Skip to main content

Resume

Professional experience, certifications, and education

JON BARCLAY

Deputy Chief Information Security Officer

Professional Summary

Strategic cybersecurity executive with 16+ years of progressive experience protecting critical infrastructure in higher education. Proven leader in developing and implementing enterprise security programs serving 50,000+ students and staff. Expert in building cross-institutional security partnerships, leading penetration testing programs across multi-campus systems, and driving security transformation through zero-trust architecture, identity management, and advanced threat detection. Recognized with the 2024 Presidential Award of Excellence for outstanding contributions to institutional security.

Areas of Expertise

Security Strategy & Leadership
Zero-Trust Architecture
Penetration Testing
Cloud Security (Azure/M365)
Identity & Access Management
Incident Response
Security Operations (SOC)
AI Security & Automation
PCI-DSS Compliance
Vulnerability Management
SIEM & EDR Implementation
Cross-Institutional Collaboration

Professional Experience

Utah Valley University

Utah's largest public university serving 47,000 students and 5,500 employees

Deputy Chief Information Security Officer

July 2024 – Present

Serve as principal deputy to the CISO, providing strategic direction and operational oversight for the university's comprehensive cybersecurity program. Lead security initiatives protecting critical infrastructure, student data, and institutional assets.

  • Lead the Utah System of Higher Education (USHE) Security Assessment Team, directing penetration testing programs across 16 institutions statewide, completing full assessment cycles for all 8 degree-granting universities with 8 technical colleges in progress
  • Coordinate the USHE Information Security Officer group and represent the security community at CIO and IT Directors meetings, driving cross-institutional collaboration and best practice sharing
  • Spearhead security transformation initiatives including internal penetration testing, cloud security (Azure/M365), AI security and automation, and SOC optimization
  • Drive strategic planning for enterprise security architecture, risk assessment frameworks, and regulatory compliance programs

Senior Cybersecurity Analyst

2019 – 2024

  • Architected and deployed zero-trust network infrastructure, fundamentally transforming the university's security posture
  • Implemented enterprise-wide MFA achieving 100% coverage for all students and employees, with passwordless authentication available university-wide
  • Led deployment of advanced EDR solution protecting 7,500+ endpoints across campus systems
  • Designed and implemented unified IAM platform with single sign-on, streamlining access management and enhancing security controls
  • Implemented advanced security controls for Active Directory and Azure environments
  • Orchestrated enterprise incident response operations, coordinating cross-functional teams to protect institutional assets

Senior PCI Security Analyst

2013 – 2019

  • Established PCI-DSS compliance program managing 9 payment systems across campus, achieving and maintaining certification
  • Implemented and managed SIEM infrastructure for continuous monitoring and threat detection across PCI-scoped systems
  • Deployed enterprise firewall infrastructure (Palo Alto, Cisco) and VPN solutions
  • Conducted penetration testing on campus and PCI systems; served on the USHE Security Audit Team
  • Managed network IDS, application whitelisting, and host-based intrusion detection systems

Banner Security Officer

2010 – 2013

  • Designed and implemented fine-grained access control (FGAC) for enterprise ERP system protecting sensitive institutional data
  • Developed a comprehensive security awareness program for the university community
  • Established user access governance and auditing frameworks for campus systems
  • Managed network security infrastructure, including intrusion prevention systems, firewalls, and web security appliances

IT Manager

2004 – 2008

  • Managed IT infrastructure, including databases, file servers, and desktop environments supporting 100+ users
  • Supervised technical team responsible for 5 computer labs and campus computing resources

Adams & Smith

IT Manager

2008 – 2010

  • Directed IT operations, including network infrastructure, Cisco VoIP systems, and enterprise security
  • Managed ERP system security through role-based access control and privilege auditing

Certifications

CISSP– Certified Information Systems Security Professional
GPEN– GIAC Penetration Tester
GWAPT– GIAC Web Application Penetration Tester
GDSA– GIAC Defensible Security Architecture
GDAT– GIAC Defending Advanced Threats
GCDA– GIAC Certified Detection Analyst
GCWN– GIAC Certified Windows Security Administrator
GSNA– GIAC Systems and Network Auditor

Education

Master of Business Administration|Utah State University
Bachelor of Science, Information Technology|Utah Valley University

Awards & Recognition

Presidential Award of Excellence|Utah Valley University|2024