Information and security officers from Oregon educational institutions shared insight on making people within their organizations more cognizant of cybersecurity and developing appropriate cyber defense strategies.
From left, Rachel Wente-Chaney, CIO for the High Desert Education Service District in Bend, Ore.; José Domínguez, chief information security officer at the University of Oregon; and Kevin Bohan, manager, network engineering at Link Oregon, speak on a panel during Link Oregon’s annual meeting June 26, 2025.
Skip Descant/Government Technology
WILSONVILLE, Ore. — If you want to focus senior leaders’ attention on just how important cybersecurity is for an organization, show them what happens when the financial system gets hacked.
“The CEOs don’t need to understand the servers, or the metrics, or the phishing scores. But they care about business continuity and operational resilience,” Rachel Wente-Chaney, CIO for the High Desert Education Service District, in Bend, Ore., said Thursday.
In a panel discussion during the annual meeting of Link Oregon, a nonprofit providing high-speed broadband to other state nonprofits and public-sector members, Wente-Chaney offered the example of hosting an executive tabletop exercise with school leaders — people who may have little to do with technology or cybersecurity — involving a disruption to the payroll system.
“Whatever the hook is for your industry, having it be nothing about technology, and nothing about cybersecurity, other than the fact that an incident happened that is disrupting the way we do business has been a valuable key,” Wente-Chaney told the audience of about 150 tech professionals from around Oregon.
A cyber attack can impact organizations of any size, IT leaders were quick to remind. Preventing these attacks — and enabling recovery from them — is often the result of having the right people in place with the right training and tools, José Domínguez, University of Oregon CISO said, indicating he views AI as an opportunity to shore up cyber defenses.
“I actually love AI. I think there [is] great opportunity there. Like everything else, technologies can cut in both directions,” Domínguez said, advocating during the panel for using AI to accelerate cybersecurity training.
“We don’t have enough cybersecurity practitioners,” Domínguez told the room, citing numerous open cybersecurity jobs. “You know what doesn’t come with all of those cybersecurity positions is experience. So, AI does provide an opportunity to take a just brand-new junior cybersecurity analyst engineer and help them be productive, almost from day one.”
Prior to seeking new cybersecurity technology tools and lining up vendor contracts, the university CISO recommended doing a cybersecurity assessment to know what needs protecting, and how urgently.
“Understanding the organization, and what are the risks to the organization, that should be the first step of anybody who’s looking into cybersecurity,” Domínguez said, citing the common example of cybersecurity tools designed to prevent hackers from entering an organization through its Internet-connected heating and cooling system.
If that system is controlled manually, why spend resources on cybersecurity protection, he asked rhetorically.
“But that’s what you hear all the time. Like, every organization that has been hacked, that’s where it starts,” Domínguez said. “I don’t have to worry about that if I don’t have it. How do you find that out? If you perform a valuable risk assessment.”
Skip Descant writes about smart cities, the Internet of Things, transportation and other areas. He spent more than 12 years reporting for daily newspapers in Mississippi, Arkansas, Louisiana and California. He lives in downtown Yreka, Calif.
