Strengthening Your Organization/s First Line of Defense, the Humans

Cybersecurity attacks, such as phishing and social engineering, pose a constant threat to your institution’s information technology infrastructure. Educating your users can be a low-cost way to strengthen your first line of defense. The more cybersecurity awareness users have, the more likely they are to protect their accounts, handle data with best practices, and recognize social engineering tactics. 

In this presentation, a team from Worcester Polytechnic Institute’s Information Technology Services will explain the origins of their multimedia cybersecurity education and outreach program, how it can be replicated at other institutions, and lessons learned from the program’s first year. 

The Journey of Innovation- From Concept to Reality at BSU’s Cyber Range

Explore the dynamic journey of bringing Bridgewater State University’s Cyber Range from a visionary concept to an operational reality. This talk will delve into the challenges and breakthroughs encountered in the first six months, highlighting the innovative strategies used to design and implement cutting-edge cybersecurity training. Learn about the collaborative efforts with industry experts, the integration of advanced technologies, and the initial feedback from participants that are shaping the future of the Cyber Range.

Canaries (honeytokens, canary tokens, canary files, canary accounts, etc.) are relatively low-effort, high-gain defensive tools. We used our existing infrastructure and tooling to implement canaries in various places across different services. This solution has been successful in detecting phishing and credential harvesting attacks, and it provides a lot of flexibility in terms of how, when, and where we implement canaries and receive alerts.

A Functional Approach to TTX – BU Security Camp 2024

Tabletop Exercises are something that, as security professionals, we all know that we should be conducting.  But getting them off the ground and into a regular cadence can be challenging and daunting.  Harvard University’s PrivSec team has leveraged a method suggested at the 2023 Educause Cybersecurity and Privacy Professionals Conference to begin conducting tabletop exercises which are repeatable, sustainable, and most importantly low-cost.

Ingrid serves as the Data Privacy and InfoSec Officer for Harvard’s Faculty of Arts & Sciences. In this role, she manages risk by promulgating the university program, ensuring systems are fortified and vulnerabilities are remediated, and by providing for unique school needs. Prior to Harvard, Ingrid served as the Director of R&D for MITRE Engenuity’s Center for Threat-Informed Defense, Security Director at the Center for Digital Resilience, and built a privacy program for a global for-profit corporation.

Adam is a senior member of the Harvard Business School’s Data Privacy and Information Security team.  For over two decades, he has been focused on cybersecurity awareness and education, working with HBS faculty and staff to provide guidance and support for the community.

Phishing-Resistant MFA: Worth Your Time

Reid has worked in operational, research, and architectural cybersecurity roles for over 15 years. He currently focuses on strategies to make enterprise IT systems more resilient to ransomware and extortion tactics.

This presentation explores the essential role of risk management in integrating cybersecurity and artificial intelligence (AI) within higher education. By focusing on protecting sensitive data, ensuring compliance, and developing effective incident response plans, we will highlight how to create a secure academic environment. Additionally, we will demystify AI, emphasizing the importance of understanding its potential and limitations, how to develop clear policies, and assessing institutional needs. Through real-world examples, data-driven insights, and practical recommendations, this talk aims to dispel fears around AI, fostering open discussions and equipping educational leaders with the tools to build an innovative and resilient future.

Monsurat Ottun currently serves as a Cybersecurity Advisor for the Commonwealth of Massachusetts at the Cybersecurity and Infrastructure Security Agency (CISA), an entity within the Department of Homeland Security (DHS). Her role involves enhancing the state’s cyber resilience in collaboration with key partners.

Her professional advancement is rooted in her time as an attorney for the City of Providence, where she distinguished herself by spearheading the development of the city’s cybersecurity infrastructure. This initiative led to her promotion to the city’s first Chief Information Security, Data Privacy, and Risk Management Strategist, where she forged significant interagency relationships and laid the foundation for robust cybersecurity practices.

Subsequently, Monsurat’s career path led her to PricewaterhouseCoopers (PwC), where she directed key project initiatives related to data privacy and protection as well as data and AI governance within the Business Services sector, specifically Products and Technology.

She holds a Juris Doctor from Roger Williams University School of Law and an M.S. in Cybersecurity Governance and Policy from Boston College, supplementing her expertise with certifications including a Certification in Security Management (CISM) and specialized certificates in AI and Cybersecurity from Harvard’s Kennedy School.

Monsurat is an active member of several advisory boards, lending her cybersecurity insights to both educational and industry leadership circles. Her mission is firmly centered on elevating cyber and AI practices to create a secure and unbiased technological environment.