REN-ISAC Annual Member Meeting

7:00 to 7:55 Check-in / Breakfast Buffet
 
8:00 to 8:10 Welcome
 
8:10 to 9:00 REN-ISAC Updates

9:00 to 9:45 Presentation: “Attack Surface Management”
The presentation will cover attack surface management, specifically how you can get started using data and tools that you already have (Zeek, firewall, and NetFlow logs) to identify services running on their network. I will provide examples from the National Center for Supercomputing Applications where we use Zeek, Splunk, and a custom scanner available on GitHub.

9:50 to 10:10 Morning Break
 
10:10 to 10:55 Presentation: “The Increasing Complexity of the Cybersecurity Regulatory Environment in Federal Research”
With the National Security Presidential Memorandum 33 (NSPM-33) and Cybersecurity Maturity Model Certification (CMMC) requirements upon us in the federally funded research space, it is critical that we have a firm grasp of what they are, what they mean, and the level of effort to become compliant. The presentation will introduce the NSPM-33 and the CMMC, discuss their current status, and share how Georgia Tech Research Institute is preparing to meet the challenge of becoming compliant.

11:00 to 11:45 Presentation: “Security as a Service: A Consolidated Approach for Cybersecurity”
In this interactive, engaging session we will describe how we are delivering comprehensive cybersecurity for 4 Universities of Wisconsin institutions. We will dive into each of the services: cyber defense, risk & compliance and awareness. We will also cover how we provide integrated strategic security support (BCISO) to our campus partners. We will illustrate how the central IT team is providing complimentary IT as a Service services.
 
11:45 to 12:45 Lunch
 
12:45 to 1:30 Open Spaces Facilitated Discussions
 
1:35 to 2:20 Presentation: “Data Source Priority and Threat Hunting; Unveiling Best Practices and Lessons Learned”
This session focuses on how OmniSOC has matured over the last 5 years-going from IDS analysts to empirical based threat hunting utilizing endpoint logs and threat intelligence. Attendees will be introduced to concepts such as top techniques, chokepoints as well as how OmniSOC has utilized the MITRE ATT&CK framework to guide prioritization efforts.
 
2:20 to 2:40 Afternoon Break
 
2:40 to 3:25 Presentation: “Vulnerability Management: The Art of Effective Nagging”
Beginning in September 2022, the University of Waterloo launched a new Vulnerability Management Initiative. This process uses information from the Qualys IT Security platform and other sources, along with a defined escalation procedure, to ensure the remediation of IT security vulnerabilities across the institution. This initiative has also proved an exercise in balancing friction with campus IT groups while standardizing security best practices. This talk will discuss the philosophy and history behind the Vulnerability Management program at the University of Waterloo, technical details of the vulnerability reporting process, as well as its successes, failures, tribulations, and future.
 
3:30 to 4:25 Panel: “Best Practices for Obtaining Executive and Board-Level Commitment to Information Security”
Cyber security represents critical risks to our institutions, but many organizations struggle to justify, much less obtain, information security investments until a major incident occurs. This is a worrisome issue to governing bodies and executive management as data breaches, fraud-scams, and identity theft are on the rise.
The presenters will share tips and tricks for gaining buy-in, commitment, resources, and attention for information security.

Attendees will be able to take these practical, real-life ideas and use them at their respective institutions.

4:30 to 4:45 Closing Remarks