Joshua Crumbaugh
10:00 am - 10:50 am
People tune out slide decks; they lean into stories, streaks, and social proof. Social Engineering for Good distills decades of behavior science into a 10-control framework that trains instinct, not compliance. Learn why identical-element practice, dual-coding visuals, and variable-reward gamification slash phishing success up to 95%, and see a maturity ladder that lets any CISO measure culture immunity in 90 days.
Joshua Crumbaugh is a renowned ethical hacker, cybersecurity innovator, and host of the "Phishing 4 Answers" podcast. Known for challenging industry norms, Joshua emphasizes human-centric security awareness, using humor and relatable storytelling to simplify complex cybersecurity topics. As CEO of PhishFirewall, he leverages AI-driven simulations to foster engaging, intuitive learning that transforms organizational security culture. Joshua's approach empowers individuals to recognize and respond to threats instinctively, significantly reducing risk.
David I. Schwartz, Ph.D.
11:00 am - 11:50 am
Government agencies typically run tabletop exercises with critical infrastructure stakeholders for disaster scenarios, which benefit from modern gaming technology and design to provide greater appeal and engagement. With the Army Cyber Institute (West Point), an RIT team developed an open-source framework, JACK VOLTAIC™ 4 (JV4), to educate government and industry stakeholders about cybersecurity attacks on critical infrastructure sectors, especially given convergences with physical disasters. JV4 includes a framework to modify provided games or create new ones via digital card game mechanics. The presentation will demonstrate JV4’s framework, card-based gameplay, built-in networking, and cards for attackers, defenders, and physical events.
Professor David I. Schwartz, Ph.D., has worked in the academic field of game design and development since 2001, when he founded the Game Design Initiative at Cornell University. In 2007, Schwartz moved to the Rochester Institute of Technology as a game design and development faculty member who formed the School of Interactive Games and Media (IGM) in 2011. After receiving tenure in 2011, he became IGM's Director in 2015. His current research focuses on cybersecurity gamification, critical infrastructure, geogames, digital twins, and physically-based animation.
Paul Robinson
1:00 pm - 1:50 pm
Studies have indicated that a significant portion of cybersecurity professionals have taken time off due to work-related mental health issues, with 74% globally reporting this, and 26.8% saying their mental health has worsened over the past year. A recent report showed that 66% of cybersecurity professionals experience significant stress at work, and 64% report their mental health affects their productivity. This has also led to addiction issues as well. Mental health is taboo in our society and especially in our industry as we feel like we always have to have it together. This talk is designed to identify potential triggers and how to deal with them in a healthy way.
Paul has been in the cybersecurity space since 2009, consulting organizations on technology and GRC strategies.
During the pandemic, he started to become aware of some deficiencies in the industry that disturbed him. He noticed that a lot of businesses were making their cybersecurity decisions based on industry fads and unmerited FUD. This was troubling to see as with this strategy, organizations were not considering their true business needs and how cybersecurity and risk could help solve them. In 2023 he started his independent consulting firm Tempus Network.
Recently, the issues surrounding mental health in cybersecurity have become of interest to him. A lot of cyber professionals are struggling with balancing the stresses of their jobs with their everyday life. This talk is meant to get the conversation going on about how we can be the healthiest versions of ourselves.
Savannah Alfaro & Zachary Wallace
2:00 pm - 2:50 pm
As AI systems rapidly integrate into applications and workflows, they introduce a new set of risks and reshape existing security challenges. This talk dives into the key threats outlined in the OWASP Top 10 for LLMs, including prompt injection, sensitive data disclosure, and excessive agency. We'll demonstrate these vulnerabilities using real-world scenarios with mock demonstrations and discuss how to test, harden, and responsibly deploy AI solutions. Whether you're involved in red teaming, development, or defense, you'll leave with practical takeaways and a deeper understanding of LLM-specific threats.
Savannah specializes in web application assessments and has a background in ethical hacking, machine learning, and cryptography. She has performed web application security testing for a Fortune 50 company as well as other industries including finance, healthcare, and retail. Savannah holds a Master of Science in Computing Security and a Bachelor of Science in Computer Science.
Zachary specializes in web application security and has a background in penetration testing, mobile application security and AI/LLM security. He has conducted application assessments for clients in various industries including banking, insurance, healthcare, telecommunications, transportation, and many others. Zachary has a Bachelor of Science degree in Cybersecurity with a minor in Digital Forensics.