March Meetup
Details
We're thrilled to announce our March meetup, graciously hosted by the fantastic teams at P0 Security and Endor Labs. Look forward to some outstanding talks, fantastic food/ beverages and meet best brains in the industry.
Agenda:
5:00 - Check in, grab some food/drinks and network
5:45 - 6:30 - 10 insecure-by-default IAM configurations in AWS and GCP
6:30-7:15 - Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
7:15 - 8:00 - Top 10 Open Source Software (OSS) Risks
8:00 - Doors close
Talk #1: 10 insecure-by-default IAM configurations in AWS and GCP
Abstract: This presentation delves into the ten most prevalent insecure-by-default IAM configurations encountered on AWS and GCP. Notable examples include the default compute service account assuming an Editor role in GCP. We'll identify these vulnerabilities and offer practical strategies for easy mitigation. By addressing these common pitfalls, security teams can enhance security posture by removing the risk inherent in the default configuration.
Speaker: Gergely Danyi is co-founder and CTO at P0 Security where he is on a mission to make cloud entitlements more secure. Previously, he worked at Splunk and wore a data scientist hat at multiple start-ups.
**Talk2#**Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Abstract: The speaker will present a Tale of Two AIs. First, we'll delve into the intricacies of Gen AI and then discuss the unique security risks posed by Gen AI, including adversarial attacks, unintended biases, and emergent behaviors. We'll then explore how Gen AI can be utilized to strengthen security defenses by automating vulnerability detection, assisting in threat analysis, and even generating secure code. This talk will equip you with the knowledge to navigate the complex landscape of Gen AI security by building an adoption friendly responsible AI program at your organization. Join us as we explore the glitches and the guardians, and discover how to leverage the power of Gen AI to secure your applications in the future.
Talk #3: Top 10 Open Source Software (OSS) Risks
Abstract: This talk will feature the Top 10 OSS Risks (https://www.endorlabs.com/top-10-open-source-risks) and include examples and case studies of notable OSS incidents tied to the risks discussed. It will also provide actionable takeaways for security and technology leaders to equip them to securely consume and utilize OSS in their enterprise environments and software/products while mitigating some of the most relevant risks associated with OSS.
**Speaker:**TBD