Alumna promotes privacy and information security at Penn State

UNIVERSITY PARK, Pa. — Holly Swires, a recent Penn State World Campus graduate who is the chief privacy officer and assistant chief information security officer at the University, formed her interest in information security and privacy later in her career.

Swires earned a bachelor’s in criminal justice from Penn State in 2005 and gained experience as a victims’ advocate, providing an array of social services to individuals who had experienced sexual assault and domestic violence.

“I was always very people-centric and felt a high degree of gratification listening and helping people be their best self,” said Swires, who went back to school and graduated with a Master of Professional Studies in Enterprise Architecture and Business Transformation in December.

“I started my first career working for a partial hospitalization program as a group therapist, providing mental health services, mostly counseling, to program participants.”

While she enjoyed the human interaction in that role, and the impact she was able to make for the individuals she worked with, she found herself drawn to regulatory compliance and researching laws and regulations. That led her to a position as an integrated security specialist at the University’s Applied Research Laboratory.

“That was my first exposure to security,” said Swires. “I was responsible for developing and implementing policies and procedures pertaining to security and overall compliance, required for varying research-related contracts.”

She later started working at Penn State as the privacy coordinator for the chief privacy officer and eventually ended up stepping into that privacy officer role when the position became vacant.

In 2015, an executive decision was made to separate information security from the University’s central IT department. Swires was asked to serve as the interim assistant chief information security officer and help restructure and lead the Office of Information Security (OIS). After two years, the Privacy Office transitioned into OIS, and Swires was formally appointed as chief privacy officer in 2017 with a dual role as the assistant CISO.

In her dual roles, Swires’ responsibilities include creating a culture of privacy and leading Penn State in achieving and continuously promoting compliance with varying regulations and internal policies pertaining to privacy, information security, and other related programs.

“Some of these programs include PCI-DSS, GLBA, HIPAA, GDPR, risk assessments, third-party risk management, and research consulting/engagements pertaining to regulated data,” she said. “My primary focus is the development and implementation of a University-wide privacy program.”

Swires said completing her master’s degree has always been a long-time goal and that she needed to find out what her core passions were to develop her future.

“Understanding my passion for privacy and information security compliance, this program made a lot of sense for me because it focuses on strategy and business components that are very pertinent to a role like mine,” she said.

Swires said Penn State World Campus has been beneficial in many ways. She’s learned to focus on the future state and that all-encompassing view, which is very important in the privacy profession. With a variety of data privacy laws and regulations continuing to surface within the U.S. and internationally, building a privacy program at the University that is forward-thinking and futuristic is crucial.

“It would be very challenging for my team and I to build a new program or update it every time a new law or regulation comes into play for Penn State,” she said. “The importance is really building something that is sustainable for an environment that is constantly evolving and will continue to for some time.”

Swires is also the chair of the Penn State Privacy Council, a diverse group of community stakeholders across Penn State that serves as a sounding body to Swires’ team’s endeavors to implement, monitor, and continuously improve the University’s privacy program and other privacy-driven requirements.

“To me, the University Privacy Council is one of my biggest successes as CPO, and that’s really due to the amount of support I receive from its members,” she said. “The Council members are truly interested and engaged in the work my team and I are doing to progress data privacy for Penn State.”

Last year, Swires volunteered to impart her knowledge and experience on College of Information Sciences and Technology students as part of an information technology panel, where Penn State IT specialists in various domains gave attendees a glimpse into different career paths. She felt that it’s extremely valuable for students to know what opportunities may be available to them after graduation — especially ones they may not be aware of.

“Though the privacy profession is still steadily growing, particularly in the higher education community, new areas within the field of privacy which are more technical continue to gain traction, such as privacy engineers and analysts,” she said. “With all the new data privacy laws and regulations, this profession is in very high demand and will continue to be.”

Learn more about the Master of Professional Studies in Enterprise Architecture and Business Transformation that is offered online through Penn State World Campus.