5 Questions With CISO Jim Bole

UAlbany grad student works in the state homeland security operations center

ALBANY, N.Y. (Oct. 12, 2021) – October is Cybersecurity Awareness Month in the United States. Entering its 18th year, the 2021 theme is “Do Your Part. Be Cyber Smart,” which is a reminder for each of us to ensure we are taking steps to ensure we are being “cybersafe” both at home and in the workplace.

Jim Bole, UAlbany’s newly appointed chief information security officer (CISO), is responsible for the oversight, development, implementation and operation of a comprehensive information security program, including responsibility for identity and access management and security operations. As part of the team at Information Technology Services, Bole plays a critical role in protecting institutional information assets, including compliance with the security-related laws and regulations applicable to academic, research and data systems.

Jim Bole CISO stands in front of Information Technology sign outside
Jim Bole, CISO at UAlbany

Bole joined UAlbany from Stevenson University, where he served as director of information security. Prior to this, he worked in the news industry, first as a journalist and then as an information technology manager, before moving into the security arena. He holds a bachelor’s degree in journalism from the University of Kansas and served for 12 years in the U.S. Army Reserve, where he received an honorable discharge as captain.

What is Cybersecurity Awareness Month?

It started as a small effort by a newly created federal agency – the Department of Homeland Security. They correctly understood the need to raise the awareness about cybersecurity threats with just about every American and every U.S. organization. As the threats grew, so has the effort to education and promote practices and behaviors to fight back. And while it’s great to highlight cybersecurity in October, I always remind folks that it’s important to remain vigilant every month!

What types of threats that students and faculty should be aware of?

Phishing emails continue to be the threat that most people will encounter in their personal and professional activities. And while the tactics are becoming more sophisticated, many phishing attempts can be detected by simply pausing for a few seconds and applying common sense.

Here are two simple tips: Be wary of emails that try to put you in a false sense of urgency, such as an overdue bill or expiring account. And look at the language in emails that appear to be from someone you know. Be wary of expressions or words that don’t match what you know about them.

Can you provide an example of a particularly memorable cyberattack you were faced with?

At the turn of the 21st century, I was working as an IT manager at a large media company and encountered one of the first major viruses, known as the “I Love You” email worm, that infected millions of computers. It was a lot of work to rid our network of the worm and it was one of the reasons I decided to move into cybersecurity as a career.

You served for 12 years in the U.S. Army Reserve – how did this experience help shape your views on cybersecurity?

While there a lot of military analogies, metaphors and jargon in cybersecurity, my time in uniform was before the internet. Still, one key difference our information security team has from other teams at our university is that part of our job is combating adversaries who want to cause harm to our organization.

The big things I’ve taken from my military service into cybersecurity are keeping vigilant and thinking about "worst case" scenarios. Information security teams do a lot of work and training in the hopes that they never have to do use it. Finally, while my current role at UAlbany doesn’t require me to jump out of perfectly good airplanes, if it’s ever needed, I’ve been trained.

What are you reading right now?

Cybersecurity is evolving so quickly that if you’re reading a book about it, it’s probably outdated. Keeping abreast of trends means chatting with colleagues in online forums and social media (Twitter, Reddit, etc.,), listening to podcasts and attending professional conferences. I do read for pleasure and am currently re-reading some classics, including “Moby Dick” after learning about Herman Melville’s ties to the area.