It is with mixed emotions that we write to announce that Michael Tran Duff will be joining Harvard University as their Chief Information Security and Data Privacy Officer.
Michael has devoted his career to serving education and research institutions. In his ten years with Stanford, he led efforts to protect our information assets and meet our regulatory compliance obligations. These efforts would not have been successful without the strong partnerships he forged throughout the university, SLAC, and hospitals.
As Chief Information Security Officer (CISO), Michael orchestrated Stanford's information security program, maintaining a balance between security, usability, and personal privacy, while establishing Stanford as a leader in cybersecurity. While Chief Privacy Officer, he also made a significant impact on Stanford's privacy program by championing personal privacy, promulgating privacy by design, and building trust in Stanford as a data steward.
Best known for modeling a growth mindset and for cultivating a thriving team culture, Michael is adamant that his team members and our many campus partners deserve the credit for the program’s great strides forward over the past decade. Amongst a diverse array of achievements, MinSec, MinPriv, MyDevices, Two-step, Cyberfest, Centralized Logging, SISA, Bug Bounty, and Cardinal Key will stand as monuments to Michael’s legacy at Stanford.
In his own words, Michael’s role is both demanding and deeply rewarding, and in service of a noble mission. For those interested in learning more, Michael shared some of his thoughts on leadership and Stanford’s cyber/privacy program in a 2020 blog titled “A CISO Tuesday at Stanford.”
Amy Steagall will serve as Acting CISO effective May 1. Amy is currently Stanford’s Deputy CISO. More details regarding the selection process for Stanford’s permanent CISO will follow in the weeks ahead.
We are grateful for Michael’s tireless dedication and service for the past ten years, and look forward to strengthening the bond between our institutions as he embarks upon his new role at Harvard. His last day at Stanford will be April 30, and he will be onsite April 20-28 if you would like to wish him farewell in person.
Please join us in thanking Michael for his tremendous leadership, innovation, and partnership in advancing information security and privacy at Stanford.
Steve Gallagher, Chief Information Officer
Raina Rose Tagle, Senior Associate Vice President and Chief Risk Officer
