About Us

The University created its Information Security Program policy in April of 2016. The policy grants authority to the Information Security Office, a unit within Information Services, to implement an Information Security Program to mitigate risk regarding information security. Its responsibilities include, but are not limited to:

  • Develop policies, procedures, and guidelines for securing University systems, networks, and data based on applicable laws, regulations, and best practices.
  • Consult with campus users and departments to investigate information security issues, perform risk assessments, and propose products and processes to mitigate risk discovered.
  • Monitor the University networks and systems to identify malicious activity.
  • Provide incident response for information security incidents.
  • Increase campus awareness of information security through training and communication.
  • Use frameworks to ensure that information security is built into current and new systems. Identify risks to the security of information, systems, and users to mitigate these risks to levels acceptable by University Administration.

Information Security Office Team

The Information Security Office (ISO) in Information Services is led by José A. Domínguez, Chief Information Security Officer (CISO). The ISO is responsible for implementing the Information Security Program (ISP) at the University of Oregon. The office has information security responsibilities over all University data, computers, and networks. The program makes use of risk management techniques to identify, manage and remediate information security risks for the university. To support its responsibilities, the ISO follows the Cybersecurity Framework as defined by the US National Institute of Standards and Technologies (NIST). The program receives advice from the Information Security Program Governance subcommittee (ISP-GC), a governance group sponsored by the Information Technology Steering Committee (ITSC) established to ensure that the information security and privacy programs are aligned with UO academic, research, and administrative objectives, and are consistent with university policies, state and federal laws. Additionally, the ISO leads the university Data Security Incident Response Team (DSIRT) which provides general oversight for our incident response program.    

Contact Us:

Mailing Address 
Information Security Office at 1715 
6250 University of Oregon 
Eugene, OR 97403

Physical Address
Information Security Office 
1715 Franklin Blvd 
Eugene, OR 97403

Call or Email
(541) 346-5837 
infosec@uoregon.edu

Chief Security Information Officer

José photo

José A. Domínguez 
Chief Information Security Officer (CISO)
jad@uoregon.edu 
(541) 346-1685

José is a dynamic and visionary leader who sees technology and people as part of a symbiotic environment and brings them together to propel forward an organization’s mission and vision. He brings a balanced approach to risk appetite, risk management, return on investments and people-centric initiatives to promote digital transformation.  

 

With over 30 years of experience working in technology, José currently serves as the Chief Information Security Officer at the University of Oregon (UO), where he is responsible for defining cybersecurity strategy and operations. He leads teams managing information security risk and compliance, IT security services and operations, IT disaster recovery, security incident response and the university’s Cyber Security Operations Center. 

 

Before taking on his current role, José served as the Interim CISO and Director of Information Security Services & Operations at UO. These positions entailed responsibilities for security architecture and solutions design, threat defense, vulnerability management, investigations and digital forensics, security monitoring, intelligence sharing and incident response. 

 

Earlier in his career, José was actively dedicated to building secure research and educational networks. He has served as Network Architect for the University of Oregon, Director of the Network for Education & Research in Oregon, the Oregon Gigapop and the Oregon Internet Exchange. 

José holds an undergraduate degree in Systems Engineering from the Instituto Tecnológico de Santo Domingo in the Dominican Republic and an M.S. in Computer Science from the University of Oregon. He has been a Fulbright Scholar and has worked on projects for the Organization of American States and the World Bank to increase access to technology for K-12 and higher education institutions in several countries. José also collaborates with the UO’s Network Startup Resource Center and the Escuela Latino Americana de Redes (EsLaRed), providing strategic training and technical advice for networking and security and networking projects in emerging markets.

IT Security Risk & Compliance (ISRC)

ISRC focuses in supporting all five functions of the NIST cybersecurity framework from the point of view of compliance and controls development. The ISRC works on the creation of policies, standards, controls, guidelines, and procedures that support the information security program. The group works with the university contracts management teams in performing risk and compliance capabilities assessments related to information security for third-party vendors and research contracts. In addition, the team manages our cybersecurity awareness and training program, as well as collaborates with compliance management for GLBA, HIPAA, FERPA, PCI, Red Flag, NIST and other regulatory requirements at the university.

Cleven Mmari photo

Cleven Mmari 
Director, IT Security Risk & Compliance 
cmmari@uoregon.edu 
(541) 346-1575

Leland VanBrunt photo

Leland VanBrunt 
Senior IT Security Risk & Compliance Analyst 
leland@uoregon.edu 
(541) 346-1753
 

Photo Holder

Andy Preising 
IT Security Risk & Compliance Analyst 
preising@uoregon.edu 
(541) 346-2610

Photo Holder

Melanie Khokhlov 
Student Web Developer 
iso-melank@uoregon.edu 
 

Photo Holder

JD Smith 
Student Web Developer 
iso-jdsmith@uoregon.edu 
 

IT Disaster Recovery (ITDR) Program

ITDR Program will define the set of procedures and supporting documentation that enables the university to restore core IT services as part of our overall business continuity plan. The program will identify critical applications and dependencies, define an appropriate (and desired) recovery timeline based on a business impact analysis, and create a step-by-step incident response plan for those critical applications. The program manager assigned to this function will work with all IT solutions and services providers to build our ITDR plan and make it actionable. 

Andy Smith photo

Andy Smith 
IT Disaster Recovery Program Manager 
acsm@uoregon.edu 
(541)346-2505

Cybersecurity Awareness Training and Outreach (CATO) Program

The CATO program manages and executes cybersecurity awareness initiatives for the university and drives a security-minded culture across employees, faculty, students, contractors and third parties. This team works with internal stakeholders and external cybersecurity awareness vendors to identify top human risks and behaviors that need to change to mitigate those risks while ensuring the program remains aligned with leadership’s expectations. The program emphasizes behavioral change by providing successful training and education content focused on mitigating institutional risk.  

Andy Smith photo

TBA 
CATO Program Manager 
TBA 
TBA

Information Security Services & Operations (ISSO)

ISSO focuses on the identify, protect, and detect functions of the NIST cybersecurity framework. The ISS deploys technologies to protect our resources and communication channels. This team oversees the identification of our assets, their risk representation and provides services to protect them. Several of the programs managed by this function include vulnerability management, email security and phishing protection, threat defense tools like intrusion defense (IDS) and intrusion protection (IPS) systems, security incident event management (SIEM). In addition, this team works with the community to advise regarding the buildout and operation of secure infrastructure to support the university academic, research and administrative missions. 

Photo Holder

TBA 
Deputy CISO 
TBA 
TBA

Photo Holder

Matt Love 
IT Security Analyst 
mlove@uoregon.edu 
(541) 346-1772
 

Photo Holder

James Ingalls 
IT security Analyst 
ingalls@uoregon.edu 
(541) 346-2388

 

Cyber Security Operations Center (CSOC)

CSOC focuses on the detect, respond, and recover functions of the NIST cybersecurity framework. The CSOC manages our threat intelligence feeds looking for indications of compromise, threat hunting, starting our incident response functions, and guiding the recovery after an incident. The group is staffed using university students who rotate through three roles: a) CSOC Analyst, b) Incident Response Analyst and c) Compliance Analyst, during the time they are part of the group.

Photo Holder

Jon Miyake 
CSOC Manager 
miyake@uoregon.edu 
(541) 346-1635

Photo Holder

DJ Wyrick 
Threat Intelligence Analyst 
djwyrick@uoregon.edu 
(541) 346-1912

Photo Holder

Carson Trainer 
Student Security Analyst 
iso-ctrainer@uoregon.edu 
 

Photo Holder

David Moe 
Student Security Analyst 
iso-dmoe7@uoregon.edu 
 

Photo Holder

Jake Khal 
Student Security Analyst 
iso-jkhal@uoregon.edu 
 

Photo Holder

Kylan Curran 
Student Security Analyst 
iso-kcurran@uoregon.edu 
 

Photo Holder

Emily Clauson 
Student Security Analyst 
iso-eclauson@uoregon.edu 
 

Photo Holder

Mike Duffy 
Student Security Analyst 
iso-mduffy2@uoregon.edu 
 

Photo Holder

Lochlan Scharpf 
Student Security Analyst 
iso-lscharpf@uoregon.edu 
 

Photo Holder

Leila Nelson 
Student Security Analyst 
iso-ljne@uoregon.edu 
 

Photo Holder

Sadhana Ramesh Babu 
Student Security Analyst 
iso-sadnahar@uoregon.edu 
 

Photo Holder

Sarah Temple 
Student Security Analyst 
iso-stemple2@uoregon.edu