Attackers continue to evolve their tradecraft to successfully evade EDR preventions and SIEM detections. Defenders are continually trying to build high quality detections and prevention rules, but often times lack the ability to validate that the detections and prevention rules are working. The Adaptive Threat Simulation and Detection Engineering workshop will walk students through the process of creating attack playbooks and campaigns, how to build high quality detections, and how to validate the detections will detect the attacks. Students will have the opportunity to interact with a live lab environment for attack simulation and detection engineering.

Learning Objectives:

• Learn how attackers create their attacks and how to simulate this in a lab environment.
• Learn how to build an attack playbook and campaign to simulate attacker behavior.
• Learn how to build a high quality detection and validate the detection against the playbooks and campaigns.

Join us for this workshop on the NIST Cybersecurity Framework (CSF) 2.0, where we'll not only explore the latest updates but also dive deep into practical application of the CSF within your organization.

In this workshop we’ll use interactive examples that showcase the CSF's flexibility for businesses of all types. We’ll dig into each Function highlighting key Categories and their significance in managing cybersecurity risks. Real-world examples will provide you with actionable insights on integrating the CSF into your operations, enhancing your cybersecurity posture and resilience. Don't miss this opportunity to elevate your cybersecurity strategy with CSF 2.0!

Cloud Security is complex. Users need to deal with compliance issues, configuration concerns and the convergence and management of public, private and hybrid clouds. There’s also issues around access and, identity and privacy questions to address. To add to this, AI/automation has made quick inroads into cloud management and many don’t know how to deal with these new challenges. This summit will examine many of these issues to help you get the best out of your cloud security strategy.

Cloudy with a Chance of Cyberattacks
Primary Speaker:  Etay Maor,  Sr. Director Security Strategy, Cato Networks

Threat actors are exploiting the trust and capabilities we provide to cloud applications. In the past we saw Living off the Land attacks, now it is Living off the Cloud!
The session will cover how malware operators are now moving their entire infrastructure to cloud based services (legit ones). I will demonstrate how APT29 and APT41 perform attacks that utilize legit cloud services and show how attackers exfiltrate data using these services. I will also discuss a three layer approach (strategic, operational, and tactical) to defending against these threats.

LOL? LOC! Attackers are abusing the trust between enterprises and cloud applications to launch Living Off the Cloud Attacks. In this session we will see a live demo of such attacks, explain the infrastructure and explore mitigation strategies.
 

One Cloud, Two Clouds, Ten Clouds… Managing Security in a Multi-Cloud Environment

Primary Speaker:  Eric Peeters, CISA, CCAK, CCSK, ISO 27001 LA – Senior Manager, Weaver; Shelby Mathers, Manager, Cybersecurity Service, Weaver

Whether by strategy or by happenstance, most organizations operate in a multi-cloud environment. Even with careful planning, maintaining an equivalent security posture on premise and in the cloud is an arduous task, made downright daunting if the organization is stumbling into clouds. This session will help security leaders understand the governance and operational challenges at the root of the issue, including vendor management and procurement practices, roles and responsibilities, and cloud-uninformed security practices. Attendees will gain an understanding of organizational changes required to make sure security tools, processes, and practices are included in planning for cloud deployment and migration.

Workload IAM in a Hybrid Multi-Cloud World

Primary Speaker:  Jon-Michael C. Brook, CISSP, CCSK; Co-Presenter:  Andrew McCormick

Enterprise IT organizations are moving faster than ever toward a hybrid multi-cloud world that blurs the boundaries of traditional security tools. The wide range of technologies from on-prem datacenter to kubernetes to cloud PaaS to physical hardware creates a uniquely challenging environment for developers to securely handle the secrets and credentials they need to integrate services in an increasingly complex technology ecosystem.

How can security organizations enforce better control over workload-to-workload authentication and authorization at scale without creating another bottleneck in the development process? We’ll walk through a set of patterns to solve these problems in different environments.

A Proven Approach on Automated Security Architecture Pattern Validation for Cloud and On-Prem

Primary Speaker:  Partha Chakraborty, n/a – Associate Vice President, Head - Security Architecture, Engineering & Innovation, Humana Inc. & Sunil Arora, Associate Director, Security Architecture, Humana Inc.

As organizations adopt more complex systems part of their digital journey, ensuring adoption and adherence to approved security architecture patterns become crucial in hybrid, multi-cloud, data center and micro services environments to reduce drifts and vulnerabilities in the environment. This session will showcase security validation approaches used in a Fortune 50 company to ensure alignment with approved security patterns in a technology and platform agnostic way. Automated architectural pattern validations uncover design flaws early in the system development life cycle reducing risks and improves overall security posture.

This session showcases a proven technical approach used in a Fortune 50 company to do automated architecture pattern validations WITHOUT any commercial tool. Ensuring adherence of security design patterns reduce production drifts and vulnerabilities towards improving the overall security posture.
 

Cloud Security Summit - Securing Cloud-Native DevOps: A Zero Trust Approach

Primary Speaker:  Emma Fang, Senior Manager, Enterprise Security Architect, EPAM Systems

In modern software development, organizations often embrace cloud-native development and multi-cloud to build highly scalable, flexible and resilient applications. These emerging trends also bring along complexity and unique security challenges, leaving the DevOps environment and CI/CD pipelines vulnerable to threats like supply chain attacks and lateral movements. This talk aims to address 'Cloud-Native' security challenges in DevOps, through the lens of Zero Trust Model's key principles. Drawing insights from industry studies and past incidents, the DevOps threat landscape will be discussed. It provides actionable guidance for securing CI/CD pipelines, highlighting key priorities and capabilities to consider in DevOps security.

 Attackers continue to evolve their tradecraft to successfully evade EDR preventions and SIEM detections. Defenders are continually trying to build high quality detections and prevention rules, but often times lack the ability to validate that the detections and prevention rules are working. The Adaptive Threat Simulation and Detection Engineering workshop will walk students through the process of creating attack playbooks and campaigns, how to build high quality detections, and how to validate the detections will detect the attacks. Students will have the opportunity to interact with a live lab environment for attack simulation and detection engineering.

Learning Objectives:

• Learn how attackers create their attacks and how to simulate this in a lab environment.
• Learn how to build an attack playbook and campaign to simulate attacker behavior.
• Learn how to build a high quality detection and validate the detection against the playbooks and campaigns.

CTF-style GenAI security training, focusing on real-world LLM attacks/use-cases, securing public & private AI services. Learn to build custom models for specific security challenges, Pen-testing GenAI apps and implementing guardrails for security & monitoring of enterprise AI services.
Learn the intricacies of GenAI and LLM security through this training program that blends CTF styled practical Pen-test exercises, designed for security professionals. This course provides hands-on experience in addressing real-world LLM threats and constructing defense mechanisms, encompassing threat identification, neutralization, and the deployment of LLM agents to tackle enterprise security challenges. By the end of this training, you will be able to:

- Identify and mitigate GenAI vulnerabilities using adversary simulation, OWASP and MITRE Atlas frameworks, and apply AI security and ethical principles in real-world scenarios.
- Execute and defend against advanced adversarial attacks, including prompt injection and data poisoning, utilizing CTF-style exercises and real-world LLM use-cases.
- Build an LLM firewall, leveraging custom models to protect against adversarial attacks and secure enterprise AI services.
- Develop and deploy enterprise-grade LLM defenses, including custom guardrails for input/output protection and benchmarking models for security.
- Implement RAG to train custom LLM agents and solve specific security challenges, such as compliance automation, cloud policy generation & Security Operations Copilot.
- Establish a comprehensive LLM SecOps process, to secure the GenAI supply chain against adversarial attacks.

Learning Objectives:

• Proficiency in identifying and mitigating GenAI vulnerabilities, applying security and ethical principles to real-world scenarios, and combating advanced adversarial attacks including prompt injection and data poisoning.
• Skills to build and deploy enterprise-grade LLM defenses, including custom guardrails and models for input/output protection, alongside practical experience in securing AI services against adversarial threats.
• The ability to develop custom LLM agents for specific security challenges, such as compliance automation and cloud policy generation, and establish a comprehensive SecOps process to enhance GenAI supply chain security.

CISO Launch Crash Course is a targeted 1-day workshop designed for aspiring CISOs and IT professionals building security programs. This workshop focuses on prioritizing projects, managing budgets, and navigating compliance for those establishing cybersecurity in organizations without formal structures or resources. Part of a more comprehensive program, this Crash Course introduces common starting points, first 100 day tasks, and resources to keep growing.

Learning Objectives:

•  Benefits of a structured cybersecurity program (and frameworks) for IT teams and departments
•  Manageable and high-impact tasks for IT pros who are juggling other responsibilities
•  Creating a sustainable program to align IT budget and priorities to business needs and security objectives

Put your threat modeling skills to the test! Join forces and compete at finding threats and crafting mitigations. In breaker/red team mode, review a diagram and collaborate on the five best threats. When the buzzer sounds, receive a list and unlock your inner builder/blue team, crafting mitigations.

Learn from other threat modeling practitioners and become a threat modeling champion!
1. Threat modeling refresher and rules of the game
2. Familiarization phase (RFQ)
3. Red vs. Blue Contest
4. Wrap up, questions, and award a winner.

Learning Objectives:

• Develop and enhance threat modeling skills by actively participating in a timed, competitive challenge to identify potential security threats within a complex system diagram.
• Collaborate effectively with peers to analyze a scenario, uncover hidden threats, and propose ten viable countermeasures to improve system security.
• Hone strategic thinking and mitigation planning abilities under real-time conditions and receive expert feedback, to gain recognition in threat modeling proficiency.

Given the abundance of data produced in cyber protection from tools, logging, monitoring and similar, it is imperative to use data science and AI/ML techniques to gain meaningful insights from this data. This workshop will first deliver a presentation on core concepts of artificial intelligence, machine learning and data science, with a focus on applications to cybersecurity. Then attendees will be provided with a hands-on opportunity to build and train a machine learning model to address a cybersecurity challenge. Attendees will need to bring their own laptop, but the hands-on coding labs will be delivered via online notebooks.

This workshop will teach core concepts of artificial intelligence and machine learning with a focus on applications to cybersecurity, then provide attendees with a hands-on opportunity to build and train a machine learning model to address a cybersecurity challenge.

Learning Objectives:

• At the end of this session participants will be able to understand core concepts of artificial intelligence and machine learning, and understand how they can be applied to cybersecurity
• At the end of this session participants will be able to build visualizations for cybersecurity data using Python libraries and data science techniques
• At the end of this session participants will be able to develop and train a machine learning model to address a cybersecurity challenge

Privacy, correctly implemented and operationalized, can be a market differentiator in today's business world.
Take a stroll through the sometimes misunderstood world of data privacy: looking at regulations, best practices, and operational challenges organizations face as they strive for compliance and maintaining consumer trust.
LevelUP will provide overviews of the key privacy regulations, discuss the direction we see the regulatory landscape heading, and the operational challenges this presents.
We will walk through lessons learned from implementing and supporting comprehensive privacy programs, how to operationalize aspects of your program, and discuss the somewhat opaque world of cookies and consent management.

In this session we will:
- Discuss key U.S. and EU privacy regulations; where we are, where we seem to be heading.
- Walk through operationalization aspects of a privacy program.
- Dive into cookie compliance and consent management.

Learning Objectives:

• At the end of the session participants will have an understanding of the operational aspects of a holistic privacy program, how they can support or lead these efforts and how structuring and implementing these correctly will help build consumer trust and engagement
• At the end of the session the participants will have an understanding of the current regulatory landscape in the U.S. and EU for Data Privacy, the direction it appears to be heading in, and the challenges this will present to an organization as it strives for compliance
• At the end of the session participants will understand the importance of cookie compliance and an accurate consent management process in the digital user journey

Understand how to request and review SOC reports as part of your vendor risk management program. The course provides an overview of the various SOC report brands and the intended use and purpose of each. The class will also explain the most common factors and considerations for reviewing the report from your vendor and how it can impact vendor acceptance and risk management.This course will be highly interactive, with real-world scenarios, illustrations, and quiz games. In this course, students will:

• Identify the purpose and intended use of each SOC reporting brand and type of report
• Understand who is authorized to use the report and how to become an authorized user
• Understand the components of the auditor’s opinion letter and what the opinion means to vendor risk management
• Understand the components of the report (including complementary user entity controls) and what the opinion means to vendor risk management
• Identify the criteria for choosing the correct report
• Understand the process for requesting the SOC report(s)
• Understanding bridge or gap letters

Learning Objectives:

• At the end of this session, students will understand the components of the report (including complementary user entity controls) and what the opinion means to vendor risk management. This will include an emphasis on what to pay attention to in the report
• At the end of this session, students will understand the process for requesting the SOC report(s)
• At the end of this session, students will be able to identify the purpose and intended use of each SOC reporting brand and type of report, and how to build their SOC report review checklist for third-party risk management

Real-world AI: Promise and Peril

The AI revolution is real and profound, but also riven with hype and speculation. How can cyber professionals slice through the chatter to understand -- and deploy -- AI technology now and in the near-future? How can we keep pace with adversaries who are embracing AI tools at breakneck speed? And how can we guard the security of our own enterprise AI programs? This full-day summit will equip you and your team to act now, by focusing on the most immediate priorities and practical applications. 

Navigating the AI Frontier: The Rise of Shadow AI

As artificial intelligence continues to transform industries, the emergence of Shadow AI—unauthorized or unsanctioned AI applications and systems—presents new challenges and opportunities for organizations. This presentation explores the dual nature of AI's growth, highlighting the benefits of sanctioned AI while shedding light on the risks posed by Shadow AI. Attendees will gain insights into the factors driving the rise of Shadow AI, including the increasing accessibility of AI tools and the pressure to innovate rapidly. We will also discuss strategies for identifying, managing, and mitigating the risks associated with Shadow AI, ensuring that organizations can harness the power of AI responsibly and securely. Join us as we navigate the AI frontier and uncover the hidden forces shaping the future of technology.

Should I Trust the Next Generation of LLMs to Check My Program?

Primary Speaker:  Mark Sherman, PhD – Technical Director, Carnegie Mellon University/Software Engineering Institute

LLMs like ChatGPT, LaLAMA and CoPilot are among the hottest new machine-learning based systems to appear on the Internet. They can both create and analyze computer source code. Early results using these technologies demonstrated shortcomings in practical use. Since their mass introduction, additional research and improvements have been made to their effectiveness for assisting programmers. In this talk, we share what we measured about the improved capabilities of LLMs in recognizing and fixing security problems in computer source code.

Securing Azure Open AI apps in the Enterprise

Primary Speaker:  Karl Ots, CISSP, CCSP – Head of Cloud Security, EPAM Systems

Session Abstract: In this session, we explore the core security controls for securing usage of OpenAI’s services in an enterprise environment. We cover what controls are available, which are missing, what is their effective coverage, and how to implement them.

Walking out of the session, you will be able to identify and implement security controls that make sense for your organization. You will also be able to identify what is missing and how to mitigate those gaps.

Harnessing AI to Detect Sensitive Data Exfiltration: A Comprehensive Guide

Primary Speaker:  Samuel R. Cameron, CISSP CCSP C|EH CASP – Security Architect, Cisco Systems

As data exfiltration becomes a growing concern in today's shifting threat landscape, conventional security measures often struggle to keep pace. This session introduces an innovative approach using Artificial Intelligence (AI) to identify data exfiltration. We'll discuss the architecture, data, and methodology behind the AI solution, providing insight into how AI can learn to identify data exfiltration patterns.

Identity Management is the foundation for security controls in the Enterprise, a mission-critical IT function that is both the lifeblood of your business, and a frustrating and difficult dragon to tame. Your I&AM infrastructure is more complicated, with more moving parts, and more partners across the enterprise, than any other security related service. This interactive session, taught by an experienced I&AM veteran and practitioner, provides an architectural view to resolving identity challenges, and will provide detailed and informative discussions on directory services, identity program management, biometrics, MFA, passwordless, identity audit, federated identity, authorization, provisioning, audit, identity proofing, certification and more.
This immersive workshop will cover all the fundamental building blocks of identity and access management as a service, creating a resilient identity ecosystem, and how to run an effective identity program in your organization. Beginner to intermediate.

Learning Objectives:

• Understand and describe the most important building blocks of identity and access management, including authentication, authorization, access controls, identity, passwords, biometrics, 2FA/MFA, federation and federated identity, single signon, session management, roles, provisioning and deprovisioning
• Understand and describe the structure of a reference identity architecture, and how that is managed in conjunction with the enterprise architecture function of an organization
• Describe the essential aspects of a successful identity and access management program