Session Descriptions

Presenter: Jason Ruby, Okta, Senior Solutions Engineer , jason. ruby@okta.com

Identity is the baseline of a solid Zero Trust strategy and the proven path forward toward institutional resiliency. In this session, you will be among the first to learn all about the latest advancements in Identity that expand from universal log-out to an AI-powered identity solution that works to make the modernization of IT possible and secure.

Presenter: Luke Watson, Deputy CISO & Matt Thomas, Security Architect, Old Dominion University

Feeling the pressure to establish a 24/7 Security Operations Center? This is the session you can't afford to miss. Discover how we built a low cost and highly effective in-house SOC from scratch, offering a detailed look at our planning, execution, and ongoing management strategies. Learn about the challenges we faced, the innovative solutions we crafted, and the critical lessons we learned along the way. Whether you’re leading IT security, managing operations, or directly involved in security analysis and engineering, this presentation will arm you with the insights and strategies to elevate your organization's security operations to the next level. Join us and transform your approach to round-the-clock security

Presenter: Phil Fenstermacher, William & Mary, Manager of Systems Deign & Architecture  

The platforms team at William & Mary provides an application platform not just for enterprise applications but also for locally developed faculty and selected student projects. Security and cost accounting are critical In an environment where so many untrustworthy elements co-exist. In this presentation we'll talk about how we enforce security poliices on those applications and deploy them without any human intervention or paid products.

Presenter: Bob Burton, CISO & Juan Celi, Manager Infrastructure Operations, Radford University 

Over the last 2 years, we have been working through how to have an effective student manned SOC to address after hours monitoring. One of our primary goals has been to ensure that the students are compensated.

Presenter: Raymond Cheh, Zscaler, Security Architect rzain@zscaler.com

Learn how Zscaler Agentless Zero Trust Segmentation eliminates the risk of east-west lateral movement on local networks. Segment every connected endpoint with full visibility and control. End the complexity of traditional segmentation approaches without hardware upgrades or operational disruption. Especially relevant for IoT and OT devices that cannot install an agent.

Presenter: Michael Grinnell, UVA, Interim CISO

University of Virginia has launched a comprehensive program to improve the security posture of devices on the network and handling UVA data. The Device Security Initiative (DSI) will encompass multiple projects addressing endpoint management, network access control, attack surface reduction, and more.

Presenter: Scottie Wylie, Manager IT Support Center & Ryan Neilson, Security Operations Manager, VCU

As cyber threats grow more sophisticated, traditional identity verification methods have become increasingly vulnerable to exploitation by scammers. This presentation and discussion will delve into the strategic overhaul of identity verification techniques undertaken by help desk and information security teams to combat the alarming rise in incidents where criminals steal personal information and reset passwords. Attendees will learn about the changes VCU made and engage in a conversation about the challenges and solutions in this evolving landscape.

Presenter: Randy Marchany, Virginia Tech, CISO

We show the root causes of successful internet attacks over the past 30 years and show that we as an industry haven't really succeeded in eliminating them. Network design and performance will force us to change our security architectures We explore some of the reasons why efforts haven't succeeded. Vendor IT Risk management has been a positive step in addressing some of these faults. We present some tips to improve our ability to respond to attacks.

Presenter: Dan Han, VCU, CISO

In this presentation, the presenters will share some tactics, tools, and procedures observed in a real cyber attack. The presentation will also reflect on what worked and what didn't from an incident response perspective, in hopes of providing the audience with knowledge and ideas on how to defend against and respond to some of the more modern attack techniques.

Presenter: Nathan Norris, University of Virginia, Endpoint Management

As part of University of Virginia’s Device Security Initiative we are investigating deployment of standardized settings and policies for endpoints across the university. In this presentation we will show how we came up with our current strategy using top level polices to create a text file structure on each machine that would place them in or take them out of top-level smart groups via extension attributes and allow standard workflows to be applied but not strictly enforced. Some workflows we use this process with: Jamf Connect, S.U.P.E.R.M.A.N. script, MacOS Security Compliance, Common Self Service, Patch management App – Auto - Patch. Will discuss why we choose to deploy in this way in and how some sites may want more customization or control while other may want a set it and forget it approach with more top-level support - will discuss how this is accomplished.

Presenter: Beth Lancaster, Virginia Tech IT Security Analyst blancast@vt.edu

Virginia Tech uses a ServiceNow Requestable Item process to respond to compromised credentials incidents. The goal is to respond quickly, resetting passwords and killing user sessions and enabling the user to get back to normal as quickly as possible. This Requestable Item spans multiple Division of IT departments due to Virginia Tech’s users having multiple accounts depending on the service. Password resets are done without emailing the user to prevent alerting the bad actor. This presentation will discuss how this process was created, how it has evolved and how we are continuing to improve it.

Presenter: Dan Han, VCU, CISO

This presentation will provide the audience with an understanding of Generative AI technology, including the ideas behind tokens, LLMs, vector stores, and retrieval augmented generation. Additionally, the presentation will explore the security implications of the various uses of generative AI in an organization, discuss potential controls and secure adoption strategies, as well as emerging threats that may affect how organizations adopt the technology.

Presenter: Jer Kong, University of Virginia, Security Analyst

Last VASCAN, we showed some very apparent weaknesses in our implementation of DUO two factor authentication. The attackers were able to exploit a critical flaw in the HOTP authentication challenge request token. Since then, DUO has rethought the implementation, and we have switched over to TOTP based tokens, which thwarts the amount of "time" that the attackers are able to phish a user to hand over their credentials. We will analyze other ways that the attackers have transitioned or pivoted to other mechanisms in order to attempt to still gain a foothold into our user accounts. Discussion into mitigation strategies in order to unearth those kinds of attacks as well.

Presenter: T.Weeks, Virginia Cyber Range, Lead Engineer

Touches on the security issues around "Assumed safe" technologies such as keyless car entry/starting, NFC "tap to pay" credit cards, hotel room cards.. the vulnerabilities of each as well as how to defend yourself and your personal RF tech from attack and compromise.

Presenter: Megan Incerto, MS-ISAC, Regional Engagement Manager  

The Multi-State Information Sharing and Analysis Center (MS-ISAC) offers no-cost membership and cybersecurity resources to all US State, Local, Tribal, and Territorial (SLTT) Government entities including public schools. During this session, we will discuss how your organization can leverage no-cost cybersecurity tools and resources from the MS-ISAC to defend against cyberattacks. We will highlight the CIS Controls cybersecurity best practice recommendations that are accessible to organizations of any size, even with limited resources and explain various no-cost technical tools and services that are available and how to implement them.

Presenter: Jesse Castellani, VCU, Security Architect

VCU deployed a SASE product well over a year ago. In presentation, we'll look back on the previous year: the challenges, the ambitions and where we plan to go from here.

Presenter: Riley Pfister & Juan DePaz West, Virginia IT Agency (VITA) 

The COV website Vulnerability Management program was created to ensure all state websites provide a trusted and secure experience for all Virginians. Specifically, the program looks to aid agencies in meeting the COV web standards. The Web Vulnerability Team at VITA will be discussing their process for scanning and distributing findings to COV agencies.

Presenter: J.D. Sayle & Grant Stewart, George Mason University, IT Security Analysts jsayle@gmu.edu

In this talk, we dive into Mason's journey of transitioning from an aging on-premises file store to a modern solution that leverages Microsoft 365 (M365) and Purview. We'll explore the evaluation process that led us to choose M365 and Purview, talk about environmental setup, and share successes and obstacles with Purview scans. We’ll also address challenges we had to tackle regarding sensitive data, designing effective data label policies, and how we ultimately migrated nearly all on-premises data to the cloud. Join us to learn about our approaches to data classification, scanning, sensitivity labeling, and future use cases within M365 and Purview.

Presenter: Donald Byers, Cisco, Solutions Architect donbyers@cisco. com

Quick overview of CISA ZT Maturity Model, then dive into specific use cases as they align to each pillar, and what agencies can do to optimize their ZT strategy, possibly with tools they already own.

Presenter: Michael Richardson, George Mason University, IT Security Operations Engineer

The phone calls and e-mails have begun: a system on your network is not being a good internet citizen. Wheels begin turning, decisions made. A Linux server and a related Linux desktop are surrendered, and the decision is made to forensically analyze the machines. In this presentation, we’ll walk through the process of triage, acquisition, analysis, and correlation to other sources of truth to determine what happened with this system. We’ll also review the system mitigations that could have been applied to reduce the risk to the system in the first place. We’ll end on a general discussion of some of the difficulties that can occur with these types of investigations, and some helpful tools.

Presenter: Mary Jane Bolling, ISO, Virginia Community College System

Germanna Community College is planning to provide security awareness resources to students this fall. This presentation will cover the roll out of these resources and the response to date.

Presenter: G. Mark Walsh, Old Dominion University, University Records Manager

Information Security seeks to protect its institution from a variety of internal and external threats - hackers, ransomware, and phishing expeditions to name just three - and there are many ways in which a comprehensive approach to records and information management can work hand-in-glove with Security to protect data and enhance information management. This session will focus on Old Dominion University's Records Management Program to demonstrate this partnership.

Presenter: Chris Carey, VAcorp, Administrator ccarey@riskprograms.com

Insurance Companies view Cyber Risks through a different lense than Public Entity IT operations. This session will provide insight into the types of claims impacting public entities and educational institutions and the type of Cyber Security posture that insurance companies like to see when evaluating the risk.

Presenter: Pete Kellogg, CISO & Andrew Crawford, Deputy CIO, William & Mary

William & Mary Information Technology will share its process for reviewing IT procurements at the university, both new and renewing. This process aims to ensure we obtain necessary compliance documents such as SOC 2 reports and VPATS. Additionally, we will discuss other criteria we review such as duplicative technologies and services, use of AI technologies (per EO 30), and technologies IT is unable to support. We'll discuss the benefits and challenges of this process and open for a discussion about what others are doing.

Presenter: Sean Stalzer (CISO Dominion Energy), Steve Elovitz (Vice President, Mandiant Incident Response), and Beth Waller (Chair Cybersecurity, Woods Rogers)

From anomalous activity to full-scale encryption to a third-party supplier incidents, incident response continues to evolve in 2024 as do best practices. Join leading experts as they examine cybersecurity incidents from the perspective of defending critical infrastructure, forensic best tactics, and managing legal fallout. Step away with practical tips to guard your networks and your organizations against an ever-evolving threat landscape.

Presenter: Caeland Garner, Virginia Tech, Lead Penetration Tester & Security Researcher caeland@vt.edu

Share the journey of establishing a RedTeam, highlight the goals and strategic vision behind forming the team. Will review the development of RedTeam processes, including a discussion on the creation of the standardized report templates and kickoff call itineraries. Explain how these tools ensure consistency and precision in conducting pentests tailored to each department's specific needs. Will discuss the importance of networking within the institution to foster strong relationships. Present a showcase of Pentest results with real-world examples. will touch on the future growth of the RedTeam and its continued role in institutional security.