This content is viewable by Everyone
IT Security Educational Meetings and Webinars
- Service:IT Security Outreach and Training
What we offer
From time to time, UCSF IT Security, other UC campuses and teams, as well as third parties such as SANS host educational events. Below are future and past events. Past events include recordings where available.
Events that are part of the UC-Wide Protect your Digital Self Series display the logo:
Events that are part of the UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering display this logo:
Recordings provided below as available
6/21/22 Advanced Persistent Threats (APTs) and their use of social engineering to target your organization
James R. McQuiggan, Security Awareness Advocate
APTs often utilize social engineering, the psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud, unauthorized system access.) Rosa will discuss various approaches by APT groups and ways to be a “human firewall” for UCSF and your digital life
5/17/22 QB3 Webinar: Cybersecurity: What You Need to Know in 2022
Elvis Chan, FBI; Allison Henry, UC Berkeley; Patrick Phelan, UCSF
Cybersecurity is a key issue for us in our private lives — think identity theft — and at the national scale — such as federal elections. For scientists in academic & commercial labs, threats include IP theft, ransomware, and hacktivism. Where are we vulnerable to those who want to disrupt or steal from us? How can we do the best possible job of protecting ourselves and the organizations we serve? Join us to learn best practices from the FBI's Elvis Chan, who manages San Francisco’s Cyber Branch, which is responsible for cyber investigations and digital forensics, and Allison Henry and Patrick Phelan, chief information security officers at UC Berkeley and UCSF respectively.
Co-sponsored by the UCSF Cyber-Champion Team.
4/21/2022 Unringing the Bell: A Physician's Perspective on the Future Of Medical Device Security
Christian Dameff MD, UCSD
Healthcare delivery across the globe is critically and increasingly dependent on computerized hardware and software including electronic health records and connected medical devices. Healthcare cyber attacks have resulted in technology failure, compromised data integrity, and breaches of sensitive patient information. Though the proliferation of cyber attacks in healthcare has raised serious concerns about patient privacy violations through healthcare data theft, the impacts of cyber attacks on patient safety and clinical outcomes are poorly understood. This talk will discuss historical barriers to developing a strong, data driven foundational body of knowledge in healthcare cyber security, and the impacts cyber attacks may have on patient outcomes. We will discuss novel patient cyber safety risks inherent in digitized clinical workflows, as well as possible sector wide defensive mitigation strategies resulting in safer and more resilient patient care.
Part of the UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering
2/28/22 UC Tech Assembly: Black Leaders Panel
This panel launches UC Tech Assembly series, which is expanding the former town hall series to better amplify the voices of UC Tech community members.
Our UC Tech community is diverse, and we all strive to create an inclusive environment at UC. A key part of being inclusive is listening to underrepresented voices. This UC Tech Assembly panel discussion will feature Black members of our UC Tech community from various levels of leadership. Topics will range from personal stories to allyship advice, to the value of diversity in tech. Time will be reserved at the end for a few questions.
Everyone is encouraged to attend to learn more about working in and supporting the diverse UC Tech community, and to celebrate Black History Month.
Moderator: Jeané Blunt, IT communications and UC FCC licensing coordinator, Information Technology Services, UC Office of the President.
Charron Andrus, associate chief information security officer at UC Berkeley
Al Covington, divisional manager of Human Resources in Information Technology Services at UC Santa Cruz
Carmen Robinson, inaugural program director for Student Excellence, Engagement, and Inclusion in the UC Santa Cruz Baskin School of Engineering
Van Williams, vice president of Information Technology Services and chief information officer for the University of California
3/17/22 Modern Automotive Vulnerabilities: The Science Behind the Fast and the Furious
Stefan Savage, PhD
University of California, San Diego
Over the last decade, a range of research has transformed our understanding of automobiles. What we traditionally envisioned as mere mechanical conveyances are now more widely appreciated as complex distributed systems "with wheels". A car purchased today has virtually all aspects of its physical behavior mediated through dozens of microprocessors, themselves networked internally, and connected to a range of external digital channels. As a result, software vulnerabilities in automotive firmware potentially allow an adversary to obtain arbitrary control over the vehicle. Indeed, led by UC San Diego and the University of Washington, multiple research groups have been able to demonstrate such remote control of unmodified automobiles from a variety of manufacturers. In this talk, I'll highlight how our understanding of automotive security vulnerabilities has changed over time, how unique challenges in the automotive sector give rise to these problems and create non-intuitive constraints on their solutions and, finally, the forces that naturally limit the kinds of automotive attacks seen in the wild.
March 23-24, 2022 Sans New2Cyber Summit 2022
New to cybersecurity, looking for a career change, or just want to enhance your skillset? SANS can help!
Cybersecurity offers some of the most challenging and well-paying careers around, and by some estimates, up to 35% of cybersecurity jobs openings go unfilled. The SANS New2Cyber Summit will get you started with the skills you need to succeed in the industry. This free online event brings together leading experts eager to share the fundamental skills you need to get hired.
10/18/21 Choose Your Own Cybersecurity Adventure: How to get started and succeed in the InfoSec field
It's no secret that technology is evolving faster and faster each day. Which means the types of skills and the needs of organizations to protect and secure those technologies is changing just as quickly. Trying to get started in the Information Security or Cybersecurity fields can be difficult, at best, with the ever-changing curriculums and often unreasonable levels of skill being asked for by many hiring managers.
For both students and educators, it can be difficult to know what the most relevant courses are, what topics should be focused on and what additional skills will help position the next generation of security practitioners for success. And this leads to the questions: What area of cybersecurity should I specialize in? How do I demonstrate skill and experience when I'm first interviewing? How do we better prepare students to be successful in their careers? Are there some skills and knowledge that are more in demand than others?
Watch the recording of the discussion where Nathan Wenzler, Chief Security Strategist at Tenable, shared what he's seen work for both educators and students over a 25 year career of mentoring new practitioners and leaders in the cybersecurity field as well as what trends are being seen in the industry for what skills and topics both students and educators should include in their programs to remain relevant for the future.
10/7/21 Best Practices Learned from Combating Hackers During the Attack - with James Christiansen, CSO VP, Cloud Security Transformation, Netskope, and James Robinson, Deputy CISO, Netskope - Moderated by Ken Newton, UCSF Information Security Operations Manager
We all understand the essential need for a cyber-incident response plan. But what are the consequences, when, in the middle of a cyber-attack, your mitigation efforts are not going as planned? This session focuses on actual case scenarios where things did go wrong and the hacker was given the advantage! Best practices learned from combating hackers during the attack. To view the presentation, click here.
5/20/21 Cybersecurity: What You Need to Know
The May 20 webinar, Cybersecurity: What You Need to Know, featured FBI Agent Elvis Chan and UC San Francisco CISO Pat Phelan. Since an FBI agent presented, the session could not be recorded, however, Agent Chan provided some standard FBI handouts covering common cybersecurity topics, including ransomware.
4/30/21 Diversity, Equity, and Inclusion in the Digital Age (April 30)
UC Santa Barbara also hosted the April 30 event, Diversity, Equity, and Inclusion in the Digital Age (Zoom recording), where we had the opportunity to hold a discussion on this vitally important topic with Jessica Robinson, Founder and CEO of PurePoint International. She spoke on why systemic racism poses a threat to cybersecurity infrastructure, the role of leadership and management in cultivating Diversity, Equity and Inclusion (DEI) within the cybersecurity field, and what action items can be taken to highlight the importance of DEI in the digital context.
3/5/21 The Credibility of Misinformation
UC Santa Barbara opened the series with two great webinars. First, was the March 5 event The Credibility of Misinformation (Zoom recording) moderated by Professor Joseph B. Walther who spoke with Professor Miriam Metzger. These accomplished professors covered the implications of Professor Metzger's research on how individuals perceive misinformation and its sources, and what you can do to protect yourself and your communities from the damaging effects of misinformation.
10/8/20 Barrett Lyon Presents: Understanding Security Through Visualization of the Metaphysical
Technologists are leveraging art in a way that gives visual learners the ability to do their job better. The internet - the largest network of all - is abstract and hard to visualize. But it has been made more visually approachable by the Opte Project, an open-source initiative to create a visual representation of the metaphysical spaces of the internet. To view the presentation, click here.
10/6/20 Q&A with SANS Director of Emerging Security Trends, John Pescatore Moderated by Ken Newton, UCSF Information Security Operations Manager
SANS’ John Pescatore highlighted the top 3 security issues hitting organizations in 2020/2021. Ken Newton, UCSF IT Security Operations Manager, asked questions to drill down in areas of interest in particular to the USCF community. To view the presentation, click here.
3/12/20 Ken Newton and John Emery Present an Overview of the UCSF IT Security Vulnerability Management Program and How it Works
Ken Newton, UCSF Information Security Operations Manager, gave an overview of the UCSF IT Security Vulnerability Management Program, followed by John Emery, the Radiology Infrastructure Administrator, who explained how it was successfully implemented in his department. Ken explained that the success of a program is not just having the vulnerability management tools, but also using the proper infrastructure and the right level of participation. John went on to speak about how critical vulnerability management is to his department, what it took to put the program into place and how it continues to work. To view the presentation, click here.
10/8/19 Richard Stiennon Presents Secure Cloud Transformation: How Zero Trust Networking Is Enabling Secure Infrastructure
Every organization is on its own journey to the cloud. The first phase, adaptation of Software as a Service (SaaS), quickly leads to application transformation. As more and more traffic heads to the internet and cloud-hosted apps, network bottlenecks occur that drive network transformation. A security layer is required to make all of this work.
Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,200 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 31 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Secure Cloud Transformation: The CIO’s Journey (IT-Harvest Press 2019) and Washington Post Bestseller, There Will Be Cyberwar. He writes for Forbes, CSO Magazine and The Analyst Syndicate.
To view the presentation, click on this link: richard_stiennon.mp4
10/30/18 When IoT Attacks - Understanding the Safety Risks Associated with Connected Devices by Billy Rios
Billy is the founder of WhiteScope LLC, a startup focused on embedded-device security. Billy is recognized as one of the world’s most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI) and medical devices. He has discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. Billy has also worked at Google, where he led the front-line response for externally reported security issues and incidents. Prior to Google, Billy was the Security Program Manager at Internet Explorer (Microsoft). This presentation is part of UCSF's 2018 celebration of National Cybersecurity Awareness Month (NCSAM).
To view the video, click on this link: billy_rios_0.mp4
1/17/18 Cyber Champion Partners Presents - Cybersecurity Checkup: Best Practices for Maintaining Security and Privacy for You and Your Family by Sam Horowitz,
Cybersecurity isn't just for information technology professionals. Computers and the internet are a daily part of life. We all have a role to play to protect cyberspace. In the checkup, we reviewed a checklist of items to make sure that your practices are secure. Along with other topics, we discussed mobile device security, wireless, social media and what to do if you're hacked. We encourage you to consult the checklist linked below and provide checkup meetings with members of your family, friends and co-workers. Together, we can make cyberspace a safer place for everyone, one person at a time.
To view a copy of the checklist, click here.
10/19/16 Medical Device Cybersecurity: FDA Perspective by Dr. Suzanne Schwartz
UCSF IT Security hosted a webinar by Suzanne Schwartz, MD, MBA, Associate Director for Science & Strategic Partnerships at FDA’s Center for Devices and Radiological Health (CDRH). Among other public health concerns, her portfolio has most notably included medical device cybersecurity, for which she chairs CDRH’s Cybersecurity Working Group. She also co-chairs the Government Coordinating Council for Healthcare & Public Health critical infrastructure sector.
To watch the video, click here.
10/13/16 Cybersecurity for Connected Medical Devices by Dr. David Klonoff
UCSF IT Security hosted a webinar by Dr. David Klonoff, an endocrinologist specializing in diabetes technology. He is Clinical Professor of Medicine at UCSF and Medical Director of the Dorothy L. and James E. Frank Diabetes Research Institute of Mills-Peninsula Health Services in San Mateo, California. He founded DTSec (Diabetes Technology Cybersecurity Standard for Connected Diabetes Devices Program), which created the world’s first consensus medical device cybersecurity standard.
To watch the video, click here.
10/3/16 Surviving Social Engineering and Ransomware Attacks by Stu Sjouwerman
UCSF IT Security hosted a webinar by Stu Sjouwerman, founder and CEO of KnowBe4, Inc., a multiple award-winning anti-malware software company. His presentation explained how attackers are moving their focus from attacking the hardened network perimeter to attacking end-users. He discussed the ransomware and CEO fraud epidemics and proven methods of protecting an organization against these phishing-based attacks.
To view the PowerPoint presentation, click on the link: knowbe4-ransomeware-presentation.pptx
10/28/15 Cyber Security for Medical Devices Webinar by Dr. Kevin Fu
UCSF IT Security hosted a webinar by Kevin Fu, a pioneer in the field of medical device security. Kevin is Chief Scientist of Virta Labs, Inc., and Associate Professor in EECS at the University of Michigan, where he directs the Archimedes Center for Medical Device Security and the Security and Privacy Research Group (SPQR). He drew on material from research in software engineering and trustworthy computing, public FDA data and accident reports to provide a high-level understanding of the issues surrounding the risks and benefits of medical device software.
To watch the video, click here.