We sat down with UBC’s recently appointed Chief Information Security Officer (CISO), Larry Carson, to discuss his career and vision for his first year as CISO. With more than 25 years of experience, Larry brings a long history of service to UBC and a deep understanding of our community. Larry has worked directly with many faculty, staff, and students to help keep UBC’s systems secure, lead incident response and prevention efforts, develop security standards, and advance the responsible use of AI and automation in cybersecurity operations. As CISO, Larry will lead the cybersecurity team in advancing UBC’s cybersecurity maturity and risk profile to ensure UBC’s data and infrastructure remain secure.
A Career Built at UBC
Larry’s journey at UBC began in the early 2000s in the Faculty of Forestry (now called the Faculty of Forestry and Environmental Stewardship). Hired as their IT Manager, Larry still remembers one of his early tasks: deploying a firewall. His interest in cybersecurity grew from an early passion for computers and evolved over time. "I realized I like working with people as much as I enjoy writing code and programs” he reflects. After obtaining a degree in computer science, moving into operations and then security roles, cybersecurity soon became a central focus of his career.
Since 2002, Larry has held multiple roles at UBC focused on strengthening the university’s cybersecurity capabilities. He has been an integral part of the Privacy and Information Security Management (PrISM) initiatives, overseeing the creation and growth of the Security Operations Centre, and supported the deployment of many UBC IT cybersecurity capabilities for example in digital forensics and malware analysis. His work has strengthened relationships across BC and the Canadian higher education sector, as well as within the global cybersecurity community, through involvement with groups like BCNET and the Canadian Center for Cyber Security (CCCS). Larry was also one of the members of the working group that built the Canadian Shared Security Operations Center (CanSSOC), a collaborative initiative providing cybersecurity services, threat intelligence, and alerts to Canada’s higher education sector. These experiences have shaped Larry’s deep understanding of UBC’s technology landscape and his dedication to the UBC community.
Leading Through Change
Larry steps into the CISO role at a time of profound technological transformation. AI is reshaping both the challenges and opportunities in cybersecurity and propelling the evolution of increasingly sophisticated and creative techniques from threat actors. “Right now, the world is going through a substantive change,” Larry explains. “We get these every now and again. Something that makes a significant impact on how everything operates. AI is one of those changes and it’s going to get even more disruptive in the next year.” When asked about the biggest cybersecurity challenges facing higher education today, Larry pointed to two primary risks: criminal organizations seeking to monetize institutions, and nation-states targeting intellectual property.
To guide UBC through this shifting landscape, Larry’s upcoming priorities include developing an updated cybersecurity strategy and further integrating machine learning and AI into UBC’s security operations. These risks combined with the rapid pace of technological development, reinforce that for Larry, “the biggest job that I have in front of me is to prepare people for change.”
Working Together to Protect UBC’s Data, Information, Systems and People
While the Chief Information Security Officer is an important leadership role for the university, Larry also highlighted the efforts of staff that play a significant role in keeping UBC secure. “If we can respond rapidly, we can keep cybersecurity threats from impacting faculty, staff, and students.” He noted that the Cybersecurity team works around the clock, including weekends and holidays, to ensure that essential university operations remain stable.
Cybersecurity requires balancing evolving technologies and standards with the need to avoid disrupting daily operations. Larry explains, “we don’t want to create unnecessary work for our community or push new technologies for the sake of it, but from time to time, change is necessary to keep the University’s data safe. Our responsibility is to make sure the community is prepared and supported when those changes come.” Striking this balance between supporting readiness for change while enabling the university’s core mission remains central to Larry’s approach as CISO. As Larry reinforces, “From a security perspective, we want to keep things operating and we want people to be successful… We’re here to help.”
What can the UBC community do to support information security? The advice is clear: “if you see something unusual that doesn’t line up with what you expect, report it to security@ubc.ca.”As Larry notes, “Timing is everything to us.”
Larry’s leadership is anchored in a clear purpose: supporting UBC’s academic mission. As he reflects, “We help to enable teaching and learning so the next generation of students can learn. And we help to enable research in greater ways that can improve the quality of life for everyone in society.” Furthermore, Larry believes security is not a “solo activity” for institutions, but a pursuit that requires higher education institutions working together, for example through organizations like BCNET or CanSSOC. This collaborative approach combined with Larry’s experiences will position UBC’s cybersecurity portfolio to continue enabling excellence, resilience, and innovation at UBC and across the post‑secondary sector.
