Room 103 in Benton Hall was packed for the 10th annual STL CyberCon. In his presentation, Mastercard’s Dennis Pellegrini talked about the different types of approaches hackers take across the globe. (Photos by Derik Holtmann)
The cybersecurity program at the University of Missouri–St. Louis has earned its reputation of excellence and innovation, not just in the St. Louis region but also nationally, in part because of events like STL CyberCon, which was held in Benton Hall last Friday.
The annual conference – held for the 10th time, including a couple years online during the COVID-19 pandemic – brings together researchers, visiting academics and experts working in the field for a half-day immersion in the ever-expanding world of cybersecurity.
The event, which kicked off with a welcome from UMSL Chancellor Kristin Sobolik, was free to students and anyone in the community who wanted to attend, thanks to sponsorship of companies such as Inzo Technologies and CrowdStrike. There was also a career expo for students, with representatives from CrowdStrike, Hussmann and Norton Digital Consulting on hand, along with UMSL’s graduate programs. UMSL’s in-person master’s of cybersecurity program, which offers students the option to focus on either the technical side (computer science emphasis) or the management side (information systems and technology emphasis), was recently ranked No. 3 in the country by Fortune Media.
“St. Louis has a lot of universities, and I would say out of all of them – I sit on a couple of advisory boards – the cybersecurity program here is very good,” said Zach Lewis, the chief information security officer for the University of Health Sciences and Pharmacy in St. Louis. “I like all the artificial intelligence focus and the courses being offered on AI. I think that’s going to be the next wave you’re going to see, so the fact that UMSL is getting ahead of it is really cool.”
Zach Lewis went through the timeline of LockBit’s ransomware attack on the University of Health Sciences and Pharmacy in St. Louis, where he’s the chief information security officer.
Lewis, who is on UMSL’s cybersecurity advisory board, took the attendees in the packed room through an actual ransomware attack by LockBit that he helped shepherd UHSP through in 2023. In his honest, informational and entertaining presentation, Lewis told the crowd some of the reasons his university was vulnerable to the attack, a complete timeline of events from April to June, his interactions with the hackers – including screenshots of the actual notes from LockBit – and the steps taken to deal with the threat.
When his team found the ransomware note in their servers – the group wanted $1.2 million not to release the data it claimed to have stolen – Lewis said he made three phone calls. The first was to the university’s cyber insurance providers, asking for help. The second was to the Cybersecurity and Infrastructure Security Agency, letting them know there had been an attack.
“The third call was to my wife,” he said, “letting her know, ‘Hey, we had a ransomware attack, and I’m going to be a little late tonight.”
That brought a big laugh from the audience. Lewis wrapped up his presentation talking about the lessons learned from the experience, and more importantly with a room full of future cybersecurity experts, several suggestions on tools for prevention and dealing with similar attacks.
“The biggest reason I like to give this presentation is to share the story, because no one does,” Lewis told UMSL Daily. “It’s sort of a mark of shame to get attacked, an embarrassment. But if we can’t tell everyone what happened to us, they can’t protect themselves from attacks they may have been able to prevent.”
The presentation was well-received by the audience and the event’s organizers from UMSL’s Department of Computer Science – Abde Mtibaa, Cezary Janikow and Lav Gupta – and the Department of Information Systems and Technology – Dinesh Mirchandani and Vijay Anand.
“For us to bring in a speaker who understands how the real world is approaching these attacks is very important,” said Anand, associate professor and director of cybersecurity programs for the Department of Information Systems and Technology. “It’s not just knowing the theory, but hearing from a practitioner what might happen, what you should do, the plan to build around preventing that. The LockBit example is important. Ransomware has been around so much, in so many places.”
A career expo was also part of this year’s STL CyberCon.
Lewis was the third speaker of the event, following Dennis Pellegrini, the vice president and localization strategy lead of Microsoft’s Data and Services – and current UMSL DBA student. He talked about the different types of tactics and targets that hackers have in different parts of the world, and the strategies and challenges cybersecurity professionals use to combat those attacks.
The opening keynote talk was from Ning Zhang, an associate professor in the Computer Science and Engineering department at Washington University in St. Louis.
“He shared what’s going on right now in the intersection of cybersecurity and AI in general, talked about cybersecurity with Trusted Execution Environment and how these are challenging,” said Mtibaa, assistant professor of computer science and cybersecurity program director. “He went into the AI aspect of it, how language models and AI are actually used for generating more threats, but also on the security side as well.”
Other speakers included UMSL alum Tam Nguyen, a federal cloud security expert for GSA.gov, on the challenges and solutions for cloud computing; Jennifer Smith and Nick Akers from Inzo Technologies, on carving out a potential career path in the industry, particularly with a managed service provider such as Inzo; Titus Daniel, a cybersecurity analyst at CrowdStrike, on threat hunters; and Rehman Khan, the chief security architect at Netskope, on the Zero Trust approach to protecting data.
“Cybersecurity is a very vast subject, and we didn’t want to have the conference focus on just a very narrow topic,” Mtibaa said. “This is for our students to get exposed to different topics in cybersecurity, maybe to see if they connect with one particular topic and want to investigate it more, and then we can connect them with other people, too.”
The panel of UMSL graduates working in cybersecurity included, from left: Yvonne Dickinson, Tony Born, Courtney Smith, Chris Suhre and Jarad Perry. Vijay Anand (far right) was the panel moderator. (Photo by Ryan Fagan)
The event also included a panel moderated by Anand featuring five graduates of UMSL’s cybersecurity program – Tony Born, Yvonne Dickinson, Courtney Smith, Chris Suhre and Jarad Perry – discussing not only their backgrounds and experience in the program, but what they’re doing now and how their UMSL education prepared them to thrive after graduation.
“We want to be the leader in cybersecurity in this city and in this state, so this conference is important for us to have,” said Anand. “Our programs, since they are NSA-designated programs, having such events and presentations matters for us, especially in this region. It helps our students get to know things that are happening and helps them in their careers, as well as their research.”
