A UK university CIO’s lessons: Fix security, power WFH, negotiate budget

A spate of cyberattacks and security vulnerabilities gave the University of Salford CIO Mark Wantling some sleepless nights. His homework? Protect the network, pivot to home learning, accelerate digital transformation — and ask the CEO for budget flexibility.

peel building university of salford
University of Salford

Mark Wantling may be 200 miles away but his discomfort is plain to see, even on the small video window of a Zoom conference call. "That pen test was a car crash," he says. "It was absolutely horrendous."

A series of high-profile cyberattacks on universities already had him on high alert, so too the realisation that re-engineering the University of Salford's infrastructure for thousands of remote students would have repercussions for cybersecurity.

But a brutal penetration test that successfully poked holes throughout his network in a matter of hours was what lit the touchpaper. It was this exercise which proved the catalyst for identifying and remediating zero-day vulnerabilities linked to the WannaCry and SolarWinds incidents, for issuing of 38,000 critical security patches and for bringing his IT operations and infosec teams together in process and tooling.

Yet at the time, back in March 2020, Wantling had other priorities. With the first UK government lockdown on the horizon, the university, based in Greater Manchester, was in the process of migrating its virtual learning environment to a SaaS-based platform and had also deployed Windows Virtual Desktop and Citrix Apps and Virtual Desktop on a Nutanix HCI to allow students to remotely access applications and desktop PCs.

Pandemic accelerates digital transformation

To continue reading this article register now

The CIO Fall digital issue is here! Learn how CIO100 award-winning organizations are reimagining products and services for a new era of customer and employee engagement.