Deputy CISO at Utah Valley University

Jon Barclay

Cybersecurity Professional, Educator & Technologist

CISSPCISMProfessorBuilder

Try the interactive terminal and CTF

~ — bash

Type 'help' for available commands.

I’m the Deputy Chief Information Security Officer at Utah Valley University, where I lead cybersecurity strategy for Utah’s largest public university, protecting critical infrastructure, research data, and the digital lives of 47,000 students and 5,500 faculty and staff.

With over 20 years of progressive experience in information security, I’ve built my career at the intersection of higher education and enterprise security. My focus areas include Zero Trust architecture, Identity and Access Management (IAM), cloud security, and penetration testing. I believe in security that enables rather than obstructs, building systems that protect institutions while keeping education accessible and open.

At UVU, I’ve led transformative initiatives that have fundamentally changed how we approach security. I architected and deployed a Zero Trust network infrastructure across campus, implemented university-wide multi-factor authentication with 100% adoption, and introduced passwordless authentication options for all users. I also led the deployment of endpoint detection and response (EDR) solutions protecting over 7,500 devices and worked on a unified IAM platform that streamlined access management across the institution.

Beyond UVU, I coordinate security efforts across the entire Utah System of Higher Education (USHE). As leader of the USHE Security Assessment Team, I direct penetration testing assessments across all 16 public colleges and universities in the state.

In 2024, I was honored to receive the Presidential Award of Excellence from Utah Valley University.

I’m also passionate about developing the next generation of security professionals. As an adjunct professor, I teach courses in penetration testing, network defense, and security architecture, giving students hands-on experience with the same tools and techniques used by practitioners in the field.

I hold a CISSP certification along with eight GIAC certifications in penetration testing, defensive security architecture, threat detection, and systems administration. My education includes an MBA from Utah State University and a B.S. in Information Technology from Utah Valley University.

I’m always open to connecting with fellow security professionals, speaking opportunities, or collaborative research.

15+

Years in Cybersecurity

CISSP

Certified Professional

Universities Assessed

Adjunct

Professor

Jon Barclay playing bagpipes in traditional Scottish highland dress

About
My Background

With over 20 years of progressive experience in information security, I’ve built my career at the intersection of higher education and enterprise security. My focus areas include Zero Trust architecture, Identity and Access Management (IAM), cloud security, and penetration testing. I believe in security that enables rather than obstructs, building systems that protect institutions while keeping education accessible and open.

At UVU, I’ve led transformative initiatives that have fundamentally changed how we approach security. I architected and deployed a Zero Trust network infrastructure across campus, implemented university-wide multi-factor authentication with 100% adoption, and introduced passwordless authentication options for all users. I also led the deployment of endpoint detection and response (EDR) solutions protecting over 7,500 devices and worked on a unified IAM platform that streamlined access management across the institution.

Beyond UVU, I coordinate security efforts across the entire Utah System of Higher Education (USHE). As leader of the USHE Security Assessment Team, I direct penetration testing assessments across all 16 public colleges and universities in the state.

In 2024, I was honored to receive the Presidential Award of Excellence from Utah Valley University.

I’m also passionate about developing the next generation of security professionals. As an adjunct professor, I teach courses in penetration testing, network defense, and security architecture, giving students hands-on experience with the same tools and techniques used by practitioners in the field.

I hold a CISSP certification along with eight GIAC certifications in penetration testing, defensive security architecture, threat detection, and systems administration. My education includes an MBA from Utah State University and a B.S. in Information Technology from Utah Valley University.

I’m always open to connecting with fellow security professionals, speaking opportunities, or collaborative research.

View My Expertise

Professional Certifications

Industry-recognized certifications demonstrating expertise in information security, penetration testing, and cloud architecture.

CISSP

GPEN

GDSA

GWAPT

GDAT

GCDA

GCWN

GSNA

Areas of
Focus

My work focuses on building secure, resilient systems through modern security frameworks and proactive defense strategies.

Zero Trust Architecture
Implementing never-trust, always-verify security models
Identity & Access Management
Securing digital identities across enterprise systems
Cloud Security
Protecting cloud infrastructure and applications
Penetration Testing
Identifying vulnerabilities before adversaries do

Zero Trust

Never trust, always verify

IAM

Identity management

Cloud

Secure infrastructure

Pen Testing

Offensive security

Resume

Professional experience, certifications, and education

Download PDF Resume

JON BARCLAY

Deputy Chief Information Security Officer

American Fork, UT | jon@barclay.pro | linkedin.com/in/jonbarclay

Professional Summary

Strategic cybersecurity executive with 20+ years of progressive experience protecting critical infrastructure in higher education. Proven leader in developing and implementing enterprise security programs serving 50,000+ students and staff. Expert in building cross-institutional security partnerships, leading penetration testing programs across multi-campus systems, and driving security transformation through zero-trust architecture, identity management, and advanced threat detection. Recognized with the 2024 Presidential Award of Excellence for outstanding contributions to institutional security.

Areas of Expertise

▸ Security Strategy & Leadership

▸ Zero-Trust Architecture

▸ Penetration Testing

▸ Cloud Security (Azure/M365)

▸ Identity & Access Management

▸ Incident Response

▸ Security Operations (SOC)

▸ AI Security & Automation

▸ PCI-DSS Compliance

▸ Vulnerability Management

▸ SIEM & EDR Implementation

▸ Cross-Institutional Collaboration

Professional Experience

Utah Valley University

Utah's largest public university serving 47,000 students and 5,500 employees

Deputy Chief Information Security Officer

July 2024 – Present

Serve as principal deputy to the CISO, providing strategic direction and operational oversight for the university's comprehensive cybersecurity program. Lead security initiatives protecting critical infrastructure, student data, and institutional assets.

▸ Lead the Utah System of Higher Education (USHE) Security Assessment Team, directing penetration testing programs across 16 institutions statewide, completing full assessment cycles for all 8 degree-granting universities with 8 technical colleges in progress
▸ Coordinate the USHE Information Security Officer group and represent the security community at CIO and IT Directors meetings, driving cross-institutional collaboration and best practice sharing
▸ Spearhead security transformation initiatives including internal penetration testing, cloud security (Azure/M365), AI security and automation, and SOC optimization
▸ Drive strategic planning for enterprise security architecture, risk assessment frameworks, and regulatory compliance programs

Senior Cybersecurity Analyst

2019 – 2024

▸ Architected and deployed zero-trust network infrastructure, fundamentally transforming the university's security posture
▸ Implemented enterprise-wide MFA achieving 100% coverage for all students and employees, with passwordless authentication available university-wide
▸ Led deployment of advanced EDR solution protecting 7,500+ endpoints across campus systems
▸ Designed and implemented unified IAM platform with single sign-on, streamlining access management and enhancing security controls
▸ Implemented advanced security controls for Active Directory and Azure environments
▸ Orchestrated enterprise incident response operations, coordinating cross-functional teams to protect institutional assets

Senior PCI Security Analyst

2013 – 2019

▸ Established PCI-DSS compliance program managing 9 payment systems across campus, achieving and maintaining certification
▸ Implemented and managed SIEM infrastructure for continuous monitoring and threat detection across PCI-scoped systems
▸ Deployed enterprise firewall infrastructure (Palo Alto, Cisco) and VPN solutions
▸ Conducted penetration testing on campus and PCI systems; served on the USHE Security Audit Team
▸ Managed network IDS, application whitelisting, and host-based intrusion detection systems

Banner Security Officer

2010 – 2013

▸ Designed and implemented fine-grained access control (FGAC) for enterprise ERP system protecting sensitive institutional data
▸ Developed a comprehensive security awareness program for the university community
▸ Established user access governance and auditing frameworks for campus systems
▸ Managed network security infrastructure, including intrusion prevention systems, firewalls, and web security appliances

IT Manager

2004 – 2008

▸ Managed IT infrastructure, including databases, file servers, and desktop environments supporting 100+ users
▸ Supervised technical team responsible for 5 computer labs and campus computing resources

Adams & Smith

IT Manager

2008 – 2010

▸ Directed IT operations, including network infrastructure, Cisco VoIP systems, and enterprise security
▸ Managed ERP system security through role-based access control and privilege auditing

Certifications

CISSP – Certified Information Systems Security Professional

GPEN – GIAC Penetration Tester

GWAPT – GIAC Web Application Penetration Tester

GDSA – GIAC Defensible Security Architecture

GDAT – GIAC Defending Advanced Threats

GCDA – GIAC Certified Detection Analyst

GCWN – GIAC Certified Windows Security Administrator

GSNA – GIAC Systems and Network Auditor

Education

Master of Business Administration | Utah State University

Bachelor of Science, Information Technology | Utah Valley University

Awards & Recognition

Presidential Award of Excellence | Utah Valley University | 2024

Public Appearances

Presentations, interviews, and media coverage

Presentation October 27, 2025

SecuriDay @ UVU: Cybersecurity Awareness Workshop

Utah Valley University • Orem, UT

Interactive cybersecurity awareness workshop for students covering phishing attacks, password security, deepfakes, and practical defense strategies.

Slides

Media July 19, 2024

Expert Analysis: Worldwide Technology Outage

KUTV Channel 2 News

Live TV interview discussing the global CrowdStrike outage that disrupted businesses, airlines, and critical infrastructure worldwide.

View Coverage

Latest Insights

Thoughts on cybersecurity, technology trends, and lessons from the field.

View All Posts

October 11, 2025

Let's Connect

Interested in discussing cybersecurity strategy or collaboration? I'd love to hear from you.

Connect on LinkedIn Email Me

Jon Barclay

About
My Background

Professional Certifications

Areas of
Focus

Zero Trust Architecture

Identity & Access Management

Cloud Security