About CampusCISO

Cybersecurity Solutions Research for Higher Education

Accelerate your strategy planning process with assessment tools and research designed to help college and university leaders identify cybersecurity solutions used in higher education environments

Making cybersecurity data accessible to the higher education community

Photo of woman reviewing online charts and data

After over 20 years of leading technology and information security programs in higher education, I know how difficult it can be to find useful data about security solutions in a university setting.

CampusCISO membership helps simplify the process of assessing and enhancing your cybersecurity strategy. Members can access a directory of vendor solutions being used across higher education. The site also provides benchmarking data to help compare your program to similar institutions.

Rather than locking this information away, any registered user can browse the data. You can use this information to learn more about the cybersecurity capabilities your institution needs, identify potential capability gaps, and identify solutions that can help achieve your goals.

Future updates will allow members to share anonymous benchmark information and vendor reviews from within the tool.

Chris Schreiber, CampusCISO founder and former university CISO


Capabilities” form the core of the CYBER HEAT MAP assessment model. The tool groups over 100 cybersecurity technical capabilities into 14 “categories” spread across 3 high-level “functions.”

Capabilities roughly align with the vendor product categories used by trusted review sites, such as Gartner, G2, and others, to describe cybersecurity vendors and products. Rather than treating capabilities as independent topics, CYBER HEAT MAP provides structure to help visualize how these cybersecurity solutions fit together to create a holistic cyber resilience strategy.

The CYBER HEAT MAP model groups technical capabilities around three high-level functions that a university cybersecurity program should provide when implementing cyber resilience:

  • Protect Infrastructure
  • Enable Visibility
  • Sustain Operations

Within these three functions, there are 14 categories, and each category contains several related technical capabilities.

Diagram showing the CYBER HEAT MAP hierarchy with functions, categories, and capabilities all nested

For example, the Protect Infrastructure function includes 7 categories.

One of these categories is “Applications”, which focuses on solutions to reduce cybersecurity risks for applications developed by the institution.

The Applications category includes 5 “Capabilities” ranging from API security to SSL & TLS certificates.


Many assessment models and audit methodologies focus on measuring your cybersecurity program using compliance controls. While this can be useful, it can be difficult for a CIO or CISO to turn these assessments into an actionable roadmap for future improvements and investments.

CYBER HEAT MAP turns the assessment process inside-out by focusing on how cybersecurity solutions fit together to prevent, detect, investigate, and recover from cyber attacks. The assessment process helps you identify if you have the people, process, and tools available to achieve each capability’s goals.

Comparison to other assessment and solution research tools

Information security compliance frameworks, such as NIST 800-171 or the Payment Card Industry Data Security Standard (PCI DSS), tell an institution what they need to do. Unfortunately, these frameworks lack insights into what solutions can help accomplish those goals.

Vendor review services, like Gartner and Forrester, help institutions understand the differences between vendors and what features to consider when evaluating them. These review services do not help an institution understand how vendor solutions fit together to create a holistic cybersecurity strategy.

Combining the assessment and vendor research processes

CYBER HEAT MAP bridges this gap by providing a simple security assessment tool and then helps you categorize cybersecurity solutions and then map them your institution’s current and desired cybersecurity maturity goals.


Higher education prides itself on collaboration, data sharing, and the free exchange of information. Despite this, many university cybersecurity leaders find there is a lack of simple and affordable tools to benchmark themselves against peers, research and understand their risk profile, and plan for future information security program enhancements.

CYBER HEAT MAP is building an extensive database of public and anonymized data to help universities manage their cybersecurity and IT risk.

This initial release of the tool includes demographic information for all 4,100+ degree-granting higher education institutions in the United States. This information can help CIOs and CISOs research their own institution’s risk profile and identify institutions that share similar risk characteristics.

Future versions of the tool will further enrich this data to help prioritize difference improvement options based on your institution’s unique risk profile. The planning tool will compare your institution’s current cybersecurity capabilities and recommend relative priority among competing improvement projects based on the data we collect from across the higher education landscape.

Join CampusCISO to help build a community that enables college and university leaders to collaborate, share (non-confidential) metrics, and access affordable planning tools.