down a portion of the network. But people understand because they now know the importance of security, since we have been effective in telling our story.

ET: Is IT strategy tied to Rutgers' strategic plan?
McKay: Absolutely. It's tied to the goals and objectives and the mission of the university. After you do your homework and talking, you lay out a plan that spells out how IT can carry out the strategic initiatives.

ET: And how do you measure the goals and objectives of the university's strategic plan against your IT initiatives?
McKay: That's a great question. That's huge for us to measure how well we do. We're just now developing those matrices, and we're in the process of establishing the criteria upon which we will be annually evaluating the accomplishment of our strategic planning goals and objectives.

ET: Final thoughts?
McKay: IT needs to communicate, and you need to get people involved at all levels in order for IT to be successful. We give regular updates on the progress of the different projects–and everything is aboveboard. It's all about demystifying this whole thing that was built up in the '90s called IT. And, as I said, IT is leadership's responsibility. Security is leadership's responsibility. Making IT purchasing decisions is leadership's responsibility. It's about empowering the leadership of the university at all levels to feel comfortable making informed IT decisions.