Cybersecurity Awareness Events

With Rosa L. Smothers, Senior Vice President of Cyber Operations at KnowBe4

Tuesday, October 3, 2023 / 10 AM - 11 AM

Hosted by UC San Francisco

Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud, unauthorized system access.) Rosa will discuss these types of approaches, the latest scams, and ways to be a “human firewall” for UC and your digital life.

Rosa L. Smothers has over 20 years of experience in cybersecurity. She is currently senior vice president of cyber operations at KnowBe4, where she is responsible for leading KnowBe4’s Federal Practice efforts, including providing cybersecurity advisory services to civilian and military agencies within the U.S. federal government. Ms. Smothers is also responsible for providing analysis for KnowBe4’s cybersecurity research and cyber threat intelligence efforts. Having served for over a decade in the Central Intelligence Agency, Ms. Smothers is a highly decorated national security professional with extensive experience leading the planning and execution of cyber operations against terrorist and nation-state targets as well as the adoption of cutting-edge computer technology. She served as a cybersecurity analyst and technical intelligence officer in the Center for Cyber Intelligence and the Counter Terrorism Mission Center and on multiple overseas tours, to include extensive service in Iraq. She holds a B.A. in Information Studies and an M.S. in Computer Network Security. Ms. Smothers is a mentor to women and young people in cybersecurity and is a member of Women in Defense and Infragard.

Register to attend: Social Engineering, the Art of Manipulation.

Accessibility and Security Cross-section

Tuesday, October 4, 2022 11 a.m. - 12 p.m.

Hosted by UCSF

Does cybersecurity make IT less accessible for people with disabilities? Does accessibility make IT less secure? Or can there be a way for both to work together to make technology in the UC system more accessible AND more secure? In this conversation-starting webinar, panelists from both groups will talk about ways in which collaboration between accessibility and cybersecurity can and should happen, and why both need to be taken into account when planning, developing, buying, and/or implementing new technologies.

Accessibility and Cybersecurity are both important considerations, particularly in inclusive yet cyber-vulnerable environments like those in the University of California system. Typically, conversations on these two topics are completely separate, but today we're bringing them together in a panel discussion to increase understanding and awareness of both sets of needs. With some effort and collaboration, it's possible to make technology both more accessible and more secure.

Watch the October 4 recording

Thursday, October 5, 2023 / 11:00 AM-Noon

Hosted by UC Santa Cruz

Technology is evolving at a fast pace. Although we benefit from many of its advances, new digital privacy and security risks emerge. For instance, cybercriminals are using AI-assisted tools to (1) manipulate people via convincing phishing emails and text messages and (2) impersonate people’s voice and alter their images and videos.

In this webinar, we will share with you some tips to protect your online identity, and leverage technology advances at the same time.

Diana Freed is a Fellow at the Center for Research on Computation and Society at the Harvard’s John A. Paulson School of Engineering and Applied Sciences and Harvard’s Berkman Klein Center for Internet and Society. In 2024 she will start as an assistant professor in the department of Computer Science and The Data Science Institute at Brown University. She holds a Ph.D. from the Department of Information Science at Cornell University. Her research focuses on designing, developing, and building sociotechnical systems in the context of youth interpersonal relationships, intimate partner violence, and caregiving systems. She also develops tools and resources to improve digital literacy to enable individuals to make informed choices regarding technology use and to improve understanding of digital risks and harms. Diana’s research has been recognized with an ACM CHI Best Paper Award, ACM CSCW Honorable Mention, and a CSCW paper recognition for her contribution to Diversity and Inclusion. Her research has been featured by media outlets that include The New York Times, MIT Technology Review, Wired, NPR, and Time Magazine.

Julio Poveda is a Ph.D. student in Computer Science at the University of Maryland. He does computer security and privacy research, and is a volunteer at Cornell University's Clinic to End Technology Abuse (CETA), where he helps survivors of intimate partner violence with their tech-related concerns.

Register to attend: Protecting Your Online Identity in the Age of Big Data and AI.

Wednesday, October 11, 2023 / Noon - 1:00 PM

With Chad Spensky, Ph.D.

Hosted by UC Santa Barbara

The world is going passwordless and it's going to be awesome. However, navigating this new paradigm can be very confusing. In this talk, I will provide a brief history of passwords and authentication, highlighting the small wins and pitfalls along the way. Then, I will shed light on the various "passwordless" solutions and how they might shape our future. After this presentation, you will be able to confidently choose authentication solutions and increase your security posture both at home and at work.

Chad Spensky is a computer security researcher, entrepreneur, and educator who is passionate about using technology to make people’s lives easier and their digital systems more secure. He is currently the CEO of Allthenticate, a company that is revolutionizing authentication by offering an all-in-one, smartphone-based identity management and authentication solution. Chad has over 10 years of research experience and has numerous academic publications in top conferences. Formerly, he was a member of the technical research staff at MIT Lincoln Laboratory, where he helped them solve some of the Department of Defense's toughest cyber-security problems. Chad received his Ph.D. from the University of California, Santa Barbara, and is also a recipient of the prestigious IBM Ph.D. Fellowship. In addition to his academic credentials, Chad is a lifetime hacker. His hacking career started in his teenage years and has taken him to compete in some of the world's best capture the flag tournaments around the world as a member of the UCSB Shellphish hacking team. His unique blend of hacking knowledge and academic rigor make him particularly well-suited to solve complex real-world cybersecurity problems, like making authentication usable and secure.

Register to attend: The State of (Passwordless) Authentication.

With Jon Green, VP and Chief Security Technologist at Aruba (an HP Enterprise Company)

Monday, October 16, 2023 /  Noon - 1 PM

Hosted by UC Santa Barbara

Jon Green is the VP and Chief Security Technologist at Aruba, a Hewlett Packard Enterprise company. He describes himself as a Cybersecurity guy with a technical background in routing, switching, wireless, authentication, PKI, firewalls, and crypto. "I have a bunch of industry certifications, which proves that I'm good at taking multiple-choice tests. I fly airplanes, don't do CrossFit, and am a lousy but aspiring guitar and banjo player."

Register to attend: Adopting Zero Trust and SASE Architectures.

Tuesday, October 17, 2023 / Noon - 1 PM

Hosted by UC Santa Barbara

It has been another year of utilizing Zoom as our primary communication tool across the UC System. John Chiaro from Zoom will discuss some of Zoom’s new advanced security features & best practices to demonstrate how to effectively use them to keep your meetings safe and secure. In addition, she will explore some awesome new features and how to incorporate them successfully into your Zoom sessions.

John Chiaro joined Zoom about 2 years ago supporting Higher Education clients and was a Zoom user in his previous role supporting the K-12 space. he's passionate about helping those in the Education world leverage technology in the hopes of providing positive impacts in and around the classroom. John lives in the Raleigh, North Carolina area with his wife and 3 children.

Register to attend: Zoom Security Features and New Features, with John Chiaro.

With Alvaro A. Cardenas, Ph.D., Associate Professor of Computer Science and Engineering at the University of California, Santa Cruz

Moderated by Cecilia Carrillo, and Liz Wright, UCSC

Thursday, October 19, 2023 / Noon - 1 PM

Hosted by UC Santa Cruz

In less than a decade, Ukraine has suffered from three cyber attacks attempting to cause electrical outages. On December 23, 2015, in the middle of freezing weather, Ukraine suffered the first blackout caused by cyber attacks. In this first incident, attackers gained remote access to the industrial networks of power companies, and a remote adversary operated the human-machine interface of operators, opening circuit breakers manually. A year later, on December 17, 2016, a fifth of Ukraine's capital Kyiv experienced another blackout. This time, the target was a transmission utility, and unlike the previous year when remote human attackers opened the circuit breakers, the attack in 2016 was launched automatically by the first known example of industrial malware targeting the power grid: Industroyer. Finally, on April 8, 2022, in the first months of the Russian invasion of Ukraine, operators discovered another malware tailored to attack circuit breakers automatically. This new piece of malware was called Industroyer 2, and it represented yet another attempt to target Ukraine's power grid.

In this talk we will summarize our work in analyzing the malware to understand how it targeted industrial networks, as well as consider what future potential damages this type of malware may create in the future.

Alvaro A. Cardenas is an Associate Professor of Computer Science and Engineering at the University of California, Santa Cruz. Before joining UCSC he was the Eugene McDermott Associate Professor of Computer Science at the University of Texas at Dallas, a postdoctoral scholar at the University of California, Berkeley, and a research staff member at Fujitsu Laboratories. He holds M.S. and Ph.D. degrees from the University of Maryland, College Park, and a B.S. from Universidad de Los Andes in Colombia. His research interests focus on cyber-physical systems and IoT security and privacy, including autonomous vehicles, drones, smart home devices, and SCADA systems controlling the power grid and other critical infrastructures. He is the recipient of the NSF CAREER award, the 2018 faculty excellence in research award from the Erik Johnson School of Engineering and Computer Science, the Eugene McDermott Fellow Endowed Chair at UTD, and the Distinguished Service Award from the IEEE Computer Society Technical Committee on Security and Privacy. He has also received best paper awards from various venues, including the ACM CPS & IoT Security Workshop, IEEE Smart Grid Communications Conference, and the U.S. Army Research Conference. One of his papers was also a finalist in the CSAW competition in Israel. Cardenas' research has been funded by NSF, ARO, AFOSR, NSA, NIST, MITRE, DHS, DoT, Phoenix Technologies, and Intel.

Register to attend: A Tale of Two Industroyers.

With David C. Klonoff, M.D., F.ACP, FRCP (Edin), Fellow AIMBE

Thursday, October 19, 2023 / 2 PM – 3 PM

Hosted by UC San Francisco

Connected diabetes devices require sound cybersecurity. FDA, FBI, HHS, and the President of the United States are increasingly focused on the need for medical device cybersecurity. The Consolidated Appropriations Act of 2023 mandates the FDA to require increased medical device cybersecurity. This law requires manufacturers of medical devices to: 1) submit a plan to monitor, identify, and address postmarket cybersecurity vulnerabilities, 2) ensure devices remain cybersecure, which includes issuing updates and patches, 3) submit a software bill of materials (e.g. commercial, open-source, and off-the-shelf components), 4) comply with such other requirements that may be added through regulation. IEEE 2621, recognized by the FDA in December 2022, is the first Standards Development Organization-developed medical device cybersecurity standard containing both performance and assurance requirements. This standard is intended for wireless diabetes devices, such as blood glucose monitors, continuous glucose monitors, insulin pumps, closed loop automated insulin delivery systems, smart insulin pens, and spinal cord stimulators. IEEE 2621 is a conformity assessment standard that defines a framework for a connected electronic product security evaluation program for diabetes devices. Its purpose is to provide grounds for confidence that connected electronic diabetes products deliver the security protections claimed by their developers and deemed necessary by stakeholders. Conforming to IEEE 2621 can prevent breaches and associated negative effects.

Dr. Klonoff is an endocrinologist specializing in bioengineered solutions for people with diabetes. He has led many multi-stakeholder technical and clinical standards projects for diabetes monitoring and drug delivery technologies, most recently chairing the the CGMs and Automated Insulin Dosing Systems in the Hospital Guideline in 2020 and the iCoDE (Integration of CGM data into EHR) standard in 20220. Dr. Klonoff received the American Diabetes Association’s 2019 Outstanding Physician Clinician Award. He received an FDA Director’s Special Citation Award in 2010 for outstanding contributions related to diabetes technology and the IEEE Conformity Assessment Award in 2022 for his work in medical device cybersecurity. Dr. Klonoff led the development of the Glycemia Risk Index composite metric for CGM data which is used for patient management and outcomes research, based on data collected from 330 diabetes experts from all six continents. He is currently focusing on improved health outcomes using digital health tools, biomarker testing for precision medicine, and improved patient safety through cybersecurity standards for medical devices. He has published over 300 articles in PubMed-referenced journals and he was Senior Editor of the first two books on Digital Health for Diabetes.

Register to attend: Connected Diabetes Device Security.

Monday, October 23, 2023 / Noon - 1p.m.

Hosted by UC Santa Barbara

John Chiaro joined Zoom about 2 years ago supporting Higher Education clients and was a Zoom user in his previous role supporting the K-12 space. he's passionate about helping those in the Education world leverage technology in the hopes of providing positive impacts in and around the classroom. John lives in the Raleigh, North Carolina area with his wife and 3 children.

Register to attend: Zoom Security Features and New Features, with John Chiaro.

With Reema Moussa, J.D. Candidate

Tuesday, October 24, 2023 / Noon - 1 PM

Hosted by UC Santa Barbara

2023 has been a banner year for privacy and cybersecurity legislation and regulation. This session will focus on major developments from US and international data protection regulatory agencies, industry-specific regulations, and new and upcoming legislation in data privacy and security. From the SEC's recently passed cyber rules to new priorities for enforcement of US state privacy legislation, the GDPR in Europe, the Federal Trade Commission's recent activity, and more - we'll unpack how privacy and cybersecurity is unfolding in legal and policy spheres. We'll also cover some best practices, resources, and how to keep up with the rapidly changing environment. This presentation will focus on high-level updates for all stakeholders and audiences of different disciplines, and no legal background or expertise is required for understanding the session.

Reema Moussa is a J.D. Candidate at USC Gould School of Law, concentrating her studies and practice on cybersecurity, privacy, artificial intelligence, and trust and safety. She graduated from UC Santa Barbara in 2020 with degrees in Communication and Global & International Studies, and completed her Masters in Technology Management at UCSB in 2021. During a study abroad program at the University of Geneva, she launched her career in technology at the United Nations’ International Telecommunication Union (later returning to coordinate the 10th anniversary of Girls in ICT Day). Upon her return to UCSB from abroad in 2019, she joined UCSB's Office of the CIO as the campus' Cybersecurity Awareness Coordinator. Now in law school, she has worked for a number of different types of stakeholders, interning at SentinelOne, the Future of Privacy Forum, the Electronic Frontier Foundation, and Goodwin Procter; a large international law firm. She has spoken on her unique view of interdisciplinary digital rights issues at several international conferences, including Women in Cybersecurity (WiCyS), IAPP’s Global Privacy Summit, the California Lawyers Association’s annual Privacy Summit, and the American Bar Association’s inaugural Consumer Protection and Data Privacy Conference. She currently serves as the Vice-President and West Coast Regional Chair of the Internet Law and Policy Foundry, where she is a Senior Fellow and the host/executive producer of the Tech Policy Grind podcast. She is also a member of the Young Lawyers Advisory Panel for the Privacy and Information Security Committee of the American Bar Association's Antitrust Section.

Register to attend: Cyber and Privacy Law Regulatory Landscape.

With Chad Spensky

Wednesday, October 25, 2023 / Noon - 1 PM

Hosted by UC Santa Barbara

AI is the latest fad that the media has decided to focus on. In this talk, Chad Spensky will try to debunk some of the myths surrounding current AI capabilities and will similarly provide context to the risks that do exist. It's safe to say that we are nowhere near sentient beings exterminating humanity, but we are far beyond computers being used for simple math problems. How might this shape our society and the future of cybersecurity? After this talk, you will, hopefully, have a better understanding of AI and be able to separate fact from fiction when reading your next buzzword laden AI news article.

Chad is a computer security researcher, entrepreneur, and educator who is passionate about using technology to make people’s lives easier and their digital systems more secure. He is currently the CEO of Allthenticate, a company that is revolutionizing authentication by offering an all-in-one, smartphone-based identity management and authentication solution. Chad has over 10 years of research experience and has numerous academic publications in top conferences. Formerly, he was a member of the technical research staff at MIT Lincoln Laboratory, where he helped them solve some of the Department of Defense's toughest cyber-security problems. Chad received his Ph.D. from the University of California, Santa Barbara, and is also a recipient of the prestigious IBM Ph.D. Fellowship. In addition to his academic credentials, Chad is a lifetime hacker. His hacking career started in his teenage years and has taken him to compete in some of the world's best capture the flag tournaments around the world as a member of the UCSB Shellphish hacking team. His unique blend of hacking knowledge and academic rigor make him particularly well-suited to solve complex real-world cybersecurity problems, like making authentication usable and secure.

Register to attend: Is AI Really as Dangerous as They Say?

Join panelists:

• Mary Morshed, UCSF Director of Data Security Compliance
• Christian Sisenstein, UCSF Manager of IT Security Incident Response and Security Operations
• Jaison Mathew, UCSF Health Manager, Privacy Investigations & Regulatory
• Maral Iftekhary, UCSF Health Research Privacy Specialist
• Mike Lee, Data Analyst for the Office of Healthcare
• Michael Victor, Senior Privacy Investigator at UCSF Health
• Mike Benevento, Privacy Investigator at UCSF Health

Thursday, October 26, 2023 / 10 AM - 11 AM

Hosted by UC San Francisco

Who hasn’t been on the receiving end of a letter explaining their personal information was inappropriately accessed and/or disclosed. But what happens behind the scenes leading up to mail carriers delivering breach notification letters or public postings of privacy breach announcements?

The panel of privacy and cybersecurity experts from UCSF provides a closer look at the types of privacy violations and breaches investigated in large healthcare and research focused organizations. The panel will discuss privacy investigation techniques and tools; data analysis and algorithmic advancements; regulatory reporting of breaches involving personal health information (PHI); complications involving research health information (RHI); technical security controls; and regulatory penalties that can have lasting impacts.

Christian Sisenstein is the UCSF Manager of IT Security Incident Response and Security Operations. Christian has been with UC/UCSF/UCSF Health for 11 years. His favorite security related movie is Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.

Jaison Mathew is the UCSF Health Manager, Privacy Investigations & Regulatory. Jaison has been with UC/UCSF/UCSF Health for 8 years. His previous work experience includes roles as a Privacy Investigations Analyst and Privacy Investigations Supervisor at UCSF and he served as a legal clerk for a boutique law firm. Jaison’s favorite security related movie is The Matrix.

Maral Iftekhary is a UCSF Health Research Privacy Specialist. Maral joined UCSF/UCSF Health in November 2022 and has almost 5 years of experience with the University of California. Her previous work experience includes working as a Senior Research Compliance Analyst at UCI Health, and Lead Contracts & Grants Analyst at the Center for Clinical Research, Providence St. Joseph Health. Maral’s new favorite movie in general is Oppenheimer.

Mary Morshed is the UCSF Director of Data Security Compliance. Mary joined UC/UCSF/UCSF Health in November 2022. She previously served 15+ years in the role of Chief Information Security and Privacy Officer for various state of California entities and Sacramento Municipal Utility District (SMUD). Mary’s favorite security related movie is We are Legion – The Story of Hacktivists.

Mike Benevento is a Privacy Investigator at UCSF Health. Mike has been with UC/UCSF/UCSF Health for 2.5 years. His previous work experience includes stints at DoubleClick (now Google) and Schulte Roth & Zabel LLP. Mike’s favorite privacy related movie was left blank intentionally ("that's private!")

Mike Lee is a Data Analyst for the Office of Healthcare Compliance & Privacy at UCSF Health. Mike has been with UC/UCSF/UCSF Health for 15 years. His previous work roles were as a Data Analyst for UCSF Audit & Advisory Services and as a Research Associate for Flagstone Securities. Mike’s favorite security or tech related show is Black Mirror.

Michael Victor is a Senior Privacy Investigator at UCSF Health. He has been with UC/UCSF/UCSF Health for 2.5 years. For over 15 years, Michael has been dedicated to the field of privacy compliance, education, and investigation; playing a key role in the privacy programs of leading organizations within the higher education, healthcare, technology, and utility sectors. His favorite security related movie is Catch Me If You Can (2002).

Register to attend: Privacy Breaches and the Aftermath – a Behind the Scenes Look - Panel Discussion.

With Steve Gibson, Host of the Security Now! Podcast

October 26, 2023 / 2 PM - 3 PM

Hosted by UC Irvine

The benefits to society from secure and trustworthy computing systems are obvious and many. But despite decades of monumental investment toward in this obvious goal, cybersecurity remains elusive with damages ranging from individual users to international corporations. With the causes of each failure clear in retrospect, why do we seem unable to get ahead of them? Steve is going to share and layout his concept of "security porosity".

Steve Gibson is the founder & CEO of Gibson Research Corporation, located in Southern California. Since 1988, all of the bills have been paid by the sales of Steve's long-standing mass storage maintenance and data recovery utility: SpinRite. GRC's website mostly reflects Steve's life-long passion for all-things-technology including Internet Security. He began programming early computers in 1970, at the age of 15, and he never stopped. Steve believes in "old School" computing, and, yes, misses working with computers having 16 Kbytes of memory. So today, because he lives to code, even though it's a bit nuts, he still writes all of his programs in 100% pure assembly language. Listeners to his weekly Security Now! podcast often comment that they can hear his love and enthusiasm for technology in his voice. It's the real deal.

Register to attend: Porosity: Why Cybersecurity Remains Elusive.

Snapshots By KnowBe4 - Short Video Training

Security Snapshots is a supercharged shot of security awareness. Each short is a perfectly formed episode that takes a laser guided approach to a single cybersecurity issue from ransomware to bogus wi-fi to document disposal. With a super smart voiceover, and elegant slow mo, a whole drama is played out in a single set up.

Episode 15: Monique makes a terrific buddy. She’s reliable and generous and, as it turns out, a bit gullible too. These are admirable qualities in a friend but also make her a perfect target for someone with less charitable motives.

Watch all 15 episodes through the UC Learning Center

Cinema Event

Videos

Additional Resources and Information To Explore

National Cybersecurity Alliance

Making it easy for everyone to learn more about cybersecurity and staying safe online.  View a collection of easy-to-follow resources and guides for youself and to share with others.

WiCyS - Women in Cybersecurity

A global community of women, allies and advocates dedicated to the recruitment, retention and advancement of women in cybersecurity.

Cybersecurity & Infrastructure Security Agency (CISA)

• Parent and Educators Tip Card
• Chatting with Kids about Being Online Booklet
• Student Tip Cards
  • K-8 Students
  • 9-12 Students
  • Undergraduate

Savvy Cyber Kids (3-7 year olds)

NetSmartz, a program of the National Center for Missing and Exploited Children (NCMEC)

Federal Communications Commission