Schedule

Thursday, October 6, 2022

Delta Hotel, Richmond Downtown
555 East Canal Street
Richmond, VA 23219

 

October 6, 2022 Track 1
James River Ballroom
(2nd Floor)
Track 2
Mayo/Lee
(2nd Floor)
Track 3
Shockoe/Boulevard
(2nd Floor)
7:30 - 8:30 AM Registration and Breakfast
8:45 - 9:00 AM Introduction and Welcome Remarks
Deputy Secretary Aliscia Andrews and Commonwealth of Virginia, CIO, Bob Osmond
9:00 - 9:10 AM Vendor Visitation and Refreshment Break
9:10 - 10:00 AM

Keynote

Alex Nette,
CEO, and Co-Founder, Hive Systems
Introduced by Platinum Sponsor of VASCAN 2022, IPDS

10:10 - 11:00 AM

Lori Kressin
University of Virginia

HECVAT 3.02: An Overview of the New Accessibility Questions

Tweeks

Virginia Cyber Range

Mini-workshop: Sniffing, Hacking, and Defending Wireless Workshop session 1

Sanjit Ganguli
ZScaler

Securing Digital Transformation for the New World

11:00 - 11:10 AM Vendor Visitation and Refreshment Break
11:10 - 12:00 PM

Doug Streit
Old Dominion University

827 to Zero: The road to vulnerability management nirvana

Tweeks

Virginia Cyber Range
Mini-workshop:

Sniffing, Hacking, and Defending Wireless Workshop session 2

Dan Rocker
CAS Severn

Zero Trust Demystified

12:00 - 1:00 PM Lunch and Welcome from Platinum Sponsor of VASCAN 2022, Fortinet
1:10 - 2:00 PM

Kate Rhodes
Old Dominion University

Risk Assessment Overhaul

Jesse Castellani,
Jordan Burnette
Virginia Commonwealth University

Make macOS baselines easy and customizable

Bob Turner
Fortinet

Securing your digital transformation from the edge to the cloud

2:00 - 2:10 PM  Vendor Visitation and Refreshment Break
2:10 - 3:00 PM 

JD Sayle,
Jose G Siles-Gonzales
George Mason University

Documenting XDR/EDR Process and Procedures for the NIST Cybersecurity Framework: Using SharePoint for Streamlined Operations

Michael Richardson
George Mason University

Supplementing a Network Vulnerability Scanning Program

Tyler Hudak
TrustedSec

Computer Forensics Case Files

3:00 - 3:10 PM  Vendor Visitation and Refreshment Break
3:10 - 4:00 PM 

Michael Talley
Virginia Commonwealth University

Revoking Access is my Favorite - Automating Review of Access

Phil Fenstermacher,
Pete Kellog

College of William and Mary

Securing and Operating your Container Program and Platform

Jon Ford
Mandiant

The Next Big Attack: How Organizations Can Protect Against Evolving Cyber Attacks

4:00 - 4:10 PM  Vendor Visitation and Refreshment Break
4:10 - 5:30 PM 

BoF:

Governance, Risk, and Compliance

BoF:

SIEM Tuning and Configuration

BoF:

Endpoint Protection and Configuration

5:30 - 5:55 PM  VASCAN 2022 Founder's Award Ceremony
5:55 - 7:30 PM 

VASCAN 2022 Reception

Welcome from Platinum Sponsor of VASCAN 2022, AIS Network

Schedule

Friday, October 7, 2022

Delta Hotel, Richmond Downtown
555 East Canal Street
Richmond, VA 23219

 

October 7, 2022 Track 1
Mayo/Lee
(2nd Floor)
Track 2
Shockoe/Boulevard
(2nd Floor)
Track 3
James River Ballroom
(2nd floor)
7:45 - 9:00 AM Breakfast
9:00 - 9:50 AM

Daniel Terceros Georgetown University

SOAR - Automating Phishing Response

Joshua Cole
Assura

Work From Anywhere: Lessons Learned in the Trenches

Tyler Hudak
TrustedSec

Training: Windows Forensics

9:50 - 10:00 AM Final Vendor Visitation and Refreshment break
10:00 - 11:50 AM

Mark Day
Netskope

Why Security Service Edge is a Critical Part of Any Zero Trust Program

 

Tyler Hudak
TrustedSec

Training: Windows Forensics

11:50 - 1:00 PM Lunch
1:00 - 1:50 PM

Vendor Area Close (Vendor's Pack-Up)

Tyler Hudak
TrustedSec

Training: Windows Forensics

1:50 - 2:00 PM  Beverage Break
2:10 - 5:00 PM 

NA

NA

Tyler Hudak
TrustedSec

Training: Windows Forensics

Session Descriptions

Session  Presenter and Description

827 to Zero: The Road to Vulnerability Management Nirvana

Presenter: Doug Streit

Vulnerability management is a notable challenge in the enterprise. It is arguably a lower priority than other operational security practices, such as a robust patching cycle. It is often considered a compliance checkbox. It is complicated by the operating system and application interdependency and ownership. It can be confused as a "Security Operation" or a "Risk-Compliance" responsibility. There are many moving parts and dependencies. Support teams are strapped for time. It requires cohesive collaboration between all of the core support teams - DBAs, System Admins, Application Owners, and System Owners that include networks, identity, web development, administrative systems, and infrastructure systems. This presentation describes one successful journey to actively managing vulnerabilities across hundreds of critical hosts, overcoming numerous challenges to get to a satisfying conclusion.

Computer Forensics Case Files

Presenter: Tyler Hudak

Computer forensic cases of the past can teach us a lot. This talk will discuss three public cases in which computer forensics played a key part, how forensics helped or hindered the case, mistakes that were made, and what we can learn from them.

Documenting XDR/EDR Process and Procedures for the NIST Cybersecurity Framework: Using SharePoint for Streamlined Operations

Presenter: JD Sayle and Jose G. Siles-Gonzales

The GMU IT Security Office has been working on an internal documentation SharePoint site for storing, organizing, and reviewing standard processes and procedures. Our structure follows the NIST Cybersecurity Framework while also being operationally efficient for daily use, onboarding new members, and enumerating our use cases across our security program. We will show our use cases and documentation for utilizing both Defender for 0365 and Crowdstrike Falcon EDR.

HECVAT 3.02: An Overview of the New Accessibility Questions

Presenter: Lori Kressin

The most recent version of the HECVAT now includes questions regarding accessibility in both the Lite and Full versions. This session will provide background and help you understand your role when reviewing the answers provided by the vendors.

Make macOS Baselines Easy and Customizable with mSCP

Presenters: Jesse Castellani and Jordan Burenette

In this presentation, we will provide one method to make macOS baseline configurations easy using the macOS Security Compliance Project (mSCP). We will provide an overview of mSCP, the benefits of using mSCP, how you can customize mSCP, and discuss how we’ve implemented it in our organization.

Revoking Access Is My Favorite - Automating Reviews of Access

Presenter: Michael Talley

Annual reviews of access can seem like traveling through the seven levels of the candy cane forest, past the sea of swirly twirly gumdrops, bringing everyone down a whole octave...in a good way! The process often involves gathering data from multiple systems, lots of printouts, and marked-up notes, which is tedious and confusing for managers, sysadmins, and auditors alike. The School of Dentistry built an electronic tool to ingest systems, users, roles, and access levels so that managers can review their employees' access online and take action. The Virginia Commonwealth University School of Dentistry - the only dental school in the Commonwealth of Virginia - educates students in the traditional classroom environment while also treating patients on a mini-hospital infrastructure, all while operating like a private practice corporation. Protecting patient and student privacy and security is our passion as IT professionals. This presentation will provide an overview of the School of Dentistry's uniquely hybrid clinical and academic environment, discuss challenges auditing physical and logical access (especially within a hub-spoke IT model), and present the automation architecture (utilizing HR system data feeds, Active Directory, linked database servers, Google Groups, Network-based locks, and ETL processes) and demo the solution built by the School of Dentistry, along with lessons learned, future improvements, and continual obstacles (and opportunities) with reviewing access.

Risk Assessment Overhaul!

Presenter: Kate Rhodes

Over the last year, we at ODU have overhauled our Risk Assessment process in an effort to modernize our processes and keep up with changing requirements. Our overhaul includes itemizing our Business Critical Systems and identifying at the system level vs. service level, updating our Risk Assessment template to align more with cyber insurance expectations with a strategy to move to NIST 800-171 level assessments, and how we plan on leveraging a new GRC Tool for system level and unit level assessments. This includes how we plan on identifying units that will not fall under University Security Program thus they will not be covered by cyber insurance, and how we will obtain acknowledgment and acceptance from business unit leaders.

Secure Digital Transformation for the New World

 Presenter: Sanjit Ganguli

How to provide secure access to critical data and applications in the new world where users (faculty/staff and students) are both on and off campus and applications and data are both on-premise and in the cloud. We must balance a good user experience and access to data/apps while securing access and protecting confidential data.

Securing and Operating your Container Program and Platform

Presenter: Phil Fenstermacher and Pete Kellogg

Launching a container program can be intimidating. The rapidly evolving space makes it feel like you're always trying to catch up and makes it impossible to declare it ready for production. In this presentation, we'll show how we built, secured, and rebuilt (overnight) William & Mary's container platform that runs everything from student code to Banner. We'll discuss the different security tools we use, sharing our experiences with each. We'll close by discussing our experiences with the CIS benchmarks, how Kubernetes fit in our most recent audit, and what we're planning on doing next.

Securing Your Digital Transformation From the Edge to the Cloud

Presenter: Bob Turner

The digital transformation in education continues to expose technical and procedural challenges to ensure consistent security through the transition to cloud technologies and services. Organizations seeking to adopt multi-cloud strategies, gain economic and operational advantages, and support teaching and research are becoming more dependent on cloud applications and environments. Security architectures are not keeping pace with cloud-based networking innovations and the continuation of remote work only increases the attack surface. This presentation will show pathways to engage security at the service edge, allowing organizations to shift away from purchasing numerous point products to secure different parts of their networks and adopt a more cost-effective operational service model.

Sniffing, Hacking, and Defending Wireless

Presenter: Thomas "Tweeks" Weeks

Want to learn how to do actual hands-on WiFi sniffing and encryption cracking? Come to our sniffing and cracking workshops to either watch and follow along (howto notes included), or borrow one of our USB "Monitoring" NICs to do it using our play-target WiFi access points. In our first lab, sniff and intercept sensitive information using aircrack and Wireshark. Then in our second lab, learn how to crack WEP WiFi encryption keys, with discussions about WPA2 weaknesses to avoid on your network! Come, watch and learn, or learn by doing!*

Goals:

Give hands-on experience with setting up WiFi hardware for sniffing With examples for aircrack-ng (for capture) and Wireshark (for inspection)

Requirements:

  • Laptop with Kali Linux (preferred), Windows, Mac (untested) (For Win/Mac, recommend using Kali VM images)
  • Special WiFi Adapter (ALFA USB a/c/n for “monitoring”/sniffing) (borrow one from Instructor (limited quantity))
  • Software Aircrack-ng - https://www.aircrack-ng.org/ (incl. in Kali)
  • Software Wireshark - https://www.wireshark.org/ (incl. in Kali)
SOAR - Automating Phishing Response

Presenter: Daniel Terceros

Phishing continues to be a popular attack vector used by attackers with all sorts of motivations, from political to financial ones. About 82% of all breaches recorded last year involved social engineering in some form, with threat actors preferring to phish their targets via email more than 60% of the time. Most organizations deal with this threat almost daily, which makes automating the triage for these events an important part of maturing a security program.

Supplementing a Network Vulnerability Scanning Program with Host-Based Agents

Presenter: Michael Richardson

Network-based vulnerability scanning can provide an assessment of the vulnerabilities that a system presents to the network. But what happens if the firewall rules disappear? What other potential problems are being shielded by the host-based and/or institutional firewall? What local exploits lie in waiting for your unprivileged users to leverage? What out-of-date, dormant libraries might be turned on through the next application update? How might one assess issues that might not be presented to the network, like processor, driver, and firmware vulnerabilities? Adding an agent-based vulnerability assessment program to your tool belt can expose these hidden issues in your environment, and in some cases automate other tasks required for annual audits, inventory, etc. We'll be discussing the results of a recent project at GMU to further enhance our vulnerability scanning program through the integration of Tenable Agents into our Network Vulnerability Scanning program and our Governance, Risk, and Compliance program in Archer.

The Next Big Attack: How Organizations Can Protect Against Evolving Cyber Attacks

Presenter: Jon Ford

The modern threat landscape is vast. Cyber attacks related to the conflict in Ukraine are surging. Critical and pervasive vulnerabilities such as “Log4Shell” have led to massive risk due to the complexity of patching. Cybercriminals are conducting sophisticated ransomware and extortion operations at a rising tempo targeting commercial and government organizations alike.

Please join Jon Ford, Managing Director at Mandiant, and retired FBI Senior Executive, for a discussion about how these threats might evolve in the near future and how organizations can harden their infrastructure against destructive attacks and difficult-to-detect threats. In particular this briefing covers: 

  • Deep dive into state-sponsored and other threat actors, including where they are increasing threat activity, and where they are focused
  • The targeting and TTPs to watch for from some of the notable threat clusters, such as Sandworm Team
  • Supply chain risk landscape – how to prepare for attackers’ innovative thinking
  • How do government and private sector entities work together to combat these threats?
  • A close look at aggressive cyberattacks and information operations which have increased with the Ukraine crisis
  • Steps organizations can proactively take to harden their environment against destructive attacks
Why Security Service Edge is a Critical Part of Any Zero Trust Program

Presenter: Mark Day, Chief Scientist, Netskope

Security service edge (SSE) is the next evolution of cloud security and is critical to any zero trust strategy. SSE converges legacy point security capabilities into a unified cloud platform that provides secure access to applications and data everywhere, consistently for every location and delivery model. A modern security program aligned to zero trust principles must move beyond simplistic allow/block decisions and instead evaluate and re-evaluate the context surrounding every interaction, offering and adapting just the right access at just the right time. SSE is the security stack that helps deliver the promise of cloud and digital transformation.

Join this session to learn about:

  • The critical components of a modern zero-trust program
  • Learn how Security Service Edge can help to deliver zero trust principles
Work From Anywhere: Lessons Learned in the Trenches

Presenter: Joshua Cole

This talk describes the lessons learned through 2 1/2 years of work-from-anywhere from a cybersecurity company that decided to shed its offices and move to an all-virtual model. The talk will discuss how the company made the switch from the standpoints of GRC and technology to ensure the protection of sensitive data that are equally applicable to academic environments.

Zero Trust Demystified

Presenter: Dan Rocker

Cut through the hype with CAS Severn and Z-Scaler by learning the truths about Zero Trust architectures. This session will cover the definitions of zero trust, components of a zero trust strategy by reviewing CAS's Zero Trust Roadmap, and how Z-Scaler plays a key part in a customer's journey to Zero Trust enforcement across the organization.

Keynote Speaker

Keynote Speaker

Alex Nette
CEO and Co-Founder | Hive Systems
Alex's Bio:
Alex helped start Hive Systems with his passion for cybersecurity and the role it plays in today’s interconnected world. He brings executive-level expertise in the establishment and continuous improvement of preeminent cybersecurity programs and applies his work from various cybersecurity disciplines in a holistic approach that prioritizes organization’s operations.  Alex has provided cybersecurity consulting for over a decade to the public sector for federal, state, and local agencies, and in the private sector for a wide variety of industry segments.

His work has reduced the cybersecurity risk for Fortune 500 tech, financial, healthcare, consumer goods, and energy companies; in addition to the US Department of Justice, Peace Corps, US Federal Aviation Administration, and US House of Representatives. Alex is also an active contributor to the development of the cybersecurity curriculum for grade school students in the Commonwealth of Virginia and presents in the community to help anyone stay on top of cybersecurity.

Alex received his Bachelor of Science in Business from Virginia Tech and holds multiple industry certifications, including the CISSP and CISA.