ISSA Los Angeles

You must register and pay to attend: https://www.eventbrite.com/e/root-zone-dnssec-trust-anchor-management-tickets-1246711972069

### Topic One : Root Zone DNSSEC Trust Anchor Management: Securing the Key Signing Key (KSK)

This talk will discuss the management of the DNSSEC trust anchor for the Internet.

The quarterly KSK ceremonies which generate the cryptographic signatures allowing DNSSEC operations will be presented including:

● Physical and Logical Security Design
● Community involvement
● Audit and Transparency/Chain of Custody
● Hardware Security Modules
● Programmable Ceremony Scripts
● Maintenance and Lifecycles

The presentation will demonstrate how this novel approach to operations and security with an “open source” style of continuous improvement promotes trust perception.

Speaker One: Aaron Foley

Aaron Foley is a Senior Cryptographic Key Manager for the Internet Corporation of Assigned Names and Numbers (ICANN). His primary responsibility is the management of the Root DNSSEC KSK trust anchor, essential to global DNSSEC implementation. He has served in this role since 2019 and has been employed by ICANN in varying capacities since 2015.
Aaron has 25+ years of Internet related IT/security experience.

### Topic Two: Navigating AI Governance at an Enterprise Level

Challenges, opportunities and pragmatic approach to accelerate the journey and ensure AI is adopted in a responsible manner.

### Speaker Two: Pedro Tavares

Mr. Tavares is a Senior Data Scientist at Glencore with over 10 years of experience applying data analytics and data science across various industries and companies. He is a co-author of the OpenEmsembles framework, holds an MSc in Data Science, and is certified in AI Governance (AIGP), Fraud Data Analytics (ACFE), and Internal Audit (IAP/IIA). His current focus is on developing practical AI governance frameworks that help organizations embed responsible AI practices into their AI strategy and development processes.

You must register and pay to attend: https://www.eventbrite.com/e/practical-ways-to-strengthen-your-grc-program-tickets-1312131654099

### Topic One: Practical Ways to Strengthen Your GRC Program

The pendulum has swung to the opposite extreme and it’s time for it to come center. Our IT operations are full of “too much”. Too many tools. Too many unreferenced documents. Too much unmanageable data. Too many confusing controls from too many vague regulations and frameworks. Very few of these things actually align to our real operations. We have created all of this overwhelming noise and meanwhile are losing data at a ridiculously drastic rate.

Let’s stop continuing to do the same things that got us into this mess and expecting different results. This session will bring us all back to best practice governance basics and provide attendees with three very practical recommendations that they can use the very next day.

### Speaker One: Karina Klever

Karina Klever has spent more than 35 years in technology, starting in 1989 as a computer operator. After programming and decades of project/program management, she began focusing on compliance in the early 2000s. Over the next 20 years, Karina would go on to establish GRC Centers of Excellence for Fortune 500 companies.

After years of witnessing compliance being implemented as nothing more than a checkbox exercise, Karina opened her own boutique company, Klever Compliance, to guide midsized companies into establishing governance programs that are appropriate for their particular industry, level of maturity, size, risk posture, and goals. Klever Compliance is tool agnostic and works across industries, maturities, regulations and frameworks. Checkbox compliance leaves gaping security holes, so Karina's approach is to align actual operations to controls, instead of the other way around.

### Topic Two: Cybersecurity and AI: Advancements, Workforce Impact, and Future Challenges

AI isn't just changing cybersecurity—it's completely rewiring the battlefield. This talk exposes the hard truth about autonomous defense systems, AI-powered red teams, and attackers now capable of launching machine-speed campaigns that bypass traditional controls.

We'll tackle the workforce earthquake happening as junior roles vanish and senior positions demand hybrid human-AI skills, while exploring why your sprawling security tool collection creates more vulnerabilities than it solves. Forget vendor hype—this session delivers actionable strategies for navigating the AI cyber arms race while preserving the irreplaceable human expertise that separates security victories from catastrophic failures.

### Speaker Two: Ron Dilley

Ron Dilley works at IS2 as a Principal Cyber Security Architect, focusing on fostering innovation and pushing the boundaries of what’s possible in technology to deliver exceptional value for clients. He is also on the IANS Research Faculty. As a cybersecurity innovator, he works with many cross-functional teams to develop novel security solutions and enhance security capabilities that improve customer experiences while frustrating adversaries.

He is a seasoned information security practitioner and thought leader with more than two decades of experience building, implementing, and leading information security practices responsible for the overall security posture and risk management of global companies. He is focused on security innovation, research, and development, and has overseen and revitalized infosec teams and advised on mergers, acquisitions, and divestitures from an infosec perspective.

He also serves the cyber security community through open-source tools and solutions for real-world security challenges, including current work on stateless TCP (honeypi), the IR Directory Scanner (difftree), Log Templater (tmpltr), SSH Canary (sshcanary), Log Pseudo Indexer (logpi), and Wirespy Daemon (wsd).

You must register and pay to attend: https://www.eventbrite.com/e/cybersecurity-in-the-age-of-ai-navigating-unseen-threats-tickets-1292147771769

### Topic One : Cybersecurity in the Age of AI: Navigating Unseen Threats

Now more than ever, cybersecurity is paramount for protecting sensitive data from breaches and attacks. The integration of AI in business processes brings both efficiency and new cybersecurity challenges. This presentation explores the dual nature of AI as both a business asset and a potential threat. It highlights how AI enhances productivity, transforms customer service, and enables predictive analytics, while also posing risks such as data privacy concerns and the potential for malicious use.

The presentation will delve into AI's role in cybersecurity, including its ability to detect threats and respond to breaches in real time. It also addresses the darker side of AI, such as its weaponization by cybercriminals, enhanced attack capabilities, and the challenges in detecting AI-driven threats like data poisoning, AI-enabled malware, and sophisticated social engineering attacks. Real-world examples illustrate the significant impact of these threats on businesses.

We'll discuss how to mitigate AI risks, discuss future trends, emphasize the need for businesses to adapt to new AI threats and opportunities, and the role of predictive analytics in future defenses.

Speaker One: Ken May

Ken May is CEO of Swift Chip and a cybersecurity expert with more than a dozen industry certifications. He has significant experience in the fields of offensive threat modeling, digital information security analytics, intrusion detection, and response.

Ken is a Community Instructor for SANS and also teaches at Oxnard College.

Along with his work in the IT industry, Ken is also an active community member, serving on the SANS Advisory Board and previously serving on the CompTIA IT Security Executive Council, the Business Advisory Board at the Museum of Ventura County, and the Industry Advisory Council at Oxnard College.

### Topic Two: The Routing Security Crystal Ball: RPKI Yesterday, Today and Tomorrow

Join us for a deep dive into the evolution of Routing Security and the key factors that led to the development of Resource Public Key Infrastructure (RPKI). We'll explore the timeline of its initial deployments and the pivotal moments that brought RPKI to the forefront of the global Internet community. Recent U.S. government initiatives have prioritized the creation of RPKI Route Origin Authorizations (ROAs) to bolster network security. Finally, we’ll look ahead into the future of RPKI, examining upcoming developments and long-term plans being discussed within standards bodies and the broader Internet community.

### Speaker Two: John Sweeting

John Sweeting is the Chief Experience Officer for the American Registry for Internet Numbers (ARIN), accountable for the overall customer experience and development of all customer services and applications. He is responsible for the direction and operations of the Registration Services Department, Communications Department, and Customer Experience and Strategy Department. Prior to joining ARIN, he served 12 years on the ARIN Advisory Council, six of which he was the Chair, and one year on the Address Supporting Organization’s Address Council (ASO AC). John participated on the Consolidated RIR IANA Stewardship Proposal (CRISP) team that was convened in December 2014 to guide development of the Number Community response to the IANA Stewardship Transition Coordination Group’s RFP.

John’s experience in the Internet industry includes building and managing large global networks with international carriers such as Internet MCI, Cable & Wireless, Teleglobe, and Tata Communications. Immediately prior to joining ARIN, John served as the Senior Director of Architecture and Engineering for Time Warner Cable, responsible for the selection and testing of all network infrastructure from the core backbone to the service delivery platforms.