Challenge
Texas A&M exploded from essentially zero cloud presence in 2020 to over 550 accounts across AWS, Azure, and GCP, creating massive visibility gaps and "invisible" research projects that a lean team could not manually track.
Traditional security tools lacked the context to differentiate between high-risk exposures and controlled research scenarios—such as a professor intentionally deploying malware on a VM for a classroom demonstration.
A security team of fewer than three full-time employees (FTEs) was tasked with supporting 150 developers and hundreds of researchers, making it impossible to perform manual code reviews or serve as a gatekeeper for deployment.
Solution
Wiz provided immediate holistic visibility across all cloud environments in one hour, giving the team a single pane of glass to monitor more than $3 million in annual cloud spend.
The Wiz Security Graph allowed the team to trace how research workloads connected, identifying actual attack paths and prioritizing real risks over isolated or intentional vulnerabilities.
The university implemented Wiz Code to gain direct visibility into developer repositories, enabling a "shift-left" approach that identifies misconfigurations in Terraform and IaC before they reach the cloud.
The thing that really stood out was the way Wiz presented information. I felt comfortable handing remediation steps to a grad student or professor who might not fully understand the nature of what they created, knowing they would be successful.
Robert Stricklin Jr, Associate Director for Cloud Application and AI Security, Texas A&M University
1 hour to deploy
across AWS, Azure, and GCP environments
Hundreds of non-security users
(students, professors, and developers) empowered to self-remediate
550+ cloud accounts secured
with fewer than 3 full-time security professionals
Powering Innovation at Scale
Texas A&M University stands as a powerhouse in public higher education research, commanding the second-highest compute capability among public institutions in the United States. This massive infrastructure supports cutting-edge research initiatives spanning artificial intelligence, scientific computing, and data-intensive academic programs that serve students, faculty, and researchers across a large campus ecosystem.
In 2020, Texas A&M's cloud footprint was essentially invisible. The university had either no cloud presence or lacked awareness of what cloud resources existed across its decentralized environment. Fast forward just a few years, and the transformation was staggering: over 300 accounts in AWS, over 200 in Azure, and nearly 100 in GCP. Robert Stricklin Jr, Associate Director for Cloud Application and AI Security, leads a team of fewer than three security professionals tasked with securing this vast, distributed environment. With a ratio of three security pros to 150 developers and hundreds of researchers, the traditional security model—where the security team reviews every line of code and approves every deployment—was a mathematical impossibility.
Trying to democratize security is the really big challenge. In a university, we aren't in the place of policing how people learn; we are in the place of making sure they learn in a secure and safe environment. Wiz just helped us do that.
Robert Stricklin Jr, Associate Director for Cloud Application and AI Security, Texas A&M University
Illuminating the Dark: Holistic Visibility
The first hurdle for Texas A&M was simply seeing what they had. With over 550 accounts spread across three major cloud providers, "invisible" projects were a constant concern. Before Wiz, the university relied on low-level, fragmented alerting from native cloud tools. There was no single view to assess the university's overall security posture, leaving the team reactive rather than proactive.
Wiz transformed this landscape in just one hour. Deployment across all three environments was seamless, providing immediate visibility into every account, resource, and identity. For the first time, Stricklin and his team could see the full picture. This was crucial for a university operating at the pace of research calendars, where graduate students might spin up high-compute resources for a dissertation or professors might launch new environments for grant-funded projects overnight.
Context-Driven Risk with the Security Graph
Visibility was the foundation, but the Wiz Security Graph provided the intelligence. In a Tier 1 research institution, traditional vulnerability scanners often produce "noise" because of the unique nature of academic work. Stricklin points to a recurring example: every semester, a professor spins up a VM and purposely infects it with malware to teach students how it operates.
In a standard corporate environment, this would trigger an emergency response. At Texas A&M, the Security Graph allows the team to trace the issue and see the broader context. They can quickly determine if there are extra layers of security—such as network segmentation or specific access controls—between that malware and the internet. By seeing the actual attack path, the team can prioritize real risks, like exposed secrets or identity leakage, while deprioritizing intentional classroom exercises. This risk-based prioritization ensures that a lean team of three isn't wasting time on non-issues.
The Security Graph lets us trace issues to determine real risk. We recently found vulnerabilities that we could deprioritize because we saw there were extra layers of security between the internet and that resource. That perspective is something we never had before.
Robert Stricklin Jr, Associate Director for Cloud Application and AI Security, Texas A&M University
Moving Early with Wiz Code
Once the team had a handle on the cloud environment, the focus changed to "shifting left"—identifying risks before they ever reached production. To achieve this, the university adopted a two-pronged approach to code security. While maintaining some legacy tools, Texas A&M integrated Wiz Code for its most high-profile, automation-heavy projects.
Wiz Code has transformed the relationship between security and the 150 developers on campus. Previously, checking the security of a project required manual drilling into individual repositories, a process that didn't scale. Now, the security team has direct visibility into the repos, allowing them to see exactly which issues are being flagged and whether developers are actually fixing them in real-time. For a university heavily invested in Terraform, Wiz Code provides superior detection for Infrastructure as Code (IaC), catching misconfigurations at the source.
For projects heavy on Terraform and automation, we use Wiz Code. It’s better at identifying those specific differences and provides the additional information we need to see exactly where a problem originates without manual drilling.
Robert Stricklin Jr, Associate Director for Cloud Application and AI Security, Texas A&M University
Real-Time Defense and the AI frontier
As Texas A&M pushes the boundaries of AI, securing the underlying infrastructure has become a top priority. The university recently launched a Vision Supercomputer (the "SuperPod"), which provides massive compute capability for AI research. To secure this and other Kubernetes-based AI deployments, the university utilizes Wiz Defend and the Wiz sensor.
The Wiz sensor provides the real-time visibility necessary for modern AI workloads. It helps secure the environment for an AI chat instance used by all system members, ensuring the platform is resilient against prompt injection attacks and that the underlying LLMs are patched against known vulnerabilities. Wiz Defend surfaces these runtime alerts with the same clarity found in the rest of the platform, allowing the cloud operations team to respond to threats the moment they appear.
Democratizing Security Success
The true measure of success for Texas A&M is the cultural shift toward self-remediation. Because the platform is so intuitive—Stricklin describes the UI as a place where "everything is where I think it should be"—the university's operations team lives in Wiz every day.
Stricklin no longer has to "poke" people to fix critical issues. He can log in, check the risks overview, and see that the counts are going down because the teams responsible for those workloads have already applied the fix. This democratized approach turns every cloud user into a security contributor, allowing the lean security team to focus on strategic growth rather than tactical firefighting.
Our operations team is in the tool every day. I don’t have to notify them when a critical issue pops up—they tackle it themselves. It makes my job much easier when I don’t have to poke people to get things fixed.
Robert Stricklin Jr, Associate Director for Cloud Application and AI Security, Texas A&M University
Securing the Future of Higher Ed
Texas A&M is continuing to expand how it approaches cloud and AI security, with a focus on staying aligned to the pace of research and innovation. As new workloads emerge, especially across AI and high-performance computing, the team is focused on extending visibility and context without adding operational overhead.
Wiz is becoming a foundation for that approach. With visibility across code, cloud, and runtime, the team is exploring how to further embed security into developer workflows and research environments from the start. This includes expanding the use of Wiz Code for Infrastructure as Code and continuing to leverage Wiz Defend and the sensor for real-time insight into evolving workloads.
At the same time, the team is looking to deepen the culture of shared responsibility they have already established. By enabling more students, researchers, and engineers to take ownership of security, they can scale their impact without scaling headcount.
As Texas A&M continues to push the boundaries of research and AI, their focus remains clear; support innovation while ensuring every new workload is built and run with the right context, visibility, and guardrails in place.
Reference to Texas A&M University or the use of the Texas A&M name and/or logo does not constitute or imply endorsement, recommendation, or favoring of any commercial company, products or services by Texas A&M or its jurisdiction.
