Agenda | November 6, 2024 | 8:30AM - 1:00PM EDT
Timeline | Session Description |
---|---|
8:30 AM | Kickoff & WelcomeChris Dale, Event Chair, SANS Instructor |
8:45 AM | Session One | Dark Side of Open SourceThere is a dark side to productivity with open source. In modern applications, the majority of code on which an application is built isn’t code written by your team. Modern applications are built on the backs of volunteer communities and open-source software. These volunteers and their software delivery practices all become potential attack vectors. The truth is that most organizations do not factor open-source supply chain attacks into their organization’s threat models today. To spread awareness on supply chain attacks so that organizations can scalably handle them, we propose baking supply chain attacks into existing threat modeling procedures and software development culture so that organizations can champion supply chain management of open source in the places where they are most impactful, at development time. We will present a clear and straightforward classification of attack vectors, based on hundreds of real-world incidents and reviewed by experts in the field. Then, we'll discuss various defenses you can implement to detect and respond to these attacks, tailored to your organization's level of maturity. Darren Meyer, Staff Research Engineer, Endor Labs |
9:15 AM | Session Two | Innovate or Integrate: The IGA DilemmaWhile many organizations are eager to harness the benefits of generative AI for enhancing employee efficiency and improving customer experiences, their security and privacy departments often face challenges in balancing safety with innovation. Companies aim to enable their employees to work more effectively using AI while safeguarding confidential IP, customer data, and avoiding copyright violations. Simultaneously, they seek to deploy AI chatbots to better serve customers without the risk of providing incorrect information, being jailbroken, leaking internal data, or addressing unwanted topics. This session will explore these concerns and demonstrate how WitnessAI can address them effectively. Primary concerns include:
Abel Morales, Principal Security Engineer, WitnessAI |
9:45 AM | Break |
10:00 AM | Session Three | Welcome to the AI Wild West - Proactive Security Strategies for GenAI DeploymentsAs the adoption of Generative AI surges with 65% of organizations already integrating it into at least one business function, the race to harness its potential has never been more intense. However, this rapid deployment brings a new wave of security challenges that many companies are unprepared for. Lasso Security’s advanced AI Firewall and Shadow LLM monitoring are designed with your needs in mind, offering protection for your GenAI applications. Whether you're looking to safeguard sensitive data, maintain compliance, or ensure the resilience of your AI-driven initiatives, our solutions provide the peace of mind you need to confidently deploy and manage GenAI in your organization. This session and live demo will explore: The importance of a GenAI-specific security approach for LLMs
Elad Schulman, CEO and Co-Founder, Lasso Security |
10:30 AM | Session Four | Confronting Cyber Risk as a Connected OrganizationThis session will explore the evolving cyber risk landscape, organizational collaboration to address issues, the roadblocks to progress, and keys to creating a risk-aware culture. The demonstration will cover: - Using a unified risk taxonomy to provide end-to-end visibility and a single language for enterprise risk. - Creating a common controls library to drive efficiency. - How connected control assessment/testing results provide a more complete and accurate view of control effectiveness and residual risk. - How to leverage evidence requests across SOX, IT compliance, and internal audit to reduce burden on the business and save time. - Using shared issues to improve visibility and provide a better understanding of the full impact of issues across various risk domains. - Enabling inventory-level visibility for stakeholders to facilitate a more risk-aware culture. Richard Marcus, CISO, AuditBoard John Duffield, Manager of Product Solutions, AuditBoard |
11:00 AM | Session Five | The New Way to GRC: Leveraging Automation and AIGone are the days of manual audit evidence collection and point-in-time compliance status checks. Join this session to see how you can automatically collect evidence, continuously monitor controls, and showcase your security and compliance achievements in real time. Gain best practices to meet your compliance needs fast and effectively, and see real-world examples for frameworks like SOC 2, HIPAA, ISO 27001, and more. Lauren Wade, Senior Manager, Product Marketing, Vanta |
11:30 AM | Break |
11:45 AM | Session Six | Validity Details Coming Soon!Session Details Coming Soon! |
12:15 PM | Session Seven | Sponsor in Stealth Mode! Announcement Coming Soon!Session Details Coming Soon! |
12:45PM | Session Eight | MirrorTab Details Coming Soon!Session Details Coming Soon! |
1:15 PM | Closing RemarksChris Dale, Event Chair, SANS Instructor |