VASCAN 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Appalachian C [clear filter]
Tuesday, October 8

10:30am EDT

Monitoring and Alerting with Prometheus
Prometheus is an open source monitoring and metrics collection tool that’s recently seen a sharp rise in popularity. At William & Mary we switched from Nagios to Prometheus in just under a week, and are able to monitor more than ever before (250k metrics every 30 seconds using a single server). In this session we’ll talk about how Prometheus monitors things on-prem and in the cloud, how it alerts, and what it took to make the switch.


Phil Fenstermacher

Lead Linux Engineer, William & Mary

Tuesday October 8, 2019 10:30am - 11:30am EDT
Appalachian C

11:30am EDT

GitOps Safely with Tests
GitOps is a technique for managing any number of things using code. Managing systems using code means we can audit changes, conduct peer reviews, and perform automated scans. We’ll talk briefly about what GitOps is and why it’s worth doing before diving in to how you can automatically test before releasing your bots and pipelines on your critical infrastructure.


Phil Fenstermacher

Lead Linux Engineer, William & Mary

Tuesday October 8, 2019 11:30am - 12:30pm EDT
Appalachian C

2:00pm EDT

Next Generation Approach to Security
Complexity is the primary challenge to effective and efficient security today, as evidenced by the endless series of incidents, where mis-configuration and misalignment of security controls are invariably at the heart of devastating breaches. The future of security is evolving in a more complex world, in which growing constellations of security widgets are combined to protect increasingly distributed and dynamic cloud native applications, against ever more sophisticated adversaries. As we move forward, embracing more comprehensive “end to end” application platforms, we have the opportunity to greatly simplify and enhance the effectiveness of all aspects of security.
A platform that reaches from development and testing, thru deployment and orchestration, to governance and analytics can create a single aligning version of the truth, about “what is being protected”, “how it should behave” and “what are the plausible options, if it doesn’t”. 
In this session we will consider how we can leverage long orphaned development, orchestration and governance context, in production to transformatively improve the effectiveness and efficiency of security policy management across the security technical portfolio. We will consider specific examples from each contextual dimension (e.g. development, platform orchestration, governance/classification), to concretely demonstrate how such improvements can be realized in operation. Finally we will highlight how “end to end” platforms are increasingly enabling this kind of capability as an intrinsic aspect of more holistic application focused management.

avatar for Dennis R. Moreau, PhD

Dennis R. Moreau, PhD

Senior Engineering Architect, Cyber Security, VMware
Dennis Moreau is a cyber security architect in the Office of the CTO at VMware. His current efforts focus on designing transformatively simpler, more effective, and more efficient protection in premise, edge and cloud hosting scenarios.   He has worked in collaboration with OASIS... Read More →

Tuesday October 8, 2019 2:00pm - 3:00pm EDT
Appalachian C
Wednesday, October 9

8:30am EDT

Information Security from the CIO Perspective
CIOs will provide their insights on the status, challenges, options and futures around information security operations in higher education. In addition to hearing their perspectives, the presenters will respond to questions from those attending.


Dale Hulvey

Assistant Vice President for Information Technology, James Madison University
Dale Hulvey serves as the CIO and Assistant Vice President for Information Technology at James Madison University.  He provides overall leadership, vision and management of the IT organization consisting of four departments, Computing Support, Information Systems, Technical Services... Read More →

Rusty Waterfield

Associate Vice President for University Services & Chief Information Officer, Old Dominion University
Rusty Waterfield is the Associate Vice President for University Services and CIO of Old Dominion University (ODU). As CIO, he leads the Information Technology Services (ITS) organization which is responsible for developing innovative and scalable solutions and responsive support that... Read More →

Wednesday October 9, 2019 8:30am - 9:30am EDT
Appalachian C

10:00am EDT

Leveraging CUI to Shape University IT
Part one: We’ll present on the technical implementation of our CUI environment and how we satisfied the control requirements of a NIST 800-171 environment.  

Part Two: We’ll discuss how George Mason University architected our CUI and ITAR controlled environment with the goal of moving to a NIST 800-53 moderate based university policy. We’ll discuss how our implementation of our CUI compliant environment is being used to shape next generation central IT for security and services.


Curtis McNay

Director of IT Security, George Mason University
Curtis is the Director of IT Security and the acting Chief Information Security Officer at George Mason University. He has over 30 years of experience working in the hospitality industry and in higher education in various IT roles, including system and network administration, managing... Read More →

Ali Golkar

IT Security Analyst, George Mason University
Ali is an IT Security analyst at GMU. He has been with the GMU IT Security office for almost 3 years, originally joining the team as an intern. He is primarily responsible for leading risk assessment projects, threat and vulnerability analysis, as well as monitoring Mason's CUI environment... Read More →

Joe Braud

Chief Information Security Officer, ePlus, Inc.

Wednesday October 9, 2019 10:00am - 12:00pm EDT
Appalachian C

1:30pm EDT

Using Terraform to Securely Build, Deploy, and Detect Drift in your Cloud Environments
Terraform has gained a lot of attention due to its ability to define "infrastructure as code." While it simplifies and enables version controlling of our infrastructure, how should we integrate these tools into build pipelines? How do we do it in a least-privileged manner (reducing blast radius if something happened)? How can we automatically detect when our infrastructure has drifted from our configuration, either intentionally or maliciously? And how can we share best practices more easily across our organizations? In this workshop, we will learn (in a hands-on manner) best practices for each of these in a simple project environment utilizing AWS. While Terraform experience is recommended, it is not required. All are welcome to attend!

avatar for Michael Irwin

Michael Irwin

Application Architect, Virginia Tech
Michael Irwin is an Application Architect at Virginia Tech who is striving to modernize how software is developed and run on campus by driving the adoption of Docker-based workloads, CI/CD pipelines, the public cloud, single-page applications, and more. He is a recognized Docker Captain... Read More →

Wednesday October 9, 2019 1:30pm - 3:30pm EDT
Appalachian C