Boston College Winter Security Camp

Conference Schedule
March 7, 2024
245 Beacon St., Newton, room 107

8:30 - 9:00

Doors Open, Continental Breakfast, Registration


9:00

Introduction and Welcome - David Escalante, Boston College



9:05 - 9:50

Cyber-Security and Customer Service - Jerry Vergeront, Seattle University

Security groups are often in the less than collegial position of saying "No" to customers, so how can they develop and maintain a customer service lens that softens that blow and not be viewed as enemies by academics?


9:50 - 10:35

Cyber Crisis Planning  - Mike Gioia, Babson

Cyber crisis planning encompasses more than just incident response; it involves a comprehensive and proactive approach to address potential cyber threats and their potential consequences. It involves conducting risk assessments, developing preventive measures, implementing robust security controls, and continuously monitoring for potential vulnerabilities. Effective cyber crisis planning also includes training and educating stakeholders about cybersecurity best practices, fostering a culture of vigilance, and establishing clear lines of communication and collaboration among key stakeholders. This holistic approach ensures that organizations and individuals are better prepared to navigate the complex and rapidly evolving cyber landscape, thereby reducing the likelihood and impact of cyber crises.


10:35 - 10:50 

Coffee Break


10:50 - 11:35

Navigating the Storm: The surprising twists and turns of Ransomware in Higher Education - Anthony Newman, REN-ISAC

The increasing digitization of higher education institutions has significantly enhanced the learning and research experience but has also exposed them to heightened cybersecurity threats, notably ransomware attacks. This presentation delves into a real-world example of a ransomware attack on a higher education institution, examining the prelude, onslaught, and aftermath of the incident. We will explore vulnerabilities that were exploited, the immediate response actions taken, the long-term strategies implemented to recover and fortify the institution's cybersecurity posture as well as some surprises learned along the way.


11:35 - 12:20

Who Moved my Rock? Post-Quantum Cryptography and Its Impact on Higher Education - Brian Epstein, IAS (Zoom)


12:20 - 1:20

Lunch


1:20 - 2:05

Security Automation using Ansible - Sam (Chung) Woonyong, Tufts

Tufts has built scripts to help with managing ElasticSearch and with checking for CIS Controls compliance.


2:05 - 2:50

Implementing a Risk-based Vulnerability Management Program - Babson Security team, Babson


2:50 - 3:00

Afternoon Snack


3:00 - 3:45

Breaking Down Current and Future Security Threats - Roy Wattanasin, MIT ResearchThis session explores current and future information security threats that should be on everyone’s radar. It will also offer recommendations and best practices for combatting said threats, based on practical experience.


3:45 - 4:30

Detecting Account Compromise with Deep Learning - Louw Smith, Harvard (Zoom)

In this talk. we discuss our work to create a deep learning model to address the growing problem of attackers defeating 2FA. This includes some lessons learned and general deep learning concepts as we applied them to our model.