Conference Program

Thursday, March 28, 2024

Day 3 - Plenary
TimeSession

8-9am

Full Breakfast

9-10am

Higher Education CIO Panel

10-10:05am

Break

10:05-10:10am

Gold Sponsor Spotlight Lightning Talk

10:10-11:00am

Transforming the Information Security Office: Lessons Learned from a Work in Progress

Guy Albertini, Associate Vice President and Chief Information Security Officer, Rutgers University

11-11:25am

Premiere Sponsor Talk - IT Savvy

11:25-11:30am

Break

11:30-11:35am

Gold Sponsor Spotlight Lightning Talk

11:35-12:15pm

Information Security Practice Principles 

Susan Sons, Executive Director, OmniSOC

 

Conference will adjourn at 12:15pm. Box lunches will be provided.

Abstracts

Jeffry Lang, Director of Cyber Defense Operations, Virginia Tech

This presentation delves into Virginia Tech's planning, execution, and key findings from their 2023 Tabletop Exercise (TTX) initiative, a multi-team project spanning multiple months. Led by Jeffry Lang, Virginia Tech’s Director of Cyber Defense Operations, this session will provide attendees with valuable tips, lessons learned, and takeaways for increasing institutional engagement with TTXs, and invite engaging discussion around other attending institutions' experiences.

Rob Carlsen, Principal Security Engineer, OmniSOC

This session focuses on how OmniSOC has matured over the last 5 years-going from IDS analysts to empirical based threat hunting utilizing endpoint logs and threat intelligence. Attendees will be introduced to concepts such as top techniques, chokepoints as well as how OmniSOC has utilized the MITRE ATT&CK framework to guide prioritization efforts. Session takeaways include how to develop a framework for prioritization of detection engineering and threat hunting, how to identify open source intelligence opportunities for guiding decision making in a SOC, and how to build concepts of maturity and capabilities for a growing SOC.

Anthony Newman, Executive Director, REN-ISAC

In an age of escalating cybersecurity threats, collaboration has become crucial for bolstering the defenses of educational institutions. In this session, Anthony Newman, Executive Director of REN-ISAC, explores the pivotal role of partnerships in enhancing cybersecurity resilience in higher education. Drawing from his experience as the Chief Information Security Officer at Purdue University and the collaborative efforts between REN-ISAC and OmniSOC, Newman elucidates how partnerships drive positive change and tangible value. Through case studies, real-world examples, and firsthand experiences, attendees will gain a comprehensive understanding of how collaboration can amplify cybersecurity capabilities and fortify institutional defenses.

Additionally, Newman shares insights from his recent listening tour within the REN-ISAC community, highlighting diverse perspectives, challenges, and priorities voiced by its members. This exploration offers valuable insights into the evolving cybersecurity landscape in research and higher education, along with strategic recommendations for forging effective partnerships and fostering collective resilience.

Join Anthony Newman in this engaging session as he illuminates the transformative power of collaboration in safeguarding the digital infrastructure of higher education institutions, paving the way for a more secure and resilient future.

Hugh Thomas, CEO and Founder, Forewarned

Federated threat intelligence has promised improved network protection from cyber attacks for many years. At Duke University, the promise became a reality during 2020 when the University first saw over 50% of its network blocks attributed to threat intelligence data coming from its partners. Since that time, many more Higher Ed and research institutions have joined the partner program and the protection ratio has continued to improve, and is now measured at over 75% on a regular monthly basis.

As the STINGAR platform grows in popularity amongst the Higher Education community, new partners, as well as existing users, all benefit together from the quality of the shared threat data generated by the platform. In this session, Hugh will present an architectural review of the STINGAR Shared Threat Intelligence Platform developed by Duke University and now being offered and supported by Forewarned Inc, and will do a deep dive into the data and statistics produced from over 7 years of continuous production use of the platform.

Jeffrey Ravindran, Platform Engineer, OmniSOC

Every day, OmniSOC’s infrastructure ingests over 16 TB in security-log volume and sees more than 17 billion security events. That same infrastructure carries the logs that record over 200,000 security events per second. Join OmniSOC Platform Engineer Manager Jeffrey Ravindran for a deep dive into the simple, elegant, and robust hardware and software combination that powers higher education’s premier security operations center and how this combination is built to withstand continual growth as OmniSOC member volume expands.

Caroline Weilhamer, Director of Member Services and Community Engagement, I-Light and Scott Orr, SOC Operations Manager, OmniSOC

Join Scott Orr, OmniSOC Operations Manager, and Caroline Weilhamer, I-Light Director of Member Services and Community Engagement for a session on "Better Security through Herd Immunity: A Focus on Research and Education Networks." This session will explore OmniSOC and I-Light's recent Herd Immunity initiative, covering project components, goals, and benefits in improving security for all I-Light member institutions. Discover how a unified community approach to security could strengthen a whole network and explore the advantages experienced by I-Light members through collaborative partnerships like OmniSOC and I-Light. 

Bryan Christ, Sr Identity Security Solutions Engineer, Bravura Security

Universities and colleges bear the essential duty of protecting the integrity of academic and business processes. To fulfill this obligation, there is a dire need for a security infrastructure that is both resilient and streamlined, adept at catering to the varied needs of students, faculty, and staff.

During this presentation, we will dissect the role of identity analytics and automation in enhancing security strategies. We will delve into how these technologies can refine the onboarding and offboarding procedures, ensure expedited access to critical resources, and ultimately fortify the academic environment against potential threats.

Key Takeaways:

  • Dispel common misconceptions and red herrings about starting an Identity Governance and Administration (IGA) Program.
  • Gain an in-depth understanding of how a modular and adaptable solution can align with the dynamic requirements of educational institutions.
  • Explore the potential of tools for continuous improvement, offering both routine and in-depth analytics on your identity security stance, and aiding in the communication of ongoing advancements to your institution's academic capabilities.
  • Discover how to diminish IT support expenses through the strategic use of automation in identity governance.
  • Learn to navigate the laundry list of security accomplishments including the complexities of regulatory compliance and risk mitigation with greater ease.

Susan Sons, Executive Director, OmniSOC

Incidents happen. The real test of a cybersecurity program is how those incidents are managed when they do happen. Executing well on technical incident response is important, but if stakeholders start to panic, or try to run the process themselves, even a straightforward incident can balloon into a complex crisis. Preventing this takes solid communication and the ability to constantly nudge people with different motivations and points of view toward a common and reasonable direction. Join this talk to learn a time-tested stakeholder management method taken from hostage negotiation and how to apply it to incident response. OmniSOC Executive Director, cybersecurity incident responder, and volunteer crisis communicator Susan Sons will lead the training.

Ruben Perez, Principal Solutions Architect, Elastic

Often we are required to provide the status and state of our enterprise at a moment's notice. However, all too often this ask turns into a game of telephone to get the answers and/or have someone decipher unclear graphs and charts. Come see how Elastic's flexibility can help anyone leverage dashboards to answer the business questions.

Adrian Crenshaw, Sr Security Analyst, OmniSOC

Join Adrian for a hands-on lock picking session that promises both fun and informal learning! In this session, attendees will receive an introduction to lock picking, unraveling the components behind this skill.

Panel includes:

  • Scott Orr, SOC Operations Manager, OmniSOC
  • Ed Murphy, Associate Vice President and CISO, Universities of Wisconsin
  • Guy Albertini, Associate Vice President and Chief Information Security Officer, Rutgers University
  • Ian Washburn, Deputy Chief Information Security Officer, University of Notre Dame

Jump on board for a unique and entertaining panel session titled "Emoji Express: CISO Live Reactions," where CISOs take center stage in a lighthearted exploration of cybersecurity challenges, expressing their thoughts and reactions using a variety of emoji signs.

The panelists will be presented with scenes from cybersecurity-related movies, simulated incident scenarios, and other engaging items. As each scenario unfolds, our expert CISOs will respond by selecting an emoji that best captures their reaction. Moderator Scott Orr will explore these reactions, asking them to share the reasoning behind their emoji choices.

Ed Bailey, Principle Technical Evangelist, Cribl

Higher education and research institutions face the challenge of aggressive threat actors and rapidly growing data volumes without their budgets growing simultaneously. Security and IT teams are also working with limited staffing, so every decision and project has to be focused on efficiency. Leaders know that nothing can be wasted, so organizations must spend time creating sustainable strategies to help guide downstream decision making so every decision is aligned toward a common goal. Defining and implementing a comprehensive security and observability data strategy is critical to creating and maintaining a sustainable organization wide monitoring and security posture.

In this session, attendees will learn:

  1. What is a data strategy, and why is it important?
  2. Why you get started by understanding your business strategy
  3. How to define your technical goals
  4. Define your end state data strategy
  5. Walk through a scenario to show the value of a high quality data strategy

Panel includes:

  • Joseph Potchanant, Moderator
  • Carly Klimash, Director Of Infrastructure, Lehigh Carbon Community College
  • Matt Nappi, Chief Information Security Officer, Stony Brook University
  • Eric Zematis, Chief Information Security Officer, Lehigh University

This panel session, moderated by Joseph Potchanant, brings together leaders from various small colleges and universities to address the pressing cybersecurity challenges faced by the small and medium-sized school community. The discussion will explore the unique issues encountered by these institutions, ranging from staffing constraints and budget limitations to other critical considerations.

Corey Donovan, Business Operations Manager, GlobalNOC

In this lightning talk, we’ll introduce you to GlobalNOC Light, a lightweight monitoring and network operations center (NOC) service. GlobalNOC Light is built using GlobalNOC’s best-of-breed operations automation platforms and NOC support. With a simple configuration console, your IT staff can set a high-level monitoring policy that’s easy to set up and maintain, while GlobalNOC Light automatically and constantly updates monitoring based on this policy when we detect changes in your network via automated polling.

Panel includes:

  • Brandon Grill, Senior Director, Technology Planning and Security, Northwestern University
  • Rick Haugerud, Assistant Vice President, Information Technology Services, University of Nebraska
  • Jeff Savoy, Chief Information Security Officer, University of Wisconsin - Madison
  • And more!

Join us for a panel session, "Beyond Firewalls: Management Skills for the Successful Infosec Professional," where experienced leaders in information security share invaluable knowledge on transitioning from technical expertise to effective leadership. Moderated by Brandon Grill, this panel will explore the pivotal moment in an infosec professional's career when mastering management skills becomes essential. Gain practical knowledge to foster your journey towards becoming (or maintaining) a well-rounded and influential infosec professional.

Guy Albertini, Associate Vice President and Chief Information Security Officer, Rutgers University

In this talk, Guy reflects on the transformative journey leading the Rutgers security office. Over the past couple of years, Albertini has steered the office through significant changes. The talk will look into the office's starting point, its current path forward, and key takeaways from this ongoing evolution. Join to hear about challenges faced, strategies implemented, and valuable lessons learned in the ongoing transformation.

Susan Sons, Executive Director and co-author of ISPPs, OmniSOC

The very best information security professionals are like health care professionals, lawyers, and military commanders. They do much more than implement compliance checklists or set up firewalls: they think critically and use judgment to make decisions and offer guidance. They apply their experience and expertise to the full scale of cyber problems, from system design to developing and implementing cybersecurity programs addressed to an entire mission or campaign. Most importantly: they adapt.

We need more of these cyber samurai, and that means maturing the information security community and how we educate and train. There are true masters of information security, but we believe that excellence in this field leans heavily on master-apprentice relationships, trial-and-error experience, and the mimetic transfer of knowledge and know-how. These represent very powerful ways to learn, but they don’t necessarily scale or produce quick results. The ISPPs can be a cornerstone of information security education, helping new practitioners build a very deep and very broad insight into what information security is all about. Join Susan as she presents an overview of the ISPPs and how to use them at your organization.