Using All Hands on Deck to Spot Phish in the Water

Wednesday, April 11 | 11:00AM–12:00PM ET | Baltimore Ballroom B, Fifth Floor
Session Type: Breakout Session
Delivery Format: Interactive Presentation
After a pervasive phishing scam at Indiana University, we sought to harden our technical defenses and increase our users' awareness of malicious messaging. We implemented Duo 2FA, introduced S/MIME signatures to provide a way for users to discern official university emails, and promoted phishing education and awareness. As a result of these security and education efforts, IU has exponentially increased the number of user-reported suspected phishing messages, decreased the percentage of users who fall for simulated phishes, and detected no unauthorized access to a system behind 2FA. This session will explore how to effectively link awareness and communications efforts with mitigation measures.

Outcomes: Be able to create a proper baseline for a phishing education program * Design your cybersecurity programs to properly integrate 2FA, trusted communications, and phishing education and awareness * Learn how to conduct a communications and awareness campaign around credential phishing


  • Dan Calarco

    Deputy CIO, University of Wisconsin-Madison
  • Jacob Farmer

    Manager, Identity Management Systems, Indiana University
  • Tim Goth

    Incident Response Manager, Indiana University