{"id":159161,"date":"2025-08-13T09:54:11","date_gmt":"2025-08-13T13:54:11","guid":{"rendered":"https:\/\/www.bu.edu\/tech\/?page_id=159161"},"modified":"2025-08-13T16:18:38","modified_gmt":"2025-08-13T20:18:38","slug":"2025-2","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/education\/camp\/archives\/2025-2\/","title":{"rendered":"2025"},"content":{"rendered":"

Privileged Access Management (PAM): moving from Project to Program<\/span><\/strong><\/h1>\n

Jon Rice, Ian Altgilbers, Petar Ivanov, Galen Lipin, Tufts University<\/span><\/strong><\/p>\n

Slide Deck<\/h3>
<\/strong><\/p>\n

Privileged Access Management (PAM): moving from Project to Program<\/a><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the talk<\/em><\/h3>
<\/strong><\/p>\n

This group presentation will provide an overview of ongoing efforts to integrate PAM principles, practices, and technologies at Tufts. We will review key milestones, current initiatives, and upcoming steps in the transition from a project-based approach to a broader, programmatic strategy. Along the way, we will highlight the challenges encountered and lessons learned.<\/span><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

Harvard\u2019s approach to risk based vulnerability management<\/span><\/strong><\/h1>\n

Todd Connetta & John Sorel, Harvard University<\/span><\/strong><\/p>\n

Slide Deck and musical track<\/em><\/h3>
<\/strong><\/p>\n

Harvard\u2019s approach to risk based vulnerability management<\/a><\/p>\n\n\/tech\/files\/2025\/08\/RBVM-Rap.mp3<\/a><\/audio>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the talk<\/em><\/h3>
<\/strong><\/p>\n

In 2023,\u00a0<\/span>Harvard<\/span>\u00a0embarked on a three-year initiative\u00a0<\/span>to<\/span>\u00a0modernize its\u00a0<\/span>vulnerability<\/span>\u00a0<\/span>management<\/span>\u00a0<\/span>approach<\/span>. The effort centered on shifting from a high-volume, resource-intensive model\u00a0<\/span>to<\/span>\u00a0a\u00a0<\/span>risk<\/span>–<\/span>based<\/span>\u00a0strategy. The program positions the university\u00a0<\/span>to<\/span>\u00a0prioritize vulnerabilities\u00a0<\/span>based<\/span>\u00a0on standard\u00a0<\/span>risk<\/span>\u00a0fac<\/span>to<\/span>rs, ensuring more efficient resource allocation. The transformation represented a cultural change as much as it did a technology challenge. A dedicated, university-wide program team has carefully aligned key stakeholders and leadership behind new\u00a0<\/span>approach<\/span>\u00a0and now midway through the program\u2019s implementation, the first set of schools and units are adopting this new way of life. The team will first present our problem, balancing increasing demands of\u00a0<\/span>vulnerability<\/span>\u00a0and exposure\u00a0<\/span>management<\/span>\u00a0amid a constantly evolving threat landscape with the pressures of\u00a0<\/span>to<\/span>day\u2019s funding environment and the scarcity of resources. Next, the team will present a brief his<\/span>to<\/span>ry of the solution\u2019s design, build, and implementation before opening a demonstration of the technology. The demonstration will simultaneously communicate how the solution works and the solution\u2019s scaled impact across the university. This portion of the presentation will underscore the importance of managing\u00a0<\/span>risk<\/span>s over lists and clearly communicate a path\u00a0<\/span>to<\/span>\u00a0building that capability. Finally, we will conclude the session with a focus on lessons learned and a summary of key organizational change\u00a0<\/span>management\u00a0<\/span><\/span>activities.<\/span><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

Outsmarting Our Future Selves: Boston College Information Technology Services and the Journey to an Enterprise Password Manager<\/span><\/strong><\/h1>\n

Tiffany Bradford, Boston College<\/span><\/strong><\/p>\n

Slide Deck<\/em><\/h3>
<\/strong><\/p>\n

Outsmarting Our Future Selves: Boston College Information Technology Services and the Journey to an Enterprise Password Manager<\/a><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the talk<\/em><\/h3>
<\/strong><\/p>\n

Passwords, passkeys, API credentials, and SSH keys are more than just tech buzzwords \u2013 they’re daily realities. Join us as we discuss the journey of Boston College\u00a0<\/span>Information Technology Services<\/span>\u00a0(ITS) fr<\/span>om merely the idea of an enterprise password manager to the rollout of a full fledged solution for the department. We will begin with why we chose to procure this type of tool, what should be considered when choosing a vendor for your\u00a0own environment, then move to a lessons learned section, and finish with next steps for our use of the product. We hope this talk provides listeners with a\u00a0forum for those who struggle with credential management but don’t yet have a clear business case for an enterprise password manager, and a place for those who are using an enterprise password manager to think about what’s next for their own tool.<\/span><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the speaker<\/em><\/h3>
<\/strong><\/p>\n
Tiffany Bradford has been working at Boston College for 8 years and has been using a password manager for 6 of those years. She loves collaborating with others and working through difficult problems. When not at work, she and her better half Jordan can be found spending time with their “Cybersecurity Dog”, Kodi, and watching trash TV.\u00a0<\/span><\/div>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

<\/blockquote>\n

Incident Response Tabletop Exercises: They’re not just a game<\/span><\/strong><\/h1>\n

Shane Albright, REN-ISAC<\/span><\/strong><\/p>\n

Slide Deck<\/em><\/h3>
<\/strong><\/span><\/p>\n

Incident Response Tabletop Exercises: They’re not just a game.<\/a><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the talk<\/em><\/h3>
<\/strong><\/span><\/p>\n

Incident response tabletop exercises are an efficient and effective way to test your organization’s incident response plan. They provide a low-stakes opportunity for your staff to learn to respond to incidents in your environment and identify areas of improvement in your incident response process. Tabletop exercises also help highlight the need for collaboration among various roles and teams during an incident. Attendees will learn the fundamentals of planning and facilitating an incident response tabletop exercise with the goal of increasing their organization’s resilience to information security risk. A small portion of this session (<5 minutes) will be dedicated to discussing the value of REN-ISAC’s Information Security Assessment and Advisory Services’ tabletop exercise offerings.<\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the speaker<\/em><\/h3>
<\/strong><\/span><\/p>\n

Shane<\/span>\u00a0<\/span>Albright<\/span>\u00a0began his career as an IT Support Center computer consultant at Indiana University twenty years ago. After a few years working as an infrastructure specialist in enterprise IT for a software company, he returned to IU as a senior system administrator at the Student Health Center where, for over a decade, he was a leader in the management and security of IT infrastructure and services and the protection of electronic protected health information (ePHI).\u00a0<\/span>Shane<\/span>joined the\u00a0<\/span>REN-ISAC<\/span>\u00a0in 2021 as a principal security engineer. For the last year and a half, he\u2019s facilitated\u00a0<\/span>REN-ISAC<\/span>‘s Information Security Assessment and Advisory Services’ tabletop exercises.<\/span><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

Tool Time<\/b><\/strong><\/h1>\n

Alexan Mardigian, Brian Gerdon, Mallory Ren, Boston University\u00a0<\/span><\/strong><\/p>\n

Slide Decks<\/em><\/h3>
<\/strong><\/span><\/p>\n

GitLeaks<\/a><\/p>\n

Duo Hunter<\/a><\/p>\n

Linux Server Secrets Management with Systemd, Python, and Hashicorp Vault<\/a><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the talks<\/em><\/h3>
<\/strong><\/span><\/p>\n
\n

Boston University’s Information Security team has successfully implemented\u00a0<\/span>GitLeak<\/strong>s as a pre-commit hook to prevent credential exposure across their codebase.This presentation will demonstrate practical deployment strategies, share lessons learned from implementation, and provide actionable insights for integrating\u00a0<\/span>GitLeaks<\/strong>\u00a0<\/span>into development workflows.<\/p>\n

Duo Hunter<\/strong>\u00a0<\/span>is a custom tool built to help the BU SOC identify compromised accounts and pivot for additional hunting.<\/p>\n

BU Infrastructure is in early deployment of\u00a0Linux Server Secrets Management with Systemd, Python, and Hashicorp Vault<\/strong>\u00a0to address a core modernization need. This presentation will summarize the implementation, illustrating the importance of agreeing to well-defined interfaces and the necessity of starting from daily user experience to gain adoption.<\/span><\/p>\n<\/div>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

About the speakers<\/h3>
<\/strong><\/span><\/span><\/p>\n

Alexan Mardigian<\/span><\/strong>\u00a0is a CISSP-certified Information Security Engineer at Boston University, where he has served since March 2020 developing and maintaining custom security tools. \u00a0His experience spans developing hardware emulators for the U.S. Air Force, building secure web solutions for diverse clients, security architecture, and creating AI-powered security tools.\u00a0 He is also dedicated to making cybersecurity accessible and understandable, bridging the gap between technical expertise and clear communication.\u00a0 He is currently pursuing his masters degree in computer science, with a focus in cyber security.\u00a0 Outside of his duties at Boston University, he is an avid DJ of electronic music and scuba diver.<\/span><\/p>\n

Brian Gerdon<\/strong>\u00a0<\/span>is a Security Analyst in the SOC at Boston University. Over the past 20 years, Brian has held a variety of roles at BU, including Desktop Support, Network Engineering and Operations, and now Information Security. His primary focus areas are Digital Forensics, Incident Response, and managing the university\u2019s Firewall Services.<\/p>\n

Mallory Ren<\/strong>\u00a0is a Linux Systems Administrator at Boston University. She has been working with Linux, configuration management, and infrastructure for the last ten years and is interested in solving for quality and scale at organizations both big and small.<\/span><\/p>\n

<\/div>\n<\/div>\n<\/strong><\/p>\n

Additional camp links: <\/b><\/strong><\/h1>\n

Warriors of the Net Trailer<\/a><\/p>\n

Warriors of the Net Movie<\/a><\/p>\n

My First Cyber Toolbox: A Fun and Friendly Guide to Internet Safety for Kids<\/a> (link to order)<\/p>\n","protected":false},"excerpt":{"rendered":"

Privileged Access Management (PAM): moving from Project to Program Jon Rice, Ian Altgilbers, Petar Ivanov, Galen Lipin, Tufts University Harvard\u2019s approach to risk based vulnerability management Todd Connetta & John Sorel, Harvard University Outsmarting Our Future Selves: Boston College Information Technology Services and the Journey to an Enterprise Password Manager Tiffany Bradford, Boston College Incident…<\/p>\n","protected":false},"author":4352,"featured_media":0,"parent":18974,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/159161"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=159161"}],"version-history":[{"count":11,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/159161\/revisions"}],"predecessor-version":[{"id":159190,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/159161\/revisions\/159190"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/18974"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=159161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}