This content is viewable by Everyone

2023 UC Cybersecurity Awareness Month (UC CAM) Events


Cybersecurity Awareness Month is spearheaded by the National Cybersecurity Alliance. UCSF is a proud sponsor and participates in the University of California Cybersecurity Awareness Month (UC CAM) celebration. Once again, the UC campuses have banded together to provide a wide variety of events and activities to help you to individually protect yourself, your private information, and the University. The University of California (UC) theme this October is Protect Your Digital Life – Be Cyber Safe. Please go to the 2023 UC Office of the President Cybersecurity Awareness Month Page to watch recordings of the events you may have missed.

UCSF welcomes people with disabilities to our events and programs. To request a reasonable accommodation, please contact Esther Silver by emailing [email protected] as soon as possible. The webinars will include live automated captioning in Zoom.

Events Hosted by UCSF - Click on links to see more information

Social Engineering - The Art of Manipulation

Emerging AI Threats & Essential Safeguards: Understanding Cybersecurity in Healthcare

Connected Diabetes Device Security

Privacy Breaches and the Aftermath – a Behind the Scenes Look - Panel Discussion

Tuesday, October 3 2023, 10:00AM-11:00 AM

Social Engineering - The Art of Manipulation

Click here to register for Social Engineering - The Art of Manipulation

Summary: Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud, unauthorized system access.) Rosa will discuss these types of approaches, the newest scams, and ways to be a “human firewall” for UCSF and your own digital life.

Rosa L. Smothers, Senior Vice President of Cyber Operations at KnowBe4

Rosa L. Smothers has over 20 years of experience in cybersecurity. She is currently senior vice president of cyber operations at KnowBe4, where she is responsible for leading KnowBe4’s Federal Practice efforts, including providing cybersecurity advisory services to civilian and military agencies within the U.S. federal government. Ms. Smothers is also responsible for providing analysis for KnowBe4’s cybersecurity research and cyber threat intelligence efforts. Having served for over a decade in the Central Intelligence Agency, Ms. Smothers is a highly decorated national security professional with extensive experience leading the planning and execution of cyber operations against terrorist and nation-state targets as well as the adoption of cutting-edge computer technology. She served as a cybersecurity analyst and technical intelligence officer in the Center for Cyber Intelligence and the Counter Terrorism Mission Center and on multiple overseas tours, to include extensive service in Iraq. She holds a B.A. in Information Studies and an M.S. in Computer Network Security. Ms. Smothers is a mentor to women and young people in cybersecurity and is a member of Women in Defense and Infragard.

Thursday, October 12, 2023, 12:30-2:00 PM

Emerging AI Threats & Essential Safeguards: Understanding Cybersecurity in Healthcare

Hosted by the Rosenman Institute

Click here to register for Emerging AI Threats & Essential Safeguards: Understanding Cybersecurity in Healthcare

Summary: Cybersecurity has rapidly evolved into a crucial concern, affecting our private lives with risks such as identity theft, and at a larger scale, national issues such as federal elections. For healthcare startups, working as scientists in academic & commercial labs, and IT departments professionals, the threat landscape is increasingly complex. Alongside traditional risks like IP theft, ransomware, and hacktivism, there’s a rising risk posed by the exploitation of generative artificial intelligence by cyber criminals Where do our vulnerabilities lie? How can we maximize our defensive strategies to protect ourselves and the organizations we serve? Join us to learn the best practices from our experts FBI’s Elvis Chan, who manages San Francisco’s Cyber Branch focusing on cyber investigations and digital forensics, and Patrick Phelan, the Chief Information Security Officer at UCSF. This webinar will provide an important opportunity to stay ahead in understanding both traditional and emerging cyber threats.


Elvis Chan, Assistant Special Agent in Charge, FBI San Francisco

Elvis Chan is an Assistant Special Agent in Charge (ASAC) assigned to FBI San Francisco. ASAC Chan manages the field office’s Cyber Branch, which is responsible for cyber investigations, digital forensics, technical operations, community engagement, and public affairs. With over 16 years in the Bureau, he is a decorated agent who is recognized within the Intelligence Community as an election cybersecurity and cyberterrorism expert. ASAC Chan was the lead agent on significant cyber investigations and managed joint counterterrorism operations with domestic and foreign law enforcement agencies. Prior to joining the Bureau, ASAC Chan was a process development engineer in the semiconductor industry for almost 12 years. He holds two U.S. patents, presents at many technical and law enforcement symposiums, and published multiple articles in journals. ASAC Chan earned his bachelor’s degrees in chemical engineering and chemistry from the University of Washington and his master’s degree in homeland security studies from the Naval Postgraduate School.     

Patrick Phelan, Chief Information Security Officer, UCSF IT

Patrick Phelan is the Chief Information Security Officer of UCSF, one of the premier academic medical centers in the country. He is responsible for the security strategy and operations that protect systems supporting the research, education, and clinical missions of the institution. A 25-year IT veteran, he is a member of several professional organizations, holds CISSP, CEH, CISM certifications, and a B.S. in computer science from UCLA.

Thursday, October 19, 2023, 2:00-3:00 PM

Connected Diabetes Device Security

Click here to register for Connected Diabetes Device Security

Summary: Connected diabetes devices require sound cybersecurity.  FDA, FBI, HHS, and the President of the United States are increasingly focused on the need for medical device cybersecurity.  The Consolidated Appropriations Act of 2023 mandates the FDA to require increased medical device cybersecurity.  This law requires manufacturers of medical devices to: 1) submit a plan to monitor, identify, and address postmarket cybersecurity vulnerabilities, 2) ensure devices remain cybersecure, which includes issuing updates and patches, 3) submit a software bill of materials (e.g. commercial, open-source, and off-the-shelf components), 4) comply with such other requirements that may be added through regulation. IEEE 2621, recognized by the FDA in December 2022, is the first Standards Development Organization-developed medical device cybersecurity standard containing both performance and assurance requirements.  This standard is intended for wireless diabetes devices, such as blood glucose monitors, continuous glucose monitors, insulin pumps, closed loop automated insulin delivery systems, smart insulin pens, and spinal cord stimulators. IEEE 2621 is a conformity assessment standard that defines a framework for a connected electronic product security evaluation program for diabetes devices.  Its purpose is to provide grounds for confidence that connected electronic diabetes products deliver the security protections claimed by their developers and deemed necessary by stakeholders. Conforming to IEEE 2621 can prevent breaches and associated negative effects.


David C. Klonoff, M.D., F.ACP, FRCP (Edin), Fellow AIMBE

Dr. Klonoff is an endocrinologist specializing in bioengineered solutions for people with diabetes. He has led many multi-stakeholder technical and clinical standards projects for diabetes monitoring and drug delivery technologies, most recently chairing the the CGMs and Automated Insulin Dosing Systems in the Hospital Guideline in 2020 and the iCoDE (Integration of CGM data into EHR) standard in 20220. Dr. Klonoff received the American Diabetes Association’s 2019 Outstanding Physician Clinician Award. He received an FDA Director’s Special Citation Award in 2010 for outstanding contributions related to diabetes technology and the IEEE Conformity Assessment Award in 2022 for his work in medical device cybersecurity. Dr. Klonoff led the development of the Glycemia Risk Index composite metric for CGM data which is used for patient management and outcomes research, based on data collected from 330 diabetes experts from all six continents. He is currently focusing on improved health outcomes using digital health tools, biomarker testing for precision medicine, and improved patient safety through cybersecurity standards for medical devices. He has published over 300 articles in PubMed-referenced journals and he was Senior Editor of the first two books on Digital Health for Diabetes.

Thursday, October 26, 2022, 10:00-11:00 AM

Privacy Breaches and the Aftermath – a Behind the Scenes Look - Panel Discussion

Click here to register for Privacy Breaches and the Aftermath

Summary: Who hasn’t been on the receiving end of a letter explaining their personal information was inappropriately accessed and/or disclosed.  But what happens behind the scenes leading up to mail carriers delivering breach notification letters or public postings of privacy breach announcements? 

Join a panel of privacy and cybersecurity experts from UCSF to get a closer look at the types of privacy violations and breaches investigated in large healthcare and research focused organizations.  The panel will discuss privacy investigation techniques and tools; data analysis and algorithmic advancements; regulatory reporting of breaches involving personal health information (PHI);  complications involving research health information (RHI); technical security controls; and regulatory penalties that can have lasting impacts. 

Christian Sisenstein is the UCSF Manager of IT Security Incident Response and Security Operations.  Christian has been with UC/UCSF/UCSF Health for 11 years.  His favorite security related movie is Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

Jaison Mathew is the UCSF Health Manager, Privacy Investigations & Regulatory.  Jaison has been with UC/UCSF/UCSF Health for 8 years. His previous work experience includes roles as a Privacy Investigations Analyst and Privacy Investigations Supervisor at UCSF and he served as a legal clerk for a boutique law firm.  Jaison’s favorite security related movie is The Matrix.

Maral 3

Maral Iftekhary is a UCSF Health Research Privacy Specialist.  Maral joined UCSF/UCSF Health in November 2022 and has almost 5 years of experience with the University of California. Her previous work experience includes working as a Senior Research Compliance Analyst at UCI Health, and Lead Contracts & Grants Analyst at the Center for Clinical Research, Providence St. Joseph Health. Maral’s new favorite movie in general is Oppenheimer.

Mary Morshed is the UCSF Director of Data Security Compliance. Mary joined UC/UCSF/UCSF Health in November 2022.  She previously served 15+ years in the role of Chief Information Security and Privacy Officer for various state of California entities and Sacramento Municipal Utility District (SMUD).  Mary’s favorite security related movie is We are Legion – The Story of Hacktivists.

Mike Benevento is a Privacy Investigator at UCSF Health.  Mike has been with UC/UCSF/UCSF Health for 2.5 years.  His previous work experience includes stints at DoubleClick (now Google) and Schulte Roth & Zabel LLP.  Mike’s favorite privacy related movie was left blank intentionally ("that's private!")

Mike Lee is a Data Analyst for the Office of Healthcare Compliance & Privacy at UCSF Health.  Mike has been with UC/UCSF/UCSF Health for 15 years.  His previous work roles were as a Data Analyst for UCSF Audit & Advisory Services and as a Research Associate for Flagstone Securities.  Mike’s favorite security or tech related show is Black Mirror

Michael Victor is a Senior Privacy Investigator at UCSF Health. He has been with UC/UCSF/UCSF Health for 2.5 years. For over 15 years, Michael has been dedicated to the field of privacy compliance, education, and investigation; playing a key role in the privacy programs of leading organizations within the higher education, healthcare, technology, and utility sectors. His favorite security related movie is   Catch Me If You Can (2002).