Balazs Greksza
2008-2015 ITSec: IAM, Project Coordinator, Third Party Auditing, Sec Mgmt Lead for Architecture Project
2015- now Cyber: SOC Tech Lead / T2, SOC Manager, CSIRT T3, Senior SOC Eng, Threat Response Lead, Advanced Threat Operations Lead
Prior Certs: CISSP, CEH, CISA, CISM, CRISC, ISO27001LA, GCFA(508), GREM(610), CAPM(project management), CDP(devsecops), CCSE(container sec), CTMP(threat modeling), AOWD, TDI-CD(Cavern diver 🤿)
Session
Both LLMs as application components and code generation has security challenges. The goal of the talk is to demystify the complexities of securing applications.
We discuss AI security and software engineering challenges according to recent research.
Highlighting three popular AI use cases: Code Completion, Code Generation and Code Quality tools. We discuss how they fit in modern development environments and CI/CD, and what their implications are.
We seek to resolve conflicting interests of Product Management, Security and Software Development.
The talk will build on well-known security knowledge, extend it by looking at frameworks, such as MITRE ATLAS and OWASP Top 10 for LLMs.
With a quick intro to some of the key attack techniques, we look at where prevention should occur, and how to prioritize defenses.
The presentation will have a demo including one potential workflow.
The goal is to overcome the obstacles of securing software by decomposing it. The typical challenges are: specialised tooling, lots of moving parts, unclarity of the components.
We discuss the approaches to deal with securing software with high Go to Market pressure including.