Day 1 Sessions - Tuesday, 6/15/2021 | Information Security Symposium

10:30 AM

[RESCHEDULED] California's New Privacy Laws: How Will They Impact UC
Session Code: S04
Start: 6/15/2021 10:30 AM
End: 6/15/2021 11:15 AM
Tags: Data Privacy & Integrity, Risk & Compliance
Session Description
The session will discuss the California Consumer Privacy Act and the California Privacy Rights Act of 2020, and how the laws may impact the University.

Prerequisites
None.

Speaker Bios
Hillary Noll Kalay is Senior Counsel for UC Legal's Health and Technology Law group. Hillary joined UC Legal in January 2016 and provides guidance on clinical research matters, data initiatives, U.S. and international privacy laws, and supports UC Health procurement. Hillary led UC Legal's effort in educating and advising stakeholders on the EU General Data Protection Regulation. Prior to joining UC Legal, Hillary served as Research Policy Manager for UC's Research Policy Analysis and Coordination unit, developing University policy on clinical research and negotiating and advising campuses on clinical research agreements. Prior to joining UC, Hillary practiced intellectual property litigation at national law firms. Hillary is a graduate of the University of California, Berkeley (BA,MPP), and NYU School of Law.

Hannah Noll-Wilensky joined UC Legal in October 2020 as a Fellow and supports the Health and Technology Law group in matters relating to cybersecurity, privacy, Title IX policy, and health care compliance. Prior to joining UC, Hannah served as a law clerk for the ACLU Women's Rights Project, the UCSF/UC Hastings Medical Legal Clinic for Seniors, and the Giffords Law Center to Prevent Gun Violence. Hannah is a graduate of Lewis and Clark College (BA), and the University of California, Hastings College of the Law.

Program Governance: How To Mature And Comply Using Metrics
Session Code: S29
Start: 6/15/2021 10:30 AM
End: 6/15/2021 11:15 AM
Tags: Security Fundamentals
Session Description
Governance is all about evaluating the needs, conditions, and options; directing through prioritization, and decision making; and monitoring performance and compliance against agreed-on direction and objectives. Maturity is all about organizations' capability to deliver services to address the business needs and create value for the stakeholders, both internal and external. It enables organizations to determine where they are and where they want to be; the current as is state and the future to be state.

The session will address the basic elements of Information Security Program Governance and guide the audience through a practical example showing how to measure maturity and compliance using metrics, all based on the existing standards, frameworks, laws e.g., ISO 27001, NIST CSF, HIPAA, others.

Prerequisites
Intermediate level understanding of information security, related topics, and associated standards, frameworks.

Speaker Bios
Tolgay Kizilelma has over twenty-five years of business-IT experience covering the whole IT spectrum. He is currently leading cybersecurity efforts as the Chief Information Security Officer at UC Merced. He is an advocate of lifelong learning and teaches graduate business analytics courses at Saint Mary's College of California. He is an accredited ISACA CGEIT and CRISC trainer and serves as the Government and Regulatory Advocacy Director for ISACA Sacramento Chapter. His current research interests are cybersecurity, privacy, business analytics, and educational IT programs. He has various industry certifications, a BS degree in computer engineering, an MBA, and PhD focusing on information security, quality, and patient safety.

Prove and Improve Your Security Effectiveness
Session Code: S44
Start: 6/15/2021 10:30 AM
End: 6/15/2021 11:15 AM
Tags: Managing & Leading Security
Session Description
Investments in cyber security have rapidly increased in recent years, yet high-profile breaches continue to make headlines, and the economic and financial losses stemming from these breaches continue to grow.

Meanwhile, organizations have been managing cybersecurity based on assumptions, and in many cases, we don't have a way to evaluate security effectiveness let alone have any empirical evidence to back up our assumptions.

Attendees of this presentation will be able to understand how security validation and assessment tools can help optimize costs as well as measure risk through the following:
• Identify security gaps with an intelligence-led approach
• Differentiate new ways of diagnosing effectiveness across talent, techniques and technology
• Reveal issues related to environmental drift, under and over security investment, and the procurement of new solutions
• Expose areas where automation can assist security teams with scale
• Understand how bottom-up validation combined with a top-down risk assessment can improve security ROI
• Measure and communicate security effectiveness, based on evidence, to the C-suite and boards

Prerequisites
Cyber Security and IT Professionals welcome, as well as business leads interested in cyber security.

Speaker Bios
Brian Contos, VP & CISO, Mandiant Advantage

Brian is a seasoned executive, board advisor, and serial entrepreneur with 25+ years in the cybersecurity industry. After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, he began the process of building security startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, Cylance, JASK, and Verodin. Brian has worked in over 50 countries across six continents. He has authored several books, his latest with the former Deputy Director of the NSA and speaks at events globally such as Black Hat, RSA, Interop, and BSides. Brian writes for Forbes Magazine and is often interviewed by the media. He was recently featured in a cyberwar documentary alongside General Michael Hayden, the former Director of the NSA and CIA.

Using CAS & Grouper to require campus-wide passphrase resets
Session Code: S27
Start: 6/15/2021 10:30 AM
End: 6/15/2021 11:15 AM
Tags: IAM, Security Operations
Session Description
In this session, learn how UC Berkeley used CAS interrupts, Grouper and targeted messaging to require every student, employee and affiliate on campus to update their passphrase.

The CalNet IS-3 Passphrase Change Project is intended to align UC Berkeley with new passphrase requirements laid out in the latest update of the University of California's systemwide Information Security Policy, IS-3.

Prerequisites
This session is appropriate for anyone who is: interested in or works in IAM; works with CAS or Grouper; is responsible for implementing IS-3; or is curious about making change on campus.

Speaker Bios
Summer Scanlan is a Data Analyst in the Information Security Office at UC Berkeley. She manages support for CalNet, the Identity and Access Management team at Cal.

Tenable
Session Code: [EXPO]
Start: 6/15/2021 10:30 AM
End: 6/15/2021 11:30 AM
Session Description
Nearly every attack on enterprise networks target Active Directory. The main reason is that AD holds the "Keys to the Kingdom" and once AD is compromised, the entire network is compromised. Therefore, securing AD is paramount and negating lateral movement and privilege escalation becomes priority one for all organizations running Active Directory. Let 17X Microsoft MVP Derek Melber walk you through the finer points on how Tenable.ad can help you prepare for an attack by cleaning up your existing AD security, maintaining a hardened security posture, and even detecting attacks on AD in real time. You can't miss this revolutionary approach to securing AD and preparing for an attack.

Speaker Bios
Derek Melber is a 17-time Microsoft MVP with deep knowledge of Group Policy, Active Directory, desktop management and Windows security. As a public speaker and technology evangelist, he has educated AD administrators in over 30 countries about how to efficiently and effectively secure Active Directory and Azure AD. He has published a broad range of educational content, including books, articles and videos, that demystify the most complex and technical subjects in an energetic and understandable style.

A discussion on the lived experience of BIPOC in security
Session Code: S56
Start: 6/15/2021 10:30 AM
End: 6/15/2021 12:00 PM
Tags: DEI, Panel discussion
Session Description
A roundtable discussion delving into the lived experience of BIPOC multidisciplinary security professionals facilitated by Charron Andrus, ACISO UC Berkeley.

Panel Members:
1. Lee Smith, Security Manager - UC Davis Health
2. Ranjana Singhal, Tech Lead- Device interoperability & Cybersecurity -UC Davis Health
3. Taiye Lambo, Founder - Holistic Information Security Practitioner Institute (HISPI)
4. Anthony Lauderdale Jr, Head of Cyber Defense - Zoom
5. Ria Aiken, Director Business Information Security Operations and Third Party Risk Management - Federal Reserve Bank of Atlanta

Prerequisites
None.

Speaker Bios
Bios to follow.

Conducting Cybersecurity Risk Assessments in a Public Agency
Session Code: S83
Start: 6/15/2021 10:30 AM
End: 6/15/2021 12:00 PM
Tags: Risk & Compliance, Workshop/Lab
Session Description
Are your Risk Assessments Serving Your Purpose?

In this session, the speakers will share their vast experience and best practices in conducting risk assessments for public agencies. You will learn how to identify what type of assessment will best serve your organization and how to conduct a cybersecurity risk assessment within the organization with conflicting priorities and enable the best outcome for the organization. This is for CIOs, CISOs and agency management as well as information security office staff who help in decision making.

Prerequisites
None

Speaker Bios
Shobha Mallarapu, PMP, CISA is the President and CEO of Anvaya Solutions, Inc., an award-winning cybersecurity firm she founded in 2007 after 10 years at Intel Corporation. She leads the firm in delivering high quality services such as security advisory, security program development, security maturity, risk assessments, penetration testing, policy development, mitigation, etc. Anvaya has helped protect over 100 million records and enhance security posture of the organizations in cloud, critical infrastructure, applications, network, systems, IoT as well as raise awareness at the leadership level. She has an master’s degree in engineering and hold 12 U.S. patents. She is a graduate of FBI citizens academy and a member of Infragard.

Mr. Srinivas Atluri, CISSP, CISM, GWAPT is the Vice President of cybersecurity at Anvaya Solutions, Inc. He is a leading Subject Matter Expert with over 18 years of exclusive experience in cyber security protecting large enterprises. Since joining Anvaya in 2014, he leads all things cybersecurity at Anvaya Solutions and holds 10 patents in security engineering. Prior to that, Srinivas worked in Cybersecurity and Risk Management Strategy at Intel Corporation for 15 years with responsibilities involving both internal and external facing enterprise-wide web application security application and platform security, risk mitigation, and incident management. He had participated and led many investigations during breaches, developed security policies and procedures, conducted security assessments and worked with legal counsel on cybersecurity matters.

Srinivas's practical and holistic approach to cybersecurity combined with his ability to communicate difficult security concepts to C-suite executives, has gained him a reputation for his advisory role to organizations of all sizes. He has been advising to enhance security and protect reputations at many large agencies in CA, the world's 6th largest economy, with revenues of up to $70B.

Srinivas is a member of HTCIA, Infragard, ISACA, ISC2 and a graduate of FBI Citizen’s Academy.

Bek Umarov, OSCP, GAWN, GRID is a security researcher, SME and an expert penetration tester. He has conducted numerous security assessments for high profile CA agencies and is knowledgeable in various standards and guidelines and takes a holistic view in identifying risks and their impact to the business. He holds a bachelor's degree in computer science and highly regarded security certifications.

PCI Compliance Support
Session Code: S43
Start: 6/15/2021 10:30 AM
End: 6/15/2021 12:00 PM
Tags: Risk & Compliance
Session Description
This session will explain the UC Davis PCI Compliance program with a focus on the annual PCI Compliance Attestation and Business As Usual assessment cycles, challenges encountered, and methods used to assist Merchants with PCI compliance. The purpose of the session is to raise awareness of the importance of PCI compliance, and help both existing and prospective merchants understand what needs to be in place to ensure compliance. The presenters will invite the audience to ask questions and/or share their challenges and/or success stories about ensuring PCI compliance on UC Davis campuses.

Prerequisites
No prerequisite.
Attendees who either process credit card payments, or are planning to do so, are encouraged to attend.

Speaker Bios
Francisco Guerrero-Barajas is a Cash & Credit Card Compliance Administrator for the University of California, Davis. Francisco is an accomplished system administrator with successful project deployments involving cash and credit card payment solutions across Higher Education and Health System environments. He was most notably involved in the successful deployment of the University's primary cashiering system, CASHNet, and continues to provide administrative support to 200+ departments and over 500 employees.

Francisco is a member of the PCI Compliance Team and is responsible for providing support to new and existing credit card merchants as well as creating and managing online stores. He understands that the customer is the most valuable asset to an organization and strives to deliver efficient and compliant solutions to better serve our diverse community.

Petr Brym serves as the UC Davis Assistant CISO in the UC Davis Information Security Office, overseeing the Vendor Risk Assessment program, the ISO PCI Compliance Support Program, and Industrial Controls Assessment program. Petr also serves as one of the Internal Security Assessors for the UC Davis PCI Compliance Program.

Single Pane in the Glass - Asset Registration at UCB's ISO
Session Code: S25
Start: 6/15/2021 10:30 AM
End: 6/15/2021 11:30 AM
Tags: Security Operations
Session Description
A description and demonstration of UC Berkeley ISO's SOCK system: including Asset Registration, Incident Detection and Notification.

UC Berkeley's Security Operation developers discuss the recent effort to combine two applications developed in-house, and used by UC Berkeley's Information Security Office:
* NetReg - a security contact asset registration portal (Perl/Catalyst)
* SOCK - the security operations incident detection and notification system (Ruby/Rails)

The merged application is a single tool for Security Analysts to view incidents, asset registration information, vulnerability scan results, subnet allocations and IDS alerts. It also allows Security Analysts to block users from the network by IP, MAC or Calnet ID.

NetReg, the current application for Security Contacts will be replaced by a new Ruby/Rails application, SocReg. It will be a one stop shop for Security Contacts to register and manage assets, incidents and vulnerability scan data. It has similar functionality as SOCK but access is scoped to each Security Contact's assets and incidents.

The effort has allowed the two developers to join forces for improved feature collaboration, faster feature development, to take greater advantage of student developers and to eliminate developer single point of failure.

Prerequisites
No prerequisites, though an understanding of the Protection Level Classifications and Asset Management requirement under IS-3 is helpful for context.

Speaker Bios
Saskia Etling: In addition to being a contributing developer for SOCK and SocReg applications, Saskia is a data analyst and database administrator for UC Berkeley's Security Operations Center. She consults with application and data owners about their asset registration needs and requirements.

Steven Hansen: Steven is the senior developer for ISO's security operations tool, SOCK. He is also a database administrator for Berkeley's Security Operations Center and consults with Security Analysts on how to best integrate IDS and other data into the SOCK system.

Threat Hunting with FireEye Endpoint Security
Session Code: S42
Start: 6/15/2021 10:30 AM
End: 6/15/2021 01:00 PM
Tags: Security Operations, Workshop/Lab
Session Description
Join us for a 2-hour hands-on technical Threat Hunting workshop and learn new skills to help you uncover evil in your organization. Elazar Broad, lead solutions architect at FireEye/Mandiant, will share insights gleaned from the latest cyber-attacks as he leads you through a FireEye Endpoint Security Hunting deep dive with HXTool and OpenIOC Indicator where we will look closely at construction and methodology. You won't want to miss out on this opportunity to sharpen your threat hunting skills and learn the tools, techniques and procedures (TTPs) and how to detect and contain cyber attacks at your UC organization.

Prerequisites
Working familiarity with FireEye Endpoint Security Console is desired; working knowledge of HXTool is a plus but not required.

Speaker Bios
Elazar Broad
Solutions Architect, FireEye
CISM, CISSP

Elazar Broad is a cyber security solutions architect at FireEye/Mandiant, responsible for architecting security solutions for FireEye/Mandiant's largest SLED customers globally. With 20+ years spent securing organizations, he has experience architecting cyber security solutions across highly complex and technical environments, in addition to years spent managing day to day security operations including firewall and (N/H)IDS/IPS management, log management, analysis and threat intelligence, application security, incident response and analysis, access control and identity management, compliance and governance, and security awareness training.

Prior to FireEye, Broad served as a Pre-sales Threat Intelligence Analyst for RSA's Fraud Risk Intelligence suite, with a particular focus on Web Threat Detection (formerly SilverTail). In addition, he served as Senior Cyber Security Analyst at Plus One Healthcare. He is CISSP and CISM certified.

2021 State of Malware
Session Code: [EXPO]
Start: 6/15/2021 11:00 AM
End: 6/15/2021 11:30 AM
Session Description
Over the past year, the tools and tactics of cybercrime and cybersecurity adapted against a backdrop of enormous changes to our lives and businesses.

Join us to learn how cybercrime evolved in 2020, and identify ways to safeguard your organization against what’s out there.

We'll explore:
*Top threats for businesses and consumers
*Emerging cybercrime trends and tactics
*Solutions you can employ to thwart future attacks

Speaker Bios
Michael Greer has spent the last decade helping businesses of all industries and sizes to find, implement and manage mobility solutions. Michael is currently a Senior Sales Engineer at Malwarebytes providing technical support for strategic account customers in North America. Michael is truly passionate about leveraging technology to make life and work easier and evangelizing the benefits of mobility.

Building the ladder as we climb
Session Code: S40
Start: 6/15/2021 11:20 AM
End: 6/15/2021 12:00 PM
Tags: Managing & Leading Security, Risk & Compliance
Session Description
Building the ladder as we climb: Fostering a culture of transparency at California State University, Sacramento

Compliance is often a dirty word, but within California State University Executive Order 1031 (and other regulations) mandates that appropriate controls are in place to protect information assets and that records are managed according to established retention schedules. This session will focus on Sacramento State's cross-divisional efforts to build a culture of data security and records management. It will describe how Sacramento State proactively engaged a consultant to audit records management practices which in turn initiated the process of institutionalizing a shared responsibility for records management and data security. It will further detail the intersection of records management and data security and the collaborative efforts on campus to engage in both activities simultaneously. Finally, it will talk about how this iterative process is akin to building the ladder as we climb. This involves concerted outreach, education, and a flexible approach to the complex landscape of compliance and best practices. Attendees will gain an understanding of the confluence between records management and data security in a complex campus environment and unifying them towards the goal of protecting sensitive data, and mandated records compliance.

Prerequisites
A general familiarity with data governance, records retention practices and data security.

Speaker Bios
Ántonia Peigahi has been at Sacramento State since 2003. She has served as a faculty member in the University Library, where she earned tenure and promotion to the rank of Librarian. During that time she served twice as the Chair of the Faculty Senate, five times as Chair of the General Education Policy Committee, ten years on Faculty Senate leadership, and was part of campus efforts to articulate consultation and shared governance. In 2019 she accepted the position as the Director of Policy and Records Management for campus, wherein she works cross-divisionally to both define processes around the policy lifecycle, as well as on records management and data security initiatives.

Margaret Hwang has worked at Sacramento State for 15 years. In her current capacity as the Chief of Operations for the Administration and Business Affairs division, she works in tandem with the Vice President/CFO and is responsible for managing strategic initiatives, developing leadership communications, and monitoring operational rhythms within the division. Margaret is a proud Sacramento State alumna, obtaining both her bachelor's and master's degree in business administration.

Jagan Pandarinathan is "Made at Sac State" and has been at the University for 16 years. As a senior security analyst he supports Information Security program by leading campus level projects of critical importance such as data security and governance efforts, implementing security services related to accessing campus enterprise services, access control and identity and access security. He advises departments on institutional policies, regulatory compliance, security best practices and recommends innovative and transformative solutions to senior level leaders and executive management.

Privileged Account Management at UC Davis Campus
Session Code: S22
Start: 6/15/2021 11:20 AM
End: 6/15/2021 12:00 PM
Tags: IAM, Security Operations
Session Description
UC Davis' Informational and Education Technology, Enterprise Infrastructure Services organization has implemented PAM solution within IET and extended to other IT organizations on Campus. The session will provide update on the latest implementation.

Prerequisites
Proposed session skills: Technical and Non-Technical.

Speaker Bios
Ilvana Mesic is highly experienced leader with broad technology background and over 20 years of proven track record delivering quality technology solutions and products in public and private sector. She leads and manages Identity and Access Management, and Authentication services at UC Davis.

Prior to joining UC Davis Ilvana worked for Hewlett Packard Enterprise where she held various leadership positions in HPE IT and HPE Networking division. Ilvana holds BS and Master Degree in Computer Science.

Daniel Balogh is an application programmer in IAM team with a focus on PAM engineering. He is a Cal alumni and has previously held technical positions at IBM as well as other UC institutions.

12:00 PM - Product Updates

Aruba - Securing the Edge: Comprehensive Visibility and Control in the Age of IoT
Session Code: [EXPO]
Start: 6/15/2021 12:00 PM
End: 6/15/2021 12:30 PM
Session Description
Product update from Tenable/Dasher Technologies/Aruba

CrowdStrike/Netskope
Session Code: [EXPO]
Start: 6/15/2021 12:00 PM
End: 6/15/2021 12:30 PM
Session Description
The increasing use of cloud services and the ability to access them from any device makes cloud and endpoint critical points for security. Join our session, to find out how Netskope and CrowdStrike together create a defense-in-breadth solution, extending advanced threat detection across endpoints, and into cloud applications. Automated exchange of threat information between Netskope and CrowdStrike reduces the time required for cloud threat detection, forensic analysis and prevention.

Speaker Bios
Matt Clark with Netskope

Brad Weinstein with CrowdStrike

Microsoft Security - Protect everything
Session Code: [EXPO]
Start: 6/15/2021 12:00 PM
End: 6/15/2021 12:30 PM
Session Description
Learn how to safeguard your entire organization with integrated security, compliance, and identity solutions built to work across platforms and cloud environments

Speaker Bios
Sam Buckhalter
Microsoft 365 Sr. Technical Specialist
Security, Compliance & Identity

Elastic
Session Code: [EXPO]
Start: 6/15/2021 12:00 PM
End: 6/15/2021 12:30 PM
Session Description
You may have heard how teams at UC Davis are using Elastic for security event management, but did you know that Elastic is building for a new age of threat hunting with cutting-edge security features like out-of-the-box detection rules and dashboards, integrated machine learning jobs, and comprehensive endpoint security tools? Come and see how Elastic can help you bring together security data from every outpost of your university, generate visualizations with drag-and-drop tools, and get to insights within minutes without having to master query language. The Elastic team is excited to connect with you and showcase what they've created to help you protect your university today, tomorrow, and into the future.

Speaker Bios
Ruben Perez

What is Splunk - Overview of Splunk Cloud
Session Code: [EXPO]
Start: 6/15/2021 12:00 PM
End: 6/15/2021 12:30 PM
Session Description

Speaker Bios
Lili Rodriguez

12:30 PM

Using Intel as a Proactive Tool: Higher Education Threat Landscape Briefing
Session Code: [EXPO]
Start: 6/15/2021 12:30 PM
End: 6/15/2021 1:00 PM
Session Description
Join this session for information on the current educational threat landscape as we report on the trending cyberattacks and how to use this information to prepare and protect your institution.

Speaker Bios
Nina Padavil, Strategic Threat Advisor on the CrowdStrike Intelligence Team for Higher Education

15 Minutes to Domain Admin and other exploits. The defenders
Session Code: S12
Start: 6/15/2021 12:30 PM
End: 6/15/2021 01:15 PM
Tags: Security Operations
Session Description
Possible defense strategies based on practical exploits. If you are looking for ready to go exploits, then this is the wrong talk for you. You will still have to do some work yourself based on the principals discussed.

We will be looking of some of the requirements for basic exploits to work. We will discuss possible defense strategies that do not require large budgets. Be prepared for an interactive session with your peers.

Possible topics include attacks based on certs, hashes, Kerberos tickets, phishing.

Prerequisites
This is a session for the technical medium to advanced track.

Speaker Bios
Uwe Rossbach is an IT professional with over 20 year of experience in security and service support.

Introduction to CMMC Compliance
Session Code: S75
Start: 6/15/2021 12:30 PM
End: 6/15/2021 01:15 PM
Tags: Research Security, Managing & Leading Security, Risk & Compliance
Session Description
In this presentation, Michael Corn, the UCSD CISO will give a talk on the CMMC compliance requirements and the work he has done at UCSD.

Prerequisites
None.

Speaker Bios
Michael Corn is the CISO of the University of California at San Diego where he manages the Security Office as well as the Identity and Access Management. His areas of interest include privacy, identity management, and cloud services. He has been an active speaker and author on security and privacy and has participated in numerous Educause and Internet2 initiatives. He is a member of the Internet2 Netplus Product Advisory Board and is the current co-chair of the Educause HEISC. Prior to joining UCSD he was the CISO & CPO and Deputy CIO of Brandeis University and was formally the CISO and Chief Privacy and Security Officer of the University of Illinois at Urbana-Champaign. He is a graduate of the University of Colorado at Boulder and the University of Illinois at Urbana-Champaign.

Ransomware-Proof Disaster Recovery for Vendor Services
Session Code: S02
Start: 6/15/2021 12:30 PM
End: 6/15/2021 01:15 PM
Tags: Incident Response
Session Description
As we use more and more third-party vendor services, we become overly reliant on the vendors' own backup and disaster recovery practices. This can (and has) come back to bite us if the vendor themselves experiences a major security incident, or simply closes up shop and doesn't answer any phone calls.

In this session, I will discuss the risks of trusting vendors implicitly, and describe our cloud-based automated process whereby we backup over 700 web sites across two vendors into a secure AWS account owned and managed by UC Davis.

Prerequisites
None required, but a conceptual understanding of AWS might be helpful.

Speaker Bios
Shawn DeArmond is the Web Architect for Information and Educational Technology at UC Davis. He supervises the Web Development team, which offers custom web development services to campus units, as well as builds and maintains the SiteFarm web platform service.

Shawn has been a UC Davis employee since 1997 and cut his teeth at the School of Education. Now in IET, he drives a high-performing team implementing state-of-the-art web technology. They use highly evolved development methodologies and workflows including established version control strategies, code-review practices, and automated testing, builds, and deployment.

In addition his work at UC Davis, Shawn is a founding member of the UC Drupal Collaboration, along with UCLA and UC San Francisco, in an effort to save costs and create a community of practice of web development across the UC System. This effort has been recognized as a Larry Sautter Award winner in 2019.

He has also organized the Higher Education Drupal Summit at the Bay Area Drupal Camp and DrupalCon since 2010.

VPN deployment for remote learning during Covid
Session Code: S47
Start: 6/15/2021 12:30 PM
End: 6/15/2021 01:15 PM
Tags: Security Fundamentals, Cloud Security
Session Description
Soon after the earth cooled and the dinosaurs turned into oil, we developed a robust system for educating our population. Then Covid hit, and we were forced to rethink how we do education by incorporating distance learning.

This presentation will cover the journey UC Davis went through to provide access to restricted campus resources via a VPN. Procurement, configuration pitfalls, education, address space allocation, security, myths of a VPN, and the future of the VPN will all be part of the talk.

Prerequisites
None. Session will give brief overview of technologies as primer as well as give sufficient details to professionals to copy the configuration.

Speaker Bios
Dave Zavatson enjoys a good wine while debating the merits of safe spaces in higher education.

His day job is running the UC Davis Data Center and all associated critical campus services. He manages the operations and infrastructure teams and loves finding new technologies and deploying them. Fun projects he has worked on include virtualizing a data center, migrating data centers, deploying hyperconverged infrastructure, and a failed deployment of NSX.

Dave has degrees in German, Computer Science, and an MBA, all from UC Davis.

Ask a CISO Discussion Panel
Session Code: S14
Start: 6/15/2021 12:30 PM
End: 6/15/2021 02:00 PM
Tags: Managing & Leading Security, Panel discussion
Session Description
In March of last year, the Information Security field had to completely change direction due to the global pandemic and the change to learning and working remotely. All of the CISO's have quickly had to adapt their programs to this new reality. Please join this session were we will have a selection of CISOs discuss the changes that they've had to make and how they adapted to this new reality.

Prerequisites
None.

Speaker Bios
Kevin Mazzone will kick-off the discussion to help get it started and serve as moderator. Kevin has been a member of the UC Davis Health security team for 10 years and has been involved in the security field for over 20 years at companies such as Intel and EdFund. We will have CISO representatives from the UC academic and medical center locations, and from the CSU system. Our first CISO participant is Pat Phelan. Pat is the CISO for UC Davis Health and UC San Francisco. We are actively recruiting for additional CISO representatives.

Privacy in a time of change
Session Code: S01
Start: 6/15/2021 12:30 PM
End: 6/15/2021 02:00 PM
Tags: Data Privacy & Integrity, Risk & Compliance
Session Description
Privacy was already in a state of rapid change even before the multiple crises of 2020. Public health, social justice, and democratic society initiatives, all driven by vast amounts of data collection and processing, pushed the discipline of privacy to the forefront of public debate. In this session, we will talk about how privacy has evolved in the last year and how it has responded to these emergencies. We will finish by talking about the future of privacy based on lesson-learned.

Prerequisites
None.

Speaker Bios
Pegah K. Parsi is the campus privacy officer at UC San Diego where she spearheads the privacy and data protection efforts for the research, educational, and service enterprise. She manages a complex portfolio of privacy initiatives related to employees, students, applicants, alumni, and research participants and provides guidance on the GDPR, FERPA, HIPAA, California privacy laws, and research privacy/Common Rule. She provides thought leadership on privacy values, ethical frameworks, and philosophy. Her day may involve anything from a consult on license plate readers to research involving smart devices to using predictive analytics to support student success.

She is passionate about data ethics and privacy as a civil rights issue.

Prior to San Diego, Pegah was a privacy manager at Stanford University, focusing on medical studies and international collaborations. She is an attorney and holds an MBA. In her spare time, she advises clients on immigration and asylum matters. She is a Veteran, who, among other things, was the Honor Grad of Army Truck Driver school!

Vendor Risk Assessments - UC Inter-Campus Working Group
Session Code: S36
Start: 6/15/2021 12:30 PM
End: 6/15/2021 02:00 PM
Tags: Risk & Compliance, Panel Discussion, Managing & Leading Security
Session Description
Conducting a risk assessment, when engaging suppliers, is an IS-3 requirement. Due to the large number of suppliers used, and large number of applications and services used, running a successful Vendor Risk Assessment program requires important administrative decisions, technical skills, coordination, prioritization and successful communication with the campus constituents.

The proposed session will cover:
1.) Conducting Vendor Risk Assessments - methods, tools, challenges and successes. Each participant will discuss their campus' experience and unique solutions. For example, UC Berkeley will discuss using Isora, Sac State will contribute Sac States's perspective about their ICT review process, and UC Davis will discuss the collaborative approach to doing VRAs.
2.) UC Inter-Campus Vendor Risk Assessment Working Group – We will discuss who are we, what do we do, what have we learned so far during the working group meetings, and what are our future goals for collaboration between campuses.

At the end of the presentation, we will invite questions from the audience. If interest is high, and there is not enough time to take all questions, we will provide contact information for following up after the session. At the end of the session, the audience will have been exposed to several different ways to conduct assessments, will learn about several tools that can be used to complete the assessment, and will walk away with ideas about how to address some of the most common problems campuses encounter when conducting VRAs. The audience will also understand what is the mission of the Inter-Campus working group, and campuses who are not yet represented on the working group will have an opportunity to learn whether they would like to join.

Panel Members:
1. Petr Brym
2. Chris Witthans
3. Nick Christopher
4. James McKinzie
5. Allison Henry

Prerequisites
No prerequisites.
However, it will be helpful if attendees have an interest in one of the following areas: Supply Chain Management, Technical Security Assessments of 3rd parties, Risk Mitigation.

Speaker Bios
Petr Brym served four years as the Director of Information Technology Security at the University of New Hampshire, where the position also served the University System of New Hampshire. Subsequently Petr served as the Chief Security Officer for UC Berkeley Student Affairs from 2013 to 2017, and currently serves as an Assistant CISO at UC Davis, overseeing the Vendor Risk Assessments, Support for PCI Compliance, and Critical Infrastructure risk assessments. In these capacities, Petr serves both as a manager and as an assessor.

Allison came to UC Berkeley in 2004 when she joined Communications and Network Services and pivoted to Information Security in 2006. In 2013 she started managing the Security Operations team, providing monitoring and incident management services for the complex and heterogeneous UC Berkeley campus computing environment. In that role she led initiatives to modernize security operations through custom built systems for automated alert processing and incident management. This allowed the Security Operations team to scale with the growth of the campus network. In 2018 Allison served as Associate CISO and provided oversight and direction for Information Security Assessments and Compliance activities, before assuming the role of Chief Information Security Officer in December of 2019.

Security Workshop by Splunk
Session Code: S06
Start: 6/15/2021 01:15 PM
End: 6/15/2021 02:55 PM
Tags: Security Operations, Workshop/Lab
Session Description
The Security Workshop and Learn is a modular, hands-on workshop designed to familiarize participants with how to leverage Splunk to search security events. This workshop provides users a way to gain familiarity with searching in Splunk, as well as introducing a set of commands that allow a user to effectively exam their security events. The workshop leverages the popular Boss of the SOC (BOTS) dataset in a question and answer format. Users will come away with a better understanding of how to search in Splunk as well as learn specific search commands and when to use them.

Prerequisites
The workshop agenda is approximately 2 hours and includes:
• Familiarization with the Splunk interface
• Searching fundamentals
• Introduction to key Splunk commands
• Question and answer sessions

Speaker Bios
Kevin Haynes is a staff sales engineer for the greatest data analytics company, Splunk. I work with State, Local, and Education customers in the Pacific Northwest. I am a Security and Architecture subject matter expert for the entire Public Sector sales organization at Splunk.

My experience originates in the software development world, specifically in building electronic commerce and PCI-compliant platforms.

From there I started specializing in the overall security engineering disciple, involving myself in building security into the software development life cycle.

I continued my journey, moving beyond the purely software area of security engineering into building security into the entire IT-organization, including vulnerability management, web filtering, anti-virus, network security, and data center migration to the managed service provider model -- in addition to engineering secure solutions to IT- and business-driven technology initiatives.

Most recently, I have applied my love for one product in particular, Splunk, with my background to work in a position where I can show others what I find so great about this product.

Specialties: Electronic commerce, cryptography, application security, software development life cycle security, IT infrastructure security design and implementation, project security engineering.

Kevin Haynes has a Ph.D from UCSD

I heart Vulnerability Management: A customer journey
Session Code: S54
Start: 6/15/2021 01:20 PM
End: 6/15/2021 01:50 PM
Tags: Security Operations, Managing & Leading Security
Session Description
With the advent of the UC IS-3 security policy, we are all required to perform vulnerability scanning on our services. Given the compromises and vulnerabilities discovered daily and Higher Education in the crosshairs, it is now more critical than ever to keep our systems patched and configured securely. This presentation describes the journey to implementing Vulnerability Scanning from a customer's point of view. We will review how we started, the challenges we encountered, and how we streamlined the discovery and response process for vulnerabilities.

Prerequisites
No previous knowledge or skills are required for this session, though technologies related to Tenable and ServiceNow will be discussed.

Speaker Bios
Joshua Van Horn
Enterprise Services Manager, Information and Educational Technology
University of California, Davis

Josh has worked in the central IT department at UC Davis for the past 25 years. He started as a student employee for the IT Service Desk and worked his way up to eventually managing teams of developers and systems administrators supporting campus enterprise services such as Office 365, Google Workspace, Identity Management, Learning Management, and the Student Information System. During his stint as a systems administrator, Josh was a member of the Security Operations Center, implementing a campus honeypot, intrusion detection system, and other operational security technologies. Over the years, his work continued to emphasize security. Josh currently works closely with the Information Security Office as an application security consultant focused on security strategy for email and other enterprise applications.

Incident Response in Office 365: Tales from Sac State
Session Code: S60
Start: 6/15/2021 01:20 PM
End: 6/15/2021 01:50 PM
Tags: Incident Response
Session Description
Review of current techniques and practices used by the Information Security Office at California State University, Sacramento, to detect and respond to cyber security incidents involving the campus' Microsoft Office365 tenant.

Prerequisites
Technical or systems exposure.

Speaker Bios
Dave Crawford has worked as the Network Security Lead for the Information Security Office at California State University, Sacramento for 9 years.

He previously worked in the defense and security sector for the Canadian government and NATO staff in a variety of cyber security roles spanning over 30 years, including building out the NATO Computer Incident Response Capability in 1998/2002.

As an information security manager and cyber threat expert who has significant expertise in security governance, audits and reviews, log analytics, incident management and cyber threat intelligence, Mr. Crawford enjoys applying a broad range of both conceptual and technical skills in technology-centric and situational-based indicator analysis in audit, security operations and incident management work. His is equally adept in dealing with high level programmatic, governance and policy issues, as in addressing detailed technical matters. He is a firm believer in the primacy of operations and that security must be, first and foremost, a business enabler, who strives to ensure that an organization evolves to become a self-sustaining, security conscientious entity. Mr. Crawford holds advanced CISSP and SANS GIAC certifications and has published a number of papers on information technology security and cyber threat issues.

2:10 PM

Metrics Matter! Transforming Data into Actionable Insights
Session Code: S21
Start: 6/15/2021 02:10 PM
End: 6/15/2021 02:55 PM
Tags: Security Fundamentals, Security Operations
Session Description
Adapting to a changing world requires continuous information from a variety of sources that is sorted, organized, and presented for the busy executive. Without the information, a leader and their organization can fail to adapt and expose the organization to cyber risks.

This presentation will focus on UC Davis' Information Security Office's (ISO) journey from zero to today on leveraging metrics and visualizing data for decision makers. The journey starts with a few questions and a single system more than two years ago and ends today with data from multiple systems and using stunning visualizations to tell a story and show where actions are needed.

Different from operational data from a single cybersecurity system, UC Davis' ISO team is pushing the boundaries by culling data from multiple systems to create a cohesive and interactive dashboard to show where an organization is succeeding and where more effort is needed. The data we use range from organization risk assessment data to vendor risk assessments. We also included end-point patch compliance data and cybersecurity training data to show trends. Additionally, we used data on programs such as multi-factor authentication roll out to identify where there are gaps in adoption as well as where there are costs that could be minimized.

This session will provide information on the choice of tools, challenges in obtaining and storing security related data, efforts to automate data retrieval, engaging Unit Information Security Leads (UISL) to refine reports and ensure that reports will be useful.

The presentation will include samples of current security dashboards as well as mock-ups of future dashboards intended for non-technical, executive leaders such as deans and vice chancellors.

Prerequisites
None.

Speaker Bios
Peter Blando is product of the University of California, having completed both undergraduate (BS Electrical Engineering) and graduate studies (MBA) at UC Davis. He started his employment with UC Davis as a student writer in 1986 and managed to have three years of internship work at the Lawrence Berkeley Labs in the early 90's. He became a career staff in 1993. During his career, he has worked primarily in Information and Educational Technology (IET), starting in the help desk before becoming an operations manager for a single department and business manager for IET.

In his variety of work with IET, Peter has served as a developer, tech/desktop support, trainer, operations manager, and business manager. During that time, he dealt with numerous data sources to provide reports to justify the existence of a service, the need to expand programs, and the true cost of services.

Peter has also been an active volunteer in the UC Davis Staff Assembly, advocating for staff interests sometimes directly to senior campus executives such as the chancellor or provost, or collaborating on reports that are presented to senior UC executives such as the UC president. This means making sure there are solid numbers to justify a position or a proposal. These numbers are often presented at the high level for quick review and understanding.

Lily Hallmark is a junior data analyst at the UC Davis Information Security Office (ISO) and a recent graduate of UC Davis (BS Statistics, minor in Religious Studies). She has held a variety of positions both related and unrelated to her passion for data analysis.

As an insights intern at One & All she analyzed marketing data for non-profit clients. In role her as a plant records and mapping internship coordinator at the UC Davis Arboretum and Public Gardens, Lily took data from a campus tree analysis to interpret the future state of trees. And as a green building intern in the UC Davis Energy Conservation Office she used data on waste management and building temperatures to implement changes.

She has spent the last two years at the ISO, starting out as a data science intern and transitioning to a junior data analyst. Her work focuses on using a variety of data sources to develop a more comprehensive cybersecurity metrics program for campus leadership.

Ransomware Response in the UCSF School of Medicine
Session Code: S20
Start: 6/15/2021 02:10 PM
End: 6/15/2021 02:55 PM
Tags: Incident Response
Session Description
In June 2020, a department within the UCSF School of Medicine was hit with a ransomware attack that resulted in a $1.14 million payout and significant remediation efforts. This session will provide an overview of the incident, short-term remediation, how SOM responded and lessons learned.

Prerequisites
Basic understanding of security concepts, technical solutions and risk management.

Speaker Bios
Alexis Papesh works to demystify security, privacy, and compliance by finding win-win solutions to enable the business. She has 20 years' experience working in all aspects of information technology, from hands-on system and network administration to security consulting, auditing, and management.

UCD SOAR: SOC Automation, Analytics and AI
Session Code: S31
Start: 6/15/2021 02:10 PM
End: 6/15/2021 02:55 PM
Tags: Security Operations
Session Description
Security operations in a federated university environment requires that workflows depend upon a wide variety of data sources. These data sources are custom open-source based systems, vendor supplied services and external data enrichment resources. Manually collection and decision making is a very labor intensive and time consuming process. At UC Davis, we have piloted a SOAR platform that automates these processes and integrates workflows into our analytics and AI platform. This has allowed the UC Davis SOC analysts to focus on investigation and let the SOAR system automatically perform the rote workflow tasks.

Prerequisites
None.

Speaker Bios
Jeff Rowe received his PhD in 1998 and subsequently worked as a Research Scientist in the Computer Science department at UC Davis. The computer security group at UC Davis has a long history of innovation in the cyber-security field, particularly in the design and development of practical security systems. During his time there, he created and directed a wide variety of cyber-security projects that address all aspects of the security problem. In 2016, Jeff transitioned to the Information Security Office at UC Davis and has worked in the university Security Operations Center which presents cyber-security challenges that are not found in typical enterprise environments.

Prepare for the Arrival of the 6 GHz Band & Wi-Fi 6E
Session Code: [EXPO]
Start: 6/15/2021 02:10 PM
End: 6/15/2021 03:00 PM
Session Description
The allocation of the 6 GHz band to Wi-Fi represents the largest single allocation of spectrum in history for unlicensed use and is the result of ongoing advocacy by Aruba and other leading organizations. Chuck Lukaszewski, Vice President, Wireless Strategy and Standards, will provide us with a greater understanding of Wi-Fi 6E and all that it entails.

[CANCELLED] ALL NEW systemwide cyber-risk assessment process
Session Code: S15
Start: 6/15/2021 02:10 AM
End: 6/15/2021 03:40 PM
Tags: Managing & Leading Security, Panel discussion
Session Description
Learn about a new approach for reporting on cyber-risk to leadership and the Regents.

Prerequisites

Speaker Bios

An IT Procurement Workflow for All - Sac State's "ICT"
Session Code: S58
Start: 6/15/2021 02:15 PM
End: 6/15/2021 02:45 PM
Tags: Risk & Compliance
Session Description
An Information and Communications Technology (ICT) review is a comprehensive evaluation process and a team of experts who support technology purchases for the university and provides a structured way to determine if new technology meets compliance, accessibility, and security requirements. Having a solid understanding of what confidential or protected data will be stored or accessed by the vendor, in addition to knowing how that data will be protected and secured from loss or breach, are paramount objectives as IT services increasingly move to cloud-supported offerings.

This presentation will provide an overview of Sac State's Information & Communications Technology (ICT) workflow and our team's approach for identifying potential regulatory and compliance risks to key campus stakeholders up-front.

Prerequisites
Anyone within an organization who has a role in IT procurement and performing vendor risk assessments. Discussion will be an overview that highlights several outcomes that can easily be achieved.

Speaker Bios
Chris Witthans, who recently became a Sac State Hornet in Fall 2020, comes from CSU Chico with 14 years of experience in Information Technology, with the previous 7 years focused in Information Security. Chris recently was a Technical Security Analyst and expert security lead for PeopleSoft Campus Solutions, and has had extensive working experience with performing IT procurement vendor security reviews, supporting Identity Finder, developing Splunk queries and dashboards, performing security risk assessments, performing incident response, and conducting numerous Information Security Awareness presentations.

[CANCELLED] How to Win (IT) Friends and Influence Faculty With Patching
Session Code: S30
Start: 6/15/2021 02:55 PM
End: 6/15/2021 03:40 PM
Tags: Security Fundamentals
Session Description
Aggie Desktop is the UC Davis desktop engineering initiative that currently manages ~7,000 Windows and Mac endpoints. We use BigFix to push OS and application patches to this fleet. We found that, on average, users were not restarting computers to apply patches for more than 30 days, leaving UC Davis endpoints vulnerable to attacks. With a little experimentation, we have developed simple behavioral nudge to get users to restart more often. In this session, we'll discuss our current patching process, share data from our experiment, and show how simple nudges can make a big difference in user behavior for endpoint security.

Prerequisites
None.

Speaker Bios
Jeremy Phillips is the Director of the College of Letters and Science IT Services Unit at the University of California, Davis and the product owner for the Aggie Desktop initiative (https://aggiedesktop.ucdavis.edu/). He has been helping faculty, staff, and students at UC Davis make better use of technology more more than 25 years.

Tracking IT Security Requirements
Session Code: S48
Start: 6/15/2021 02:55 PM
End: 6/15/2021 03:40 PM
Tags: Health, Panel Discussion, Managing & Leading Security
Session Description
Tracking IT security requirements through a clinical technology implementation project lifecycle.

Prerequisites
This will be a high level discussion of project processes, and the challenges of balancing the needs on the CIA triangle. It will not be extremely technical.

Speaker Bios
Angela Domen is an IT liaison for UCDH, working with Radiation Oncology, Lab/Pathology services and other departments as needed, to strategize long term technology considerations and to conduct intake and planning for short term incoming technologies. Angela is heavily involved in the IT evaluation process, and works very closely with the IT security team to assess vendors and applications. Angela constantly negotiates between vendors, clinical partners and IT security analysts to develop system configurations that meet the needs of security and patient safety. Angela is part of a team of Liaisons, Project Managers and Technical Analysts who collaboratively progress technology implementations from concept to closure. Angela will be asking several colleagues to participate in this presentation, and will provide Bios on those individuals as well.

Using Isora GRC to create custom assessment surveys
Session Code: S26
Start: 6/15/2021 02:55 PM
End: 6/15/2021 03:40 PM
Tags: Risk & Compliance
Session Description
UC Berkeley has been using Isora GRC, a lightweight SaaS survey tool, to develop an IS-3 unit assessment program and custom HECVAT Lite questionnaire. This session will demonstrate how easy it is to build custom surveys with powerful usability features using the Isora GRC survey-builder capabilities. We'll also share some lessons learned about deploying Isora GRC across campus.

Prerequisites
No prerequisites required - just an interest in building assessment surveys.

Speaker Bios
Christopher is CISSP certified, with over 30 years of IT experience - the last dozen+ years focused on security, policy, and compliance. He has been a member of the UC Berkeley ISO Assessments team for the past 6 years and integral to the campus PCI DSS compliance and vendor assessment programs.

Behind the Scenes of a Successful Ransomware Attack
Session Code: S61
Start: 6/15/2021 03:00 PM
End: 6/15/2021 03:45 PM
Tags: Health, Research Security
Session Description
Remember when the bad guys said they had a heart and would leave hospitals alone due to the worldwide pandemic? That lasted about a week. Inevitably one of our own premier research medical centers was successfully attacked and the decision was made to pay the ransom. Join this session to hear from one of the key leaders behind the scenes about what happened and how to prevent it from happening again. Please note that we will only share information that has been approved for release by Legal Counsel.

Prerequisites
None.

Speaker Bios
Patrick Phelan is the Chief Information Security Officer at University of California, San Francisco and also at UC Davis Health in Sacramento. Pat has over 23 years of experience at UCSF. Prior to joining UCSF, Pat graduated with a B.S. in Computer Science from UCLA. Pat holds the CISSP, CEH, and CISM certifications.

Windows Deployments, the Next Generation: MEM
Session Code: S51
Start: 6/15/2021 03:00 PM
End: 6/15/2021 04:30 PM
Tags: Security Operations, Panel discussion
Session Description
The AggieDesktop team at UC Davis is a coalition of different units on campus that standardizes and deploys computers across different configurations. Currently we do a combination of MDT for deployments and Bigfix/WSUS for patching on Windows systems. This panel would present our work exploring using Microsoft Endpoint Manager to deploy and manage future Windows systems and our experiences working in this new environment. We'll end the panel with a discussion and Q&A with audience.

Prerequisites
Recommended basic understanding of:
Windows Deployment with MDT
Windows Patching with WSUS and/or Bigfix
Microsoft Active Directory and Group Policy
Microsoft Endpoint Manager/Intune/Autopilot

Speaker Bios
Reuben Castelino works as an IT Lead for the Civil and Environmental Engineering Department at UC Davis as desktop support and applications development. He also volunteers on the Aggie Desktop team to help standardize computer configuration deployments through Bigfix and Microsoft Endpoint Management. Outside of work, he has two black cats and enjoys gardening.

Shannon Chee works as an IT Lead and Information Security Analyst where she troubleshoots software and hardware issues to ensure all systems are operational, improves the efficiency of COE's IT team, and investigates/resolves security incidents. She's also the founder of the Cyber Security Club at UC Davis and is passionate about combining her interests in technology and cybersecurity to make the world a better place -- whether that's automating a repetitive task to allow researchers to focus on their research/saving the world or implementing policies to improve the security posture of the organization as a whole. Outside of work, she enjoys playing piano, coding, photography, and exploring the outdoors with her puppy, Kali.

Hector Sotelo is a Senior Service Desk Analyst at UC Davis. He provides desktop and technical support to the College of Letters and Science in hopes of assisting the Faculty and Staff with their research, teaching, and community service computing needs. He helps oversee the Service Desk and Desktop support team by promoting continuous improvement in resolving incidents. He attended UC Davis and worked as an IT analyst with the Veterinary Medical Teaching Hospital as a student. When he is not at work, he enjoys watching movies, sports and trying new foods and craft beers throughout California.

Ian Wright has been employed at UC Davis for 9 years supporting various departments on campus. Over the past four years, his primary focus has been to help design, implement, and support services for AggieDesktop. These services currently include Microsoft Deployment Toolkit, Windows Server Update Services, and Microsoft Endpoint Management.

Justin Earley

Uwe Rossbach

Enabling Non Technical Staff to Manage AD Groups
Session Code: S73
Start: 6/15/2021 03:45 PM
End: 6/15/2021 04:15 PM
Tags: IAM, Panel Discussion, Research Security
Session Description
How UC Davis College of Engineering has enabled non technical office staff and researchers to manage AD group memberships, thus managing mailing lists, login, file access etc

Prerequisites
Administration of Active Directory accounts and groups.

Speaker Bios
Dean Bunn is an avid PowerShell user with numerous years of experience in an enterprise environment.

Improved workflows for Appendix Data Security
Session Code: S17
Start: 6/15/2021 03:45 PM
End: 6/15/2021 04:15 PM
Tags: Managing & Leading Security
Session Description
By now, many people throughout the UC are familiar with Appendix Data Security (DS). Appendix DS includes contractual language to fix liability in the event of a breach and to establish that a supplier has and maintains a security plan adequate to protect UC institutional information. There has been a significant focus amongst Information Security organizations through the system on supplier risk assessments, but how does someone working in procurement know when Appendix DS is required for any given purchase requisition. What's the link between the procurement process and risk assessment.

UC Santa Barbara implemented a system to closely integrate the information security office with the campus procurement office. This system centers around two documents used to make a determination if and when Appendix DS is required and providing the procurement office with information sufficient to complete Exhibit 1. These documents are incorporated into workflows for all purchases that include information technology commodity codes. When a determination is made that Appendix DS is required, the workflow incorporates the supplier assessment process.

The workflow that we established has resulted in the identification of several procurements that require DS that would have slipped through the cracks. Additionally, the determination process identified a large number of IT-related procurements that did not require DS and as a result, significantly shortened the procurement cycle. We believe the workflow and two instruments can be incorporated into the procurement workflow at any campus.

Prerequisites
Familiarity with Appendix Data Security

Speaker Bios
Sam Horowitz is the Chief Information Security Officer at University of California, Santa Barbara

Don't play koi!
Session Code: S68
Start: 6/15/2021 03:45 PM
End: 6/15/2021 04:30 PM
Tags: Security Fundamentals, Security Operations
Session Description
Are your students, faculty, and staff still struggling to figure out where and how to report phishing attempts? With all the phish in the sea, you don't want them to play koi!

In this session you will learn how UCSF IT is using "PhishAlarm" to give users a clear way to avoid getting caught by phishing scams. This adaptation has already resulted in over 16K phishing reports. Malicious emails are automatically quarantined, offering immediate containment and reducing workload for security staff. Merely clicking the PhishAlarm button significantly reduced phishing related calls to the IT Service Desk.

We will share real examples and show you how we built awareness and educated our user base. Look inside our marketing campaign to gain insights and ideas to ensure your audience doesn't take the bait. You will see how we stopped phishing campaigns including gift card scams, mass credential pharming, and the spread of malicious documents multiple times in 2020.

Join us to learn how our success wasn't a fluke!

Prerequisites
None.

Speaker Bios
Tanya is a UC Berkeley graduate and an award-winning communications and outreach professional, with 17 years in communications including managing strategic communications, events, public relations, and more to meet the needs of various stakeholders and their audiences, ranging from employees to students and the public. Her background includes IT communications at UC Berkeley, managing communications and marketing for the Bay Area's 511 program, and UCSF. Tanya's recent IT security marketing campaigns include "Get Your Ducks in a Row" and "Don't Play Koi!". She has the technical, yet charismatic business demeanor to connect with stakeholders and to effectively drive change in audiences.

From Data Incident to Inventive: How UC Davis Bounced Back
Session Code: S79
Start: 6/15/2021 03:45 PM
End: 6/15/2021 04:30 PM
Tags: Health, Risk & Compliance
Session Description
The UC Davis Health Sciences Development and Alumni Relations Division is launching a project to identify patients who are grateful for their care and have resources to give back to UCD. This project encompasses an overhaul of the current development department workflow between UC Davis Health and UC Davis Campus, multiple data systems and incorporates outside vendors to assist in identifying grateful patients. A large amount of patient data will be sent to an outside vendor. Through lessons learned, from a security incident affecting many institutions internationally, multiple arms of the institution had to think through how to adapt the project in the changing environment.

Learn how we ensured data security, privacy, and least amount of risk to meet the business needs, while staying secure and compliant. We will discuss overall project goal, artifacts used to ensure data security and privacy, encryption and hashing, processes for evaluation and review, data transfer protocols and bumps we ran into along the way. Subject Matter Experts will be available for your questions after this presentation in the areas of Security, Privacy, System Integration and Data Transfer, Development and Project Management.

Prerequisites
An interest in learning how UC Davis protects its patient, donor and patient engagement data and how powerful the data can be.

Speaker Bios
Becky Frantz is the Executive Director of Customer Services at UC Davis Advancement Services. In this role she oversees the Business Relationship Manager team, focused on user data and system needs, as well as the Service Desk and Training team, who supports getting users access and onboarded to the division supported systems. She finds joy in having users engaged with data and systems so they can do their jobs more seamlessly. Becky also supports the team in making decisions on gift policy and gift agreements. Becky holds a Master's degree in Higher Education Administration from Penn State University and will graduate this summer with a PhD in Higher Education Administration from Colorado State University. She is also trained specifically in applied statistics and has been a National Data Policy Fellow sponsored by the NSF and Association for Institutional Research. Before UC Davis Becky spent time in the Development and Alumni shops at Stanford and Penn State.

Colleen Gordon is the Technical Project Manager at UC Davis Medical Center within Enterprise Applications. In this role she manages business and financial application projects and any priority projects that come up. She excels at herding cats, likens herself to a border collie and has held her PMI certification for 25 years. She is a certified Scrum Master, Lean Six Sigma Green Belt, ITIL Foundation and ITIL Continual Service Improvement. Prior to UC Davis, she was a program and project manager of a Statewide software project for 10 years. She holds two Master Degrees, from the University of Wisconsin, in training and Development and Media Technology and is Certified through the University of California Davis in Health Informatics.

IS-3 Implementation - Lessons Learned
Session Code: S37
Start: 6/15/2021 03:45 PM
End: 6/15/2021 04:30 PM
Tags: Risk & Compliance, Managing & Leading Security
Session Description
The UC Information Security Policy IS-3, was approved in September of 2018. The challenge of implementing a policy such as this across all UC campuses, hospitals, and labs, was monumental. Each location is akin to a great ship and changing course can be difficult. At this time, nearly three years into the policy implementation, it is fitting to assess the progress made and take stock of lessons learned.

Prerequisites
No prerequisites or skills needed to attend this session.

Speaker Bios
Robert Oliver: Beginning with his first implementation of an ISO 27001 certified information security management system in 2007, Robert has been involved in security consulting and contracting with organizations at all stages of maturity and a variety of industries. Currently a consultant at UC Davis working to implement the UC information security policy, IS-3, he has engaged with Units across the campus to develop long-term strategy and pragmatic solutions.

Robert and his wife Myra have three amazing children and began homeschooling before it became fashionable. One day, they will own chickens to keep themselves entertained.