Pittsburgh Cybersecurity Conference

DNS is trusted by default in the enterprise. Threat actors continually exploit this to gain access or initiate command & control.  Learn how DNS can go from being a connectivity oriented zero trust nightmare to the first line of defense in the enterprise. 

Current security models are failing to keep up with the speed, complexity, and scale of modern software. Security professionals are doing their jobs—and yet, attacks still get through. In this session, hear the story of four people caught in the aftermath of a breach: a developer, a SecOps lead, an AppSec engineer, and a compliance officer. All working in good faith. All stuck in a broken system.
This talk will introduce a new blueprint for modern software defense, modeled on the smartest of cities that have instrumented infrastructure to see, adapt, and respond in real time. Walk away with a prescriptive framework – based on context, coordination, and culture – that teams can use to stop guessing and start defending.

The age-old complaint in security engineering is that “big ideas die in the backlog.” Lengthy discovery, design, and coding cycles smother urgency—especially when threats are evolving faster than releases. Enter AI-first development, where language models collapse friction at every step of the SDLC and let small teams translate concept into running code in hours, not quarters. This talk tells the inside story of how we built a working Al Assisted Alert Agent & an Insider Threat & Fraud Detection module in a couple afternoons—then generalized the method into a repeatable playbook any security team can copy.

Highlights:

– Rethink Development Cycles – AI-assisted competitive analysis, ROI modeling, architecture drafting, and test generation—each shaved from weeks to minutes.

– Vibe Coding in practice – how “prompt-to-prototype” workflows boost individual throughput 30–40 % and democratize coding to non-developers Business Insider.

– Model Context Protocol (MCP) – an open standard that plugs LLMs into live telemetry and knowledge bases, turning context wiring from weeks of API work into minutes of config Home.

– Multi-model evaluation on AWS Bedrock – side-by-side scoring that lets you A/B test foundation models, RAG pipelines, and guardrails before a single line hits main Amazon Web Services, Inc.

As AI-powered coding assistants become more prevalent, developers are increasingly incorporating AI-generated code snippets into their projects. But the last Dora report made it clear: there is a 7.2% drop in delivery stability for every 25% increase in AI use.

In this session, we’ll explore the risks AI-generated code has on development environments. From quality issues to outright security vulnerabilities, we’ll break down real-world examples of how AI-generated code can introduce security flaws, compliance issues, and reduce overall code quality.

Key takeaways include:

• The pitfalls of AI-generated code regarding code quality and security.

• How blind implementation of GenAI code can lead to increased technical and security debt.

• Why traditional reviews often fail to catch AI-induced issues.

• Best practices for validating, securing, and integrating AI-generated code responsibly.

Join us for an engaging session where we go beyond the hype and take a critical look at the risks, while offering actionable strategies to mitigate them—without stifling innovation.

The convergence of IT and OT networks has significantly broadened the cyber threat landscape, exposing critical infrastructure to new vulnerabilities. Legacy OT systems, often lacking modern security controls, are now accessible through interconnected networks, increasing risk. To counter these threats, organizations must achieve full visibility of all networked assets using advanced discovery and monitoring tools. Equally vital is the implementation of automated threat response system- that enable rapid detection, containment, and mitigation of cyber incidents, enhancing overall resilience and security.

Cyber resiliency is a multifaceted approach that goes far beyond the simple act of backing up data. While backups are a crucial component, they are only one piece of a comprehensive strategy. To truly achieve cyber resiliency, organizations must integrate a range of advanced practices and technologies. This includes not only backup and backup recovery but also primary snapshot orchestration, which ensures that critical data is consistently protected and can be quickly restored. Additionally, services such as Threat Scan and Air Gap systems provide an extra layer of protection by isolating sensitive data from potential threats. Clean room environments and forensic tools are also essential, as they enable organizations to investigate and respond to security incidents effectively. By understanding and implementing these various elements, attendees will gain a deeper appreciation of what it takes to build a robust and resilient cyber defense.

Learn how to defend your organization against insider threats using the latest AI and Psycholinguistics. Insider threats from trusted individuals with legitimate access can cause serious harm through negligence or intent. UEBA, powered by machine learning, helps detect such threats by analyzing behavior and spotting anomalies like privilege abuse or data theft. Motivations include financial, personal, and geopolitical pressures, but detection is hindered by limited intelligence and context gaps. Enhancing analysis with psycholinguistics and language AI improves accuracy by revealing intent. A proactive, behavior-driven strategy is critical to mounting an effective insider threat defense.”

Fragmented asset visibility creates dangerous security blind spots. This presentation explores how breaking down silos to unify control over managed, semi-managed, and unmanaged assets is crucial for minimizing your attack surface. Learn how to gain comprehensive visibility, prioritize risks, and build confidence in your security posture by establishing a unified approach to asset management.