 Welcome to a new and special community conversation today. I'm joined by Brian Kelly, who is the director of EDUCAUSE Cyber Security Program called Brian. And today we're joined by two technology leaders who have not only survived, but powered through security incidents and are here to talk about them. So welcome to Ed Hudson, who's the CSO for the California State University System, and Michelle Noran, who's former EDUCAUSE board chair and the CIO at Rutgers University. Take it away, Brian. Thank you both for joining us today. In cybersecurity and EDUCAUSE, we often talk about the importance of sharing what we've learned with each other. And today we're going to talk about campus security incidents and what happened and what we learned during those incidents. So Michelle, we'll start with you. Could you talk a little bit about what happened during an incident and, more importantly, what you or, as Ed had said, what we learned during that? Without being too specific, because it's a little bit of a fresh circumstance, Rutgers was involved in a ransomware attack situation. It did not affect our data per se. It affected data of one of our partners. But it did affect our infrastructure. So we had a role to play in responding to the circumstance. I will say that in my career, this is the first time I've been this close to that kind of a cybersecurity incident. For us, we were the largest four-year public university system in the country. So my scope is 23 different campuses and our chancellor's office. So we have had some successful attacks. We also had a fairly significant event at the end of last year that while the ransomware was not detonated, it had a significant impact to IT operations. We were able to maintain academic and business operations at the campus. But the amount of effort that the particular IT team at this campus went through over about a four to six-week period was unprecedented for us. And in that case, what ended up happening was the threat actor, which we were able to tie to a nation state, came in and appeared to be doing some extended reconnaissance. And so while the malware wasn't detonated, we found them in the system, the system that our protectors that were in place alerted to them. But they came back several times. And so it was a very laborious process to root them out from where they were in the network, how they'd gotten in. And where they had gotten in. And then trying to parse that out was an extremely impactful event for us. So I know, Ed, when your incident was occurring, you sort of took the time to step out of that room and let me know that you were experiencing an incident and what you could share so that we could work to try to get that out to sort of anonymously out to the broader cybersecurity community so that they could learn from your experience. And I think that's hugely important when we talk about collaboration. So what takeaways are most urgent when we think about communicating to campus leadership and also across institutions to our peers? Part of what happened when we were dealing with that event at one campus is we were obviously sharing with all 22 other campuses of what we were finding because we're all in higher Ed have some similarities in the way that we architect our networks. But also, we found code from the threat actor that referenced another university outside of California. And so while the campus was working that particular event, my job is to orchestrate the resources from a system wide perspective. And we thought it was important to get that word out to the broader higher education community with what we could share at the time and what we knew the threat actor's actions were. So we talk all the time about how the threat actors, the bad guys, the hackers, they're sharing information all the time. And I think John pulling this whole conversation together with Michelle and I and Brian, and as we share with our colleagues and counterparts across the country, I think it's really important that we talk about what's happening, what are the kinds of attacks that we're facing, what are the indicators of compromise so that we can help each other more effectively. And Michelle, do you want to give us the perspective from the CIO seat during an incident? The circumstances and the situation that we had, there were some very fundamental key takeaways from that. One is think through what you would do in that circumstance. Those of us that have been in the cyber security space for a long time, you come up with your game plan. How are you going to respond? Who is on point? How do you structure? So there's a foundation of that that I think are important for some of these new threats, ransomware, any other kind of threats that come through. So revisiting those to be sure. Do we remember what we need to do here? Secondly, these new situations, like a ransomware attack, in my view, it is different. The players are different. You start in a different place. You need to have your legal team ready and prepped for what that might look like. Likely you'll need external resources to help you investigate, do the forensics, having the conversations with institutional leadership about, look, if we have one of these situations, this is how we're going to have to approach it, we're going to need leadership to engage, to think about things like the legal guidelines to be following here, what can be said, what can't be said. Are we going to pay a ransom or not? Who do we need to be working through? And so priming that kind of conversation I think is important so that it's not a big surprise one day if I get a walk into the president's office and say, we got to have a conversation. So I think coming up with a blueprint or some kind of a playbook specific to that circumstance I think is important. So I would recommend doing a tabletop, trying to understand how that looks, working with other entities who've gone through it to say, hey, what'd you have to do? What should we think about? Who would we line up here and just try to learn as much as possible so that you're not caught off guard if you ever end up in that kind of a situation?