Jon Rice, Tufts University
Coming soonAbout the talk: PAM
Coming soonAbout the speaker
Todd Connetta & John Sorel, Harvard University
In 2023, Harvard embarked on a three-year initiative to modernize its vulnerability management approach. The effort centered on shifting from a high-volume, resource-intensive model to a risk–based strategy. The program positions the university to prioritize vulnerabilities based on standard risk factors, ensuring more efficient resource allocation. The transformation represented a cultural change as much as it did a technology challenge. A dedicated, university-wide program team has carefully aligned key stakeholders and leadership behind new approach and now midway through the program’s implementation, the first set of schools and units are adopting this new way of life. The team will first present our problem, balancing increasing demands of vulnerability and exposure management amid a constantly evolving threat landscape with the pressures of today’s funding environment and the scarcity of resources. Next, the team will present a brief history of the solution’s design, build, and implementation before opening a demonstration of the technology. The demonstration will simultaneously communicate how the solution works and the solution’s scaled impact across the university. This portion of the presentation will underscore the importance of managing risks over lists and clearly communicate a path to building that capability. Finally, we will conclude the session with a focus on lessons learned and a summary of key organizational change management activities.About the talk: Harvard’s approach to risk based vulnerability management
Coming soonAbout the speakers
Tiffany Bradford, Boston College
Coming soonAbout the talk: Enterprise Password Manager
Coming soonAbout the speaker
Shane Albright, REN-ISAC
Incident response tabletop exercises are an efficient and effective way to test your organization’s incident response plan. They provide a low-stakes opportunity for your staff to learn to respond to incidents in your environment and identify areas of improvement in your incident response process. Tabletop exercises also help highlight the need for collaboration among various roles and teams during an incident. Attendees will learn the fundamentals of planning and facilitating an incident response tabletop exercise with the goal of increasing their organization’s resilience to information security risk. A small portion of this session (<5 minutes) will be dedicated to discussing the value of REN-ISAC‘s Information Security Assessment and Advisory Services’ tabletop exercise offerings.About the talk: Incident Response Tabletop Exercises: They're not just a game.
Shane Albright began his career as an IT Support Center computer consultant at Indiana University twenty years ago. After a few years working as an infrastructure specialist in enterprise IT for a software company, he returned to IU as a senior system administrator at the Student Health Center where, for over a decade, he was a leader in the management and security of IT infrastructure and services and the protection of electronic protected health information (ePHI). Shanejoined the REN-ISAC in 2021 as a principal security engineer. For the last year and a half, he’s facilitated REN-ISAC‘s Information Security Assessment and Advisory Services’ tabletop exercises.About the speaker
Alexan Mardigian, Brian Gerdon, Mallory Ren, Boston University
Boston University’s Information Security team has successfully implemented GitLeaks as a pre-commit hook to prevent credential exposure across their codebase.This presentation will demonstrate practical deployment strategies, share lessons learned from implementation, and provide actionable insights for integrating GitLeaks into development workflows. Duo Hunter is a custom tool built to help the BU SOC identify compromised accounts and pivot for additional hunting.Tool Time
Alexan Mardigian is a CISSP-certified Information Security Engineer at Boston University, where he has served since March 2020 developing and maintaining custom security tools. His experience spans developing hardware emulators for the U.S. Air Force, building secure web solutions for diverse clients, security architecture, and creating AI-powered security tools. He is also dedicated to making cybersecurity accessible and understandable, bridging the gap between technical expertise and clear communication. He is currently pursuing his masters degree in computer science, with a focus in cyber security. Outside of his duties at Boston University, he is an avid DJ of electronic music and scuba diver. Brian Gerdon is a Security Analyst in the SOC at Boston University. Over the past 20 years, Brian has held a variety of roles at BU, including Desktop Support, Network Engineering and Operations, and now Information Security. His primary focus areas are Digital Forensics, Incident Response, and managing the university’s Firewall Services. About the speakers