RSS:2023 Track 1 (Day 1) :: Rochester Security Summit

RSS:2023 Track 1 (Day 1)

Defending Beyond Defense

Dr. Catherine J. Ullman
October 25, 2023 10:00 am - 10:50 am

Assumptions burn defenders every day. Perhaps the most pernicious one is that systems and their controls will always work as designed. The best way to dismantle these types of assumptions is to experience how deeply flawed they are. By immersing yourself in the offensive security world you can obtain this knowledge without needing to change careers or obtain additional certifications. By being more informed about offensive security, defenders are better able to recognize relevant intel, understand existing threats, and more readily discover attacker behavior. You’ll learn there's more to defending than just defense, and how to find and engage with the amazing resources that are waiting to be explored.

Hacking and Defending XIoT

Gabe Siftar and Zachary Lehmann
October 25, 2023 11:00 am - 11:50 am

A hardware hacker and a defensive security expert will delve into the complex landscape of XIoT, exploring both threats and defensive approaches. Drawing from real-world experience in enterprise, healthcare, manufacturing, and others, the talk will feature a technical example of an actual test that led to the discovery of high-severity product vulnerabilities. Approaches employed by top companies to protect their devices will be explained along with examples of how vulnerabilities are leveraged during red team engagements. Several monitoring tools will be introduced, and the presenter will share real impressions of their performance, strengths, and weaknesses observed during product evaluations and during purple team tests.

Unlocking Generative AI: Balancing Innovation with Security

Jason Ross
October 25, 2023 1:00 pm - 1:50 pm

"Unlocking Generative AI: Balancing Innovation with Security" will guide you through the complex terrain of generative AI in corporate settings. Starting with a brief introduction of generative AI, the talk highlights its corporate uses and potential security pitfalls. Explore diverse security threats including data poisoning, supply chain issues, model theft & inversion, and adversarial attacks. Delve into their implications, especially those relevant to large enterprises, such as protection of sensitive data and unauthorized access to AI models. The talk also offers robust mitigation strategies centered on data, model, training, and operational security. Join us as we navigate the promising yet challenging world of generative AI security.

The Essentials of Enterprise Key Management (EKM)

Mark Warner
October 25, 2023 2:00 pm - 2:50 pm

All organizations, big and small, need to employ best practices when managing key lifecycles. In this presentation, we will discuss the challenges of protecting corporate information assets regardless of where data is located (public, private of hybrid cloud), and introduce the concept of separation of duty in order to secure information. We will define factors impacting key security, lifecycle and rotation requirements, and discuss quantum-resistant cryptography in key security for future post-quantum key management practices, all within National Institute of Standards and Technology (NIST) and Federal Information Processing Standards (FIPS) guidelines.