Harold Rivas – Chief Information Security Officer at Trellix, discusses the role of generative AI in cybersecurity, focusing on Trellix's adoption of AI for threat detection and model governance, while emphasizing the importance of privacy, responsible innovation, and cross-functional collaboration.

Topics Include:

• Introduction to generative AI and its impact on cybersecurity
• Harold’s background in financial services and cybersecurity roles
• Trellix’s focus on product feedback through the Customer Zero Program
• Overview of machine learning's role in anomaly detection at Trellix
• Development of guided investigations to assist security operations teams
• Generative AI's growing importance in cybersecurity at Trellix
• Launch of Trellix WISE at the RSA Conference in 2024
• Addressing the overload of security alerts with AI models
• Integration of various AI models like Mistral and Anthropic
• Reducing anomalies and workload for security operations teams
• Importance of privacy in generative AI adoption and data governance
• Challenges with GDPR and CPRA regulations in AI implementation
• Focus on privacy frameworks like the NIST Privacy Framework
• Need for multi-stakeholder involvement in AI governance
• Discussion on model governance inspired by financial services practices
• Importance of inventorying and testing AI models for security
• Benefits of an AI Center of Excellence (AICOE) within organizations
• Model governance in generative AI for regulatory and business outcomes
• The impact of AI on labor, jobs, and decision-making processes
• Addressing cyber risk and threat modeling in AI environments
• The double-edged sword of AI in offensive and defensive cybersecurity
• MITRE Atlas framework's role in AI-driven cybersecurity strategies
• Potential negative consequences. Auto dealership hacked – Chevy Tahoe sold for $1
• Importance of vulnerability management and developer training
• Evolution of AI security tools and responsible use of generative AI
• Collaboration, governance, and agility in AI adoption across organizations
• Q&A 1: Outcomes and responsibilities an generative AI COE should have?
• Q&A 2: Model governance and financial implications
• Q&A 3: CISO response to model development, compliance and learning with customer data
• Q&A 4: Thoughts and suggestions for rating systems for models
• Q&A 5: Selecting and evaluating models
• Q&A 6: Advice and experience for model deployment and technical controls
• Q&A 7: Human reviewing AI responses to ensure accuracy
• Q&A 8: Will AI help avoid major outages in the future?
• Q&A 9: How to test and see maturity of models?
• Session wrap up

Participants:

·        Harold Rivas – CISO at Trellix

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/