Events

Connect with us at the following upcoming events:

Conferences

April 16-17

CS5

San Diego, CA

April 28-30

EDUCAUSE Cybersecurity and Privacy Professionals Conference (CPPC)

Anaheim, CA

Preconference Workshop:

Safeguards in Action: A Practical Roadmap for GLBA Compliance, Risk, and Communication

April 28, 2026 | 8:00 a.m. – 4:00 p.m. PT

This full-day, hands-on workshop will focus on all three pillars of GLBA: Safeguards, Privacy, and Pretexting. bringing together cybersecurity and privacy professionals to collaborate on practical solutions that strengthen compliance and protect institutional data. Attendees will use worksheets and templates to inventory what already exists, identify essential stakeholders, and map responsibilities. We will compare risk assessment methodologies and demonstrate how to leverage existing practices (e.g., FERPA processes, audit cycles, HECVAT/vendor reviews) without duplicating efforts.

Speakers:

  • Elizabeth Cole-Walker, Information Security Specialist, North Carolina State University
  • Wendy Epley, Principal Analyst, Information Security GRC, The University of Arizona
  • Anne Koors, Lead Security Analyst, Northeast Wisconsin Technical College
  • Tim Schwab, Chief Information Security Officer, The University of Arizona
  • Jason Klinger, Security Advisor, CampusGuard
  • Greg Lewis, Security Advisor, CampusGuard

Register

Three Universities, Three Approaches to Reach the Same Goal: Building a Unified IT Policy Framework

Thursday, April 30, 2026 | 2:15–3:00 p.m.

This session explores proven strategies from different universities and presents a practical, scalable model for building a unified, risk-based IT policy framework that simplifies compliance while enabling academic innovation. Participants will learn strategies for drafting and establishing a tiered policy architecture (policies, standards, and procedures); define data classifications; and map overlapping regulations into a single NIST-aligned control framework. The presenters will share lessons learned and guide how best to engage stakeholders in the feedback process to identify any potential barriers, build buy-in, and ensure full policy implementation and compliance.

Speakers:

  • Shawn Kim, Director of GRC, Stanford University
  • Robert Oxender, Director, Information Assurance, Purdue University
  • Doug Lomsdalen, IT Security Consultant, CampusGuard

Learn More

May 3-6

TPA 2026

Hyatt Regency Savannah in Savannah, Georgia

Rethinking the PCI Attestation Cycle for Merchant Success
May 4 | 2:45 – 3:45 p.m.

Speakers:

  • Matt Schafer, Director, Treasury Operations, Indiana University
  • Laura Allison, Project Management Product Lead, CampusGuard

PCI attestation is a critical component of maintaining compliance and protecting payment data, but how often should you do it? This session explores two approaches: Indiana University’s monthly attestation cycle, designed to reduce the level of effort, accommodate merchant busy seasons, and improve focus, and the traditional annual cycle favored for simplicity. Learn the pros and cons of each, hear real-world lessons, and walk away with practical strategies to optimize your attestation process for your organization’s unique needs.

From Checkout to Compromise: Guarding Higher Ed Against E-Skimming Threats
May 5 | 8:15 – 9:15 a.m.

Speakers:

  • Kevin Doar, Director, Office of Merchant Services, University of Washington
  • David Gundrum, JD, CISA, CISSP, QSA, Senior Security Advisor, CampusGuard

As colleges and universities expand their digital payment experiences, the risks associated with e-skimming attacks continue to rise. Cybercriminals are increasingly targeting higher ed websites with malicious scripts designed to silently capture payment card data, putting students, families, and institutions at significant financial and reputational risk. This session explores the vulnerabilities and tactics attackers use to bypass common security controls, how UW evaluated, implemented, and optimized one solution to secure its payment ecosystem, and recommended incident-response actions when a compromise occurs.

View the agenda

Live Demos

April 8

EDUCAUSE Demo Day | Identity Verification and Fraud Services

9:30 am - 10:30 am CDT

As cyberthreats grow more sophisticated, higher education institutions face increasing risks from fraudulent digital activity across a wide range of applications, including financial aid, vendor onboarding, research grants, and internal systems access. Cybersecurity solutions that detect and prevent fraudulent applications are essential to protecting institutional data, resources, and reputation.

Join us for several live, 45-minute, rapid-fire sessions as our corporate solutions providers showcase their fraud detection technologies. Explore how advanced analytics, identity verification, and behavioral monitoring are being used to identify suspicious activity, prevent breaches, and ensure compliance. Learn how integrating these tools into your broader cybersecurity strategy can safeguard institutional integrity.

Webinars

April 8

TPA Webinar: Beyond the PCI Compliance Checklist: Building Stronger Payment Security

2:00 pm - 3:00 pm CDT

Speakers:

  • Kyle Smith, CISA, CISSP, QSA, Security Advisor
  • Allison Zwaschka, PCIP, Customer Relationship Manager

Meeting PCI DSS requirements is an important first step, but passing an audit doesn’t guarantee your campus payment systems are truly secure. In this webinar, we’ll explore the gaps that often exist beyond the Cardholder Data Environment (CDE), including third-party vendors, rogue scripts, shadow IT, and operational blind spots. Attendees will learn practical strategies to move beyond compliance checklists and build a robust, year-round payment security program that protects students, staff, and institutional data.

Registration will open March 12.