AI
As development teams move toward Infrastructure as Code (IaC) to provision and manage cloud environments, security can inadvertently become an afterthought. In this talk, we will explore how intelligent agents—powered by generative and context-aware AI—can streamline threat modeling by dynamically analyzing Terraform code. This approach enables real-time identification of misconfigurations, correlates potential vulnerabilities with known attack patterns, and delivers actionable remediation steps. Attendees will learn how an AI-driven agent can parse Terraform files to build a resource graph of the underlying infrastructure, identify risky configurations such as permissive security groups or open S3 buckets, and automatically map these findings to established security frameworks (e.g., MITRE ATT&CK, CIS Benchmarks). We will walk through how the agent generates a dynamic threat model—complete with risk scoring, potential attack scenarios, and code-level fixes—that plugs seamlessly into the CI/CD pipeline. This session will cover best practices for integrating AI-based security checks into DevOps workflows, including lessons learned on tuning AI models for better accuracy, managing false positives, and achieving stakeholder buy-in. By the end of the talk, you’ll see how automated threat modeling can drastically reduce manual reviews, shorten feedback loops for developers, and strengthen the overall security posture of cloud-native applications.
Srdan Reljic Associate Partner | IBM Consulting, Americas An accomplished technology executive and a cyber security practitioner with a knack for driving innovation and creating strategic value with extensive hands-on experience in applying cloud-native and open-source technology to infuse security at every level. His interests lie in secure developer enablement, platform and data engineering, and GenAI security.
Raj Annaladasu Sr. Customer Success Engineer | Palo Alto NetworksAI/ML cloud security expert specializing in securing the supply chain and mitigating attack paths. Skilled in risk assessments, static code analysis (SAST), software composition analysis (SCA), and continuous monitoring. Passionate about enhancing secure procurement, vendor management, and staying ahead of emerging threats.LinkedIn: linkedin.com/in/annaladasur
We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!
