Embedded Files
Program Schedule and Paper Sessions are now live.
Gregory M. Dickinson
Gregory M. Dickinson
Assistant Professor
University of Nebraska College of Law
Public and Private Responses to Digital Deception
Public and Private Responses to Digital Deception
This talk will discuss methods for combating online fraud, focusing on private lawsuits and governmental enforcement efforts. Private lawsuits offer a decentralized approach to policing "dark patterns" and other techniques for online fraud and are able to quickly leverage individuals' ground-level knowledge and private resources. However, the deterrent effect of private lawsuits is limited in the context of small-scale, heterogenous harms and where scammers operate from outside jurisdictions — contexts where governmental enforcement resources can most usefully be allocated to augment private efforts. Such coordinated public-private enforcement can effectively tackle digital deception with less risk of stifling innovation than regulations targeting particular technologies or techniques of deception.
Speaker Bio:
Speaker Bio:
I am an Assistant Professor of Law at the University of Nebraska, where I teach Contracts, Unfair Competition, and Remedies, as well as a fellow with the Stanford Law School Program in Law, Science and Technology. I hold a JD from Harvard Law School (2010, cum laude). Before my current appointment, I practiced at Ropes & Gray LLP in Boston and at two Rochester firms, with a year in between as a law clerk for Judge Richard Wesley of the U.S. Court of Appeals for the Second Circuit. While in full-time practice, I also served as a nonresident fellow at the Northwestern Pritzker School of Law. The combination of my computer science and legal training has drawn me toward technology-related issues in commercial law, which have been the focus of my practice and recent academic work. My research focuses on the interaction between private law and technology. One major area of interest is how the common law responds to technological innovation and can be harnessed to complement the more particular statutory and regulatory schemes layered atop it. A second branch of my work explores how the tools of machine learning and artificial intelligence can be brought to bear on traditional legal questions. Through computational analysis of large bodies of case law, my research seeks to provide a more systematic view of our legal system and doctrines and to guide legal reforms and policy decisions. My work has appeared in leading journals including the Georgia Law Review, George Washington Law Review, Stanford Law & Policy Review, and the Administrative Law Review.
Paul Veeneman
Paul Veeneman
Lead Cybersecurity Analyst
Securisect
Balancing Resilience and Cybersecurity in OT Environments
Balancing Resilience and Cybersecurity in OT Environments
This talk will explore how industries can ensure continuous operations in the face of increasing cyber threats without compromising security. Process environment resilience Security measures for remote access in industrial environments Incident response and recovery strategies Role of OT-IT collaboration in ensuring business continuity Presentation Importance: Discuss strategies for creating resilient OT environments, focusing on critical asset and process management, risk assessment and resilience methodologies that minimize disruption and optimize recovery during cyber incidents.
Speaker Bio:
Speaker Bio:
With 28 years of expertise across multiple industries, Paul leverages a broad background in both IT and OT cybersecurity, risk, and compliance, supporting the nation's critical infrastructure. Paul provides tailored guidance, charting a course through challenges in enterprise architecture, process, and industrial control systems, IoT, and cloud security. Paul's strategic insights have consistently empowered organizations to make informed decisions to meet challenges, goals, and mission objectives. Paul serves on several industry boards, including the local Minnesota chapters of InfraGard, the Information Systems Security Association (ISSA), the International Society of Automation (ISA), helping to deliver relevant and timely cyber-informed content to organizations, agencies, membership, and local industry. Paul also collaborates closely with local high schools, colleges, and universities, not just as an instructor, but also as a mentor. Paul offers guidance and support on both student career path decisions and academic curriculum development. His commitment to education bridges the gap between academic learning and real-world challenges but also inspired countless students to embark on meaningful and impactful careers in technology and cybersecurity.
Mark Simos
Mark Simos
Lead Cybersecurity Architect
Microsoft
Zero Trust: Focusing on what matters in cybersecurity
Zero Trust: Focusing on what matters in cybersecurity
This talk will cover cybersecurity through the lens of Zero Trust. We will cover the important parts of the security profession and the fundamental differences between classic cybersecurity and Zero Trust. We will then take a tour through the outcomes defenders must pursue, how to define and measure success, the roles we play (jobs), the durable capabilities we must build and continuously improve, and close on some career tips and resources to help you prepare for the never-ending battle against old fashioned crime and espionage on computers.
Speaker Bio:
Speaker Bio:
Mark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.
Mark helps organizations meet cybersecurity and digital transformation goals by combining learnings from across Microsoft customers with Microsoft’s experience operating and protecting hyper-scale cloud services.
Mark is co-author of the Zero Trust Playbook (http://zerotrustplaybook.com) and co-host of the Azure Security Podcast. Mark actively contributes to open standards and publications including the Zero Trust Reference Model, Zero Trust Commandments, Security Principles for Architecture, NIST Guide for Cybersecurity Event Recovery (800-184), NIST Guide to Enterprise Patch Management (800-40), Microsoft Digital Defense Report, and Microsoft Security blogs.
Mark also chairs the Security Forum and co-chairs the Zero Trust Architecture (ZTA) working group at The Open Group and has presented numerous conferences including Black Hat USA, RSA Conference, Gartner Security & Risk Management, BSides, Microsoft BlueHat, Microsoft Ignite, and Financial Executives International.
Bryan Torielli
Bryan Torielli
Specialist Leader
Deloitte
Silent Shield: Lessons learned designing, building, and going to orbit with a cyber intrusion detection payload
Silent Shield: Lessons learned designing, building, and going to orbit with a cyber intrusion detection payload
Without cyber superiority you lose! In no operational domain is that truer than in space, where cyber risk is mission risk. This session will explore lessons learned while developing and deploying an onboard cyber intrusion detection system for satellites called Silent Shield.
In this session we’ll cover everything from the initial R&D to on-orbit operations and how to apply these lessons to the mission assurance of any critical, no-fail mission that relies on an integrated system of systems, and/or a data-driven digital architecture. Topics of discussion will include: Engineering out-of-band architectures on satellites; the concept of a standardized “cyber interface” for space vehicles; the operational application of automation and AI/ML in the cyber defense of in-orbit assets; insights into link segment integrity through space and ground segment sensors; designing against the concept of system protection vs. operational resilience; not doing the adversary’s job for them; and the readiness imperative of understanding a system’s mission, architecture, and threat before being able to effectively defend the cyber terrain. The session will wrap-up with the three rules of cyber defense engineering and implementation for space systems to apply as you go forth to improve mission assurance in and through the cyber domain!
Speaker Bio:
Speaker Bio:
Bryan Torielli is a Specialist Leader at Deloitte. His primary area of expertise is Cyber Risk for Space, supporting large national satellite constellations with systems engineering and complex technical acquisitions ranging from computer systems to satellite parts and software. During his career supporting the government, he has worked with the United States Air Force and intelligence community programs. Bryan has secondary areas of expertise in Geospatial Intelligence, including Overhead Persistent Infrared technology analysis, design, and acquisition.
SUJAN DAS
SUJAN DAS
Solution/Data Architect
Deloitte
Agentic AI Framework for Real-Time Personalized Patient Care
Agentic AI Framework for Real-Time Personalized Patient Care
The rapid evolution of wearable technologies and real-time health monitoring has enabled the development of intelligent systems capable of delivering hyper-personalized patient care. This paper presents an innovative Agentic AI Framework that harnesses continuous biometric and behavioral data streams from smart watches and wearable sensors to deliver real-time, adaptive, and privacy-preserving health interventions.
At its core, the framework leverages a multi-agent architecture built on CrewAI and the Model Context Protocol (MCP), enabling autonomous AI agents to operate collaboratively, communicate seamlessly, and make context-aware decisions. Biometric sensors collect data such as heart rate variability (HRV), stress indicators, and sleep quality, while behavioral agents interpret user interactions and activity patterns through emotion recognition models. These agents are orchestrated via a Processing Coordination Hub, where real-time analytics, anomaly detection, and predictive modeling are performed using AWS Bedrock, SageMaker, and Kinesis streams, with federated learning techniques ensuring compliance with privacy regulations such as HIPAA and GDPR.
Speaker Bio:
Speaker Bio:
Sujan Das is an accomplished and hands-on technology leader with 17+ years of experience driving innovation by architecting, modernizing, and scaling enterprise-grade data platforms across cloud, AI/ML, cybersecurity, and big data landscapes to deliver secure, intelligent, and scalable business solutions. His core expertise lies in data architecture, data engineering, advanced analytics, machine learning, generative AI, and cyber/API security having led end-to-end modernization initiatives for some of the largest U.S. clients in healthcare, health insurance, banking and financial services, and the automotive sector. Holding a Master’s in Computer Science/Data Science from the University of Illinois Urbana-Champaign, he combines deep technical knowledge with strategic vision to deliver AI-powered, cloud-native solutions that drive measurable business growth and operational resilience.
Manish Bhatt
Manish Bhatt
AI Security Researcher
When Offense Thinks: Security Fundamentals Aren’t Optional anymore
When Offense Thinks: Security Fundamentals Aren’t Optional anymore
We, the security community, are entering an operational reality where AI is not the target, but the operator. Offense has shifted from human-crafted payloads to autonomous systems that can discover, adapt, and exploit at machine speed. In this environment, security fundamentals—identity, least privilege, boundary enforcement, cryptographic integrity—are no longer optional; they are the only sustainable defenses.
This keynote will present offensive AI agents purpose-built for red-team operations:
GhostLine - an AI-driven social engineering system that executes end-to-end phishing and vishing campaigns. It generates tailored lures, performs voice cloning for live interaction, and automates credential harvesting pipelines.
PhantomPipe - A proof‑of‑concept C2 framework that uses Server‑Sent Events (SSE) and the MCP protocol for agent registration, command dispatch, and result collection. By tunneling through ngrok, you can quickly expose your C2 server to the public internet for rapid testing and demonstration.
Recon+Exploit Agents - autonomous modules that combine large-scale graph exploration, vulnerability fingerprinting, and exploit synthesis, collapsing recon and weaponization phases into continuous loops.
The goal is not demonstration for its own sake, but to show how AI collapses the traditional kill chain: reconnaissance, weaponization, delivery, exploitation, and persistence can now be fully automated. These agents surface the unavoidable truth: the fundamentals we enforce—or fail to enforce—determine whether AI will harden our systems or hollow them out.
Speaker Bio:
Speaker Bio:
Manish Bhatt is a leading offensive-security engineer and AI security researcher whose work spans novel attack vectors in large-language and agentic systems, enterprise-scale exploit proofs-of-concept, and the establishment of standardized frameworks for assessing AI security risks. With over 15 years of experience including senior engineering tech lead positions at hyperscalers, Manish's interests nowadays are focused on emerging threats because of AI. Manish Bhatt serves as a core contributor to OWASP’s Agentic AI initiatives, including co-authoring the Agentic AI Core Risks scoring system (AIVSS) used globally for quantifying AI vulnerability severity.
Page updated
Google Sites
Report abuse