vRIMM 2022 Details

REN-ISAC vRIMM 2022 Details

Thank you for your interest in the 2022 virtual REN-ISAC Member Meeting (vRIMM). This year's conference was held on Tuesdays, Wednesdays, and Thursdays from September 19-30, 2022.

Below is an archive of all public session presented at vRIMM 2022.

vRIMM Sharing Guidelines

The conference event is members only, but many of the session recordings will be made public after the event. The sessions are marked "Member's Only" and "Public" to indicate which recordings will be made available.

Individual Sessions

Week 1

Tuesday, September 20
1:00 PM ETREN-ISAC Welcome / Year in Review (Member's Only)
Kim Milford, Executive Director, REN-ISAC 
Todd Herring, Business Operations Director, REN-ISAC  
Joseph Potchanant, Member Services and Support Director, REN-ISAC  
Krysten Stevens, Technical Director, REN-ISAC 

The REN-ISAC Directors will open this year’s virtual REN-ISAC Member Meeting with a welcome, review of the organization’s activities over the past year, and a report out from each team.

3:30 PM ETCISO to CISO: Leading and Securing the Complex Environment (Public)
Kim Milford, Executive Director, REN-ISAC 
Amy Braswell, Senior Managing Director, Deputy CISO, and TIAA Bank CISO; TIAA

Join Executive Director Kim Milford and TIAA Bank’s CISO, Amy Braswell, for an informal chat on the challenges, rewards, and lesser-known elements of leading and securing the increasingly complex environments of higher education & research and financial services.

View recording

Wednesday, September 21
1:00 PM ET – Intro to Cybersecurity Peer Assessments for Higher Ed (Public)
Susan Coleman Snyder, Cybersecurity Peer Assessment Program Manager, REN-ISAC 

What is a REN-ISAC peer assessment? What makes it different from other types of assessments? And how can it help my organization’s security standing? The REN-ISAC peer assessment process starts with expert assessors who have real-world experience working in higher education information security. Through their objective evaluation and actionable recommendations, you and your institution can strengthen internal safeguards and mitigate possible risk.

View recording

3:00 PM ET – Panel: Protecting Student Data and Privacy After Dobbs (Public)
Pegah Parsi, Chief Privacy Officer, University of California San Diego
Joanna Grama, Vice President, Vantage Technology Consulting Group
Anahit Behjou, Information Policy Analyst, Indiana University
Aderinsola Adesida, Cybersecurity Technology Consulting Associate, PwC
Jen Pacenza, Information Security Analyst, REN-ISAC (moderator)

This past summer, the US Supreme Court made a landmark decision in the Dobbs v Jackson case, which gave states, not the federal government, the authority to regulate abortion. The Dobbs decision overturned Roe v Wade, a ruling based on an individual’s inherent right to privacy. Other important legislation followed Row arguing for and securing the right to privacy. In undoing Roe, Dobbs has created a fluctuating, patchwork of new laws, regulations, and privacy concerns across the US. As the shepherds and protectors of student data, information security professionals need to understand how this shifting landscape affects our organizations, students, staff, and security practices. The panel will explore the new post-Dobbs privacy paradigm, its implications, and its impact on data privacy and security. A portion of the session will be available for attendees to ask questions.

View recording

Thursday, September 22
1:00 PM ETWords Matter: Inclusive language in IT (Public)
Jennifer Pacenza, Information Security Analyst, REN-ISAC

Communities are defined by the words they use. As a community of professionals, IT has historically relied on technical jargon and professional shorthand that can have highly negative connotations. The language we use as a community is important to who we are and how we are perceived; therefore, it is time to examine and reevaluate our professional language to create a more inclusive professional community. This presentation will provide guidance for creating a more inclusive professional language, offering tactics on how to avoid ableist, ageist, gendered, and racially loaded professional language.

View recording

3:00 PM ET – MFA Phishing Attacks Follow-up Panel (Member’s Only)
Nick Lewis, Program Manager, NET+ Cloud Services - Security and Identity, Internet2 (Moderator)
Jason Murray, Assistant Director and Architect of Digital Forensics and Incident Response, Washington University in St. Louis
Max Parmer, Senior Information Security Analyst, Portland State University

In early 2022, there were several campuses that had phishing attacking where MFA was bypassed by an attacker. We had a community call in April 2022 where 3 campuses shared their experiences to increase the awareness of these attacks and securing MFA on your campus. We thought it would be helpful to hear a follow-up from two of these campuses, what they learned, and what they would do differently. Portland State University and Washington University will share their experiences. We’ll save time for open questions and answers.


Week 2

Tuesday, September 27
1:00 PM ETA Collaborative Approach to Incident Response (Members Only)
Axel Schulz, Senior Security Analyst, CanSSOC / University of Toronto

Canadian universities and colleges have responded to several high impact vulnerabilities over the past year.  

This presentation will examine how the community responded and collaborated to share threat intelligence and synthesized the latest information on various vulnerabilities, to minimize noise and distractions. High-level information on observed threat actors and payloads will be shared, with a focus on how intelligence sharing supported the community during incident management.
3:00 PM ETDemonstration of a Home-Grown User Behavior Analytics Engine (Members Only)
Bob Heren, Senior IT Security Analyst, University of Illinois at Urbana-Champaign
Presentation of a home-grown system using various logs in Splunk to analyze user behavior and identify weird or suspicious user behavior that may indicate a compromised account. Presentation will include SPL (Splunk search language) code that will enable attendees to search for similar user behavior in their environment, given similar logs.
Wednesday, September 28
1:00 PM ET – An Introduction to Elastic (Members Only)
Frank Barton, IT Systems & InfoSec Administrator, Husson University
Siobhan Kelleher, Senior Security Analyst, Boston College
We will be discussing some of the tricks in designing and setting up the Elastic Stack for log aggregation and using it in investigating incidents and events.

3:00 PM ETHow OmniSOC Uses Evidence Libraries for Detection (Members Only)
Rob Carlsen, Lead Security Engineer, OmniSOC
This talk's focus is on how the OmniSOC uses its vast collection of differing data sources (evidence libraries) for detection of malicious activity. We will discuss these different data sources in the context of collected evidence and MITRE ATT&CK, and explore how Detection use cases are developed to detect attacker activity for relevant threats.

Thursday, September 29
1:00 PM ETZero Trust - It's a Concept, not a Product (Public)
Joel Rosenblatt, Director, Computer & Network Security, Columbia University
We have all been getting email from vendors selling the latest and greatest security product—Zero Trust. The problem is that you cannot buy zero trust, you have to build it. My talk will explain what it really is and how you can create a zero trust environment.

View recording

3:00 PM ET – Building a Cloud-Hosted Pentesting Environment (Member’s Only)
Shane Albright, Principal Security Engineer, REN-ISAC

In this talk, REN-ISAC Principal Security Engineer, Shane Albright, will provide an overview of a cloud-hosted pentesting environment and discuss the infrastructure-as-code (IaC) tools and configurations used to create it.