Meet Your Infosec Team: Chief Information Security Officer, Chris Shull

On June 1, 2021, Chris Shull assumed the role of Chief Information Security Officer (CISO) for Washington University in St. Louis. He comes to WashU from Huron Consulting Group, which is working on several other projects at WashU.

Chris has joined Joe Susai, the CISO for the School of Medicine, and Kevin Hardcastle, Associate CISO for Research, to form a Cybersecurity Working Group, advancing WashU’s information security culture, prioritizing improved protections, and managing the university’s cyber risk.

Chris brings over 30 years of knowledge and experience in higher education information technology. He holds an M.A. in Operations and Information Management from the Wharton School of the University of Pennsylvania. Early in his career, he worked as a Senior Director in IT for the University of Pennsylvania and later served as Vice President of Information Technology and Operations for Drexel University Online. In the last several years, he held positions in data privacy and information security in health care, pharmaceuticals, real estate, financial services, hazardous chemicals, and medical device manufacturing companies. For the past eight months, he served as Interim Chief Information Security Officer at WashU.

He is a Certified Chief Information Security Officer (CCISO), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional – Europe (CIPP-E), Certified Information Privacy Professional – United States (CIPP-US), and Certified Information Privacy Manager (CIPM). He was designated a Fellow in Information Privacy (FIP) by the International Association of Privacy Professionals. He volunteers with the Cloud Security Alliance, helping map version 3.0.1 of Cloud Controls Matrix (CCM) to other standards and frameworks, developing version 4.0 of the CCM. He also serves as Program Chair and Board member for the Philadelphia Chapter of the Society for Information Management.

Chris prides himself on keeping information security simple, or at least understandable. 

At WashU, he is looking forward to working closely with stakeholders across the university to visibly and transparently focus the Office of Information Security on critical initiatives and operational activities. His work will support the university’s complex healthcare, teaching, and research missions through projects like MyDay, One Campus, Secure WUSM, and many more.