Greg Vedders
  • About
  • Tags
  • Posts

10 Lessons from 10 Years in Higher Ed IT Security

What 10 years in higher ed IT security taught me about logging, communication, preparedness, and the people behind the systems.

posts
February 28, 2026 • 2 min read • 304 words

This year marks 10 years for me working in IT Security at a university.

When I started, I thought security was mostly about tools. Firewalls. SIEMs. Alerts. Logs. Configuration.

A decade later, I’ve learned it’s mostly about people.

Here are ten lessons that stand out.

1. Security Is About Trust

If people don’t trust you, they won’t tell you when something goes wrong. And when they don’t tell you, small problems turn into big ones.

2. Tools Don’t Fix Culture

You can buy the best security stack in the world. It won’t matter if your organization treats security as someone else’s problem.

3. Incidents Are Inevitable

Perfection isn’t the goal. Preparedness is. The difference between chaos and control is usually planning.

4. Communication Beats Technical Brilliance

Explaining risk clearly to leadership is often more valuable than writing the perfect query.

5. Higher Ed Is Unique

Universities are open by design. That openness is a strength academically, but it creates interesting security challenges.

6. Security Should Enable, Not Block

If your answer is always “no,” people will find ways around you. The better answer is often, “Here’s how we can do this safely.”

7. Awareness Training Matters

Not because it makes everyone an expert, but because it creates shared responsibility.

8. Logging Is Gold

You don’t appreciate logs until you don’t have them.

9. Relationships Matter More Than Policies

Policies sit in documents. Relationships get things done.

10. You Never Stop Learning

The threat landscape changes. Technology evolves. Attackers adapt. If you’re not learning, you’re falling behind.


Ten years in, the tools have changed. The threat landscape has changed. The acronyms have multiplied.

What hasn’t changed is the need for clear thinking, good logging, solid processes, and strong relationships.

That part of the job still feels just as important as it did on day one.

Share this post
← Older Building a Stable SOC Monitoring Wall with Open Tools Newer → How I Fixed My Apple TV With a Microwave (No, Really)

About

Greg Vedders writes about information security, troubleshooting, photography, and the occasional unexpected fix.

Recent Posts

  • Automating CatPosters.us With a Gemini and WordPress Bot
  • Teaching Git: What I Covered in Class
  • Introducing Signage Suite — Self-Hosted Wall Displays in PHP
  • Rebuilding gregvedders.com Without a Hugo Theme
  • Hardening a Public Honeypot Server

Tags

Security Cybersecurity Higher Education Leadership Professional Growth

Related Posts

  • Building a Stable SOC Monitoring Wall with Open Tools
  • Exposing Services Safely with Cloudflared Tunnels
  • Advanced Splunk Techniques for Beginners
  • Searching for Threats in Firewall Logs Using Splunk
© Greg Vedders 2026