Meet Rutgers’ First Chief Information Security Officer

Guy J. Albertini, a certified information systems security professional who holds a master’s degree in information assurance and security and has more than 15 years of professional security experience, has taken on the role of Rutgers' first associate vice president and chief information security officer.

Before starting at Rutgers, Albertini served for the past five years overseeing cybersecurity at Palm Beach State College in Lake Worth, Florida. During his tenure there, Albertini established an enterprise-wide information security governance program, assisted in the development of disaster recovery and business continuity plans, performed security assessments, and instituted industry-standard information-security policies, standards, procedures, and guidelines for the college.

He also served on multiple information security panels for higher education and participated in an effort to develop an information security ecosystem for the state of Florida’s higher education system. 

Albertini comes to Rutgers at a time when cyberattacks against universities are growing both more frequent and more sophisticated. Ransomware, phishing, and many other cyber-threats can cripple IT systems, cost universities money, and damage institutional reputations, which is why Rutgers needs a leader to head a universitywide cybersecurity program and implement comprehensive cybersecurity policies and tools.

Meet the man leading efforts to expand university culture and practices for protecting information assets, including valuable personal data and intellectual property.

Where are you from?

I’ve spent most of my adult life in Florida, but I was born and raised in Brooklyn, New York, so I will be able to withstand the New Jersey winters.

How did you get into information technology (IT)?

When I was a kid, all my brothers and all my friends wanted to go either into technology or the military, so I really only had two options [laughs]. I chose technology, electrical engineering at first, but I soon decided that I wanted to work in IT, so I got my bachelor’s degree in that.

How did you come to specialize in information security?

While I was working at Palm Beach State College, they created a new position, information security manager, and the job responsibilities included a huge range of things that interested me. I applied, got the job, and I’ve been passionate about information security ever since.

Passionate?

Oh, yes. I’m a cybersecurity evangelist. I will talk to anybody—at length—about cybersecurity. When young people come to me looking to discuss a career in IT, I point them all to cybersecurity.

Where has your career in information security taken you since that first job?

I moved from Palm Beach State College to a hospital, which had very different security needs and led me to get HIPAA (Health Insurance Portability and Accountability Act) certified. From there, I went to a pharmaceutical company, a fertilizer company, and then back to Palm Beach State College as chief information security officer.

What’s the greatest information security threat to universities right now?

Ransomware. Without question.

What is ransomware?

Ransomware is malicious code that takes over some or all of your devices, allowing criminals to demand that you pay them to restore your access to and control over your systems and your data. Hospitals and universities are the top targets because they tend to have very valuable data.

What’s your fundamental approach to information security?

I’m not here to tell people they can’t do things. I’m here to find ways to let people do everything they need to do without exceeding the university’s risk tolerance. There are a lot of tools out there to manage risk, including entirely non-technical ones like buying insurance. The key is finding the most cost-effective and least cumbersome tools or strategies for managing a particular risk.

What’s the biggest information security risk to individuals right now?

Probably phishing attacks, where scammers seek to trick you into giving them valuable information by posing as people or organizations that you trust. But individuals can also fall victim to ransomware. One click on the wrong thing is enough to install the malicious code.

How can people protect themselves?

Follow the advice you were given when you were a little kid: Don’t talk to strangers. If you get an email from anyone you don’t know, don’t click on any of the links. If you get an email that claims to be from some person or organization that does email you—but something feels just a bit off for reasons you can’t put your finger on—call to confirm that the email is legitimate before you click on any of the links.

What do you do for fun, aside from talking to strangers about information security?

I enjoy playing the bass—electric and upright bass—and I love to play traditional jazz. I also love spending time with my wife, who was my high school sweetheart, our two children, and the rest of my family.