Foreign Influence Briefing Kristopher Grahame FBI
The subject of the talk will be an overview of malign foreign influence operations; how they have changed in the last three to five years, and a walkthrough of two influence operations targeting the United States. I will also discuss how foreign influence targeting academia specifically has changed in its scope and goals
Quantitative Cybersecurity Risk Rob Black, CISSP Fractional CISO
Are you interested in FAIR or other quantitative risk assessments? But maybe you can’t cost justify the time that you think it will take. We have lots of practical experience on how to apply quantitative risk models to organizations. In this session you will learn: Challenges with existing qualitative risk models. How to use a quantitative risk model How to break down threats for use in a quantitative model How to apply frameworks intended for large enterprises to mid-market companies We will walk through a performing a risk assessment on a fictitious organization to better understand the technics
You’re All a Bunch of Phonies! Imposter Syndrome and Information Security Tara Hughes California State University
Imposter Syndrome can cause outwardly successful individuals to be riddled with self-doubt. In the fast-paced world of information security, it can be easy for individuals to second-guess their abilities and attribute success to sheer luck. The consequences for Imposter Syndrome are severe; hurting employees’ ability to grow, collaborate, and experience enjoyment in their career. Tara will provide insight into Imposter Syndrome and its impact on InfoSec as well as steps to help attendees identify and mitigate Imposter Syndrome in themselves and their team.
Common Sense Need Not Apply: Scope, Compliance, and Security Brent Hobby Campus Guard
This presentation will provide an overview of the Internet Policy Research Initiative (IPRI) at MIT and will discuss issues related to key recovery, “going dark” and the risks of providing bad doors. It provides perspectives from various people in industry and law enforcement. It includes issues like why key recovery is risky (in our modern context) and the “state of play”
Attempting Not To Drown in Data: EDR Edition Reid Gilman Boston Children’s Hospital
Our team set out to deploy our endpoint detection & response agent (EDR) to thousands of managed devices in a span of a few weeks without drowning in alerts. The great part about EDRs is that they provide an enormous amount of data. The downside is that they provide an enormous amount of data. When we first rolled out, it was like drinking from a firehose. We’ve pushed the platform to its limits, built some in-house tools to triage & manage alerts, and created sustainable processes. We hope that our lessons learned will be useful to others in the community who find themselves trying to manage an ever-growing data deluge
Panel Discussion: Information Security from the Other Side of the Table Higher Ed IT Panel
As security practitioners we strive to protect data but we often run into challenges when ideal controls meet the reality of a particular scenario. What is it like for our colleagues (Client Services, Network Services, Systems, etc.) in these situations? Through this panel we’ll explore what it’s like to work with us (security practitioners) though the eyes of our colleagues