Chief Information Security Officer
Donald Welch, Ph.D. is the University of Michigan Chief Information Security Officer (CISO). As CISO, Don is responsible for the university's information assurance (IT security, privacy, IT policy, compliance, and enterprise continuity) program, including Ann Arbor, Flint, Dearborn, and the Health System. His charge also includes direct responsibility for ITS Information and Infrastructure Assurance.
Information Assurance Staff
Expand All Content
Information Assurance Leadership
Sol Bermann (CIPP) is the university privacy officer and IT policy and compliance strategist. He provides thought leadership in shaping institutional policy and practices and participates in the national discourse on privacy, IT security, and policy issues of strategic concern to higher education. Sol works in close coordination with university IT governance committees and works broadly across the university, collaborates with colleagues at other institutions, participates in leadership positions on national associations such as EDUCAUSE, and sits on various advisory and policy committees. He is a frequent author and presenter on privacy, IT security, incident response, and IT policy, and he is co-author of Information Privacy: Official Reference for the Certified Information Privacy Professional (CIPP).
Prior to joining U-M, Sol was the director of international privacy for Walmart. Before that, he was chief privacy officer for the state of Ohio. He served as associate director of the Center for Interdisciplinary Law and Policy Studies at the Ohio State University Moritz College of Law and taught as adjunct faculty in OSU's international studies program. Sol holds a B.A from Beloit College, an M.A. from the University of Virginia, and a J.D. from the Ohio State University Moritz College of Law.
Mike Lowry (CISM, CRISC) is the information systems security manager. He also serves as the service owner and manager for information assurance services. Mike earned received a bachelor's degree in electrical engineering from the United States Air Force Academy and a master's degree in computer resource and information management from Webster University. Mike held a variety of leadership positions in the Air Force. He joined the University of Michigan and IIA in 2014 after working for the University of Toledo where he was the information security manager and information security officer.
Dennis Neil (CISSP), is the IT security architect. He supports IIA's security architecture efforts across the Ann Arbor, Flint, and Dearborn campuses, as well as the U-M Health System. Before taking on this role, Dennis was the product manager and supervisor of network security operations and oversaw implementation of the university's network Intrusion Prevention System. He was a founding member of the security team supporting administrative services and was instrumental in the initial rollout of the Virtual Firewall service on campus. Dennis started working in IT while serving in the U.S. Navy.
Incident Response/User Advocate
Kevin Cheek (CISSP) is the university's IT security incident response coordinator. He joined IIA in 2008 as a university security analyst working in IIA's Managed Security Services. Kevin has been working for the University of Michigan since 1994. He spent 10 years with the Division of Molecular Medicine and Genetics, performing computer support and systems administration, and five years at the School of Public Health as a systems administrator and security administrator.
Will Rhee is a university security analyst with the university's User Advocate team, which handles IT abuse complaints. Will earned bachelor's degrees in anthropology and political science from the University of Michigan in 1988 and has been a staff member since 1995. Prior to working with the User Advocate team, Will was a computer systems consultant and data jockey for the Information Technology Division.
Information Assurance Operations Leads
Rick Getchell is information security supervisor for IIA's Unit Security Services, and information security consultant for U-M's Institutional Review Boards. Rick helped establish and implement U-M's first information security program and has led the development of IIA’s two primary customer-focused offerings (Unit Security Services and Managed Security Services). Rick has also led IIA's network attack recognition and vulnerability management programs.
Prior to joining IIA, Rick was director of Infrastructure Services / Desktop Support, and Security, Network, and Unix Systems at the U-M School of Dentistry. Rick received his B.A. degree from Cornerstone University.
Alan Levy is the IT policy and compliance lead responsible for campus and ITS policy development. Alan has worked for U-M campus IT organizations since 2007, first as director of communications for Information Technology Central Services and then with ITS Communications. He worked for U-M University Housing for more than 25 years prior to the IT positions, serving as the director of public affairs and information for more than 15 years. Alan received his B.A. from Middlebury College and did additional graduate work in political science and international relations at U-M.
Jim Neuvirth is the enterprise continuity lead for the university. Jim has a B.S. degree in computer systems, an A.S. degree in electrical engineering, and is certified in ITIL Foundations Management. Jim served as security administrator for a global retail manufacturer and as IT project manager, disaster recovery coordinator, and IT auditor for a Michigan-based bank. Jim's healthcare background includes roles as technical and network services manager for Cerner Corp. and CSC Healthcare.
Jeff Tomaszewski (CISSP) is the risk management lead for IIA. Jeff has earned an A.A. degree from Delta College, a B.S. degree in computer information systems from Saginaw Valley State University, and a M.L.S. degree in information security from Eastern Michigan University. Jeff has held a number of GIAC certifications. Prior to his current role, Jeff worked in IIA Managed Security Services. Jeff has also worked for the Dow Chemical Company Michigan Division, the Consortium for Earth Science Information Network at the U-M ITCS Network Operations Center, and later at Merit Network, Inc., where he served as a system research programmer.
Ross Geerlings (CISSP, OCSP, Certified Ethical Hacker) is a senior data security analyst working as product manager for the areas of penetration testing, data loss prevention, and vulnerability scanning. Prior to joining U-M in 2007, Ross worked as a systems administrator and network administrator. He received his B.S. in computer science from Michigan State University in 2001.
Doug Cox (GSEC, CPTE, PCI-ISA) is a data security analyst specializing in Linux and network security working in IIA's Managed Security Services. Doug earned bachelor's and MBA degrees from the University of Michigan. He has been working for the university since 1992 in various IT positions in Internal Medicine, Physics, and Chemistry.
Chris Brenner is a data security analyst. He began working for the university in 1994 in what was then called ITD Contract Services. He spent 16 years at the College of Literature, Science, and the Arts (LSA) Information Technology in system administrator positions, ultimately managing IT Security and Software Licensing teams for LSA. Chris also functioned as the college's security coordinator and security unit liaison. He is a U-M alumnus and holds a bachelor's degree from LSA. His primary responsibilities include working on the IIA (Computer Systems) Hardening project and providing Managed Security Services to the College of Engineering.
Data Security Analysts
Brandon Bailey is a data security analyst. Before joining IIA, Brandon worked as a database programmer in the Cardiovascular Center of the Medical School, supporting quality improvements for cardiac surgery. Prior to that, he worked with Mid-Michigan Health for three years. Brandon is working toward his masters degree in information assurance at Eastern Michigan University. His hobbies include traveling, going outdoors, and sailing
Crystal Borgman (CSAM) is a data security analyst. She has been employed by the University of Michigan for nine years. Her most recent position was that of IT asset management administrator with ITS Information Technology Asset Management (ITAM). Before that, she worked as a senior desktop support specialist and information security coordinator at the Ford School of Public Policy. She earned her bachelor's degree in business information systems from Portland State University.
Beth Bridson is a data security analyst within IIA. She joined IIA in 2013, but has worked for the university since 1981. She began working as a secretary for several units within UMHS, then began work as an applications programmer and analyst for University Health Services (UHS). While working as a computer operator for UHS, Beth earned an associates degree in business management from Washtenaw Community College. Beth is certified in GSEC and GCIH. She is trained in hacker techniques, exploits, and incident handling.
Hugh Briggs (CISSP, GPEN, Certified Ethical Hacker) is a data security analyst. He has 10 years of IT experience in the U.S. Navy and filled multiple roles, including field service engineer, IT specialist, and team leader for network operations throughout his career. He loves to travel and has visited Germany, Cameroon, Japan, Australia, and other countries.
Kelly Burns (CISSP) is a data security analyst. Kelly has been working for the University of Michigan since 2000. Before joining IIA, she worked for University Housing as a senior system administrator and was Housing's security coordinator. Kelly graduated from Indiana University, majoring in Spanish and telecommunications. She also has a master's degree in computer science from the University of Michigan.
Louis Daher is a data security analyst. Before joining IIA, Louis worked as a quality assurance coordinator for the Institute for Social Research. His responsibilities included implementing federal security standards and ensuring that they were met. Louis is working toward a master's degree in information assurance at Eastern Michigan University. He is a member of the Information Systems Security Association (ISSA), InfraGard, and the Computer Security Institute.
Drew Dixon (GPEN, GSEC, GCIH, GCFW) is a data security analyst. Drew joined the University of Michigan in 2013. He is currently focused on providing IIA Managed Security Services for various U-M campus units. Prior to joining IIA, Drew worked for Consumers Energy on the Cyber Security operations team, with responsibilities deploying, monitoring, and managing a broad range of information security technologies and network security appliances. Drew received his B.S. from Central Michigan University, majoring in information technology with a minor in management information systems. Drew holds several Global Information Assurance Certifications (GIAC).
Aaron Hudeck is a data security analyst. Before joining IIA, he did desktop support in MiWorkspace Neighborhood IT. Before joining U-M, Aaron worked as an IT field services technician with CompuVision Systems USA, Inc. providing network infrastructure and systems support for The Dow Chemical Company. He completed internships with NASA's Incident Response Center and Thermal Engineering Branch, providing technical support. Aaron has earned a master's degree in computer information systems with a concentration in security from Boston University and a bachelor's degree in computer systems science from Michigan Technological University. He holds CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications.
Ryan Konrad (CISSP) is a data security analyst. Ryan received his Associate in I.T. Systems Administration from Stautzenberger College. He has nine years of IT experience and spent seven years in information security in a healthcare organization, most recently as a manager of information systems security.
Neamen B. Negash (CISSP, Certified Ethical Hacker) is a data security analyst with a role of information security lead. Neamen has several years of faculty experience teaching and developing information technology and security courses at a community college. He is pursuing a graduate degree with a focus on information security.
Paul Nelson (CISSP) is a data security analyst within IIA. Paul earned a B.S. in interdisciplinary studies from The University of Toledo and an M.S. in technology studies and information assurance from Eastern Michigan University. Prior to this role, Paul spent 11 years in IT at the University of Toledo, working in roles as a senior information security analyst and Windows server administrator.
Thomas Suter (CISSP) is a data security analyst. Before joining IIA, Thomas worked for the Health Management Research Center (HMRC) as a system administrator, and with the Office of University Development (OUD) as a senior network administrator. Thomas has an MBA from Indiana University of Pennsylvania and an M.S. degree in technology studies with a focus on information assurance from Eastern Michigan University.
Sasha Womble is a data security analyst. Before joining IIA, she did desktop support in MiWorkspace Neighborhood IT. Before joining U-M, Sasha held help desk technician positions at the Washtenaw County Government Office of Infrastructure Management and has held technical support positions at Washtenaw Community College's Public Computer Lab. Sasha has earned master's and bachelor's degrees in information technology from American InterContinental University.
Greg Stathes (PMP) is a project manager. Before joining IIA he worked as a consultant with The Ambit Group for seven years as a principal business analyst for clients including the US Patent and Trademark Office, U.S. Department of Agriculture, and the Federal Communications Commission. Greg earned a master's degree in library and information science from The Catholic University of America. He also has a bachelor's degree in history from Hamilton College.
Kim Wheeler is the IIA office senior administrative assistant. She has a bachelor's degree from Eastern Michigan University. Kim joined U-M in 1994 and has worked in Michigan Administrative Information Services User Services, where she was a computer system consultant at the help desk, and in User Services administration.