 Work and learning moved from place-based to remote over the past year and the same thing happened with cybersecurity threats to higher education. What lessons can we take from this experience? EDUCAUSE's showcase on cybersecurity turned inside out offers three lessons. Let's explore them, learn how to act on them and put them in context. As the work of higher education has spread beyond the campus, our cybersecurity strategies were turned inside out. The new information security horizon report calls out the shift to remote learning, borderless networks, and more use of personal devices for business as major trends this year. In a May quick poll, more respondents agreed than disagreed that their cybersecurity team is prepared to protect their evolving perimeter. Over the past year, higher education institutions have accelerated the move of operational needs and services to cloud and third-party vendors, increasing the need for vendor management and raising questions about security requirements. If done effectively, vendor management can minimize the risks. That has a lot of different components though, but all that is difficult and time-consuming, so it's maybe not surprising that today only 28% of our May quick poll respondents say they're doing cloud and generally all vendor risk management fully today. Tools can help, like the recently updated Higher Education Community Vendor Assessment Toolkit, or HECVAT. HECVAT was developed for the community by the community, and it provides a framework to measure vendor risk. It saves time for both institutions and solution providers, and to save even more time, you can use services that build on the HECVAT, like the new EDUCAUSE VENDOR RISK Assessment Program in partnership with Great Hassel Security. With new cybersecurity threats all around us, we can't address them on our own. We have to defend our institutions collectively. Some collaborations are formal collaborations, like OmniSOC and Ren Eisek in the United States, or the Ozone Crisis Simulation Center run by SURF in the Netherlands. There's also the shared security function by 30 Bavarian state universities in Germany, or the Australasian Higher Education Cyber Security Service led by CAUTIT, which helps its members safeguard the intellectual property and reputation of Australasian universities. But opportunities to collaborate and leverage work are everywhere. Join a working group, participate in peer mentoring, attend a conference where the community gathers, like the EDUCAUSE Cyber Security and Privacy Professionals Conference in June and virtual this year. It's not enough anymore for the chief information security officers to just secure the institution's perimeter and end points. They have to engage in the C-suite level discussion of risk because cybersecurity is one of the institution's most serious and expensive risks. Cyber security leaders are preparing themselves. In our May quick poll, cybersecurity professionals named security program strategy development and leadership as the most important competency for their careers. And so we've learned three lessons from EDUCAUSE's cybersecurity showcase. Where do we go from here? The 2021 IT issues report suggests three scenarios for higher education. Let's apply them to cybersecurity. Each scenario offers a different path for action. Institutions on the restore path for cybersecurity will turn inward and work to restore their campus-centered culture and regain their financial health. Cyber security will be a here and now function operating as efficiently as possible. Evolving from where the pandemic has left institutions might ramp up cloud vendor management and endpoint detection and response. Cyber security staff would use EDUCAUSE and other resources to learn and network and institutions without a full-time cybersecurity director position might create one. And those committed to transforming cybersecurity and helping lead the way for higher education will think and act beyond their institutions and today's threats to anticipate future challenges, help lead the transformation of cybersecurity and higher education and serve an executive role at their institutions.