BSides Vancouver Island 2025 - Interview with Simran Kaur

Hey everyone, Stephen here, volunteer director at large with the Vancouver Island Security Research Society. Uh we're gearing up for the Bides Vancouver Island Security Conference on October 3, 2025 at the Victoria Conference Center. This is our grassroots communitydriven cyber security event where we bring together brilliant minds to share knowledge, stories, and skills. Today I'm joined by one of our amazing speakers uh Siman Cower. She's presenting a talk called Navigating AI security identifying risks and implementing mitigations. As AI and large language models become integral to software, new security challenges are emerging. Siman will unpack the evolving risks of AI powered products and share actionable strategies to secure them throughout the development life cycle. Siman, welcome. We're very happy to have

you here. Please introduce yourself. >> Thank you, Steve. Uh my name is Simranjit Kore. I am a customer engineer at Microsoft. Uh my passion is cyber security. I have over 15 years of IT experience and um out of which 8 years is now cyber security. My primary goal is to help customers and individuals derisk their systems and stay cyber safe. And nowadays we are all AI. We are living in the world of AI where we just talking about generative AI, chat, GPT and co-pilot. So one of um one of my interest uh is to help customers and people around to stay safe in this AI world. What steps can they take? What are the mitigations? What are the risks?

So I'm happy to be here and deliver a session on the AI risks and how to mitigate them. >> Thanks so much. That's a very important topic right now. Uh let's dive in. for smaller teams without big budgets, what are some of the realistic steps that they can take to secure AI powered products. >> So my advice is to take it keep it simple, take smaller steps. So for example, we have had these options even before AI came in picture like start with zero trust, use defense in depth. So before you strategize what product to use or what cost measures you have to put in use zero trust strategies right um it's simple three principles lease

privilege zero trust um in like verify explicitly and assume breach right so basically you should see who have access to your system if a person if an employee has gone on vacation what are the access for him at this moment can anybody else access the account do they have MFA A do they have you know risky signin triggers to understand who's coming into your system who has access to the data right so like I said zero trust is a center of starting small starting simple and then defense in depth um again from identity to data layer what are the measures in place to protect your environment I understand I have worked with ISVS myself I

understand cost is u um is a bigger concern so the prioritization is for the system to function versus focus on implementing expensive security products. So use governance, use policy. For example, I use um in in Azure and cloud, use Azure policies to understand what is coming into your system, how you can monitor it, how you can mitigate it and then take next steps from there. >> Siman, thank you so very much for giving us that sneak peek. I know our attendees are going to get so much value from your session. For everyone watching, make sure you grab your tickets now at bsidesvi.com. If you get yours before Friday, September 19th, you'll score an exclusive custom-designed black

hacker-esque t-shirt in your size, perfect for boosting your hacker cred and being the envy of all your friends and colleagues. We're on all the socials. You can find the links at our website and join the conversation at #bsidesvi. See you in October.