Cybersecurity Awareness Month 2025

How to Report a Cyber Incident at UCSF

Thursday, October 2, 2025 / 12:00 - 1:00 PM 

Speakers:

• Kristan Beynon, Sr. Security Analyst, Incident Response Team Lead
• Kevin Simmons, IT Security Analyst 

Hosted by UCSF

Moderator: Esther Silver, UCSF

Cybercrime continues to rise globally, causing trillions of dollars in damage each year. Notably, healthcare and higher education institutions are among the most frequent targets. To help prevent cybercrime, everyone at UCSF is responsible for reporting suspected cybersecurity incidents. Key takeaways for you will include: 

• Why and how to report every suspected incident
• Types of incidents to be on the lookout for
• What happens after you report
• Additional resources for building cybercrime awareness and vigilance

Kristan Beynon is a Senior Security Analyst and Team Leader in UCSF's IT Security Department. She has been at UCSF for over 20 years.

Kevin Simmons has been an Information Security Analyst in UCSF's IT Security Department for the past seven years.

Register to attend

Deepfake Diaries: The Latest AI-Based Attacks and How to Protect Yourself From AI Scams

Tuesday, October 7, 2025 / 2:00 - 3:00 PM

Speaker: Kerry Tomlinson, Emmy Award-Winning Cyber News Reporter

Hosted by Cecelia Finney, University of California Office of the President

What are the newest AI-fueled attacks you face at work and at home? You'll see real-life video and audio deepfakes that attackers are currently using to try to trick people into giving up passwords, data and money. Learn how and when cyber criminals are deploying this AI-generated content and the latest methods on how to defend yourself against the fakes.

Kerry Tomlinson is a cyber news reporter who works to help people stay smarter and safer online. She spent three decades as a TV news reporter, often going undercover to investigate crimes, winning multiple Emmys and other local, regional and national journalism awards. Now she travels the world looking for creative and compelling ways to show people what is happening in the digital world and how it impacts them. She has reported from Russia, the Philippines, Spain, France, Denmark, Turkey, Argentina, Colombia and more. She has launched a number of new news programs, organizations and investigative units during her career, including a cyber news site called Ampyx News (pronounced AM-pix). She is a certified security awareness professional, a popular speaker, and has received a SANS Difference Maker award for her work in informing people about cybersecurity.

Register to attend

Privacy, AI, and Cyberlaw 101

Tuesday, October 14, 2025 / 12:00 PM - 1:00 PM

Speakers:

• Reema Moussa, Associate Attorney
• Peter Mantra, Partner 

Hosted by UC Santa Barbara

Moderators: Roger Padilla and Jackson Muhirwe, UC Santa Barbara

In our increasingly complex and interdependent digital world, the convergence of privacy, cybersecurity, and artificial intelligence has reshaped how we approach enterprise risk management, data protection, and governance. This presentation will explore the evolving legal frameworks surrounding AI technologies, data privacy, and cybersecurity measures. We'll cover existing laws, key challenges, and ethical considerations in safeguarding personal data as well as how the development of AI technology and (new laws to regulate it) factor into these challenges and considerations. Through examining regulatory trends and case studies alike, this session will give a high-level view of privacy, AI, and cyberlaw basics and new directions for this rapidly changing field.

During her legal studies, Reema Moussa held positions with a number of different types of stakeholders across the globe, interning at the Federal Trade Commission's Division of Privacy and Identity Protection, VMCA Advogados (São Paulo, Brazil), Goodwin Procter, the Electronic Frontier Foundation, the Future of Privacy Forum, and SentinelOne. She has spoken on her experience and knowledge of interdisciplinary technology law and policy issues at several international conferences, including Women in Cybersecurity (WiCyS), the IAPP Global Privacy Summit, the California Lawyers Association’s annual Privacy Summit, ICANN, and the American Bar Association’s inaugural Consumer Protection and Data Privacy Conference, among others. She previously served as the Vice-President and West Coast Regional Chair of the Internet Law and Policy Foundry, where she was a Senior Fellow and the host/executive producer of the Tech Policy Grind podcast.

Peter Marta has led hundreds of cybersecurity investigations across industries including financial services, technology, energy, defense, manufacturing, education, hospitality, and retail. His work includes managing global cybersecurity assessments and remediation efforts, advising Fortune 100 C-suites and boards on risk management, incident readiness, and regulatory and reputational risk mitigation, and developing and refining insider threat monitoring programs at leading financial institutions. He has also designed and facilitated cybersecurity tabletop exercises and simulations for executives and security teams—covering scenarios such as nation-state attacks and insider threats—and provided guidance on data security risks in mergers and acquisitions, including assessments of supplier and partner security practices.

Register to Attend

Quantum Computing, AI, General Cybersecurity

Tuesday, October 14, 2025 / 2:00 - 3:00 PM 

Speaker: John Young, ISC2 Representative and COO of Quantum eMotion America

Hosted by UCI

Moderator: Hillary Chansavang, UCI

What is Q-Day, and why is the government preparing for it now? The day that quantum computers can crack current digital encryption, and plainly read our most valuable secrets, has been tagged as Q-Day. Every government, business, and individual on Earth can be negatively affected, and the question is, even if there are post-quantum solutions available, is there time to put them in place?

Ever see the movie “Catch Me If You Can”? As a teenager, for 3 years John Young and a friend successfully hacked the AT&T network, until the FBI scared him straight into a 40-year cybersecurity career. The former network director of McDonnell Douglas’s $41 billion C-17 program, John later retired after decades at IBM, and then became one of only 11 cybersecurity experts worldwide to earn all nine ISC2 certifications. Named to the board of directors at Quantum eMotion, John recently became COO for its new US subsidiary based in Irvine, Quantum eMotion America. It’s mission: to use our cutting edge technology to save lives, protect data, and prepare industries for the onslaught of the dreaded, but inevitable, Q-Day…the day when every digital lock on Earth can be broken by quantum computers.

Register to attend

Tools of the Trade - Bitsight 101 | UCOP Case Study

Wednesday, October 22, 2025 / 10:00 - 11:00 AM

Speaker: Nicolas Cusick, Bitsight Senior Customer Success Manager

Hosted by UCOP

Moderator: April Sather, UCOP

Learn how one of UC’s security tools, BitSight (https://www.bitsight.com/security-ratings), provides a "credit score for security," helping locations and insurers assess cyber risk from an attacker’s perspective. We’ll break down key risk vectors in plain language, show how ratings can benchmark progress, and share practical steps to close gaps and strengthen resilience over time. We will also share UCOP’s score improvement journey.

Register to attend

Finding Vulnerabilities Using Artificial Intelligence

Thursday, October 23, 2025 / 1:00 - 2:00 PM

Speaker: Giovanni Vigna, Distinguished Professor in the Department of Computer Science at the UCSB

Hosted by UC Santa Barbara

Moderators: Roger Padilla and Jackson Muhirwe, UC Santa Barbara

The software components that support critical infrastructure are riddled with vulnerabilities, whose exploitation could cause service disruption, financial damage, and possibly loss of life.

Although there are efforts, such as OSS-Fuzz, to continuously analyze these components for vulnerabilities, some categories of security bugs are still hard to detect. In addition, the creation of testing harnesses and the generation of effective patches still require substantial effort from human experts.To address these issues, researchers and practitioners alike have focused on automating the vulnerability analysis and repair process.

In particular, DARPA has supported these research efforts with two challenges: the DARPA Cyber Grand Challenge (CGC) in 2016 and the AI Cyber Challenge (AIxCC) in 2025. In these two challenges, participants had to create Cyber Reasoning Systems (CRS) that, in different contexts, had to identify vulnerabilities, exploit them, and provide patches without any human involvement.

In this talk, we take a historical look at these efforts that span a decade, especially in light of the recent advances in Large Language Models (LLMs), and highlight the lessons learned from participating in these competitions, as well as the challenges that still need to be addressed to achieve a completely autonomous vulnerability analysis, triaging, and repair process.

Giovanni Vigna is a Distinguished Professor in the Department of Computer Science at the University of California in Santa Barbara (UCSB). His research focuses on vulnerability analysis, web security, malware detection, and artificial intelligence.

He is the director of the NSF AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION) at UCSB and the co-director of the Security Lab.

Giovanni Vigna is one of the co-founders of Lastline, Inc., a company that developed innovative solutions to detect and mitigate advanced malware and targeted threats. Lastline was acquired by VMware in June 2020, and then VMware was acquired by Broadcom in 2023. Since then, he has led the Threat Analysis Unit in the ANS division.

Giovanni Vigna founded the Shellphish hacker collective in 2005. In the past 20 years, Shellphish participated in more DEF CON Capture the Flag (CTF) competitions (arguably the world's championship of hacking) than any other team in the world.

Register to attend

Introducing the UCSF Federated Research Data Steward (FReDS) Program

Thursday, October 23, 2025 / 2:00 - 3:00 PM

Speakers:

• Helena Mezgova, UCSF Sr. Data Compliance Specialist in Academic Research Services
• Kim Ramero, UCSF Associate Director of Process Management & Compliance in Academic Research Services
• Jennifer Cressman, Clinical Informatics Manager Academic Research Services

Hosted by UCSF

Moderator: Esther Silver, UCSF

This session will include an overview of the Enterprise Data Request Process for Research (Enterprise Data Request Process: Research | Scuba), the standard process utilized by Data Service Providers to fulfill requests for the extraction of de-identified, limited, and PHI data sets from UCSF Health clinical data sources. This process ensures that the requirements of UCSF and UC policies and state and federal laws are met for the granting of access to, release, and sharing of health data sets. An overview of the policies governing these areas will be provided.

We will also introduce the Federated Research Data Steward Program, a federated version of the Enterprise Data Request Process, launched in July 2025 to expand UCSF’s data extraction services for scientific research. The program was designed to address the growing complexity and volume of research-related data requests by enabling analysts outside of UCSF IT, who already have privileged access to patient health data for quality improvement and operational purposes, to also support scientific research.

All analysts providing health system data for research are now required to enroll in the program. The session will outline:

• Requirements for participation in the program.
• Departments currently participating as Federated Research Data Stewards
• Researchers' due diligence tasks that must be completed before submitting a request to a Federated Research Data Steward

This presentation will help both analysts and researchers understand their roles, responsibilities, and next steps for effectively and securely supporting scientific research through the program.

Helena Mezgova is a Senior Data Compliance Specialist of the IT EIA Data Compliance team. She joined UCSF in 2019 and currently supports the operations of the data compliance functions for teams to ensure data are managed, administered, released, and shared in accordance with security, privacy, and compliance policies and laws. She oversees the higher-risk data sharing review process by the Data Sharing Oversight Committee and is a subject matter expert in data sharing. She is trained as a bioethicist, with certification in healthcare privacy and security.

Kim Romero works in the Enterprise Information & Analytics department in central IT and manages the team responsible for the data compliance and data sharing areas. Examples of initiatives that her team helps with are the review of higher-risk data sharing engagements by the IT Governance Committee on EIA, implementing and supporting data access models and processes, and defining and operationalizing data compliance and data sharing policies, guidance, and workflows. She has worked at UCSF since 2009, with the first 8 years focused on managing research data services and systems and the remainder focused on the data compliance and data sharing areas. Please reach out to her team with any questions that you may have about data access and release, data sharing, or data compliance matters.

Jennifer Cressman oversees the extraction of data from UCSF’s electronic medical records system for research purposes, ensuring compliance with institutional policies while facilitating high-impact research. Leading a team that has consulted on and fulfilled over 2,000 data extractions, Jennifer has expanded the scope of services by creating the Federated Research Data Steward program, also known as the FReDS Program. The FReDS Program is a federated research version of the Enterprise Data Request Process, allowing people with privileged access to patient health data for quality improvement or operational purposes to also support scientific research. Earlier in her career, she worked closely with residents, fellows, and faculty from UCSF and collaborating institutions, providing data management, statistical analysis, and interpretation to over 60 scientific peer-reviewed publications. Most recently, Jennifer’s team has expanded its portfolio of offerings to include the acquisition and management of large datasets, such as Medicare and Medicaid data.

Register to attend

Humans, Hackers, and Hallucinations: AI, Social Engineering, and the Future of Cybersecurity

Tuesday, October 28, 2025 / 11:00 AM - 12:00 PM

Speaker: Dave Lewis, 1Password Global Advisory CISO

Hosted by UCI

Moderator: Hillary Chansavang, UCI

Artificial intelligence has quickly shifted from a promising tool to a disruptive toddler running with scissors. While AI enables defenders to detect threats faster and automate response, it also gives attackers new ways to deceive, manipulate, and exploit. From deepfake audio convincing an employee to transfer millions, to AI-written phishing campaigns that bypass filters, the game has changed.

This session will explore the intersection of AI and social engineering, revealing how threat actors leverage machine learning to craft convincing attacks and where defenders can push back. We’ll also examine the emerging cybersecurity trends to watch in the coming year, from the rise of synthetic identities to AI-driven security operations. Most importantly, we’ll ground the discussion in practical advice: how individuals and organizations can stay vigilant, adapt defenses, and avoid becoming the next case study.

By the end of the talk, participants will walk away with a deeper understanding of the risks and opportunities AI presents, as well as actionable strategies to build resilience in an age where the line between human and machine manipulation is increasingly blurred.

Dave Lewis has 30+ years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password.

He is the founder of the security site Liquidmatrix Security Digest & podcast. Dave also hosts the Chasing Entropy Podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory boards of Byos.io and Knostic.ai. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference.

For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.

Register to attend

Let's Talk About Privacy. Let's Talk About You and Me.

Tuesday, October 28, 2025 / 12:00 - 1:00 PM

Speaker: Becky Steiger, Policy Coordinator, Campus Privacy Officer, and ADA Compliance Officer

Hosted by UC Santa Barbara

Moderated by Roger Padilla and Jackson Muhirew, UC Santa Barbara

Get ready to protect your personal information with UCSB's Privacy Officer Becky Steiger! This presentation isn't just about boring data rules; it's about your human right to be left alone, why protecting your privacy is important and tips on how to manage your digital life. You will learn about key privacy laws and policies like FERPA, the California Information Practices Act, the UC Electronic Communications Policy (ECP) and the UC Privacy and Information Security Initiative (PISI Report). Learn how to protect your digital privacy and keep your personal business to yourself.

Register to attend

From IS-3 to a Spooktacular Risk Registry

Thursday, October 30, 2025 / 10:00 - 11:00 AM

Speakers:

• Lee Zelyck, UCSF Senior Data Security Compliance Analyst
• Mary Morshed, UCSF Data Security Compliance Director
• Cynthia Howell, Data Security Compliance Analyst
• Sean Patterson, Interim Manager, UCSF IT Security Risk Management

Hosted by UCSF

Moderator: Esther Silver, UCSF

Deep within the labyrinth of UCSF’s digital defenses, where GPUs and CPUs howl and hard drives hum their eldritch songs, the specter of compliance, once manifested as mere phantasmal checkboxes, became something more; an omnipresent horror - a thousand-eyed beast whose regulatory tentacles could reach into every database, every network packet, and every line of code, waiting to drag the non-compliant into the depths of audit despair. Like a many-headed hydra, UC’s IS-3 policy intertwined with countless regulatory beasts and security frameworks, each demanding their pound of flesh from the academic medical center’s soul. The Data Security Compliance team gazed into the abyss of costly consultants, whose gilded promises threatened to drain the institution’s lifeblood, and chose instead to confront the demons themselves.

Armed with ServiceNow IRM, a digital blade forged in silicon fires, and the Cybersecurity Risk Foundation’s mystical mapping tools, these brave warriors began their dark crusade. They wove UC policies into the fabric of external frameworks, binding them with threads of NIST standards to seal the shadowy rifts where policies dared not tread. From their arcane labors emerged a forbidden library - a grimoire of common controls that whispered secrets of power over multiple regulations and frameworks. Even the lost souls of internal policies, once wandering aimlessly beyond the pale of cybersecurity’s light, found their place in this unhallowed concordance.

Mary Morshed is the UCSF Director of Data Security Compliance. Mary joined UCSF Health in November 2022. She previously served 16+ years in the role of Chief Information Security and Privacy Officer for various state of California entities, CSU, and Sacramento Municipal Utility District (SMUD). She has over 33 years of experience in the field of information security and also currently holds several industry security, privacy, and healthcare professional certifications.

Lee Zelyck is a cybersecurity professional with 20 years of experience. He joined UCSF Health in November 2023 as a Senior Data Security Compliance Analyst. Prior to joining UCSF, Lee worked as a consultant to cloud providers and clients in various industries, including oil, gas, and government. For the past 5 years, Lee has worked in cybersecurity operations for academic healthcare providers and holds several information security technical and professional certifications.

Cynthia Howell is a Data Security Compliance Analyst at UCSF, where she returned to the organization in June 2025. With nearly two decades of experience in the field of cybersecurity, Cynthia has built a career specializing in safeguarding sensitive information and fortifying network systems against security threats. Between stints at UCSF, Cynthia was a Sr. Network Security Analyst and a Sr. Information Security Analyst at SFSU. She holds several information security technical and professional certifications.

Sean Patterson is a Senior IT Risk Analyst at UCSF, where he leads the IT Security Risk Management program and a team of analysts. With more than three decades of IT experience, Sean has driven technology and risk transformations across higher education, healthcare, hospitality, and Fortune 500 companies. Known for his collaborative leadership and ability to turn complex challenges into successful outcomes, Sean is focused on building practical, sustainable processes that reduce risk, support compliance, and help UCSF adopt technology with greater confidence.

Register to attend

Authentic or Artificial?

Thursday, October 30, 2025 / 2:00 – 3:00 PM

Speakers: UCI’s cybersecurity club, Cyber@UCI

Hosted by UCI

Moderator: Benny Angeles, UCI

How well can you tell the difference between AI-generated content and the real deal? Put your analytical skills to the test during a live demo presented by UCI’s very own cyber club, Cyber@UCI, who secured 1st place in the National Collegiate Cyber Defense Competition this year!

Cyber@UCI offers a variety of competitive teams for members looking to dive deep into different subfields of cybersecurity. These include blue teaming, red teaming, penetration testing, SecDevOps, IT, forensics, reverse engineering, application security, and more. Their mission is to provide a platform for students to learn and engage with cybersecurity, regardless of their prior experience.

The club actively collaborates with UCI’s security division, OIT teams, and various academic units, demonstrating their commitment to fostering a deeper understanding of cybersecurity within the student community. Notable projects include AI penetration testing, presentations at UC Tech, and organizing past Cybersecurity Awareness Month events. Visit their website, cyberuci.com, for more information.

Register to attend