Full Agenda
| Time | Description |
|---|---|
10am | Intro by Rob Lee |
10:10am – 10:40am | Real Threat Hunting with AI and ML David Hoelzer Forget the hype - what can you do today to leverage AI and ML to find real threats in an enterprise? Listen and follow along as David Hoelzer, chief of operations for a managed security provider and SANS fellow walks you through ways his team is leveraging AI to solve real cybersecurity problems. We’re not talking about policy generation or retrieval augmented generation; this talk and demonstration is hunting and finding real attackers in novel ways at AI makes possible! |
10:40am – 11:10am | The responsible use of generative AI in academic information security research Johannes Ullrich Artificial Intelligence (AI) and Machine Learning (ML) methods have become a hot topic in information security research. More and more researchers are expanding the use of these methods and using them to conduct their research. In doing so, researchers need to consider these methods’ ethical and technical pitfalls carefully. Researchers must select methods that describe the problem well, find adequate training data, or choose from existing trained models carefully. In this presentation, we will use some simple examples that are approachable to non-ML experts to illustrate these dangers. You will better understand how to recognize and avoid some of these issues as you approach ML or evaluate existing ML solutions. |
11:10am – 11:40am | Your Journey to the New GenAI-DFIR Era Starts Today Jess Garcia How exactly will Generative AI (GenAI) change the way Forensicators & Hunters work today? In this talk Jess Garcia will answer that question by presenting everything you need to know to integrate GenAI in your everyday DFIR tasks and get ready for this new era. Jess will cover the most important concepts, tools & resources you need to know related to GenAI for DFIR, will describe how to apply them to everyday DFIR tasks and will elaborate on AI-Agents (orchestrators capable of coordinating data sources, LLMs and Tools), the most promising technology today to address many of the complex analysis tasks that Forensicators perform today. Jess will practically demonstrate how an AI-Agent DFIR Co-Pilot can be easily used to process and analyze forensic artifacts, and how AI-Agents can autonomously solve many of the most challenging tasks that we face in our investigations today. |
11:40am – 12:00pm | Break |
12:00pm – 12:30pm | Meet Concierge Mick Douglas You and your data deserve an AI that's unique to you. Attendees of this session will learn about how Concierge will help dramatically lower the bar to getting started with a local AI where they have full control. Data Concierge AI (aka Concierge) is a framework that provides some compelling features. - Answers based on your data, and your data alone - All answers include clickable links to the file and page used to answer your question - System prompts are modular and allow different tasks via intuitive web ui - Default model has a 128K token limit. (vs 4k with GPT 3.5) - 100% offline RAG - Exceptionally hallucination resistant - GPU is optional - Built with 100% OSS components. - Quick install method requires just 7 questions! |
12:30pm – 1:00pm | Go-Go Gadget Cyber: Extending LLMs Seth Misenar In this talk, SANS Faculty Fellow and course author, Seth Misenar will explore potential security implications of extending LLMs beyond their initial self--supervised pre-training. Moving beyond a model’s innate limits can prove advantageous, but some approaches can also materially change the attendant risk profile. Surveying security implications of various extension strategies such as In-Context Learning, (ICL) Retrieval Augmented Generation (RAG), LLM Ensembling, Agentic LLMs, or Fine-Tuning can allow organizations to better navigate the security landscape of extending LLMs. |
1:00pm – 1:30pm | Expertise isn't all you need - Building an AI Red Team Jorge Orchilles & Tim Schulz Budgets, buy-in, and business - starting up an AI red team requires more than domain specific expertise. Building internal support from senior executives, justifying additional resources, and outlining governance and metrics of success are all crucial components of laying a strong foundation for this dynamic domain. Getting to the point of executing novel attacks on machine learning systems often requires laying out this unappreciated but crucial groundwork. Adding to the complexity is partnering across business units with established Responsible AI teams, Data Scientists, and Machine Learning engineers. This talk will take attendees through the start of building an AI red team, including shoring organizational support, highlighting milestones for early success, and strategies for laying a solid foundation for internal AI system test and evaluation. Audiences can expect to walk away with resources, strategies, tips, and quick wins related to starting a new AI red team capability. |
