Trainings 2026
Training Location: Rochester Institute of Technology 1 Lomb Memorial Drive, Rochester, NY, 14623, United States
The following workshops will be offered on Friday, the day before the main conference:
Date: Friday, March 20th 2026
Breaking AI: Prompt Injection, Data Exfiltration and Practical Defenses That Work
Pavan Reddy
8:00AM - 12:00PM
AI systems don’t fail like traditional software, they fail silently, follow the wrong authority, and can be
steered into leaking data or taking unintended actions. This 4 hour hands-on workshop teaches you how modern
“AI vulnerabilities” actually show up in deployed LLM features by attacking and defending a sandboxed car
dealership chatbot that’s connected to an internal database. Then you will pivot to real-world data exfiltration
patterns via direct and indirect prompt injection (including untrusted content in RAG-like workflows).
Attendees will actively craft exploits, observe impact, and implement practical mitigations (least-privilege
tooling, strict schemas, policy gates, and confirmation workflows). BYOL-friendly; compute runs on free
resources (e.g., Google Colab). Fully Hands-on, minimal coding (no prior experience needed).
steered into leaking data or taking unintended actions. This 4 hour hands-on workshop teaches you how modern
“AI vulnerabilities” actually show up in deployed LLM features by attacking and defending a sandboxed car
dealership chatbot that’s connected to an internal database. Then you will pivot to real-world data exfiltration
patterns via direct and indirect prompt injection (including untrusted content in RAG-like workflows).
Attendees will actively craft exploits, observe impact, and implement practical mitigations (least-privilege
tooling, strict schemas, policy gates, and confirmation workflows). BYOL-friendly; compute runs on free
resources (e.g., Google Colab). Fully Hands-on, minimal coding (no prior experience needed).
You Accidentally Got a Job in Cybersecurity, Now What?
Abe Abernethy
Annie Zempel
8:00AM - 12:00PM
Nobody tells you that cybersecurity jobs in a small business up to medium-sized enterprise are 20% technology
and 80% translation, negotiation, and sifting through garbage. This half-day workshop explodes five common lies
the industry tells itself, drawing from real-world experience building security programs that survive contact
with business reality. You'll learn to measure what matters (not what's easy), communicate technical concepts at
management or board level without treating executives like children, and build resilient programs using proven
frameworks instead of vendor fever dreams. Includes practical exercises with executives from the Graylog SIEM's
Customer Enablement team to cement concepts through hands-on work. Leave with concepts and frameworks you can
deploy Monday, metrics that matter, and the ability to explain why security isn't just "the team that says no.
and 80% translation, negotiation, and sifting through garbage. This half-day workshop explodes five common lies
the industry tells itself, drawing from real-world experience building security programs that survive contact
with business reality. You'll learn to measure what matters (not what's easy), communicate technical concepts at
management or board level without treating executives like children, and build resilient programs using proven
frameworks instead of vendor fever dreams. Includes practical exercises with executives from the Graylog SIEM's
Customer Enablement team to cement concepts through hands-on work. Leave with concepts and frameworks you can
deploy Monday, metrics that matter, and the ability to explain why security isn't just "the team that says no.