UNIVERSITY PARK, Pa. — Penn State announced today (Oct. 26) that Donald J. Welch has been named the University’s chief information security officer (CISO), after a national search.
Welch will start in his new position on Dec. 5. Andrew Sears, dean of the College of Information Sciences and Technology, is serving as interim CISO.
As CISO, Welch will lead Penn State’s Office of Information Security, providing strategic guidance and technical leadership for this comprehensive University-wide information security and IT risk-management program. The independent Office of Information Security will engage with all IT units across Penn State, including Information Technology Services, to fortify the University’s network infrastructure, data and people from potential cyberattacks. Welch will dual-report to Executive Vice President and Provost Nicholas P. Jones and Senior Vice President for Finance and Business David J. Gray.
"I am thrilled to be joining Penn State,” said Welch. “By their nature, research universities are challenging to defend, but it is so important for Penn State to do what it does so well without excessive risk from cyberattack. It’s an honor to take on such an important role at such a great university."
Welch will develop and lead outreach, communication and education efforts to raise University-wide awareness of information security risk, requirements and solutions; provide strategic and technical guidance and oversight in the design and implementation of appropriate security processes for University-wide information systems; recommend and oversee monitoring of computing practices to prevent and recover from security breaches; and direct the handling of security incidents when breaches occur.
The Office of Information Security, established last fall, is charged with protecting Penn State’s computer and network resources, as well as leading data stewardship efforts at the University.
“Criminals are getting increasingly more sophisticated in their efforts to steal information,” said Provost Jones. “On an average day, Penn State repels millions of overtly hostile cyberattacks from around the world against its network infrastructure. Universities — and other large organizations, such as government agencies and corporations — are inviting targets for malicious attacks. This is the reality of today’s world.”
“Don brings with him more than 16 years of extensive, national experience in the field of cyber conflict and strategy, as well as a strong background in teaching and research,” said Gray. “We’re so pleased he is joining us to bolster our efforts to increase and assure safety and security for the entire University community.”
Since 2015, Welch has served as chief information security officer at the University of Michigan, responsible for the institution’s information assurance (IT security, privacy, IT policy, compliance, and enterprise continuity) program for Ann Arbor, Flint, Dearborn and the Health System. He also was a member of the Michigan Governor’s Cyber Security Advisory Board.
He has been a facilitator for national leadership professional development company Academy Leadership, where he twice won awards for excellence in teaching, since 2012. Academy Leadership joins former officers and military academy graduates who have senior executive experience to deliver leadership training based on military academic principles.
Previously, Welch was president and CEO of Merit Network, a research and engineering network and IT services company from 2006 to 2015. He was instrumental in creating the Michigan Cyber Range, a unique and internationally recognized training environment partnering with industry, state and federal agencies. Welch was named a White House “Champion of Change,” for his role as leader in making a difference in the community by obtaining grants for a $140 million project to build fiber optic infrastructure throughout Michigan. From 2004 to 2006, he served as chief technology officer and director at H-E-B Grocery Co., responsible for information security enterprise architecture, infrastructure engineering and merchandising applications.
Welch first entered the cyber-security field at the United States Military Academy at West Point, where from 2000 to 2004 he served as CIO and professor of computer science. He was responsible for engineering, operations, support and software development teams used for teaching, learning and research; and taught courses in cyber security, computer science, software engineering, information technology and political science, as well as conducted research.
Welch received a bachelor of science degree at the U.S. Military Academy, West Point; a master of science in computer science from California Polytechnic State University, San Luis Obispo; and a doctorate in computer science from the University of Maryland, College Park.
He served for 25 years in the U.S. Army, attaining the rank of colonel and earning the Legion of Merit for his service.