HOME /

About

About

Our team strives to be a trusted partner to the community,
and leaders in information security and data privacy.​

Leadership

image of CHIEF INFORMATION SECURITY AND DATA PRIVACY OFFICER

Michael Tran Duff

UNIVERSITY CHIEF INFORMATION SECURITY AND DATA PRIVACY OFFICER

Michael has devoted his career to serving academic and research institutions.  Prior to joining Harvard, he served as Chief Information Security Officer and Chief Privacy Officer at Stanford University.  Michael completed his undergraduate and graduate degrees in computer science and physics at MIT, and he later taught undergraduate and graduate computer science courses as a Visiting Instructor at Miami University in Ohio before relocating to Silicon Valley.  Today, Michael serves on several advisory boards, providing cybersecurity and privacy expertise.

Our Team

Whether you need guidance or training regarding secure data handling, privacy regulations, systems, or processes; need to assess compliance with university policies; or respond to an incident when something goes wrong, we are here to help. 

  • Architecture & Assessments

    Develops reference architectures, assesses high risk systems and data and provides risk mitigation guidance.

  • Standards & Culture

    Assists our community members in grasping essential aspects of privacy and security, along with their responsibilities, promotes adherence to current standards, and establishes new ones as necessary.

  • Operations & Engineering

    Ensures the implementation of appropriate tools and defenses, identifies system vulnerabilities for remediation, and detects and analyzes intrusions.

  • Deputy CISDPO

    Fills the role of CISDPO when the CISDPO is not present, measures and reports on our program’s progress and effectiveness, and by leading incident preparedness and response.​

  • Privacy Strategy & Integration

    Formulates privacy program strategy, builds privacy into all ISDP functions, and leads special projects.​

  • Portfolio Mgmt & Governance Support

    Facilitates ISDP programs, coordinates monthly OKRs, and ensures effective interactions with governance entities.​​

View Org Chart

School PrivSec Officers (SPSOs)

Works to manage risk in partnership with the University Information Security team by promoting the university program, ensuring that school systems are fortified and vulnerabilities are remediated, operationalizing the university-wide Privacy Principles, and by providing unique school needs.​

Contact your School PrivSec Officer with non-urgent Information Security questions or concerns.

View SPSOs

Transparency

Harvard University is committed to providing a safe and reliable computing environment for students, faculty and staff. The purpose of this page is to describe some of the methods and protocols used by Harvard Information Security to deliver on that commitment.

Read More About Transparency

icon of a clipboard with a shield

Contact

Information security and data privacy at Harvard is managed through a partnership of School "PrivSec" Officers (SPSOs) and the University Information Security and Data Privacy (ISDP) team.

Questions related to ISDP services, Central Administration projects, training, assessments, secure computing, and policy may be directed to ISDP.

School specific research and administrative questions should be directed to your SPSO.