VASCAN 2020: A Virtual Celebration of Information Security
Planning a conference for over 200 people is no easy undertaking, especially with a global pandemic. Yet, that’s exactly what Chief Information Security Officer Pete Kellogg, with help from various W&M staff members, did for the 2020 VASCAN (Virginia Alliance for Secure Computing and Networking) Conference held on October 1st and 2nd.
The VASCAN conference originally started with just a few participants from local colleges and universities over 15 years ago. It has grown to 220 plus participants this year. The timing is also perfect, given that October is National Cyber Security Awareness Month (NCSAM), so the VASCAN conference helped to kick off awareness and spread resources amongst Virginia's information security professionals.
Kellogg describes the conference as a key way for Virginia information technology professionals, both from higher education institutions and other industries, to connect and learn about the status of information security technology today. The educational opportunities it provides to the Virginia community are a key part of why the conference has continued to grow so successfully.
Kellogg had been planning the conference for over a year. The original plans were to hold the conference in-person in Williamsburg. Yet, as it became clear that it would not be safe for the university to hold large in-person gatherings, Kellogg and the IT department had to switch plans to instead conduct a virtual conference. William & Mary Conference Services provided valuable assistance in making the transition.
The keynote speaker, Chief Information Officer from the US Department of Homeland Security Karen Evans, kicked-off the first day of the conference. Evans spoke about her experience as a Information Security professional, and her work at the Department of Homeland Security, which she joined in June. Evans is in charge of maintaining IT assets and infrastructure to assist the department’s goals. Evans stated that her strategy as CIO is to "identify, detect, protect" which allows for a proactive approach to information security.
After introducing herself and describing her experience and work with DHS, Evans opened the floor to questions from the conference attendees. Evans and the attendees discussed various risks as technology advances, and ways to mitigate them. In the age of the COVID-19 pandemic, Evans has had to focus on balancing risk with security, as most government staff have moved to a "work from home" environment. Maintaining connectedness and productivity while ensuring security is a key part of Evan’s work.
The Founder’s Award is awarded annually for excellence in the information security field, and special efforts to strengthen the field in Virginia. This year Doug Streit, Executive Director of IT at Old Dominion University presented it to Dr. Hongyi Wu, ODU’s Director of the School of Cybersecurity Education and Research. Wu established a new school of cybersecurity at ODU, offering degrees in cybersecurity fields. Members of the ODU IT community praised Dr. Wu for his efforts to improve the field, especially through his plans to train more cybersecurity professionals. Before Dr. Wu was hired at ODU, the school had only 11 students studying cybersecurity, and now the number is over 700. Dr. Wu has set a strong example of how to lead in cybersecurity, and received the Founder’s Award in recognition of his strong contributions to the community.
The remainder of the first day of the conference consisted of various speakers from different colleges across the state as well as other security professionals from companies in Virginia. One of W&M IT’s own, Phil Fenstermacher, Systems Technical Lead, gave a talk that surveyed ways to make security scanning easier, and how to leverage it using container technology.
The second day of the conference provided an opportunity for participants to receive training in a realm of information security. This year, John Strand from Black Hills Information Security volunteered his time to lead a 4 hour long training session about active defenses. Strand’s training session showed participants how to plan to actively defend one’s security system by provoking an attacker to see weaknesses to better defend against them. Additionally, Strand led practice labs for participants to practice the skills he taught.
The VASCAN conference has been a fantastic opportunity for information security professionals to learn how to improve their security planning, and network with other professionals across Virginia. Additionally, William & Mary has consistently played an important role in growing the VASCAN organization. This year’s conference may have looked different online than previous in-person years, but attendees were still able to learn techniques, resources, and strategies regarding information security.