Leadership
Built by higher-ed practitioners, for higher-ed
Synaptic Cybersecurity Alliance is led by working higher-ed practitioners. We're not consultants who write about the sector — we are CIOs, CISOs, architects, and engineers who run higher-ed IT and security operations day-to-day, and who built this alliance because we wanted a public-benefit vehicle for the kind of community work the sector actually needs.
Harry Hoffman
Founder & Board Chair, Synaptic Cybersecurity Alliance
Associate Vice President & Chief Information Security Officer, American University
Harry has spent more than two decades leading enterprise IT and cybersecurity programs across global research universities — building security architectures, modernizing infrastructure, and aligning technology investment with institutional strategy at the scale and complexity that only higher education produces.
He currently serves as Associate Vice President and Chief Information Security Officer at American University, where he leads cybersecurity, governance, and digital trust strategy in partnership with the CIO and Enterprise Architecture Board. His work spans AI-enabled risk and operations modernization, Workday Student security governance, and aligning institutional practice with NIST cybersecurity frameworks and higher-ed regulatory requirements.
Prior to American University, Harry served as Associate Vice President and Chief Technology & Security Officer at Northeastern University, where he led IT strategy across the university's global footprint, including a zero-trust network modernization, the establishment of a Cloud Center of Excellence, a CMMC-aligned high-performance computing enclave for DoD and DHS research, and IT integration for institutional mergers and acquisitions across the US, UK, EU, and Canada.
Earlier roles include Director of Information Security Architecture and Engineering at Harvard University; Director of Security and Resilience at MIT, where he led NIST 800-171-aligned compliance work for federal and defense research; Senior Information Security Architect at the University of Pennsylvania; and Director of Information Security at Drexel University. He earned his degree from Temple University.
Areas of focus
- • Strategic IT planning and governance
- • Cybersecurity, digital trust, risk management
- • Cloud, ERP, and infrastructure modernization
- • Identity and access management at scale
- • Compliance: NIST CSF/800-171, CMMC, HIPAA, FERPA, GLBA
- • AI adoption with data governance
- • Research computing enclaves (DoD/DHS)
- • M&A IT integration and global campus expansion
Higher-ed community service
Synaptic Cybersecurity Alliance — Founder & Board Chair
Massachusetts public-benefit corporation focused on cybersecurity and IT capability building across higher education.
EDUCAUSE Higher Education Information Security Council (HEISC) — Committee Member
The higher-ed sector's primary forum for information security policy, practice, and peer collaboration.
Center for Cybersecurity Operations in Research and Education (CCORE) — Founder and Former President
Established to focus operational cybersecurity capabilities on the unique needs of research and education environments.
REN-ISAC (Research and Education Networks Information Sharing and Analysis Center) — Vice Chair, Board of Directors
The trusted information-sharing organization for the research and higher-education cybersecurity community.
How the Alliance works
Synaptic Cyber is structured as a Massachusetts public-benefit corporation, not a typical consultancy. The work happens through a network of practitioners who contribute alongside their day jobs as CIOs, CISOs, architects, and engineers at colleges, universities, and research institutions across the country.
The model is intentional. Higher-ed cybersecurity needs operational depth, not just strategic advice — and the people who actually run higher-ed IT and security every day are the ones best positioned to help peer institutions navigate the same problems. Bringing them together as an alliance, rather than employing them as consultants, keeps the guidance grounded in current practice and removes the vendor-capture incentive that distorts most cybersecurity advisory work.
The board sets direction. Practitioners contribute through engagements, peer review, and speaker sessions. Member institutions support the mission and benefit from the shared knowledge base. Visiting experts from across the cybersecurity community engage through the Speaker Series and ad-hoc collaboration — recent contributors are listed below.
Practitioners who've contributed
Visiting experts from the broader cybersecurity community engage with Synaptic Cyber through our Speaker Series and peer collaboration. Recent contributors:
Brian Desmond
Microsoft platform expert focused on Active Directory, Identity Management, Security, Compliance, and Office 365 architecture and engineering. Has delivered enterprise-scale deployments at higher education institutions, Fortune 100s, and other large-scale organizations around the world. 15-year Microsoft MVP, frequent author and contributor to leading publications including Windows IT Pro Magazine, and author of Active Directory, 5th Edition (O'Reilly).
Protecting Active Directory →John Shier
Field CISO Threat Intelligence at Sophos with more than two decades of cybersecurity experience. Principal researcher and author of the Sophos Active Adversary Report, which advances the industry's understanding of attacker behaviors, tooling, and effective defenses. Often consulted by Reuters, WIRED, Fortune, CNN, and The Times; speaker at RSA Conference, Infosec, BSides, and other industry events.
Active Adversary Report →Micah Heaton
Executive Director of the Microsoft Security Center of Excellence at BlueVoyant, leading the development of AI-enhanced Microsoft-first security architectures spanning Defender, Sentinel, Intune, and Security Copilot. Named the global Security Changemaker by the Microsoft Intelligent Security Association (MISA) in 2025 — the only individual recipient that year — for his work on inclusive, resilience-driven security programs. Co-author of Microsoft Cloud Security for Dummies and frequent speaker on Microsoft and industry security platforms.
AI in Security Operations →
Why this matters
The work we do for institutions is grounded in what we run ourselves. The frameworks we help institutions adopt are frameworks we've implemented at scale. The compliance regimes we help institutions navigate are regimes we've answered to firsthand. The governance structures we help institutions build are structures we've sat inside. The alliance model is intentional: we keep our hands in the work so the guidance we offer stays current with reality, not consultancy.