Resume
Professional experience, certifications, and education
JON BARCLAY
Deputy Chief Information Security Officer
Professional Summary
Strategic cybersecurity executive with 16+ years of progressive experience protecting critical infrastructure in higher education. Proven leader in developing and implementing enterprise security programs serving 50,000+ students and staff. Expert in building cross-institutional security partnerships, leading penetration testing programs across multi-campus systems, and driving security transformation through zero-trust architecture, identity management, and advanced threat detection. Recognized with the 2024 Presidential Award of Excellence for outstanding contributions to institutional security.
Areas of Expertise
Professional Experience
Utah Valley University
Utah's largest public university serving 47,000 students and 5,500 employees
Deputy Chief Information Security Officer
July 2024 – Present
Serve as principal deputy to the CISO, providing strategic direction and operational oversight for the university's comprehensive cybersecurity program. Lead security initiatives protecting critical infrastructure, student data, and institutional assets.
- ▸Lead the Utah System of Higher Education (USHE) Security Assessment Team, directing penetration testing programs across 16 institutions statewide, completing full assessment cycles for all 8 degree-granting universities with 8 technical colleges in progress
- ▸Coordinate the USHE Information Security Officer group and represent the security community at CIO and IT Directors meetings, driving cross-institutional collaboration and best practice sharing
- ▸Spearhead security transformation initiatives including internal penetration testing, cloud security (Azure/M365), AI security and automation, and SOC optimization
- ▸Drive strategic planning for enterprise security architecture, risk assessment frameworks, and regulatory compliance programs
Senior Cybersecurity Analyst
2019 – 2024
- ▸Architected and deployed zero-trust network infrastructure, fundamentally transforming the university's security posture
- ▸Implemented enterprise-wide MFA achieving 100% coverage for all students and employees, with passwordless authentication available university-wide
- ▸Led deployment of advanced EDR solution protecting 7,500+ endpoints across campus systems
- ▸Designed and implemented unified IAM platform with single sign-on, streamlining access management and enhancing security controls
- ▸Implemented advanced security controls for Active Directory and Azure environments
- ▸Orchestrated enterprise incident response operations, coordinating cross-functional teams to protect institutional assets
Senior PCI Security Analyst
2013 – 2019
- ▸Established PCI-DSS compliance program managing 9 payment systems across campus, achieving and maintaining certification
- ▸Implemented and managed SIEM infrastructure for continuous monitoring and threat detection across PCI-scoped systems
- ▸Deployed enterprise firewall infrastructure (Palo Alto, Cisco) and VPN solutions
- ▸Conducted penetration testing on campus and PCI systems; served on the USHE Security Audit Team
- ▸Managed network IDS, application whitelisting, and host-based intrusion detection systems
Banner Security Officer
2010 – 2013
- ▸Designed and implemented fine-grained access control (FGAC) for enterprise ERP system protecting sensitive institutional data
- ▸Developed a comprehensive security awareness program for the university community
- ▸Established user access governance and auditing frameworks for campus systems
- ▸Managed network security infrastructure, including intrusion prevention systems, firewalls, and web security appliances
IT Manager
2004 – 2008
- ▸Managed IT infrastructure, including databases, file servers, and desktop environments supporting 100+ users
- ▸Supervised technical team responsible for 5 computer labs and campus computing resources
Adams & Smith
IT Manager
2008 – 2010
- ▸Directed IT operations, including network infrastructure, Cisco VoIP systems, and enterprise security
- ▸Managed ERP system security through role-based access control and privilege auditing