BSidesSF 2024: Full Schedule

9:00am PDT

Breakfast

Breakfast and lunch are served in the Embarcadero. Drip
coffee and water are available all day throughout the
Participant Hall.

Saturday May 4, 2024 9:00am - 10:00am PDT
Participation Hall

Food & Drink

9:00am PDT

Coffee

Three barista stations are located within the Participant
Hall. Stop by for an espresso drink of your choosing!

Sponsors

Webflow

Espresso and Coffee

Saturday May 4, 2024 9:00am - 4:00pm PDT
Participation Hall

Food & Drink

9:00am PDT

Cyversity

The mission of Cyversity is to achieve the consistent representation of women, underrepresented communities, and all veterans in the cybersecurity industry through programs designed to diversify, educate, and empower. Cyversity tackles the ‘great cyber divide’ with scholarship opportunities, diverse workforce development, innovative outreach, and mentoring programs. Stop by the Cyversity booth to learn more about the organization and how you can get involved.

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Electronic Frontier Foundation (EFF)

EFF is the leading organization defending civil liberties in
the digital world. We defend free speech on the internet, fight
illegal surveillance, support freedom-enhancing technologies,
promote the rights of digital innovators, and work to ensure
that the rights and freedoms we enjoy are enhanced, rather than
eroded, as our use of technology grows. EFF's booth will be a
place for attendees to come and chat with EFF staff about the
latest in digital rights.

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Pacific Hackers Association

Pacific Hackers Association is a 501(c)(3) non-profit organization that aims to fix the cybersecurity industry's main issues, diversity, education, and recruitment, while elevating the next generation of hackers. We provide cyber-mentors, training, conference access, and workshops, etc.

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Secure Diversity

Stop by the shared Secure Diversity/Day of Shecurity booth for information on diversity in cybersecurity. We’ll share ways to get involved and have experienced practitioners available for conversations. If you’re looking to get involved with a conference, volunteer with a diversity-focused cybersecurity nonprofit, and expand your professional network, we're excited to meet you.

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Women in CyberSecurity (WiCyS)

WiCyS helps build a strong cybersecurity workforce with gender
equality by facilitating recruitment, retention, and advancement
for women in the field. To learn more about WiCyS initiatives
and programs, swing by the WiCyS booth.

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Headshots

Free headshots, first come first serve.

Saturday May 4, 2024 9:00am - 5:00pm PDT
AMC Lobby

General

9:00am PDT

Adversary Village

Adversary Village is a community initiative which primarily focuses on adversary simulation, purple teaming, and adversary tradecraft. The village covers adversary emulation, threat/APT/ransomware emulation, breach and adversarial attack simulation, supply chain security, adversary tactics, research on nation-state sponsored threat-actors, adversary threat intelligence, adversarial mindset, adversary philosophy and hacker survival skills. The goal of Adversary Village is to build an open security community for the researchers and organizations who are putting together new means, methodologies towards adversarial attack simulation and offensive tradecraft. The village will feature an adversary simulator and purple teaming hands-on booth, a Choose your own Adversary Adventure game, an Adversary Wars CTF, and hands-on talks and workshops.

Village Area Schedule
Choose-your-own-Adversary-Adventure Tabletop Game
Adversary Village area | May 4-5, 2024 [Saturday-Sunday] | 09:00 to 17:00

Adversary Simulator and Purple Teaming hands-on booth
Adversary Village area | May 4-5, 2024 [Saturday-Sunday] | 09:00 to 17:00

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

API Security Village

Join the API Security Village at BSides SF to explore the forefront of API security. Dive into challenges, solutions, and best practices through interactive talks and workshops. Whether you're a developer or a security pro, this is your hub for mastering API defenses in the digital age. Elevate your security game with us!

Brought to you by: Traceable AI

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Bug Bounty Village

Bug Bounty Village is a dedicated space offering extensive hands-on workshops for all things bug bounty-related! Join us at the Bug Bounty Village for the second year in a row for two days of full workshops, live hacking sessions, and CTFs!
Brought to you by NahamSec

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Capture the Flag

Come play our awesome CTF! Everyone is welcome to participate as the competition features a range of challenges at all difficulty levels. In case you find yourself in need of assistance, we have folks onsite who can provide hints and guidance. All that is needed to participate is a laptop.

The server is available all weekend long, and anyone is welcome to play. Server information is at https://bsidessf.org/ctf

At least one player must be onsite to claim any prizes won.

Sponsors

Google

Leading,CTF

Saturday May 4, 2024 9:00am - 5:00pm PDT
Twin Peaks

Village, CTF

9:00am PDT

Career Village

Career Village is aimed at helping attendees navigate a career in cybersecurity and connect with hiring managers.

At the village, you will have the opportunity to learn about professional branding, resume building, interview best practices, and meet security hiring managers looking to grow their teams.

The Career Village will have recruiting and security experts who have helped people ranging from professionals new to security to security executives continue their career journey."
At the village, you will have the opportunity to learn about professional branding, resume building, interview best practices, and meet security hiring managers looking to grow their teams.

The Career Village will have recruitment and security experts who have helped people ranging from professionals new to security to security executives continue their career journey.

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Cloud Village

As more of the world onboards itself to cloud infrastructures, staying at par with new offensive/defensive research and techniques becomes a mandatory skillset. Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Crypto & Privacy Village

Launched in 2014, Crypto & Privacy Village (CPV) is a community-run village centred on privacy and cryptography. The CPV features workshops, puzzles, chill space for relaxing with friends or doing challenges. Come talk to us about privacy programs, crypto backdoor laws, modern encryption!

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Embedded Systems Village

Embedded Systems Village advances the security of embedded systems by hosting hands-on hacking workshops, showcasing new security research demos, and organizing exciting hacking contests to educate attendees and manufacturers on the approach hackers use to attack these devices.

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Hardware Challenge Village

Hardware Challenge Village is an interactive experience for all your electronic tinkering, programming, and competitive CTF challenge using a specially designed village badge for HCV. Join us in tinkering with electronics hardware and playing the badge CTF contest!

Brought to you by BuddoBot & Hackerwares

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Lockpick Village

Lockpick Extreme and TOOOL SF are back once again hosting Lockpick Village. Learn to lockpick from the TOOOL SF volunteers or practice what you already know with their assortment of locks and picks. When you’re done, you can shop the Lockpick Extreme pop-up shop and take your new hobby home with you.

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Personal Security Village

Get familiar with how adversaries behind personal security threats attack others.
Are your passwords in plaintext lying around the internet? Could someone dox you? Partner with a friend to find out - and then learn how to protect yourself.
Don't miss tabletop exercises, deep dives into cutting-edge personal security tools, security advice for scenarios such as protests, and more.
Brought to you by Tall Poppy

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

AI Village

AI Village is a community of hackers and data scientists working to educate the world on the use and abuse of artificial intelligence in security and privacy. We aim to bring more diverse viewpoints to this field and grow the community of hackers, engineers, researchers, and policy makers working on making the AI we use and create safer. We believe that there needs to be more people with a hacker mindset assessing and analyzing machine learning systems. For the BSidesSF agenda, visit http://aivillage.org/bsides.

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Saturday May 4, 2024 9:00am - 5:00pm PDT
AMC Theatre 11

Village AI

9:00am PDT

Bar and Chill Out

Take a break from the day’s events with a stop at the Bar and Chill Out Space. Two complimentary drink tickets were provided to you at registration. We already paid for them, so please use them!

Sponsors

Optiv

Daytime Bar & Chill-Out Space

Saturday May 4, 2024 9:00am - 5:30pm PDT
Participation Hall

Food & Drink, Bar

9:00am PDT

Lounge

Enjoy the SF skyline from the Lounge. Located on the patio next to the tent, the Lounge includes comfortable places to rest and relax, as well as lawn games to play.

Sponsors

Vanta

Lounge, Espresso and Coffee

Saturday May 4, 2024 9:00am - 5:30pm PDT
City View Terrace

General

9:00am PDT

Registration

Saturday May 4, 2024 9:00am - 5:30pm PDT
Mezzanine (AMC)

General

9:00am PDT

Info Desk

Have a question or comment about the event that you’d
like to share? Drop by the Info Desk and chat with
members of the BSidesSF staff and volunteer teams.

Saturday May 4, 2024 9:00am - 6:30pm PDT
Lobby

General

9:00am PDT

Prayer & Mother's Room

Need a quiet place for meditation or mothering duties? Ask at the Info Desk, and we can guide you to a private location.

Saturday May 4, 2024 9:00am - 6:30pm PDT
Lobby

General

9:00am PDT

Coat Check

Secure storage for your personal belongings is available
for all participants. Please remember to pick up your
items before the end of the event!

Sponsors

Aruba HPE

Coat Check

Saturday May 4, 2024 9:00am - 10:00pm PDT
Coat Check

General

10:00am PDT

🎬 Opening Remarks

Opening Remarks from Reed Loden, Lead Organizer of BSidesSF

Speakers

Reed Loden

Reed Loden is an information security expert, researcher, hacker, and developer. With over 15+ years of security experience, he focuses on protecting the products and services of various organizations.Reed has worked to secure companies including Teleport, HackerOne, Lookout Mobile... Read More →

Saturday May 4, 2024 10:00am - 10:10am PDT
AMC Theatre 13

Remarks Presentation

10:10am PDT

🎬 Navigating the AI Frontier: Investing in AI in the Evolving Cyber Landscape

In her keynote, Chenxi explores the intricacies of the CybersecurityxAI landscape from an investors’ lens, highlighting prime opportunities for automation, ethical considerations, and risks in this rapidly-evolving market. She will dive into real-world adoption of AI across security domains, the importance of responsible AI deployment, risk management strategies & tips on innovation in this space.

Speakers

Chenxi Wang

Founder and General Partner, Rain Capital

Dr. Chenxi Wang is the Founder and General Partner of Rain Capital, a Silicon Valley-based venture fund. A well-known investor, technologist, and thought leader in the Cybersecurity industry, Dr. Wang is the founder of the Forte Group, an advocacy non-profit for women in tech, and... Read More →

Saturday May 4, 2024 10:10am - 10:55am PDT
AMC Theatre 13

Keynote Presentation AI

11:00am PDT

Adversary Village

The Emperor Has No Clothes: Unveiling the Inefficacies of Webmail Attachment Scanners

Speakers

Vivek Ramachandran

Saturday May 4, 2024 11:00am - 12:00pm PDT
Village Workshops Stage, Embarcadero

Village Talk

11:00am PDT

T-Shirt Sales

Pick up pre-purchased event t-shirts and purchase t-shirts for the current and previous years. Please note, we have limited t-shirt quantities.
Proceeds benefit three charities. You select 1 of the 3 charities we've selected by voting, and we donate to all of the charities based on the vote percentages.

Sponsors

EFF

Charity

Gardens of Golden Gate Park

Charity

Techbridge Girls

Charity

Saturday May 4, 2024 11:00am - 9:00pm PDT
Coat Check

General

11:15am PDT

🎬 Hook, Line, and Tinker: A Dive into Phishing Campaign Sites

Explore phishing cases with an AppSec engineer and discover how active reconnaissance can help disrupt attackers and identify gaps in your security controls. Learn our triage process and gain insight into countering persistent phishing campaign TTPs.

Speakers

Rick Ramgattie

Gemini Trust Company

Rick is an AppSec engineer at Gemini Trust Company that focuses on securing Web technologies. He enjoys manual source code review and building tools to enable offensive and defensive efforts. For more about Rick checkout ramgattie.com

Saturday May 4, 2024 11:15am - 11:45am PDT
AMC Theatre 15

Detection & Response Presentation

11:15am PDT

🎬 Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact

Exploring bug bounty hunting’s evolution, this talk advocates for deeper, strategic hunts that uncover chainable vulnerabilities. Drawing from Meta’s program, we share insights on rewarding in-depth findings and daisy-chains, aiming to inspire a collaborative, impactful shift in the ecosystem.

Speakers

Jayson Grace

Purple Team Lead, Meta

Jayson is the founder and technical co-lead for Meta’s Purple Team. Previously he built and led the Corporate Red Team at Sandia National Laboratories. He’s spent time as a red teamer, pentester, tool developer, system administrator, and DevOps engineer. Jayson is passionate about... Read More →

Farah Hawa

11:15am PDT

🎬 Skynet the CTI Intern: Building Effective Machine Augmented Intelligence

The presentation emphasizes integrating LLMs into CTI as enhancements for analysts, showcasing efficiency gains with real-world examples. It underscores LLM limitations, advocating a collaborative, symbiotic relationship between human analysts and LLMs for proactive cybersecurity defense.

Speakers

Scott J Roberts

Interpres Security

Scott J Roberts is a security leader, analyst, software developer, and author. He is Head of Threat Research for Interpres Security and has led security teams and project in the defense industrial base, GitHub, Apple, Splunk, and most recently Argo AI. He is also a masters student... Read More →

Saturday May 4, 2024 11:15am - 11:45am PDT
AMC Theatre 14

Security @ Scale Presentation AI

11:15am PDT

🎬 Protecting data vs systems: practicality, performance, and problems solved

Is it possible to protect data directly and not just the systems in which it is stored? Encryption covers a range of options. What should you encrypt & how? What are the trade-offs? Can we get record-level protection without unreasonable overhead? This talk will discuss all of these things & more!

Speakers

Dan Draper

CipherStash

Dan is the CEO and founder of CipherStash, a Sydney based data security startup building a searchable encrypted data storage platform for sensitive data. Dan is an experienced cryptography engineer and former CTO have led engineering teams both in Australia and the US for the past... Read More →

Saturday May 4, 2024 11:15am - 11:45am PDT
AMC Theatre 12

Usable Privacy & Security Presentation

12:00pm PDT

🎬 Getting over the finish line: Loom Security Journey.

Ever wonder what security functions are built within a rapidly growing startup and what matters during a merger and acquisition? Listen to me talk about being the first security engineer and what we build at Loom to facilitate a smooth acquisition with Atlassian.

Speakers

Narayan Gowraj

Security Engineer, Loom

I lead Security at Loom. As a Security Practitioner, Narayan brings a unique blend of leadership and hands-on expertise to ensure comprehensive security measures are followed within organisations. With a strong background in Software Security, Narayan has led teams in developing... Read More →

Nishant Jain

Loom

I lead the Application Security and Bug Bounty program at Loom (now part of Atlassian). My day-to-day work involves writing secure code guidelines, SAST, code reviews, and triaging and maintaining our bug inventory. Before Loom, I worked with security teams at MakeMyTrip & Tinder... Read More →

Saturday May 4, 2024 12:00pm - 12:30pm PDT
AMC Theatre 12

Privacy & Governance Presentation

12:00pm PDT

🎬 The Secret Life of Secrets

Some API keys have fixed prefixes. Some use cryptography. Some auto-expire, and some require you bring your own key to the table. What's best? What's the most secure? Be prepared for fact driven answers, not just wishy-washy pro's and con's lists. Designing an API? Learn how to design the keys!

Speakers

Dylan Ayrey

Truffle Security

Dylan Ayrey is the co-founder and CEO of Truffle Security, an open source security company. Prior to Truffle Security, he worked as an application security professional at Salesforce and Netflix. Ayrey is also known for developing TruffleHog, a tool designed to identify exposed credentials... Read More →

Hon Kwok

Truffle Security

Hon is an engineer exploring the intersections of software, security, and user experience. She is currently a Senior Product Engineer at Truffle Security building out people-first security experiences. Prior to Truffle, Hon was a Senior Security Engineer at Cruise, a Software Engineer... Read More →

Saturday May 4, 2024 12:00pm - 12:30pm PDT
AMC Theatre 13

Protective & Corrective Security Controls Presentation

12:00pm PDT

🎬 Security Considerations for Services Using AI Models

This presentation explores crucial security considerations for services leveraging AI models, focusing on AI Software Bill of Materials (SBOMs), AI supply chain attacks, input manipulation attacks, and data poisoning attacks.

Speakers

Shrey Bagga

Cisco Systems Inc

Shrey is a Product Security Engineer working at Cisco Systems. He works on securing products and applications running on-premises and cloud environment. He specializes in Secure Software Development Life Cycle (SDLC) with focus on threat modeling, vulnerability management, security... Read More →

Saturday May 4, 2024 12:00pm - 12:30pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation AI

12:00pm PDT

🎬 Heard you liked access, so we built Access to manage your access for Access

In this talk we’ll discuss Discord's path to creating Access, our open-source portal for secure, transparent access management. Highlights include individual and role level permissions, time-bounded access, self-serve access requests, group and app constraints, and a notification plug-in system

Speakers

Peter Collins

Discord

As a Senior Staff Security Engineer at Discord, my focus is on writing software to pave paths that make the secure way the easy way. I strive to build a security culture that is transparent, scalable, empathic, and positive. https://peterc.ollins.me

Elisa Guerrant

Discord

Platform Security Engineer @ Discord

Saturday May 4, 2024 12:00pm - 12:30pm PDT
AMC Theatre 14

Security @ Scale Presentation

12:00pm PDT

Lunch

Breakfast and lunch are served in the Embarcadero. Drip
coffee and water are available all day throughout the
Participant Hall.

Saturday May 4, 2024 12:00pm - 1:30pm PDT
Participation Hall

Food & Drink

12:15pm PDT

🪿 Cloud Polyglot Support Group

Most of us have at least one large customer in each cloud. Generally any new cloud will need to talk back to your first cloud - but each platform’s security tools and tiers don’t necessarily align. Let’s share stories of how we ensure something like parity while keeping what’s left of our sanity.

Speakers

Jack Murphy

Temporal

Jack is an SF Parks-educated permie who has been securing clouds and the things that run in them for a decade.

Saturday May 4, 2024 12:15pm - 1:00pm PDT
AMC Theatre 9

Security @ Scale Birds of a Feather

12:30pm PDT

Sponsor Raffle

Visit the sponsor booths throughout the Participant Hall and learn more about the many of the companies that have made this year’s event possible. You’ll be introduced to new products, services, and even career opportunities. At
many booths you can also acquire one of the stamps needed to complete the Sponsor Passport, which can be found in the bag you received at registration. Drop your completed card into the Sponsor Passport raffle box located at the
BSidesSF booth to be entered into the raffle. Please note you must be present to win.

Saturday May 4, 2024 12:30pm - 1:00pm PDT
Village Workshops Stage, Embarcadero

General

1:15pm PDT

💻 Kubernetes Security: Hands-On Attack and Defense

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2024 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----

Designed for all skill levels, this workshop provides a solid understanding of Kubernetes Security. By simulating red team offensive tactics and blue team defensive strategies, you will learn to exploit and mitigate risks such as cluster misconfigurations, secrets leaks, and container escape.

Speakers

Lenin Alevski

Security Engineer, Google

Lenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Before joining Google, Lenin worked at MinIO, OneLogin, Oracle and Websec Mexico as an appsec engineer, software engineer, security... Read More →

Saturday May 4, 2024 1:15pm - 3:15pm PDT
AMC Theatre 9

Protective & Corrective Security Controls Workshop

1:30pm PDT

🎬 Advanced Persistent Teenagers: Understanding the Lapsus$ Playbook

In 2022, teenagers breached Microsoft, Okta, Uber and dozens more without any 0 day vulns. Leveraging the Cyber Safety Review Board's report and public sources, we'll explore how these attacks worked, how the playbook has outlived the group, and how to defend against these techniques.

Speakers

Benjamin Hering

Senior Staff Security Engineer, Saildrone

Benjamin Hering is a Senior Staff Engineer at Saildrone.

Saturday May 4, 2024 1:30pm - 2:15pm PDT
AMC Theatre 15

Detection & Response Presentation

1:30pm PDT

🎤 Combating Generative AI's Privacy Abuses

The power of generative AI has unleashed creativity & augmented human productivity. But do you know if the GenAI's models prioritize human data security and privacy? Join a team of experts to know privacy related abuses & misuses and reclaim privacy to protect data from the digital robinhoods.

Speakers

Raji Vanninathan

Microsoft

Raji Vanninanthan is a Senior Security Manager at Microsoft with over 20 years of industry experience. Her current focus is Responsible AI and product security incident response(PSIRT). She has held previous leadership roles at Apple and Adobe where she established programs across... Read More →

Trupti Shiralkar

N/A

Trupti has 18 years of diverse experience, leading security and privacy initiatives in Fortune 500 companies and dynamic startups. Her journey is marked by cultivating high-performing teams, pioneering product security and privacy engineering strategies, and instilling a progressive... Read More →

Nandita Rao Narla

DoorDash

Nandita Rao Narla is the Head of Technical Privacy and Governance at DoorDash. Beyond checkbox compliance programs, Nandita is interested in developing products that respect user privacy and build trust. She is a Senior Fellow at Future of Privacy Forum and serves on the Advisory... Read More →

Mohammad Tahaei

Responsible AI Research Lead, eBay

Responsible AI, privacy, security, human-centered AI, UX research for privacy and security

Apoorvaa Deshpande

Privacy Engineer, Google Cloud

Apoorvaa is a senior privacy engineer at Google Cloud working on AI privacy and data governance. She has extensive experience in privacy-by-design, privacy analysis and designing PETS at scale. Prior to Google, Apoorvaa was a senior privacy engineer at Snap Inc., and before that she... Read More →

Saturday May 4, 2024 1:30pm - 2:15pm PDT
AMC Theatre 13

Privacy & Governance Panel

1:30pm PDT

🎬 TL;DR: Applying AI to Security

Progress in AI has been rising faster than your existential dread. Don’t worry, this talk will condense 100s of hours of curating and distilling applications of AI to security into one talk so you can rapidly get up to speed: AppSec, red and blue team, threat modeling, & much more.

Speakers

Clint Gibler

Senior Security Consultant, Semgrep

Clint Gibler (@clintgibler) is the Head of Security Research for Semgrep, a startup building modern AppSec tools that security teams and developers love. Previously, Clint was a Research Director at NCC Group, received a PhD in Computer Science from UC Davis, and has spoken at conferences... Read More →

Saturday May 4, 2024 1:30pm - 2:15pm PDT
AMC Theatre 14

Security @ Scale Presentation AI

1:30pm PDT

🎬 Six Years in Review: Transforming Company Culture to Embrace Risk

Reflect on a security team’s 6-year journey to transform company culture to share security responsibility. In the face of new SEC regulations, an ever growing backlog of vulnerabilities, and burnt out security teams, learn how our democratized vulnerability management adapts and prevails.

Speakers

Ariel Shin

Twilio

Ariel is a Product Security Manager and a driving force behind transformative change at Twilio. She has been instrumental in shaping the Product Security program and promoting a heightened sense of security awareness within the Engineering organization. Through her empowering approach... Read More →

Saturday May 4, 2024 1:30pm - 2:15pm PDT
AMC Theatre 12

Usable Privacy & Security Presentation

1:30pm PDT

The Generative Red Team and Coordinated Disclosure for ML

Come to the AI Village to hear about why we could use the disclosure process for ML systems.

Speakers

Sven Cattell

Saturday May 4, 2024 1:30pm - 2:15pm PDT
AMC Theatre 11

Village Talk AI

1:30pm PDT

Bug Bounty Village Workshop

Bug Bounty Village Workshop with NahamSec & Jason Haddix

Speakers

NahamSec & Jason Haddix

Saturday May 4, 2024 1:30pm - 4:00pm PDT
Village Workshops Stage, Embarcadero

Village Workshop

2:30pm PDT

🎬 Startups: SOC 2 ... Now or Later?

Delaying SOC 2 might save time now, but the long-term benefits of a secure and compliant framework can be a game-changer. The decision to pursue SOC 2 compliance is a crucial one. Implementing SOC 2 early can establish trust with customers, investors, and partners, enhancing your market credibility.

Speakers

Elyse Libetti

Gomboc.ai

Elyse Libetti, a Mathematics alum from Florida Atlantic University, began her journey in Medical Device Cybersecurity. A software engineer with a keen eye for innovation, she authored the Mitre FDA CVSS Calculator. Recognizing her expertise, Elyse is a founding Senior Engineer at... Read More →

Saturday May 4, 2024 2:30pm - 3:00pm PDT
AMC Theatre 12

Privacy & Governance Presentation

2:30pm PDT

🎬 WhizBangLambdaFix: where AWS Misconfigurations meet Auto-Fix-It Antics

Explore our AWS Lambda-powered tool for the cloud that not only automates misconfiguration remediation, but also cuts costs and reduces attack surfaces. Dive into our dual-angle approach, fusing secure defaults with impactful playbooks and user Slackbot responses for hands-free AWS management.

Speakers

Lily Chau

Pilferer Productions

Lily Chau is a little blob, inhaling copious amounts of food and is often seen riding a warp star. Lily is a silent spirit using lots of grunts, shouts and cheery elongated mono-syllables. Lily was previously known as a platypus caretaker.

Lakshmanan Murthy

Roku Inc

Saturday May 4, 2024 2:30pm - 3:00pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation

2:30pm PDT

🎤 Titans of Scale: Strategies to Scale Security in Expanding Organizations

Join leaders from Chime, Netflix, Rippling, Snowflake and Twilio in a panel on scaling AppSec. Explore strategies such as vulnerability management, threat modeling, and effective use of security metrics. The panel will review the latest trends and real-world experiences to fortify growing orgs.

Speakers

Mukund Sarma

Chime

A Security generalist with hands-on experience in Application Security, Security Architecture, and Platform Security. I enjoy building security programs and I've had some experience doing so. I'm currently the Senior Director of Product Security at Chime. In this capacity, I oversee... Read More →

Jeevan Singh

Rippling

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He's dedicated to the integration of security practices into software development, working to create a security-aware... Read More →

Ariel Shin

Twilio

Jacob Salassi

Snowflake

Director of Product Security at Snowflake. Led Snowflake's pre- & post IPO transformation from a bottlenecked, security engineer centric process that slowed teams down to a developer owned security process that ships features faster and more securely. My teams & I handle security... Read More →

Julia Knecht

Netflix

Julia Knecht (she/her) leads Security Platforms Engineering at Netflix - we're responsible for creating an understanding of the security state of the world and taking an eng-first approach to control automation. Julia has previously worked in different security capacities - specializing... Read More →

Saturday May 4, 2024 2:30pm - 3:15pm PDT
AMC Theatre 13

Security @ Scale Panel AI

2:30pm PDT

🎬 LLMs at the Core: From Attention to Action in Scaling Security Teams

Join us for a practical journey of scaling security with large language models. We've automated parts of SDLC, access management, bug bounty triaging, and attacker detection. We're open-sourcing the tools we created! Explore new ways to focus your security team's attention.

Speakers

Fotis Chantzis

OpenAI

Fotios (Fotis) Chantzis is laying the foundation for a safe and secure Artificial General Intelligence (AGI) at OpenAI. He recently published a book on "Practical IoT Hacking" with No Starch Press. He has also been heavily involved in hacking medical devices. His research on network... Read More →

Paul McMillan

OpenAI

Saturday May 4, 2024 2:30pm - 3:15pm PDT
AMC Theatre 14

Security @ Scale Presentation

3:00pm PDT

AI Statistical Basics: Learning the fundamentals so you know where things can go wrong

Learn how all DS/ML/AI systems work from scratch hands on, starting from linear regression through building your own Shakespeare LLM

Speakers

Ravin Kumar

Saturday May 4, 2024 3:00pm - 5:00pm PDT
AMC Theatre 11

Village Talk AI

3:30pm PDT

🎬 Reinventing ETL for Detection and Response Teams

Join this session to hear about the unique data collection (ETL) requirements of Detection and Response teams and learn practical strategies for enriching event logs at scale without breaking the bank.

Speakers

Josh Liburdi

Staff Security Engineer, Brex

Josh Liburdi is a security engineer and tech lead at Brex who focuses on threat detection, incident response, and distributed systems. He has more than a decade of industry experience and has worked at several diverse organizations, including Splunk, Target, and CrowdStrike. He... Read More →

Saturday May 4, 2024 3:30pm - 4:00pm PDT
AMC Theatre 15

Detection & Response Presentation

3:30pm PDT

🎬 Insecurity protocols: an overview of modern authentication

Security engineers that think JWTs are bad have never stared into the abyss of XML Digital Signatures. Come on a journey of modern auth protocols such as OpenID Connect, SAML, WebAuthn, TPMs, and TLS. What makes them good, when they go bad, and when complex protocols result in real CVEs.

Speakers

Eric Chiang

Google

Eric is a Senior Software Engineer in Google’s Security org, where he leads management of Google’s internal network ACLs. He’s previously worked on a range of topics, including Linux fleet security, device hardware attestation, and Kubernetes auth. Eric is a Bay Area native... Read More →

Saturday May 4, 2024 3:30pm - 4:00pm PDT
AMC Theatre 13

Protective & Corrective Security Controls Presentation

3:30pm PDT

🎬 Snow Nor Rain Nor Dependency Confusion: How to Deliver the Right Package

While dependency confusion has been a known problem for years, most public discussions of it are theoretical. This talk will show you how we identified and exploited this vulnerability, and then fixed it at scale in a real-world package environment.

Speakers

Jessica Smith

Security Engineer, Block

Jessica is a senior engineer on the red team at Block. Her interests include web app security, cryptography, identity, and supply chain security. Prior to Block, she was on the application security team at Disney. She has previously spoken at Red Team Summit. She loves Python almost... Read More →

Justin Engler

Block

Justin has been breaking and fixing (but mostly breaking) applications for over 15 years at companies like Block (Square), iSEC Partners (NCC), and others. He has previously spoken at BHUSA, DEFCON, and other conferences.

Saturday May 4, 2024 3:30pm - 4:00pm PDT
AMC Theatre 14

Security @ Scale Presentation

3:30pm PDT

🎬 Please Pick Up: Crafting and Executing Successful Vishing Attacks

Vishing attacks are on the rise, with incidents like the MGM hack demonstrating the outsized impact of a malicious phone call. This talk will introduce practical OSINT techniques, then walk through using them to find targets, craft pretexts, and execute calls with spoofed phone numbers.

Speakers

Jason Puglisi

Jason is a security engineer with a particular interest in human security and social engineering. In 2022, he placed second in the DEF CON Social Engineering Community Vishing Competition. Back with a vengeance, he placed first in 2023 and took home a Black Badge. He has experience... Read More →

Please Pick Up Crafting and Executing Successful Vishing Attacks (Jason Puglisi BSidesSF May 2024) pdf

Saturday May 4, 2024 3:30pm - 4:00pm PDT
AMC Theatre 12

Usable Privacy & Security Presentation

3:30pm PDT

💻 API Security Workshop with OWASP crAPI

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2024 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----

In today's rapidly digitalizing world, APIs are the backbone of communication in the vast landscape of cloud applications, and microservices. With this increased usage comes the inevitable rise of security threats targeting APIs. This workshop will help attendees secure APIs effectively.

Speakers

Jayesh Bapu Ahire

AI Researcher, TraceableAI

Jayesh Ahire is the Founding Product Manager at TraceableAI where he runs the Company’s API Security initiative. He is a Practitioner at heart and has worked with numerous organizations to design and implement secure API architectures and integrate security practices into their... Read More →

Anjum

TraceableAI

Anjum is the Director of Security Research at Traceable.ai. He has worked on different aspects of security engineering specifically Detection engineering & Incident response, AppSec and Threat Intelligence. He has presented at conferences like BSidesSF, BSidesCharm, and has multiple... Read More →

Saturday May 4, 2024 3:30pm - 5:30pm PDT
AMC Theatre 9

Protective & Corrective Security Controls Workshop

4:15pm PDT

🎬 LLM Privacy Paradox: Balancing Data Utility with Security

Advancements in LLMs have prompted individuals and companies to fine-tune their own for specialized use cases. The million-dollar question is, when I fine-tune an LLM with my sensitive data (PII, PHI, FII, etc.), do I risk the tuned model leaking data or not?

Speakers

Rob Ragan

Partner, Bishop Fox

Rob Ragan - Principal Architect & Researcher at Bishop Fox Rob Ragan is a seasoned expert with 20 years experience in IT and 15 years professional experience in the cybersecurity realm, currently serving as a Principal Architect & Researcher at Bishop Fox. With a strong inclination... Read More →

Aashiq Ramachandran

Saturday May 4, 2024 4:15pm - 5:00pm PDT
AMC Theatre 12

Privacy & Governance Presentation

4:15pm PDT

🎬 Attacking & Defending Supply Chains. How we got Admin in your Cloud, Again

This talk will explore how reference architectures of our commonly used software supply chain services can lead to outcomes including secrets exfiltration, lateral movement, and privilege escalation in production environments. Then, we'll show best practices on how to fix them.

Speakers

Mike Ruth

Rippling

Mike is a Senior Staff Security Engineer at Rippling, where he works on securing the world’s best All-In-One HR & IT Platform. Previously the technical lead for Infrastructure Security at companies such as Brex & Cruise, Mike has over thirteen years of experience securing, designing... Read More →

Attacking and Defending Software Supply Chains How we got admin in your Cloud... Again! pdf

Saturday May 4, 2024 4:15pm - 5:00pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation

4:15pm PDT

🎤 From Hacking to C-Suite: Navigating the Labyrinth of Security Careers

Information Security & Privacy offers diverse specialties and impactful career paths. This panel of top leaders will share insights and experiences in exploring these career options.

Speakers

Caroline Wong

Chief Strategy Officer, Cobalt

Caroline Wong is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and Delivery teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role. Caroline’s close and practical... Read More →

Nicole Grinstead

Roblox

Nicole is an experienced security leader. She currently leads the Platform and Application Security organization at Roblox, which is responsible for securing Roblox's data, applications, and infrastructure. Before joining Roblox, she led a security engineering team at Netflix. Nicole... Read More →

Anna Westelius

Netflix

Scandinavian expat and former Security Researcher, Analyst & hacking enthusiast turned technology strategist, and security leader. Occasional public speaker. Passionate about solving big, complex, problems and building inclusive, motivated, and successful teams. Currently leading... Read More →

Swathi Joshi

Oracle

Swathi Joshi currently leads the SaaS Information Security team at Oracle which a charter to secure SaaS Applications. Before that she led Netflix's Detection and Response team which focuses on managing the inevitable security incidents that arise and building detection pipelines... Read More →

Tanvi Vyas

Google

Tanvi Vyas is currently a Principal Engineer at Google and was previously a Principal Engineer at Mozilla. In these roles, Tanvi advocates for a more private web for all users, leading the vision and development of privacy features. Tanvi also serves as an advisor to the Internet... Read More →

Saturday May 4, 2024 4:15pm - 5:00pm PDT
AMC Theatre 13

Security Leadership & Culture Panel

4:15pm PDT

🎬 Temporary Access to the Cloud: A Case Study

We'll explore how Chime successfully designed and implemented a temporary access solution for Okta, balancing innovative product development with the complexities of effecting a significant cultural change in security practices.

Speakers

Tomas Rabczak

Chime

Tomek Rabczak is a Staff Security Engineer at Chime. He spent the first half of his career attacking web applications as a Security Consultant and Pentester (with a focus on Rails applications). He now spends his time on the defensive side, building security tooling in Ruby.

Saturday May 4, 2024 4:15pm - 5:00pm PDT
AMC Theatre 14

Security Leadership & Culture Presentation

5:15pm PDT

🎬 Decoding Fraud: The Evolution and Impact of Netflix's Fraud Metrics

Our talk focuses on the unique challenges of designing fraud and security metrics in the fight against evolving threats. Using case studies from Netflix, we'll discuss how these metrics direct strategic decisions and improve defense posture. Attendees gain insights into creating their own metrics.

Speakers

Aditi Gupta

Netflix

Aditi Gupta is currently a Staff security software engineer at Netflix where she leads the anti-DDoS efforts and builds scalable services to address the fraud and abuse landscape at Netflix. She holds a PhD from Purdue University in the field of system security and has built several... Read More →

Yue Wang

Netflix

Yue is a Senior Security Analytics Engineer in the Trust and Safety team at Netflix. Yue is deeply passionate about creating and improving anti-fraud and abuse metrics, along with data analytics. She likes leveraging data to craft and narrate compelling anti-fraud stories. Beyond... Read More →

Saturday May 4, 2024 5:15pm - 5:45pm PDT
AMC Theatre 15

Detection & Response Presentation

5:15pm PDT

🎬 Effective building blocks for securing multi-tenant Kubernetes clusters

Learn about Snapchat's journey enabling secure multi-tenancy in a Kubernetes based Service Mesh platform. This session dives into successful patterns of automated least privileged access provisioning and practical security trade-offs for securing against container escapes.

Speakers

Shrikant Pandhare

Snap

Shrikant is an Engineering Manager for Infrastructure Security at Snap, working on Cloud, Kubernetes, and Service Mesh Security. He is passionate about applying zero-trust principles to production security. Previously, he worked at Splunk, Oracle, and Symantec, building and securing... Read More →

Sagiv Sheelo

Snap

Sagiv Sheelo is a Security Engineer at Snap Inc. working on Cloud, Kubernetes, and Service Mesh Security. Previously, he worked on implementing cloud native security controls at Twistlock/Palo Alto Networks.

Saturday May 4, 2024 5:15pm - 5:45pm PDT
AMC Theatre 13

Security @ Scale Presentation

5:15pm PDT

🎬 Securing Azure Open AI apps in the Enterprise

In this session, we explore the core security controls for securing usage of OpenAI’s services from an enterprise POV. We cover what controls are available, what's missing, how effective they are, and how to implement them.

Speakers

Karl Ots

EPAM Systems

Karl has more than 15 years of experience securing large enterprises in technology, manufacturing, and finance. Recognized globally as a top technology visionary with Microsoft Regional Director and MVP awards, Karl is a patented inventor and a best-selling author of the Azure Security... Read More →

Saturday May 4, 2024 5:15pm - 5:45pm PDT
AMC Theatre 14

Security @ Scale Presentation AI

5:15pm PDT

🎬 One-Click Code Fix: Securing Code Using AI

Discover how to automate remediation of vulnerable code in production using AI. Learn practical strategies and see demos for robust, efficient code repair in this session.

Speakers

Chandrani Mukherjee

Senior Cloud Security Engineer, Adobe

Chandrani Mukherjee completed her MS in Computer Science Arizona State University, Tempe, AZ, USA, in 2016. From 2016 to 2019 she worked at Oracle as Security Software Engineer - primarily as security tool developer. Chandrani joined Adobe in 2019 as Product Security Researcher where... Read More →

Joseph Seasly

Adobe

Joseph is a Product Security AI Engineer at Adobe. In his former life, he spent 13 years in the U.S. Intelligence Community working in a variety of agencies, technical roles, and missions.

Saturday May 4, 2024 5:15pm - 5:45pm PDT
AMC Theatre 12

Usable Privacy & Security Presentation AI

5:30pm PDT

Happy Hour

Once the last of the Saturday talks are done, join us in the Bar and Chill Out Space to celebrate a successful day one of the event!

Sponsors

Bolster

Saturday May 4, 2024 5:30pm - 6:30pm PDT
Participation Hall

Food & Drink, Bar

6:30pm PDT

Party

Welcome to the neon-lit abyss of BSidesSF's dystopian bash, where the boundary between man and machine blurs. Amidst the techno-frenzy, Balinese dancers weave an interpretive tale of technology's ethical struggles. Each movement is a haunting reminder of the delicate balance between promise and peril in our digital age. Welcome to a party where the future is both thrilling and terrifying, welcome to AI.

Sponsors

Adobe

Saturday Night Party

Saturday May 4, 2024 6:30pm - 9:30pm PDT
Participation Hall

Food & Drink, Embarcadero

9:00am PDT

Breakfast

Breakfast and lunch are served in the Embarcadero. Drip
coffee and water are available all day throughout the
Participant Hall.

Sunday May 5, 2024 9:00am - 10:00am PDT
Participation Hall

Food & Drink

9:00am PDT

Coffee

Three barista stations are located within the Participant
Hall. Stop by for an espresso drink of your choosing!

Sponsors

Apiiro

Espresso and Coffee

Vanta

Lounge, Espresso and Coffee

Webflow

Espresso and Coffee

Sunday May 5, 2024 9:00am - 3:00pm PDT
Participation Hall

Food & Drink

9:00am PDT

Cyversity

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Electronic Frontier Foundation (EFF)

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Pacific Hackers Association

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Secure Diversity

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Women in CyberSecurity (WiCyS)

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Community Organization

9:00am PDT

Headshots

Free headshots, first come first serve.

Sunday May 5, 2024 9:00am - 5:00pm PDT
AMC Lobby

General

9:00am PDT

Info Desk

Have a question or comment about the event that you’d
like to share? Drop by the Info Desk and chat with
members of the BSidesSF staff and volunteer teams.

Sunday May 5, 2024 9:00am - 5:00pm PDT
Lobby

General

9:00am PDT

Prayer & Mother's Room

Need a quiet place for meditation or mothering duties? Ask at the Info Desk, and we can guide you to a private location.

Sunday May 5, 2024 9:00am - 5:00pm PDT
Lobby

General

9:00am PDT

Registration

Sunday May 5, 2024 9:00am - 5:00pm PDT
Mezzanine (AMC)

General

9:00am PDT

Adversary Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

API Security Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Bug Bounty Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Capture the Flag

Sponsors

Google

Leading,CTF

Sunday May 5, 2024 9:00am - 5:00pm PDT
Twin Peaks

Village, CTF

9:00am PDT

Career Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Cloud Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Crypto & Privacy Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Embedded Systems Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Hardware Challenge Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Lockpick Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

Personal Security Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
Participation Hall

Village

9:00am PDT

AI Village

Sponsors

Dropzone AI

Village

GitGuardian

Village

Semgrep

Village

Sunday May 5, 2024 9:00am - 5:00pm PDT
AMC Theatre 11

Village AI

9:00am PDT

Bar and Chill Out

Take a break from the day’s events with a stop at the Bar and Chill Out Space. Two complimentary drink tickets were provided to you at registration. We already paid for them, so please use them!

Sponsors

Safebase

Daytime Bar & Chill-Out Space

Sunday May 5, 2024 9:00am - 5:30pm PDT
Participation Hall

Food & Drink, Bar

9:00am PDT

Lounge

Enjoy the SF skyline from the Lounge. Located on the patio next to the tent, the Lounge includes comfortable places to rest and relax, as well as lawn games to play.

Sponsors

Vanta

Lounge, Espresso and Coffee

Sunday May 5, 2024 9:00am - 5:30pm PDT
City View Terrace

General

9:00am PDT

T-Shirt Sales

Sponsors

EFF

Charity

Gardens of Golden Gate Park

Charity

Techbridge Girls

Charity

Sunday May 5, 2024 9:00am - 5:30pm PDT
Coat Check

General

9:00am PDT

Coat Check

Secure storage for your personal belongings is available
for all participants. Please remember to pick up your
items before the end of the event!

Sponsors

Aruba HPE

Coat Check

Sunday May 5, 2024 9:00am - 7:00pm PDT
Coat Check

General

10:00am PDT

🎬 Opening Remarks

Opening Remarks from Reed Loden, Lead Organizer of BSidesSF

Speakers

Reed Loden

Sunday May 5, 2024 10:00am - 10:10am PDT
AMC Theatre 13

Remarks Presentation

10:00am PDT

LeftoverLocals: Listening to LLM responses through leaked GPU local memory

Given that GPUs are the computational workhorse behind many machine-learning (ML) applications, their security is becoming increasingly critical, especially with the potential of ML to be deployed in privacy-sensitive domains. In this talk, I will discuss LeftoverLocals (CVE-2023-4969): a recent GPU vulnerability that allows a co-resident attacker to listen to interactive LLM responses through GPU memory leaks. We showed that this vulnerability impacted a wide variety of GPUs, including devices from Apple, AMD, and Qualcomm. To fully understand the attack, I will overview the GPU computation stack, including the basic architecture and execution model. I will emphasize various approaches to how GPU frameworks support multi-processing, and discuss the associated security considerations. The talk will conclude with a discussion on how we might work towards providing a more secure future for GPU systems.

Speakers

Tyler Sorensen

Sunday May 5, 2024 10:00am - 10:45am PDT
AMC Theatre 11

Village Talk AI

10:10am PDT

🎬 Unlocking the Future: AI is the Key to CISOs Top Challenges

In this keynote, we will explore how AI is poised to revolutionize the way CISOs tackle their most persistent and complex challenges over the next 3-5 years. We'll delve into the transformative potential of AI in addressing critical issues that have long plagued cybersecurity leaders, offering a glimpse into the future of proactive, intelligent threat management.

Speakers

Caleb Sima

CSA AI Security Initiative

Caleb serves as the Chair of CSA AI Security Initiative. Prior Caleb served as Chief Security Officer at Robinhood where he focused on keeping customers safe. Prior to Robinhood he was Security CTO at Databricks a leading data analytics and machine learning company where he built... Read More →

Sunday May 5, 2024 10:10am - 10:55am PDT
AMC Theatre 13

Keynote Presentation AI

11:10am PDT

Cooking Cyber Recipes with CyberChef

CyberChef is known as the "The Cyber Swiss Army Knife" and is a simple, intuitive web app for carrying out all "cyber" operations within a web browser. The tool enables technical and non-technical analysts to manipulate data in complex ways without dealing with complex tools or algorithms.
In this workshop, the presenter will show you what CyberChef can do and the basics of creating recipes, but it goes above and beyond by showing how to do OSINT and Malware Analysis. By the end of the presentations, the audience will see CyberChef differently and be able to apply the skills learned at their job.

Speakers

Marco Palacios

Sunday May 5, 2024 11:10am - 12:00pm PDT
Village Workshops Stage, Embarcadero

Village Workshop

11:15am PDT

🎬 Effective Detection in Kubernetes Clusters

Kubernetes attacks are on the rise and defense needs to up its game in response. In this talk we explore cluster event sources, assess cluster-cloud interfaces, and suggest useful rules to lay out an efficient and high-coverage detection solution for production K8s clusters.

Speakers

Shay Berkovich

Threat Researcher, Wiz

Shay is part of the Threat Research team in Wiz working on various aspects of container and cloud security with the emphasis on Kubernetes emerging threats. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security... Read More →

Oren Ofer

Threat Researcher, Wiz

Oren is a cyber security expert, security trainer, presenter, and researcher with over 14 years of experience in information security. He has gained vast experience from various projects, including detection engineering for Windows/Linux, Kubernetes, red team exercises, external and... Read More →

Sunday May 5, 2024 11:15am - 11:45am PDT
AMC Theatre 15

Detection & Response Presentation

11:15am PDT

🎬 Finetuning Large Language Models (LLMs) for Security Log Detections

Traditional security log detections look for pre-defined signatures in log data, which doesn’t generalize well for more sophisticated detection types. In this talk, we will explore how to finetune a popular open-source Large Language Model (LLM) for specific security log detection use cases.

Speakers

Wilson Tang

Adobe

Cyber Security Data Scientist at Adobe

Sunday May 5, 2024 11:15am - 11:45am PDT
AMC Theatre 14

Security @ Scale Presentation AI

11:15am PDT

🎬 Startup Security, 2nd Edition

It’s your first day at a well-funded hot new startup as the first security hire. There’s so much to do, people keep telling you things that make you nervous. Where do you even start? In this talk I’ll give you an actionable plan to thrive as a small security team from day 1 through post IPO.

Speakers

Evan Johnson

CEO, Cofounder, RunReveal

Evan Johnson is CEO of RunReveal. Prior to founding RunReveal in 2023, he was the Senior Director of Security Engineering at Cloudflare where he led application security, product security, and enterprise security. Evan joined Cloudflare as the first security engineer and was able... Read More →

Sunday May 5, 2024 11:15am - 11:45am PDT
AMC Theatre 13

Security Leadership & Culture Presentation

11:15am PDT

🎬 Beyond Code and Clicks: UX Insights to Security Software

Security tooling comes in all shapes and sizes and that user experience (UX) directly impacts the effectiveness of such tooling. In this talk, we'll share our experiences and offer UX-centric insights derived from building and maintaining security tools and processes.

Speakers

Hon Kwok

Truffle Security

Miccah

Truffle Security

Miccah is a software engineer working at Truffle Security. He is particularly interested in CLI tools, low level systems, and how to build software that is both a joy to use and simple to maintain.

Sunday May 5, 2024 11:15am - 11:45am PDT
AMC Theatre 12

Usable Privacy & Security Presentation

11:15am PDT

🪿 Harnessing Human Behavior: How to Truly Influence Secure Behavior

A mature security awareness program influences human behavior - yet many don’t understand how to do this. This BoF discussion will highlight how behavior science can be used to identify target behaviors & appropriate mitigations that go far beyond traditional methods. Useful for any security team!

Speakers

Cassie Clark

N/A

Cassie Clark is passionate about bringing humans into security. She develops awareness programs focused on behavior change, user enablement, and security culture. She has worked in security awareness for eight years, at organizations ranging from small business to mid-size to enterprise... Read More →

Sunday May 5, 2024 11:15am - 12:00pm PDT
AMC Theatre 9

Security @ Scale Birds of a Feather

12:00pm PDT

🎬 Beyond Labels: Evolving Data Classification

Beyond Labels' delves into the intricate art of data classification, expertly balancing security, privacy, and business needs. Uncover strategies to craft a flexible yet robust program that navigates the complexities of departmental demands while ensuring standardized compliance and protection.

Speakers

Rob Oden

Senior Data Security Specialist, Roblox

Hi, I'm Rob, a cybersecurity professional with over two decades of experience. I currently work at Roblox, focused on data security. I'm passionate about developing data classification and handling programs, integrating the latest data protection tools, and managing diverse cybersecurity... Read More →

Sunday May 5, 2024 12:00pm - 12:30pm PDT
AMC Theatre 12

Privacy & Governance Presentation

12:00pm PDT

🎬 AiIAM: Transforming the Democratized AWS IAM Architecture with LLMs

Watch how AiIM (AI Identity Management) simplifies the principle of least privilege by using a developer-first service leveraging LLMs to automate AWS IAM policy generation. By empowering developers and following a democratized AWS IAM strategy, you too can say goodbye to manual security reviews.

Speakers

Anthony Scheller

Head of Security Engineering, Stubhub

Anthony Scheller is a seasoned cybersecurity professional with a decade-long track record of success. His journey began at PwC, where he specialized in offensive security, assisting Fortune 500 companies in fortifying their defenses against cyber threats through penetration testing.Transitioning... Read More →

Jorge L Gomez

Twilio

Jorge L Gomez is a cybersecurity professional with over 15 years of practical experience in the energy, financial, cloud infrastructure, and technology industries. He has led and matured numerous cybersecurity programs, including identity & access management, incident response, threat... Read More →

Sunday May 5, 2024 12:00pm - 12:30pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation AI

12:00pm PDT

🎬 How to Secure Cloud Machine Identities

Are you in control of your machine identities? Mismanaged credentials or overprivileged permissions have caused multiple recent high-profile cloud breaches. We’ll walk you through some best practices for mitigating these risks and provide specific steps for implementing them on AWS and GCP.

Speakers

Komal Dhull

P0 Security

Komal is a software engineer at P0 Security where she is creating tools to simplify cloud security. She previously worked at Crusoe Energy optimizing the operation of remote datacenters and holds a degree in computer science from Carnegie Mellon University, where she also published... Read More →

Nathan Brahms

VP of Engineering, P0 Security

A physicist-turned-technologist, I focus on improving end-user privacy by enabling developers to create technology securely. Currently, I'm a co-founder at P0 Security, where I focus on improving access security for cloud native development. Previously, I've developed open-source... Read More →

Sunday May 5, 2024 12:00pm - 12:30pm PDT
AMC Theatre 14

Security @ Scale Presentation

12:00pm PDT

🎬 PirOps: What 18th-Century Piracy can Teach Us about SecOps

The Golden Age of Piracy in the Caribbean, often romanticized in literature and film, offers surprisingly valuable insights into modern-day SecOps practices. Explore the historical research on the structure, processes, and risk management strategies of pirate crews to see what we can use today.

Speakers

Aron Eidelman

Google

Aron Eidelman is a DevSecOps Advocate at Google Cloud. He has a background in web development, penetration testing, and cloud architecture, which helps him connect with many different types of practitioners and internal teams to build reliable and secure cloud practices. Recently... Read More →

Sunday May 5, 2024 12:00pm - 12:30pm PDT
AMC Theatre 13

Security Leadership & Culture Presentation

12:00pm PDT

Lunch

Breakfast and lunch are served in the Embarcadero. Drip
coffee and water are available all day throughout the
Participant Hall.

Sunday May 5, 2024 12:00pm - 1:30pm PDT
Participation Hall

Food & Drink

12:15pm PDT

🪿 Why Everyone Hates Vulnerability Management & How to Make Better

Vulnerability management can be such a chore! Whether it's managing bug bounty software or working with your organizational partners to address issues, the role is a challenge. Join us to discuss how make your vulnerability management program better.

Speakers

Kelly Thibault

Secure Diversity

Kelly Thibault (she/her/hers) is currently the Executive Director at Secure Diversity, a non-profit focused on increasing diversity in cybersecurity. She leads all and manages many aspects of Secure Diversity, including the Day of Shecurity conferences. Prior to Secure Diversity... Read More →

Lisa Hall

SafeBase

With over 17 years experience in the information security field, Lisa focuses on building holistic security strategy and comprehensive information security management programs- ensuring products and business systems are developed with security in mind. Lisa believes security should... Read More →

Sunday May 5, 2024 12:15pm - 1:00pm PDT
AMC Theatre 9

Protective & Corrective Security Controls Birds of a Feather

12:30pm PDT

Sponsor Raffle

Sunday May 5, 2024 12:30pm - 1:00pm PDT
Village Workshops Stage, Embarcadero

General

1:15pm PDT

💻 Injecting and Detecting Backdoors in Code Completion Models

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2024 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----

Immerse yourself in a workshop where we guide participants in creating a covert trojan within code completion models. Learn to inject a backdoor discreetly, then explore detection techniques. Gain hands-on experience crafting and identifying hidden threats, unveiling the underbelly of trusted coding

Speakers

Tal Folkman

Checkmarx

Tal Folkman is a security research team lead and accomplished expert in cybersecurity with over 8 years of experience in the field. Tal possesses exceptional skills in detecting and analyzing malicious code present in open-source software supply chains. In 2021, Tal joined Dustico... Read More →

Guy Nachshon

Security Researcher, Checkmarx

I'm Guy Nachshon, a Security Researcher at Checkmarx, specializing in Supply Chain Security. My work includes Security Research and coding in multiple language, design and AI Security Research, where I focus on safeguarding AI systems. My portfolio includes groundbreaking research... Read More →

Sunday May 5, 2024 1:15pm - 3:15pm PDT
AMC Theatre 9

Detection & Response Workshop AI

1:30pm PDT

🎬 GRC Engineering - Bringing GRC to a repository near you

Tired of cringing when compliance comes knocking? It's time to change that, starting with - your git repositories

Speakers

Varun Gurnaney

Staff Security Engineer, GRC Engineering

Security Engineer in of San Francisco. Previously held security roles at Robinhood, Zendesk and EY. I didn’t watch the eclipse

Sunday May 5, 2024 1:30pm - 2:00pm PDT
AMC Theatre 12

Privacy & Governance Presentation

1:30pm PDT

🎬 Phish & Furious: Campaign Builder Vulnerabilities in a Blink & Breach World

The presentation explores campaign builder vulnerabilities in the digital landscape, analyzing real-world cases for insights into phishing attacks. "Phish and Furious" provides strategies for dynamic cybersecurity defense, contributing to the conference dialogue on evolving threats.

Speakers

Raae Wolfram

Microsoft

Raae Wolfram has over 15 years of professional experience in IT, a decade of which focused on healthcare IT. She currently serves as a Senior Product Manager at Microsoft, building out their first party managed security services. Her academic journey includes a BA in Anthropology... Read More →

Sunday May 5, 2024 1:30pm - 2:00pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation

1:30pm PDT

🎬 Army of Proxies! How Netflix scales identity based zero trust architecture

In nearly 10 years of identity based security the Netflix strategy has evolved significantly. From crafting novel solutions to migrating to common off the shelf tools and an expanding definition of workforce, Netflix’s Security organization embraces context over control to help entertain the world.

Speakers

Grant Callaghan

Netflix

Grant Callaghan is a staff security software engineer at Netflix where he has been working since 2018. His work includes development of tools and services that defend the Netflix platform such as the design and implementation of authentication platforms and control planes. He has... Read More →

Sunday May 5, 2024 1:30pm - 2:00pm PDT
AMC Theatre 13

Security @ Scale Presentation

1:30pm PDT

🎬 Effective security on a tight budget

If getting enough budget wasn't already difficult before the tech cool down, security organizations now struggle more than before in trying to be effective at holding attackers at bay. This presentation will provide principles and practices on how to succeed through the downturn and beyond.

Speakers

Felix Matenaar

Asana

As a security enthusiast and engineering leader with 11 years of professional experience plus previously 10 years of hobbyist projects at a hacker space I have been fortunate to see how data security and privacy has become increasingly important to consumers and businesses alike... Read More →

Sunday May 5, 2024 1:30pm - 2:00pm PDT
AMC Theatre 14

Security Leadership & Culture Presentation

1:30pm PDT

Adversary Village

Adversary Village Talk with Phillip Wylie

Speakers

Phillip Wylie

Sunday May 5, 2024 1:30pm - 2:00pm PDT
Village Workshops Stage, Embarcadero

Village Talk

1:30pm PDT

Bayesian Covertrees for Threat Detection

Current AI observability solutions are inefficient. They are not sensitive enough to quickly and precisely catch anomalies in data streams, are not designed to scale to web-scale datasets, and do not offer proactive drilldowns to get to the root of a data issue. This is a major blocker in domains like cybersecurity, where detection models need to quickly pinpoint and adapt to new types of threats (such as malware and spam). We present a solution using a bayesian version of geometric multi-resolution analysis that uses the properties of the dataset against itself. This geometric technique is both explainable and understands the distribution of data enough to create extremely sensitive detections.

Speakers

Sven Cattell

Sunday May 5, 2024 1:30pm - 2:15pm PDT
AMC Theatre 11

Village Talk AI

2:00pm PDT

Adversary Village

Adversary Village Workshop with Abhijith B R

Speakers

Abhijith B R

Sunday May 5, 2024 2:00pm - 4:00pm PDT
Village Workshops Stage, Embarcadero

Village Workshop

2:15pm PDT

🎬 Next-Gen Detection: Harnessing LLMs for Sigma Rule Automation

Explore the frontier of detection engineering in this talk, which delves into using LLMs for automating Sigma rule generation. We'll examine approaches like RAG, fine-tuning, and prompt-chaining, comparing their effectiveness in streamlining threat detection.

Speakers

Dave Johnson

Feedly

Dave Johnson, with over 14 years of cybersecurity experience, is a Threat Intelligence Advisor at Feedly, where he specializes in the intersection of machine learning and cybersecurity. As a former FBI Intelligence Analyst, Dave tracked cybercriminals and investigated cyber espionage... Read More →

Sunday May 5, 2024 2:15pm - 3:00pm PDT
AMC Theatre 15

Detection & Response Presentation AI

2:15pm PDT

🎤 CISO Series Podcast (Live)

Come join an audience recording of the CISO Series Podcast with hosts David Spark, Mike Johnson, CISO, Rivian and Steve Zalewski, former CISO, Levi Strauss. We'll talk about security leadership, working in cybersecurity, and we'll break it up with some fun cyber games, like "What's Worse?!"

Speakers

David Spark

Producer, CISO Series

David Spark is the producer of the CISO Series, a media channel of blogs, podcasts, and videos all on the cybersecurity ecosystem. Less than a year old, the CISO Series has hit a nerve in the InfoSec industry as it has acted as a much needed mouthpiece for the dysfunctional yet much... Read More →

Mike Johnson

Rivian

Mike is the CISO of electric vehicle manufacturer Rivian, helping to keep the world adventurous forever. Mike joined Rivian from Fastly where he was CISO for over 3 years, securing the network and platform of the edge cloud company. Mike’s cybersecurity career spans more than 25... Read More →

Steve Zalewski

Co-Host, CISO Series

Mr. Zalewski is a Board advisor to security companies and VC firms, providing guidance on market fit and direction. In addition, his practice provides retained CISO and security advisory services to clients to address program design, assessment, due-diligence, and board reporting.He... Read More →

Sunday May 5, 2024 2:15pm - 3:00pm PDT
AMC Theatre 13

Security Leadership & Culture Panel Podcast

2:15pm PDT

🎬 Pushing Boundaries: Journeys to the top of Security Engineering

Join two trailblazing women as they pull back the curtain on their journey to the upper echelons of security engineering. They've battled the odds, shattered glass ceilings, and are ready to share their hard-earned wisdom. Gear up as it's time to take control of your career trajectory.

Speakers

Lea Snyder

Principal Security Engineer, Microsoft

Lea Snyder is a Principal Security Engineer at Microsoft with over 20 years of experience in technology, focusing on security and security adjacent domains for almost 10 years, working in Identity & Access Management and Application Security. She is an active contributor to the security... Read More →

Devina Dhawan

Shopify

Devina Dhawan is a Staff Security Engineer at Shopify, specializing in Cloud Security, Infrastructure Security, and Zero Trust Security. She is always sharing her knowledge through meetups and conferences, hoping to ignite a passion for security wherever she goes. She is the founder... Read More →

Sunday May 5, 2024 2:15pm - 3:00pm PDT
AMC Theatre 14

Security Leadership & Culture Presentation AI

2:15pm PDT

🎬 Insane in the Supply Chain: Threat modeling for attacks on AI systems

Supply chain attacks suck - that's a fact. If you’re hit with an attack, your executives could find themselves in trouble with the SEC and your company's reputation left in question. In the age of AI, will all that has happened before, happen again? We evaluate the risks of the AI supply chain.

Speakers

Eoin Wickens

Technical Research Director, HiddenLayer

Eoin Wickens is the Technical Research Director - Field at HiddenLayer, where he both researches and speaks about security for artificial intelligence and machine learning. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been... Read More →

Marta Janus

Principal Researcher, HiddenLayer

Marta is a Principal Researcher at HiddenLayer, focused on investigating adversarial machine learning attacks and the overall security of AI-based solutions. Prior to HiddenLayer, Marta spent over a decade working as a researcher for leading anti-virus vendors. She has extensive experience... Read More →

Sunday May 5, 2024 2:15pm - 3:00pm PDT
AMC Theatre 12

Usable Privacy & Security Presentation

3:30pm PDT

🎬 Securing Generative AI: Is it all an Illusion?

Dive into GenAI/LLMs where innovation meets vulnerabilities. This talk is on commercially available GenAI/LLMs where you will learn how to assess and secure them while enabling your partners to rapidly deploy. Gain insights as we share lessons learned and take away a flexible framework to apply.

Speakers

Rachana Doshi

Salesforce

Rachana Doshi is the Director of Third Party Security/Enterprise Security at Salesforce. She has over 16 years of experience in the information security and technology industry, working in many different security domains from Secure SDLC, Application Security to Third Party Security... Read More →

Michael Samson

Salesforce

Michael Samson is a senior security engineer at Salesforce focusing on third party security. Michael has been in the information security space for over 11 years, and has experience across a variety of areas including application security, threat and vulnerability management, and... Read More →

Sunday May 5, 2024 3:30pm - 4:15pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation AI

3:30pm PDT

🎬 Ransomware and Backups: A Multi-Layered Defense Strategy

Ransomware is targeting backups of critical data. How to protect backups from getting corrupted? How to enhance NIST 3-2-1 strategy? This presentation proposes a multi-layered backup defense with prevention, detection, analytics and ultimately threat hunting strategies for your backup data.

Speakers

Amol Sarwate

Cyber Resilience Leadership, Veritas Technologies

Amol Sarwate has led security research for Data Security, CNAPP, XDR, Vulnerability & malware detection for endpoints, network and cloud. He has devoted his career to protecting, securing, and educating the community from security threats. Sarwate has presented his research on cloud... Read More →

Sunday May 5, 2024 3:30pm - 4:15pm PDT
AMC Theatre 14

Security @ Scale Presentation

3:30pm PDT

🎤 Founders R Us: Tales from recent security CEOs

Have you always wondered what challenges you'll face when starting a company? Are you considering turning your side project into a full-time endeavor? Maybe you're interested in hearing what it's like to be an early employee?

This panel has recent security founders ready to share their learnings!

Speakers

Leif Dreizler

information Security Professional, Semgrep

Leif Dreizler is an information security professional with over a decade of experience. He is currently leading an engineering team that builds features of Semgrep’s product. Previously, Leif was a Senior Engineering Manager at Twilio Segment where his team was focused on building... Read More →

Brooke Motta

CEO and Co-Founder, Rad Security

Brooke Motta is CEO and co-founder of Rad Security. Brooke is a dynamic leader in the cybersecurity industry who has scaled companies from seed to IPO. Brooke recognized the exponential shift to Cloud Native Infrastructure as an opportunity to provide Cloud Native Detection and Response... Read More →

Umaimah Khan

CEO, cofounder, Opal Security

Umaimah Khan is the co-founder and CEO of Opal Security, a next-generation identity security company. As a mathematician and engineering leader, Umaimah knows first-hand the challenges of managing secure authorization. She began her career as a researcher, before leading infra and... Read More →

Travis McPeak

Sr. Security Engineer, Resourcely

Travis is currently the co-founder and CEO at Resourcely, a new approach to preventing misconfiguration. Before starting Resourcely, Travis held security leadership roles at Databricks, Netflix, and IBM. He enjoys the intersection of business and security. In his spare time, Travis... Read More →

Oliver Friedrichs

Pangea

Oliver Friedrichs is Founder & CEO at Pangea; He was previously VP Security Products @ Splunk; Founder and CEO @ Phantom Cyber (acquired by Splunk); Founder and CEO @ Immunet (acquired by Cisco); Co-founder @ SecurityFocus (acquired by Symantec) and Secure Networks (acquired by M... Read More →

Sunday May 5, 2024 3:30pm - 4:15pm PDT
AMC Theatre 13

Security Leadership & Culture Panel

3:30pm PDT

🎬 Imperfect Security: Doing Less to Achieve Better Security

Imperfect Security is accepting that you cannot actually achieve "perfect security" and that a "less is more" approach can be a more effective strategy. This talk discusses why doing fewer, simpler things, being collaborative, and ignoring doom and gloom ultimately result in stronger, more responsive security programs and healthier teams.

Speakers

Kevin Hanaford

Discord

Kevin is the Head of Security at Discord and is a seasoned security, infrastructure, and cloud operations leader with over a decade of leadership experience building, developing, and scaling highly effective teams with roles at Cruise, Salesforce, Remitly, Amazon, PayPal, Bungie... Read More →

Sunday May 5, 2024 3:30pm - 4:15pm PDT
AMC Theatre 12

Security Leadership & Culture Presentation

3:30pm PDT

💻 Open source endpoint security with osquery

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2024 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----

Learn how modern defenders use osquery to address posture, visibility, detection, and response across the major computing platforms: Windows, Linux, and macOS. We’ll work through interactive scenarios to learn SQL skills you can deploy with open source software.

Speakers

Zach Wasserman

Fleet

Zach is a co-creator of osquery and co-founder/CTO of Fleet, where he builds open source tools for defenders to secure their endpoints. He brings the vision and experience of working with osquery since the earliest design documents at Facebook in 2014 and has served on the Linux Foundation... Read More →

Sunday May 5, 2024 3:30pm - 5:30pm PDT
AMC Theatre 9

Detection & Response Workshop

4:00pm PDT

Adversary Village

Adversary Village Workshop with Erik Hunstad

Speakers

Erik Hunstad

Sunday May 5, 2024 4:00pm - 4:30pm PDT
Village Workshops Stage, Embarcadero

Village Workshop

4:00pm PDT

Holistic ML Threat Modeling

An AI Village talk on Holistic ML Threat Modeling from Adelin Travers.

Speakers

Adelin Travers

Sunday May 5, 2024 4:00pm - 4:45pm PDT
AMC Theatre 11

Village Talk AI

4:30pm PDT

🎬 Faux Data, Real Defense: ML advancements in data synthesis

Access to realistic cybersecurity data is difficult to procure and expensive to simulate. Synthetic data generation has seen great advances with LLMs over the last year. Can ML based detection methods benefit from this? We dive into some methodologies and explore a use case.

Speakers

Arjun Chakraborty

Databricks

Arjun Chakraborty is a staff detection engineer at Databricks. He works on building out the security analytics platform which enables the use of machine learning to detect security threats. He previously worked as a machine learning engineer at Nvidia where he built machine learning... Read More →

Sunday May 5, 2024 4:30pm - 5:00pm PDT
AMC Theatre 15

Detection & Response Presentation AI

4:30pm PDT

🎬 The road to developers' hearts

I advocate, champion, and build security software at scale. This journey taught me the things software engineers find challenging when working with security counterparts and how to bridge the gap. These insights might be worth sharing with security friends. This is my experience, not my employer's.

Speakers

Sing Ambikapathi

N/A

Sing is a software engineer specialized in security and compliance. Primarily design, build and support software products to keep the customer's application, data and infrastructure secure. Lead, mentor and learn along the way.

Sunday May 5, 2024 4:30pm - 5:00pm PDT
AMC Theatre 14

Security Leadership & Culture Presentation

4:30pm PDT

🎬 AI: Best Janitor or Worst Superhero?

Emerging technology follows a common trend: we glimpse what it *could* be in the future, and overlook the less exciting success it could have *right now*.

Why? Hype gets funded. Feasible ideas don’t.

We should use AI to solve mundane problems, not critical ones. I'll explain why and how.

Speakers

Adrian Sanabria

Defenders Initiative

Adrian is a successful generalist with over two decades of experience hacking, fixing, breaking, building, and teaching in InfoSec. He’s always trying to see the big picture and figure out the best security strategies. Despite all these years in the industry, he is still optimistic... Read More →

Sunday May 5, 2024 4:30pm - 5:00pm PDT
AMC Theatre 12

Usable Privacy & Security Presentation AI

4:30pm PDT

🎬 Your voice confirms my identity

With voice cloning now available to the masses, just how secure is your average voice authentication system? Come dive into the world of AI voice generation systems; learn how to clone someone's voice, as well as discussion surrounding the trends we are seeing in voice authentication systems.

Speakers

Ethan McKee-Harris

Bastion Security

Ethan McKee-Harris, aka Skelmis, is a security consultant at Bastion Security Group (Formerly ZX Security). He spends his days hacking web applications and bypassing voice authentication systems. Beyond that, Ethan is an avid open source developer with experience on both sides of... Read More →

Sunday May 5, 2024 4:30pm - 5:00pm PDT
AMC Theatre 13

Usable Privacy & Security Presentation AI

4:30pm PDT

Adversary Village

Adversary Village Workshop with Filipi Pires

Speakers

Filipi Pires

Sunday May 5, 2024 4:30pm - 5:00pm PDT
Village Workshops Stage, Embarcadero

Village Workshop

5:15pm PDT

🎬 Cybersecurity meets Generative AI: Automating Your Compliance Operations

In this talk, we will outline how organizations can leverage LLMs to bootstrap their cybersecurity compliance operations with less cost, time and overhead compared to traditional approaches. The talk will include a demo of a RAG application, and also touch upon relevant AI governance concerns.

Speakers

Rafae Bhatti

Tilia, ClaritasGRC

Rafae is a privacy attorney and security executive with experience in leading data protection programs at tech startups in Silicon Valley. He is currently serving as both privacy counsel and CISO at Tilia, a payment platform for digital economies. He is also the founder at Clari... Read More →

Sunday May 5, 2024 5:15pm - 5:45pm PDT
AMC Theatre 12

Privacy & Governance Presentation AI

5:15pm PDT

🎬 Long Live Short Lived Credentials - Auto-rotating Secrets At Scale

Let's embrace a future of proper secrets management and auto-rotating secrets. It might seem overwhelming at first to consider accomplishing this, especially if you have never tackled secrets management before, but for many systems, this is easier to achieve than you might realize.

Speakers

Dwayne McDaniel

Sr. Security Developer Advocate, GitGuardian

Dwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech... Read More →

Sunday May 5, 2024 5:15pm - 5:45pm PDT
AMC Theatre 15

Protective & Corrective Security Controls Presentation

5:15pm PDT

🎬 Please Don't Discard - Security Data

Security review and threat modeling data is often discarded after creating security requirements and tickets. However if structured and persisted correctly this data can be a powerful tool to tackle security challenges in the future. Learn how we did it at Snowflake.

Speakers

Rishabh Gupta

Snowflake

Senior Security Engineer, Snowflake

Hrushikesh Paralikar

Snowflake

Software engineer specializing in building scalable and secure distributed systems.

Sunday May 5, 2024 5:15pm - 5:45pm PDT
AMC Theatre 14

Security @ Scale Presentation

5:15pm PDT

🎬 5 security startup pitches to raise money and eyebrows

We’ll pitch five startups (that don’t exist) and share why they should: the problem they solve, a view of the market, who the target buyer is, and what skills you’d need to be successful.
If you’ve ever thought of starting something, but are just waiting for the ‘right’ idea, this talk is for you.

Speakers

Maya Kaczorowski

Product Manager, N/A

Maya has worked in enterprise security for over a decade. She was mostly recently the Chief Product Officer at Tailscale. Previously, she was at GitHub in software supply chain security, and at Google working on container security, encryption at rest and encryption key management.Maya... Read More →

Sunday May 5, 2024 5:15pm - 5:45pm PDT
AMC Theatre 13

Security Leadership & Culture Presentation AI

6:00pm PDT

🎬 Closing Ceremony

We will be discussing the logistics and joys of organizing the event. Come hear how it all gets put together and who helps us out!

Speakers

Reed Loden

Sunday May 5, 2024 6:00pm - 6:10pm PDT
AMC Theatre 13

Remarks Presentation