Annenberg Beach House Santa Monica

Santa Monica

AppSec SoCal

June 12 2024

AppSec SoCal is the place where software security professionals, developers, and business experts come together to enhance collaboration and build organizations that scale information security alongside agile development. Join us for a dynamic conference that attracts top talent from around the globe and California’s vibrant information security community. Held at the beautiful Annenberg Community Beach House along the Pacific coast, attendees can relax, network, and capture some beach photos. Don’t miss this valuable opportunity to connect and learn!

Attend this Event

Sponsor this Event

Wed, June 12, 2024

Conference: 9:30 AM – 6:20 PM
Happy Hour: 6:20PM – 8:30 PM

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Featured Speakers

Robert Wood

Opening Keynote

Robert Wood

CEO at Sidekick Security

John Studarus

John Studarus

President
Martincoit Networks

Mike Cassar

Mike Cassar

Principal Consultant

James Rabe

James Rabe

Global Technical Program Manager
IriusRisk

Richard Greenberg

Richard Greenberg

Founder and CEO of Security Advisors LLC, ISSA Hall of Fame and Honor Roll

Andrew Zigler

Andrew Zigler

Developer Advocate
Mattermost

James Chillingworth

James Chillingworth

Consultant
The Consultant Prctice

Aaron Guzman

Aaron Guzman

Head of Trust Assurance
Cisco Meraki

Adriana Winkler

Omar Minawi

Senior AppSec Engineer
Cisco Meraki

Ira WInkler

Shelby Pace

Security Engineer
Cisco Meraki

Natalya Krecker

Natalya Krecker

Engineering Leader
Cisco Meraki

Adriana Winkler

Ivan Wallis

Senior Architect, Cloud Native Solutions
Venafi

Sascha Schleumer

Sascha Schleumer

CISO, Los Angeles County
Department of Public Health

Rémi Cattiau

Rémi Cattiau

Chief Information Security Officer
Arize AI

Scott Gicking

Scott Gicking

vCISO
Ravenhill Group

Wayne Burke

Wayne Burke

Vice President & Co-Founder
Cyber2Labs

Shahmeer Amir

Shahmeer Amir

CEO
Younite

Sponsors, Orgs, Exhibitors

June 12 2024

Prev Next

9:30 AM - 10:15 AM

Registration & Networking

10:15 AM - 10:30 AM

Garden Terrace Room

Richard Greenberg

Richard Greenberg

CEO at Layer 8 Masters

Welcome Address

Welcome to the Planet Cyber Sec Conference. Join us in Room Garden Terrace for the Welcome Note to kickstart a day of insightful discussions and networking.

10:35 AM - 11:20 AM

Garden Terrace Room

Robert Wood

Robert Wood

CEO at Sidekick Security

Opening Keynote

Breaking Security Silos

Even in small cybersecurity teams, silos emerge that create dysfunction and friction in collaboration. Silos make it harder for security teams to effectively serve their stakeholders, to add value to their organization's mission. In this talk we'll explore how security teams can break down their silos and drive value in two keys ways, through intentional team alignment and through the data produced and consumed by security teams.

11:25 AM - 12:10 PM

Garden Terrace Room

Mike Cassar

Mike Cassar

Principal Consultant

Talk

Enhancing Security Through Machine Learning and Artificial Intelligence: A Comprehensive Overview

Security remains a paramount concern across various domains in the contemporary landscape of rapidly evolving technology. Traditional security measures often fall short in addressing the sophisticated tactics employed by cybercriminals. In response to these challenges, there has been a surge of interest and investment in leveraging Machine Learning (ML) and Artificial Intelligence (AI) to fortify security frameworks. This paper explores the role of ML and AI in enhancing security measures, including intrusion detection, threat intelligence, anomaly detection, and authentication systems. Through a detailed examination of case studies, methodologies, and future prospects, this paper aims to comprehensively understand the intersection between security and ML/AI technologies.

12:10 PM - 1:20 PM

Lunch - Vendor Expo

1:20 PM - 1:30 PM

Lightning Talk

1:35 PM - 2:20 PM

Garden Terrace Room

Talk

How to Win Friends and Influence Trust: Reducing API AuthZ Risks Through Collaborative Defenses

Cybersecurity risk reduction hinges on more than technical measures—it's about fostering trust and collaboration. This session cuts through the complexities of application security to reveal how effective communication and team dynamics can influence and strengthen security programs. We'll delve into a compelling case study where security and API teams joined forces, conducting comprehensive endpoint audits and crafting essential tools, thereby showcasing the transformative impact of collective action on security initiatives.The talk will address the power of building relationships with the security research community, showcasing how platforms like Bugcrowd can identify vulnerabilities while incentivizing researchers to remain engaged. We'll discuss overcoming manual testing hurdles, API vulnerability patterns, the advantages of SAST and DAST, and the creation of automation frameworks for proactive defense. Participants will emerge from this talk equipped with practical strategies to promote a security-centric organizational mindset and a wealth of insights on how to employ collaborative defenses to effectively mitigate API AuthZ risks to enhance security of their enterprises.

Omar Minawi

Omar Minawi

Senior AppSec Engineer

Cisco Meraki

Shelby Pace

Shelby Pace

Security Engineer

Cisco Meraki

Aaron Guzman

Aaron Guzman

Head of Trust Assurance

Cisco Meraki

Natalya Krecker

Natalya Krecker

Engineering Leader

Cisco Meraki

2:25 PM - 3:10 PM

Garden Terrace Room

CISO-CIO Panel

Cybersecurity Leaders Panel

In the ever-evolving threat landscape, fostering a strong security posture requires not just technical expertise, but effective leadership. This panel discussion brings together prominent security leaders to explore the critical role leadership plays in building a culture of security within an organization.

Richard Greenberg

Richard Greenberg

CEO

Layer 8 Masters

Moderator

Sascha Schleumer

Sascha Schleumer

CISO

Los Angeles County, Dept. of Public Health

Panelist

Rémi Cattiau

Rémi Cattiau

CISO

Arize AI

Panelist

Scott Gicking

Scott Gicking

vCISO

Ravenhill Group

Panelist

3:10 PM - 3:30 PM

Break - Vendor Expo

3:30 PM - 4:15 PM

Garden Terrace Room

James Rabe

James Rabe

Global Technical Program Manager at IriusRisk

Talk

Empower Your Security: A Beginner's Guide to Threat Modeling

This session focuses on teaching basic threat modeling concepts for users with little to no experience within Threat Modeling. It will focus on the 4 Questions framework and provide a physical example with the creation of a live threat model using a free software for threat modeling.

4:20 PM - 5:05 PM

Garden Terrace Room

James Rabe

James Rabe

Global Technical Program Manager at IriusRisk

Talk

Behaviors and Processes for Maximizing Return on Investment within Threat Modeling

This session delves into the critical strategies and methodologies for optimizing Return on Investment (ROI) in threat modeling practices. In today’s ever-evolving cybersecurity landscape, organizations must prioritize efficient resource allocation to effectively mitigate risks and safeguard assets. Through a comprehensive examination of behaviors and processes, this session illuminates key techniques aimed at maximizing ROI within threat modeling endeavors. By understanding the intricacies of threat identification, risk assessment, and mitigation strategies, participants will gain actionable insights into enhancing their security posture while ensuring judicious utilization of resources. From fostering a culture of proactive threat awareness to leveraging automation and advanced analytics, this session provides a roadmap for organizations to navigate the complexities of threat modeling and achieve tangible ROI outcomes.

5:05 PM - 5:25 PM

Break - Vendor Expo

6:20 PM - 8:00 PM

Happy Hour

9:30 AM - 10:15 AM

Registration & Networking

11:25 AM - 12:10 PM

Sand & Sea Room

Dave Grantham

Dave Grantham

CEO, Cryptid

Talk

Authentication, Pseudonymity, and Scalable Distributed Trust

Absolute privacy on the internet is impossible, today. Why? Because nobody with the power to create it, wants it. The primary revenue model for the internet is based on surveillance making most investors aligned against privacy. The worry over privacy being used to shield criminals and fraudsters from regulators and law enforcement makes many politicians and business people aligned against it. Add the fact that current technology simply cannot support absolute privacy and it is easy to understand why most engineers are also aligned against it. However, absolute privacy on the internet is not only possible but the cryptographic techniques for enforcing it creates many new business models with greater market opportunity, reduces global fraud, automates enforcement of regulations and laws, and secures distributed systems better than anything we have ever seen.

12:10 PM - 1:20 PM

Lunch - Vendor Expo

1:20 PM - 1:30 PM

Lightning Talk

IriusRisk

TBA

1:35 PM - 2:20 PM

Sand & Sea Room

Steve Wilson

Steve Wilson

Chief Product Officer, Exabyte

Talk

OWASP Top 10 for Large Language Model

What are the new risks that generative AI brings to your environment? In this cutting-edge session, we uncover the potential hazards that Large Language Models (LLMs) introduce to modern application ecosystems. Drawing on the expertise distilled in the OWASP Top 10 for LLMs, we offer a comprehensive roadmap for mitigating these risks. Attendees will gain insights into securing generative AI applications, recognizing the nuances of LLM vulnerabilities, and deploying defenses. This talk is a call to action for developers and security professionals to foster a culture of secure, responsible AI development. Equip yourself with the knowledge to anticipate threats, apply best practices, and build AI systems that are not only intelligent but also resilient in the face of cybersecurity challenges.

2:25 PM - 3:10 PM

Sand & Sea Room

Wayne Burke

Wayne Burke

Vice President & Co-Founder, Cyber2Labs

Talk

AI Engineering – Technical 101 Hands-on Workshop

This 45-minute workshop is designed to provide a comprehensive introduction to the world of Artificial Intelligence (AI) and Machine Learning (ML) for beginners. Through a combination of theoretical concepts and hands-on exercises, participants will gain a solid understanding of the fundamentals of AI and its practical applications.

The workshop will begin with an overview of AI, its importance, and its various applications across different industries. Participants will then dive into the basics of Machine Learning, exploring the types of ML (supervised, unsupervised, and reinforcement learning) and key concepts such as features, labels, training, and testing.

To put theory into practice, attendees will learn how to set up their development environment, including the installation of Python and essential libraries like NumPy, Pandas, and scikit-learn. They will then engage in a hands-on exercise, building a simple ML model using real-world data.

The workshop will also cover the fundamentals of Deep Learning, including an introduction to Neural Networks and popular Deep Learning frameworks like TensorFlow and PyTorch. Participants will have the opportunity to build a basic neural network model and observe its training and evaluation process.

3:10 PM - 3:30 PM

Break - Vendor Expo

3:30 PM - 4:15 PM

Sand & Sea Room

Ivan Wallis

Ivan Wallis

Senior Architect, Cloud Native Solutions, Veanfi

Talk

Solving ‘secret zero’, why you should care about SPIFFE!

In today’s rapidly evolving digital landscape, security teams face the daunting challenge of protecting complex and dynamic Cloud Native environments. As organisations embrace the power of Kubernetes for their container orchestration needs, ensuring robust machine identity security measures becomes paramount. That’s where the Secure Production Identity Framework for Everyone (SPIFFE) steps in as a game-changer. SPIFFE offers security teams a standardised approach to establish and manage solid identities for workloads in Kubernetes, hybrid cloud infrastructures and data centres. In this talk, Venafi‘s Head of Tech, Mattias, will describe real-world examples of how SPIFFE can be leveraged for modern machine identity. Using SPIFFE, security teams can solve the secret zero problem and take machine identity to a new level.

4:20 PM - 5:05 PM

Sand & Sea Room

Reza Rassool

Reza Rassool

Chair and CEO, Kwaai

Talk

AI – Now it’s Personal

Your personal data is part of a trillion dollar flow of information. Corporations have called this data the “new oil”. It needs to be mined, extracted, piped, refined, processed, and stored securely to avoid spills. Enterprises shoulder great cost, risk, and liability to build large data silos of their customers’ data. They do this in order to build predictive models to target their even larger advertising budgets. The ads solicit you to buy products they think you might need. These predictive models are costly, inaccurate, and out of date. Why don’t vendors simply ask you what you want to buy? With Personal AI it will be possible. Reza Rassool, Chair of Kwaai describes now ubiquitous private digital assistants will usher in an era of demand side pull marketing. Your agent will know your needs better than any vendor’s predictive model. Companies will be able to shed the burden of warehousing their customers’ PII. You will own your own data.

As security professionals, you can prepare for the advent of Personal AI. Start to understand the implications of the transition from B2C to Me2B where the individual becomes the first party. The IEEE P7012 workgroup is standardizing the machine to machine communication between vendors and personal digital agents. Many vendors, who hope to operate in the EU, have already created the ability for customers to repatriate their own data in compliance with GDPR regulations. Even those corporations not focusing on the European market will find it advantageous thin their customer profiles to the bare minimum and trust that the public will know their own needs best.

Get ahead of the curve, join Kwaai, and become part of the movement that will transform the flow of information to make e-commerce more efficient, more secure, and individually empowering.

5:05 PM - 5:25 PM

Break - Vendor Expo

5:25 PM - 6:10 PM

Sand & Sea Room

Stuart McClure

Stuart McClure

CEO of Qwiet AI

Closing Keynote

AppSec in an AI-Powered World

In this bold new age of artificial intelligence, software is evolving at a blistering pace. From AI-generated code to automated devops to ingenious new AI applications, innovation is accelerating. Businesses across every industry stand to gain enormously in productivity and efficiency. However, with such great power comes great risk. As AI accelerates the pace of software innovation, it also increases the prevalence of vulnerabilities and exploits.

Given that application security teams are often under-resourced and equipped with weak technologies… What can they do to manage the inevitable complexity introduced by AI? This interactive talk will lay out the escalating challenges for application security and engineering teams while offering some practical solutions.

6:10 PM - 6:20 PM

Sand & Sea Room

Haral Tsitsivas

Haral Tsitsivas

Chief Information Officer at Layer 8 Masters

Closing Remarks

6:20 PM - 8:00 PM

Happy Hour

9:30 AM - 10:15 AM

Registration & Networking

11:25 AM - 12:10 PM

Club Room
Andrew Zigler

Andrew Zigler

Developer Advocate, Mattermost

Talk

Navigating the Security Complexities of Multi-User AI Environments

The integration of AI into multi-user environments presents unique security challenges and opportunities. This talk delves into the critical importance of maintaining robust security measures as AI becomes increasingly integrated into organizational workflows. We will explore cutting-edge strategies to safeguard data privacy and security in multi-user AI settings, ensuring organizations can leverage AI's full potential without compromising sensitive information.

This presentation will navigate the intricate security terrain of multi-user AI environments, focusing on AI-driven ChatOps as a pivotal example. As organizations increasingly rely on these technologies to enhance decision-making and operational efficiency, there is an imperative to secure these systems against data breaches and misuse. We will dissect the unique security challenges posed by multi-user AI systems, where multiple individuals interact with the same AI context, potentially exposing sensitive information and socially engineering one another. Participants will gain insights into the landscape of multi-user AI and its implications for organizational security, potential vulnerabilities introduced by multi-user interactions with AI systems and how to mitigate these risks, and strategies for maintaining data integrity and privacy in shared AI environments, including encryption, access controls, and anomaly detection mechanisms.

12:10 PM - 1:20 PM

Lunch - Vendor Expo

1:20 PM - 1:30 PM

Lightning Talk

Synopsys

TBA

1:35 PM - 2:20 PM

Club Room

John Studarus

John Studarus

President, Martincoit Networks

Talk

Deploying a Next Gen Web 3 Secure Internet

Web 3 applications, distributed block chains, bring about a whole new set of cyber security issues. The clients and servers are globally distributed, membership is dynamic, require high availability, open in nature and with no central authority. The existing network protocols of today just don't provide the operational and security required for these applications. Luckily, there exist a new set of open source network protocols based upon Path Aware Networking (PAN) that provide strong cryptographic network segmentation, digital signing of data/control packets, and full end-to-end path control preventing DDoS attacks & network hijacking.

We will be walking through our experience architecting and implementing a global Web 3 Internet to support one of the major layer Web 3 chains. This is everything from our selection of the underlay network, router infrastructure, PKI (daily key rotation), netops, IXP peering with the "regular" internet, application support, network address, initial city/IXP selection, garnering user support, and global network segmentation.

We will wrap up with a walk through on the open source software packages available to set up your own PAN network or connect to one of the existing R&D PAN networks available as an Internet overlay.

2:25 PM - 3:10 PM

Club Room

Karl Mehta

Karl Mehta

Chairman, MEHTA Trust

Talk

Investing to Secure our Future

The recent explosion of innovation in AI promises to transform all sectors of our economy and could bring “human empowerment on a scale not seen before”.
But AI is controlled by a few corporations.
Many VCs seeing the underlying fragility caused by increased monopolization are adjusting their funding strategies to promote a wider distribution of investments.
By funding open-source movements, green tech, and nonprofits, we are mounting an altruistic intervention to foster a more stable, secure, and participatory economy.

3:10 PM - 3:30 PM

Break - Vendor Expo

3:30 PM - 4:15 PM

Club Room

James Chillingworth

James Chillingworth

Consultant, The Consultant Practice

Talk

Doubling Down on Cybersecurity

Overlapping or Duplicating resources, technology and procedures can provide Cybersecurity resiliency.

4:20 PM - 5:05 PM

Club Room

Shahmeer Amir

Shahmeer Amir

CEO, Younite

Talk

Breaking Barriers: A Deep Dive into Bypassing Next-Gen 2FA and MFA Security Measures

As businesses and organizations continue to adopt more advanced security measures to protect against cyber attacks, attackers are constantly evolving their techniques to bypass these measures. In this presentation, we will explore the latest techniques for bypassing next-generation 2FA and MFA security measures, allowing attackers to gain access to sensitive information and systems.

We will start by discussing the basics of 2FA and MFA security measures and their weaknesses. We will then dive into advanced techniques that attackers use to bypass these measures, including phishing attacks, social engineering, and Man-in-the-Middle (MitM) attacks. We will demonstrate real-life scenarios where these techniques have been used to bypass 2FA and MFA measures, highlighting the importance of remaining vigilant and implementing additional security measures.

Furthermore, we will explore the role of emerging technologies, such as artificial intelligence and machine learning, in bypassing 2FA and MFA security measures. We will showcase the latest research in this area and discuss the implications for future security measures. In addition, we will cover some of the countermeasures that organizations can implement to better protect themselves against these advanced attacks..

5:05 PM - 5:25 PM

Break - Vendor Expo

6:20 PM - 8:00 PM

Happy Hour

TimeGarden TerraceSand & SeaClub Room
10:15 AM - 10:30 AMWelcome Address - Richard Greenberg  
10:35 AM - 11:20 AMKeynote - Robert Wood: Breaking Security SIlos  
11:25 AM - 12:10 PMMike Cassar: Enhancing Security Through Machine Learning and Artificial Intelligence: A Comprehensive OverviewDave Grantham: Authentication, Pseudonymity, and Scalable Distributed TrustAndrew Zigler: Navigating the Security Complexities of Multi-User AI Environments
12:10 PM - 1:20 PMLunch  
1:20 PM - 1:30 PMSponsor lightning - BugCrowdSponsor lighnting - IriusRiskSponsor lighnting - Synopsys
1:35 PM - 2:20 PMAaron Guzman, Omar Minawi, Shelby Pace, Natalya Krecker: How to Win Friends and Influence Trust: Reducing API AuthZ Risks Through Collaborative DefensesSteve Wilson: OWASP Top 10 for Large Language ModelJohn Studarus: Deploying a Next Gen Web 3 Secure Internet
2:25 PM - 3:10 PMCISO Panel: Cybersecurity Leaders PanelWayne Burke: AI Engineering - Technical 101 Hands-on WorkshopKarl Mehta: Investing to Secure our Future
3:30 PM - 4:15 PMJames Rabe: Empower Your Security: A Beginner's Guide to Threat ModelingIvan Wallis: Solving 'secret zero', why you should care about SPIFFE!James Chillingworth: Doubling Down on Cybersecurity
4:20 PM - 5:05 PMJames Rabe: Behaviors and Processes for Maximizing Return on Investment within Threat ModelingReza Rassool: AI - Now it's PersonalShameer Amir: Breaking Barriers: A Deep Dive into Bypassing Next-Gen 2FA and MFA Security Measures
5:25 PM - 6:10 PM Keynote - Stuart McClure: Appsec in an AI-Powered World
6:10 PM - 6:20 PM Closing Remarks
6:20 PM - 8:00 PM Happy Hour