How to Identify Threat Modeling Limitations & AI CTF Workshop

NOTE: IN-PERSON EVENT

Speaker 1: James Rabe, Senior Solutions Architect & Threat Modeling SME at IriusRisk
James Rabe is a Senior Solutions Architect & Threat Modeling SME at IriusRisk and is responsible for designing and implementing threat modeling solutions for customers. He brings nearly 10 years’ experience in technology, security and compliance consulting and is a cybersecurity evangelist. Prior to joining IriusRisk James worked as a Security & Compliance Engineer at a consulting firm. He is a proud husband and father to two kids. James currently is an active board member in a community non-profit that focuses on revitalization and economic development of historic districts across the country.
Title: How to Identify Threat Modeling Limitations
Abstract:
Many cyber and application security tools love to say they can do everything needed to protect your assets. It isn’t rocket science to know that’s not true. It’s helpful to consider the limitations of tools and processes. This presentation will take attendees through how to define the limitations of threat modeling correctly, understand best practices in how, when, and by whom a proper threat model should be performed, and how this process of identifying threat model limitations can help users better understand its utility to systems and processes.

Speaker 2: Jonathan Marcil, NorthSec Challenge Designer
Jonathan is a board member of the OWASP Orange County chapter. Originally from Montreal, he is part of NorthSec CTF as a challenge designer. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has more than 19 years of experience in Information Technology and Security.
Title: AI (Stable Diffusion) CTF Workshop
Abstract:
Surprise! We're going to dive into the marvelous world of "artificial intelligence" and "prompt engineering".
This session will cover two CTF challenges based on Stable Diffusion which is a model capable of generating photo-realistic images given any text input. This will allow us to show in a practical fashion some potential real impact of something otherwise artificial.
Participants can bring their laptop to try the challenges by themselves. If you have a gaming laptop with a dedicated graphic card, that could be handy! For the others, rest assured as we will be solving them step by step alongside diving into diffusion models and machine learning technical details.

### Code of Conduct

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy

### Sponsorship

Vendors who are interested in sponsoring OWASP OC monthly meetings, please send an email to orange-county-leaders@owasp.org