This blog, originally published by AGB, summarizes a recent webinar on how higher education institutions can conduct project risk reviews and highlight oversight guidance for the board and audit committee.

Board oversight of transformational projects: using project risk reviews to gain assurance and support success

Mike Cullen, a director in Baker Tilly’s risk advisory practice, helps clients tackle cybersecurity, data and information technology risks. He works with clients in multiple industries, with a dedicated focus and extensive experience with higher education, research institutions, not-for-profit organizations and government contractors. 

Since 2001, he has been executing various cybersecurity, privacy and IT assessments, myriad IT internal audits, risk reviews for large transformation projects and numerous IT compliance projects. 

Currently, Mike leads multifaceted practice teams with industry specialization, all with the goal of helping clients protect data and systems and enhance cybersecurity and IT risk management practices. 

Mike Cullen, a director in Baker Tilly’s risk advisory practice, helps clients tackle cybersecurity, data and information technology risks.

Bachelor of Science in business information technology

Virginia Polytechnic Institute and State University 

https://go.bakertilly.com/directory2019?Directory=Mike%20Cullen

Interfaces with various client personnel from analysts to chief officers (e.g., information, business, financial, executive), as well as boards and trustees to advise and report on cybersecurity and IT areas in the appropriate context and without technical jargon

Delivers reports tailoring those cybersecurity and IT concepts into actionable observations and practical recommendations

Develops IT strategies, including related guidance, practices and roadmaps, for organizations focused on aligning IT operations with IT strategies that support an organization’s overall mission, strategic plans and goals

Empowers clients to address the opportunities and challenges posed by various cybersecurity and IT frameworks, laws, regulations and standards such as: FERPA, HIPAA, HITECH Act, PCI DSS, GLBA, NIST CSF, NIST SP 800, CMMC, ISO 27000, CIS Critical Controls, FAR/DFARS, GDPR

Advises on various large transformational projects, including myriad system implementations, by providing project management, risk management, resource management, issues management and strategy guidance before, during and after implementation/go live

Provides IT contract and vendor process consulting, in the areas of enhancements to risk assessment, project deliverable, compliance and best practices, to reduce client risk when working with vendors

Information Systems Audit and Control Association (ISACA)

International Association of Privacy Professionals (IAPP)

International Information Systems Security Certification Consortium (ISC2)

Fairfax Library Foundation, Treasurer and Board Member

Cybersecurity Maturity Model Certification (CMMC)

Join Baker Tilly as our higher education risk, cybersecurity and research institutions specialists present two sessions at the National Council of University Research Administrators (NCURA) 63rd annual meeting. This hybrid event offers attendees the opportunity to gain new knowledge, expand their professional network and strengthen their connection to the research community.  Baker Tilly is a proud annual sponsor of NCURA. Connect with our research institutions specialists both in-person and online throughout the annual conference! Baker Tilly sessions: What’s the buzz? Hot topics in sponsored research Tuesday, Aug. 31, 2021
2 – 3:15 p.m. ET
Virtual session Baker Tilly’s sponsored research team will facilitate a discussion on the issues that members of the university research community are talking about today: Cybersecurity Maturity Model Certification (CMMC), the use of data analytics and metrics and fraud risk controls and assessments. We will share how leading institutions are addressing these topics as well as the trends and opportunities we’re seeing with our clients. Presented by: Ashley Deihr, CPA, CIA, CFE, Partner, Higher Education, Research Institutions and Academic Medical Centers Kimberly Ginn, CIA, Principal and Leader, Higher Education Advisory Mike Cullen, CISA, CISSP, CIPP/US, Director and Leader, Higher Education Cybersecurity and Information Technology CMMC should scare you: latest developments and how to prepare Wednesday, Sept. 1, 2021
3:45 – 5 p.m. ET
Hybrid session The U.S. Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program will impact many higher education institutions – all in different ways. Research administration professionals will be called upon to help address CMMC as it poses a challenge not only for DoD contracts, but will soon encompass DoD grants and may eventually be adopted by other federal agencies. Is your institution prepared?  In this session, participants will understand the latest CMMC developments and implications for higher education, as well as gain insight into specific questions and take away a list of challenging CMMC requirements and potential solutions.  Presented by: Mike Cullen, CISA, CISSP, CIPP/US, Director and Leader, Higher Education Cybersecurity and Information Technology Michael Corn, Chief Information Security Officer, University of California, San Diego [virtual session presenter] Mark Cather, Chief Information Security Officer/Chief Privacy Officer, University of Maryland, Baltimore County [live session presenter]

Higher Education

Ashley  Deihr

Kimberly  Ginn

Mike  Cullen

Risk Advisory

Data Analytics Solution for Higher Education (DASH)

Cybersecurity

Grants Administration & Research Compliance

NCURA 63rd Annual Meeting: Reconnect

This webinar is a part of the EDUCAUSE Industry & Campus Solutions series. In this interactive discussion, two chief information officers will share their experiences with launching digital transformation at their institutions. Expect to hear the good, the bad and the ugly as well as how digital transformation should align with other technology initiatives being undertaken by the institution. Specific topics to be addressed include creating a shared vision, assessing functionality and analyzing potential gaps, managing organizational change and the evolving roles of IT, finance and human resources once digital transformation has begun. Learning objectives Learn how to create a shared vision and build momentum Discuss considerations for beginning a digital transformation Review how to manage change when undergoing a digital transformation Discuss how roles for IT, finance, and HR change during a digital transformation Learn how to assess functionality, analyze potential gaps, and understand configuration guardrails during a digital transformation Speakers Jon Allen, Associate Vice President, CIO and CISO, Baylor University Max Davis-Johnson, Associate Vice President, CIO, Boise State University Mike Cullen, CISA, CISSP, CIPP/US, Director – Cybersecurity and IT, Baker Tilly Jeff Haynes, Director – Human Capital Consulting, Baker Tilly Can’t join live? Register and you’ll receive the recording after the event.

Mike Cullen

Location

Education

Expertise

Mike's latest insights

Board oversight of transformational projects: using project risk reviews to gain assurance and support success

Mike's upcoming events

Conference

NCURA 63rd Annual Meeting: Reconnect

Webinar

Digital transformation in a time of uncertainty