ISSA Los Angeles

You must register and pay to attend: https://www.eventbrite.com/e/defending-large-language-models-securing-chatbots-copilots-and-ai-agents-tickets-1030900068857

### Topic One : Cybersecurity is a Forest Fire and All I Have is a Garden Hose--Practical steps to manage current and emerging threats

If you’ve ever felt like the existing scope of work for your security team is already more than you can handle, come hear why that’s not going to get better anytime soon – and why that’s ok, as we talk about effective approaches to managing risk and liability while you build sustainable work patterns for yourself and your team. We’ll talk about the promise and problem of emerging technologies, and how to help your organization think about tradeoffs (every new capability carries with it a new risk).

Speaker One: Scott Francis

Scott Francis is a Security Innovation Principal Director at Accenture, where he is part of the cloud security leadership team. He has been designing, building, operating, and securing Internet-facing services for organizations of all sizes, in industries around the world, since the 20th century. He is pathologically curious, and his focus at Accenture (and at Amazon before that) includes emerging technology and the fascinating (and unexpected) things that happen where domains overlap.

### Topic Two : The Ultimate Solution to the Authentication Problem

Passwords were introduced over 60 years ago to ensure the security of accounts within controlled computing environments. However, the advent of the Internet has significantly transformed the landscape of account security, as we now must protect our accounts from billions of potential threats globally. The emergence of sophisticated malware further complicates this issue, rendering even the most complex passwords insufficient for ensuring security.

Additionally, the prevalent practice of using email addresses as a component of the authentication process poses a further risk, as these addresses are publicly accessible and effectively expose half of the login credentials. Consequently, the traditional password security model is fundamentally flawed. Attempting to enhance this model with supplementary security measures is akin to attempting to navigate a sinking ship.

Given these challenges, what is next for better authentication?

Speaker Two: Jack Bicer

With over 40 years of experience in the software industry, Bicer has served more than 20 years as a Chief Technology Officer. Throughout his career, he has successfully developed innovative products and managed various dot-coms and cybersecurity companies, establishing himself as a thought leader in the cybersecurity sector. Bicer is an Expert Witness in cybersecurity, authentication, account takeovers, and fraudulent transactions.

His inventions include:

· Multi-Factor Authentication - MFA
· Mobile Push Login/Authentication & Payments (Patent 9756042)
· QR Login/Authentication & Payments (Patent 8677116)
· Mobile Browser 1-Click Login/Authentication (Patent 9015813)
· Automatic Software Updates
· Uninstall

Bicer has been honored with cybersecurity recognition awards from both the U.S. Congress and the California State Assembly. Additionally, he has received two “Most Innovative Cybersecurity Product” awards for his work in authentication.

You must register and pay to attend: https://www.eventbrite.com/e/defending-large-language-models-securing-chatbots-copilots-and-ai-agents-tickets-1113136805149

### Topic One : Unintended Opportunities from Obstacles

Life often presents us with both exciting opportunities and significant challenges. Many of us find ourselves questioning how to approach a tough assignment or navigate conflicts with colleagues. The key to success isn't necessarily found in technology or staying up-to-date with the latest trends. Instead, it's about how we respond to these challenges. This presentation will explore strategies and benefits that can help us overcome obstacles and advance in our careers.

Speaker One: Jimmy Sanders

Jimmy Sanders is President of ISSA International. Formerly, he was Head of Information Security at Netflix DVD. A technology leader, Jimmy has years of leadership experience with companies such as Netflix, Samsung, ISSA International, SAP and others. He is also a Board member of the Information Security Leaders Foundation (ISLF), and a member of the SpireOne. He is a Cyber Security Committee advisor for Merritt College, Ohlone College as well as on advisory boards for other colleges and non-profit movements.

Mr. Sanders holds CISSP, CRISC & CISM certifications.

### Topic Two : Root Zone DNSSEC Trust Anchor Management: Securing the Key Signing Key (KSK)

This talk will discuss the management of the DNSSEC trust anchor for the Internet.

The quarterly KSK ceremonies which generate the cryptographic signatures allowing DNSSEC operations will be presented including:

● Physical and Logical Security Design
● Community involvement
● Audit and Transparency/Chain of Custody
● Hardware Security Modules
● Programmable Ceremony Scripts
● Maintenance and Lifecycles

The presentation will demonstrate how this novel approach to operations and security with an “open source” style of continuous improvement promotes trust perception.

Speaker Two: Aaron Foley

Aaron Foley is a Senior Cryptographic Key Manager for the Internet Corporation of Assigned Names and Numbers (ICANN). His primary responsibility is the management of the Root DNSSEC KSK trust anchor, essential to global DNSSEC implementation. He has served in this role since 2019 and has been employed by ICANN in varying capacities since 2015.

Aaron has 25+ years of Internet related IT/security experience.

You must register and pay to attend: https://www.eventbrite.com/e/the-defenders-advantage-a-guide-to-activating-cyber-defense-tickets-1114434115439

Topic One: The Defender's Advantage: A guide to activating cyber defense

Organizations today face relentless cyberattacks that can compromise their critical assets. The Defender’s Advantage is the concept that organizations have the upper hand in defending against attacks on their own environments. This presentation will guide you through understanding the threat landscape, detecting and investigating malicious activity, testing and validating the effectiveness of controls and operations, hunting for active threats. The talk will go into detail about each of these concepts to help organizations take control and galvanize their defender’s advantage.

### Speaker One: Gursev Singh, Senior Information Security Consultant at Google

Mr Singh is a seasoned cybersecurity professional with over 16 years of experience in the field. He has a strong track record of success, leading and managing cybersecurity projects for major customers.Gursev's expertise is in cloud security (Google, AWS & Azure), SIEM, and data protection. His deep understanding of infrastructure security and cyber threat and vulnerability management further enhances his ability to analyze threats, identify vulnerabilities, and respond to security incidents.

### Topic Two: Defending Large Language Models: Securing Chatbots, Copilots, and AI Agents

This talk will explore the critical and vulnerable points in large language models (LLMs) used in chatbots, AI copilots, and intelligent agents. We’ll begin by understanding the trust boundaries in these systems and then dive into how to defend them against emerging threats. Taking a comprehensive approach, we’ll examine the tools, processes, and best practices that every security professional should adopt.

The session will draw on several real-world case studies to demonstrate the concepts. We will dive into the Responsible AI Software Engineering (RAISE) framework as a way to approach end-to-end security for your LLM system.

This is a must-attend event for anyone preparing to face the evolving challenges of AI security and protect their systems from tomorrow's cutting-edge threats.

### Speaker Two: Steve Wilson

Steve Wilson is a pioneer in Generative AI and cybersecurity, driving advancements in AI-powered cyber defense and securing AI systems. As the Chief Product Officer at Exabeam, Steve spearheaded the launch of a powerful Generative AI copilot for security analysts, significantly enhancing the speed and accuracy of cybersecurity incident investigations.

Steve leads the charge on securing large language models as the founder and project leader of the OWASP Top 10 for Large Language Model Applications, where he guides a global team in developing the industry-standard guide to critical vulnerabilities in AI systems. The Top 10 List has become the go-to reference for developers, architects, and security professionals working to safeguard AI applications.

As the author of The Developer’s Playbook for Large Language Model Security, Steve provides a comprehensive framework for building secure, responsible AI systems. His book has become an essential resource for professionals navigating the complexities of AI and security.

He is an inventor on 11 U.S. and international patents in cybersecurity, networking, and IoT. In 2023, Steve was awarded Cybersecurity Innovation Leader of the Year by Enterprise Security Tech, and his 2024 RSA Conference talk was voted a Top Session.