Pretty much every kid (and adult!) wants to have his or her very own J.A.R.V.I.S., right? Tony Stark's voice-activated smart digital assistant controls information and physical objects throughout his laboratory. But how could you make something like that secure? To that end, Ed Skoudis set out to integrate Internet of Things technologies with cloud services, voice recognition, Artificial Intelligence, and more, using a variety of off-the-shelf technologies along with some customized code to bring his lab and office to life. In this lively presentation, Ed will share his experiences in building out this technology and highlight some of the significant security concerns associated with where the Internet of Things touches the cloud and consumer-grade AI. We’ll also look at with where these technologies are headed as they work their way into our every-day lives.
Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing.