Events

Ohio Higher Education Computing Council (OHECC) 2026

University of Toledo
Toledo, Ohio

Test Your Team Before Attackers Do: Phishing Simulator Live Demo

2:00 pm - 3:00 pm CDT

Phishing is the leading threat facing higher education institutions, and it’s getting worse with the widespread use of AI.

Attackers have moved well beyond spelling errors and suspicious links. With AI now generating emails that achieve click-through rates more than four times higher than traditional lures, even experienced professionals are being fooled.

About this session
In this live demo, we’ll walk you through our Phishing Simulator, a hands-on platform that lets your security team send realistic, controlled phishing campaigns to your own employees. You’ll see exactly how susceptible your organization is, where the weak points are, and how to close the gaps before a real attacker finds them first.

Whether you’re a security manager, IT lead, or business owner trying to understand your risk exposure, this session will give you actionable insights you can take back to your team.

We’ll cover campaign setup, reporting dashboards, targeting by role or department, and how to pair simulations with training to drive measurable behavior change.

Key takeaways:

• See a live phishing campaign built in real time. We’ll construct a realistic simulation end-to-end during the session, so you understand exactly what your employees receive.
• Understand your organization’s true risk exposure and track key metrics to demonstrate training effectiveness to your leadership and board.
• Discover how AI is changing the attack surface. We’ll show you real examples of AI-assisted phishing and explain why traditional defenses are struggling to keep pace.
• Walk away with a repeatable simulation framework, including how to target by role, set campaign frequency, and tie results directly to training outcomes.
• Q&A

Organizations that combine phishing simulations with ongoing, behavior-focused security awareness training reduce their susceptibility by up to 86% within a year, and drop their click rate to 1.5%.

Oakland University Roundtable

12:00 pm - 3:00 pm CDT

We’ll explore strategic and efficient ways to tackle the shared challenges facing higher ed institutions today.

Topics include:

• AI security, acceptable usage, and information security policies, guidelines, and standards
• Emerging technologies for security and compliance
• Identity access management, ghost students, identity fraud, and brute-force attacks
• Managed services to address limited resources and staff bandwidth
• Incident Response and Disaster Recovery Planning
• CMMC compliance
• Combatting phishing
• Governance and policies
• Other topics you would like to discuss

Space is limited to the first 30 registrants. To ensure broad participation, we ask that no more than two to three individuals from each institution attend. Please register by using the form below. We hope to see you there!

Moving from Spreadsheets to Scalable, Strategic Risk Management Programs

11:50 am - 12:10 pm CDT

EDUCAUSE Symposium | Risk Management: Identifying, Understanding, and Mitigating Cybersecurity and Privacy Risks

Moving from Spreadsheets to Scalable, Strategic Risk Management Programs

Most organizations don’t struggle with knowing risks exist—they struggle with organizing, prioritizing, and acting on them consistently. Risks are often tracked in spreadsheets owned by no one and disconnected from controls and compliance requirements.

As institutions face increasingly complex cybersecurity and privacy challenges, effective risk management has become essential to protecting organizational missions, ensuring compliance, and sustaining operational resilience. This session demonstrates how a Governance, Risk, and Compliance (GRC) platform can serve as a powerful tool for building a structured, repeatable, and data-driven risk management program.

Presenters will review how they took their program from endless spreadsheets into practical workflows within a central GRC environment, tracking risk identification, impact, analysis, and mitigation. Participants will also learn how Virginia State University is now able to connect technical cybersecurity risks to broader institutional and strategic goals through automated executive-level dashboards and reporting. Identified risks such as phishing attacks, outdated legacy systems and inventories, third-party vendor oversight, and the use of personal devices are categorized, assigned inherent and residual risk levels, and mapped directly to cybersecurity standard framework controls.

Finally, the session will outline strategies for shifting from reactive, ad-hoc risk management practices to proactive, continuous monitoring.

Speakers:

• Tabitha Rhodes, Director of IT Governance, Risk & Compliance, Virginia State University
• Katie Johnson, Manager, AVP Product and Senior Manager, Operations Support, CampusGuard