Boston University Information Security’s
Security Hero Program
PROGRAM OVERVIEW: The Security Hero Program is a designation awarded by Boston University’s Information Security Team in order to recognize outstanding efforts in the protection of University data and the defense of the Boston University community’s cybersecurity.
PROGRAM MISSION STATEMENT: The Security Hero Program’s mission is to recognize and honor our community’s commitment to taking an active role in the cybersecurity of the University. Cybersecurity relies on “people, process and technology.” The Security Hero Program aims to educate, encourage, promote and partner with the people of our community in order to foster a well-rounded cybersecurity environment for our organization.
PROGRAM DETAILS: The Security Hero Program merit is awarded throughout the year based on the interaction between community members and BU’s Information Security Team. The Security HeroProgram is open to all members of the Boston University organization including faculty, staff and students. Recipients will be notified via email and presented with the Security Hero pin, award and official letter of distinction.
October 2021 Recipient: Priyanka Benerjee
WHY PRIYANKA IS A SECURITY HERO:
Priyanka went above and beyond to assist the Information Security by reporting a concern and gathering supporting evidence. Her effort and initiative to share her findings was an effective and essential component to our process. As opposed to a top-down approach, working on the ground, Priyanka was able to gather information swiftly. Her work aided us in focusing in on the issue and helped to protect future students. Priyanka partnered with Information Security in the pursuit of security excellence.
WHAT PRIYANKA DOES HERE AT BU:
Priyanka is a current student in the Questrom Online MBA program. She works at Lyft in San Francisco as a payments manager. Previously, she has worked in the payments domain at Microsoft, Amazon and Barclays. She is passionate about ensuring great customer experience when using any type of payment method. When not working or completing assignments, she likes to travel and work on craft projects.
THANK YOU PRIYANKA!
October 2021 Recipient: Alexander Bulekov
WHY ALEXANDER IS A SECURITY HERO:
Alexander has gone above and beyond, overseeing ground-breaking research in security. For example, his analysis of the QEMU source repository to find and report security vulnerabilities in the single most prolific hypervisor for private cloud deployments helps ensure the confidentiality, integrity, and the availability of virtual resources. His work has led to security fixes being deployed around the globe, including within the Mass Open Cloud initiative that BU is leading. His research has improved the security of millions of cloud users around the globe, including many at Boston University. As a security researcher and practitioner he has made contributions that protect and reflect on Boston University.
WHAT ALEXANDER DOES HERE AT BU:
Alexander (CAS ’16) is a PhD Candidate at the Department of Electrical and Computing Engineering. There, he is researching ways to improve the security of kernel and hypervisor systems that power modern cloud environments. Alex also was a teaching assistant for Operating Systems and Cybersecurity courses at BU. Previously, Alex worked for IS&T’s Client Services & Support, serving the Sargent and Kilachand Center communities.
THANK YOU ALEXANDER!
October 2021 Recipient: Lauren Kehoe
WHY LAUREN IS A SECURITY HERO:
Lauren has gone above and beyond, continually communicating with the BU Information Security team to incorporate security when considering new applications, including considering security in the earliest stages of the vetting process. This is essential in uncovering risks and ultimately protecting Boston University. By keeping security as a key consideration when implementing new services and applications for the Danielsen Institute, without encouragement from Information Security, Lauren is a partner with us in the continued pursuit of security excellence.
WHAT LAUREN DOES HERE AT BU:
Lauren is the Associate Director of Administration and Finance at the Danielsen Institute. Part of her duties as associate director include acting as the HIPAA security officer for Danielsen. Clients and clinicians come to Lauren with questions about information security procedures around Protected Health Information (PHI), as well as concerns. Laureen conducts monthly random data audits of activity in our electronic medical record software and is responsible for reporting any possible breaches.
THANK YOU LAUREN!
October 2021 Recipient: Heather Gillis
WHY HEATHER IS A SECURITY HERO:
As a member of the BU community Heather has gone above and beyond by taking actions to alert the BU Information Security Team of a vulnerability in the SAP terminated employee process and reporting. Heather conducts regular security and access audits to ensure the integrity of Boston University data and keeping confidentiality and access intact. Our team, and the Boston University community, relies on Heather’s communication in a constant effort to protect our data.
WHAT HEATHER DOES HERE AT BU:
Heather M. Gillis is the Executive Director, Procurement, in the Sourcing & Procurement department. The team is dedicated to helping departments maximize their budgets through strategic negotiation of contracts and purchases of goods and services. We provide insight into spend, identify savings opportunities, and manage supplier relationships to provide increased operational efficiencies and mitigate risk for Boston University.
THANK YOU HEATHER!
October 2021 Recipient: Billy Hajjar
WHY BILLY IS A SECURITY HERO:
Billy has gone above and beyond to seek out and educate himself on compliance requirements and controls. By keeping security and compliance considerations such as PCI (Payment Card Industry) responsibilities and requirements as key considerations navigating contracts with parking vendors, Billy pursues security excellence. And in turn keeps the confidentiality and integrity of our data secured, keeping us parked safely.
WHAT BILLY DOES HERE AT BU:
As Director of Parking & Transportation Services for the Charles River, Fenway and Medical Campuses, I oversee the parking lots, garages, and alleyway permits and permit access through our new Transportation Management Portal, and our Transportation Benefits (employee subsidized MBTA passes, employee subsidized Transit Parking, etc) as well as the University’s Shuttle Bus Service.
THANK YOU BILLY!
October 2021 Recipient: Tasha Coughlin
WHY TASHA IS A SECURITY HERO:
As a member of the BU community, Tasha has gone above and beyond to seek out and educate herself on compliance requirements and controls. Tasha always builds security into her planning and execution. For example Tasha built in the personal device security attestation for BU REDCap, exemplifying her consideration of security and the protection of data. These actions make her a powerful ally in the continued pursuit of security excellence. And as a partner, we rely on her continued communication in an effort to keep intact the confidentiality, integrity, and availability of data of Boston University assets.
WHAT TASHA DOES HERE AT BU:
As the REDCap (Research Electronic Data Capture) application administrator, I work with researchers across the university and BMC to provide support and training for electronic database design, enhanced data security and management features, and automated workflows. Working closely with the BUMC HIPAA Security Officer, constant vigilance for electronic data security is managed through continuous review of risk assessments and the implementation of up-to-date compliance practices.
THANK YOU TASHA!
Inaugural Recipient: Nedra Abbruzzese-Werling
WHY NEDRA IS A SECURITY HERO:
As the leader in identifying and reporting phishing emails, Nedra has stopped the propagation and spread of scams and reduced the risk of compromised accounts and possible data breaches for our BU community. Phishing remains the number one source of cyber-attacks and breaches globally, as well as here at Boston University. During this time, our prolific use of online technologies has led to a sharp increase in opportunities and advantages for cyber criminals. We commend Nedra for taking an informed an active role in protecting University assets.
WHAT SHE DOES HERE AT BU AS VICE PRESIDENT FOR COMPLIANCE:
The Compliance Services Office works with compliance partners across the University to clarify compliance obligations; coordinate compliance activities; support training and other educational efforts; investigate compliance concerns; and help identify, assess and mitigate risks. The Compliance Services office manages the Compliance website, the University-wide Policies website, oversees compliance with the Conflict of Interest Policy, participates in the University’s Enterprise Risk Management (ERM) efforts, and oversees and facilitates the University’s anonymous Ethics and Compliance Hotline.
THANK YOU NEDRA!