September 15, 2022
With 36 years of experience working in Information Technology, Ed Zawacki is a veteran expert supporting innovation as UIC’s chief information security and privacy officer. Retiring in October, he reflects on his journey at UIC.
Zawacki’s work at UIC dates back to his early student years in the 1980s. He began working as a freshman student programming in the biomechanics lab in SELE in 1982. Less than a year later, he became a student consultant at the Computer Center, rising to senior consultant by the time he graduated in 1986 and then joined the networking group full time.
Throughout his career at UIC, Zawacki took on several roles, including network engineer and system administrator working on the IBM mainframe, connecting UIC to NSFNET (the precursor to the internet), working with IBM on beta DNS server code, and then morphing into the role of “the security person” as time went by.
When it comes to his fondest memories at UIC, Zawacki says it’s the people.
“I’ve had the pleasure over the years to consistently work with some of the best people you could hope for,” he said. “Although the students don’t really get a chance to see it, there are so many people trying their best to make the student experience the best possible.”
In the fall of 2003, two very invasive internet worms popped up: Blaster and Welchia. As Zawacki explains, at that time, UIC did not have any intrusion detection tools available, and compromised machines were affecting network performance.
“I did have access to something called network flow data though, which is basically a summary of a network conversation,” he said.
Zawacki later expanded the program to be fully configurable so that new worms could easily be detected and reported on based on their network traffic characteristics, essentially innovating a real intrusion detection system to fulfill the university’s need at the time.
Racing against time, he wrote a program to detect compromised machines on the UIC network.
“New machines kept popping up, but with a way to detect them, working with the network team, we were able to keep them under control and the network running,” he said.
What is a typical day like for a chief information security and privacy officer?
I’m not sure that there is a typical day. Aside from the assorted meetings with other university leaders, issues arise that need to be evaluated, opinions presented and decisions made… new security issues regularly arise that need to be addressed. And new technologies and enhanced capabilities of existing systems need to be evaluated and communicated. Assorted issues can arise from compliance and/or law enforcement. Finally, issues arise with the detection of security events that may be escalated from the security team.
What is one of your biggest accomplishments at UIC?
Building the information security office from the ground up. This includes working with others to implement policy and technical controls to help secure the university infrastructure. It also includes making available tools for the university IT community to assess and protect their own infrastructure, as well as the implementation of universitywide security awareness training.
What advice would you give students interested in pursuing a career in IT and cyber security?
Be very curious. Always try to make sure you understand how and why things function the way they do, learn how networking and operating systems work, read as much as you can, and then most importantly, find time to play with security tools and technologies.
What do you look forward to after UIC?
At this point, I’m not sure since I’ve been working here my whole adult life as well as my student years as a student at UIC. My immediate plans involve getting some projects done around the house and pursue a fledgling hobby in painting and sculpture. I care very much about this place though, so I’m also looking forward to the university finding someone to move the security infrastructure forward.