Technology trends and social engineering among topics of Security Conference

Last month, more than 200 staff, faculty and students from across the University gathered at the Nittany Lion Inn for the 2013 Penn State Security Conference. The two-day conference, held every 18 months at University Park, showcases the latest developments in information security at Penn State — and beyond. The first day of the event included keynote presentations, track sessions, workshops and networking opportunities. The second day featured a deeper dive into the latest security trends, threats and issues facing universities around the country.

"The Security Conference brings top-quality speakers and sessions from higher education and the private sector to Penn State to address critical topics in data and information infrastructure protection," said Kathleen Kimball, senior director of Security Operations and Services. "Both the University and the individual attendees benefit greatly from this unique opportunity to acquire practical knowledge that can be applied immediately to the challenges of unit and personal computing environments."

The first day of the conference featured two keynote speakers, Nick Hitchcock and Kim Milford. Hitchcock is a senior security analyst with TrustedSec, LLC; head of security at DerbyCon; and recently appeared on Katie Couric’s television show, “Katie.” Milford is the chief privacy officer at Indiana University, where she leads privacy initiatives, provides oversight for the University Policy Office and serves as chair of the Committee of Data Stewards.

Hitchcock kicked off the Security Conference with a keynote presentation on social engineering and managing the “human factor” in information security. Using stories from his experiences conducting penetration tests (a method for evaluating security by simulating an attack from external and internal threats), he demonstrated how publicly available information is often used to exploit people, systems and institutions.

Milford's keynote discussion explored the impact of newer technology trends on information security. She encouraged universities to work toward striking a balance between control, compliance and risk against convenience, culture and behaviors. That balance can help ensure the protection of university resources, while allowing our communities to teach, learn, research and provide services.

New to the conference this year was the addition of workshops for hands-on demonstrations of information security tools. Staff from Information Technology Services — along with IT professionals from several University colleges and research units — joined together to create and facilitate these unique workshops. Participants learned how to use cross-platform tools for discovering previously unidentified networked devices such as printers and laptops, then assess them for vulnerabilities and remediate any problems.

"One goal in developing the tool demos was to provide a safe and instructive environment in which to provide a practical hands-on experience for IT professionals, who may not yet have had the opportunity to use these tools in their own campus environment," said Dan Lehman, workshop facilitator and IT project manager with the Materials Research Institute.

During the second day of the conference, Kimball highlighted the current IT security challenges and threats Penn State faces, setting the stage for the presentations that followed. Staff from across the University presented on physical security, policies and legal issues related to IT, security services and tools, and lessons learned from security incidents.

"Day two is about exposing the IT crowd to segments of Penn State that affect security, but may not always be front and center during the course of daily duties for system administrators and other IT professionals," said Matt Soccio, network and systems security analyst. "It's also a great chance to network and discuss initiatives and make connections across Penn State."

Penn State's Security Conference is sponsored by ITS Security Operations and Services. The next conference is planned for the spring of 2015.

Conference dates and other information will be available at http://securityconference.psu.edu as they are announced. For more IT stories at Penn State, go to http://current.it.psu.edu/.

Last Updated November 20, 2013