Krizi Trivisani: The Human Touch

GWU's security officer Krizi Trivisani focuses on the softer skills-like communicating with students and administrators-to help her battle real-life villains.

September 04, 2002 — CSO — Krizi Trivisani proves you don't need to be a superhero to fight the ever-rising number of security violations at your organization. As security chief at The George Washington University, she focuses on the softer skills<—like communicating with students, professors and administrators—to help her battle real-life villains.

Information Security Officer Krizi Trivisani could be any self-assured graduate student at The George Washington University. Sashaying through the hallways dressed in a white sweater, short striped skirt and funky glasses, she heads toward her modest cubicle in the subbasement of the Academic Center singing "he-llo" to almost everyone she sees. She isn't your typical security officer, and she knows it. "I remember sitting on one roundtable [of security experts] last year, and if you looked around the table you'd see man in suit, man in suit, man in suitwho's that chick at the end?" says the 32-year-old Trivisani. "Which one of these doesn't belong?"

The fact that she is making herself belong says much about her talents. At two reporting levels below the CIO, in a job grade that doesn't require a college degree (she has a certification for the information systems security professional, or CISSP, but has not finished college), Trivisani has none of the built-in authority of an administrator or executive, and none of the bullying power of an ex-cop. But she has something else that may turn out to be more important: She can connect with people. When she talks about security, people liste—and even understand.

That's a good thing, because a lot more is at stake than a dormitory mini-fridge chilling a few illegal Coronas. Based in Washington, D.C., The George Washington University (GW) is on the front lines of the hacker battle. "You have a fast pipe and no money to secure it," is how SANS Director of Training Stephen Northcutt sums up the famed insecurity of university computer systems. Higher education is known for having large, fast, heterogeneous, open systems whose transient users enjoy privacy protection that most corporate users only dream of. That makes them popular targets for vandals and hackers who want to launch denial-of-service attacks, store illegal files, or worse. Last spring, the Secret Service began investigating who had installed keystroke capturing software at university computer labs in at least four states—"spyware" that would allow crooks to grab personal information from any student who typed it in. Meanwhile, Purdue University, one of the nation's foremost information security training labs, was looking into whether hackers had stolen the names, addresses and Social Security numbers of 145,000 students. All this led some experts to fear that the next wave of computer crime would involve poorly secured university computers used to launch attacks on the U.S. government or the nation's critical infrastructure.