Close menu Resources for... William & Mary
W&M menu close William & Mary

Session Descriptions

VACSCAN 2024

Thursday, October 10th
sessions descriptions
Session Presenter and Description
Go Beyond with Identity

Presenter: Jason Ruby, Okta, Senior Solutions Engineer , jason. ruby@okta.com

Identity is the baseline of a solid Zero Trust strategy and the proven path forward toward institutional resiliency. In this session, you will be among the first to learn all about the latest advancements in Identity that expand from universal log-out to an AI-powered identity solution that works to make the modernization of IT possible and secure.

Round-the-Clock Security: Our Journey to an InHouse 24/7 SOC

Presenter: Luke Watson, Deputy CISO & Matt Thomas, Security Architect, Old Dominion University

Feeling the pressure to establish a 24/7 Security Operations Center? This is the session you can't afford to miss. Discover how we built a low cost and highly effective in-house SOC from scratch, offering a detailed look at our planning, execution, and ongoing management strategies. Learn about the challenges we faced, the innovative solutions we crafted, and the critical lessons we learned along the way. Whether you’re leading IT security, managing operations, or directly involved in security analysis and engineering, this presentation will arm you with the insights and strategies to elevate your organization's security operations to the next level. Join us and transform your approach to round-the-clock security

Securing a multitenant application Platform

Presenter: Phil Fenstermacher, William & Mary, Manager of Systems Deign & Architecture  

The platforms team at William & Mary provides an application platform not just for enterprise applications but also for locally developed faculty and selected student projects. Security and cost accounting are critical In an environment where so many untrustworthy elements co-exist. In this presentation we'll talk about how we enforce security poliices on those applications and deploy them without any human intervention or paid products.

The Night Watch - Adventures in setting up a Student SOC

Presenter: Bob Burton, CISO & Juan Celi, Manager Infrastructure Operations, Radford University 

Over the last 2 years, we have been working through how to have an effective student manned SOC to address after hours monitoring. One of our primary goals has been to ensure that the students are compensated.

Agentless Zero Trust Segmentation

Presenter: Raymond Cheh, Zscaler, Security Architect rzain@zscaler.com

Learn how Zscaler Agentless Zero Trust Segmentation eliminates the risk of east-west lateral movement on local networks. Segment every connected endpoint with full visibility and control. End the complexity of traditional segmentation approaches without hardware upgrades or operational disruption. Especially relevant for IoT and OT devices that cannot install an agent.

Securing Decentralized Devices: Device Security Initiative (DSI)

Presenter: Michael Grinnell, UVA, Interim CISO

University of Virginia has launched a comprehensive program to improve the security posture of devices on the network and handling UVA data. The Device Security Initiative (DSI) will encompass multiple projects addressing endpoint management, network access control, attack surface reduction, and more.

The Needs of the Many Outweigh the Scams of the Few

Presenter: Scottie Wylie, Manager IT Support Center & Ryan Neilson, Security Operations Manager, VCU

As cyber threats grow more sophisticated, traditional identity verification methods have become increasingly vulnerable to exploitation by scammers. This presentation and discussion will delve into the strategic overhaul of identity verification techniques undertaken by help desk and information security teams to combat the alarming rise in incidents where criminals steal personal information and reset passwords. Attendees will learn about the changes VCU made and engage in a conversation about the challenges and solutions in this evolving landscape.

What Have We Been Doing?

Presenter: Randy Marchany, Virginia Tech, CISO

We show the root causes of successful internet attacks over the past 30 years and show that we as an industry haven't really succeeded in eliminating them. Network design and performance will force us to change our security architectures We explore some of the reasons why efforts haven't succeeded. Vendor IT Risk management has been a positive step in addressing some of these faults. We present some tips to improve our ability to respond to attacks.

Modern IR Diaries - Lessons learned from a cyber attack

Presenter: Dan Han, VCU, CISO and Ryan Neilson, Security Operations Manager, VCU

In this presentation, the presenters will share some tactics, tools, and procedures observed in a real cyber attack. The presentation will also reflect on what worked and what didn't from an incident response perspective, in hopes of providing the audience with knowledge and ideas on how to defend against and respond to some of the more modern attack techniques.

Opt in Workflows - Deploying centralized workflows in a decentralized environment

Presenter: Nathan Norris, University of Virginia, Endpoint Management

As part of University of Virginia’s Device Security Initiative we are investigating deployment of standardized settings and policies for endpoints across the university. In this presentation we will show how we came up with our current strategy using top level polices to create a text file structure on each machine that would place them in or take them out of top-level smart groups via extension attributes and allow standard workflows to be applied but not strictly enforced. Some workflows we use this process with: Jamf Connect, S.U.P.E.R.M.A.N. script, MacOS Security Compliance, Common Self Service, Patch management App – Auto - Patch. Will discuss why we choose to deploy in this way in and how some sites may want more customization or control while other may want a set it and forget it approach with more top-level support - will discuss how this is accomplished.

Responding Quickly to Compromised Credentials

Presenter: Beth Lancaster, Virginia Tech IT Security Analyst blancast@vt.edu

Virginia Tech uses a ServiceNow Requestable Item process to respond to compromised credentials incidents. The goal is to respond quickly, resetting passwords and killing user sessions and enabling the user to get back to normal as quickly as possible. This Requestable Item spans multiple Division of IT departments due to Virginia Tech’s users having multiple accounts depending on the service. Password resets are done without emailing the user to prevent alerting the bad actor. This presentation will discuss how this process was created, how it has evolved and how we are continuing to improve it.

AI Opening Experience: Managing security through a Generative AI revolution

Presenter: Dan Han, VCU, CISO

This presentation will provide the audience with an understanding of Generative AI technology, including the ideas behind tokens, LLMs, vector stores, and retrieval augmented generation. Additionally, the presentation will explore the security implications of the various uses of generative AI in an organization, discuss potential controls and secure adoption strategies, as well as emerging threats that may affect how organizations adopt the technology.

Anatomy of a Hack Part 2 Lessons Learned

Presenter: Jer Kong, University of Virginia, Security Analyst

Last VASCAN, we showed some very apparent weaknesses in our implementation of DUO two factor authentication. The attackers were able to exploit a critical flaw in the HOTP authentication challenge request token. Since then, DUO has rethought the implementation, and we have switched over to TOTP based tokens, which thwarts the amount of "time" that the attackers are able to phish a user to hand over their credentials. We will analyze other ways that the attackers have transitioned or pivoted to other mechanisms in order to attempt to still gain a foothold into our user accounts. Discussion into mitigation strategies in order to unearth those kinds of attacks as well.

The World of Personal RF Security

Presenter: T.Weeks, Virginia Cyber Range, Lead Engineer

Touches on the security issues around "Assumed safe" technologies such as keyless car entry/starting, NFC "tap to pay" credit cards, hotel room cards.. the vulnerabilities of each as well as how to defend yourself and your personal RF tech from attack and compromise.

Defend Against Cyberattacks with No-Cost Resources from the MS-ISAC

Presenter: Megan Incerto, MS-ISAC, Regional Engagement Manager  

The Multi-State Information Sharing and Analysis Center (MS-ISAC) offers no-cost membership and cybersecurity resources to all US State, Local, Tribal, and Territorial (SLTT) Government entities including public schools. During this session, we will discuss how your organization can leverage no-cost cybersecurity tools and resources from the MS-ISAC to defend against cyberattacks. We will highlight the CIS Controls cybersecurity best practice recommendations that are accessible to organizations of any size, even with limited resources and explain various no-cost technical tools and services that are available and how to implement them.

Web Vulnerability Management at Scale

Presenter: Riley Pfister & Juan DePaz West, Virginia IT Agency (VITA) 

The COV website Vulnerability Management program was created to ensure all state websites provide a trusted and secure experience for all Virginians. Specifically, the program looks to aid agencies in meeting the COV web standards. The Web Vulnerability Team at VITA will be discussing their process for scanning and distributing findings to COV agencies.

Friday, October 11th
friday's session descriptions
Session Presenter and Description
Eliminating Network Attack Surface in Campus Networking Security and network design have traditionally been tackled separately—because the enterprise network elements did not speak the language of the cybersecurity team. Come and hear about Today’s Broken Perimeters For Network Security, How to Lock Everything Down, and Mandate Zero Trust Access.
TRAINING: Advanced Search Engine Intelligence and Information Integrity The Advanced Search Engine Intelligence and Information Integrity course offers a comprehensive exploration of search engine intelligence. Delving into the intricate workings of search engine algorithms, it extends beyond mainstream platforms like Google, Yandex, and Bing. Participants gain proficiency in utilizing specialized and regional search engines, empowering them to gather intelligence with precision.
Securing the Future: Navigating Microsoft Purview for Information Protection

Presenter: J.D. Sayle & Grant Stewart, George Mason University, IT Security Analysts jsayle@gmu.edu

In this talk, we dive into Mason's journey of transitioning from an aging on-premises file store to a modern solution that leverages Microsoft 365 (M365) and Purview. We'll explore the evaluation process that led us to choose M365 and Purview, talk about environmental setup, and share successes and obstacles with Purview scans. We’ll also address challenges we had to tackle regarding sensitive data, designing effective data label policies, and how we ultimately migrated nearly all on-premises data to the cloud. Join us to learn about our approaches to data classification, scanning, sensitivity labeling, and future use cases within M365 and Purview.

Use Cases - What Does Zero Trust Mean For You?

Presenter: Donald Byers, Cisco, Solutions Architect donbyers@cisco. com

Quick overview of CISA ZT Maturity Model, then dive into specific use cases as they align to each pillar, and what agencies can do to optimize their ZT strategy, possibly with tools they already own.

Linux Forensic Investigation: A Case Study

Presenter: Michael Richardson, George Mason University, IT Security Operations Engineer

The phone calls and e-mails have begun: a system on your network is not being a good internet citizen. Wheels begin turning, decisions made. A Linux server and a related Linux desktop are surrendered, and the decision is made to forensically analyze the machines. In this presentation, we’ll walk through the process of triage, acquisition, analysis, and correlation to other sources of truth to determine what happened with this system. We’ll also review the system mitigations that could have been applied to reduce the risk to the system in the first place. We’ll end on a general discussion of some of the difficulties that can occur with these types of investigations, and some helpful tools.

Security Awareness Programs for Students

Presenter: Mary Jane Bolling, ISO, Virginia Community College System

Germanna Community College is planning to provide security awareness resources to students this fall. This presentation will cover the roll out of these resources and the response to date.

Information Security and Records Management - Higher Ed's Most Overlooked Partnership

Presenter: G. Mark Walsh, Old Dominion University, University Records Manager

Information Security seeks to protect its institution from a variety of internal and external threats - hackers, ransomware, and phishing expeditions to name just three - and there are many ways in which a comprehensive approach to records and information management can work hand-in-glove with Security to protect data and enhance information management. This session will focus on Old Dominion University's Records Management Program to demonstrate this partnership.

Cyber Security Insurance Best Practices

Presenter: Chris Carey, VAcorp, Administrator ccarey@riskprograms.com

Insurance Companies view Cyber Risks through a different lense than Public Entity IT operations. This session will provide insight into the types of claims impacting public entities and educational institutions and the type of Cyber Security posture that insurance companies like to see when evaluating the risk.

IT Procurement Review Process - In search of SOCs and VPATS

Presenter: Pete Kellogg, CISO & Andrew Crawford, Deputy CIO, William & Mary

William & Mary Information Technology will share its process for reviewing IT procurements at the university, both new and renewing. This process aims to ensure we obtain necessary compliance documents such as SOC 2 reports and VPATS. Additionally, we will discuss other criteria we review such as duplicative technologies and services, use of AI technologies (per EO 30), and technologies IT is unable to support. We'll discuss the benefits and challenges of this process and open for a discussion about what others are doing.

Ransomware 4.0: Examining Cybersecurity Incidents from All Angles

Presenter: Sean Stalzer (CISO Dominion Energy), Steve Elovitz (Vice President, Mandiant Incident Response), Beth Waller (Chair Cybersecurity, Woods Rogers) and Christopher Cope (FBI Cyber). 

From anomalous activity to full-scale encryption to a third-party supplier incidents, incident response continues to evolve in 2024 as do best practices. Join leading experts as they examine cybersecurity incidents from the perspective of defending critical infrastructure, forensic best tactics, and managing legal fallout. Step away with practical tips to guard your networks and your organizations against an ever-evolving threat landscape.

Enhancing Security: Building an Internal Red Team for Academic Organizations

Presenter: Caeland Garner, Virginia Tech, Lead Penetration Tester & Security Researcher caeland@vt.edu

Share the journey of establishing a RedTeam, highlight the goals and strategic vision behind forming the team. Will review the development of RedTeam processes, including a discussion on the creation of the standardized report templates and kickoff call itineraries. Explain how these tools ensure consistency and precision in conducting pentests tailored to each department's specific needs. Will discuss the importance of networking within the institution to foster strong relationships. Present a showcase of Pentest results with real-world examples. will touch on the future growth of the RedTeam and its continued role in institutional security.