And, of course, not every student's intentions are good. Wilson told of a student who was able to change his own grades, while another hacked into an Oracle database. "We learned from our own mistakes," he said. "There are no more students working in sensitive areas."
Another challenge is cutting through the fog of pitches from vendors. Wilson, who had a background in finance before joining academia, said his approach is to "pick and choose" from security frameworks to what works in an academic environment.
He said at UMass he uses, "ISO for process and management, and SANS for technology. We focus on protecting our assets more than the threat du jour."
And how do they recruit and train people? Sherry said it is difficult to find good people, but he looks at, "graduating seniors in computer science or entrepreneurial fields. This really is a cool place to work it's stressful, but there's a lot going on."
Escalante agreed. "We need people who know how to code," he said. "If you need coding, check out the university, and think about hiring a summer intern. It's a low investment, and maybe they'll work out."
Sign up for CIO Asia eNewsletters.