Case Study: Morgan State University achieves continuous control validation and stronger cybersecurity defenses with AttackIQ

Protecting the Reputation of a Top-Tier Historically Black College

Morgan State University, a Baltimore-based HBCU serving about 7,000 students and 2,000 faculty and staff, faced a growing attack surface as its research profile expanded and threats like ransomware and data theft increased. Lacking budget and staff for continuous red‑team or frequent penetration testing, Morgan State sought an automated breach-and-attack simulation solution and selected AttackIQ’s Security Optimization Platform to provide regular, controlled penetration testing and control validation.

AttackIQ implemented its Security Optimization Platform to automate testing across Morgan State’s network, map controls to the MITRE ATT&CK framework, and produce evidence of IDS/IPS/endpoint effectiveness. As a result, Morgan State gained clearer, evidence‑based security‑investment decisions, greater leadership confidence, assurances to students and staff that data is protected, and streamlined support for potential CMMC compliance—enabling the university to identify and remediate control gaps before adversaries exploit them.

Morgan State University

Paco Rosas-Moreno

Chief Information Security Officer