Information Technology Services IT Security Office

VASCAN 2018 will feature a keynote address by Rick Howard, the Chief Security Officer (CSO) for Palo Alto Networks, sessions focused on ways to mature your cyber security and information from vendors about products and services they provide to enhance cyber security. Registration opens for the conference at 7:15 a.m. Tuesday, October 16, 2018. Breakfast also begins at 7:15 a.m., and the keynote address is at 9 a.m. The first day closes with presentation of the Shirley Payne Award during the conference reception at 5 p.m.

The second day, breakfast begins at 7:30 a.m. The final session ends at 12:20 p.m. and participants can pick up their box lunches in Dewberry Hall. Those participating in the second-day training will get a lunch break and have their lunches delivered to The George, where the day-long training will take place. The two-part training will focus on identifying data sources and tools that map to industry standards and prioritized security controls in the context of SIEM technology and a Boss of the SOC competition that will help increase incident response and hunting skill sets.

About the Second Day Training

[Participants will need a laptop, slack, and wireless internet access]

The Training

The training, being led by Craig Vincent and Sondra Russell from Splunk, has two sessions.

During the first session, the focus is on CIS Critical Security Controls Assessment. Participants will review the 20 Critical Security Controls as identified by the Center for Internet Security. Participants will learn how to apply these important security controls in a real-world setting by analyzing real, existing data. After participants understand the environment, the will spend the remainder of the morning identifying threats. The trainers will introduce theories and processess of investigation, threat hunting and incident response using a variety of endpoint, network and threat intelligence data sources.

During the second session, participants will get hands-on training. Teams made up of four or five players will compete in a blue-team capture-the-flag exercise called Boss of the SOC. Each team will be handed a data set and a series of challenges. Teams will be scored on accuracy, speed, and ingenuity. Teams will compete for prizes, but more importantly, bragging rights.

The Instructors


Vincent is a solution engineer and regional Security Subject Matter at Splunk. After joining Splunk, Vincent has supported customers in Higher Education, Healthcare, and State & Local Government. Before joining Splunk, he held a security research role at the National Cable & Telecommunications Association and worked in the Security Operation Center at Mandiant, acquired by FireEye, Inc. Based in the DC area, Vincent's technical passions include security, containerization, automation, and program management. Vincent holds a B.S.E in Electrical & Computer Engineering from Duke University.


Sondra has been a "Splunker" for eight years, starting when she was a devoted customer of Splunk at National Public Radio. While at Splunk, she's focused on working with higher education customers on a variety of use cases, including security and compliance, application monitoring, Internet of Things and business analytics.