1. Home
  2. News
  3. Get to know F&S: Lin Su

Get to know F&S: Lin Su

Meet Lin, the tech specialist safeguarding F&S’ safety and privacy in the digital world

A photo of Lin leaning on a wooden railing, smiling. He's wearing glasses.
Su: the go-to-guy for F&S’ cyber-security needs. (Photo by Donglin Que)

As industry leaders, Facilities & Services at the University of Toronto’s St. George campus leverages a broad range of technology to deliver a myriad of services. F&S doesn’t just mop, keep the lights on and heat the room: the department is constantly innovating to efficiently track, report, predict and refine its services. Those technologies require experts like Lin Su to operate them. 

Su works with the Facilities & Services IT team. As IT Security Administrator, Su is responsible for protecting the web safety of all the department’s operations. 

F&S relies on many portals, platforms and sites to keep campus running, including our central platform for logging, assigning and tracking service orders. Each platform, new and existing, must be rigorously reviewed for any potential security threats. 

Su is the mastermind behind F&S’s Web Application Firewall (WAF), which inspects web traffic for malware, bots and malicious code that could disrupt networks or data. Unlike a traditional firewall, which protects against all types of network traffic, the WAF is designed to specifically flag security concerns targeting an organization’s web portals. Su configured F&S’s WAF in just three months after joining U of T in 2025, and he uses it to check for security risks on a daily basis. This has led him to collaborate with many groups across F&S’s portfolio, including Utilities, Campus Safety and Trades 

“The people here are the best part of this job,” says Su. “Everyone understands the importance of the security work we have to do, and the impact it has on everything.”  

Aside from the WAF, Su is busy keeping F&S cybersecurity standards up to date with U of T’s latest policies. He is responsible for conducting the annual Data Asset Inventory & Information Risk Self-Assessment (DAI-IRSA), a university-wide initiative commissioned by U of T’s Information Technology Services (ITS). Spanning several months, the process involves a full survey of the department to track key data assets, identify vulnerabilities and recommend new security strategies. The goal is to actively manage information security risks by making risk-informed decisions. 

As phishing scams become increasingly sophisticated with the use of AI, greater awareness and protection against them are required in order to keep our systems safe. Su is on hand to provide recommendations and guidance for F&S teammates who encounter these scams. He also monitors for potential threats through online research, and keeps up-to-date with the ever-changing tactics used by hackers and bots alike. 

Su’s passion for cybersecurity extends beyond his work with F&S. At home, he has built his own tech lab, where he likes to explore cutting-edge cybersecurity tools, experiment with coding and create new servers. 

Next time you open an F&S webpage or interact with the service portal, think of the work Su and his team do to keep your information safe!  

March 04, 2026
Lorraine Lau