In higher education, AI is cultivating the partnership between CIOs and CISOs that's credited with creating a more unified approach to security, technology, and risk.
Dana Kilcrease, CISO at Berkeley College, explains how a strong CIO-CISO alliance can help organizations transform both leaders' efforts into more holistic, proactive, and practical initiatives.
At Berkeley College, this collaborative culture of security awareness turns the organization's people into its primary asset for cyber resilience.
The modern CIO-CISO partnership has become essential to navigate most business challenges today. Now, with AI forcing the issue, a unified front on security and tech is quickly becoming the hallmark of effective leadership. As the old silos dissolve, a deeply integrated partnership with a sharp focus on proper implementation is emerging in their place.
For an expert's take on how this relationship works in practice, we spoke with Dana Kilcrease, the Chief Information Security Officer for Berkeley College. Here, he leads cybersecurity across a diverse portfolio that includes a nonprofit foundation and global academic operations. But Kilcrease didn't just step into his current role—he grew into it, rising from Principal Information Security Engineer to Director, and ultimately to CISO. As a certified CISSP and CCSP, he's exceptionally qualified to discuss this exact intersection of security and technology. For Kilcrease, AI is the key driver behind this new collaborative mode.
"AI has been the biggest transformation I've seen in my fifteen years in IT. Properly implementing it requires a combined approach from technology and security. That gives us leaders the opportunity to come together and present a unified front," Kilcrease says. But this "unified front" isn't just about talk, he explains. For it to be effective, Kilcrease relies on the full backing of his CIO.
Echo chamber: "When the CIO acts as an echo for my initiatives, the message isn't just coming from the security team. It carries the full weight of the entire IT department," he explains. With that support, security can be baked into core processes from the very beginning. Today, the proof is in the results: according to Kilcrease, his application security program reduced recurring vulnerabilities by over 25% in its first year.
Of course, no partnership is without its share of friction. Here, Kilcrease acknowledges the reality of "fighting for that slice of the overall pie," with security often being part of the IT budget.
From fight to focus: But a strong CIO-CISO alliance can transform this potential "tug-of-war" into a focused strategy that enables them to address the issues that matter most. "Being part of the overall IT strategy helps funnel things, allowing me to surface the priority issues we need to tackle over the next six to eighteen months. That collaboration with the CIO helps formulate the overall strategy and program," Kilcrease explains.
The secret to making this work is in how he defines his role. Instead of an enforcer, Kilcrease acts as a strategic advisor whose power comes from advising on risk across all areas of the organization—extending well beyond IT and into compliance, legal, and academic departments.
People as the prize: Today, this advisor-led philosophy also informs his approach to building cyber resilience. "The culture of security awareness has been the biggest single effort we've made to enhance our cyber resilience across the board." The goal of that program, which includes targeted phishing campaigns and a solid incident response policy, is to transform an organization's people into its greatest asset, he explains.
Ultimately, AI's most lasting impact may be organizational, Kilcrease concludes. Because the technology impacts every part of the business, it gives IT and security a reason to intervene in almost every process. The tech might be the catalyst, he continues, but the real outcome is the improved human fabric of the organization—built one cross-functional conversation at a time. "Eighteen months from now, nobody knows where the technology will be, but I know that we will have eighteen months' worth of conversations behind us with all the different cross-functional areas and niche departments within our organization."
For Kilcrease, it all comes down to the foundational relationship between two leaders. "I'm lucky to have a great relationship with my CIO. His support from day one has allowed me to advance security initiatives far more effectively than I could have alone. Ultimately, that partnership is critical, and it's a relationship that both the CIO and the CISO must intentionally foster together."
