Skip to main content

Cybersecurity and Privacy Festival

Cybersecurity and Privacy Festival - Defending the Human

Hosted by Stanford’s Information Security and Privacy Offices, the festival aims to raise awareness and understanding about how to ensure our online lives are safe and secure.

The festival, themed “Defending the Human,” will include a variety of breakout sessions and workshops from different speakers and security leaders, with an overarching focus on online safety and end user protection based on security best practices.

All Stanford University and Healthcare communities are invited and is open to the public.  RSVP now to let us know you are coming and be entered in a early bird raffle drawing.

Time and Location

The festival will be offered in two locations on two different dates with similar information. The open-house style festival will allow you to move around as you please between exploring the expo area and listening to presentations.

  • October 31 from 10 a.m. to 2 p.m. at the Stanford Redwood City (SRWC) campus in Cardinal Hall, Rooms 104 and 105
  • October 9 from 10 a.m. to 2 p.m. on the historic campus in Arrillaga Alumni Center

Please note, the presentations will differ in each location depending on speaker availability, and there will not be a academic village area at the SRWC event.

Help get the word in your organization about this very important event.  (Downloadable Flyer

What’s in it for me?

The festival will provide value for students, faculty, and staff alike, including:

  • Top 5 Questions Answered *New*
  • Deepen your knowledge about the importance of cybersecurity and privacy to ensure that Stanford community have the resources to be more secure online
  • Attend talks by subject matter experts and industry leaders
  • Engage with team member’s from Stanford’s Information Security Office, University Privacy Office, security professionals from around the campus, as well as representatives from the Stanford students groups
  • Learn skills at workshops called "villages" like lockpicking
  • Prizes and raffles drawings
  • Free Snacks

Villages

The festival will include five different skill-building villages to help you hone your knowledge and skills about a variety of topics. Here's a look at what you can expect.

End User Village

  • Phishing/Secure email
  • MyDevices
  • SWDE/VLRE/Airwatch
  • Cardinal Key
  • Dashlane
  • Two Factor
  • Crash Plan
  • Laptop Loaner Program
  • Credit Union
  • Credit Monitoring

IT User Village

  • CyberFitness Test, DRA, SISA, Cloud Security
  • Bug Bounty
  • IoT Security
  • Information Security Office (ISO)
  • Splunk/PCI
  • Qualys
  • File Storage Security
  • Secure Endpoint Engineering
  • Application Control
  • SLAC
 

Privacy Village

  • OCRO | University Privacy Office
  • OCRO | Ethics and Compliance Office
  • Office of Sponsored Research (OSR)
  • Clinical Trials-Research Management Group (CT-RMG)
  • Industrial Contracts Office (ICO)
  • Vice Provost and Dean of Research - Research Compliance
  • Stanford Health Care Privacy Office
  • Stanford Health Care & School of Medicine
  • Student Services Center (Historic Campus Only)
  • Vaden Health Center (Historic Campus Only)

Lockpick Village

  • Lock Picking

by David Sell, Stanford Applied Physics PhD Candidate

Academic Village (Historic Campus Only)

  • Bug Bounty
    • Meet Jack Cable at the Bug Bounty Table
      • one of Time Magazine's 25 most influential teens for 2018. He is a coder turned white-hat hacker and a current sophomore at Stanford University.
  • Research Computing: Nero Computing
  • Stanford Advanced Computer Security Certificate (SCPD)
  • Applied Cyber group (CTF)
  • Cyber Law (see featured speakers)
    • Riana Pfefferkorn
    • Jennifer King, Ph.D

Featured Speakers

Stay tuned on this website for streaming information.

Michael Duff

Assistant Vice President and Chief Information Security Officer at Stanford University

Going Passwordless with Cardinal Key

Stanford is going passwordless! Imagine not having to login with your username and password each day, yet be dramatically more secure. Cardinal Key brings this dream to reality. In this session, learn how you can begin using Cardinal Key today and how it works behind the scenes.

Cardinal Key Slides (PDF)

Going Passwordless with Cardinal Key Session Recording

Michael Timineri

Director of Information Security Consulting at Stanford.

Keeping Stanford’s Research Mission Secure in an Era of Increasing Cyber Threats

While it may seem that Stanford stands apart in our teaching, research, and clinical care missions, the university is no stranger to data breaches and cyber attacks. In this presentation you will get an overview of the University’s cyber security program, hear about cyber security incidents and threats, and learn what you need to do in your role, as a researcher, to keep your data safe.

Keeping Stanford’s Research Mission Secure in an Era of Increasing Cyber Threats Session Recording

Jay Stamps and Shilpa Pasuparthy

Jay is a Software Developer from the Endpoint Engineering and Development (EED) from University IT.

Shilpa is a Senior Software Developer from Enterprise Technology (ET) from University IT.

MyDevices and Device Compliance Explained

This talk will cover the high-level design and structure of the Device Registry, its data sources and feed systems, and will describe in some detail how device compliance is determined and how compliance enforcement works. We'll discuss how to troubleshoot common compliance problems, and will leave plenty of time for questions and answers.

MyDevices and Device Compliance Explained Session Recording

Kortne Hiskey

Compliance and NCAA Certifying Officer at Stanford Student Services Center.

Student Privacy 101

An introduction to the Family Educational Rights and Privacy Act (FERPA from the student perspective).

Streaming/Recording: Not Available*

Riana Pfefferkorn

Associate Director of Surveillance and Cybersecurity | Center for Internet and Society at Stanford Law School

Compelled Device Decryption and the Fifth Amendment

You can unlock your smartphone with a passcode, your finger, even your face. When the police demand you decrypt your phone or other device for them, can you successfully invoke your Fifth Amendment right against self-incrimination? Well, it depends. Given by an attorney who researches surveillance and cybersecurity issues at the Law School's Center for Internet and Society, this talk quickly walks through the when, where, why, and how of compelled decryption and the Fifth Amendment under current case law, then ends with some practical takeaways.

Compelled Device Decryption and the Fifth Amendment Session Recording

Chad Wilson

Chief Information Security Officer at Stanford Children's Health | Lucile Packard Children's Hospital Stanford

Cybersecurity: Practical Personal Protection

Cybersecurity is increasingly in the news having an impact to family and friends. Come learn practical methods that you can use to protect yourself and family. Share with friends. Take control of your information.

Cybersecurity: Practical Personal Protection Session Recording

Jennifer King, Ph.D

Director for Consumer Privacy, Center for Internet and Society at the Stanford Law School

Consumer Privacy Strategies in 2019: Discussion between Dr. King and Elizabeth Lee

Elizabeth Lee Sr. Privacy Officer from the Office of Chief Risk Officer (OCRO) will be interviewing Dr. King on Consumer Privacy Strategies.

Consumer Privacy Strategies in 2019 Session Recording

Camelia Simoiu

PhD Candidate, Department of Management Science & Engineering, Stanford.

"I was told to buy a software or lose my computer": lessons from a national survey on ransomware

Ransomware has received lot of media coverage in recent years, in large part due to attacks on government organizations and high-profile corporate targets. However, consumers are thought to be the most likely victims, as they are less likely to have robust security in place. This talk draws on recent research into the situational and behavioral factors that affect susceptibility of computer users to ransomware, and ends with some practical mitigation strategies and tips for staying safe online.

lessons from a national survey on ransomware Session Recording

Lilia Rodriguez

Splunk Engineer

Tips and Tricks on getting the most out of Splunk

Are you a current user of the centralized logging service or thinking about it. Come hear tips and tricks on getting the most out your logs and what data can be mined  from them.

Tips and Tricks on getting the most out of Splunk Session Recording

Alex Stamos

Director, Stanford Internet Observatory.  Former Chief Security Officer at Facebook.

Tackling the Trust and Safety Crisis

Around the turn of the century, the technology industry faced a pretty basic problem: we had no idea how to write secure software. Every year brought the invention of completely new classes of software flaw, there was little training available in industry or the academy, and security was considered something you added with a firewall and antivirus.

Twenty years have past and, while things are far from perfect, we at least have a great deal more understanding of how to address core information security risks in complex software projects. The tech industry is now facing a whole set of new issues, ones involving our inability to build products that are safe, trustworthy, and respectful of user privacy when deployed to billions globally. Unlike before, however, this is not just a computer science problem but one that crosses into the worlds of sociology, psychology, political science, and anthropology.

In this talk, the speaker will draw from his deep well of experience making serious mistakes in this area to lay out some of the basic challenges facing industry and academia while humbly suggesting some possible ways forward. This time, we don't have decades to figure out how to do better.

Streaming\Recording Info: Not Available* from Cyberfest

A similar talk was given by Alex Stamos at the USENIX Security '19 event

Neil Daswani

Co-founder and instructor at Stanford's Advanced Computer Security Certificate Program at Stanford Center for Professional Development.

Hacked! Security Lessons From Big Name Breaches

"What do Yahoo!, Equifax, Facebook, and Capital One have in common? These highly-recognized, powerful brands are also all victims of massive data hacks that humbled their organizations.

Over the past several years, we’ve been seeing an increasing number of high-profile breaches and witnessed the consequences:  Billions of customers affected. Billions of dollars in fines. Damaged corporate reputations.

In this talk, Dr. Neil Daswani, Co-Director of Stanford’s Advanced Security Program, will review the recent spate of big hacks, the root causes that they were able to occur, and the impact these breaches had on their organizations.  Neil will also provide recommendations that everyone in the Stanford community can employ to help avoid data breaches."

Hacked! Security Lessons From Big Name Breaches Slides (PDF)

Kevin Tully

Technical Specialist Supervisor, Computer Resource Consulting, University IT.

Unattended Laptops Will Be Upgraded to Windows 10 and other Windows 7 EOL strategies to avoid

Have you solidified your Windows 7 migration plans? Kevin Tully shares his team's strategy, tools, and other considerations involved in an effort to upgrade or replace more than 1000 Windows 7 devices before the January 2020 deadline.

Streaming\Recording: Not Available

Event Photos

Person wearing a Cyberfest T-Shirt Lockpicking workshop tools and locks Cardinal Key stickers Cyberfest sticker on a laptop

Festival Collaborators and Sponsors

Information Security Office  •  Residential and Dining Enterprises • Stanford Libraries • School of Engineering • School of Humanities and Science • Land, Buildings & Real Estate • Graduate School of Business • Stanford Medicine Technology & Digital Solutions • Graduate School of Education • University Privacy Office

Contact Us

Questions can be sent to our mailing list cyberfest@lists.stanford.edu.

* exceptions may occur if a speaker opts-out from streaming and or recording of their session.