Security, Compliance, & Privacy

Optimize your SecOps Application Security using SmartSheets

kaylal — Tue, 20 May 2025 06:11:53 +0000

Optimize your SecOps Application Security using SmartSheets kaylal Mon, 05/19/2025 - 23:11 Join us as we showcase our solution for creating a user-friendly interface to track operational tasks. The Campus Application and Data Security team is dedicated to providing services that ensure consistency, data integrity, and compliance with our Service Level Agreements. To achieve this, we have utilized Smartsheets to inventory all tasks in a centralized location. This approach enables us to generate metrics and monitor resource capacity. Visual dashboards of our ongoing work tell our story across the organization. In the Beginning: Inventory of all tasks, including organizational assets, mandatory actions, protection levels, system availability, and much more. Who's Who: Identify key contributors, needed skill sets and create a RACI. Soup to Nuts: Transform raw data into a visual dashboard, emphasizing key metrics and telling your story! Living the Dream: Take Security Operations to the next level by Operationalizing your tasks effectively. You've built it, now what?

Katie Yip

IT Security Analyst at UC Berkeley

Katie Yip is an IT Security Analyst at UC Berkeley, where she manages access provisioning, process automation, and data security across enterprise systems like PeopleSoft, Jira, and ServiceNow. With a background in Electrical Engineering and Computer Science, she blends technical problem-solving with cross-functional collaboration to support campus-wide initiatives. Katie is passionate about building secure, user-friendly systems and enjoys exploring creative intersections between technology, storytelling, and community impact.

Session Format

Poster

Session Skill Level

Beginner

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

I am presenting in this track because our solution directly addresses the critical aspects of security, compliance, and privacy within our organization. The Campus Application and Data Security team is responsible for ensuring consistency, data integrity, and compliance with our Service Level Agreements.

June 27, 2025 @ 10:45 am - June 27, 2025 @ 11:30 am

EH C

Optimize your SecOps Application Security using SmartSheets

Anonymous — Thu, 27 Mar 2025 22:50:27 +0000

Optimize your SecOps Application Security using SmartSheets Anonymous (not verified) Thu, 03/27/2025 - 15:50 Join us as we showcase our solution for creating a user-friendly interface to track operational tasks. The Campus Application and Data Security team is dedicated to providing services that ensure consistency, data integrity, and compliance with our Service Level Agreements. To achieve this, we have utilized Smartsheets to inventory all tasks in a centralized location. This approach enables us to generate metrics and monitor resource capacity. Visual dashboards of our ongoing work tell our story across the organization. In the Beginning: Inventory of all tasks, including organizational assets, mandatory actions, protection levels, system availability, and much more. Who's Who: Identify key contributors, needed skill sets and create a RACI. Soup to Nuts: Transform raw data into a visual dashboard, emphasizing key metrics and telling your story! Living the Dream: Take Security Operations to the next level by Operationalizing your tasks effectively. You've built it, now what?

Katie Yip

IT Security Analyst at UC Berkeley

Session Format

Poster

Session Skill Level

Beginner

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

June 26, 2025 @ 1:00 pm - June 26, 2025 @ 1:45 pm

EH C

AI Feature Creep: Enhancing Institutional Control in Vendor Management

Anonymous — Thu, 27 Mar 2025 22:20:51 +0000

AI Feature Creep: Enhancing Institutional Control in Vendor Management Anonymous (not verified) Thu, 03/27/2025 - 15:20 As AI vendors rapidly introduce new features without consulting institutions, the risks to security, compliance, and privacy grow significantly. Unapproved AI functionalities can introduce vulnerabilities, increasing the chances of data breaches and unauthorized access. These updates may also violate critical regulations like FERPA and HIPAA, complicating compliance and exposing institutions to legal risks. To mitigate these challenges, institutions must actively manage AI vendor relationships and behaviors, ensuring that vendor innovations align with institutional security, regulatory, and ethical standards. This session will provide strategies for effectively managing vendor behavior, focusing on contract management, proactive policy enforcement, and establishing clear communication channels to prevent AI feature creep. Participants will gain insights into risk assessment and best practices for holding vendors accountable, protecting both privacy and institutional integrity.

Lisha Bornilla

Learning Tools Service Lead at UC Berkeley

Lisha Bornilla is the Learning Tools Service Lead at UC Berkeley’s Research, Teaching, and Learning division, where she manages campus-wide instructional technology platforms and their vendor relationships. She specializes in navigating the evolving edtech landscape—especially as AI features are rapidly integrated into existing tools and new products. Lisha advocates for institutional control, accessibility, and ethical implementation of digital tools in higher education. Her cross-functional work bridges pedagogy, policy, and technical infrastructure, ensuring that instructional technology adoption aligns with university values and compliance standards. With a background in learning design and master's degree in education and technology from the Harvard Graduate School of Education, she brings a systems-oriented approach to managing vendor innovation and risk in an age where AI innovation moves faster than policy and vendor roadmaps often outpace institutional readiness and oversight.

Session Format

Standard Presentation

Session Skill Level

Beginner

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

As AI vendors rapidly roll out new features without consulting institutions, security, compliance, and privacy risks escalate. Unapproved AI functionalities may introduce vulnerabilities, increasing the risk of data breaches and unauthorized access. Compliance challenges arise when vendors push AI updates that may violate FERPA, HIPAA, or institutional policies. Additionally, AI-driven data processing can compromise student and staff privacy, requiring stronger governance. This session explores strategies to manage AI vendor relationships, ensuring that technological advancements align with institutional security, regulatory, and ethical standards. Participants will gain insights into risk assessment, contract management, and proactive policy enforcement to prevent AI feature creep from undermining institutional integrity.

June 26, 2025 @ 2:00 pm - June 26, 2025 @ 2:45 pm

MR 8

Maneuvering Risky Waters - Zoom AI Companion

Anonymous — Thu, 27 Mar 2025 18:45:31 +0000

Maneuvering Risky Waters - Zoom AI Companion Anonymous (not verified) Thu, 03/27/2025 - 11:45 As Generative AI continues to expand into our every day working lives securing our conversations becomes more and more vital. UCSF, long with many other UCs, have recently enabled to Zoom's AI Companion for our meetings. This talk will dive into the security and vetting process to enabling this feature, outline what type of data classification and conversation types are cleared for these type of calls, and explain what per cautions are implace to ensure our data security going forward.

John McWalter

Senior UC Engineer at UC San Francisco

Session Format

Standard Presentation

Session Skill Level

Beginner

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

I've selected Security, Compliance, & Privacy as the track for this talk. This is right up the alley of Security given how sensitive the topic of AI and recording of conversations are to all of UC.

June 26, 2025 @ 3:00 pm - June 26, 2025 @ 3:45 pm

MR 9

Innovate Your Disaster Recovery: A Structured ISO Review of Disaster Recovery Plans Anchored in UC IS-12 Policy

Anonymous — Thu, 27 Mar 2025 01:13:13 +0000

Innovate Your Disaster Recovery: A Structured ISO Review of Disaster Recovery Plans Anchored in UC IS-12 Policy Anonymous (not verified) Wed, 03/26/2025 - 18:13 In an era of operational unpredictability, climate disruptions, and escalating cyber threats, a robust Disaster Recovery Plan (DRP) is not optional, it is existential. This session introduces a structured ISO-style review framework for evaluating DRPs against the University of California's IS-12 policy. Through a practical checklist covering both procedural and technical dimensions, participants will learn to assess alignment with institutional goals, identify gaps, and verify the presence of cybersecurity risk considerations. The approach blends ISO-inspired rigor with UC policy relevance, promoting an integrative, innovative, and inspiring pathway toward IT resilience. Attendees will leave empowered to launch or improve DRP reviews within their own campus or units using a transferable checklist template that embodies best practices. This session bridges the gap between documentation and action, delivering operational clarity in the face of disruption.

Austine J. Ohwobete

Information Security Liaison at UC Davis

Dr. Austine J. Ohwobete is the ISO Liaison Officer at the University of California, Davis, where he directs structured, policy-aligned reviews of Disaster Recovery Plans under UC IS-12. In this capacity, he has developed and implemented an ISO-inspired framework that rigorously assesses procedural and technical controls, identifies governance and cybersecurity gaps, and ensures institutional resilience. He also serves as the primary liaison between the ISO Office and key campus units, including IET, DEVAR, and the School of Education.

Since 2018, Dr. Ohwobete has served as an adjunct professor at the Forbes School of Business & Technology, University of Arizona, where he designs and delivers graduate-level coursework in cybersecurity, IT management, and data privacy. Previously, he was Virtual Chief Information Security Officer at NetSecurity Corporation, leading cryptographic architecture reviews, vulnerability management, and regulatory compliance initiatives—including ISO 27001, SOC 2, PCI-DSS, HIPAA, and FedRAMP.

He holds a Ph.D. in IT Management (Information Security & Regulatory Compliance), a Master of Legal Studies in Intellectual Property Litigation, and a Master of Dispute Resolution specializing in Cybersecurity Arbitration. A Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), and Certified Information Protection Professional (CIPP/US), Dr. Ohwobete brings more than two decades of expertise in risk management, privacy, and AI-infused security strategy. His international handbook, AI-Infused Cybersecurity Operations: Designing, Implementing, and Evolving Adaptive Security Programs, is slated for publication late this summer.

Session Files

uctech2025_dr_proposal.docx (30.69 KB)

Session Format

Standard Presentation

Session Skill Level

Advanced

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

This session best fits the Security, Compliance, & Privacy track, as it focuses on reviewing Disaster Recovery Plans through the lens of policy compliance, cybersecurity risk assessment, and operational governance. The checklist methodology is grounded in ISO principles and UC IS-12, aligning directly with institutional requirements and the Security, Compliance, & Privacy track’s focus on structured oversight, strategic alignment, and resilience-building.

June 26, 2025 @ 10:45 am - June 26, 2025 @ 11:30 am

MR 7

Students as Cyber Guardians: Pioneering AI Security in Higher Education

Anonymous — Thu, 27 Mar 2025 00:02:13 +0000

Students as Cyber Guardians: Pioneering AI Security in Higher Education Anonymous (not verified) Wed, 03/26/2025 - 17:02 Our institution has launched an innovative collaboration between our generative AI solution and a student-led cybersecurity club, setting new standards for AI security testing and student engagement in real-world challenges. Key aspects: Unique partnership: Students access pre-release code in staging environments Comprehensive testing methods: Input boundaries, system prompt extraction, web application security, LLM, jailbreaking Focus on AI-specific vulnerabilities: Exploring unique risks posed by AI systems Educational impact: Hands-on experience in penetration testing for students Real-world application: Balancing learning with actual system testing The project will be formalized in a penetration test report. This is a model for institutions to address emerging technological challenges while providing learning opportunities. It demonstrates how we can proactively secure AI systems while cultivating the next generation of cybersecurity leaders.

Chris Price

AI Lead Software Solutions Architect and Developer at UC Irvine

AI Lead Software Solutions Architect and Developer for UC Irvine's new Generative AI team under the Office of Information Technology (OIT), primarily supporting the ZotGPT platform and brand. Since the emergence of generative AI, Chris has played a pivotal role architecting generative AI solutions, including UCI's ZotGPT platform, to engage our campus community in this new technology. Chris provides technical direction, solution evaluation, software implementation, project management, and overall connects and coordinates the team of volunteers and full time staff with the goals for the platform. Before this Chris supported UC Irvine's Office of Research Administration for a little over 6 years, and UC Irvine's Student Life and Leadership for a little over 5 years. During that time Chris published software security research in password management. Prior to higher education, Chris worked for themselves in the software development field for about 7 years.

Jeff Picco

Security Engineer at UC Irvine

Steven Ngo

Software Engineering Ph.D. Student at UC Irvine

Session Format

Standard Presentation

Session Skill Level

Beginner

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

Real-world application: Students are working on real cutting edge systems, bridging the gap between academic theory and implementation.

Emerging field: AI security testing is a nascent field, and this project is at the forefront of developing new methodologies and best practices.

Future-oriented skills development: Students gain hands-on experience in AI security, preparing them for future careers in this growing field.

Scalable model: This approach can be adapted by other institutions, potentially transforming how universities approach both AI security and student engagement.

Addressing critical needs: As AI becomes more prevalent, ensuring its security is crucial. This project tackles this emerging challenge.

This initiative embodies the spirit of innovation, tackles emerging technological challenges, and prepares students for the future of tech, making it an excellent fit for this track.

June 26, 2025 @ 4:00 pm - June 26, 2025 @ 4:45 pm

MR 8

CISO Panel

Anonymous — Wed, 26 Mar 2025 16:19:59 +0000

CISO Panel Anonymous (not verified) Wed, 03/26/2025 - 09:19 The cybersecurity landscape is rapidly evolving, with new threats emerging at an alarming pace. This panel of UC CISOs will explore the most pressing cybersecurity challenges facing higher education, including AI-powered attacks, supply chain vulnerabilities, and the increasing sophistication of ransomware. The session will delve into strategic defense mechanisms, proactive threat mitigation, and the importance of collaboration across the UC system. Attendees will have the opportunity to engage with the panelists during an extended Q&A session.

Dewight F. Kramer

Chief Information Security Officer at UC Riverside

It is my mission to serve the UC Riverside campus through improving the University's information security posture and thus helping UC Riverside better generate, advance, disseminate, and apply data and knowledge. This effort will enhance the ability of the UC Riverside community to teach, do research, and provide public service. I have a Masters of Science in Information Security and Assurance, and a Masters of Law. My area of interest is where law, Policy, privacy, and information security overlap.

Jaki Hsieh Wojan

Interim CIO and CISO at Division of Agriculture and Natural Resources

Jaki Hsieh Wojan is the Deputy Chief Information Officer and Chief Information Security Officer at UC Agriculture and Natural Resources. With extensive experience in information security and IT leadership, Jaki Hsieh Wojan oversees cybersecurity strategy and risk management at UC ANR. In her dual role, she drives initiatives that ANR's digital landscape while aligning security priorities with broader technology goals. Jaki Hsieh Wojan is passionate about her role and finds purpose in the dynamic challenges and opportunities that come with leading information security and IT strategy.

Session Format

Panel

Session Skill Level

Beginner

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

There are two tracks that this could be tagged as. Security track or the Leadership track. As this is a panel of CISOs I chose the security track.

June 26, 2025 @ 1:00 pm - June 26, 2025 @ 1:45 pm

RC A

Google SecOps - The journey in adopting a new SIEM and SOAR platform

Anonymous — Fri, 21 Mar 2025 23:10:26 +0000

Google SecOps - The journey in adopting a new SIEM and SOAR platform Anonymous (not verified) Fri, 03/21/2025 - 16:10

UC Riverside's (UCR) initiative to shift legacy on-premise IT infrastructure and services to modern cloud-based solutions coincided with an initiative within the UCR Information Security Operations division to revamp and improve the logging and log analysis capabilities for Security Operations. This resulted in the adoption of Google Chronicle (now Google SecOps) as a SIEM solution.

Between the time of acquisition and current day use of Google SecOps, there were many factors that shaped the journey that the UCR Information Security Operations division wishes to share with those interested in implementing a new SIEM/SOAR platform at their organization.

The UCR Information Security Operations division also will present guidance and recommendations to help make a SIEM/SOAR deployment more successful, whether with Google SecOps or another SIEM/SOAR platform.

Jonathan Ocab

Manager of Information Security Operations at UC Riverside

Jonathan Ocab is a 20+ year employee of UC Riverside where he obtained his B.S. in Computer Science and started working in Information Technology as a UCR student employee. As the Manager of Security Operations, Jonathan oversees the division that handles incident response for the campus. The Security Operations division also manages the various security tools and platforms used to monitor, detect, and remediate security threats to the UC Riverside community.

Session Format

Standard Presentation

Session Skill Level

Advanced

Session Status

Accepted

Session Track

Security, Compliance, & Privacy

Session Track Reasoning

Google SecOps is the security product by Google that is used for Security Information and Incident Management (SIEM) and Security Orchestration and Automated Response (SOAR). This is a platform solution that is specifically oriented towards increasing information security capabilities and supporting information security efforts.

"Innovation and Emerging Technologies" would be a sub-track for this in that this presentation would cover the division's shift to new solutions, particularly ones that are also very new to the space and continuously evolving.

June 27, 2025 @ 1:00 pm - June 27, 2025 @ 1:45 pm

MR 7