Security operations, also known as SecOps, refers to an organization combining internal information security and IT operations practices to respond to threats and manage cybersecurity incidents. SecOps is a set of security operations processes to improve the security posture of an organization. Historically, most organizations have treated security and IT operations as discrete functions handled by independent units using distinct approaches and methodologies. As a result, SecOps is frequently formed from a combination of security and IT operations staff, and is a highly skilled team focused on monitoring and assessing risk and protecting organizational assets, in some cases operating from a security operations center, or SOC.

The NIST Cybersecurity Framework describes the SecOps functions of Detect, Respond, and Recover well.

  • Detect - SecOps must detect the presence of adversaries in the system, who are incentivized to stay hidden in most cases, allowing them to achieve their objectives unimpeded. This can take the form of reacting to an alert of suspicious activity or proactively hunting for anomalous events in the enterprise activity logs.
  • Respond - Upon detection of potential adversary action or campaign, SecOps must rapidly investigate to identify whether it's an actual attack (true positive) or a false alarm (false positive) and then enumerate the scope and goal of the adversary operation.
  • Recover - The ultimate goal of SecOps is to preserve or restore the security assurances (confidentiality, integrity, availability) of business services during and after an attack.

This presentation will provide an overview on how a medium and large university and BCNET design and deliver their security operations and work to achieve a security-first mindset and fusing security into IT operations processes.

Robert Ball Summit 2023

Robert Ball

Director Information Security, Kwantlen Polytechnic University

LARRY CARSON Summit 2023

Larry Carson

Associate Director, Information Security Management, University of British Columbia

Larry Carson is the Associate Director, Information Security Management at UBC and is the subject matter expert for cybersecurity at the university where he focuses on incident response, prevention and policy for the institution. He is a strong believer that cybersecurity is meant to act as an enabler to help facilitate better business processes & competence through properly secured & protected data assets. He sees the future of cybersecurity being tightly intertwined with data science (analytics & SIEM) and threat intelligence. Larry fosters a firm belief that industry standard cybersecurity best practices can be successful in Higher Ed.

2024 Program Committee

Ivor MacKay

Director of Cybersecurity and IT, BCNET

Ivor is responsible for fulfilling and planning the future of BCNET's internal IT needs. He facilitates cybersecurity collaboration and future service direction through the BCNET Cybersecurity and Identity Management Services Committee. Ivor has 29 years of experience in management and 22 years as an IT professional. He began his IT career working at the world track and field games in Edmonton, where he led the rolling out and support of desktops and servers for the games. Following his work at the games, he worked in IT for CBC in Edmonton for 10 years. He moved from Edmonton to join Coast Mountain College (formerly known as Northwest Community College) as the director of IT. 

View slide deck

Technology Track

Session Format
Interactive Speaker Presentation (45 minutes)