Go Directly to Page Content
Go Directly to Site Search
Go Directly to Site Navigation
ITS Safe Computing

Information and Infrastructure Assurance Staff

Chief Information Security Officer

Donald Welch, Ph.D. is the University of Michigan Chief Information Security Officer (CISO). As CISO, Don is responsible for the university's information assurance (IT security, privacy, IT policy, compliance, and enterprise continuity) program, including Ann Arbor, Flint, Dearborn, and the Health System. His charge also includes direct responsibility for ITS Information and Infrastructure Assurance.

IT Security Staff

Brandon Bailey is a data security analyst. Before joining IIA, Brandon worked as a database programmer in the Cardiovascular Center of the Medical School, supporting quality improvements for cardiac surgery. Prior to that, he worked with Mid-Michigan Health for three years. Brandon is working toward his masters degree in information assurance at Eastern Michigan University. His hobbies include traveling, going outdoors, and sailing.

Sol Bermann (CIPP) is the campus privacy officer. Prior to joining U-M, Sol was the director of international privacy for Walmart, and previous to that was chief privacy officer for the state of Ohio. He also served as associate director of the Center for Interdisciplinary Law and Policy Studies at the Ohio State University Moritz College of Law and taught as adjunct faculty in OSU's International Studies Program. Sol is co-chair of the EDUCAUSE Higher Education Chief Privacy Officer Working Group and a member of the EDUCAUSE Higher Education Information Security Council (HEISC). He is co-author of Information Privacy: Official Reference for the Certified Information Privacy Professional (CIPP). He holds a B.A from Beloit College, an M.A. from the University of Virginia, and a J.D. from the Ohio State University Moritz College of Law.

Crystal Borgman (CSAM) is a data security analyst. She has been employed by the University of Michigan for 9 years. Her most recent position was that of IT asset management administrator with ITS Information Technology Asset Management (ITAM). Before that, she worked as a senior desktop support specialist and information security coordinator at the Ford School of Public Policy. She earned her bachelor's degree in business information systems from Portland State University.

Chris Brenner is a data security analyst. He began working for the university in 1994 in what was then called ITD Contract Services. He spent 16 years at the College of Literature, Science, and the Arts (LSA) Information Technology in system administrator positions, ultimately managing IT Security and Software Licensing teams for LSA. Chris also functioned as the college's security coordinator and security unit liaison. He is a U-M alumnus and holds a bachelor's degree from LSA. His primary responsibilities include working on the IIA (Computer Systems) Hardening project and providing Managed Security Services to the College of Engineering.

Beth Bridson is a data security analyst within IIA. She joined IIA in 2013, but has worked for the university since 1981. She began working as a secretary for several units within UMHS, then began work as an applications programmer and analyst for University Health Services (UHS). While working as a computer operator for UHS, Beth earned an associates degree in business management from Washtenaw Community College. Beth is certified in GSEC and GCIH. She is trained in hacker techniques, exploits, and incident handling.

Hugh Briggs (CISSP, GPEN, Certified Ethical Hacker) is a data security analyst. He has 10 years of IT experience in the U.S. Navy and filled multiple roles, including field service engineer, IT specialist, and team leader for network operations throughout his career. He loves to travel and has visited Germany, Cameroon, Japan, Australia, and other countries.

Kelly Burns (CISSP) is a data security analyst. Kelly has been working for the University of Michigan since 2000. Before joining IIA, she worked for University Housing as a senior system administrator and was Housing's security coordinator. Kelly graduated from Indiana University, majoring in Spanish and telecommunications. She also has a master's degree in computer science from the University of Michigan.

Kevin Cheek (CISSP) is the university's IT security incident response coordinator. He joined IIA in 2008 as a university security analyst working in IIA's Managed Security Services. Kevin has been working for the University of Michigan since 1994. He spent 10 years with the Division of Molecular Medicine and Genetics, performing computer support and systems administration, and five years at the School of Public Health as a systems administrator and security administrator.

Doug Cox (GSEC, CPTE, PCI-ISA) is a data security analyst specializing in Linux and network security working in IIA's Managed Security Services. Doug earned bachelor's and MBA degrees from the University of Michigan. He has been working for the university since 1992 in various IT positions in Internal Medicine, Physics, and Chemistry.

Louis Daher is a data security analyst. Before joining IIA, Louis worked as a quality assurance coordinator for the Institute for Social Research. His responsibilities included implementing federal security standards and ensuring that they were met. Louis is working toward a master's degree in information assurance at Eastern Michigan University. He is a member of the Information Systems Security Association (ISSA), InfraGard, and the Computer Security Institute.

Drew Dixon (GPEN, GSEC, GCIH, GCFW) is a data security analyst. Drew joined the University of Michigan in 2013. He is currently focused on providing IIA Managed Security Services for various U-M campus units. Prior to joining IIA, Drew worked for Consumers Energy on the Cyber Security operations team, with responsibilities deploying, monitoring, and managing a broad range of information security technologies and network security appliances. Drew received his B.S. from Central Michigan University, majoring in information technology with a minor in management information systems. Drew holds several Global Information Assurance Certifications (GIAC).

Ed Gawlik (CISSP) is a data security analyst. He has more than seven years experience in system administration roles, most recently as a security analyst for General Motors, where he did penetration testing and vulnerability assessments. He earned a bachelor's degree in criminal justice from the University of Michigan-Dearborn and a master's degree in information assurance from the University of Detroit Mercy. He is working on a Ph.D. in technology at Eastern Michigan University.

Ross Geerlings (CISSP, Certified Ethical Hacker) is a senior data security analyst specializing in ethical hacking, data loss prevention, and vulnerability scanning. Prior to joining U-M in 2007, Ross worked as a systems administrator and network administrator. He received his B.S. in computer science from Michigan State University in 2001

Rick Getchell is a Senior Data Security Analyst and Product Manager of IIA's Unit Security Services. Since joining IIA in 2006, Rick led the development of IIA's Managed Security Services and Network Attack Recognition program. Prior to joining the team, Rick was security/network administrator and Director of Desktop Support at the U-M School of Dentistry, where he began at U-M in 1998. Rick received a B.A. degree from Cornerstone University in 1991.

Ryan Konrad (CISSP) is a Data Security Analyst. Ryan received his Associate in I.T. Systems Administration from Stautzenberger College. He has nine years of IT experience and spent seven years in information security in a healthcare organization, most recently as a manager of information systems security.

Alan Levy is the IT Policy and Compliance Lead responsible for campus and ITS policy development. Alan has worked for U-M campus IT organizations since 2007, first as director of communications for Information Technology Central Services and then with ITS Communications. He worked for U-M University Housing for more than 25 years prior to the IT positions, serving as the director of public affairs and information for more than 15 years. Alan received his B.A. from Middlebury College and did additional graduate work in political science and international relations at U-M.

Mike Lowry (CISM, CRISC) is the information systems security manager. He also serves as the service owner and manager for information assurance services. Mike earned received a bachelor's degree in electrical engineering from the United States Air Force Academy and a master's degree in computer resource and information management from Webster University. Mike held a variety of leadership positions in the Air Force. He joined the University of Michigan and IIA in 2014 after working for the University of Toledo where he was the information security manager and information security officer.

Neamen B Negash (CISSP, Certified Ethical Hacker) is a data security analyst with a role of information security lead. Neamen has several years of faculty experience teaching and developing information technology and security courses at a community college. He is pursuing a graduate degree with a focus on information security.

Paul Nelson (CISSP) is a data security analyst within IIA. Paul earned a B.S. in interdisciplinary studies from The University of Toledo and an M.S. in technology studies and information assurance from Eastern Michigan University. Prior to this role, Paul spent 11 years in IT at the University of Toledo, working in roles as a senior information security analyst and Windows server administrator.

Jim Neuvirth is the enterprise continuity lead for the university. Jim has a B.S. degree in computer systems, an A.S. degree in electrical engineering, and is certified in ITIL Foundations Management. Jim served as security administrator for a global retail manufacturer and as IT project manager, disaster recovery coordinator, and IT auditor for a Michigan-based bank. Jim's healthcare background includes roles as technical and network services manager for Cerner Corp. and CSC Healthcare.

Will Rhee is a university security analyst with the university's User Advocate team, which handles IT abuse complaints. Will earned bachelor's degrees in anthropology and political science from the University of Michigan in 1988 and has been a staff member since 1995. Prior to working with the User Advocate team, Will was a computer systems consultant and data jockey for the Information Technology Division.

Thomas Suter (CISSP) is a data security analyst. Before joining IIA, Thomas worked for the Health Management Research Center (HMRC) as a system administrator, and with the Office of University Development (OUD) as a senior network administrator. Thomas has an MBA and is working toward a master's in technology studies with a major in information assurance..

Jeff Tomaszewski (CISSP) is the risk management lead for IIA. Jeff has earned an A.A. degree from Delta College, a B.S. degree in computer information systems from Saginaw Valley State University, and a M.L.S. degree in information security from Eastern Michigan University. Jeff has held a number of GIAC certifications. Prior to his current role, Jeff worked in IIA Managed Security Services. Jeff has also worked for the Dow Chemical Company Michigan Division, the Consortium for Earth Science Information Network at the U-M ITCS Network Operations Center, and later at Merit Network, Inc., where he served as a system research programmer.

Kim Wheeler is the IIA office senior administrative assistant. She has a bachelor's degree from Eastern Michigan University. Kim joined U-M in 1994 and has worked in Michigan Administrative Information Services User Services, where she was a computer system consultant at the help desk, and in User Services administration.

Last modified September 10, 2015