Joining Steven Institute of Technology in 2020, Tej Patel brought over fifteen years of corporate information technology and higher education experience to his new leadership role as the University’s Information Technology and Chief Information Officer (CIO). Along with leading the IT strategy for Stevens, Patel also advises cabinet members and presidents on technology investments and digital capabilities that can enhance the faculty, staff, and student experience. Prior to coming to Stevens, Patel held several leadership roles at the University of Pennsylvania, further deepening his passion for building and leading IT organizations. “When you spend eighteen years growing up at an institution, you become a part of that community, and that community becomes part of your DNA,” shares Patel. “I owe everything to Penn and the great people who supported my journey and shaped me into the leader I am today.” (Editorial Note: At the time of the publication of this magazine, Tej accepted a new role at Villanova University. Congratulations, Tej!)
Upon joining Penn in 2003, Patel managed classroom technology and then later became IT director of systems and infrastructure service at the Annenberg School for Communications. “I led their IT operations and increased the portfolio to include research, web security, and data center operations,” explains Patel. “In 2015, I became the Penn Nursing Chief Information Officer and co-chaired the roundtable for the entire university. Throughout my experience, I made a lot of friends, went through failures, learned a great deal, and formed many good relationships—all of which made the path to my role at Stevens more successful.”
Delivering High Quality Services
Aligning with Patel’s vision as CIO, the Division of Information Technology at Stevens, known as One IT, aims to empower the institution’s community by providing robust digital technology experiences and reliable, high-quality services, while establishing trusted partnerships across the campus. “My goal is to find alignment within Stevens strategic plan, which is Inspired by Humanity, Powered by Technology,” says Patel. “There are specific goals that also focus on research, innovation, and scholarship, as well as promoting diversity, equity, and inclusion. We take these objectives very seriously and we include institutional level priorities in our IT strategies every year.”
“Cybersecurity and data privacy have always been a top priority, and most recently, we have shifted our focus from infrastructure modernization to data and artificial intelligence,” continues Patel. “We are currently implementing certain digital capabilities to enable the business growth that Stevens is looking for over the next several years. If you ask me to summarize our mission in a few words, it would be customer centricity and delivering high quality services. And how do we measure the success of these initiatives and manage IT investment? While there are metrics that we monitor from a security, infrastructure, or budget perspective, what it really comes down to is, are we able to provide best-in-class IT services to faculty, staff, students, and alumni? If the answer is yes, then we hit our metrics, and the service levels are fully maintained at a top level.”
“Your community must have trust in you as a CIO or a CISO. There must be a culture of transparency instilled at an institution and our roles have to be held accountable for certain projects and tasks occurring on campus. We must be able to communicate openly about these activities. It’s not about ensuring that a lot of people have a seat at the table, but what can be done when someone has that seat? It’s deciding how to educate the board and cabinet members and connect the dots so we can continuously provide support and digital capabilities and business leaders can do what they do best. When you are invited to these meetings, you must be prepared to discuss what’s working well, but more importantly, what opportunities are available.”
— Tei Patel
Former Information Technology and Chief Information Officer, Steven Institute of Technology
Promoting Alignment and Partnership
Soon after joining Stevens, Patel hired Jeremy Livingston as Chief Information Security Officer (CISO). The two had already been working together developing the Protect Stevens security program and wished to continue the forward trajectory to keep pace with the ever-changing technology on today’s campuses. “Cybersecurity is a team sport and the CIO and CISO roles have shared objectives and goals of leveraging technology to enhance the institution’s mission while ensuring robust security measures,” says Patel. “We want to make sure the security posture is implemented in such a way that we are not getting in front of the business, but are truly managing that risk. In order to do this, it’s critical to have a solid trust and understanding of both environments and to give the CISO the freedom that they require.”
“One of the biggest changes that was implemented when I joined Stevens is that Jeremy was adopted into the Audit and Risk Committee on our board,” continues Patel. “We’re able to go to the board together and discuss IT and cybersecurity as an aligned front. Having a strong CIO and CISO partnership helps make an institution more effective and successful from a security standpoint and an organization overall.”
Along with the time spent working together, Livingston says building the CIO and CISO relationship takes an alignment of their objectives. “We both have the same goal, because we know classrooms are unable to operate and instructors are unable to teach if systems are offline because of a cyberattack. At the same time, we must prevent security controls from being too onerous or in the way of those objectives. We have a shared understanding of the risk tolerance working at an institution and we try to take innovative approaches to minimizing the risks that could disrupt the organization’s business objectives.”
As partners, Patel and Livingston have a collaborative decision-making process that strongly supports honest discussions. “Having open communication has helped us build trust and we both want to land on the best idea or solution,” says Livingston. “Tej has also done a great job on resource allocation and the balancing of these resources, including money, time, effort, and talent. This has been a tremendous strength of ours and keeps us on a successful path forward.”
“Your community must have trust in you as a CIO or a CISO,” adds Patel. “There must be a culture of transparency instilled at an institution and our roles have to be held accountable for certain projects and tasks occurring on campus. We must be able to communicate openly about these activities. It’s not about ensuring that a lot of people have a seat at the table, but what can be done when someone has that seat? It’s deciding how to educate the board and cabinet members and connect the dots so we can continuously provide support and digital capabilities and business leaders can do what they do best. When you are invited to these meetings, you must be prepared to discuss what’s working well, but more importantly, what opportunities are available.”
Encouraging Open Conversations
To be the most effective CIO and CISO, Patel says you must spend time broadening your end-to-end understanding of several aspects within the organization. “First, it’s crucial to be educated about the business of the institution and the overarching objectives. Second, you must be able to identify your own risk appetite, and third, you need to understand where leadership is coming from and how those external factors impact your own cyber strategy. With this comprehensive approach, you can sit at the table and contribute to the success of that institution.”
Livingston adds, “One of our strengths here at Stevens is we are open and honest about not only our successes, but the things we could do better; identifying the areas of opportunity. That integrity goes all the way to the board and president. They hold us accountable, and we have independent audits and penetration testing. Our team receives validation that what we’re doing is working and meeting expectations.”
Last year, the State of Cybersecurity began at Stevens, which invites faculty, staff, and students to hear directly from Patel and Livingston and their teams about security operations. “We provide an intimate level of access to some of the matrix that Jeremy and his team manages and monitors and we talk openly about the areas we are excelling in and the areas we could use their help,” shares Patel. “Along with a top-down approach, we must also take a bottom-up approach, since the end user and their experience are of high importance.”
“We both have the same goal, because we know classrooms are unable to operate and instructors are unable to teach if systems are offline because of a cyberattack. At the same time, we must prevent security controls from being too onerous or in the way of those objectives. We have a shared understanding of the risk tolerance working at an institution and we try to take innovative approaches to minimizing the risks that could disrupt the organization’s business objectives.”
— Jeremy Livingston
Chief Information Security Officer, Steven Institute of Technology
Improving Cybersecurity Outcomes
At Stevens, there is a strong drive to ensure the institution maintains a good security posture and has a strong security program. “In the months before I joined, Tej had started to develop the Protect Steven program and we’ve continued to build out this program to have ten key programmatic areas,” explains Livingston. “This includes independent risk assessment, security engineering, user protection, threat intelligence, identity and access management, user education, security operations, governance, frameworks and standards, and professional development. Plus, each of these ten areas has a dozen subparts of the program.”
“The entire community here at Stevens is focused on Protect Stevens, from leadership down to faculty, staff, and students,” adds Patel. “We keep a pulse on what’s happening and the success of this program is largely due to having a customer savvy CISO who combines empathy and compassion with the security posture controls that need to be implemented. We look at what is working, what we can do better, and how we can help maintain the security compliance that is needed. Information flows in all directions and I feel very fortunate to have a partner like Jeremey who has taken Protect Stevens to the next level.”
Going forward, Patel and Livingston are looking at identity and access management (IAM) as they continue to evolve in a rapidly changing environment. “As we look to improve our cybersecurity outcomes, we must determine how to ensure that the right users have the appropriate access to technology resources,” says Patel. “We must also find balance between user behavior and providing effective training. There is a rise in deep fakes and people are leveraging generative AI, so Jeremy and I will focus more on improving in those areas under Project Stevens in 2025.”
Keeping Pace with AI
With AI rapidly integrating into our day-to-day lives, Stevens continues to look at AI-powered tools and how this technology fits within their organization. “Being a STEM institution, we want to make sure our faculty, staff, and students have access to these tools, but we also want to ensure our data fabric is solid before we grant this access,” explains Patel. “We have three verticals: AI for academic education, AI for employees, and AI for research, and there are small pilots underway in these areas. For example, we have a pilot with 300 faculty, staff, and students who are leveraging Microsoft Copilot functionality to improve their productivity and quality of work. In the research vertical, we have the Stevens Institute of Artificial Intelligence who are doing exciting, cutting-edge research. To support this, we recently built a new high-performance computing cluster that has a little over 200 teraflops of compute power. Ultimately, we want to improve and support the undergrad and graduate student experience, expand our research enterprise, empower our faculty and staff, and make sure our infrastructure is reliable and secure.”
Connecting within the Edge Community
As a longtime Edge member, Stevens looks to the consortium for a variety of benefits. “Our campus internet connectivity is through Edge and is used by all on a day-to-day basis,” says Patel. “We’re also able to leverage cutting-edge technology through Edge’s access to vendors. I have attended several Edge events and I’ve found that these meetings have created a solid networking platform that connects several institutions within the region, including presidents, provosts, and executives. Edge creates an environment where we can openly discuss challenges and opportunities, which inspires meaningful conversations and partnerships across the state.”
“I too enjoy Edge events and hearing from speakers who come from different places and bring unique experiences and perspectives,” adds Livingston. “I also help chair Edge’s Security Community of Practice and I like how it brings together security practitioners from the whole Edge community. This collaborative group talks about issues, security events, and we share indicators of compromise or things to look for to help block IP addresses. Together we are bringing attention to the importance of cybersecurity and risk management and how a proactive security strategy is essential at each and every organization.”
Need help identifying and implementing actionable information security strategies? The EdgePro virtual CISO (vCISO) service provides independent and objective input to ensure your security posture is on track. Learn more at njedge.net/solutions-overview/vciso/.
