Events
Connect with us at the following upcoming events:
Conferences
April 16-17
CS5
San Diego, CA
April 28-30
EDUCAUSE Cybersecurity and Privacy Professionals Conference (CPPC)
Anaheim, CA
Preconference Workshop:
Safeguards in Action: A Practical Roadmap for GLBA Compliance, Risk, and Communication
April 28, 2026 | 8:00 a.m. – 4:00 p.m. PT
This full-day, hands-on workshop will focus on all three pillars of GLBA: Safeguards, Privacy, and Pretexting. bringing together cybersecurity and privacy professionals to collaborate on practical solutions that strengthen compliance and protect institutional data. Attendees will use worksheets and templates to inventory what already exists, identify essential stakeholders, and map responsibilities. We will compare risk assessment methodologies and demonstrate how to leverage existing practices (e.g., FERPA processes, audit cycles, HECVAT/vendor reviews) without duplicating efforts.
Speakers:
- Elizabeth Cole-Walker, Information Security Specialist, North Carolina State University
- Wendy Epley, Principal Analyst, Information Security GRC, The University of Arizona
- Anne Koors, Lead Security Analyst, Northeast Wisconsin Technical College
- Tim Schwab, Chief Information Security Officer, The University of Arizona
- Jason Klinger, Security Advisor, CampusGuard
- Greg Lewis, Security Advisor, CampusGuard
Three Universities, Three Approaches to Reach the Same Goal: Building a Unified IT Policy Framework
Thursday, April 30, 2026 | 2:15–3:00 p.m.
Speakers:
- Shawn Kim, Director of GRC, Stanford University
- Robert Oxender, Director, Information Assurance, Purdue University
- Doug Lomsdalen, IT Security Consultant, CampusGuard
May 3-6
TPA 2026
Hyatt Regency Savannah in Savannah, Georgia
Rethinking the PCI Attestation Cycle for Merchant Success
May 4 | 2:45 – 3:45 p.m.
Speakers:
- Matt Schafer, Director, Treasury Operations, Indiana University
- Laura Allison, Project Management Product Lead, CampusGuard
PCI attestation is a critical component of maintaining compliance and protecting payment data, but how often should you do it? This session explores two approaches: Indiana University’s monthly attestation cycle, designed to reduce the level of effort, accommodate merchant busy seasons, and improve focus, and the traditional annual cycle favored for simplicity. Learn the pros and cons of each, hear real-world lessons, and walk away with practical strategies to optimize your attestation process for your organization’s unique needs.
From Checkout to Compromise: Guarding Higher Ed Against E-Skimming Threats
May 5 | 8:15 – 9:15 a.m.
Speakers:
- Kevin Doar, Director, Office of Merchant Services, University of Washington
- David Gundrum, JD, CISA, CISSP, QSA, Senior Security Advisor, CampusGuard
As colleges and universities expand their digital payment experiences, the risks associated with e-skimming attacks continue to rise. Cybercriminals are increasingly targeting higher ed websites with malicious scripts designed to silently capture payment card data, putting students, families, and institutions at significant financial and reputational risk. This session explores the vulnerabilities and tactics attackers use to bypass common security controls, how UW evaluated, implemented, and optimized one solution to secure its payment ecosystem, and recommended incident-response actions when a compromise occurs.
May 13-15
Ohio Higher Education Computing Council (OHECC) 2026
University of Toledo
Toledo, Ohio
May 19-21
Spring Focus 2026
Hosted by Virginia Military Institute
Lexington, VA
June 7-9
SCCE Higher Education Compliance Conference
San Antonio, TX
June 8-11
SUNY Tech Conference
Lake Placid, NY
Connect with us at booth #138!
Live Demos
May 13
Test Your Team Before Attackers Do: Phishing Simulator Live Demo
2:00 pm - 3:00 pm CDT
Phishing is the leading threat facing higher education institutions, and it’s getting worse with the widespread use of AI.
Attackers have moved well beyond spelling errors and suspicious links. With AI now generating emails that achieve click-through rates more than four times higher than traditional lures, even experienced professionals are being fooled.
About this session
In this live demo, we’ll walk you through our Phishing Simulator, a hands-on platform that lets your security team send realistic, controlled phishing campaigns to your own employees. You’ll see exactly how susceptible your organization is, where the weak points are, and how to close the gaps before a real attacker finds them first.
Whether you’re a security manager, IT lead, or business owner trying to understand your risk exposure, this session will give you actionable insights you can take back to your team.
We’ll cover campaign setup, reporting dashboards, targeting by role or department, and how to pair simulations with training to drive measurable behavior change.
Key takeaways:
- See a live phishing campaign built in real time. We’ll construct a realistic simulation end-to-end during the session, so you understand exactly what your employees receive.\
- Understand your organization’s true risk exposure and track key metrics to demonstrate training effectiveness to your leadership and board.
- Discover how AI is changing the attack surface. We’ll show you real examples of AI-assisted phishing and explain why traditional defenses are struggling to keep pace.
- Walk away with a repeatable simulation framework, including how to target by role, set campaign frequency, and tie results directly to training outcomes.
- Q&A
Organizations that combine phishing simulations with ongoing, behavior-focused security awareness training reduce their susceptibility by up to 86% within a year, and drop their click rate to 1.5%.