This year's program will feature a mix of key talks from leaders in the cybersecurity community, a variety of panels led by OmniSOC member institutions, and training sessions presented by OmniSOC staff and partner institutions.
Note: Registrants will be given access to choose breakout sessions after registering.
All times are listed in Central Time (CT).
| Time | Session |
|---|---|
8-9am | Registration & Continental Breakfast |
9am-12pm | Maximizing Impact: Controls and Assessment Methodologies Mikeal Jones, Security Analyst, OmniSOC Josh Drake, Security Services Manager & Chief Information Security Officer, OmniSOC Will Drake, SecureMyResearch Consultant and Chief Information Security Officer, Center for Applied Cybersecurity Research Protect your institution and stay on top of compliance regimes: This three-hour workshop will show you how. Join OmniSOC Security Services Analyst and CACR’s Compliance Specialists to learn how evidence-based studies can help you map essential controls to attack techniques and key compliance frameworks. Learn how to build a threat model for your organization and take away three strategies for prioritizing your team’s efforts for maximum protection against the threats you face. |
12-1pm | Lunch |
1-4pm | Workforce Development Hands-On: A Workshop in Hiring and Developing Cybersecurity Professionals OmniSOC Management Team As OmniSOC has expanded to meet the community’s needs, we’ve learned valuable lessons about hiring and developing cybersecurity talent. Join members of OmniSOC’s leadership team as they share their processes, experiences and lead attendees through hands-on exercises in developing job descriptions that work, resume review and phone screen tactics, developing questions to measure key traits and behavioral interviewing. |
5:30pm | Meet and Greet at Aloft Hotel Lobby |
| Time | Session |
|---|---|
8-9am | Registration & Full Breakfast |
9-10am | Options: Jeffry Lang, Director of Cyber Defense Operations, Virginia Tech
Rm 203 | Data Source Priority and Threat Hunting; Unveiling Best Practices and Lessons Learned Rob Carlsen, Principal Security Engineer, OmniSOC
Rm 205 | REN-ISAC Session: The Crucial Role of Collaboration in Higher Education Anthony Newman, Executive Director, REN-ISAC |
10-10:10am
| Break |
10:10-11am | Options: Hugh Thomas, CEO and Founder, Forewarned
Rm 203 | Scaling for Success: OmniSOC Infrastructure Deep Dive and Looking Ahead Jeffrey Ravindran, Platform Engineer, OmniSOC
Rm 205 | How to Run Effective Table Top Exercises at Your Institution Scott Orr, SOC Operations Manager, OmniSOC
|
11-11:10am | Break
|
11:10-12pm | Options: Bryan Christ, Sr Identity Security Solutions Engineer, Bravura Security
Rm 203 | Stakeholder Management in a Crisis: Lessons From a Crisis Communicator Susan Sons, Executive Director, OmniSOC
Rm 205 | Getting the Most Out of Your Dashboards Ruben Perez, Principal Solutions Architect, Elastic |
12-1:30pm
| Lunch & Networking (room configuration change) |
1:30-2:20pm | Options: Adrian Crenshaw, Sr Security Analyst, OmniSOC
Rm 203/205 | Emoji Express: CISO Live Reactions Panel includes:
|
2:20-2:25pm | Break |
2:25-3:15pm | Options: Ed Bailey, Principle Technical Evangelist, Cribl
Rm 203/205 | Cybersecurity Challenges in the Small & Medium-Sized School Community Panel includes:
|
3:15-3:20pm | Break (configuration change) |
3:20-3:45pm | Rm 202/203/205 | Island Premiere Sponsor Talk |
3:45-3:50pm | Rm 202/203/205 | Gold Sponsor Spotlight Lightning Talk - IT Savvy
|
3:50-4:05pm | Rm 202/203/205 | Lightning Talk: GlobalNOC Light Corey Donovan, Business Operations Manager, GlobalNOC
|
4:05-4:10pm | Break |
4:10-5pm | Rm 202/203/205 | Beyond Firewalls: Management Skills for the Successful Infosec Professional
|
5:30-8:30pm | Join us for dinner at Fogo de Chão Brazilian Steakhouse, courtesy of Verkada. |
| Time | Session |
|---|---|
8-9am | Full Breakfast |
9-10am | Higher Education Executive Panel |
10-10:05am | Break |
10:05-10:10am | Gold Sponsor Spotlight Lightning Talk - Bravura Security |
10:10-11:10am | Transforming the Information Security Office: Lessons Learned from a Work in Progress Guy Albertini, Associate Vice President and Chief Information Security Officer, Rutgers University |
11:10-11:15am | Break |
11:15-11:20am | Gold Sponsor Spotlight Lightning Talk - Cribl |
11:20-12:15pm | Information Security Practice Principles & Closing Conference will adjourn at 12:15pm. Box lunches will be provided. |
Jeffry Lang, Director of Cyber Defense Operations, Virginia Tech
This presentation delves into Virginia Tech's planning, execution, and key findings from their 2023 Tabletop Exercise (TTX) initiative, a multi-team project spanning multiple months. Led by Jeffry Lang, Virginia Tech’s Director of Cyber Defense Operations, this session will provide attendees with valuable tips, lessons learned, and takeaways for increasing institutional engagement with TTXs, and invite engaging discussion around other attending institutions' experiences.
Rob Carlsen, Principal Security Engineer, OmniSOC
This session focuses on how OmniSOC has matured over the last 5 years-going from IDS analysts to empirical based threat hunting utilizing endpoint logs and threat intelligence. Attendees will be introduced to concepts such as top techniques, chokepoints as well as how OmniSOC has utilized the MITRE ATT&CK framework to guide prioritization efforts. Session takeaways include how to develop a framework for prioritization of detection engineering and threat hunting, how to identify open source intelligence opportunities for guiding decision making in a SOC, and how to build concepts of maturity and capabilities for a growing SOC.
Anthony Newman, Executive Director, REN-ISAC
In an age of escalating cybersecurity threats, collaboration has become crucial for bolstering the defenses of educational institutions. In this session, Anthony Newman, Executive Director of REN-ISAC, explores the pivotal role of partnerships in enhancing cybersecurity resilience in higher education. Drawing from his experience as the Chief Information Security Officer at Purdue University and the collaborative efforts between REN-ISAC and OmniSOC, Newman elucidates how partnerships drive positive change and tangible value. Through case studies, real-world examples, and firsthand experiences, attendees will gain a comprehensive understanding of how collaboration can amplify cybersecurity capabilities and fortify institutional defenses.
Additionally, Newman shares insights from his recent listening tour within the REN-ISAC community, highlighting diverse perspectives, challenges, and priorities voiced by its members. This exploration offers valuable insights into the evolving cybersecurity landscape in research and higher education, along with strategic recommendations for forging effective partnerships and fostering collective resilience.
Join Anthony Newman in this engaging session as he illuminates the transformative power of collaboration in safeguarding the digital infrastructure of higher education institutions, paving the way for a more secure and resilient future.
Hugh Thomas, CEO and Founder, Forewarned
Federated threat intelligence has promised improved network protection from cyber attacks for many years. At Duke University, the promise became a reality during 2020 when the University first saw over 50% of its network blocks attributed to threat intelligence data coming from its partners. Since that time, many more Higher Ed and research institutions have joined the partner program and the protection ratio has continued to improve, and is now measured at over 75% on a regular monthly basis.
As the STINGAR platform grows in popularity amongst the Higher Education community, new partners, as well as existing users, all benefit together from the quality of the shared threat data generated by the platform. In this session, Hugh will present an architectural review of the STINGAR Shared Threat Intelligence Platform developed by Duke University and now being offered and supported by Forewarned Inc, and will do a deep dive into the data and statistics produced from over 7 years of continuous production use of the platform.
Jeffrey Ravindran, Platform Engineer, OmniSOC
Every day, OmniSOC’s infrastructure ingests over 16 TB in security-log volume and sees more than 17 billion security events. That same infrastructure carries the logs that record over 200,000 security events per second. Join OmniSOC Platform Engineer Manager Jeffrey Ravindran for a deep dive into the simple, elegant, and robust hardware and software combination that powers higher education’s premier security operations center and how this combination is built to withstand continual growth as OmniSOC member volume expands.
Scott Orr, SOC Operations Manager, OmniSOC
Learn the components of conducting impactful Table Top Exercises (TTX) for improved security preparedness within your institution. Join Scott Orr to learn fundamentals of security exercises, navigating the TTX maturity model, crafting exercises, and executing them effectively.
Bryan Christ, Sr Identity Security Solutions Engineer, Bravura Security
Universities and colleges bear the essential duty of protecting the integrity of academic and business processes. To fulfill this obligation, there is a dire need for a security infrastructure that is both resilient and streamlined, adept at catering to the varied needs of students, faculty, and staff.
During this presentation, we will dissect the role of identity analytics and automation in enhancing security strategies. We will delve into how these technologies can refine the onboarding and offboarding procedures, ensure expedited access to critical resources, and ultimately fortify the academic environment against potential threats.
Susan Sons, Executive Director, OmniSOC
Incidents happen. The real test of a cybersecurity program is how those incidents are managed when they do happen. Executing well on technical incident response is important, but if stakeholders start to panic, or try to run the process themselves, even a straightforward incident can balloon into a complex crisis. Preventing this takes solid communication and the ability to constantly nudge people with different motivations and points of view toward a common and reasonable direction. Join this talk to learn a time-tested stakeholder management method taken from hostage negotiation and how to apply it to incident response. OmniSOC Executive Director, cybersecurity incident responder, and volunteer crisis communicator Susan Sons will lead the training.
Ruben Perez, Principal Solutions Architect, Elastic
Often we are required to provide the status and state of our enterprise at a moment's notice. However, all too often this ask turns into a game of telephone to get the answers and/or have someone decipher unclear graphs and charts. Come see how Elastic's flexibility can help anyone leverage dashboards to answer the business questions.
Adrian Crenshaw, Sr Security Analyst, OmniSOC
Join Adrian for a hands-on lock picking session that promises both fun and informal learning! In this session, attendees will receive an introduction to lock picking, unraveling the components behind this skill.
Panel includes:
Jump on board for a unique and entertaining panel session titled "Emoji Express: CISO Live Reactions," where CISOs take center stage in a lighthearted exploration of cybersecurity challenges, expressing their thoughts and reactions using a variety of emoji signs.
The panelists will be presented with scenes from cybersecurity-related movies, simulated incident scenarios, and other engaging items. As each scenario unfolds, our expert CISOs will respond by selecting an emoji that best captures their reaction. Moderator Scott Orr will explore these reactions, asking them to share the reasoning behind their emoji choices.
Ed Bailey, Principle Technical Evangelist, Cribl
Higher education and research institutions face the challenge of aggressive threat actors and rapidly growing data volumes without their budgets growing simultaneously. Security and IT teams are also working with limited staffing, so every decision and project has to be focused on efficiency. Leaders know that nothing can be wasted, so organizations must spend time creating sustainable strategies to help guide downstream decision making so every decision is aligned toward a common goal. Defining and implementing a comprehensive security and observability data strategy is critical to creating and maintaining a sustainable organization wide monitoring and security posture.
In this session, attendees will learn:
Panel includes:
This panel session, moderated by Joseph Potchanant, brings together leaders from a diverse set of colleges and universities to address the pressing cybersecurity challenges faced by the small and medium-sized school community. The discussion will explore the unique issues encountered by these institutions, ranging from staffing constraints and budget limitations to other critical considerations.
Attendees of OmniSOC Con can join a capabilities presentation from Island.io that includes topics such as:
Corey Donovan, Business Operations Manager, GlobalNOC
In this lightning talk, we’ll introduce you to GlobalNOC Light, a lightweight monitoring and network operations center (NOC) service. GlobalNOC Light is built using GlobalNOC’s best-of-breed operations automation platforms and NOC support. With a simple configuration console, your IT staff can set a high-level monitoring policy that’s easy to set up and maintain, while GlobalNOC Light automatically and constantly updates monitoring based on this policy when we detect changes in your network via automated polling.
Panel includes:
Join us for a panel session, "Beyond Firewalls: Management Skills for the Successful Infosec Professional," where experienced leaders in information security share invaluable knowledge on transitioning from technical expertise to effective leadership. Moderated by Brandon Grill, this panel will explore the pivotal moment in an infosec professional's career when mastering management skills becomes essential. Gain practical knowledge to foster your journey towards becoming (or maintaining) a well-rounded and influential infosec professional.
Guy Albertini, Associate Vice President and Chief Information Security Officer, Rutgers University
In this talk, Guy reflects on the transformative journey leading the Rutgers security office. Over the past couple of years, Albertini has steered the office through significant changes. The talk will look into the office's starting point, its current path forward, and key takeaways from this ongoing evolution. Join to hear about challenges faced, strategies implemented, and valuable lessons learned in the ongoing transformation.
Susan Sons, Executive Director and co-author of ISPPs, OmniSOC
The very best information security professionals are like health care professionals, lawyers, and military commanders. They do much more than implement compliance checklists or set up firewalls: they think critically and use judgment to make decisions and offer guidance. They apply their experience and expertise to the full scale of cyber problems, from system design to developing and implementing cybersecurity programs addressed to an entire mission or campaign. Most importantly: they adapt.
We need more of these cyber samurai, and that means maturing the information security community and how we educate and train. There are true masters of information security, but we believe that excellence in this field leans heavily on master-apprentice relationships, trial-and-error experience, and the mimetic transfer of knowledge and know-how. These represent very powerful ways to learn, but they don’t necessarily scale or produce quick results. The ISPPs can be a cornerstone of information security education, helping new practitioners build a very deep and very broad insight into what information security is all about. Join Susan as she presents an overview of the ISPPs and how to use them at your organization.
The Omni Security Operations Center (OmniSOC) is a pioneering initiative that helps higher education institutions reduce the impact of cybersecurity threats.
