National Cyber Security Awareness Month Events
2018 Webinars and Talks:
Please see our National Cyber Security Awareness Month webpage for links to recordings of 2018 NCSAM talks.
2017 Webinars and Talks:
There are no UC systemwide events scheduled for National Cyber Security Awareness Month 2017. Please check your Location's event calendar or Information Security website for any local events.
Archive: 2016 Webinars and Talks
Webinars have been recorded and linked below for viewing.
Presentation Summaries. See below for detailed descriptions.
| Date | Speaker - click on name for presentation detail |
Title | Length | Connection Information |
|---|---|---|---|---|
| 10/3/16, slides now available | Stu Sjouwerman, CEO and Founder, KnowBe4, Inc. | Surviving Social Engineering and Ransomware Attacks | 1 hr | Slides available on UCSF's IT Security Webinars page - see entry for 10/3/16 |
| 10/5/16, now available on demand | Robert Smith, UC Systemwide IT Policy Director | There’s Nothing On That System and Other Tales of Doom! | 1 hr | |
| 10/11/16, now available on demand | Lance Spitzner and Dr. Johannes Ullrich, SANS Technology Institute (links to Educause's website) | EDUCAUSE Live! Cyber Security Month webinar: "Top Attack Techniques, Top Human Risks, and How to Create a Cyberaware Culture" | 1 hr | Recording available on Educause's website. Click on "Access HTML" below the abstract for the full webinar recording. |
| 10/13/16, now available on demand | Dr. David Klonoff, UCSF | Cybersecurity for Connected Medical Devices | 1 hr | Webinar recording and slides available on UCSF's IT Security Webinars page - see entry for 10/13/16 |
| 10/19/16, now available on demand | Dr. Suzanne Schwartz, FDA | Medical Device Cybersecurity: FDA Perspective | 1 hr | Webinar recording and slides available on UCSF's IT Security Webinars page - see entry for 10/19/16 |
| On Demand | Jon Good, UCOP Information Security Director | Security in the Cloud - Finding Balance | 16 min | Webinar recording |
| On Demand | Roslyn Martorano, UC Systemwide Privacy Manager | Intersections between Privacy & Security: 2-3 short webinars | approx 3 min each |
1) Privacy & Security: Why We Need Both (webinar recording) 1a) Slides with clickable links (pdf) |
| SOLD OUT EVENTS - included to provide examples of successful events as ideas for campuses | ||||
| SOLD OUT | Special Agent Kevin Phelan, Palo Alto FBI | Current Trends in Theft of Intellectual Property | 1 hr | SOLD OUT This event is in-person-only at UCSF and sold out quickly! (free ticket required to attend) |
Presenter and Presentation Details
Quicklinks:
| Stu Sjouwerman | Robert Smith | David Klonoff | Susan Schwartz | Jon Good | Roz Martorano | Kevin Phelan |
Stu Sjouwerman, CEO and Founder, KnowBe4, Inc.
10/3/16, Mon, 10-11 AM
Slides available on UCSF's IT Security Webinars page - see entry for 10/3/16
Presentation Title:
Surviving Social Engineering and Ransomware Attacks
Presentation Abstract:
Attackers are moving their focus from attacking the hardened network perimeter to attacking your users. This has made Ransomware and CEO Fraud incidents skyrocket, costing billions of dollars in losses. Join KnowBe4, a leader in Security Awareness Training and Simulated Phishing as we discuss the ransomware and CEO Fraud epidemics and proven methods of protecting your organization against these phishing-based attacks.
Bio:
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help organizations manage the problem of cybercrime social engineering tactics through new school security awareness training. More than 4500 organizations in a variety of industries, including highly-regulated fields such as healthcare, finance, energy, government and insurance have mobilized their end users as a first line of defense using KnowBe4. Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”
Robert Smith, UC Systemwide IT Policy Director
10/5/16, Tue, 10-11 AM
Slides with clickable links (pdf)
Presentation Title:
There’s Nothing On That System and Other Tales of Doom!
Presentation Abstract:
This presentation uses examples from higher education, government and industry to set the stage for understanding the threats to good cybersecurity. Topics will build to show attendees what advanced attackers can really do. It will touch on a range of risks and the damage that can be done from run-of-the mill malware to advanced threats. We will explore how security controls support privacy, and how the failure of security controls could be devastating to privacy.
Bio:
Robert Smith, CISSP, PMP
Systemwide IT Policy Director
Before joining UCOP IT Services, Robert was the senior director of technology for student affairs at UC Riverside. He has been with the University of California since 2011 and was the lead for IT security and compliance, software development, infrastructure, services and program management at UCR. His experience covers multiple industry areas, including; FDA/HIPAA regulated, DoD, corporate and product development environments. Notably, he ran enterprise endpoint security product development and other smaller projects during his years at Symantec. He participates in UC-wide security initiatives, focused on shared services, PCI and HIPAA. He has written articles and short stories on security, compliance and IT for Journal of GxP Compliance. He speaks on IT and security topics.
Dr. David Klonoff, UCSF
10/13/16, Thu, 2-3 PM
Webinar recording and slides available on UCSF's IT Security Webinars page - see entry for 10/13/16
Presentation Title:
Cybersecurity for Connected Medical Devices
Presentation Abstract:
Medical devices are increasingly connected wirelessly to each other and to data-displaying reader devices. Threats to the accurate flow of information and commands may compromise the safe function of these devices and put their users at risk of health complications. These devices are mainly on-body wearable or implantable systems that monitor and transmit data from a person and send it to a hub, such as a handheld controller/monitor, another device, a smartphone, a pad, or the cloud for analysis, presentation, aggregation with other data streams, and storage or else send data or commands back to the patient. Sound cybersecurity of medical devices is necessary to protect data. This goal can be accomplished by maintaining: 1) confidentiality by protecting these devices from unauthorized disclosure; 2) integrity by protecting these products from unauthorized modification; and 3) availability of data by protecting these products from loss of function. Five steps for a hospital or medical organization to improve medical device cybersecurity include: 1) categorizing devices by risk; 2) building a protection framework; 3) following basic security hygiene; 4) including security in contracts; and 5) building a zero trust network. There is an opportunity for hospitals to work together to achieve these common goals. This year Diabetes Technology Society (DTS) developed the first broad consensus cybersecurity standard for any medical device named DTSec (DTS Cybersecurity Standard for Connected Diabetes Devices). The standard contains both performance requirements and assurance requirements. The goal of DTSec is to raise confidence in the security of network-connected medical devices through independent expert security evaluation. Future medical device standards for products not intended for diabetes might also derive from this effort. Recently controversies have arisen about the security of specific medical devices. Claims of adequacy and accusations of inadequacy regarding medical device security often cannot be evaluated by the public. This uncertainty can erode trust in the wireless medical device industry. Independent security assessment by qualified testing labs with public disclosures and certification where appropriate will increase trust in medical devices that provide sound cybersecurity. Stakeholders affected by connected medical devices will increasingly demand assurance of safe cybersecurity from healthcare professionals who are prescribing and overseeing use of these products.
Bio:
David C. Klonoff, M.D. is an endocrinologist specializing in diabetes technology. He is a Clinical Professor of Medicine at UCSF and Medical Director of the Dorothy L. and James E. Frank Diabetes Research Institute of Mills-Peninsula Health Services in San Mateo, California. Dr. Klonoff is a graduate of UC Berkeley, where he was elected to Phi Beta Kappa in his junior year, and UCSF Medical School, where he was elected to Alpha Omega Alpha in his junior year. His postgraduate training included two years at UCLA Hospital and three years at UCSF Hospitals. Dr. Klonoff received an FDA Director’s Special Citation Award in 2010 for outstanding contributions related to diabetes technology. Dr. Klonoff has authored more than 240 publications. He founded DTSec (Diabetes Technology Cybersecurity Standard for Connected Diabetes Devices Program), which created the world’s first consensus medical device cybersecurity standard. For this work, in 2015 Dr. Klonoff was featured in an article in Wired Magazine, and invited to participate in the White House Health and Cybersecurity Roundtable. He is the founder of the MEDSec Meeting focused on Medical Device Cybersecurity and Privacy. View full bio: https://diabetes.ucsf.edu/david-klonoff
Dr. Suzanne Schwartz, US Food and Drug Administration (FDA)
10/19/16, Wed, 10-11 AM
Webinar recording and slides available on UCSF's IT Security Webinars page - see entry for 10/19/16
Presentation Title:
Medical Device Cybersecurity: FDA Perspective
Bio:
Suzanne Schwartz, MD, MBA is the Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices & Radiological Health (CDRH). In this role, she assists the CDRH Director and Deputy Director for Science in the development, execution and evaluation of the Center’s biomedical science and engineering programs. Suzanne is passionate about cultivating critical dialogue across sectors and across entities towards advancing innovation in the biomedical space and within healthcare, where complex multifaceted problems exist.
Suzanne joined FDA in October 2010. Initially recruited as a Commissioner’s Fellow, she became a Medical Officer in the Office of Device Evaluation, transitioning in September 2012 to become the Director of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures (EMCM) Program in the Office of the Center Director for the past 4 years. Among other public health concerns, her portfolio has most notably included medical device cybersecurity, for which she chairs CDRH’s Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health critical infrastructure sector.
Before FDA, Suzanne was a full time surgical faculty member at Weill Cornell Medical College, New York, engaged in clinical outcomes & translational research related to burn trauma & wound repair, particularly the impaired healing state associated with diabetes. Suzanne’s career has spanned the private sector as well, having served as Medical Director & Tissue Bank Director of Ortec International, a development stage medical device company focused on tissue engineering therapeutic approaches to burns and chronic wounds.
Suzanne earned an MD from Albert Einstein College of Medicine, trained in General Surgery & Burn Trauma at the New York Presbyterian Hospital - Weill Cornell Medical Center; an executive MBA from NYU Stern School of Business, and completed the National Preparedness Leadership Initiative – Harvard School of Public Health & Kennedy School of Government.
Jon Good, UCOP Information Security Director
"Security in the Cloud - Finding Balance"
Length: 16 minutes
Bio:
Jon Good is Director of Information Security at the University of California, Office of the President (UCOP).
Jon has been associated with UCOP for over 35 years. Since 2007 he has focused on information security and privacy matters for UCOP and the UC system. Prior to that he spent 25 years delivering application systems solutions to customers across the University of California community. Emphasizing communication, project management, sustainability, security, and privacy, he has overseen the development of large-scale and high-performance applications, particularly in the areas of payroll/personnel, finance and admissions.
Jon has a BA in History from UC Berkeley
Roslyn Martorano, UC Systemwide Privacy Manager
On-Demand Webinars (links below)
Length: Approx 3 1/2 min each
Presentation Titles:
- Privacy & Security: Why We Need Both (webinar recording, slides & audio)
- Contracts: Your Best Defense (webinar recording, slides & audio)
Bio:
Roslyn Martorano is the Systemwide Privacy Manager based out of the University of California, Office of the President. In her role, she supports the campuses as they develop and implement their privacy programs, provides training and support to campus privacy officials, and builds a culture that balances a respect for privacy against the values of autonomy and transparency. Prior to joining UC, she served as chief of staff to the Chief Integrity Officer of the nation’s largest local social services district. Her other experience includes working for New York State Senator Kemp Hannon, Chair of the Standing Committee on Health, and New York’s first Medicaid Inspector General. Roslyn earned a J.D. from Albany Law School and a Bachelors Degree from Arizona State University.
Special Agent Kevin Phelan, Palo Alto FBI
SOLD OUT
Included as an example of a successful local event -- to provide ideas for campuses
Presentation Title:
Current Trends in Theft of Intellectual Property
Presentation Abstract:
Special Agent Kevin Phelan runs the FBI's Palo Alto office where his team conducts investigations related to intellectual property matters, theft of trade secrets, and economic espionage. Since the inception of the trade secret criminal law in 1996, the FBI’s Palo Alto office has obtained over seventy percent of all indictments and convictions in economic espionage matters. SA Phelan will be discussing recent threats, methods, and techniques by which domestic and foreign actors have been targeting and stealing intellectual property from US companies and institutions. With a focus on FBI-Palo Alto’s recent Operation Red Bridge, an investigation of the PRC government’s efforts to illegally obtain the manufacturing blueprints for the production of a valuable inorganic compound, SA Phelan will look at the methods by which intellectual property is targeted and the multi-pronged efforts utilized to obtain it. Finally, the discussion will focus on successful tools and approaches currently being utilized by numerous Bay Area companies--from start-ups to large tech companies—to combat persistent efforts to steal intellectual property.
Bio and Information about the FBI's Palo Alto Office:
Kevin Phelan runs the FBI's Palo Alto office where his team conducts investigations related to Theft of Trade Secrets and Economic Espionage. Since the inception of the Economic Espionage Act of 1996, over 70 percent of all indictments and successful prosecutions for economic espionage have been investigated by the FBI's Palo Alto office. Recent cases investigated by this team have included the landmark decision in the DuPont/Walter Liew trial (http://www.bloomberg.com/features/2016-stealing-dupont-white/) and the ongoing prosecution of six individuals in the theft of Avago Technologies trade secrets case (http://www.latimes.com/local/lanow/la-me-ln-chinese-citizens-trade-secrets-20150519-story.html).
While this Palo Alto squad has handled numerous high-profile investigations, including many within the academic and/or corporate biotechnology fields, the primary focus of the office is to work discreetly with SF Bay Area universities, institutions, and companies to discreetly identify and neutralize theft of intellectual property attempts perpetrated by individuals and foreign governments. In recent months, these threats have ranged in scope from limited one-time penetrations to large-scale thefts conducted over several years. Recent investigations have continued to identify foreign-government-sponsored multi-pronged efforts to steal targeted intellectual property, including the use of inside employees, contractors, cyber intrusions, and venture funding.