Birds-of-a-Feather Sessions (BOFs)

Join colleagues this evening to discuss hot topics in an informal setting. You'll be able to network and exchange ideas, insights, and experiences.

Blended-Threat Workshops (Sarah Bigham)
REN-ISAC is offering a series of blended-threat workshops for the higher education community. Participants from many areas of campus are encouraged to attend𔃀from campus policy to IT to communicators and administrators. In this tabletop-like exercise, we'll create a final report to capture lessons learned.

Building Collaboration (Curt Kappenman)
Building a network of professionals who meet regularly to discuss threats, technological advancements, and successes and failures of methods to help protect our institutions is the first step in creating a collective of minds to help us as individuals and as a community to face the challenges that are yet ahead.

Cybersecurity Needs and Partnering with Researchers to Fill the Gaps (Florence Hudson, Helen Patton)
The NSF Cybersecurity Center of Excellence at Indiana University𔃀under the Cybersecurity Transition To Practice (TTP) program𔃀will share cybersecurity needs identified by research, education, and industry interviews in 2018. Attendees will be able to provide input and discuss the opportunity to leverage cybersecurity research to fill those gaps.

Funding Fun and Flaws (Stefan Wahe)
Join us to share and hear the tips, tricks, and pitfalls of acquiring the funding needed to secure your campus.

Governance, Risk, and Compliance (Andrea Childress)
We'll discuss GRC-specific areas of responsibility including policy, compliance, risk assessment, and program management. Learn how institutions are using GRC tools and partnering with stakeholders to develop and implement policy.

New/First-Year CISO (Bryce Porter)
Are you a new CISO at your institution who is struggling to transform a program but not quite sure if your struggles are unique, or if you are employing the right strategies and choosing the right priorities? Let's meet BOF-style to share ideas and talk about our experiences thus far, including the common information security needs of our institutions. You'll be encouraged to share your unique perspectives on the challenges you're experiencing, the strategies you're pursuing, and the priorities you're setting as we you seek to take your institution's information security program to the next level.

One-Person Information Security Departments (Dan Boyd, Bill Rodriguez) We'll discuss strategies useful to single FTE InfoSec departments. Budgeting, responsibilities, operational vs. oversight/executive approach, and strategies for implementing change are all on the table.

Peer Assessment Services (Mark Bruhn)
In 2018 REN-ISAC introduced a peer assessment service available to all higher ed institutions (not just REN-ISAC members). Learn more about this cost-recovery service, which provides a highly professional review of IT security services, procedures, and/or policies of the institution's choosing, with assessments performed by peers within higher education.

Security vs. Privacy vs. Compliance (Carlos Lobato)
There appears to be overlap in responsibility among these functions. Working together could result in tremendous benefits to the institution. Is there a trend to merge all of these functions under either a CISO or CPO?

Threat Intelligence (Jesse Bowling)
We'll discuss the current state of threat intelligence sharing and use in higher education, including areas such as tooling, processes, metrics/outcomes, and more.