VASCAN 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Allegheny A - C [clear filter]
Tuesday, October 8

10:30am EDT

Securing AWS Accounts: Design Patterns, Control Strategies, and Best Practices
Many organizations are taking the dive into AWS for new projects and migrating existing solutions to their cloud.  This presentation will go over topics on:  simple design strategies to control/delegate permissions; ensuring and controlling AWS access by 2FA; best practice recommendations to segregate account purposes; and automation-assisted security controls, including who has access and with least privilege, through infrastructure-as-code.

avatar for Lee Doughty

Lee Doughty

Senior Cloud Systems Engineer, Virginia Cyber Range
Lee Doughty is the Senior Cloud Systems Engineer at the Virginia Cyber Range (a commonwealth-funded initiative attached to Virginia Tech). His primary responsibilities include securing and managing the dozens of AWS Accounts used by the range, provisioning tens of thousands of student... Read More →

Tuesday October 8, 2019 10:30am - 11:30am EDT
Allegheny A - C

11:30am EDT

3rd Party Assessments
With the growing need for software, applications, and tools migrating to the cloud combined with regulatory compliance and the need to protect privacy and data, assessments can seem like a bottomless pit. How do we document, assess vendor security, and streamline this process? There are many types of audits and assessments that can be used to help facilitate these goals. This session will help in understanding how to document these assessments, understand how to read the reports, and streamline the process to be repeatable.

Outcomes: Understand the ways to document 3rd party assessments to include documenting any risks or mitigations. Learn how to read and know the difference amongst SOC reports and other provided assurances. Collaborate on ways to streamline the process and maturity models.


Kate Rhodes

Asst. ISO for Risk and Compliance, Old Dominion University
Kate Rhodes is an Assistant Information Security Officer for Old Dominion University. She is an ODU alumni who began her career in Information Security in 2011 when joining the Army. After serving in the Army, she worked in information Security as a contractor for the Navy and NASA... Read More →

Amy Tunison Kobezak

Associate Director, Security Risk and Business Operations, Virginia Tech
avatar for Doug Streit

Doug Streit

CISO & Executive Director IT Security and Planning, Old Dominion University
Doug has served at Old Dominion University for over 20 years, working as a systems engineer, server-systems support manager and technical director. He accepted the responsibilities of Information Security and Identity Management in 2011. Current responsibilities include strategic... Read More →

Tuesday October 8, 2019 11:30am - 12:30pm EDT
Allegheny A - C

2:00pm EDT

Crypto Ransomware: Why is it a billion dollar industry?
We hear frequently in the news about local and state government agencies succumbing to ransomware attacks.  Higher education isn't immune and we may not be prepared as well as we should be.  There are many aspects to this type of attack and, unfortunately, the attackers frequently succeed.  Until ransomware becomes less profitable, it will continue to get worse.  

During this session, we will explore these questions:
  • What does an attack look like and how does it progress?
  • Why is it so profitable and how does cyber insurance factor in?
  • Why are some organizations so vulnerable to it?
  • What can we do to stop this epidemic?


Philip Kobezak

Associate Director, University Information Security Initiatives, Virginia Tech
As the Associate Director of University Information Security Initiatives, Philip is responsible for leading security initiatives that have a broad impact. He has 20 years of experience in higher education IT with 13 years specifically in information security. He maintains six GIAC... Read More →

Tuesday October 8, 2019 2:00pm - 3:00pm EDT
Allegheny A - C

3:30pm EDT

ODU AWS Journey and Lessons Learned
ODU Network and Security Teams share their experiences, gotchas, and lessons learned during the initial buildout of an AWS Design and Architecture using a mix of native AWS tools and traditional enterprise solutions. Driven by the use case of business continuity, but also trying to open the door of a future public cloud service expansion, we cover some tradeoffs and decisions made during the first phase of our migration. We will leave some time for general questions and an open design discussion.

avatar for Tihomir Hristov

Tihomir Hristov

Director, Infrastructure Services, Old Dominion University
With a background in server, storage and heavy network administration, Tihomir Hristov is the lead for Networking at Old Dominion University Information Technology Services. He has spent the past year leading the Public Cloud Acceleration and DevOps/Infrastructure as Code initiatives... Read More →

Mark DeDomenic

Assistant Information Security Officer for Security Operations, Old Dominion University
Mark is the lead for the Security Operations team and serves as one of three Assistant Information Security Officers at Old Dominion University. He graduated from ODU with a B.S. in Computer Science from ODU in 2007 and has been working in information technology at the University... Read More →

Tuesday October 8, 2019 3:30pm - 4:30pm EDT
Allegheny A - C