Birds-of-a-Feather Sessions (BOFs)

Join colleagues this evening to discuss hot topics in an informal setting. You'll be able to network and exchange ideas, insights, and experiences. You can establish a new topic by notifying us in advance ([email protected]). Topics include:

Navigating Through the Challenges of Security Awareness in Higher Ed: As organizational security awareness programs mature, EDUs face different challenges that hamper program adoption than those experienced in the corporate world. This informal BOF roundtable provides an open discussion forum to discuss those challenges and techniques to address them. Additional topics for discussion will also include: How EDUs can extend security awareness programs to include student populations and how EDUs can educate users to better avoid phishing attacks. Join security awareness expert Lance Spitzner and others from the SANS Institute for this BOF session designed to allow institutions to share challenges faced, what has worked, and lessons learned at their institution. Hosted by the SANS Institute.

Security Program Roadmap Workshop (beta): This interactive session will walk through a process for developing a 12-18 month roadmap for an information security program rooted in evaluation of threats/risks/mitigations and organizational goals (both institutional and departmental). The process leverages your organization's existing risk models/definitions, but also offers one that can be used in the absence of these. Attendees will be expected to participate in the process of developing a roadmap during the session and receive supporting documents/worksheets to aid in their own roadmaps.

Software Defined Perimeter: A New Approach to Stopping Network-Based Cyberattacks: Software Defined Perimeter (SDP) is a research project supported by the Cloud Security Alliance (CSA) to stop network-based cyberattacks. The group comprises volunteers from the CSA and is led by Bob Flores (former CTO of the CIA) and Junaid Islam (CTO of Vidder). The goal of the group is to identify and validate the simplest solution (leveraging open standards) to stop network attacks. To date, the SDP Working Group has developed a 1.0 spec that combines single packet authorization, network access control, and data encryption into an integrated architecture. The SDP 1.0 spec has been validated in public hackathons (some of which have attracted hundreds of participants due to the $10,000 prize) to mitigate DDoS, man-in-the-middle, OWASP, and APT attacks. Based on the success of the 1.0 spec testing, the SDP Working Group is planning to launch an open-source initiative to develop a lightweight solution to stop DDoS attacks. Therefore, the SDP Working Group is reaching out to partner organizations such as Internet2 to seek volunteer support.