What we offer

From time to time, UCSF IT Security, other UC campuses and teams, as well as third parties such as SANS host educational events. Recordings are shared here.

6/7/24 Mandatory Cybersecurity Awareness Training

Patrick Phelan, UCSF CISO

As part of the 6/7/24 UCSF Town Hall, Patrick presented on the importance of everyone completing the systemwide mandatory Cybersecurity Awareness Training. He explained how cybercrime has skyrocketed over the last five years with no sign of slowing down. Globally, cyberattacks cause trillions of dollars in damages every year. Attacks on the University of California can interrupt clinical, research and education activities, and cause financial harm. UCSF was the victim of a significant ransomware attack in 2020. He went on to explain the new UC-wide requirement to have 100% compliance rate and the consequences for non-compliance.

Click here to watch the presentation

4/21/2022 Unringing the Bell: A Physician's Perspective on the Future Of Medical Device Security

Christian Dameff MD, UCSD

Healthcare delivery across the globe is critically and increasingly dependent on computerized hardware and software including electronic health records and connected medical devices. Healthcare cyber attacks have resulted in technology failure, compromised data integrity, and breaches of sensitive patient information. Though the proliferation of cyber attacks in healthcare has raised serious concerns about patient privacy violations through healthcare data theft, the impacts of cyber attacks on patient safety and clinical outcomes are poorly understood. This talk will discuss historical barriers to developing a strong, data driven foundational body of knowledge in healthcare cyber security, and the impacts cyber attacks may have on patient outcomes. We will discuss novel patient cyber safety risks inherent in digitized clinical workflows, as well as possible sector wide defensive mitigation strategies resulting in safer and more resilient patient care.

Part of the UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering

Recording

2/28/22 UC Tech Assembly: Black Leaders Panel

This panel launches UC Tech Assembly series, which is expanding the former town hall series to better amplify the voices of UC Tech community members.

Our UC Tech community is diverse, and we all strive to create an inclusive environment at UC. A key part of being inclusive is listening to underrepresented voices. This UC Tech Assembly panel discussion will feature Black members of our UC Tech community from various levels of leadership. Topics will range from personal stories to allyship advice, to the value of diversity in tech. Time will be reserved at the end for a few questions.

Everyone is encouraged to attend to learn more about working in and supporting the diverse UC Tech community, and to celebrate Black History Month.

Moderator: Jeané Blunt, IT communications and UC FCC licensing coordinator, Information Technology Services, UC Office of the President.

Panelists:

Charron Andrus, associate chief information security officer at UC Berkeley

Al Covington, divisional manager of Human Resources in Information Technology Services at UC Santa Cruz

Carmen Robinson, inaugural program director for Student Excellence, Engagement, and Inclusion in the UC Santa Cruz Baskin School of Engineering

Van Williams, vice president of Information Technology Services and chief information officer for the University of California

Recording

3/17/22 Modern Automotive Vulnerabilities: The Science Behind the Fast and the Furious

Stefan Savage, PhD
University of California, San Diego

Biography

Over the last decade, a range of research has transformed our understanding of automobiles. What we traditionally envisioned as mere mechanical conveyances are now more widely appreciated as complex distributed systems "with wheels". A car purchased today has virtually all aspects of its physical behavior mediated through dozens of microprocessors, themselves networked internally, and connected to a range of external digital channels. As a result, software vulnerabilities in automotive firmware potentially allow an adversary to obtain arbitrary control over the vehicle. Indeed, led by UC San Diego and the University of Washington, multiple research groups have been able to demonstrate such remote control of unmodified automobiles from a variety of manufacturers. In this talk, I'll highlight how our understanding of automotive security vulnerabilities has changed over time, how unique challenges in the automotive sector give rise to these problems and create non-intuitive constraints on their solutions and, finally, the forces that naturally limit the kinds of automotive attacks seen in the wild.

Recording

10/18/21 Choose Your Own Cybersecurity Adventure: How to get started and succeed in the InfoSec field

It's no secret that technology is evolving faster and faster each day. Which means the types of skills and the needs of organizations to protect and secure those technologies is changing just as quickly. Trying to get started in the Information Security or Cybersecurity fields can be difficult, at best, with the ever-changing curriculums and often unreasonable levels of skill being asked for by many hiring managers.

For both students and educators, it can be difficult to know what the most relevant courses are, what topics should be focused on and what additional skills will help position the next generation of security practitioners for success. And this leads to the questions: What area of cybersecurity should I specialize in? How do I demonstrate skill and experience when I'm first interviewing? How do we better prepare students to be successful in their careers? Are there some skills and knowledge that are more in demand than others?

Watch the recording of the discussion where Nathan Wenzler, Chief Security Strategist at Tenable, shared what he's seen work for both educators and students over a 25 year career of mentoring new practitioners and leaders in the cybersecurity field as well as what trends are being seen in the industry for what skills and topics both students and educators should include in their programs to remain relevant for the future. 

10/7/21 Best Practices Learned from Combating Hackers During the Attack - with James Christiansen, CSO VP, Cloud Security Transformation, Netskope, and James Robinson, Deputy CISO, Netskope - Moderated by Ken Newton, UCSF Information Security Operations Manager

We all understand the essential need for a cyber-incident response plan. But what are the consequences when, in the middle of a cyber-attack, your mitigation efforts are not going as planned? This session focuses on actual case scenarios where things did go wrong and the hacker was given the advantage! Best practices learned from combating hackers during the attack. View the presentation.

10/8/20 Barrett Lyon Presents: Understanding Security Through Visualization of the Metaphysical

Technologists  are leveraging art in a way that gives visual learners the ability to do their job better. The internet - the largest network of all - is abstract and hard to visualize. But it has been made more visually approachable by the Opte Project, an open-source initiative to create a visual representation of the metaphysical spaces of the internet. View the presentation.

10/6/20 Q&A with SANS Director of Emerging Security Trends, John Pescatore Moderated by Ken Newton, UCSF Information Security Operations Manager

SANS’ John Pescatore highlighted the top 3 security issues hitting organizations in 2020/2021. Ken Newton, UCSF IT Security Operations Manager,  asked questions to drill down in areas of interest in particular to the USCF community. View the presentation.

3/12/20 Ken Newton and John Emery Present an Overview of the UCSF IT Security Vulnerability Management Program and How it Works 

Ken Newton, UCSF Information Security Operations Manager, gave an overview of the UCSF IT Security Vulnerability Management Program, followed by John Emery, the Radiology Infrastructure Administrator, who explained how it was successfully implemented in his department. Ken explained that the success of a program is not just having the vulnerability management tools, but also using the proper infrastructure and the right level of participation. John went on to speak about how critical vulnerability management is to his department, what it took to put the program into place and how it continues to work. View the presentation.

10/8/19 Richard Stiennon Presents Secure Cloud Transformation: How Zero Trust Networking Is Enabling Secure Infrastructure 

Every organization is on its own journey to the cloud. The first phase, adaptation of Software as a Service (SaaS), quickly leads to application transformation. As more and more traffic heads to the internet and cloud-hosted apps, network bottlenecks occur that drive network transformation. A security layer is required to make all of this work.

Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,200 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 31 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Secure Cloud Transformation: The CIO’s Journey (IT-Harvest Press 2019) and Washington Post Bestseller, There Will Be Cyberwar. He writes for Forbes, CSO Magazine and The Analyst Syndicate.  

To view the presentation, click on this link: richard_stiennon.mp4