Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceEducation:University

Special Report / Women in Security 2022

Women in Security 2022: Medha Bhalodkar, Columbia University

Medha Bhalodkar, Columbia University’s first CISO, has built a cybersecurity and IT risk management program focused on unification.

By Madeline Lauver
medha

Bio image courtesy of Bhalodkar

Background image courtesy of Dean Mitchell / E+ / Courtesy of Getty Images

July 1, 2022

Medha Bhalodkar, Chief Information Security Officer (CISO) and Enterprise IT Risk Officer at Columbia University, is responsible for the cybersecurity, compliance and information technology (IT) risk management of the institution’s 17 schools and 10 global centers.

Managing the university’s over 1 million student, faculty, alumni and other stakeholder identities and protecting digital assets from cyber threats is no easy task, but Bhalodkar leads with years of expertise, having built Columbia’s cybersecurity and IT risk management program from scratch.

Bhalodkar was recruited into programming after graduating with a B.S. in Chemistry and Biology from Mumbai University. Over her career, she has held IT leadership roles in data centers, IT auditing and risk management. She is the recipient of many cybersecurity and risk leadership awards, including the Global CISO of the Year from EC-Council, two-time North America Information Security Executive of the Year from Tech Exec Networks, and the 2020 Wasserman award from the New York Metropolitan Information Systems Audit and Control Association (ISACA). Bhalodkar was only the fourth woman to receive the Wasserman honor since its founding in 1978.

In 2006, Bhalodkar became Columbia University’s first CISO. Her IT background in the financial, education and healthcare sectors informed her work in higher education as she carefully built the framework that protects Columbia’s community and cyber assets today.

“I started with forming the policies — understanding what’s critical for Columbia, what data is sensitive, what is not safe to do, and what needs to be protected from a security standpoint,” says Bhalodkar. Working closely with the Chief Executive Officer (CEO), Chief Information Officer (CIO) and Chief Financial Officer (CFO), she prioritized the protection of intellectual property, such as the research of Nobel Prize-winning faculty at the school, and personally identifiable information (PII).

After classifying the types and priority levels of the university’s data, Bhalodkar developed policies pertaining to its protection on the server side and at endpoints, and she worked to create a governance structure for the institution’s data management and cybersecurity efforts.

Prior to developing the cybersecurity and risk management program, the IT teams at all of Columbia’s facilities operated in siloes. Bhalodkar unified and centralized cyber operations with the new framework, allowing her team to collect and assess threat information across the university and its entities.

At the start of the program, Bhalodkar had one employee. Now, she oversees multiple teams of information security and risk management professionals to manage Columbia’s IT policies, data protection, cybersecurity, identity and access management (IAM) and enterprise IT risk management and governance across the institution.

In scaling the program to the university-wide framework it is today, Bhalodkar tackled security and risk challenges head-on. She focused on remaining on top of the ever-changing security threat landscape and evolving regulatory requirements of international data protection and higher education environments; developing relationships with leadership across the organization, including Columbia’s global centers around the world; and reporting risks and mitigation strategies to the institution’s Board of Trustees in a concise, accurate and centralized manner.

The risk and regulatory challenges of centralizing a global operation necessitate clear communication of the IT risk management framework across Columbia’s various facilities, according to Bhalodkar. Whether she is liaising with global center leaders or the university board, she stresses the importance of tailoring risk communications to her audience. “Understanding what you’re communicating and how you are demonstrating impact is far more important than communicating isolated volume, numbers or threats,” Bhalodkar says.

It’s also important for cybersecurity leaders to aid the overall mission of their organization, according to Bhalodkar. Building security as a business enabler comes down to how IT teams interact with other departments, she says. Instead of enforcing security policies reactively, cybersecurity team members can approach other departments working on projects involving IT components by offering proactive guidance. “If a project has a technology component and security asks, ‘Can we look at the workflow and help co-create the right strategy for you?’ it shifts the perception of the cyber team from roadblock to enabler,” Bhalodkar says.

Bhalodkar isn’t just an expert at communicating with her colleagues — she also helped create Columbia’s Master’s program in Enterprise Risk Management, educating future business leaders on how best to mitigate and assess risk in their organizations.

“That program is very, very dear to me,” she says. The Master’s program, similar to Columbia’s cybersecurity and IT risk management framework, was developed in response to organizational risk siloes, so risk can be presented “to leadership through a single pane of glass, rather than everybody reporting differently,” she says.

She worked directly with Columbia’s Dean of the School of Professional Studies to draw up the degree charter, addressing these siloes. In the five-plus years since the program began, more than 25,000 leaders have graduated after learning the foundations of risk management Bhalodkar helped develop.

When she reflects on her accomplishments, Bhalodkar is most proud of bringing lessons from each aspect of her career path to her security and risk management work. She credits her teams and guidance from many of her peers and leaders for her success today and is passionate about passing it forward to other women who look to enter the cybersecurity and risk management field. From her time as a programmer and data center manager to her CISO and Enterprise IT Risk Officer roles, “All of that traveling has made me what I am today and will drive me forward from here,” Bhalodkar says.

KEYWORDS: business continuity cyber security leadership risk management security leadership security management security operations Women in Security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Madeline Lauver is a former Editor in Chief at Security magazine. Within her role at Security, Lauver focused on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • pan

    Women in Security 2022: Diana Pan, The Museum of Modern Art (MoMA)

    See More
  • 2022 women in security

    Security’s 2022 Women in Security

    See More
  • athletes in competition

    Perimeter security strategies for The World Games 2022

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing