“Cognitive Security and Social Engineering: A Systems-Based Approach”
Matthew Canham, Dr. Ben D. Sawyer;
Talk-45m
Cognitive Security is differentiated from more traditional security domains in three ways. First, cognitive security is concerned with protecting cognitive systems not necessarily humans; second, cognitive security considers multiple dimensions of system interaction, and third cognitive security considers multiple scales of operation. Adopting a “systems” perspective considers the interconnectedness of system elements, the function of the system, and scalability; systems-of-systems which may result in one system influencing another. This can be problematic from a security perspective because an effect might be induced in one system that causes an effect in another system, without the effected having visibility into the original cause. Three scales of engagement: the tactical level (single engagements), the operational level (multiple engagements), and the strategic level (traditional security concerns in addition to political and economic levers); combed with an extended OSI Model which includes Layers 8, 9, and 10 to describe human factors, describes a full stack for cognitive security. In order to successfully launch a cognitive attack, threat actors must achieve the objectives of four phases of a Cognitive Security Attack Cycle: Collection, Preparation, Execution, and finally Exploitation. Each phase of the implies points of vulnerability at which an attack might be disrupted.
“Double Entry Accounting for Security”
Sounil Yu;
Talk-20m
Double entry accounting is a practice that forms the foundation of present-day bookkeeping and accounting. When the methodology was discovered, it revolutionized finance. Could a similar practice work for cybersecurity? This session will walk through ways that you can (and unknowingly already have) implemented a form of double entry accounting that can help you revolutionize your security program.
“F*** Your ML Model”
Colt Blackmore;
Talk-45m
Yeah, Machine Learning is cool, but have you ever curled up with Logic Programming on a rainy day? Ever watched a baby AI Planner take its first steps? Ever ditched work early on a Friday and roadtripped to Vegas with an Optimization Solver?
In this session we'll take a step back from all the machine learning gigahype and look at the wider world of AI. We'll explore how NASA drives robots on Mars, how video games create intelligent agents, and how Google interrogates its massive Knowledge Graph.
In each case we'll see how the same AI methods can be adapted to tackle hard security problems, like tool orchestration and attack surface minimization, and we'll build out small-scale versions of these problems and show how to solve them using open source libraries.
“Overcoming Barriers in Security DSLs with BabbelPhish: Empowering Detection Engineers using Large Language Models”
Bobby Filar;
Talk-20m
The rise of detection-as-code platforms has revolutionized threat detection, analysis, and mitigation by leveraging domain-specific languages (DSLs) to streamline security management. However, learning these DSLs can be challenging for new detection engineers.
In this talk, we introduce BabbelPhish, an innovative approach utilizing large language models to bridge the gap between natural language queries and security DSLs. We demonstrate its application to MQL, Sublime Security’s free DSL for email security, and its potential extension to other DSLs. BabbelPhish enables users to harness the full potential of detection-as-code platforms with familiar natural language expressions, facilitating seamless transitions from triage to querying and coding.
We will discuss BabbelPhish's architecture, training process, and optimization techniques for translation accuracy and MQL query validity. Through live demonstrations and user interviews, we will showcase its real-world applications and implementation options, such as a VSCode plugin.
Join us as we explore how large language models can integrate natural language capabilities with the precision of security DSLs, streamlining security management and threat hunting, and making detection-as-code platforms accessible to a wider range of security professionals.
“So Who’s Line Is It Anyway? Recruiter Panel”
Kirsten Renner, Kris Rides, Lauren Scheer;
Talk-45m
Conversations with recruiters are always challenging. What do you say? What do they say? Who goes first? Who should follow up? This panel is made up of two amazing recruiters who are long time volunteers in the community who know how to coach hackers in their job search but also how to navigate the hiring process. Come to listen to a frank discussion about recruiting and job search. More importantly, come to ask questions!