Turning Security Investment into Operational Value
How KAIP helped unstall a key cybersecurity initiative at Foothill-De Anza Community College District.

The Challenge: The Urgency of Risk
Foothill-De Anza Community College District knew that they were carrying more cyber risk than they wanted. Without a formal cybersecurity program, the District lacked an active security monitoring system and foundational security policy elements. Critically, they also had no clear path to GLBA compliance.
The leadership was not sitting idly. They had invested in a security information and event management (SIEM) system, a highly valuable piece of equipment. The challenge was in activating the SIEM, which had been awaiting implementation for several months. This left the organization without the visibility needed to spot threats before they turned into incidents.
Implementation deadlines loomed and pressure was building inside the organization. Leadership needed to show that the investment was delivering value before the fiscal year closed, while the IT team was left managing growing risk without the structure or support to move forward with confidence.
Identifying the Obstacles to Success
What KAIP found was important and surprisingly clear: this was not a resource problem as much as it was a coordination problem. The client’s teams were working in silos, with too little communication and too little shared ownership of the work.
KAIP started by bringing the IT team together for a multi-hour working session that helped reframe the challenge, build a common understanding of cyber risk, and open a more productive conversation about what needed to change. That meeting began a sea-change in the department’s alignment around this initiative. Bringing everyone together to understand the urgency and scope of the issue signaled that the organization was ready to stop treating cybersecurity as a stalled technical task and start approaching it as a shared operational priority.
As discovery continued, an opportunity came into focus. The client did not need its internal team to spend their limited time on research, legwork, and cross-functional coordination. It needed a clearer structure, the right expertise at the right moments, and a way to move the work forward without overwhelming internal staff.
Closing Critical Gaps
Leveraging Multiple Disciplines for Security Success
To make the most of the Foothill-De Anza team’s time, The KAIP team combined cybersecurity expertise with project management support for both technical direction and the day-to-day structure needed to regain momentum.
Built alignment around the risk and urgency
Developed shared understanding of the cybersecurity risks, the urgency of action, and the work patterns that needed to change.
Moved the SIEM from stalled to implemented
Built a workflow to get the right data into the SIEM to begin using it for active monitoring.
Reduced lift on internal staff while keeping the work moving
Mapped specific internal roles and responsibilities. Gave them clear direction with minimal demand on their time.
Facilitated SOC-as-a-Service vendor selection process
Developed requirements document, pre-vetted SOC-as-a-Service vendors, and brought three finalists to leadership.
An Improved Security Posture
The work strengthened the College’s IT security, allowing them to act with greater confidence in a higher-risk environment.
As importantly, the successful implementation was proof positive of the value of investing in cybersecurity to the board.
Data Security Systems Fully Implemented
- Consolidated logs from critical systems including identity systems, cloud platforms, firewalls, and endpoint security solutions enabling a single-pane-of-glass view across the environment's critical infrastructure.
- Onboarded 74 total data sources, prioritized by criticality including Active Directory, Palo Alto Firewalls, AWS WAF, CloudTrail, and Symantec EDR.
- Established 100% of coverage of firewalls, Active Directory Domain Controllers, and endpoint security tooling.
- Established 1-year log retention for critical systems
Executives Empowered
- Improved GLBA compliance posture and future incident response efforts through enhanced logging and retention capabilities
- Delivered an Executive Dashboard providing visibility into:
- Alerts generated vs. resolved
- High-severity security alerts
- Alert distribution across resources
Human Systems Improved
- Implemented role-based access control (RBAC) within the SIEM aligned to least privilege principles by creating three distinct user roles (system admin, security analyst, and executive sponsor) and four distinct security profiles that governed access to system logs based on job role (i.e. Network, Cloud, Windows/Linux Servers, and Endpoints).
- Developed standardized incident notification templates (Low, Medium, High, Critical) to streamline communication with system owners.
- Developed and implemented Standard Operating Procedures (SOPs) for:
- SIEM maintenance
- Alert triage and escalation
- Log parsing and normalization
The Road Ahead
What began as a stalled deployment and a fragmented approach to cyber risk became a more aligned, more action-oriented IT team that knows their responsibilities and is committed to getting them done.
As a result, the Foothill-De Anza Community College District now has better visibility, stronger momentum, and a clearer foundation for protecting what matters most.
“KAIP has brought tremendous expertise to their work with the Chancellor’s Office and colleges around the state. They’ve been an invaluable resource to me as CTO of the Foothill-De Anza Community College District, consistently responsive and instrumental in helping our district strengthen its security posture.”
~ Jory Hadsell, Ed.D.
Vice Chancellor, Technology and Innovation | Foothill-De Anza Community College District
