Cheryl Granto: Shedding light on information security and what it means to be a Florida Gator

Information security manager is only one of Cheryl Granto’s beloved roles. When she’s not collaborating with her team or meeting with university customers, you can find her leading her Cub Scout pack or supporting the development of the local organization Women in Security and Privacy.

As a second-generation University of Florida alumna, Granto knows that part of what it means to be a Florida Gator is empowering her team, inspiring her peers and living a life of service. UF at Work recently sat down with Granto to learn more about her and her work.

How long have you lived in Gainesville? When did you join UF and in what role?

This is actually the second time I’ve lived in Gainesville. The first time I lived here, I attended the University of Florida and worked for UF after graduation. I lived in Gainesville for 11 years before moving to Atlanta and later to South Florida. In South Florida, I served as the chief information security officer at Florida International University in Miami for 10 years, and then in 2012, I moved back to Gainesville.

How did you first become interested in information security?

I began my career as a network engineer, which is a technology professional who has the skills and training to design, implement and oversee computer networks. There wasn’t much of a focus on information security technologies back then. When IT was becoming connected via the Internet, IT security was not a distinct profession. Many turned to network engineers to provide first-line defense. At some point, my focus began to shift and I became more interested in information security than network engineering. Later, I was hired as the director of security for MindSpring, an internet service provider in Atlanta that was focused on security development, and the rest is history.

My brain always goes to the worst-case scenario; I have been this way since I was a kid. With IT security, half the battle is thinking about what the “bad guys” might do next to harm your data and my brain seems uniquely attuned to — and interested in — anticipating and working through these issues.

Can you tell us about your current work as an information security manager?

My role is to oversee the UF Information Technology (IT) Risk Management Program. I manage the application that we use to conduct IT risk management and oversee six analysts on campus. Our team performs risk assessments to ensure that technology is implemented in a way that secures UF’s vast amounts of data.

What is a typical day like for you?

A typical day involves collaborating with my team on assessments they have been tasked with and meeting with university customers. These customers can be faculty or staff, and we discuss technology they are seeking to implement or the data they are requesting to be stored in the enterprise base. I spend a lot of my time helping customers utilize the enterprise systems at the university to avoid a risk assessment. If people can make a clear and convincing case that they need access to certain information, then we fully assess their environment and ensure that it is as secure as the UFIT system.

Can you talk about the tools or techniques that you use to build energized and effective teams?

Our philosophy around here is “have fun.” If you’re not having a good time, then something is wrong and we need to work it out. Our work is sometimes viewed as a roadblock preventing people from doing what they want, so you have to have a special personality to not let the frustration get to you. Most security professionals understand this outlook, and we strive to maintain a very positive attitude.

I try to be a good example for my team and help them always see the good they are doing for the university. I love knowing my employees on a deeper level by understanding their lives and interests, and I try to provide opportunities for them to grow their careers. One of my philosophies is, “Well, of course I follow them. Am I not their leader?” I allow my team to take the lead on where our technologies and framework need to go. This often sparks great interest, so when my team members come up with ideas, I do the best I can to examine if it’s something we can incorporate into our work. It usually is.

Empowerment of others is one of the most important aspects of being a leader. I like to empower my team, and I am a firm believer in delegation. I am not a work hoarder, so to speak; you can’t be in this business — there is just too much information. I trust my team and the work they’re doing.

How do you make security topics accessible to the UF community?

That’s really hard to do. We try, but we have found that a lot of the time we fail. As a result, we have partnered with the training group at UFIT. We have developed a great relationship with them. We provide the technical details, and they determine the most effective way to present the information to our target audiences. We also hired a student intern who helped us communicate IT security messages to students through sidewalk chalk and fliers. With help from the training group, we have tailored our communication efforts to meet the needs of each audience. Our team also attends a variety of department meetings across UF to train faculty and staff on how to handle issues, such as phishing and viruses. We also plan to conduct outreach initiatives with local schools in the near future.

What is the most rewarding part of your job?

The most rewarding part of my job are the people that I work with. They are the light. I love them. They are great, interesting and engaged people who can cheer me up after a negative day or experience. They are the highlight of what I do.

What do you want the campus community to know about the IT Risk Management Program?

We are here to help and to try to keep you out of trouble. We want to help people classify their data appropriately, which can be a problem when people don’t know or understand what restricted data is. In a state university system, a lot of restricted data seems like it would be open. We try to help people classify their data so that we can properly protect it. We want to secure faculty and staff members’ projects so that all of the information they have worked so hard to gather and create is not lost. IT security is a shared responsibility, and we are here to help.

What makes you proud to be a Gator?

Being a Florida Gator is my crowning achievement in life. My dad was a Gator, so I’m second generation. I think it’s the most awesome place that you could ever go to school. It makes you strong and ready to take on the world. That’s what UF did for me. It made me a stronger person.

I once had a new boss come in at my former employer. When he arrived, he wanted to meet with all of the leaders and he asked me to send him my resume. When we met, he said, “I see that you graduated from the University of Florida.” I said, “Yep, I sure did.” He looked at me and said, “That’s very good. It speaks volumes of you.”

That’s what you want to hear. Being a Florida Gator gives you an edge. We are the flagship university of the state of Florida. I love UF — absolutely love it.

What do you enjoy doing outside of work?

I spend a lot of time serving my church, mostly volunteering with children. I enjoy investing in children and helping them make good choices. It’s funny; I have no kids myself. I always say that God has a great sense of humor because people always ask me to volunteer with the kids at church. As a result of working with these children, I was asked to get involved with the Cub Scout pack, for which I am now a committee chairperson. I’m just a big kid at heart. I love to play. I think the church saw that I have enough energy to match the energy of the kids. I was asked to do it, so I did. I always try to plan fun, entertaining things for them.

I am also getting involved with a group called Women in Security and Privacy. The group is just starting to form in the Gainesville area and seeks to be a place where women can share knowledge, serve as mentors in the field and encourage other women to choose educational paths that will lead them into security and privacy careers.

Do you use any similar techniques that you have learned as an information security manager with your Cub Scouts?

Absolutely; I do 100 percent. I get to know them and their families, and their families get to know me. I use the leadership skills of caring about people and being interested in what they’re doing and what is important to them.

To learn more about UFIT, visit security.ufl.edu.

Written by Sarah Bartholemy, UFHR Communications and WorkLife. In the photo above, Granto is pictured with UFIT’s David Huelsman (left) and Iain Moffat (right).