UCOP achieves major cybersecurity milestone through President’s Cybersecurity Letter program
July 1, 2025 •
Editor’s note: To access the links throughout this article, you will need to log in via your single sign-on username and password.
On Feb. 26, 2024, President Michael V. Drake, M.D., issued a call to action urging all UC locations to elevate cybersecurity practices to address the rapidly evolving cyber threat landscape. Six months later, UCOP launched the President’s Cybersecurity Letter (PCL) program, which aimed to reduce cybersecurity vulnerabilities and compliance risks by meeting six key objectives in standards and controls compliance.
We are thrilled to announce that UCOP successfully met all PCL program objectives by our target date of May 28, 2025. This marks a significant step in securing our digital ecosystem, aligning with systemwide cybersecurity standards and reducing our exposure to threats like ransomware and data breaches.
Long-term benefits for UCOP
Completing the PCL program has delivered tangible benefits that will continue to support our cybersecurity posture, including:
- New cyber metrics dashboard to track ongoing results
- Elimination of backlogged system weaknesses
- Establishment of the UCOP Vulnerability Management Program
- A Bring-Your-Own-Device standard to clarify requirements around using UCOP-managed devices
Highlights of the six PCL outcomes
| Outcome | Impact |
| Cybersecurity awareness training | Improved training compliance, boosting cybersecurity awareness and accountability across UCOP. |
| Timely escalation of cyber incidents | Reinforced importance of rapid incident reporting through communication and “Minutes Matter” campaign. |
| Identification, tracking and vulnerability management | Increased accuracy in IT asset inventory and improved remediation of system vulnerabilities. |
| Endpoint detection and response (EDR) | Enhanced endpoint security and VPN access control by deploying EDR on 100% of in-scope assets. |
| Multi-factor authentication (MFA) | Extended MFA to all UCOP email and group accounts, eliminated grace periods for new employees and introduced gap detection reporting. |
| Data loss prevention (DLP) | Reduced risk of unauthorized sharing of protected health information via email using advanced data loss prevention technology. |
Collaboration on a mission-driven effort
This effort would not have been possible without shared ownership, collaboration and coordination — and a commitment to safeguarding our institution. The program was led by Joshua Van Horn, deputy CISO and interim systemwide cyber defense manager, under the guidance of an executive steering group comprised of Monte Ratzlaff, Molly Greek, Heather Baptista, Holli Griffin Strauss, Sajjad Matin, April Sather and Kari Robertson.
Achieving this milestone required the dedication of nearly 80 colleagues across three divisions and over a dozen departments — including Information Technology Services, Risk Services, Human Resources, Local Operations and UC Legal — and exceptional project management by Madhuri Gujje.
Securing the future, together
Thank you to everyone who contributed to this significant achievement. Your work demonstrates the power of collaboration and the importance of cybersecurity in preserving the mission and integrity of the University of California.
Together, we’ve reached an important milestone. Now, let’s continue advancing toward an even more secure and unified digital future for UC.
For questions, contact Madhuri Gujje.
Tags: cybersecurity, President’s Cybersecurity Letter program
