Reminiscing about May and the amazing sessions at BSidesSF?! All talks are live on our YouTube channel! Check them out: https://lnkd.in/gGnh2gXc #BSidesSF2024 #infosec #cybersecurity
BSidesSF
Computer and Network Security
San Francisco, CA 2,396 followers
Security BSides San Francisco (BSidesSF) is a non-profit organization designed to advance the body of InfoSec.
About us
BSidesSF is a non-profit organization designed to advance the body of Information Security knowledge, by providing an annual open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesSF are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
- Website
-
https://bsidessf.org
External link for BSidesSF
- Industry
- Computer and Network Security
- Company size
- 1 employee
- Headquarters
- San Francisco, CA
- Type
- Nonprofit
- Founded
- 2010
Locations
-
Primary
548 Market Street
PMB 22241
San Francisco, CA 94104, US
Employees at BSidesSF
Updates
-
BSidesSF reposted this
How to secure AWS cloud using AWS Lambda? We spoke to Lily Chau from Roku at BSidesSF about her experience and innovative approach to tackling security issues in AWS environments. From deploying IAM roles to creating impactful playbooks with AWS Lambda, Lily shared her take on automating remediation processes. We spoke about the challenges of managing cloud security with tools like CSPM and CNAPP, and how Lily and her team took a different approach that goes beyond traditional methods to achieve real-time remediation. #cloudsecurity #iam #awssecurity
Fixing Cloud Security with AWS Lambda
www.linkedin.com
-
BSidesSF reposted this
📚 tl;dr sec 238 Security Engineering @ Google Interview Notes, BSidesSF Talks, GitHub CI/CD Egress Filtering ✨ Highlights 📺 Conferences 📺 - BSidesSF 2024 videos - SpecterOps’ SO-CON 2024 videos 👨💻 AppSec 👨💻 - A simple touchID prompt'er for use in shell scripts. - Dominic White - Exploiting Client-Side Path Traversal to CSRF - Maxence Schmitt - Catching Compromised Cookies - Ryan Slama, Oliver Grubin, Grace Li ☁ Cloud Security ☁ - Tool to scan GCP DNS for vulnerable domain records - Paul Schwarzenberger - Cloud Threat Landscape Defenses - Wiz - Permissions Boundaries Made Easy - Rich Mogull - AWS Network Firewall egress filtering can be easily bypassed - Jianjun H. 👩💼 Career 👩💼 - The difference between good and great hackers - Dominic White - People who quit their big tech job to found a startup are bad at financial projections - Alex Sukhanov - Security Engineering at Google: My Interview Study Notes - Grace Nolan - 10 Common Interview Questions, How to Stand Out and Get the Offer - Aakash Gupta 📦 Container Security 📦 - GitOps Toolkit Controller: Automates Container Image Tag Updates in Git YAML - Mitmproxy Blueprint: Intercept HTTPS Traffic from Kubernetes Apps - Ofir Cohen ⛓ Supply Chain ⛓ - regreSSHion: Remote Unauth Code Execution sshd - Bharat Jogi - Bullfrog: Secure GitHub Workflows with Egress Policies - ReversingLabs Launches Spectra Assure Community - CocoaPods Vulnerabilities - Reef Spektor, Eran Vaknin 🛡 Blue Team 🛡 - Memory scanning tool for detecting malicious techniques and user-mode rootkits - Daniel Jary - Detecting Linux stealth rootkits with directory link errors - Sandfly Security 😈 Red Team 😈 - Voidgate: A technique that can be used to bypass AV/EDR memory scanners - When the hunter becomes the hunted: Using custom callbacks to disable EDRs - Saad AHLA 🤖 AI + Security 🤖 - Webinar: How AI is changing work for Security teams - Daniel Miessler, Drew Dennison, Jackie Bow - Block AI bots, scrapers & crawlers with a single click - Cloudflare - PII Detective: identify PII in BigQuery and Snowflake - Kyle Polley - Sinon - Windows Burn-In automation with GenAI for Deception - James Brine - Real World AI Definitions - Daniel Miessler https://lnkd.in/g4eFMMX2 #cybersecurity #security #security #ai
[tl;dr sec] #238 - Security Engineering @ Google Interview Notes, BSidesSF Talks, GitHub CI/CD Egress Filtering
tldrsec.com
-
BSidesSF reposted this
ICYMI, my talk from BSidesSF on 5 security startups I wish existed is now online 📺 Watch the talk: https://lnkd.in/g3muZ3DW Get the slides: https://lnkd.in/gxRwEHDj
BSidesSF 2024 - 5 security startup pitches to raise money and eyebrows (Maya Kaczorowski)
https://www.youtube.com/
-
BSidesSF reposted this
For those of you who walked through AMC on Saturday afternoon hearing me, the program ops lead, yell out “Tracks and Overflow are full!”, and missed out on those incredible 1:30pm talks, now’s your chance to catch them. :) Thank you all for your patience in waiting. (We filled a track WITH overflow completely, 7 mins before the talk STARTED. Definitely a record for us here at BSidesSF). #BSidesSF #bsidessf2024 #rsac #security #infosec
Reminiscing about May and the amazing sessions at BSidesSF?! All talks are live on our YouTube channel! Check them out: https://lnkd.in/gGnh2gXc #BSidesSF2024 #infosec #cybersecurity
BSidesSF 2024
youtube.com
-
BSidesSF reposted this
President @ Aquia | Cyber Innovation Fellow @ CISA | Chief Security Advisor @ Endor Labs | 2x Author | Veteran
Apply AI to Security There's been a ton of attention on two aspects of AI, which are Securing AI, and Leveraging AI for Security. While the first topic brings a lot of FUD, the second brings a lot of excitement. One major benefit of content creation is coverage. When you're constantly curating content, you're able to aggregate resources, insights and data on topics. Few do it better in our industry than Clint Gibler of tl;dr sec That's why his talk "TL;DR: Applying AI to Security" from BSidesSF is really awesome. He covers a TON of content and insights from the industry when it comes to applying AI to security. His talk focuses on a big picture understanding of applying AI to security, as well as tactical examples. The talk covers: - Use cases, such as AppSec/SAST, Code Review, Pen Testing, Threat Modeling, Secure Design Reviews and much more - Resources and Reflections, leveraging Clint's incredible coverage of the AI content landscape, citing reports, talks, blogs and many other examples from some of the industry's best who are sharing their learnings. If you're interested in how AI is and can potentially be applied to security, this is definitely one to check out! And, if you aren't already subscribed to tl;dr sec you're doing yourself a disservice.
-
-
BSidesSF reposted this
Pleased to share the recording of my BSidesSF 2024 talk on leveraging AI to automate cyberGRC operations. Bridging the gap between the legal guidance and technical controls in an increasingly regulated space is becoming important for cybersecurity leaders. There is no platform more exciting than BSidesSF for me to share my experiences with the cybersecurity community on balancing compliance and innovation. My talk outlines the reference architecture for an agentic AI system to help streamline cyberGRC operations, including a demo. It uses OpenAI GPT4 as the base model, LangChain for RAG + AI Agents, FAISS for storage and search library, and using zero-shot learning for initial fine-tuning. It’s been an honor to present at this conference for the 3rd time this year, and looking forward to more! #BSidesSF2024 #cybersecurity #GRC #compliance #AgenticAI
BSidesSF 2024 - Cybersecurity meets Generative AI: Automating Your Compliance... (Rafae Bhatti)
https://www.youtube.com/
-
BSidesSF reposted this
Our BSides SF panel video is up and I have to say that this was a lot of fun. Ariel S. was a great moderator and put all of us panelist Jacob Salassi, Julia K. and Mukund Sarma on the hot seat because she asked a number of spicy questions 🌶️🌶️🌶️ One of the 🏆 best pieces of advice 🏆 that I received early in my Security career was to network with other like-minded (AppSec) individuals. My boss, Ben Sapiro, came from an Infrastructure Security background and he recommended that I should talk to and learn from other AppSec folks. This advice definitely accelerated my career 💪💪💪 As I started to work at companies based in San Francisco, I started to network with AppSec folks in the Bay Area. This is when I started to learn a lot about AppSec at scale and the challenges with scale. It is different securing a company that has millions of users vs thousands of users. 🚀🚀🚀 If you want to accelerate your Security journey, reach out to your peers and talk to them. I would also recommend that you reach out to folks in your industry. If you are in the healthcare space, find peers in the healthcare space. If you are in Fintech, find others in Fintech. Security folks are typically friendly and more often than not, you will have opportunities to chat about your challenges and have someone to bounce ideas off of. I still continue to chat regularly with friends at Chime, Netflix, Snowflake, Datadog, etc. Which is why it was great sitting on a panel with Jacob, Julia, Mukund and Ariel. We have been chatting for years and I have learned so much from them. Learn and grow by expanding your network. Catch our spicy panel here: https://lnkd.in/gwGS6U7Q
-
-
BSidesSF reposted this
All of the BSidesSF 2024 talks are now up on their YouTube channel. Check out Komal Dhull and Nathan Brahms talk on: How to secure cloud machine identities. https://lnkd.in/dbXySq6Y
BSidesSF 2024 - How to Secure Cloud Machine Identities (Komal Dhull, Nathan Brahms)
https://www.youtube.com/