Inside the OWASP Top 10 for LLM Applications – Sandy Dunn – ASW #285
Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn talks about why the list looks so familiar in many ways -- after all, LLMs are still software. But the list captures some new concepts that anyone looking to use LLMs or generative AIs should be aware of.
Sandy Dunn is a CISO with over two decades of experience spanning manufacturing, healthcare, and high-growth startups. As CISO at SPLX.AI, she leads the security strategy for the company’s automated and continuous AI Security and Red Teaming platform built to defend Conversational and Agentic AI systems at scale.
Sandy is a core contributor to the OWASP GenAI Project and serves as the creator and project lead for both the OWASP GenAI Cybersecurity & Governance Checklist and the OWASP GenAI Threat Defense COMPASS
In addition to her industry leadership, Sandy is an Adjunct Professor at Boise State University, where she teaches cybersecurity courses and mentors the next generation of security professionals. Her expertise spans enterprise security architecture, AI risk governance, red teaming methodologies, and the integration of AI-specific threat modeling into modern security programs.
Dive into cybersecurity with CyberRisk Alliance for exclusive insights from RSA Conference 2024. Explore executive interviews with industry leaders, uncovering visionary perspectives on threats and strategies. Delve into curated articles on trends and innovations, equipping yourself with essential knowledge for today's cyber landscape. Visit securityweekly.com/RSAC for expert guidance and inspiration in navigating cybersecurity challenges confidently.
The Enterprise Browser & AI in Securing Software and Supply Chains – Mike Fey, Josh Lemos – ASW #285
How companies are benefiting from the enterprise browser. It's not just security when talking about the enterprise browser. It's the marriage between security AND productivity. In this interview, Mike will provide real live case studies on how different enterprises are benefitting.
Segment Resources:
This segment is sponsored by Island. Visit https://www.securityweekly.com/islandrsac to learn more about them!
The cybersecurity landscape continues to transform, with a growing focus on mitigating supply chain vulnerabilities, enforcing data governance, and incorporating AI into security measures. This transformation promises to steer DevSecOps teams toward software development processes with efficiency and security at the forefront. Josh Lemos, Chief Information Security Officer at GitLab will discuss the role of AI in securing software and data supply chains and helping developers work more efficiently while creating more secure code.
This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlabrsac to learn more about them!
Michael Fey is Island’s co-founder and CEO. Fey was President and COO at Symantec. Prior to Symantec, he was President and COO of Blue Coat. Prior to that, Mike was EVP & GM for enterprise products at McAfee and CTO of Intel Security playing a pivotal role in Intel’s acquisition of McAfee for $7.7 billion in 2010.
Fey holds a degree in Engineering Physics and Mathematics from Embry-Riddle Aeronautical University and was co-author of Security Battleground: An Executive Field Manual, providing a playbook for security obligated executives coping with the new realities of cyber security responsibilities to the board.
