loader from loading.io

Bronwen Aker - harnessing AI for improving your workflows

BrakeSec Education Podcast

Release Date: 04/22/2025

Bronwen Aker - harnessing AI for improving your workflows show art Bronwen Aker - harnessing AI for improving your workflows

BrakeSec Education Podcast

Guest Info: Name:       Bronwen Aker Contact Information (N/A):   Time Zone(s): Pacific, Central, Eastern   –Copy begins–   Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences, and do not represent views of past, present, or future employers.   Recorded:     Show Topic Summary: By harnessing AI, we can assist in being...

info_outline post-bsides SD discussion, EPSS, the answer I should have given, and 'Lord Brake' show art post-bsides SD discussion, EPSS, the answer I should have given, and 'Lord Brake'

BrakeSec Education Podcast

Check out the BrakeSecEd Twitch at or Youtube: https://youtube.com/c/BDSPodcast join the Discord: https://bit.ly/brakesecDiscord https://arxiv.org/abs/2302.14172 - EPSS whitepaper https://www.linkedin.com/posts/jayjacobs1_epss-threatintel-vulnerabiltymanagement-activity-7308146548767404032-RubN https://www.first.org/epss/ https://events.zoom.us/ev/AmoNH3baC7HVqDlDmgUtd2uCmTCMwJXfkR8mG6I5OxzbW01nhRMQ~AoEYQz5ROK4ybE4iX9b0PL-1utz4z0nbyrTjT4lskH_08_zfesR_Q_rNlA - BHIS training with Bronwen Aker on 03 April 2025 Music: Music provided by Chillhop Music:...

info_outline March23: buy browser extensions, attackers don't need exploits, socvel CTI quiz show art March23: buy browser extensions, attackers don't need exploits, socvel CTI quiz

BrakeSec Education Podcast

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://bit.ly/brakesecDiscord Questions and topics: (please feel free to update or make comments for clarifications) * https://techoreon.com/http-flaw-in-apple-passwords-left-iphones-vulnerable/ * https://darkmarc.substack.com/p/attackers-dont-need-exploits-when * https://www.techzine.eu/news/security/129713/the-browser-is-riddled-with-bugs-2025-may-squash-them/ * https://medium.com/@vanvleet/compound-probability-you-dont-need-100-coverage-to-win-a2e650da21a4 (interesting article on quantifying attack risk by...

info_outline steam distributes malware in game form, RDP open from DOGE servers, hacking a supply chain for 50K show art steam distributes malware in game form, RDP open from DOGE servers, hacking a supply chain for 50K

BrakeSec Education Podcast

Youtube VOD:     – supply chain issues can crop up anywhere… are you blocking people from steam and popular software downloads online? <- 100 digits of pi <- periodic table song   Additional information / pertinent LInks (Would you like to know more?): https://www.socvel.com/quiz/ https://xphantom.nl/posts/Offensive-Security-Lab/ Show points of Contact: Amanda Berlin: Brian Boettcher:   Bryan Brake:   Brakesec Website: Youtube channel: discord: https://discord.gg/brakesec Twitch Channel:    Music: "Flex" by Jeremy...

info_outline Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more! show art Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!

BrakeSec Education Podcast

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p):   Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails’ Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can’t reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/  How are you seeing things...

info_outline Josh Grossman - building Appsec programs, bridging security and developer gaps show art Josh Grossman - building Appsec programs, bridging security and developer gaps

BrakeSec Education Podcast

Youtube VOD:   #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis Questions and topics: 1. The background to the topic, why is it something that interests you? How do you convince developers to take your course? 2. What do you think the root cause of the gap is? 3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?) 4. Where do gaps begin? Is it the ‘need’ to ‘move fast’? 5. What can devs do to involve security in their process?...

info_outline Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox show art Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers.   Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw   Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with we did last night on . Join Mary and I as we discuss...

info_outline p2-accidentalCISO, building trust in new places show art p2-accidentalCISO, building trust in new places

BrakeSec Education Podcast

  Full Youtube VOD:       Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader.  What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources?  What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions...

info_outline AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec show art AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers.   Recorded: 28 Jan 2024 Youtube VOD: https://youtube.com/live/uX7odQTBkyQ Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader.  What...

info_outline 1st show of 2024! Our 10th Anniversary... show art 1st show of 2024! Our 10th Anniversary...

BrakeSec Education Podcast

It's our 10th anniversary and the first show of our 2024 season! Amanda was on "7 minute security"   Check out the complete VOD at Explicit language warning    

info_outline
 
More Episodes

Guest Info:

  • Name:       Bronwen Aker

  • Contact Information (N/A): https://br0nw3n.com/ 

  • Time Zone(s): Pacific, Central, Eastern

 

–Copy begins–

 

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences, and do not represent views of past, present, or future employers.

 

Recorded: https://youtube.com/live/guhM8v8Irmo?feature=share 

 

Show Topic Summary: By harnessing AI, we can assist in being proactive in discovering evolving threats, safeguard sensitive data, analyze data, and create smarter defenses. This week, we’ll be joined by Bronwen Aker, who will share invaluable insights on creating a local AI tailored to your unique needs. Get ready to embrace innovation, transform your work life, and contribute to a safer digital world with the power of artificial intelligence! (heh, I wrote this with the help of AI…)



Questions and topics: (please feel free to update or make comments for clarifications)

  1. Things that concern Bronwen about AI: (https://br0nw3n.com/2023/12/why-i-am-and-am-not-afraid-of-ai/)
    Data Amplification: Generative AI models require vast amounts of data for training, leading to increased data collection and storage. This amplifies the risk of unauthorized access or data breaches, further compromising personal information.

  2. Data Inference: LLMs can deduce sensitive information even when not explicitly provided. They may inadvertently disclose private details by generating contextually relevant content, infringing on individuals’ privacy.

  3. Deepfakes and Misinformation: Generative AI can generate convincing deepfake content, such as videos or audio recordings, which can be used maliciously to manipulate public perception or deceive individuals. (Elections, anyone?)

  4. Bias and Discrimination: LLMs may inherit biases present in their training data, perpetuating discrimination and privacy violations when generating content that reflects societal biases.

  5. Surveillance and Profiling: The utilization of LLMs for surveillance purposes, combined with big data analytics, can lead to extensive profiling of individuals, impacting their privacy and civil liberties.

  6. Setting up a local LLM? CPU models vs. gpu models
    pros/cons? Benefits?

  7. What can people do if they lack local resources?
    Cloud instances? Ec2? Digital Ocean? Use a smaller model?

  8. https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/ 

  • AI coding assets are hallucinating package names

  • 5.2 percent of package suggestions from commercial models didn't exist, compared to 21.7 percent from open source or openly available models

  • Attackers can then create malicious packages matching the invented name, some are quite convincing with READMEs, fake github repos, even blog posts

  • An evolution of typosquatting named “slopsquating” by Seth Michael Larson of Python Software Foundation

  • Threat actor "_Iain" posted instructions and videos using AI for mass-generated fake packages from creation to exploitation

 

Additional information / pertinent LInks (Would you like to know more?):

  1. https://www.reddit.com/r/machinelearningnews/s/HDHlwHtK7U

  2. https://br0nw3n.com/2024/06/llms-and-prompt-engineering/ - Prompt Engineering talk

  3. https://br0nw3n.com/wp-content/uploads/LLM-Prompt-Engineering-LayerOne-May-2024.pdf (slides)

  4. Daniel Meissler ‘Fabric’ - https://github.com/danielmiessler/fabric

  5. https://www.reddit.com/r/LocalLLaMA/comments/16y95hk/a_starter_guide_for_playing_with_your_own_local_ai/ 

  6. Ollama tutorial (co-founder of ollama - Matt Williams): https://www.youtube.com/@technovangelist

  7. https://mhtntimes.com/articles/altman-please-thanks-chatgpt 

  8. https://www.whiterabbitneo.com/ - AI for DevSecOps, Security

  9. https://blogs.nvidia.com/blog/what-is-retrieval-augmented-generation/ 

  10. https://www.youtube.com/watch?v=OuF3Q7jNAEc - neverending story using an LLM

  11. https://science.nasa.gov/venus/venus-facts 



Show points of Contact:

Amanda Berlin: https://www.linkedin.com/in/amandaberlin/

Brian Boettcher: https://www.linkedin.com/in/bboettcher96/ 

Bryan Brake: https://linkedin.com/in/brakeb 

Brakesec Website: https://www.brakeingsecurity.com

Youtube channel: https://youtube.com/@brakeseced

Twitch Channel: https://twitch.tv/brakesec