Schedule

Tuesday, July 20

-
  • Beginner

    According to a recent survey conducted by a leading security firm, 76% of respondents experienced phishing attacks.  The threat from phishing attacks is real and causes data breaches, financial loss, and system compromises like ransomware.  This presentation will cover real-life phishing attacks observed at UC and the various motives of the phishers.  Attendees will see first-hand the methods used by attackers to lure potential victims into clicking links or responding with information that ultimately benefits the attackers. —

-
  • Securing Information, Assets and Systems
    SSMS - Room 1301/1302

    Beginner

    Do you approach change by hitting your users over the head with the same communications strategy or do you hit the nail on the head with targeted communication and outreach efforts? Let’s face it change is painful and inconvenient, especially when you’re competing with the distractions of a busy community. Beginning spring 2018 IT Security rolled out a set of initiatives to improve data, network, and system protection. We knew from experience that internal change was often—

-
  • Securing Information, Assets and Systems
    Girvetz Hall - Room 2123

    Intermediate

    At the request of the presenter, this session was not recorded. - UCTech 2019 Planning Committee

    We'll share our experience with a top-right quadrant SIEM, including benefits, pitfalls, operation and support.

    • How to learn to use the SIEM
    • Best use of vendor resources
    • What we expected & what we got
    • Leveraging for a small team
    • Metrics vs Measurements/Actionable Numbers
    • Runbook-style procedures
    • Extending to the cloud
    • Useful dashboards/reports
    • What we would do differently

     

  • Intermediate

    When UCLA HumTech converted a homegrown application to a serverless app, we had to rethink how we approached data security. While UCLA has a number of solutions to protect student data, most of these solutions assume that there's a server to run on. A serverless app requires rethinking how we accessed Shibboleth, queried the student record system, and protected resources.

    This talk will present our experience securing a serverless application. It is for developers, system administrators, and—

  • Intermediate

    This workshop will demonstrate how to use free open-source tools to set up a safe environment to explore a deliberately insecure web application to train yourself or other web-application developers on web-application security.

Wednesday, July 21

-

-
  • Securing Information, Assets and Systems
    UCEN - Flying A Studios

    Beginner

    Concealing database credentials and rotating passwords is usually an exhaustive activity - for system administrators, database administrators, application developers, and security auditors.  Discover how your organization can save time by using AWS Secrets Manager.

    See how the AJS developers at UCOP created an AWS CloudFormation template to add a secret to the AWS Secrets Manager to both encrypt the credentials as well as rotating the password as often as required.  Watch and learn how we modified our Java—

  • Beginner

    Do you or your team members feel like IS-3 is too complex? Don’t know where to start? Does it seem hard to figure out the first step? Do you hesitate to develop a plan? Do you wish other options were allowed? These questions can limit compliance and hinder implementation – ultimately leading to increased cyber risk.

    In this session, we will discuss these questions and pain points in the implementation process and help learn how to overcome—

-
  • Beginner

    Like many universities, in 2017 UC <redacted>'s Internet border was largely open. The end-of-life intrusion prevention system (IPS), our only protection beyond a few router access control lists, was removed when it failed. There was very little to distinguish our campus network from the Internet. We had limited ability to implement east-west controls between campus departments, mostly through router ACLs and distributed firewalls.

    This presentation will trace the path that we took from this beginning to functional—

  • Intermediate

    Title

    Securing International Student & Scholar Success

     

    Summary

    The team at UC-Irvine has created different applications for UCI International Center. These applications have not only created a user-friendly experience for international students and eased their transitions into UCI but also made the International center processes related to SEVIS compliance paperless, efficient and cost effective. In addition, UCI has gone a step beyond and successfully implemented multiple measures such as 2-factor authentication and transparent encryption to better—