Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework

Sean Sweeney as interviewed by Lisa R. Young


In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (Pitt), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). The University of Pittsburgh is a large, decentralized institution with a diverse population of networks and information types. The challenge of balancing academic freedom with security and protection of research data is put to the test every day.

The use of the CSF, created by NIST as a common starting point for improving the cybersecurity of critical infrastructure providers, has proven valuable to help Pitt understand its baseline security posture, prioritize gaps, and set a target profile for improvement. The flexibility of the five NIST CSF categories (Identify, Protect, Detect, Respond, Recover) provide a solid starting point from which to understand the information security practices that are already in place at Pitt and the practices that are needed to improve the overall program. The podcast is based on a presentation available here.

Downloads: MP3 | Transcript

Loading Podcast.....

Categories: Cyber Risk and Resilience Management

Share This:

About the Speakers

Sean Sweeney (University of Pittsburgh)

Sean Sweeney joined the University of Pittsburgh in 2012 as Information Security Officer. Sean directs the security team to respond to information security issues and security-related requests from the University community. He manages security controls and solutions, coordinates security issues and responsibilities between the University’s central IT organization (CSSD) and academic centers, and is responsible for maintaining the University’s information security program strategy.
A graduate of George Mason University, Sean has more than 15 years of experience in information security, computer networking, user support and training, application deployment and maintenance, and project management.
Sean has worked as a Director of Technology for a Pittsburgh-based law practice and founded a consulting company specializing in information technology solutions for the legal industry.  Prior to his arrival in Pittsburgh, Sean served as Litigation Support Trainer and Application Manager for the U.S. Department of Justice, Environment and Natural Resources Division and Database Administrator for the U.S. Department of Interior, Bureau of Indian Affairs in Washington, D.C.