Schedule

Leveraging the cloud for research shows great promise but many have hesitated due to legitimate concerns. In this session cloud security leader Cisco will clarify the true nature of the risk, qualify its severity and offer a proven 3-step path to neutralize it so that cloud-based research can become a more approachable possibility than ever before.

According to a recent survey conducted by a leading security firm, 76% of respondents experienced phishing attacks.  The threat from phishing attacks is real and causes data breaches, financial loss, and system compromises like ransomware.  This presentation will cover real-life phishing attacks observed at UC and the various motives of the phishers.  Attendees will see first-hand the methods used by attackers to lure potential victims into clicking links or responding with information that ultimately benefits the attackers. —

At the request of the presenter, this session was not recorded. - UCTech 2019 Planning Committee

Get the inside story of how and why the IT Project Management and Reporting Guidelines were created! Hear from the trenches: those that actively manage projects with a one-time project cost of $5 million or more. The panel will share how these systemwide guidelines have been applied to qualifying IT projects, the benefits and challenges of adhering to the guidelines, and—

Just because you build it does not mean that they will come… a gentle reference to "Field of Dreams," but a reality. How you define, develop, deploy, organize, and communicate your IT offering (application, service, software) directly impacts your audience. 

Silo Much?
Most IT properties reflect the structure and focus of their parent organization. But if no one uses your product, or they can't find your product, or they're frustrated by your product… then you either have—

Do you approach change by hitting your users over the head with the same communications strategy or do you hit the nail on the head with targeted communication and outreach efforts? Let’s face it change is painful and inconvenient, especially when you’re competing with the distractions of a busy community. Beginning spring 2018 IT Security rolled out a set of initiatives to improve data, network, and system protection. We knew from experience that internal change was often—

Worried about how to secure your data in the cloud? Learn how UC San Diego Health achieves HIPAA and NIST compliance in AWS to support researchers. We will discuss general patterns and common architectures to decouple protected data from processing and orchestration. Understand how to track where data flows through automation leveraging cloud native and partner solutions on AWS.

Speakers:  Andrew Greaves, Enterprise Research Architect, UC San Diego Health; and Randy Ridgley, Principal Solutions Architect, AWS

We’ve long known that phishing and social engineering are the ways most organisations get compromised. Attackers know it’s much easier to find someone who will click than to find a working exploit for a modern operating system or browser. However, most organizations have very little idea which of their people receive sophisticated threats, targeted threats, or even large volumes of threats. We call these targets VAPs (Very Attacked People), and they may not be who you would—

Like a river with a flood, or a forest with a fire, sometimes you need to destroy something to renew it. Our IT Governance Committee on Technology & Architecture had become stagnant, and participation waned. Our new steering committee chair asked each committee to review its charge and focus, to ensure we were maximizing our impact. We disbanded the committee and brought together business and technical leaders to create something from the ashes. We set out to—

Calling all novice and experienced non-certified project managers! Becoming a certified Project Management Professional (PMP) can be a wise career decision, but is it right for you?

Whether you’re dabbling with the idea or already in the midst of exam prep, attend this panel discussion to learn more about why you should—or shouldn’t!—get certified. This multi-location panel will have a lively discussion around their journeys to certification, including:

1. benefits (opens doors, hireability, standardized language)
2. challenges in getting—

There is only audio for this recording so, with permission from the presenter, we have provided the slide deck and any supplemental materials in the Session Files section below. - UCTech 2019 Planning Committee

Dasher solutions architects will showcase real life projects where we leveraged Aruba Networks wireless solutions including ClearPass NAC and Meridian beacon technology for mobile engagement. We’ll also be sharing technical insight into Hewlett Packard Enterprise Synergy and the new HPE Primera storage offering.—

At the request of the presenter, this session was not recorded. - UCTech 2019 Planning Committee
 

By mid-2016, UCSB had worked for 4 years to implement UCPath.  Although 13 staff were allocated to the program, none of the 126 business process designs or 50 interfaces were complete, and over 85 departments still used paper timecards.  After changing how we managed the program, UCSB drastically accelerated its deployment schedule and completed deployment in September 2018. 

In this—

There is only audio for this presentation so, with permission from the presenter, we have provided the slide deck and any supplemental materials in the Session Files section below. - UCTech 2019 Planning Committee

We have achieved over $7 million in IT savings and cost avoidance during each of the past three years, with no impact on service or the delivery of solutions, by encouraging all IT leaders to be excellent business people as well as excellent—

Brief: This workshop will describe steps to stand-up a centralized Project Management Office in an IS environment.  The first half of the workshop will discuss one campus’s 12-month start-up journey, including the Project Management Maturity Model framework, STARS assessment, SWOT analysis, Visioning, Planning, Staff Development, Performance Improvement, and Execution... along with the “magic” key ingredients for success. The second half of the workshop will lead individuals through a STARS profile, mini-maturity audit and readiness checklist.

Materials: An—

Managing large projects and all the tasks and resources that go along with them may seem daunting or overwhelming. But what if you could simplify the project management process but get even more successful results? What if you could put aside complex concepts like “Dependency Mapping”, “Resource Leveling”, and “Work Breakdown Structures” in lieu of a straightforward customer-focused process? 

The ITS-PRO ontology stands for Project Management, Reporting, and Optimization and is based on breaking down—

Answering the question that will be asked by your board: is it worth the risk to secure the digital workplace?
We will discuss the business cost of a cyber attack from the perspective of a secure foundation for a digital workplace

How to create a Secure by design location all while enabling your employees to work from wherever and however they desire.

Whether designing an app interface or a business process, the same philosophical principles drive both Lean Six Sigma and lean software design and development. By combining the two and understanding that they are complementary and mutually reinforcing, we can leverage our product lifecycle to achieve both process improvement and core UX goals. In this talk, we’ll dive into each stage of the Lean Six Sigma methodology, and how it applies to UX design with real-world examples and—

At the request of the presenter, this session was not recorded. - UCTech 2019 Planning Committee

We'll share our experience with a top-right quadrant SIEM, including benefits, pitfalls, operation and support.

• How to learn to use the SIEM
• Best use of vendor resources
• What we expected & what we got
• Leveraging for a small team
• Metrics vs Measurements/Actionable Numbers
• Runbook-style procedures
• Extending to the cloud
• Useful dashboards/reports
• What we would do differently

When UCLA HumTech converted a homegrown application to a serverless app, we had to rethink how we approached data security. While UCLA has a number of solutions to protect student data, most of these solutions assume that there's a server to run on. A serverless app requires rethinking how we accessed Shibboleth, queried the student record system, and protected resources.

This talk will present our experience securing a serverless application. It is for developers, system administrators, and—

This workshop will demonstrate how to use free open-source tools to set up a safe environment to explore a deliberately insecure web application to train yourself or other web-application developers on web-application security.

Ugly, large-scale, complex business and technical processes often have two fates: 1) multiple failed attempts at revision and/or implementation, or 2) slow, prolonged death because no one dares to tackle a revision. Neither serves the users or technical teams and both are incredibly painful for campuses. In this talk you will learn tools and tips about linking process improvement projects to break down complex processes into smaller, workable projects. A pilot project for process improvement in class and space scheduling will be—

Do you or your team enter into agreements for IT services, software, hardware or professional services? Does your Unit use Cloud solutions to solve your business problems?  If the answer is yes to any of those questions, then this panel session is for you.

Earlier in this year, a systemwide workgroup rebuilt Appendix DS in order to make it simpler and easier to use, and to be Supplier friendly.

In this session, our panel will discuss when—

Hybrid cloud, multi-cloud, HPC, and big data don't have to be complex! Learn how Google Cloud Platform can be an enterprise platform for securely tying together your legacy systems and public clouds to build compelling solutions for researchers, faculty, staff, and students across your campus.

Public clouds offer a lot of benefits due to their inherent agility and scalability. However, it is easy to blow up your budget without adequate visibility and control over cloud consumption. In this session, we will talk about how UC San Diego grappled with spending dozens of hours per month to manually figure out who was consuming what resources across their hundreds of AWS accounts. Nutanix was able to help UC San Diego build automated chargeback reports—

Imagine your department or workflow is slowed down by functional silos, multiple hand-offs, unacceptable delays and backlogs. Or that you are working on a process that is mission critical to the success of your department but needs continuous manual tinkering.

Now let’s raise the stakes: You’re in the midst of multiple ERP projects, and you don’t want to carry bad processes into new systems. 

Enter the Lean Bench, a “go team” of process improvement experts made up of—

IT project stakeholders such as administrators and faculty often want detailed, specific estimates about project cost before they agree to sponsor a project. Unfortunately, as any IT project manager knows, project plans are often full of educated guesses and complete unknowns, which makes any estimate highly uncertain. This session will introduce attendees to strategies for making and discussing IT project estimates that more effectively communicate that uncertainty to stakeholders. We will discuss French and Raven’s power theory,—

Disruption from artificial intelligence is the “new normal” within the legal industry. By extension, universities are increasingly using AI to augment front and back-office operations. Although adoption of automating simple, repetitive processes with AI is becoming more common, many universities do not understand what they should expect from this technology. They face challenges defining a business-centric digital strategy for AI initiatives. This session will provide insight into best-practices for defining the elements of a successful digital strategy—

How do you build a secure cloud and infrastructure to ensure compliance and qualification for research grants?
 
Campuses and health centers must meet the obligations related to information security, intellectual property, records, privacy, personal information and encryption stated in research grant opportunities.
 
As enterprise boundaries continue to evaporate and security threats become more sophisticated, the challenges facing Higher Education security teams are increasing exponentially. Balancing user desire for a seamless experience with regulatory and compliance—

This past year at UC Santa Cruz, we changed our development methodology from Waterfall to Agile. This presentation shares some observations, experiences, and lessons our web application development team learned within the first 6 months of switching.

We'll discuss:

• Why we switched to Agile.
• How our new development team is structured.
• Things we changed over the first 6 months.
• Some of the lessons we learned.
• Take-aways from the developer perspective.
• And, in hindsight, whether we think it—

You may have heard about Process Palooza -- a one-of-a-kind extravaganza focusing on business process improvement that has taken on a life of its own, snowballing into a university-wide embrace of continuous improvement and business excellence. At the heart of Process Palooza is a high-stakes, fast-paced competition dubbed The Great LSS Race! LSS stands for Lean Six Sigma, a process improvement methodology built on reducing waste and improving efficiency. The competition puts teams’ LSS skills—

HPC and AI environments are overflowing with data and struggling with enough processing to leverage that data.  They are frequently siloed as are your traditional batch and newer container workloads.  How can we bridge these divides?

With datacenter-scale reference architectures, designed specifically for the higher education and research space, you can shorten deployment times, ease operations, and consolidate these silos to provide high performance GPU compute to many different use cases and workloads.  Please join ePlus as—

The Sherlock Division at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego has gone from being a federally funded project to a self-sustaining entity, delivering world-class solutions to organizations nationwide. The Sherlock Division’s agility, excellence of services, and continuous innovation enable it to self-sustain, as it is funded through grants and service agreements while not receiving any institutional support from UC San Diego or SDSC. This talk will share some insights on—

Concealing database credentials and rotating passwords is usually an exhaustive activity - for system administrators, database administrators, application developers, and security auditors.  Discover how your organization can save time by using AWS Secrets Manager.

See how the AJS developers at UCOP created an AWS CloudFormation template to add a secret to the AWS Secrets Manager to both encrypt the credentials as well as rotating the password as often as required.  Watch and learn how we modified our Java—

As the lines between software, hardware and cloud products become increasingly blurred, more IT products are acquired as services provisioned in partnership with external suppliers.  Additionally, every institution business process owner, whether or not part of the IT organization, needs IT solutions (increasingly SaaS) to achieve their business outcomes.  These changes move the institutional role more from building and running IT, to managing a complex set of interrelated services and supplier relationships.  The rights and responsibilities of—

Do you or your team members feel like IS-3 is too complex? Don’t know where to start? Does it seem hard to figure out the first step? Do you hesitate to develop a plan? Do you wish other options were allowed? These questions can limit compliance and hinder implementation – ultimately leading to increased cyber risk.

In this session, we will discuss these questions and pain points in the implementation process and help learn how to overcome—

Like many universities, in 2017 UC <redacted>'s Internet border was largely open. The end-of-life intrusion prevention system (IPS), our only protection beyond a few router access control lists, was removed when it failed. There was very little to distinguish our campus network from the Internet. We had limited ability to implement east-west controls between campus departments, mostly through router ACLs and distributed firewalls.

This presentation will trace the path that we took from this beginning to functional—

UCXX IT PPMO struggled to keep up with demand for new JIRA projects and Confluence spaces. Result was frustrated teams and Cloud instances popping up around campus.

UCXX and IBM have teamed up to see how using Smart Chat technology and Robotic Process Automation (RPA) can make the experience of requesting new Jira Project and Confluence Spaces go from "Why is it taking so long to get my stuff created" to "Are you serious, that is wicked—

Title

Securing International Student & Scholar Success

Summary

The team at UC-Irvine has created different applications for UCI International Center. These applications have not only created a user-friendly experience for international students and eased their transitions into UCI but also made the International center processes related to SEVIS compliance paperless, efficient and cost effective. In addition, UCI has gone a step beyond and successfully implemented multiple measures such as 2-factor authentication and transparent encryption to better—

Governance plays a critical role in vetting, approving, and prioritizing IT requests.  Common pitfalls in the life cycle of a service request typically result from inaccurate assumptions that all requests ought to be completed, and/or that all requests are of equal importance.  Often, such assumptions lead IT teams to allocate resources and expertise to requests that are high effort/low impact.  Likewise, this cultural phenomenon leads to a false sense of user-empowerment when it comes to the requesting—

It’s not just about standing up IT services anymore!  Project success is also about the quality of the underlying business processes and their adoption that leads to successful outcomes…or not. We all know how important business processes are to operating seamlessly and efficiently. And we know how challenging it is to create, optimize and maintain those processes. Learn how one campus is leveraging a state of the art Business Process Mapping (BPM) tool to address these challenges—