ACCS2018 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Identity and Access Management [clear filter]
Wednesday, March 14

9:00am EDT

Removing Admin Rights in the Wild West of Higher Education
Ryan, Shane, and Steve work in different parts of VCU, but have all been involved in coming up with a solution to a significant security concern -- faculty and staff running with admin rights! Ryan was introduced to this “Wild West” environment when he took over as the Desktop Services manager for VCU’s central IT organization, Technology Services, two years ago. Steve and Shane have been dealing with it within the School of Medicine and Technology Services’ security teams for longer than that. Years ago, it was common-place for people to run as admins and that was true at VCU as well. Any attempt at removing those perceived "inherent rights" was met with hesitation or downright hostility by customers and IT staff alike. Our challenge was to come up with the proper mix of processes, procedures and tools to remove the admin rights from our customer computers. In a collaborative effort different areas of VCU were able to implement a solution that was both cost effective and efficient. As a result, VCU's computers supported by Technology Services and SOMTech are more secure and our customers are still able to accomplish their jobs without a lot of IT staff intervention and assistance.

avatar for Shane Conner

Shane Conner

Information Security Engineer Team Lead, VCU
avatar for Ryan Davis

Ryan Davis

Ryan Davis and Brian Klotz, Virginia Commonwealth University
avatar for Steve Kuchta

Steve Kuchta

VCU SOM Information Security Manager, Virginia Commonwealth University

Wednesday March 14, 2018 9:00am - 10:00am EDT

1:30pm EDT

Cloud Security Best Practices For the Enterprise
Lessons learned from “doing it the right way” in the Cloud. We all know cyber-security is a hot-button topic these days, and every company, small or large, is asking the question on how can they ensure they are protecting their assets in "the Cloud." This talk will step attendees through various security related best practices with regards to cloud vendors such as Amazon AWS, Google Kubernetes and Microsoft Azure.


Wednesday March 14, 2018 1:30pm - 2:30pm EDT

3:00pm EDT

Trials and Tribulations in Active Directory Security
Microsoft Active Directory is a major infrastructure component of many organizations. While Active Directory is a great tool that enables enterprise IT to manage its environment, it is also one of the most targeted platforms by attackers and penetration testers. This session will follow the journey of one institution in better protecting its Active Directory environment, discuss certain measures and techniques that can be used to protect Active Directory, and share some of the results in the implementation of these measures and techniques. The audience will walk away with the understanding of a few common attack techniques targeting Active Directory and windows platforms, countermeasures that should be implemented in their environment to defend against such attacks, and the "gotchas" of some of these implementations.


Dan Han

CISO, Virginia Commonwealth University
Dan is the Chief Information Security Officer for the Virginia Commonwealth University. He has over 15 years of experience working in various roles in IT, and focused on information security management in the higher education and healthcare sector for the past 11 years. Dan specializes... Read More →

Wednesday March 14, 2018 3:00pm - 4:00pm EDT
Holley V/VI
Thursday, March 15

9:00am EDT

A Tale of Two Cities: Identity & Access Management Implementations at UVA and VCU
Come to this panel presentation to learn about the Identity and Access Management (IAM) projects that are actively underway at UVA and VCU. Hear the stories from two Universities that both resulted in the selection of Fischer International for an IAM solution. Panelists from UVA and VCU will share their approaches to vendor evaluation, their unique project implementation goals and the associated rationale/drivers for their current implementation approaches and timelines. Get the inside scoop (the best of times, the worst of times) on how each project is progressing and the lessons being learned along the way!

avatar for Mark Cox

Mark Cox

Program Director, Identity & Access Management, University of Virginia
Over 20 years of IT experience within Higher Education.
avatar for Dana German

Dana German

Deputy CIO, University of Virginia

Mayura Patel

Information Security - Deputy Director, VCU

Thursday March 15, 2018 9:00am - 10:00am EDT
Holley V/VI
Friday, March 16

9:00am EDT

Surviving a Tandem Bicycle Wreck: or, Lessons Learned from an Institution-Wide Deployment of Multi-Factor Authentication
Virginia Commonwealth University took the plunge and implemented system-wide multi-factor authentication in 2016-2017 using DUO Security, after multiple previous years of sluggish adoption to select high-risk systems. This presentation will detail the challenges of garnering app owner cooperation, securing faculty and staff accounts without overburdening students, and the challenges of integrating a one-stop MFA solution into an extremely heterogenous IT environment. The deliverables and measurable results thus far in VCU's environment will also be discussed, and a Q&A portion for those considering MFA implementation will also be held at the end.


Guy Broome

Systems Security Architect, Virginia Commonwealth University
A "renaissance technician" with 15+ years of IT experience, specializing in cross-disciplinary (e.g. hardware maintenance, software development, networking, information security, et al.) solutions for common technology problems in large organizations Professional interests: end-to-end... Read More →

Friday March 16, 2018 9:00am - 10:00am EDT
Holley VII