Adam Vedra – Practice lead for Cybersecurity & Privacy | David Sherry – Executive Consultant
Higher education has always thrived on collaboration. We share ideas, research, talent, and, increasingly, risk. In cybersecurity, that shared risk is impossible to address in isolation, yet too often, many institutions still try.
Colleges and universities are complex, federated environments by design. Autonomy is a feature, not a flaw. That decentralization means the role of security is analogous to securing a city. As a result of this environment, security outcomes depend less on authority and more on relationships. In our experience, the institutions that make real progress are not the ones with the loudest strategies, the largest staff, or the longest roadmaps. They are the ones that cultivate the right conditions for collaboration, both within their campuses and across institutional lines.
That collaboration grows best in fertile ground, made up of three essential ingredients: humility, trust-based relationships, and a commitment to less talking and more action.
Humility Inside the Institution: Respecting the Academic Ecosystem
Within a university, cybersecurity touches nearly every corner of the institution: IT, faculty, research, student services, finance, advancement, and beyond. No single group fully owns the environment, and no single perspective is sufficient.
Humility allows security leaders and teams to recognize this reality. It shifts engagement away from prescriptive mandates and toward a genuine understanding of how teaching, research, and administration actually function. It acknowledges that academic freedom, shared governance, technical options, and legacy systems are not obstacles to be eliminated, but realities to be navigated through. In fact, these very obstacles have led to creative solutions in security that other verticals never face.
Engaging your campus in decisions both large and small indicates that you are clearly interested in their success and productivity and are willing to understand how a security action can impact their processes and outcomes. It also allows the institution to hear your “why”. Humility to hear and satisfy their questions or needs can foster further dialogue and can make the security department shed the nickname of the department of “no”, to the department of “know”.
When humility is present internally, security becomes a partner to the mission rather than a barrier to it. When its absent, collaboration erodes, and security initiatives struggle to gain traction.
Trust Across Campuses: Collaboration Beyond the Institution
These same traits become even more critical when collaboration extends beyond campus borders into consortia, peer groups, and shared initiatives with other colleges and universities.
Cross-institutional collaboration only works when participants are willing to admit that they don’t have all the answers, that their challenges are not unique, and that learning from peers is a strength rather than a vulnerability. Humility creates space for honest dialogue about gaps, failures, and tradeoffs, conversations that simply don’t happen in competitive or performative settings.
Our experience with consortiums and collaborative groups has proven to us that each and every member does at least one thing better than the other members. We can all learn from each other, share our successes, and improve the posture and success of our security mission when we listen to and embrace what others are doing.
Trust is the currency here. Institutions must believe that shared insights won’t be used for comparison, judgment, or reputational harm, but for mutual improvement. When that trust exists, collaboration accelerates institutions to move faster together than they ever could alone. In the words of John F. Kennedy “a rising tide lifts all boats”. We have seen this firsthand.
Partners and Vendors: From Products to Relationships
Trusted partners and vendors play a unique role in this ecosystem. In higher education especially, the most effective partners are not those who talk the most, but those who listen first; who understand institutional culture, resource constraints, and governance realities.
Humility matters here, too. Partners who approach higher education as a market to conquer rarely earn trust. Those who approach it as a community to serve often do. When vendors and consultants act as collaborators rather than solution peddlers, they become part of the shared mission to reduce risk in meaningful, sustainable ways.
Less Talking, More Action: Turning Collaboration into Outcomes
Higher education is rich in conversation, analysis, and consensus-building; valuable traits, but ones that can stall progress if not paired with action. Whether working internally, across institutions, or with partners, collaboration must eventually translate into movement.
That doesn’t mean sweeping transformations. It means practical steps: shared pilots, incremental improvements, documented lessons learned, and visible progress that builds confidence. Action creates momentum. Momentum builds trust. And trust makes the next step easier.
A security team that attempts to make change quicker than your campus culture is prepared for can erode hard-earned progress on trust and collaboration. There are only rare occurrences when a security posture needs to go from zero to sixty in a short time frame, and most success is achieved through a crawl/walk/run methodology for increasing security and reducing risk.
Utilizing the trust you have gained, ask your campus about pain points and identify low-hanging fruit to address. Small wins stimulate further collaboration, and less resistance to future changes.
When the Soil Is Right
When humility shapes how we listen, trust anchors how we work together, and action guides how we move forward, cybersecurity collaboration in higher education becomes sustainable rather than episodic.
In that environment, security stops feeling like something imposed on the institution and starts feeling like something built with it by people who understand the mission, respect the culture, and are committed to progress over perfection.
The Harvest
In a sector defined by shared learning, the future of cybersecurity will belong to those willing to cultivate the soil together across departments, across campuses, and alongside trusted partners, so that stronger outcomes can grow.
About Moran
Moran is a leading management and technology consulting firm, serving clients in the U.S., Canada, and around the world. As a firm, we have 21+ years supporting higher education. We continue to engage industry leaders and share our expertise from our 975+ higher education projects. We have worked with 350+ diverse teaching and research institutions to identify and maximize the strategic benefits of technology investments. Moran teams strategize, plan, execute, and deliver transformational change in cybersecurity, data, analytics, and AI, ERP, identity and access management, and organizational change.