Florida State University Information Technology’s Third-Party Risk Management Program has been named a 2025 Foundry’s CSO Award winner, one of the most prestigious honors for security professionals.
The CSO Awards honor organizations that demonstrate excellence in security and risk management.
FSU’s Third-Party Risk Management Program was honored for its forward-thinking approach to managing risks from external vendors, helping the university maintain strong security and compliance standards across its operations.
“Winning this award highlights our team’s unwavering dedication to upholding the highest standards of security and compliance,” said Jonathan Fozard, associate vice president and chief information officer at FSU. “It’s a testament to the continued success we’re seeing at Florida State — we’re rising in the rankings, gaining national and global attention, and the security team is being recognized as part of that momentum.”
The project was launched following a 2021 audit finding in an effort to strengthen vendor security practices. FSU’s Information Security and Privacy Office partnered with the university’s procurement office to develop a process ensuring that vendors providing essential business functions undergo independent information security audits. Using a risk-based approach, the program evaluates vendor reports to assess the adequacy of their security measures.
“By combining independent security audit reviews and attack surface management scans of vendors who provide mission critical business services to FSU, the team has done a stellar job and is able to identify risk within our third parties, proactively assist them with remediation, and better protect the confidentiality, integrity and availability of FSU systems and data,” said Bill Hunkapiller, chief information security officer at FSU.
The project involved several key steps, including establishing a review process for web/cloud services, requiring vendors to include provisions for independent information security audits and ensuring alignment with audit requirements through updates to the risk register and annual work plan.
“This project means a great deal to us,” said Jeremy Anderson, IT security and privacy risk manager. “When we started, we were navigating uncharted territory. It took collaboration, creative problem-solving and a lot of determination to bring it all together. To now be recognized alongside major organizations like Adobe and Cisco is incredibly meaningful.”
“Our goal is to ensure that everyone handling FSU’s data is doing so securely and responsibly,” said Keith Bennett, IT security and privacy risk manager. “Our team is committed to continuous improvement and making an even greater impact — not just at FSU, but across higher education.”
The 2025 CSO Award winners and inductees will be honored at the CSO Conference & Awards this fall.
“The security team is demonstrating leadership on both a national and global scale — that reflects the direction set by FSU President Richard McCullough and the recent leadership changes at Florida State,” Fozard said. “This recognition highlights not just our responses to audits, but also the quality of our day-to-day work.”
For more information, visit its.fsu.edu.