Conference – AIS Home | Assured Information Security

AIS at Naval Surface Technology and Innovation Consortium (NSTIC)

A1Sadmin — Wed, 16 Oct 2024 19:58:16 +0000

Author: Travis Akers, Business Development Director
Two-minute read

Earlier this month, I had the privilege of representing Assured Information Security (AIS) at a three-day Naval Surface Technology and Innovation Consortium (NSTIC) collaboration event in Fredericksburg, Virginia.

All three days were packed with opportunities to engage with Naval Surface Warfare leaders, subject matter experts, program managers, technical directors and industry partners. The event included a full day tour of Naval Surface Warfare Center Dahlgren Division (NSWCDD) with stops in the Human Systems Integration Lab, Hypersonic Integration and Test Facility, Vertical Launching System Lab and an LCS/Future Modular Capability demonstration. During the tours, we had the rare opportunity to speak directly with government researchers and engineers to better understand the challenges being faced within the Navy’s surface fleet and integrating rapidly evolving technologies and capabilities to maintain the competitive edge against adversaries in the maritime domain.

The highlight of the event was being one of 10 companies to present, allowing me to share the AIS story with more than 200 attendees, including an audience with senior Naval flag officers, large and small defense industry businesses and warfighters: the end users of our products and services contributing to the national security apparatus. Participants heard from numerous program managers who provided an overview of NSWCDD and the command’s technical approach. The published pre-event statement of needs provided industry partners an opportunity to explore new business with the U.S. Navy, where I was able to meet with government representatives and discuss the advanced research and development capabilities of AIS and how our teams of technical experts, engineers and scientists can meet the 21st century challenges facing the Navy. NSTIC 2024 contained a few light moments as well, with multiple networking events held throughout the three days and a social hour mixer with industry partners to establish new relationships and identify potential leads for new business opportunities in the coming months and years.

Attending the NSTIC collaboration event was a great experience and demonstration of how vital public-private partnerships are in national security. AIS continues moving forward in establishing a strong presence in the U.S. Navy and becoming the small business of choice for cyber operations, mission solutions and advanced research and development.

AIS at SVIP Demo Week

A1Sadmin — Thu, 13 Jun 2024 15:23:24 +0000

Author: Tiffany, Reverse Engineer III
Two-minute read

On May 21 and 22, I attended the Department of Homeland Security (DHS) Science & Technology Silicon Valley Innovation Program (SVIP) Demo Week in Alexandria, VA.

I, along with my colleague Brandon, represented AIS at this annual showcase of nearly 40 SVIP-funded startup companies and their innovative technologies addressing DHS missions. AIS’s role is to support various SVIP portfolio companies in creating robust products and demonstrating the products’ efficacy in meeting DHS and/or broader customer needs.

Topics for which portfolio companies presented demos of their products included:

Sensor Technologies (deployable tracking buoys for USCG)
HealthTech
Computer Vision
Data Analytics
Language Translation
Cybersecurity Startups
Digital Credentials
Digital Wallets

The conference included more than 260 attendees from startups, large and small businesses, government agencies, VCs and academic institutions who were able to experience and participate in technology demonstrations and meet the founders in the Startup Tech Expo. Participants also heard from two special DHS keynote speakers, industry leaders, tech investors, DHS operational agencies and SVIP partners whose innovative solutions are supporting DHS missions.

Video recordings of the demos presented at the conference

WATCH HERE

Attending SVIP Demo Week was an incredible experience. It was inspiring to see cutting-edge technologies and innovative solutions that are enhancing national security. The collaboration between the DHS and the tech community is a testament to the power of public-private partnerships in driving technological advancements. As an engineer, witnessing firsthand the practical applications of these innovations has been both motivating and enlightening, reaffirming my belief in the vital role that technology plays in safeguarding our future. Our team at AIS is proud to support these outstanding startups and their contributions to DHS missions.

Learn more about AIS capabilities:

https://www.ainfosec.com/capabilities/cyber-operations/

AIS at ISC2 Security Congress

A1Sadmin — Mon, 13 Nov 2023 19:36:57 +0000

Author: John, ISSM at AIS
Five-minute read

I recently attended the 2023 ISC2 Security Congress in Nashville, Tennessee, and was surrounded by 4,000+ professionals in the cybersecurity industry. This four-day conference focused on the latest trends, threats and emerging technologies in the field. I learned of this conference back in the spring after having passed my CISSP (Certified Information Systems Security Professional) exam in December 2022 and becoming an endorsed member of ISC2 in January this year.

The Conference Experience

The conference featured nearly 150 speakers across 135 different sessions with representation from 75 countries. Each day, members were allowed to pick and choose which presentations they would attend. During breakout sessions, we would visit the Exposition Hall to network with peers and talk with industry vendors. The conference took place at the absolutely stunning Gaylord Opryland Resort & Convention Center which ranks as the largest non-gaming, in-hotel exhibition space in the world and has over 3.3 million square feet of space.

The In-Depth Presentations

I attended more than 15 presentations and keynotes over the course of the conference. Some of my favorite discussions were included in the following:

Legal Perspectives on the NIST AI Risk Management Framework
Generative AI: Your New Secret Weapon or Insider Threat?
Learning from History: What Past Cyber Attacks Taught Us
ISC2 on Point with Careers: How to Lead High-Performance Security Teams

We had five distinguished keynote speakers that included Andy Greenburg, senior writer for WIRED and author of Tracers in the Dark Web; Dr. Nita Farahany, distinguished professor, scholar and author of The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology; Dr. Rumman Chowdhury, former Director of AI Ethics; Jenny Radcliffe, ‘The People Hacker’ and Dr. Richard Harris, Australian anesthesiologist and cave diver who played a crucial role in the 2018 Thailand cave rescue of the boy’s soccer team.

Noteworthy Take-Aways

We learned about a hacker group called “Scattered Spiders” that is on the forefront of the social engineering of helpdesks. Their most recent attack took down MGM Resorts and did $100 million in damages last month. The attacker will make a phone call and give the name of an employee that is linked to the organization and request a change in Okta (or similar SSO solution) and/or a change within Active Directory.

I became familiar with a new role that exists in the industry; A Customer Security Evangelist. There were many people I talked to at the conference that either held this position or knew about it. It is an external-facing point-of-contact that is well-versed in the inner-workings of the cybersecurity behind each product that their company sells and can field customer concerns and questions. This ensures all customers know who to ask to get the most accurate details regarding the cybersecurity of a product rather than be told different things by whomever is available at the moment to give their best guess.

FINAL THOUGHTS

My first ISC2 Security Congress shattered expectations. The people and presentations were full of knowledge and opened my eyes to ideas and concepts. It was very intriguing to talk with others in the industry who deal with cybersecurity day in and day out, and to see that we all face very similar challenges in the field. This conference was a great way to be brought back up to speed with the current state of affairs in the cybersecurity realm and hear the latest from the experts. I am obligated to get CPE (Continuing Professional Education) credits to maintain my membership with ISC2 and these presentations were a great way to earn some of that credit. I am extremely grateful to AIS for the opportunity to attend this and I look forward to helping drive our mission forward in a safe and secure cyber world.

My First DEFCON Experience

Chris P — Mon, 28 Aug 2023 21:34:58 +0000

By Aaron, Reverse Engineer
Six minute read

Since the first time ever hearing of DEFCON, I have wanted to attend. I love working on all the crazy systems we come across here at AIS, and I always imagined DEFCON being an extension of this environment. A place were the latest technologies and security discussions took place.

After finally getting the privilege to attend DEFCON, which took place August 10 through 13 in Las Vegas, Nevada, my expectations were certainly surpassed. From learning from some incredibly talented individuals and teams to watching seas of hackers compete in a variety of Capture the Flags (CTFs), DEFCON was a truly amazing experience. It’s almost indescribable the variety of security fields and levels of technical skill encountered. If there’s a field of security you’d like to know more about, it’s nearly guaranteed there’s a group in attendance eager to share and learn.

The Overwhelming Atmosphere

Just stepping off the plane in Vegas is a sensory overload. Flashing machines, towering buildings, and massive pieces of artwork towering over the city. While overwhelming at times, it was an experience in itself. Present across several casino and conference buildings, DEFCON was in full force with a sea of people in flashing LED badges down every hallway. Following these streams, you’d find yourself at many of the famous DEFCON villages.

The vast array of villages was something to behold. If I wanted to physically hack on a car, such as a Tesla, there was a village for that. If I wanted to hack into a security system thermal IR camera, there was a village for that. If I wanted to pick locks, use AI in hacking, hack a satellite, learn about biohacking, or even where to start with monitoring police communications, there was a village for that.

On top of the vast diversity of topics covered at DEFCON, it would be an easy task to spend all of DEFCON in a single village. Each village was a treasure trove of knowledge in each niche of the industry, with relevant talks and seasoned professionals wherever you look. DEFCON was, in the best way, an overwhelming experience for security minded individuals.

The Mind-Blowing Talks

From outstanding technical skill demonstrated by Google Red Team engineers to hilarity surrounding social engineering skills, DEFCON certainly brings fantastic industry talks. It is a surreal experience being in a room with hundreds of listeners tuning into the same security talk as you in the growing industry of cyber security. Be it learning how some crazy mathematicians subverted multi-key cryptographic implementations to incredibly proficient security engineers identifying and deploying wireless exploits against smartphone cellular modems, DEFCON truly has amazing talks for everyone. It’s hard not to feel like a student again surrounded by such talented individuals presenting their latest findings.

Yet even with many of the very impressive technical talks, DEFCON hosts even more talks open to those beginning in security or simply looking for a means to share their latest hacking story in an entertaining fashion. From the social engineering vishing competition to reconnaissance presentations on public data streams, it is easy for one to find something they find both interesting and digestible.

Learning From the Pros

It’s nearly impossible not to feel humbled by the shear technical depth that many at DEFCON possess. That said, DEFCON was a truly welcoming experience. Every presenter and village participant I spoke to was quite happy to answer the questions I had. There was a sense of inclusion rarely felt in large gatherings like this, where everyone regardless of background was welcomed and encouraged to learn and share their insights. If you’re looking to learn more about a niche field of cybersecurity, or even break into new areas you’re completely unfamiliar with, DEFCON provides a hospitable environment to do so.

Capture The Flag (CTF) Challenges

While I knew CTFs were a large part of DEFCON, it was truly an experience to walk past hundreds of participants all hacking away at various CTFs. From hacking an actual satellite in orbit to wreaking havoc on a miniature city’s infrastructure, water works and all, there was hardly a dull moment. Most notably, many of these CTFs were quite inviting, with exceptional staff and various levels of skill encouraging all to participate.

Ethics and Responsibility

I asked ChatGPT what DEFCON was, and was happy to see this final paragraph:

“Started in 1993, DEFCON has grown into a significant event in the cybersecurity and hacker communities. It takes place in Las Vegas, Nevada, and attracts thousands of participants from around the world each year. While DEFCON provides a platform for education and networking, it’s important to note that the event also emphasizes responsible and ethical behavior in the realm of hacking and cybersecurity.”

Rarely is hacking portrayed as ethical and responsible in media, but DEFCON does an excellent job in highlighting the need for this. Every talk I attended began or covered their disclosure process and emphasized the importance of doing so. Better yet, there were full legal talks on how to properly disclose vulnerabilities, and villages dedicated to cybersecurity policy. It was comforting to see such a large space of the industry and community share our goal of creating a better and safer digital world.

Closing Remarks – Thank You AIS

My first DEFCON experience was everything I had hoped for and more. So many interesting topics and people, expanding my love for hacking both professionally and personally. While I may not have walked away with a coveted black badge, I did leave with a sense of community and means of further development. I hope that one day I may return to DEFCON, both as a participant and contributor to our industry.

Attending DEFCON has also given me a greater appreciation for my time at AIS. Many of the main stage talks and villages had a sense of familiarity due to the plethora of systems and technologies we come across in our day-to-day work. While it was certainly humbling learning the latest techniques and methods the best of the best employ, I was still able participate and actively apply what I learned here. It felt as though DEFCON was a seminar and industry engagement to extend my knowledge rather than build it. That is why I wish to say thanks to AIS and the SAE team I am happily apart of, for keeping us at the forefront of the cybersecurity industry.