Cybersecurity Awareness Month 2024
AI and Cybersecurity: Protecting Our Digital Lives
When it comes to cybersecurity, we might not realize that AI can play a crucial role in keeping us safe online. It can quickly detect suspicious activity, helping to identify potential cyber threats before they cause harm. AI can analyze vast amounts of data, spot patterns that might indicate a cyberattack, and even predict where attacks might occur.
However, it’s important to remember that cybercriminals can use AI too. They may deploy AI to develop more sophisticated attacks, which means that while AI can strengthen our defenses, we must also remain vigilant. Understanding AI and its influence helps us protect not only our workplaces but also our personal lives from cyber threats.
Staying Aware
Cybersecurity Awareness Month is a good time to reflect on how AI touches our everyday lives. From the convenience of smart devices to the critical role it plays in cybersecurity, AI is here to stay. By staying informed about AI’s benefits and risks, we can better protect our personal information, our homes, and our workplaces in an increasingly digital world.
Protect Your Digital Life – Be CyberSafe!
There are several ways to get involved during Cybersecurity Awareness Month at UC:
- Contact your campus’ IT Security Office to learn what you can do to promote a safer, more secure and more trusted environment.
- Check out our calendar below for Systemwide events you can attend
- Check your Location’s Information Security website for location-specific events and activities.
Visit UC location websites to learn more about their Information Security programs. UC Davis; UC Davis Health; UC Berkeley; UC Agriculture and Natural Resources; UC San Francisco; UC Merced; UC Santa Cruz; UC Santa Barbara; UC Los Angeles; UC Riverside; UC Riverside-School of Medicine; UC Irvine; UC Irvine Health; UC San Diego
CALENDAR OF EVENTS
So You Think You Know IT Security
Tuesday, October 1, 2024 / 10 AM - 11 AM
Hosted by UC San Francisco
Prove your IT security knowledge by joining our knowledge contest! Attendees will answer questions about how to keep UC's and their data and computing devices safe and secure. The highest scorer will receive a $50 Amazon gift Card. Ties will be settled by a random drawing.
Email looking suspish? It’s probably a phish. UCSF’s Ever-Evolving Phish Mitigation Program
With Esther Silver, Bryce Leong, Kevin Simmons, and Tanya Jansen
Thursday, October 3, 2024 / 10:00 AM
Hosted by UC San Francisco
Navigating the murky waters of the threat landscape and mitigating phishing risks is treacherous. Our team is constantly looking for ways to stay afloat. Discover the myriad ways in which we provide anchors to protect UCSF and help our end users be on the lookout for sharks in the water. Learn about the tools and procedures we have implemented and how we teach our users not to play koi, to keep them from becoming adrift in a stormy sea. What we have done:
• Implemented Proofpoint to block the overwhelming majority of phishing messages.
• Implemented Phish Alarm so end users can easily report phish.
• Run phishing campaigns.
• Implemented anti-phishing training.
• Published articles in various publications and on our website including information on the phish indicators of recent mock phish.
• Created Real Phish Alert Page – ones received at UCSF and common ones reported by Proofpoint.
• Marketed the program in Pulse, physical and electronic posters, on the MyAccess page, and in various other ways.
Esther Silver, SSAP, CRISC, CISSP, HCISPP, CBCP, PMP began working at UCSF in 2009 as the Business Continuity Program Manager and has been the IT Security Training and Awareness Program Manager since 2014.
Bryce Leong joined UCSF in 2002 as a Senior Desktop Support Engineer and then joined the IT Security Incident Response Team as a Security Analyst in 2018. Working part as a team dedicated to keeping UCSF secured from cyber-attacks.
Kevin SImmons, IT Security Analyst, UCSF
Tanya Jansen is an award-winning communications and outreach professional with considerable experience in strategic communications and event planning. Her specialties include Strategic communications, marketing and outreach, event planning, accomplished public speaker and seminar leader, published author featured in Just Like a Girl 2008 Girlchild Press
FBI Cyber Awareness Briefing
Guest Speaker: Special Agent Jessica Downing
Tuesday, October 8, 2024 / 10:00 AM
Hosted by UC ANR
Moderator: Jaki Hsieh Wojan, Chief Information Security Officer
In-person @ UC ANR 2801 2nd Street Davis, CA 95618 Sacramento Valley Room
Virtually via Zoom
In today’s world, cyber threats impact everyone, from individuals to large organizations. This briefing will provide insights into the FBI’s role in combating cybercrime, the most common cyber threats that affect everyday people, and a look at the latest trendsin cybersecurity. You don’t need to be a tech expert to benefit from this session—just someone who wants to stay safe and informed in the digital age!
Whether you’re concerned about protecting your personal information, curious about online scams, or just want to learn more about how the FBI helps safeguard our digital lives, this briefing is a must-attend event.
Special Agent Jessica Downing has worked with FBI Sacramento for three years, first as a member of the Joint Terrorism Task Force, and currently as an agent with the Sacramento’s Cyber Crimes Squad. SA Downing also serves as an assistant coordinator for the FBI’s Weapons of Mass Destruction Program, and previously worked directly with colleges and universities within FBI Sacramento’s Area of Responsibility as a Campus Liaison agent
Who Should Attend:
This event is open to all UC staff and faculty. UC ANR and UC Davis staff, faculty and students are welcome to attend in person.
Zoom Meeting Security & Tips /Tricks
Presented by Paul Racz, Senior Customer Success Manager, Zoom
Tuesday, October 8, 2024 / 11:00 AM - Noon
Hosted by UC Santa Barbara
Best practices on securing your Zoom Meetings with added industry tips and best practices to optimize your Zoom Meeting experience.
AI Security, with Peter Bajcsy, Project Lead, National Institute of Standards and Technology
Thursday, October 10, 2024 / Noon
Hosted by UC San Francisco
Moderator: Patrick Phelan, CISO, UC San Francisco
With the growing complexity of artificial intelligence (AI) models and the lack of AI model interpretability and performance explainability, there are many ways in which AI models can be attacked by adversaries. This presentation overviews basic attacks via poisoning training datasets or planting backdoors in AI model code. To enable quick learning about data poisoning and backdoor planting, we designed a web-based neural network calculator that enables simulations of planting, activating, and defending cryptographic backdoors in neural networks (NN), and injecting Trojans into training datasets. The online simulations are available at here.
Peter Bajcsy is a project lead at the National Institute of Standards and Technology, Gaithersburg, Maryland, U.S.A. His current research interests include foundational AI-based modeling, terabyte-sized image-based measurements, and metrology in computer vision applications. Peter received his Ph.D. in electrical and computer engineering from the University of Illinois at Urbana-Champaign. He is a Senior Member of the IEEE Computer Society. Contact him at peter.bajcsy@nist.gov.
Gone Phishin': A Live Phishing/Hacking Demonstration With Michael Taggart
Tuesday, October 15, 2024 / 2 PM
Hosted by UC Los Angeles Health
This is the phishing training the bad guys don’t want you to see. In this session, UCLA Health Cybersecurity Researcher Michael Taggart will review and demonstrate some of the newer forms of phishing attackers are using to steal your data. For each demonstration, we’ll explore the motivations and techniques of the attackers, and what you can do to protect against these all-too-common attacks.
Michael Taggart is a Senior Cybersecurity Researcher at UCLA Health. That means he moves ahead of automated defenses, looking for potential threats before they have a chance to impact our mission of healing humankind one patient at a time. Some days that means analyzing malware samples; some days that means pretending to be an attacker and testing defenses with the same tools used by threat actors.
When not defending UCLA Health, Miichael uses his background as a teacher to educate others about technology and cybersecurity skills through streaming video and written courses.
Protecting the Hospital Landscape against Ransomware Attacks and the Loss of Life
Guest Speaker: Andrea Greene-Horace, MHA, EMCS is Senior Advisor, Cybersecurity/Deputy Program Manager-COOP-Business Continuity; The Affordable Care Act (ACA); Centers for Medicare & Medicaid Services (CMS); Centers for Consumer Information & Insurance Oversight (CCIIO)
Thursday, October 17, 2024, 9:00 AM - 10:00 AM
Hosted by UCSF and CERSI
Moderated by UCSF-Stanford Center of Excellence in Regulatory Science and Innovation (CERSI)
The healthcare industry is at a crossroads due to cyberattacks. Specifically, the hospital industry is viewed as being overwhelmed in its attempts to protect itself from cybersecurity attacks. As compared to other industry sectors, the healthcare sector is, in fact, more vulnerable. However, the reason why the hospital sector is not as cyber resilient as other sectors is not due to their lack of awareness or interest. Admittedly the healthcare industry’s awareness has improved, giving credit to these organizations. However, this improvement may be also largely due to ransomware attackers” following the money by turning their attention to better capitalized industries”. For sustained impactful longevity and success, partnerships between an array of stakeholders are immediately required to strengthen the industry’s resiliency. How this can be accomplished will be explored, as well as the reasons why hospitals remain vulnerable, despite heightened awareness. The focus is on the enactment of a comprehensive solution, as failure in the hospital industry can have infinite and catastrophic consequences in terms of patient safety and access, as well as long-term national security cyber resilient as other sectors is not due to their lack of awareness or interest. Admittedly the healthcare industry’s awareness has improved, giving credit to these organizations. However, this improvement may be also largely due to ransomware attackers” following the money by turning their attention to better capitalized industries”. For sustained impactful longevity and success, partnerships between an array of stakeholders are immediately required to strengthen the industry’s resiliency. How this can be accomplished will be explored, as well as the reasons why hospitals remain vulnerable, despite heightened awareness. The focus is on the enactment of a comprehensive solution, as failure in the hospital industry can have infinite and catastrophic consequences in terms of patient safety and access, as well as long-term national security implications. Further, emerging AI and quantum computing use both further complicate this scenario but can set up hospitals for huge successes with key partnerships established and plans executed. The healthcare industry is at a crossroads due to cyberattacks. Specifically, the hospital industry is viewed as being overwhelmed in its attempts to protect itself from cybersecurity attacks. As compared to other industry sectors, the healthcare sector is, in fact, more vulnerable. However, the reason why the hospital sector is not as cyber resilient as other sectors is not due to their lack of awareness or interest. Admittedly the healthcare industry’s awareness has improved, giving credit to these organizations. However, this improvement may be also largely due to ransomware attackers” following the money by turning their attention to The healthcare industry is at a crossroads due to cyberattacks. Specifically, the hospital industry is viewed as being overwhelmed in its attempts to protect itself from cybersecurity attacks. As compared to other industry sectors, the healthcare sector is, in fact, more vulnerable. However, the reason why the hospital sector is not as cyber resilient as other sectors is not due to their lack of awareness or interest. Admittedly the healthcare industry’s awareness has improved, giving credit to these organizations. However, this improvement may be also largely due to ransomware attackers” following the money by turning their attention to better capitalized industries”. For sustained impactful longevity and success, partnerships between an array of stakeholders are immediately required to strengthen the industry’s resiliency. How this can be accomplished will be explored, as well as the reasons why hospitals remain vulnerable, despite heightened awareness. The focus is on the enactment of a comprehensive solution, as failure in the hospital industry can have infinite and catastrophic consequences in terms of patient safety and access, as well as long-term national security implications. Further, emerging AI and quantum computing use both further complicate this scenario but can set up hospitals for huge successes with key partnerships established and plans executed. The healthcare industry is at a crossroads due to cyberattacks. Specifically, the hospital industry is viewed as being overwhelmed in its attempts to protect itself from cybersecurity attacks. As compared to other industry sectors, the healthcare sector is, in fact, more vulnerable. However, the reason why the hospital sector is not as cyber resilient as other sectors is not due to their lack of awareness or interest. Admittedly the healthcare industry’s awareness has improved, giving credit to these organizations. However, this improvement may be also largely due to ransomware attackers” following the money by turning their attention to better capitalized industries”. For sustained impactful longevity and success, partnerships between an array of stakeholders are immediately required to strengthen the industry’s resiliency. How this can be accomplished will be explored, as well as the reasons why hospitals remain vulnerable, despite heightened awareness. The focus is on the enactment of a comprehensive solution, as failure in the hospital industry can have infinite and catastrophic consequences in terms of patient safety and access, as well as long-term national security implications. Further, emerging AI and quantum computing use both further complicate this scenario but can set up hospitals for huge successes with key partnerships established and plans executed.
Ms. Greene-Horace is a Health Care and IT Leader with over 25 years of experience in healthcare and IT program development for the private sector, as well as federal and state governments. She has advised Federal and State Executives on strategies to ensure secure and timely opening of Health Care Marketplaces under the Affordable Care Act (ACA). Ms. Greene-Horace created and managed the first federal cybersecurity and privacy office for the ACA to ensure that federal cybersecurity and privacy requirements were built into IT development and program governance for 17 Health State Based Care Marketplaces. She advised the Secretary of the Maryland Department of Health in instituting Health Plan Management requirements for the ACA. Her other program and/or start-up experiences have included program development at the Marriott Corporation (Senior Living Services), the New Jersey Primary Care Association (Network Management Services), and at several federal agencies and in establishing Program Offices or new business services. She is currently establishing the Artificial Intelligence (AI) Compliance Framework within the AI Governance Framework for the ACA Program. A lifelong learner, she loves learning about the potential impact of emerging technology. Ms. Greene-Horace is a graduate of Penn State (BA), Cornell (MHA), and Brown University (Cyber). She is also a member of Delta Sigma Theta Sorority, Inc. In her free time, she loves to spend time with her family, taking time planning events for children, and listening and strategizing with young adults to pursue and achieve their passions.
Hot Tips for Being Cyber Safe in Today’s Threat Environment
With Morgan Adamski, Executive Director, United States Cyber Command
Thursday, October 17, 2024 / 11:30 AM - Noon
Hosted by UC Irvine
Moderated by Michelled Luttrell, UCI
Come hear from Morgan Adamski, the Executive Director of U.S. Cyber Command, about the latest cyber threats to national security and your role in protecting yourself and the U.S.!
Ms. Morgan Adamski was previously the Chief of the Cybersecurity Collaboration Center for NSA’s Cybersecurity Directorate where she led the Agency’s open private sector relationships to secure the Defense Industrial Base and its service providers. During her time there, she revitalized the way NSA collaborates with the private sector to harden billions of endpoints against nation-state cyber threats. Ms. Adamski also served as the Deputy Strategic Mission Manager for NSA’s Cybersecurity Directorate and was responsible for leading complex and groundbreaking initiatives for the agency specifically aimed at gaining insights against nation-state cyber actors and collaborating with the private sector.
For more than a decade, Ms. Adamski has been at the forefront of NSA’s Computer Network Defense, Computer Network Exploitation, and Cyber analysis missions. Prior to her position in CSD, she served as a senior Cyber Policy Advisor to the Deputy Assistant Secretary for Defense (DASD) for Cyber Policy. Ms. Adamski acted as technical and operational subject matter expert to the DASD for Cyber Policy, specializing in operational issues in the Middle East and Eurasia area of responsibility. She was a primary contributor to the 2018 DoD Cyber Strategy and was responsible for orchestrating the Department’s new approach to cyber deterrence.
Ms. Adamski served as a Chief Operating Officer for NSA’s offensive cyber mission from 2016-2018, responsible for planning and executing operations against some of the agency’s hardest intelligence targets. Prior to serving in NSA’s offensive mission, she served as the NSA Deputy Director’s executive assistant (2014-2016) and as a senior SME for the Middle East cyber analysis office (2010-2014).
Ms. Adamski received the Director of National Intelligence Merit Unit Citation in 2019 and the Meritorious Civilian Service Award in 2016.
Ms. Adamski graduated from Mercyhurst University with a Master’s of Science in Strategic Intelligence. She earned her Bachelors of Art in Peace, War, and Defense with a specialization in National Security from the University of North Carolina-Chapel Hill.
A native of Baltimore, Maryland, she is an avid sports fan and enjoys traveling as well as spending time with family and friends.
Nightmare on Cyber Street: Unleashing UCSF’s Spellbinding Data Security Compliance Program
Guest Speakers:
Lee Zelyck, Senior Data Security Comp Analyst
PRIVACY OFFICE HEALTH EDUC, UCSF
Mary Morshed, Data Security Compliance Director, UCSF
James Tarala, Cybersecurity Researcher and Advisor, Cyverity, SANS Institute
Tuesday, October 22, 2024 / 11 AM
Hosted by UC San Francisco
This Halloween, dive into the shadowy world of data security with UCSF’s thrilling new Data Security Compliance (DSC) Program. Designed to combat the ever-evolving cyber threats, our program stands as a fortress with its extensive library of security requirements, including administrative, technical, and physical controls. These robust safeguards are meticulously assembled from a myriad of sources such as laws, regulations, UC/industry/local policies, and contract stipulations. As the digital landscape morphs and expands, the challenge of tracking and managing compliance intensifies. Join the UCSF DSC Team on a spine-chilling journey to unravel the mysteries of cybersecurity compliance. Discover cutting-edge tools and resources that simplify the identification of pertinent requirements for specific systems or use cases. Learn the art of de-duplicating and consolidating safeguards to fortify your defenses.
But that’s not all—our alliance with the Cybersecurity Risk Foundation (CRF) brings decades of consolidated cybersecurity wisdom to your fingertips. Through comprehensive research, policy guides, frameworks, and an innovative online assessment tool, we empower you to enhance your cybersecurity posture dramatically. Prepare to be spellbound as you access expert advice and state-of-the-art solutions designed to shield your organization from the ghostly specters of cyber threats and ensure stringent compliance with industry standards. Don’t miss this chance to transform your cybersecurity strategy from a haunted maze into a commanding stronghold. Join us to safeguard your digital realm this Halloween and beyond!
Lee Zelyck is a cybersecurity professional with 20 years of experience. He joined UCSF Health in November 2023 as a Senior Data Security Compliance Analyst. Prior to joining UCSF, Lee worked as a consultant to cloud providers and clients in various industries, including oil, gas, and government. For the past 5 years, Lee has worked in cybersecurity operations for academic healthcare providers and holds several information security technical and professional certifications.
Mary Morshed is the UCSF Director of Data Security Compliance. Mary joined UCSF Health in November 2022. She previously served 16+ years in the role of Chief Information Security and Privacy Officer for various state of California entities, CSU, and Sacramento Municipal Utility District (SMUD). She has over 33 years of experience in the field of information security and also currently holds several industry security, privacy, and healthcare professional certifications.
James Tarala is a managing partner with Cyverity based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author of LDR419: Performing a Cybersecurity Risk Assessment, the brand new LDR519: Cybersecurity Risk Management and Compliance course, as well as a number of previous SANS courses.
How to Compliantly Share UCSF Data
Guest Speakers:
Helena Mezgova, Sr. Data Compliance Specialist
Kim Romero, Associate Director, Process Management & Compliance, Academic Research Services
Thursday, October 24, 2024 / Noon
Hosted by UC San Francisco
Moderated by Esther Silver, UCSF
UCSF has a responsibility to analyze and share data in order to generate new knowledge and insights. To meet UCOP recommendations and aid in the mitigation of risks of malicious cyber activity and incidents, leadership determined that a thorough review and development of standardized processes for our data management and external data sharing practices was essential to ensure the protection of our data assets. During the “How to Compliantly Share UCSF Data” session, we will discuss the actions we’ve taken to address this by providing an overview of the new UCSF data sharing Policy 650-20 External Sharing of Personally Identifiable Information (PII) and PII-Derived Data, the steps required to share UCSF data externally, and the considerations when designing data sharing engagements with external third parties.
Attendees will gain insight into the compliance steps required to share UCSF data through data sharing engagements with named third parties, repositories, and publication. In addition, this session will introduce factors for consideration when designing an external data sharing engagement to ensure that key compliance areas are addressed early in the planning and initiation stages, and to ensure that departments have sufficient time to address any additional compliance matters that may arise.
Kim Romero works in the Enterprise Information & Analytics department in central IT and manages the team responsible for the data compliance and data sharing areas. Examples of initiatives that her team helps with are the review of higher-risk data sharing engagements by the IT Governance Committee on EIA, implementing and supporting data access models and processes, and defining and operationalizing data compliance and data sharing policies, guidance, and workflows. She has worked at UCSF since 2009, with the first 8 years focused on managing research data services and systems and the remainder focused on the data compliance and data sharing areas. Please reach out to her team with any questions that you may have about data access and release, data sharing, or data compliance matters.
Helena Mezgova is a Senior Data Compliance Specialist of the IT EIA Data Compliance team. She joined UCSF in 2019 and currently supports the operations of the data compliance functions for teams to ensure data are managed, administered, released, and shared in accordance with security, privacy, and compliance policies and laws. She oversees the higher-risk data sharing review process by the IT Governance Committee on EIA and is a subject matter expert in data sharing. She is trained as a bioethicist, with certification in healthcare privacy and security.
Privacy, AI, and Cyberlaw 101 with Reema Moussa, J.D.
Friday, October 25, 2024 / Noon - 1 PM
Hosted by UC Santa Barbara
In our increasingly digital world, the convergence of privacy, cybersecurity, and artificial intelligence has reshaped how we approach data protection and governance. This presentation by Reema Moussa, J.D. (USC Gould School of Law) and UC Santa Barbara Alumnus will explore the evolving legal frameworks surrounding AI technologies, data privacy, and cybersecurity measures. We'll cover existing laws, key challenges, and ethical considerations in safeguarding personal data as well as how the development of both AI technology and new laws to regulate it factor into these challenges and considerations. Through examining regulatory trends and case studies alike, this session will give a high level view of privacy, AI, and cyberlaw basics.
Reema Moussa is a recent J.D. graduate from the University of Southern California, Gould School of Law, focusing her studies and upcoming practice on cybersecurity, privacy, artificial intelligence, and trust and safety. She graduated from UC Santa Barbara in 2020 with degrees in Communication and Global & International Studies, and completed her Master in Technology Management at UCSB in 2021. During a study abroad program at the University of Geneva, she launched her career in technology at the United Nations’ International Telecommunication Union (later returning to coordinate the 10th anniversary of Girls in ICT Day). Upon her return to UCSB from abroad in 2019, she joined UCSB's Office of the CIO as the campus' Cybersecurity Awareness Coordinator.
During her legal studies she held positions with a number of different types of stakeholders across the globe, interning at the Federal Trade Commission's Division of Privacy and Identity Protection, VMCA Advogados (São Paulo, Brazil), Goodwin Procter, the Electronic Frontier Foundation, the Future of Privacy Forum, and SentinelOne. She has spoken on her experience and knowledge of interdisciplinary tech policy issues at several international conferences, including Women in Cybersecurity (WiCyS), the IAPP Global Privacy Summit, the California Lawyers Association’s annual Privacy Summit, and the American Bar Association’s inaugural Consumer Protection and Data Privacy Conference, among others. She previously served as the Vice-President and West Coast Regional Chair of the Internet Law and Policy Foundry, where she was a Senior Fellow and the host/executive producer of the Tech Policy Grind podcast. She has also been a member of the Young Lawyers Advisory Panel for the Privacy and Information Security Committee of the American Bar Association's Antitrust Section since 2021.
You Didn’t See It Coming: Cyber Risk in Higher Education
Presented by Matthew Hall, Vice President of Information Technology and CIO at Texas State University
Wednesday, October 30, 2024 / Noon - 1 PM
Hosted by UC Santa Barbara
You Didn’t See It Coming: Cyber Risk in Higher Education delves into the rapidly evolving landscape of cyber threats facing universities and colleges. Over the course of 45 minutes, it highlights how institutions are increasingly vulnerable to data breaches, ransomware attacks, and other cyber risks due to their vast digital infrastructures and sensitive data repositories. The presentation explores the challenges in higher education, including underfunded security initiatives and decentralized IT environments. It provides an in-depth analysis of ISO risk frameworks such as ISO 31000 and ISO 27001, demonstrating how these standards can build robust risk management strategies. Through case studies and best practices, it offers actionable insights into identifying, mitigating, and managing cyber risks, emphasizing the need for proactive governance, continuous monitoring, and aligning cybersecurity with institutional goals. Participants will leave with a clearer understanding of the urgency of cyber risk management and practical steps for implementing adequate safeguards within their institutions.
Cyber@UCI Hacking Demonstration
Presented by UCI’s cybersecurity club, Cyber@UCI
Wednesday, October 30, 2024 / 1:00 PM - 2:00 PM
Hosted by UC Irvine
In collaboration with the UCI Information Security team for Cybersecurity Awareness Month, Cyber@UCI will deliver a live hacking demonstration! We often hear about the potential to be "hacked" and go through security training because of it, but what does an end-to-end attack look like? Join us for an exciting, hands-on session where we'll showcase real-world cybersecurity vulnerabilities and exploitation techniques. Don’t miss out on this chance to see cybersecurity in action!
Cybersecurity in Healthcare: Navigating AI Challenges and Building Cyber-Resilience with Elvis Chan, ASAC FBI San Francisco, and UCSF CISO, Patrick Phelan
Thursday, November 14, 2024 / 1 PM
Sponsored by UC San Francisco and the Rosenman Institute
Moderator: Herminio Neto, Associate Director, Marketing & Communication, Rosenman Institute
Cybersecurity is a critical concern not only for individuals facing risks like identity theft but also on a national level, influencing elements as significant as federal elections. Within the healthcare sector, the complexity of challenges has expanded for startups, lab scientists, and IT professionals. Risks from exploiting generative artificial intelligence now join threats like IP theft, ransomware, and hacktivism.
This webinar aims to empower participants by deepening their understanding of these evolving threats and highlighting how to forge robust cyber-resilience strategies. You will learn how to defend against these risks and develop resilient systems that continue to function effectively even during cyber incidents.
Join us to gain expert insights from the FBI's Elvis Chan, who leads San Francisco’s Cyber Branch in cyber investigations and digital forensics, and UCSF’s Chief Information Security Officer, Patrick Phelan. Together, they will share valuable strategies to enhance your defensive capabilities and build resilience that protects both individuals and the organizations you serve. This is an essential session for mastering the complexities of cybersecurity in today's interconnected world.
About the Speakers:
Elvis Chan is an Assistant Special Agent in Charge (ASAC) assigned to FBI San Francisco. ASAC Chan manages the field office’s Cyber Branch, which is responsible for cyber investigations, digital forensics, technical operations, community engagement, and public affairs. With over 16 years in the Bureau, he is a decorated agent who is recognized within the Intelligence Community as an election cybersecurity and cyberterrorism expert. ASAC Chan was the lead agent on significant cyber investigations and managed joint counterterrorism operations with domestic and foreign law enforcement agencies. Prior to joining the Bureau, ASAC Chan was a process development engineer in the semiconductor industry for almost 12 years. He holds two U.S. patents, presents at many technical and law enforcement symposiums, and published multiple articles in journals. ASAC Chan earned his bachelor’s degrees in chemical engineering and chemistry from the University of Washington and his master’s degree in homeland security studies from the Naval Postgraduate School.
Patrick Phelan is the Chief Information Security Officer of UCSF, one of the premier academic medical centers in the country. He is responsible for the security strategy and operations that protect systems supporting the research, education, and clinical missions of the institution. A 25-year IT veteran, he is a member of several professional organizations, holds CISSP, CEH, CISM certifications, and a B.S. in computer science from UCLA.
Snapshots By KnowBe4 - Short Video Training
Security Snapshots is a supercharged shot of security awareness. Each short is a perfectly formed episode that takes a laser guided approach to a single cybersecurity issue from ransomware to bogus wi-fi to document disposal. With a super smart voiceover, and elegant slow mo, a whole drama is played out in a single set up.
Episode 15: Monique makes a terrific buddy. She’s reliable and generous and, as it turns out, a bit gullible too. These are admirable qualities in a friend but also make her a perfect target for someone with less charitable motives.
Watch all 15 episodes through the UC Learning Center
Cinema Event
Watch the full-length True Eye video (17:54 min.) on your own or virtually with your team. Bring popcorn and make it an event!
Videos
Additional Resources and Information To Explore
National Cybersecurity Alliance
Making it easy for everyone to learn more about cybersecurity and staying safe online. View a collection of easy-to-follow resources and guides for youself and to share with others.
WiCyS - Women in Cybersecurity
A global community of women, allies and advocates dedicated to the recruitment, retention and advancement of women in cybersecurity.
Cybersecurity & Infrastructure Security Agency (CISA)
- Parent and Educators Tip Card
- Chatting with Kids about Being Online Booklet
- Student Tip Cards