Malcolm Blow serves as Chief Information Security Officer at Bowie State University, where he leads cybersecurity strategy for a complex higher education environment that includes students, faculty, research programs, and public sector obligations. With nearly three years running the cyber program at Bowie State, Malcolm is responsible for protecting institutional data while preserving the academic openness that defines university life. His background spans more than a decade in federal cybersecurity operations across defense, intelligence, and scientific agencies, experience that directly informs his pragmatic approach to risk, governance, and executive decision making. In addition to his university role, Malcolm is the founder of Quantiuum, where he advises organizations on translating technical risk into executive and board level understanding.

• Why higher education security resembles managing a small city

• How universities balance open access with cybersecurity controls

• Where AI fits into modern security operations and governance

• Why human oversight remains essential in regulated AI use cases

• How privacy laws shape AI adoption in public institutions

• What provable compliance looks like in higher education

• How the CISO role is evolving into a business enabling function

Malcolm Blow outlines the unique cybersecurity challenges facing universities, where thousands of students connect multiple personal devices to campus networks every day. Unlike traditional enterprises, higher education must secure faculty and staff systems while simultaneously supporting student access, research freedom, and academic experimentation. Malcolm explains how isolating environments by use case allows institutions to manage risk without disrupting learning or innovation.

The discussion moves into artificial intelligence and cybersecurity, where Malcolm emphasizes that AI is no longer optional for organizations trying to compete and defend themselves. He explains that technology is often the fastest lever to pull in environments constrained by limited budgets and staffing. At the same time, regulatory requirements around privacy and AI use demand careful implementation, particularly in public sector and educational settings.

Malcolm shares real examples of where AI systems can create unintended consequences when human oversight is removed. From admissions decisions to security monitoring, he explains why having a human in the loop is often required to meet regulatory expectations and avoid reputational or legal harm. Compliance alone is not sufficient if systems are not designed with accountability and context.

The conversation concludes with an in depth look at how the CISO role has changed. Malcolm describes the shift from security as a blocking function to security as a strategic partner. Today's CISO must translate cyber risk into business terms, guide executive decision making, and enable the organization to move faster while staying within defined risk tolerance.

Note: The views stated by Malcolm reflect his own and not of his employer's current or previous.