REN-ISAC Member Meeting 2025

The REN-ISAC Member Meeting (RIMM) is an exclusive event for REN-ISAC members that offers space for networking, knowledge sharing, and discussing cybersecurity operational protection and response. The conference features updates around existing REN-ISAC resources, previews of new services, and presentations from colleagues in the industry.

A huge thank you to all the members, partners, and colleagues who make RIMM possible every year.

Event Details

RIMM 2025
Thursday, May 22, 2025
8:00 AM – 5:00 PM
Baltimore Marriott Waterfront
Baltimore, MD

Register here

Agenda

7:00 to 7:55 Check-in / Breakfast Buffet
 
8:00 to 8:10 Welcome
 
8:10 to 9:00 REN-ISAC Updates

9:00 to 9:45 Presentation: “Passwordless Authentication”
What are we waiting for – is it time to go Passwordless? Presentation would include:

• What does it really mean to go Passwordless?
• What are the benefits and barriers to going Passwordless?
• Is it time to hop on the Passwordless bandwagon?
• UTampa’s Passwordless Status
• Audience discussion on their school’s stance or progress on going passwordless

9:50 to 10:10 Morning Break
 
10:10 to 10:55 Presentation: “TBD”
Description forthcoming.

11:00 to 11:45 Presentation: “SIEM Implementation, Maintain and Use Effectively in a Higher Environment: A SIEM Case at UALR”
Security Incident and Event Management Systems are underrated systems that can be used to not only monitor activities and collect logs and information but also as a replacement for NDR. In this session, attendees will hear about implementing and using on-prem SIEM systems effectively, and I will share not only some tips and tricks but also lessons learned and the parameters that should be considered during the design phase because a successful implementation starts from the design stage.
This session will also aim to help all attendees to manage the system with limited resources and ways to use available resources in the higher ed environment. UA Little Rock implemented the system just one year ago and sharing experience and details will help all members to use the information in the presentation to implement better systems in their environment and hence have better and more efficient security posture in their environment. 

11:45 to 12:45 Lunch
 
12:45 to 1:20 Open Spaces Facilitated Discussions
 
1:25 to 2:10 Presentation: “TBD”
Description forthcoming.
 
2:15 to 2:30 Afternoon Break
 
2:35 to 3:20 Presentation: “Detection Engineering Lifecycle Management; DevOps for Portable and Repeatable Labbing”
Whether you are in-house security or managing security services for 30+ institutions, it is always a struggle to stay on top of the detection development lifecycle. This session explains OmniSOC’s approach to managing the detection lifecycle, with a focus on validation of detections in a lab environment. Open-source detection rule libraries such as the Elastic Prebuilt Rules repo or SIGMA, will also be discussed. 

3:25 to 4:10 Presentation: “Doing More with Less: Using Automation to Increase Cybersecurity Capabilities and Drive Efficiencies in the Absence of Money and Manpower”
The Georgia Tech Research Institute (GTRI) will discuss how it implemented Security Orchestration, Automation, and Response (SOAR) to automate processes within our Security Operations Center (SOC) as a way to still enhance cybersecurity defenses while dealing with budgetary and talent constraints. In doing so, GTRI will show how this approach resulted in an increase in capabilities, a greater responsiveness to customers, a reduction in errors, and an increase in defenses by greatly reducing our detection and response times in areas like suspicious emails, foreign travel, and security misconfigurations.

4:10 to 5:00 Closing Remarks and Reception