Mike Saunders is Red Siege Information Security’s Principal Consultant. Mike has over 25 years of IT and security expertise, having worked in the ISP, banking, insurance, and agriculture businesses. Mike gained knowledge in a range of roles throughout his career, including system and network administration, development, and security architecture. Mike is a highly regarded and experienced international speaker with notable cybersecurity talks at conferences such as DerbyCon, Circle City Con, SANS Enterprise Summit, and NorthSec, in addition to having more than a decade of experience as a penetration tester. You can find Mike’s in-depth technical blogs and tool releases online and learn from his several offensive and defensive-focused SiegeCasts. He has been a member of the NCCCDC Red Team on several occasions and is the Lead Red Team Operator for Red Siege Information Security.
AI agents have reached the point where they can identify and exploit vulnerabilities at wire speed - moving faster than any human red team ever could. This changes the rhythm of offensive security entirely: attack discovery, exploitation, and validation can now run continuously, without manual bottlenecks or scheduling constraints. But the same capabilities that supercharge offense can be turned toward defense. By pairing autonomous exploit discovery with automated patch generation and deployment, we enter a new era of security where systems can harden themselves in real time. This talk explores how AI-powered pentesting works under the hood, how continuous autonomous offense becomes continuous autonomous defense, and why the future of security is defined by machines that break systems and fix them just as quickly.
Hemanth Tadepalli serves as the Senior Cybersecurity & Compliance Subject Matter Expert (SME) at May Mobility, a company revolutionizing transportation through advanced autonomous vehicle mobility. His career spans notable roles at prestigious organizations, including management consulting firm AlixPartners, cybersecurity leader Mandiant, tech giant Google, and Michigan-based cybersecurity startup SensCy. Hemanth’s research focuses on advancing cybersecurity in critical areas such as autonomous vehicle security, Internet of Things (IoT) security, threat intelligence, risk management, API security, and election security. He was appointed by Michigan Secretary of State Jocelyn Benson to the Advisory Task Force overseeing statewide election security and integrity. In addition to his technical contributions, Hemanth has published numerous articles on cybersecurity and emerging technologies, showcasing his thought leadership. He is a sought-after speaker, invited to present at prominent cybersecurity conferences, serve as a distinguished panelist, and share insights on technology-focused podcasts. His impactful work has earned him accolades, including the 40 Under 40 recognition from Oakland County, Michigan, and the Governor’s Service Award for his philanthropic efforts and community service in the field of cybersecurity. He was also named one of the 2025 Top 20 Voices in Automotive. Hemanth also serves on the oversight committee for the University of Michigan’s Michigan Translational Research and Commercialization (MTRAC) program, specifically for the Advanced Transportation Innovation Hub, a statewide initiative that supports translational research projects with high commercial potential, aiming to launch new technologies into the mobility and transportation sectors.
Hemanth earned his bachelor’s degree in Computer Science from Kettering University, concentrating in cybersecurity and minoring in Pre-Law, Innovation, and Entrepreneurship. He went on to earn his master’s degree in Cybersecurity and Information from the University of California, Berkeley, where he was honored as the student commencement speaker. He is currently a Ph.D. candidate at Dakota State University, specializing in cyber defense. In addition to his academic pursuits, Hemanth serves in public office for the City of Troy and sits on the Board of Directors for Kettering University. In his free time, Hemanth is a violist for the Troy Metro Symphony Orchestra
Modern GenAI research has raced ahead in scale, speed, and model size. Yet for all the progress, the algorithmic behavior of large language models remains an open question, a system that answers everything while explaining almost nothing. In this talk, we shift the spotlight from scalability to interpretability, highlighting findings from our research on “Searching for Search in LLMs,” where we examined the hidden search processes inside GPT, LLaMA, and other models. We will share our methodology for uncovering these patterns, and why understanding these internal algorithms matters not only for information science but also for information security.
From there, we move to multi-agent systems built on LLMs and explore the new vulnerabilities that emerge when models collaborate, negotiate, or reinforce one another’s errors. To address these risks, we introduce PromptShield, our secure-by-design framework that mitigates prompt injection and representation drift while simultaneously improving task performance. Attendees will leave with concrete methodologies, a reusable security framework, and printed takeaways. We will also demonstrate how PromptShield is being applied to secure GenAI pipelines in cloud security and forensics across AWS and Azure, offering a practical bridge from theory to deployment.
Dr. Dalal Alharthi is an Assistant Professor at the University of Arizona whose research bridges artificial intelligence, cloud computing, cybersecurity, and digital forensics. Drawing on extensive experience across academia and industry in the United States and abroad, she develops intelligent, secure, and explainable systems for multi-cloud environments. Her work integrates deep reinforcement learning, generative AI, and zero-trust principles to strengthen digital resilience and advance interdisciplinary innovation at the intersection of technology, policy, and society. She holds a Ph.D. in Computer Science and dual M.S. degrees in Computer Science and Public Administration.
"Come to group therapy with a red teamer who’s spent the last year breaking into AWS, Azure, and (very soon) GCP accounts the way most people check their email—quietly, repeatedly, and usually because someone trusted the wrong principal again. This talk is one part war-story confession and one part practical intervention. Through real (anonymized) engagements we’ll walk through the trust relationships that still get customers compromised. For every story you’ll get the attacker’s exact steps followed immediately by the blue-team controls that would have stopped it cold—often simple things like scoped trust policies, required IMDSv2, conditional access, or a single CloudTrail/Defender query nobody thought to enable. Leave with a grab-bag of scripts, detection rules, and a “Trust Issues Checklist” you can run against AWS, Azure, or GCP tomorrow morning. No vendor slides, no zero-days, just the boring misconfigurations that still own companies—and the equally boring fixes that actually work. Bring your own cloud trauma; sharing is encouraged."
Husband to Amanda, father to twins Bennett and Ruby, born-again Christian, drummer, and Bitcoiner. By trade he’s a penetration tester and red team operator who spends his days chaining misconfigurations and finding vulnerabilities across environments, then pouring that pain into detailed reports and remediation guidance that actually help defenders win. Dakota State University alum, Georgia native, but South Dakotan at heart, and DakotaCon regular. When he’s not hacking, you’ll find him with family and friends, swinging a hammer on some physical project, serving in the community, at church, or lost down the next research rabbit hole.
As modern systems transition into complex, software-defined environments, traditional security approaches often struggle with fragmented documentation and late-stage vulnerability discovery. This presentation advocates for Model-Based Systems Engineering (MBSE) as a common tool throughout the system lifecycle. By moving from static documents to dynamic digital models, organizations can integrate security as a foundational architectural requirement rather than an afterthought.
For the Blue Team, MBSE provides a powerful engine for defensive operations and compliance automation. By maintaining a ""Single Source of Truth"" within the system model, defenders can perform proactive threat modeling to identify attack surfaces before deployment. MBSE enables the direct mapping of security controls to specific architectural elements, facilitating automated verification and validation against rigorous standards like NIST SP 800-53 or the DoD Risk Management Framework (RMF). This traceability significantly simplifies compliance auditing by providing a clear, model-based record of security decisions, change history, and evidence for Authorization-to-Operate (ATO) submissions.
For the Red Team, MBSE serves as a strategic roadmap for offensive cyber operations and adversary emulation. Rather than relying solely on episodic testing, Red Teams can use high-fidelity system models or build system models to systematically identify mission-critical weaknesses and vulnerabilities. By introducing an ""attacker"" element into the MBSE environment, operators can model sophisticated attack vectors, such as spoofing or denial-of-service, to see how they propagate through interconnected subsystems. This approach allows for the discovery of complex vulnerabilities at the data-link or functional layers that traditional scanners might miss, providing actionable intelligence to refine the system’s overall cyber survivability.
As a doctoral candidate in the Doctor of Philosophy in Cyber Defense at The Beacom College of Computer and Cyber Sciences at Dakota State University, Mr. Bonar focuses his research on the intersection of Digital Engineering, Information Assurance Architecture, and IT Service Management within the Defense Industrial Base. His scholarship is conducted on a technical track closely aligned with his applied engineering practice, bridging academic rigor with operational security requirements in classified and program-sensitive environments. Mr. Bonar holds seven degrees and certifications from Dakota State University, including a Master of Science in Cyber Defense, Bachelor of Science in Cyber Operations (Summa Cum Laude), Associate of Science in Network and Security Administration (Highest Honors), Graduate Certificate in Bank Security, and three undergraduate certificates. His industry certifications include (ISC)² CISSP, CompTIA Security+, VMware Certified Professional – Data Center Virtualization 2023, and VMware Certified Technical Associate – Network Virtualization 2023. With over 25 years of Information Technology experience, Mr. Bonar has dedicated the past 15 years to Information Assurance Technical roles within the Defense Industrial Base at Collins Aerospace, part of RTX. In his current role as Lead Solutions Engineer for Digital Technology, Program Work Environments, he architects and delivers enterprise-level solutions across classified and special category computing environments. Mr. Bonar additionally serves as Infrastructure Discipline Chief, and appointed Information System Security Engineer for multiple programs. Mr. Bonar is a recognized NSA Commercial Solutions for Classified (CSfC) Trusted Integrator. Mr. Bonar's current research examines Digital Engineering methodologies applied to Information Assurance and IT Service Management frameworks, with particular emphasis on Risk Management Framework (RMF)-based information systems, Secure Networking, and Cross Domain Solutions. His work explores how model-based and data-driven engineering practices can strengthen governance, accelerate accreditation cycles, and improve service continuity within the Defense Industrial Base, contributing to an emerging body of knowledge at the intersection of systems engineering, Information Technology Service Management, and Information Assurance.
Every incident for every organization starts the same way: a critical asset is either broken or missing, and the clock is already running. This session walks through real, anonymized incidents from small and mid-sized businesses across South Dakota over the past 18 months, covering ransomware, business email compromise, and the chaos that follows. You will see what went wrong, what responders found when they got on scene, and the decisions that shaped each outcome. Walk away with practical lessons on what could have prevented these incidents and how to respond effectively when prevention fails.
Jordan Arndt is a proud alum who is a Cyber Security engineer-turned business owner out of Sioux Falls, South Dakota. He and his company, Cerulean Cyber Consulting, provides comprehensive Incident Response services to those businesses that have been affected by malicious cyber events.
I have been working for State government since 2017, starting at Bank of North Dakota, and with IT unification with North Dakota Information Technology Department, I started working there in 2021 in the Network Engineering team until 2022, when I started with NDIT's security team as a Cybersecurity Automation Engineer. I am now a Senior Cybersecurity Automation Engineer with NDIT, and I love it! Our team essentially tries to automate as much of Cybersecurity operations as possible by creating automation systems to be used by the Cybersecurity Operations Center to help get their work done faster. I have experience with programming, security, networking, and general IT. My broad experience in the field helps greatly when we work with other teams throughout the organization to integrate systems with data and functionality needed to accomplish our goals.