Joshua Crumbaugh
10:00 am - 10:50 am
People tune out slide decks; they lean into stories, streaks, and social proof. Social Engineering for Good distills decades of behavior science into a 10-control framework that trains instinct, not compliance. Learn why identical-element practice, dual-coding visuals, and variable-reward gamification slash phishing success up to 95%, and see a maturity ladder that lets any CISO measure culture immunity in 90 days.
Joshua Crumbaugh is a renowned ethical hacker, cybersecurity innovator, and host of the "Phishing 4 Answers" podcast. Known for challenging industry norms, Joshua emphasizes human-centric security awareness, using humor and relatable storytelling to simplify complex cybersecurity topics. As CEO of PhishFirewall, he leverages AI-driven simulations to foster engaging, intuitive learning that transforms organizational security culture. Joshua's approach empowers individuals to recognize and respond to threats instinctively, significantly reducing risk.
David I. Schwartz, Ph.D.
11:00 am - 11:50 am
Government agencies typically run tabletop exercises with critical infrastructure stakeholders for disaster scenarios, which benefit from modern gaming technology and design to provide greater appeal and engagement. With the Army Cyber Institute (West Point), an RIT team developed an open-source framework, JACK VOLTAIC™ 4 (JV4), to educate government and industry stakeholders about cybersecurity attacks on critical infrastructure sectors, especially given convergences with physical disasters. JV4 includes a framework to modify provided games or create new ones via digital card game mechanics. The presentation will demonstrate JV4’s framework, card-based gameplay, built-in networking, and cards for attackers, defenders, and physical events.
Professor David I. Schwartz, Ph.D., has worked in the academic field of game design and development since 2001, when he founded the Game Design Initiative at Cornell University. In 2007, Schwartz moved to the Rochester Institute of Technology as a game design and development faculty member who formed the School of Interactive Games and Media (IGM) in 2011. After receiving tenure in 2011, he became IGM's Director in 2015. His current research focuses on cybersecurity gamification, critical infrastructure, geogames, digital twins, and physically-based animation.
Elaine Harrison-Neukirch
1:00 pm - 1:50 pm
Artificial intelligence is powering everything from job screening tools to self-driving cars—but what happens when hackers go after the AI itself? In this fun and accessible talk, we’ll explore MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems), a growing framework designed to help us understand and defend against attacks targeting machine learning and AI systems. This session will guide you through:
Elaine has worked in Information Technology and Cybersecurity for over 15 years. Elaine is an Enterprise Support Engineer for CyberArk. She is also the volunteer VP of Education for Cyber Security Non-Profit (CSNP.org). She was presented with the Cyber Security Educator award by the Women's Society of Cyberjutsu in 2024. Elaine endeavors to educate cyber and non cyber professionals, focusing on issues that affect underrepresented groups. This includes cybersecurity, security awareness, career and wellness education.
Savannah Alfaro & Zachary Wallace
2:00 pm - 2:50 pm
As AI systems rapidly integrate into applications and workflows, they introduce a new set of risks and reshape existing security challenges. This talk dives into the key threats outlined in the OWASP Top 10 for LLMs, including prompt injection, sensitive data disclosure, and excessive agency. We'll demonstrate these vulnerabilities using real-world scenarios with mock demonstrations and discuss how to test, harden, and responsibly deploy AI solutions. Whether you're involved in red teaming, development, or defense, you'll leave with practical takeaways and a deeper understanding of LLM-specific threats.
Savannah specializes in web application assessments and has a background in ethical hacking, machine learning, and cryptography. She has performed web application security testing for a Fortune 50 company as well as other industries including finance, healthcare, and retail. Savannah holds a Master of Science in Computing Security and a Bachelor of Science in Computer Science.
Zachary specializes in web application security and has a background in penetration testing, mobile application security and AI/LLM security. He has conducted application assessments for clients in various industries including banking, insurance, healthcare, telecommunications, transportation, and many others. Zachary has a Bachelor of Science degree in Cybersecurity with a minor in Digital Forensics.