Can we automatically and provably quantify and control the information leakage from a black-box processing? From a statistical inference standpoint, in this talk, I will start from a unified framework to summarize existing privacy definitions based on input-independent  indistinguishability and unravel the fundamental challenges in crafting privacy proof for general data processing. Yet, the landscape shifts when we gain access to the (still possibly black-box) secret generation. By carefully leveraging its entropy, we unlock  the black-box analysis. This breakthrough enables us to automatically "learn" the underlying inference hardness for an adversary to recover arbitrarily-selected sensitive features fully through end-to-end simulations without any algorithmic restrictions. Meanwhile,  a set of new information-theoretical tools will be introduced to efficiently minimize additional noise perturbation assisted with sharpened adversarially adaptive composition. I will also unveil the win-win situation between the privacy and stability for simultaneous  algorithm improvements. Concrete applications will be given in diverse domains, including privacy-preserving machine learning on image classification and large language models, side-channel leakage mitigation and formalizing long-standing heuristic data obfuscations. About the speaker: Hanshen Xiao is an Assistant Professor in the Department of Computer Science. He received his Ph.D. degree in computer science from MIT and B.S. degree in Mathematics from Tsinghua University. Before joining Purdue, he was a research scientist at NVIDIA Research. His research focuses on provable trustworthy machine learning and computation, with a particular focus on automated black-box privatization, differential trust with applications on backdoor defense and memorization mitigation, and trustworthiness evaluation.

The current largest challenge in ML-based malware detection is maintaining high detection rates while samples evolve, causing classifiers to drift. What is the best way to solve this problem? In this talk, Dr. Botacin presents two views on the problem: the scientific and the engineering. In the first part of the talk, Dr. Botacin discusses how to make ML-based drift detectors explainable. The talk discusses how one can split the classifier knowledge into two: (1) the knowledge about the frontier between Malware (M) and Goodware (G); and (2) the knowledge about the concept of the (M and G) classes, to understand whether the concept or the classification frontier changed. The second part of the talk discusses how the experimental conditions in which the drift handling approaches are developed often mismatch the real deployment settings, causing the solutions to fail to achieve the desired results. Dr Botacin points out ideal assumptions that do not hold in reality, such as: (1) the amount of drifted data a system can handle, and (2) the immediate availability of oracle data for drift detection, when in practice, a scenario of label delays is much more frequent. The talk demonstrates a solution for these problems via a 5K+ experiment, which illustrates (1) how to explain every drift point in a malware detection pipeline and (2) how an explainable drift detector also makes online retraining to achieve higher detection rates and requires fewer retraining points than traditional approaches. About the speaker: Dr. Botacin is a Computer Science Assistant Professor at Texas A&M University (TAMU, USA) since 2022. Ph.D. in Computer Science (UFPR, Brazil), Master's in Computer Science and Computer Engineering (UNICAMP, Brazil). Malware Analyst since 2012. Specialist in AV engines and Sandbox Development. Dr. Botacin published research papers at major academic conferences and journals. Dr. Botacin also presented his work at major industry and hacking conferences, such as HackInTheBox and Hou.Sec.Con.Page: https://marcusbotacin.github.io/

Trust in modern AI systems hinges on understanding how they learn—and, increasingly, how they can forget. This talk develops a geometric view of trustworthiness that unifies structure-aware optimization, stability analysis, and the emerging science of unlearning. I will begin by revisiting the role of sharpness and flatness in shaping both generalization and sample sensitivity, showing how the geometry of the loss landscape governs what models remember. Building on these insights, I will present recent results on Sharpness-Aware Machine Unlearning, a framework that characterizes when and how learning algorithms can provably erase the influence of specific data points while preserving accuracy on the rest. The discussion connects theoretical guarantees with empirical findings on the role of data distribution and loss geometry in machine unlearning—ultimately suggesting that the shape of the optimization landscape is the shape of trust itself. About the speaker: Rajiv Khanna is an Assistant Professor in the Department of Computer Science. His research interests span various subfields of machine learning including optimization, theory and interpretability.Previously, he held positions of Visiting Faculty Researcher at Google, postdoctoral scholar at Foundations of Data Analystics Institute at University of California, Berkeley and a Research Fellow in the Foundations of Data Science program at the Simons Institute also at UC Berkeley. He graduated with his PhD from UT Austin.

This seminar examines the challenges of securing Linux (and legacy UNIX) systems in heterogenous enterprise environments, where cohabitant Windows infrastructure often dictates corporate security focus, resources, and tooling. Drawing on experiences across academia, large industry, and more modestly-sized startups, Sharp will highlight practical strategies, open source approaches, and mindset shifts needed to effectively protect Linux in a Windows-centric security landscape. About the speaker: Matthew Sharp has dedicated over two decades to securing UNIX and Linux servers across diverse environments of widely varying scale and complexity, in roles encompassing systems and network administration, red team contract work, and system and security engineering. Presently, he serves as a Principal Engineer at Toyota Motor North America with their Cyber Defensive Services group. His extensive experience has provided firsthand insights into the challenges associated with securing Linux systems in environments where Windows typically dominates both infrastructure and security investments. Sharp is particularly interested in advancing practical, open-source-driven approaches to Linux security and fostering a mindset that empowers practitioners to take proactive steps in addressing problems that mainstream security tools often overlook.

In the UK one of the great global car brands is on the verge of bankruptcy this month due to a single cyber-attack with the consequence of a potential loss of 130,000 jobs. Jaguar Land Rover is seeking a government bail-out to survive. In this first of a series of seminars delivered from the founder of a cybersecurity company in the same city where Jaguar Land Rover is reeling from this attack, we will cover Four Deadly Sins of Cyber with the other 3 sins in a follow-up seminar:1. Sloth: Bloated legacy architectures and slow patch cycles, run very real risks of seeing their progress as "good enough" up until the very moment some major event proves it wasn't. We will look at how to focus on compartmentalization, and containment.2. Gluttony: Exponential expansion of networks and devices to serve the AI-masters leading to the Skynet moment. Cyber threats leverage connectivity to spread; contagion control comes from knowing how to control that connectivity.3. Greed: Insatiable desire to acquire the latest and greatest security software, in the belief that newer is better, irrespective of how it fits and is to be used. Not so in OT networks where few of those are fit for purpose. The aim for simplicity benefits the most important questions "what is where?", "what exactly is the threat?" and "where can we exert control of threats accessing critical resources?".4. Pride: Overconfidence and self-assuredness in the status quo, doing more of the same will be fine. How's that working out so far? Humans-in-the-loop: some method of controlling contagion is essential. Minimizing the loss remains mandatory. The second half of the seminar will cover three perspectives of a founder of a hardware cybersecurity innovator : 1. The need to look at RoI when deploying solutions, 2. How to frame CNI cyber solutions within SDG/sustainability/impact, and 3. Moving beyond code-jockeys – cyber career perspectives requiring skills in humanities (psychology, philosophy, etc.) to think differently. About the speaker: Stephen is an international corporate lawyer with expertise in complex M&A and tax efficient commercial transactions in the US, UK and emerging markets. He has been a general counsel for ultra-high net worth individuals and families as well as international law firms. He is focused on emerging technologies, including blockchain and cybersecurity. A natural manager, Stephen also isn't afraid to do the work that needs to be done in an efficient bootstrapped startup. He is also know for his avid community engagement and commitment to sustainability at all levels. Also a former military officer, Stephen is the 2IC of Goldilock - keeping 'selection and maintenance of the aim' front of mind.

AI is enabling developers and non-developers (product managers, solutions engineers) to write more lines of code than even before. Businesses are under pressure to ship these AI built products to stay competitive while still meeting regulatory requirements. Can AI solve this problem? In this talk, we will explore the opportunities and pitfalls to use AI agents for DevSecOps. About the speaker: Sanket Naik is the founder and CEO at Palosade, building a purpose-built AI platform enabling enterprises to automate their security program and unleash their business potential. He enjoys giving back to startups through investing and advisory roles. Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS in CS from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.

We need to understand AI, what's here and what's coming, at a deep and ever-deepening level. This is a genuine inflection point for our society. It's like the internet squared except the rate of adoption is much higher. We don't have decades to figure this out. ... This is not a technical talk. The focus is on the approaches we need to adopt to work in tandem with AIs. It's about thinking differently. It's about thinking like hackers. About the speaker: Richard Thieme is an author and speaker who addresses the challenges posed by new technologies. He has published numerous articles, thirteen books, and delivered hundreds of speeches. His Mobius Trilogy illuminates the realities of intelligence work and was lauded by a CIA veteran as one of the best works of serious spy fiction ever. He spoke at Def Con this year for the 27th time and was named the first "uber contributor" of the conference. He has keynoted security conferences in 15 countries. Clients range from GE, Microsoft, Medtronic, and Bank of America, to NSA, FBI, Dept of the Treasury. Los Alamos, Pentagon Security Forum, and the Secret Service.

End-to-end encrypted (E2EE) messaging on the Internet allows encrypted messages to be sent from one sender to one or multiple recipients in a way that cannot be decrypted by anybody else - arguably not even the messaging service provider itself. The protocol of choice is Signal that invokes and puts in place several cryptographic primitives in new and ingenious ways. Besides the messenger of the same name, the Signal protocol is also used by WhatsApp, Facebook Messenger, Wire, and many more. As such, it marks the gold standard and state of the art when it comes to E2EE messaging on the Internet.To make it scalable and useful for large groups, the IETF has also standardized a complementary protocol named messaging layer security (MLS). In this talk, we outline the history of development and mode of operation of both the Signal and MLS protocols, and we elaborate on the next challenges for the future. About the speaker: Rolf Oppliger studied computer science, mathematics, and economics at the University of Bern, Switzerland, where he received M.Sc. (1991) and Ph.D. (1993) degrees in computer science. In 1994-95, he was a post-doctoral researcher at the International Computer Science Institute (ICSI) of UC Berkeley, USA. In 1999, he received the venia legendi for computer science from the University of Zurich, Switzerland, where he was appointed adjunct professor in 2007. The focus of his professional activities is on technical information security and privacy. In these areas, he has published 18 books and many scientific articles and papers, regularly participates at conferences and workshops, served on the editorial boards of some leading magazines and journals, and has been the editor of the Artech House information security and privacy book series since its beginning (in the year 2000). He's the founder and owner of eSECURITY Technologies Rolf Oppliger, works for the Swiss National Cyber Security Centre NCSC, and teaches at the University of Zurich. He was a senior member of the ACM and the IEEE, as well as a member of the IEEE Computer Society and the IACR. He also served as vice-chair of the IFIP TC 11 working group on network security.

Cybersecurity stands at a historic inflection point, where converged forces are reshaping how we think about digital defense. In this discussion, Kyndryl's Global Security & Resiliency Leader Kris Lovejoy will share five key predictions for how AI-driven threats, workforce disruption, geopolitical fragmentation, quantum computing, and infrastructure vulnerabilities will redefine how we secure our digital future. These forces are not just trends, but urgent signals of what's to come. Kris will also provide a strategic framework for navigating this converged threat landscape, with insights into the emerging roles, governance models and resilience strategies that will shape cybersecurity in the years ahead. About the speaker: Kris Lovejoy is an internationally recognized leader in cybersecurity and cyber resilience. As Kyndryl's Global Practice Leader for Security and Resiliency, Kris leads more than 7,500 cyber resilience professionals across more than 60 countries. Before joining Kyndryl, Kris led EY's Global Consulting Cybersecurity practice. She also founded and led BluVector Inc., one of the first AI-powered Advanced Threat Detection products, which Comcast acquired in 2019. Kris was previously general manager of IBM Security Services. Kris serves on the boards of Dominion Energy (NYSE: D) and the International Security Alliance (ISA) and is also a member of the World Economic Forum's Cybersecurity Committee and Cybersecurity Coalition. She holds U.S. and EU patents in risk management and champions inclusion in cybersecurity as executive co-sponsor of Kyndryl's Women's Inclusion Network. Her cybersecurity industry contributions have earned multiple recognitions, including The Cyber Guild's Change-Maker Award (2022), "Top 50 Cybersecurity Leaders" by The Consulting Report (2021), and "Top Woman Technology Leader" by Consulting Magazine (2020).

The U.S. military possesses a deep and extensive body of cyber expertise in uniform in the National Guard and Reserve force in particular. Leveraging this expertise effectively, both in a way that is productive for the military, and that is fulfilling and meaningful for the servicemember — which results in benefits for recruiting, retention, and continued development of this expertise — has been an ongoing challenge. This productive employment is even more challenging while in reserve status, resulting in attrition of this critical force. There is a national imperative, as well as clear statements from military cyber leadership, to effectively utilize all available resources to include the National Guard and Reserve force to meet the nation's cyber challenges. About the speaker: Dave Schroeder works to enable and advance intelligence and security research and partnerships at the University of Wisconsin–Madison. He is passionate about creating connections and bringing the rich and dynamic expertise at UW–Madison to the most pressing global security challenges. Dave serves as a Cyber Warfare Officer in the Wisconsin Army National Guard, and previously served a Navy Cryptologic Warfare Officer. He is also Research Director of the Wisconsin Security Research Consortium (WSRC), and manages UW-Madison's Cyber Programs and Designations. He holds graduate degrees in Cybersecurity Policy and Information Warfare, and is graduate of the Naval Postgraduate School, Naval War College, and Joint Forces Staff College.

People talk quite a lot about things like 'shift left" that make it sound as if it is a new concept -- sold at your finer consultancies -- to build things properly in the first place. After two decades of incident response, smoke jumping and Tech Debt burndowns, I think it's time to talk about the way teams can build security not just into the product but into the company culture by examining some basic realities of the product development process. This is not just for tech companies; it's for any firm with a process by which they turn ideas into money. Because for all the SDLC tools, all the configuration platforms, the code scanners, and the security and code testing doodads out there, nothing in my experience works as well as starting with the basics: including security and legal experts as well as the people who manage the internal services that will be your upstream and downstream dependencies at the ideation stage. The amount of weapons-grade stupid, the mountain ranges of tech debt, and the broken business promises that this simple plan can avoid make it hard to believe that it's so rare to find these practices in mainstream companies. In this talk, I will describe the most common side effects of failing to do this, how those side effects manifest into cultural roadblocks, silos, and sadness, and most important: how you can break the cycle, slash through the Gordian knot of despair and missed deadlines, and return to cranking out product like a start up. About the speaker: Nick Selby is the founder of EPSD, Inc., and he has more than 20 years of experience advising organizations in highly targeted industries. Previously, he led professional services at Evertas and served as Interim Executive Director of the Cryptoasset Intelligence Sharing and Analysis Center. His executive roles have also included stints at Trail of Bits and Paxos Trust Company. He managed cyber incident response at TRM Partners and N4Struct, and in 2005 founded the information security practice at 451 Research (now S&P Global Intelligence), where he served as Vice President of Research Operations until 2009. As Director of Cyber Intelligence and Investigations at the NYPD (2018-2020), Selby led cybercrime investigations for America's largest police department. Selby serves on the Board of Directors of the non-profit National Child Protection Task Force and the advisory board of Sightline Security. While retired from law enforcement, he continues to serve as a reserve detective for a Dallas-Fort Worth area police agency, where he investigates crimes against children and the cyber aspects of real-world crimes.

The DNS resolution path by which the world's internet content consumers locate the world's internet content producers has been under continuous attack since the earliest days of Internet commercialization and privatization. Much work has recently and is currently being invested to protect this vital source of Personally Identifiable Information -- but by whom, and why, and how? Let's discuss. About the speaker: Paul Vixie serves AWS Security as Deputy CISO, VP & Distinguished Engineer after a 29-year career as the founder and CEO of five startup companies covering the fields of DNS, anti-spam, Internet exchange, Internet carriage and hosting, and Internet security. Vixie earned his Ph.D. in Computer Science from Keio University in 2011 and was inducted into the Internet Hall of Fame in 2014. He has authored or co-authored several Internet RFC documents and open source software projects including Cron and BIND. https://en.wikipedia.org/wiki/Paul_Vixie

About the speaker: Recorded: 04/23/2025 CERIAS Security Seminar at Purdue University Using Side-Channels for Critical Infrastructure Protection Tristen Mullins, ORNL Dr. Tristen Mullins is a cybersecurity professional specializing in side-channel analysis, cyber-physical systems security, and supply chain integrity. Currently an R&D Associate and Signal Processing Engineer at Oak Ridge National Laboratory (ORNL), she conducts innovative research at the intersection of hardware security and national security. Dr.Mullins earned her Ph.D. in Computing from the University of South Alabama in2022, where she focused on developing novel defense mechanisms against side-channel attacks and made significant contributions to adaptive security architectures. At ORNL, she leads initiatives in critical infrastructure protection and cyber resilience while actively mentoring students and promoting cybersecurity education. Additionally, Dr. Mullins plays a vital role in the National Security Sciences Academy and has founded the IEEE East Tennessee Section Young Professionals Affiliate Group to support emerging engineers.Honored with multiple awards for her contributions and leadership, she remains dedicated to enhancing the security of next-generation computing systems through collaboration with both federal agencies and industry leaders.

The purpose of Russian hacking and their concept of cyber war is conceptually and practically different from Western strategies.  This talk will focus on understanding why Russia uses cyber tools to further strategic interests, how they do it (by examining the 2016 interference in the U.S. presidential election and the NotPetya cases), and who does it. About the speaker: Dr. Richard Love is currently a professor at NDU's College of Information and Cyberspace and recently served as a professor of strategic studies at U.S. Army War College's (USAWC) School of Strategic Landpower and as assistant director of the Peacekeeping and Stability Operations Institute from 2016-2021. From 2002 to 2016, Dr. Love served as a professor and senior research fellow at NDU's Institute for National Strategic Studies / WMD Center.  He is an adjunct professor teaching law, international relations, and public policy at Catholic University and has taught law and policy courses at Georgetown, the Army Command and General Staff College, the Marshall Center, and the Naval Academy, among others.  He holds a Ph.D. in International Relations and Security Studies from the University of New South Wales in Australia (2017), an LLM from American University School of Law (2002), and a Juris Doctor in Corporate and Security Law from George Mason University School of Law. His graduate studies in East-West relations were conducted at the Jagellonian University in Krakow, Poland, and the University of Munich, in Germany.  His undergraduate degree is from the University of Virginia.

This talk explores how the principles and practices of the American public health system can inform and enhance modern cybersecurity strategies. Drawing on insights from our recent CRA Quad Paper, we examine the parallels between public health methodologies and the challenges faced in today's digital landscape. By analyzing historical responses to public health crises, we identify strategies for improving situational awareness, inter-organizational collaboration, and adaptive risk management in cybersecurity. The discussion highlights how lessons from public health can bridge the gap between technical cybersecurity teams and policymakers, fostering a more holistic and effective defense against emerging cyber threats. About the speaker: Josiah Dykstra is the Director of Strategic Initiatives at Trail of Bits. He previously served for 19 years as a senior technical leader at the National Security Agency (NSA). Dr. Dykstra is an experienced cyber practitioner and researcher whose focus has included the psychology and economics of cybersecurity. He received the CyberCorps® Scholarship for Service (SFS) fellowship and is one of ten people in the SFS Hall of Fame. In 2017, he received the Presidential Early Career Award for Scientists and Engineers (PECASE) from then President Barack Obama. Dr. Dykstra is a Fellow of the American Academy of Forensic Sciences (AAFS) and a Distinguished Member of the Association for Computing Machinery (ACM). He is the author of numerous research papers, the book Essential Cybersecurity Science (O'Reilly Media, 2016), and co-author of Cybersecurity Myths and Misconceptions (Pearson, 2023). Dr. Dykstra holds a Ph.D. in computer science from the University of Maryland, Baltimore County.

In today's rapidly evolving digital landscape, the lines between Information Technology (IT), Operational Technology (OT), and the Internet of Things (IoT) have become increasingly blurred. While these domains were once distinct, they now converge into a single, interconnected technology ecosystem—one that presents both unprecedented opportunities and critical security challenges. In this keynote, Michael Clothier, Chief Information Security Officer at Northrop Grumman, brings 30 years of global cybersecurity leadership to explore how organizations can rethink their approach to securing "technology" as a whole, rather than as separate silos. Drawing on his extensive experience across the U.S., Australia, Asia, and beyond—including securing mission-critical defense and aerospace systems, leading enterprise IT transformations, and integrating cybersecurity across diverse industries—Michael will examine the evolution of security challenges from historical, international, and cross-industry perspectives. Key discussion points include: From Air-Gapped to Always Connected – A historical view of how IT, OT, and IoT security challenges have evolved and what we can learn from past approaches.The Global Cybersecurity Landscape – Insights from securing critical infrastructure across Asia, Australia, and the U.S., and the lessons we can apply to today's interconnected world.Breaking Down the Silos – Why treating IT, OT, and IoT as distinct domains is outdated and how a unified security strategy strengthens resilience.National Security Meets Enterprise Security – Perspectives from both military and private-sector leadership on protecting sensitive data, intellectual property, and critical systems. As cybersecurity professionals, we must shift our mindset from securing individual components to securing the entire technology ecosystem. Whether you are safeguarding an industrial control system, an aircraft, or a corporate network, the fundamental security principles remain the same. By applying an integrated approach, we can better protect the critical systems that power modern society. Join Michael for this thought-provoking keynote as he challenges conventional thinking, shares real-world case studies, and provides actionable strategies to redefine cybersecurity in an era where everything is just "T." About the speaker: Chief Information Security Officer at Northrop Grumman

As companies expand AI adoption to accelerate business growth, they face an evolving landscape of security risks and regulatory uncertainty. With guidelines and policies still taking shape, organizations must balance innovation with responsibility, ensuring AI is both secure and aligned with emerging standards.This session will explore the challenges and risks organizations encounter on their AI journey, along with new approaches to mitigating threats and strengthening governance. We'll discuss how companies can navigate this shifting environment and implement guardrails that enable AI to drive business success—safely and responsibly. About the speaker: Tim Benedict is a seasoned technology executive with over two decades of experience spanning IT, cybersecurity, AI governance, and digital transformation. As the Chief Technology Officer at COMPLiQ, he leads the development of AI-driven compliance and security solutions, helping organizations navigate regulatory requirements, mitigate risks, and adopt AI securely. His work focuses on building resilient, scalable platforms that empower enterprises to integrate AI while maintaining transparency, security, and operational control.With a strong background in enterprise IT, cloud computing, and security architecture, Tim has worked across multiple industries, including finance, government, and technology. He has led large-scale cloud and cybersecurity initiatives, developed enterprise compliance strategies, and driven business-focused technology solutions that bridge innovation with regulatory and operational needs.Tim's expertise spans strategic leadership, technical innovation, and cross-functional collaboration. He has shaped security-first approaches for AI governance, developed scalable frameworks for risk mitigation, and helped businesses align technology investments with long-term growth strategies. Based in Indiana, he remains actively engaged in fostering industry advancements and driving innovation in AI security and compliance.

In February 2024, Gladstone AI produced a report for the Department of State, which opens by stating that "The recent explosion of progress in advanced artificial intelligence … is creating entirely new categories of weapons of mass destruction-like and weapons of mass destruction-enabling catastrophic risk." To clarify further, they define catastrophic risk as "catastrophic events up to and including events that would lead to human extinction." This strong yet controversial statement has caused much debate in the AI research community and in public discourse. One can imagine scenarios in which this may be true, perhaps in some national security-related scenarios, but how can we judge the merit of these types of statements? It is clear that to do so, it is essential to first truly understand the different risks AI adaptation poses and how those risks are novel. That is, when we talk about AI safety and security, do we truly have a clarity about the meaning of these terms? In this talk, we will examine the characteristics that make AI vulnerable to attacks and misuse in different ways and how they introduce novel risks. These risks may be to the system in which AI is employed, the environment around it, or even to society as a whole. Gaining a better understanding of AI characteristics and vulnerabilities will allow us to evaluate how realistic and pressing the different AI risks are, and better realize the current state of AI, its limitations, and what breakthroughs are still needed to advance its capabilities and safety. About the speaker: Dr. Sadovnik is a senior research scientist and the Research Lead for Center for AI Security Research (CAISER) at Oak Ridge National Lab. As part of this role, Dr. Sadovnik leads multiple research projects related to AI risk, adversarial AI, and large language model vulnerabilities. As one of the founders of CAISER, he's helping to shape its strategy and operations through program leadership, partnership development, workshop organization, teaching, and outreach.Prior to joining the lab, he served as an assistant professor in the department of electrical engineering and computer science at the University of Tennessee, Knoxville and as an assistant professor in the department of computer science at Lafayette College. He received his PhD from the School of Electrical and Computer Engineering at Cornell University, advised by Prof. Tsuhan Chen as member of the Advanced Multimedia Processing Lab. Prior to arriving at Cornell he received his bachelor's in electrical and computer engineering from The Cooper Union. In addition to his work and publications in AI and AI security, Dr. Sadovnik has a deep interest in workforce development and computer science education. He continues to teach graduate courses related to machine leaning and artificial intelligence at the University of Tennessee, Knoxville.

Professional certifications have become a defining feature of the cybersecurity industry, promising enhanced career prospects, higher salaries, and professional credibility. But do they truly deliver on these promises, or are there hidden drawbacks to pursuing them? This presentation takes a deep dive into the dual-edged nature of certifications like CISSP, CISM, CEH, and CompTIA Security+, analyzing their benefits and potential limitations. Drawing on data-driven research, industry insights, and real-world case studies, we explore how certifications influence hiring trends, professional growth, and skills development in cybersecurity. Attendees will gain a balanced perspective on the role of certifications, uncovering whether they are a gateway to career success or an overrated credential. Whether you are an aspiring professional or a seasoned practitioner, this session equips you with the knowledge to decide if certifications are the key to unlocking your cybersecurity potential—or if other paths may hold the answers. About the speaker: Hisham Zahid is a seasoned cybersecurity professional and researcher with over 15 years of combined technical and leadership experience. Currently serving under the CISO as a Security Compliance Manager at a FinTech startup, he has held roles spanning engineering, risk management, audit, and compliance. This breadth of experience gives him unique insight into the complex security challenges organizations face and the strategies needed to overcome them.Hisham holds an MBA and an MS, as well as industry-leading certifications including CISSP, CCSP, CISM, and CDPSE. He is also an active member of the National Society of Leadership and Success (NSLS) and the Open Web Application Security Project (OWASP), reflecting his commitment to professional development and community engagement. As the co-author of The Phantom CISO, Hisham remains dedicated to advancing cybersecurity knowledge, strengthening security awareness, and guiding organizations through an ever-evolving threat landscape.David Haddad is a technology enthusiast and optimist committed to making technology and data more secure and resilient.David serves as an Assistant Director in EY's Technology Risk Management practice, focusing on helping EY member firms comply with internal and external security, data, and regulatory requirements. In this role, David supports firms in enhancing technology governance and oversight through technical reviews, consultations, and assessments. Additionally, David contributes to global AI governance, risk, and control initiatives, ensuring AI products and services align with the firm's strategic technology risk management processes.David is in the fourth year of doctoral studies at Purdue University, specializing in AI and information security. David's experience includes various technology and cybersecurity roles at the Federal Reserve Bank of Chicago and other organizations. David also served as an adjunct instructor and lecturer, teaching undergraduate courses at Purdue University Northwest.A strong advocate for continuous learning, David actively pursues professional growth in cybersecurity and IT through academic degrees, certifications, and speaking engagements worldwide. He holds an MBA with a concentration in Management Information Systems from Purdue University and multiple industry-recognized certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA).His research interests include AI security and risk management, information management security controls, emerging technologies, cybersecurity compliance, and data protection.

This session explores the foundational concepts and practical applications of Zero Trust Architectures (ZTA) and Digital Trust Frameworks (DTF), two paradigms gaining traction in cybersecurity. While Zero Trust challenges the traditional notion of trust by enforcing strict access controls and authentication measures, Digital Trust seeks to build confidence through data integrity, privacy, and ethical considerations. Through this talk, we will investigate whether these approaches intersect, complement, or diverge, and what this means for the future of cybersecurity. Attendees will gain insights into implementing these frameworks to enhance both security and user confidence in digital environments. In addition to a practical overview, this talk will highlight emerging research areas in both domains.  About the speaker: Dr. Ali Al-Haj received his undergraduate degree in Electrical Engineering from Yarmouk University, Jordan, in 1985, followed by an M.Sc. degree in Electronics Engineering from Tottori University, Japan, in 1988 and a Ph.D. degree in Computer Engineering from Osaka University, Japan, in 1993. He then worked as a research associate at ATR Advanced Telecommunications Research Laboratories in Kyoto, Japan, until 1995. Prof. Al-Haj joined Princess Sumaya University for Technology, Jordan, in October 1995, where he currently serves as a Full Professor. He has published papers in dataflow computing, information retrieval, VLSI digital signal processing, neural networks, information security, and digital multimedia watermarking.