Cyber Risk Series To be or not to be: Patch is the Question

As AI and large language models (LLMs) rapidly transform industries, they also introduce new vulnerabilities that traditional cybersecurity methods can’t fully address—data leaks, non-compliance, intellectual property theft, and more. In fact, 94% of IT leaders have allocated budgets to safeguard AI in 2024, and this number is expected to rise significantly as AI and LLM adoption continues. The modern attack surface has evolved, making AI and LLMs prime targets for cyberattacks.

In this edition of the Cyber Risk Series, we’ll tackle the most pressing AI security challenges, explore the hidden risks in your AI and LLM workloads, and forecast the 2025 AI security landscape. This event will bring AI security to the forefront, empowering security leaders to defend against emerging threats.

Wednesday, December 4, 2024

Virtual

Featured Speakers

Sumedh Thakar

Sumedh Thakar
President and CEO, Qualys

Graham Cluley

Graham Cluley
Smashing Security

Dr. Jessie Jamieson

Dr. Jessie Jamieson
Senior Cyber Risk Engineer - Cyber Risk and Resiliency Directorate, CERT Division

Steve Wilson

Steve Wilson
Chief Product Officer, Exabeam

Preeti Ravindra

Preeti Ravindra
Data, Math & Software or Security

Laura Seletos

Laura Seletos
Principal Cloud Security Architect, NVIDIA

Joe Petrocelli

Joe Petrocelli
VP Product Management, Qualys

Key topics:

  • Full AI & LLM Workload Discovery
  • AI Vulnerability Management
  • Risk-Based Prioritization
  • Compliance & Legal Protection

Agenda

10:00 AM PT

Welcome to the Cyber Risk Series!

Graham Cluley

Smashing Security

Join us as we engage in thoughtful discussion and get expert insight on the importance of securing AI / LLM workloads.
Watch Now

10:10 AM PT

Redefining Risk and Resilience in a New Cyber Era

Sumedh Thakar

President and CEO, Qualys

In a time when AI and LLMs are transforming both opportunities and threat landscapes, Sumedh will examine how CISOs and cybersecurity leaders can address the emerging complexities of AI security. Attendees will gain insights into risk-informed approaches that allow organizations to harness AI’s potential while safeguarding against evolving vulnerabilities.
Watch Now

10:30 AM PT

Chatbots Breaking Bad: Unmasking the Risks of LLMs

Steve Wilson

Chief Product Officer, Exabeam

As AI and large language models (LLMs) become integral to business operations, understanding their unique risks is critical. In this session, I’ll draw from my experience building production LLM systems at Exabeam, insights from my work with OWASP, and lessons from my award-winning O’Reilly book to uncover the vulnerabilities lurking in today’s generative AI. We’ll examine key security gaps and discuss actionable strategies to mitigate threats in an evolving landscape.
Watch Now

11:00 AM PT

Security in the Age of AI

Laura Seletos

Principal Cloud Security Architect, NVIDIA

The landscape of cybersecurity has undergone a profound shift as we embrace the potential of AI to revolutionize industries. In this talk, we delve into the critical imperatives for securing our digital ecosystems in the age of AI and explore the urgent need to transform these architectures to accommodate AI-driven workloads. From edge devices to cloud infrastructure, our systems must evolve to handle the demands of AI algorithms while also maintaining robust security. We’ll discuss NVIDIA’s significant role in fortifying cybersecurity, including NVIDIA Morpheus, digital fingerprinting, and behavior analytics.
Watch Now

11:30 AM PT

Becoming More Comfortable with Risk-Informed Secure AI

Jessie Jamieson

PhD, Senior Cyber Risk Engineer CERT Division CMU SEI

Emergent technologies like generative AI can sometimes take security professionals out of their comfort zone and challenge preconceived notions about what it means to secure a system or capability. The new challenges that come with securing AI have also forced us to revisit risk and resilience in a threat landscape that has quickly shifted into novel attack spaces.
Effectively managing enterprise cybersecurity risks has historically been facilitated by the adoption of robust risk management frameworks, tools, and processes that directly link risks to actions. For this talk, we will illustrate how the concepts that have traditionally afforded us the ability to mitigate and respond to risk through security are the same concepts we can apply to secure capabilities enabled by emergent technologies, including AI. Along the way, we will examine what it is that makes us uncomfortable with AI and discuss concrete steps to take that will make us more comfortable with deploying these capabilities confidently and securely.
Watch Now

12:00 PM PT

Risk Mitigation for AI with Secure Development Lifecycle

Preeti Ravindra

Data, Math & Software for Security

The session provides actionable insights for organizations looking to implement robust security practices in their AI development practices while balancing innovation with risk mitigation. We explore integrating AI development and security lifecycles, offering a practical framework for risk management. We examine how secure development lifecycle (SDL) principles can be adapted for AI systems. The discussion covers distinct risk considerations from both AI model providers’ and consumers’ perspectives. We’ll analyze appropriate controls and risk mitigation strategies at different stages.
Watch Now

12:30 PM PT

Navigating Security Challenges of Large Language Models with AI Asset Visibility and Model Scanning

Joe Petrocelli

VP Product Management, Qualys

As organizations adopt LLMs rapidly, security challenges arise, especially when development teams deploy these models without notifying security teams. Total AI enhances visibility, offers proactive scanning, and categorizes AI vulnerabilities, helping organizations secure their infrastructures and manage risks effectively. A demo showcases how users can manage AI assets and address vulnerabilities.
Watch Now

Tap into expert cyber risk insights every quarter!

Subscribe

Missed past Cyber Risk Series events?

Watch full recordings of every session.

Watch Now
Sumedh Thakar

Sumedh Thakar

President and CEO, Qualys

Qualys
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
Jonathan Trull

Jonathan Trull

CISO & SVP Security Solution Architecture, Qualys

Qualys
Jonathan Trull is a longtime security practitioner and CISO & SVP Security Solution Architecture with over 18 years of experience in the cybersecurity industry and is currently the Senior Vice President of Customer Solutions Architecture and Engineering at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. While at Microsoft, Jonathan led the Microsoft Detection and Response Team (DART) whose mission was to respond to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks and included the investigation of and response to the NOBELIUM threat actor campaign which leveraged the SolarWinds supply chain. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA. Jonathan is a veteran of the U.S. Navy finishing his career as a Lieutenant Commander supporting the Information Warfare Domain.
Eran Livne

Eran Livne

Senior Director, Endpoint Remediation, Qualys

Qualys
Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti's enterprise security and endpoint security and management solutions. Eran holds a bachelor's degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.