Meet Your InfoSec Team: Victor Tinsley, GRC Security Analyst

Victor Tinsley
“St. Louis style pizza is, in my opinion, pretty good.”

Victor Tinsley, Governance Risk and Compliance Security Analyst I, has always been curious about how malicious actors manipulate a target environment. How do they devise new ways to exploit a system? Following his interest, he pursued a Bachelor of Science with a focus on information security. Aside from having interest in the field, Victor believes “that infosec is on the leading edge of progress in IT. I wanted to be part of that progress.” After graduating, he gained experience in various information technology positions: helpdesk, junior network administration, implementation teams, migration teams, and deskside roles. Today, Victor performs third-party information security risk assessments and policy exception requests for our Governance, Risk, and Compliance (GRC) division.

Victor’s favorite part of his job is “learning about about the many new technologies and applications that may be implemented at WashU.” This is in reference to the IT Procurement Vendor Intake Forms, which GRC processes. As part of the review, members of the GRC team evaluate the prospective vendor, or software platform, to determine if its adoption would compromise WashU’s information security.

Commenting on InfoSec in general, Victor wants readers to know that “reports from users are a crucial part in identifying threats.” One way you can contribute to the protection of WashU’s systems and data is by reporting suspicious emails. The Phish Alert Button in Outlook gives our office a chance to investigate the email and take any necessary action, such as removing all similar messages from systems and notifying our community of the threat.

In his free time, Victor is a motorsport enthusiast who works on his motorcycle, enjoys kayaking, and has 40 hours of flight experience. If you are a fan of podcasts, Victor recommends listening to Darknet Diaries and Malicious Life – two podcasts exploring true stories in cybersecurity. Alternatively, if there is a specific subject that you would like to dive into, Victor suggests searching for it on YouTube. Not only are there tons of educational videos on the platform, but “it seems that if there is something that needs to be fixed, there is probably a YouTube video on it.”