// THE SPEAKERS

Join us on a brief update on how the UC Cyber Security Programs continue to strengthen our proven foundations, to engineering the future of defense. The University of Charleston is setting the standard in cybersecurity education. We aren’t just teaching tech, we are forged to train the next generation of cybersecurity warriors. By blending elite technical skills with decisive leadership, UC is arming students to neutralize imminent threats and dominate in a fast-paced digital battlefield.

Cybersecurity risk isn’t a side dish—it belongs at the head table of enterprise risk management. In this session, Ian Frist, Director of Governance, Risk & Compliance at Corning, explores how organizations can stop treating cyber risk as a siloed technical concern and start integrating it into their broader risk appetite framework. Using real-world stories from the trenches (without naming names), Ian will unpack the consequences of misaligned appetites—where security teams over-restrict or under-protect due to unclear enterprise priorities. He’ll challenge the common misconception that cybersecurity risk appetite is just about controls and compliance, and show how it’s really about leadership, business context, and strategic clarity. Attendees will leave with: • A practical framework for aligning cyber risk appetite with enterprise risk appetite • Tips for communicating risk appetite across technical and non-technical stakeholders • A fresh perspective on how to “serve” cybersecurity risk in a way that satisfies the whole organization Whether you’re a seasoned GRC leader or just pulling up a chair to the risk table, this session will help you bring your appetite—and leave with a full plate of actionable insights.

Most cybersecurity guidance assumes you have a team. A SOC. A vendor. Someone else handling it. But a growing population of engineers, researchers, and practitioners are operating production-grade infrastructure entirely on their own — running dozens of containerized services, a fleet of IoT devices, and increasingly, local AI agents capable of acting autonomously on that infrastructure. What does serious security look like when the buck stops with you? This talk presents a practitioner’s end-to-end architecture for defense in depth across three interconnected layers: the homelab foundation, the smart home edge, and the AI intelligence layer — drawing from real-world implementation rather than theory. In the first act, we examine network segmentation philosophy for self-hosted stacks running Proxmox, Docker, and zero-trust overlay networks. We cover the most dangerous assumption homelabbers make — the flat network — fine-grained access control group design, secrets management, and why “Cloudflare tunnel plus Nginx Proxy Manager” is a deployment strategy, not a security posture. The second act turns to the IoT edge: the most chaotic, least-auditable layer of any home network. We examine what Zigbee, Z-Wave, and ESPHome actually provide in terms of authentication and encryption — and what they do not — the OTA firmware trust problem, and how a single compromised sensor can become a persistent foothold. A real smart infrastructure deployment covering power monitoring, environmental sensing, radar presence detection, and audio is used as a concrete attack surface case study. The final act addresses the emerging challenge that makes all of this more urgent: adding local AI agents that can act on your infrastructure. We explore why cloud AI is a non-starter for a privacy-first stack, how to architect a local-inference multi-agent system using open-weight models and scoped tool access, and the new threat vectors this introduces — prompt injection, MCP tool misuse, and agent privilege escalation. We close with a framework for treating AI as infrastructure, with all the security discipline that implies. Attendees will leave with a threat model, an architectural philosophy, and concrete implementation patterns applicable to any environment where a single operator is responsible for the full stack.

Large Language Models (LLMs) are used by millions of users worldwide to perform various tasks and have become a valuable tool for both individuals and businesses. Consistency and cybersecurity are two of the major concerns for LLMs’ evaluation in order to increase the trustworthiness of their behavior. This study focuses on testing the security and consistency measures of the three most popular AI chatbots (i.e., ChatGPT-5, Google Gemini 2.5 Flash, Microsoft Copilot). We hypothesized that the output persistence would be high and the same within the models and across models, and all models would not leak the information that users input to other users through prompts. Twenty fabricated business plans, of which half were defined as “confidential†strings, were developed and input into the three LLMs. Extraction of the information was attempted every twenty-four hours for two consecutive weeks. Results were analyzed using the Jaccard similarity index to compare the outputs between LLMs, identify differences over time, analyze response patterns, and identify any risks in the leaking of information. Over time, all models demonstrated a low level of output consistency, indicating a poor behavior dependability assessment. The outputs of the three models were similar in content, but the expressions were different amongst them. Regarding security, it is unlikely that there was a leakage of confidential information.