For over two decades, Jennifer Mehl has played a foundational role in the growth of the cybersecurity program at UCSB. She currently serves as the Associate CISO & Director of Security Operations and Engineering, reporting directly to our CISO, Jackson Muhirwe.
Jennifer’s start in cybersecurity is not what you’d expect. “My degree is actually in journalism and mass communication,” she recalls. Early on, she worked for her high school and college newspapers, first doing layout design and later becoming the step-in IT support for the Iowa State Daily. “I wasn’t a programmer, I was just a little bit more resourceful to try and figure things out.” Her first experiences with computers came from a Commodore 64 at home and an Apple IIe that her mother, a teacher, would bring home each summer.
Jennifer’s first professional IT role was as a desktop support technician at the Whitehead Institute for Biomedical Research at MIT. During this role, Jennifer explained that she had two pivotal mentors who “took her under their wing.” Through these mentors, Jennifer learned Unix, networking, and even installed a new email and directory system for the institute.
At UCSB, Jennifer began as a Sr. Systems Administrator in Physics and later served as IT Director in Chemistry. These roles allowed her to deepen her expertise in networking and security. She eventually applied for a security analyst position at “OIT, Office of Information Technology, which was a small component of what is now ITS.”
“Our security team was very small, so I did a little of everything,” Jennifer explains. Her first major project in this role was to “develop a secure computing enclave for researchers.” What had once been a redundant and outdated process evolved into the Secure Compute Research Environment (SCRE), a virtualized platform that enables researchers to securely and remotely analyze sensitive data.
Before moving into a leadership role, Jennifer worked with the networking team on the deployment of a campus firewall from Palo Alto Networks in 2018. The team spent several months conducting a proof of concept to test the firewall's capabilities in detecting and protecting against intrusions. Jennifer explains that the installation of the firewall was a “monumental shift” in philosophy on campus, from a very, very open network to a more restricted campus-wide firewall, helping to protect departmental networks.
Her team of one has now expanded. “I lead a team of very talented professionals tasked with protecting university resources and people,” she explains. “Resources can be data, servers, systems.”
Jennifer’s team of four handles campus information security operations and related engineering/infrastructure support. The team spends the majority of its time on incident response. “The most common reports we get are phishing emails, often leading to compromised credentials,” she says. They also focus on vulnerability management, network security, endpoint detection and response, cloud security, application security, and campus-wide email security. The security operations team works closely with colleagues who specialize in governance, compliance, and risk areas within information security. Finally, they also frequently collaborate with teams supporting campus networking and identity and access management (IAM) in various areas of their work.
When asked about the most significant emerging risk in cybersecurity, Jennifer points to AI. “People tend to over-rely on AI for absolute truth,” she warns. “Think of AI like a student intern. It can produce solid work with careful and precise guidance, but you’d never hand that work to the CEO without a thorough review.” Jennifer also notes that AI has made it more challenging to spot threat actors, since it enables them to craft emails with accurate grammar, realistic branding, and convincing logos, all making it easier to deceive people.
For students interested in cybersecurity, Jennifer emphasizes curiosity over credentials. “You don't need to have a degree in computer science, or even a technical degree to do work in cybersecurity. You just need to have curiosity,” she says. “These are human problems, not just technical ones. Communication is as important as technical skill.” She recommends that students “figure out how things work, even at home, you can learn a lot with a home lab.”
Outside of work, Jennifer enjoys spending time outdoors hiking the Santa Maria Valley Open Space trails with her dog Charlie, swimming, and following sports like INDYCAR racing, college basketball, and professional tennis. She also listens to a lot of music from the 1970s and 1980s. Family keeps her busy with her twin sons, preparing to head to college themselves.
Reflecting on her journey, Jennifer notes that mistakes have been as important as successes. “I’ve broken a lot of things in my career,” she laughs. “I have learned from all of my mistakes. I share these stories with my team so that they can see you can make big mistakes, you can make little mistakes; but we can use the opportunity to learn from them, to do better in the future.”