Loading…
VASCAN 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Appalachian A & B [clear filter]
Tuesday, October 8
 

10:30am EDT

VASCAN DevOps Toolset Landscape
With the explosion of public cloud and private cloud adoption, the DevOps tools landscape has become increasing saturated and nuanced. A myriad of tools (Ansible, Chef, Puppet, Terraform, CloudFormation, container orchestration, etc.) now present themselves as options for configuration management and infrastructure provisioning. In this session we will look at the use cases for automation, orchestration and intent-based IT infrastructure provisioning. We will contrast and compare the pros and cons of the most popular offerings in the industry and also discuss various security considerations and implications to environment, data, and CI/CD process security in a DevOps world.

Speakers
avatar for Tihomir Hristov

Tihomir Hristov

Director, Infrastructure Services, Old Dominion University
With a background in server, storage and heavy network administration, Tihomir Hristov is the lead for Networking at Old Dominion University Information Technology Services. He has spent the past year leading the Public Cloud Acceleration and DevOps/Infrastructure as Code initiatives... Read More →


Tuesday October 8, 2019 10:30am - 11:30am EDT
Appalachian A & B

11:30am EDT

Strong Roots, Strong Trees: Implementing CIS Control 1
A look into our journey towards implementing CIS Control 1, “Inventory and Control of Hardware Assets” in a decentralized environment.  CIS Control 1 is the foundation of a comprehensive security program.  University of Virginia is using multiple asset discovery systems and processes to attempt to build a complete inventory of systems on our network.  This will strengthen other CIS controls and security measures.  Take a walk with us and see how we are doing this, what’s working, what’s not, and future plans.

Speakers
MG

Michael Grinnell

Deputy CISO, University of Virginia
Michael Grinnell is the Deputy CISO at University of Virginia. He has worn many different hats in his career, including security analyst, operations director, and enterprise architect. He is currently working on implementing a comprehensive information security program at UVa. Michael... Read More →


Tuesday October 8, 2019 11:30am - 12:30pm EDT
Appalachian A & B

2:00pm EDT

Shifting Left with App Sec
Vulnerable web applications are one of the primary contributors to compromises within an organization, as a compromised public web application can provide attackers with a foothold into the organization’s environment. From traditional web application vulnerabilities to the use of insecure libraries, it is getting more and more difficult to defend critical web applications against cyberattacks. Compounded with the shift to DevOps methodology and the use of Continuous Integration and Continuous Delivery models, the way application security is managed must adapt to the speed and agility of modern software development shops. This talk will focus on VCU’s vision and approach in designing and implementing an application security model over the past 3 years to help build security into application delivery pipelines.

Speakers
DH

Dan Han

Chief Information Security Officer, Virginia Commonwealth University
Dan is the Chief Information Security Officer for the Virginia Commonwealth University. He has over 17 years of experience working in various roles in IT and focused on information security management in the higher education and healthcare sector for the past 13 years. Dan specializes... Read More →


Tuesday October 8, 2019 2:00pm - 3:00pm EDT
Appalachian A & B

3:30pm EDT

Strengthening your Organization's Cyber Security Posture with the CIS Controls and Open Source Tools
The assessment of critical controls and improvement plans can be considered a way of enhancing the security posture through implementation and monitoring of technical controls. This presentation will address the process of implementing and monitoring some of the CIS Controls using a mix of Open source and Commercial Tools in conjuction with continuous monitoring of security controls driven by the SIEM  and providing valuable Threat Intelligence.

The presentation will focus on the following topics:
  • CIS Controls
  • Incident Case Management
  • SIEM Analytics
  • Data Enrichment
  • Malware Analysis
  • Automation and Orchestration
  • Threat Intelligence

Speakers
DT

Daniel Terceros

Senior Information Security Analyst, Georgetown University
Daniel Terceros is a Senior Security Analyst at Georgetown University with a focus on Incident Response and Threat Detection. He holds a M.S. in Telecommunication and Security Forensics along with several professional designations including the Security+, Certified Ethical Hacker... Read More →


Tuesday October 8, 2019 3:30pm - 4:30pm EDT
Appalachian A & B
 
Wednesday, October 9
 

8:30am EDT

GDPR and Privacy Shifts in the US
The presentation will cover the impact of GDPR on privacy in the EU as it relates to the violation and levying of fines against corporations.  The discussion will also include the shift in the mindset towards privacy in the US and how many states are changing their laws to adjust.  There will be an analysis of how this will impact the perspective of data privacy as a right of citizens in the US and various states.

Speakers
SS

Shana Sumpter

Director of Information Security, University of Richmond
Shana Bumpas has been an information technology professional for over twenty years working in both public and private sectors.  The last ten years have been focused in cybersecurity.  After serving in the US Navy as an aviation electronics technician, she started a career in information... Read More →


Wednesday October 9, 2019 8:30am - 9:30am EDT
Appalachian A & B

10:00am EDT

VASCAN Community Shared Vendor Assessments
The move to cloud-enabled applications has changed the face of departmental technology spending as a host of applications and services have become available for departments to purchase. This expansion of applications across our schools, which are often offered by young companies leveraging hosted data centers, have presented challenges to traditional risk management. This session will present work being done by several VASCAN participating schools – VCU, JMU, VT, W&M, VMI, UVA, and ODU. A model for sharing results of 3rd party vendor assessments has a hope to streamline assessments and risk decisions. Come hear about the work being done and join the discussion on a shared assessment model that can help all of our schools to focus our efforts on the highest risks, and scale our limited resources to this growing area of support.

Speakers
avatar for Doug Streit

Doug Streit

CISO & Executive Director IT Security and Planning, Old Dominion University
Doug has served at Old Dominion University for over 20 years, working as a systems engineer, server-systems support manager and technical director. He accepted the responsibilities of Information Security and Identity Management in 2011. Current responsibilities include strategic... Read More →
DH

Dan Han

Chief Information Security Officer, Virginia Commonwealth University
Dan is the Chief Information Security Officer for the Virginia Commonwealth University. He has over 17 years of experience working in various roles in IT and focused on information security management in the higher education and healthcare sector for the past 13 years. Dan specializes... Read More →
avatar for Darlene Quackenbush

Darlene Quackenbush

Information Security SIG, James Madison University
Darlene leads JMU’s information security program in the areas of security planning, risk and contingency management, and incident response. She also facilitates information technology policy development, strategic planning, and audit processes for JMU's Information Technology department... Read More →
AT

Amy Tunison Kobezak

Associate Director, Security Risk and Business Operations, Virginia Tech
PK

Pete Kellogg

Director of Infrastructure Services, College of William & Mary
Pete is a graduate of Rider University in Lawrenceville, New Jersey, where he earned a Bachelor's degree in English Literature. He went on to receive an MBA from the Mason School of Business at the College of William and Mary in 1997. Pete holds professional certifications from the... Read More →
FV

Flex Vaughn

Information Security Officer, Virginia Military Institute


Wednesday October 9, 2019 10:00am - 11:00am EDT
Appalachian A & B

11:00am EDT

Positive IT Security Risk Scoring
The Virginia Tech IT Security Laboratory is developing an experimental risk scoring system.  The goal of this system is to give risk scores to IT assets and help system managers and administrators improve scores over time.  

An alternate goal of this system is to improve relations between security teams and operational teams.  All too often, security teams submit vulnerability reports or assessments to IT Managers that may not positively encourage their teams to take action.  We hope that risk scores will be more encouraging and seen in a positive light.  Operational teams will be able to see their scores and work to improve them over time and constantly obtain slightly better scores (and security).  They will also be able to have friendly competitions with other areas across campus to see who can achieve the best score!

Speakers
RM

Randy Marchany

Information Security Officer, Virginia Tech
BT

Brad Tilley

Sr. Security Architect, Virginia Tech
Brad has more than 20 years of experience in systems programming, ITmanagement and IT security. Before returning to Virginia Tech, Brad wasthe Information Security Officer at Radford University where hesuccessfully led the university's information security program for anumber of years... Read More →
NG

Nick Gomez

Student Researcher, Virginia Tech
Nick is a student researcher in the IT Security Laboratory. He is an ECE major at Virginia Tech with a Cyber Security minor. Nick plans to graduate in May 2020.


Wednesday October 9, 2019 11:00am - 12:00pm EDT
Appalachian A & B

1:30pm EDT

Security Operations from a GRC Practitioner's Perspective
Historically, Security Operations (SecOps) has been seen as threat management activities driven by control requirements in an organization’s GRC framework. It’s rare that SecOps is used to drive the shape of GRC in an organization. This talk will provide the view of someone who’s done both SecOps and GRC and will discuss how SecOps can be leveraged to drive GRC frameworks, controls, and decisions.

Speakers
JC

Joshua Cole

Chief Technology Officer, Assura, Inc.
Josh was one of those kids who was staring at a computer monitor rather than having a social life. He fell in love with computers the first time he laid hands on an Apple II+ in 1983. His first computer was a Timex Sinclair 1000 with 2K(!) of RAM and a blazing fast 3.25 MHz processor... Read More →


Wednesday October 9, 2019 1:30pm - 2:30pm EDT
Appalachian A & B

2:30pm EDT

After the Storm: Lessons Learned From a 3 Year Security Enhancement Program
After experiencing a major security incident in 2015, the University of Virginia rebuilt core infrastructure and embarked on a 3 year, 36 projects and initiatives, program to improve information security. Learn from our successes and challenges in implementing multiple concurrent security products and changes in a decentralized university environment. Policies, MFA, server and endpoint security, log correlation, phishing simulations, user awareness training, and network protections: there's something for everyone!

Speakers
MG

Michael Grinnell

Deputy CISO, University of Virginia
Michael Grinnell is the Deputy CISO at University of Virginia. He has worn many different hats in his career, including security analyst, operations director, and enterprise architect. He is currently working on implementing a comprehensive information security program at UVa. Michael... Read More →


Wednesday October 9, 2019 2:30pm - 3:30pm EDT
Appalachian A & B

3:45pm EDT

Cyber Security Risk Assessment Findings
The presentation will detail a year’s worth of findings from cyber security risk assessments performed by the GO Virginia cyber security program students. While undergoing assessments for businesses and municipalities around the Shenandoah Valley, a large number of similar gaps were discovered across many organizations. The purpose of the presentation is to make IT professionals aware of common shortfalls with cyber security maturity. In addition, the genesis and methodology of the study will be shared so that participants may learn from the findings, and may also may contribute stories of their own.

The session will also discuss the cyber security job program provided by the GO Virginia grant. In less than a year, twenty-four students have completed class work, earned their CompTIA Security+ certification, and have received job training. Seven of those students now have better jobs or positions, while six more have brand news jobs that the program brought to Waynesboro, Virginia. We are currently working with a US Congressional Representative on adapting the foundation of our program for use with the proposed bi-partisan Cyber Ready Workforce Act.

Speakers
DO

Dan OBrien

GO Virginia Cyber Security Program Manager and Instructor, Blue Ridge Community College
Dan OBrien is the current GO Virginia Cyber Security Program Manager and Instructor at Blue Ridge Community College. With over 20 years of experience in the computer networking and cyber security industry, Dan’s background includes work with the US Departments of Treasury and Justice... Read More →


Wednesday October 9, 2019 3:45pm - 4:45pm EDT
Appalachian A & B