UNIVERSITY PARK, Pa. — For Holly Swires, chief privacy officer (CPO) and assistant chief information security officer (CISO) at Penn State, her interest in information security and privacy came later in her career. Swires initially earned a bachelor’s degree in criminal justice from Penn State in 2005 and gained experience as a victims’ advocate, providing an array of social services to individuals who had experienced sexual assault and domestic violence.
“I was always very-people centric and felt a high degree of gratification listening and helping people be their best self,” she said. “I started my first career working for a partial hospitalization program as a group therapist, providing mental health services, mostly counseling, to program participants.”
While she enjoyed the human interaction in that role, and the impact she was able to make for the individuals she worked with, she found herself drawn to regulatory compliance and researching laws and regulations. That led her to a position as an integrated security specialist at the University’s Applied Research Laboratory.
“That was my first exposure to security,” said Swires. “I was responsible for developing and implementing policies and procedures pertaining to security and overall compliance, required for varying research-related contracts.”
She later started a position at Penn State as the privacy coordinator working for the CPO, and eventually ended up stepping into that privacy officer role when the position became vacant. Then, in 2015, an executive decision was made to separate information security from the University’s central IT department. Swires was asked to serve as the interim assistant CISO and help restructure and lead the Office of Information Security (OIS). After two years, the Privacy Office transitioned into OIS, and Swires was formally appointed as chief privacy officer in 2017 with a dual role as the assistant CISO.
In her dual roles, Swires’ responsibilities include creating a culture of privacy and leading Penn State in achieving and continuously promoting compliance with varying regulations and internal policies pertaining to privacy, information security and other related programs.
“Some of these programs include PCI-DSS, GLBA, HIPAA, GDPR, risk assessments, third-party risk management, and research consulting/engagements pertaining to regulated data,” she said. “My primary focus is the development and implementation of a University-wide privacy program.”
Upon completing her bachelor’s degree and devoting a lot of time to building a privacy program for Penn State, she decided to enroll in Penn State World Campus to earn her master of professional studies in enterprise architecture and business transformation, which she completed in December. She says that completing her master’s has always been a long-time goal and she needed to find out what her core passions were to develop her future.