AWS for Software Companies Podcast

Harold Rivas – Chief Information Security Officer at Trellix, discusses the role of generative AI in cybersecurity, focusing on Trellix's adoption of AI for threat detection and model governance, while emphasizing the importance of privacy, responsible innovation, and cross-functional collaboration.Topics Include:Introduction to generative AI and its impact on cybersecurityHarold’s background in financial services and cybersecurity rolesTrellix’s focus on product feedback through the Customer Zero ProgramOverview of machine learning's role in anomaly detection at TrellixDevelopment of guided investigations to assist security operations teamsGenerative AI's growing importance in cybersecurity at TrellixLaunch of Trellix WISE at the RSA Conference in 2024Addressing the overload of security alerts with AI modelsIntegration of various AI models like Mistral and AnthropicReducing anomalies and workload for security operations teamsImportance of privacy in generative AI adoption and data governanceChallenges with GDPR and CPRA regulations in AI implementationFocus on privacy frameworks like the NIST Privacy FrameworkNeed for multi-stakeholder involvement in AI governanceDiscussion on model governance inspired by financial services practicesImportance of inventorying and testing AI models for securityBenefits of an AI Center of Excellence (AICOE) within organizationsModel governance in generative AI for regulatory and business outcomesThe impact of AI on labor, jobs, and decision-making processesAddressing cyber risk and threat modeling in AI environmentsThe double-edged sword of AI in offensive and defensive cybersecurityMITRE Atlas framework's role in AI-driven cybersecurity strategiesPotential negative consequences. Auto dealership hacked – Chevy Tahoe sold for $1Importance of vulnerability management and developer trainingEvolution of AI security tools and responsible use of generative AICollaboration, governance, and agility in AI adoption across organizationsQ&A 1: Outcomes and responsibilities an generative AI COE should have?Q&A 2: Model governance and financial implicationsQ&A 3: CISO response to model development, compliance and learning with customer dataQ&A 4: Thoughts and suggestions for rating systems for modelsQ&A 5: Selecting and evaluating modelsQ&A 6: Advice and experience for model deployment and technical controlsQ&A 7: Human reviewing AI responses to ensure accuracyQ&A 8: Will AI help avoid major outages in the future?Q&A 9: How to test and see maturity of models?Session wrap upParticipants:·        Harold Rivas – CISO at TrellixSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Executive leaders from Arctic Wolf, Docker and Illumio share insights on fostering a strong security culture, balancing innovation with security, and addressing challenges in data protection and AI model development.Topics Include:Overview of security culture in different company teamsImportance of guidelines and secure IT infrastructure for AI modelsChallenges of accessing customer data while maintaining securityNeed for anonymization in early AI model developmentDocker's open-source ecosystem and security integrationDogfooding own products to ensure product reliability and trustworthinessIllumio’s high customer trust and responsibility for strong security practicesBalancing security awareness with development speed at IllumioGamifying security training to increase awarenessInterlocking with customers to enhance security understanding for developersEmbedding security into the development process from the startIllumio's approach to security in agile, cloud-native developmentAdapting customer success strategies for evolving security needsRise of non-developers using AI in enterprisesEducating business leaders on security best practicesScaling customer enablement and education through community engagementChallenges of placing security responsibilities in the developer workflowArctic Wolf’s AI strategy for secure developmentUse of anonymized data in secure AI model trainingGenerative AI’s potential to augment human creativity and efficiencyPanelists' views on private AI and segmented model developmentMeasuring security culture progress with gamification and development metricsAddressing human factors in cybersecurity and social engineering threatsEmphasizing resiliency and containment in preventing widespread cyberattacks.Participants:Dean Teffer – Vice President of Artificial Intelligence, Arctic WolfDixie Dunn – VP of Customer Success, DockerMario Espinoza – Chief Product Officer, IllumioBrian Shadpour – General Manager, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Hear the generative AI journeys of Cohere, Epiq, and Forcura, including their market assessments, use case prioritization, responses to ethical and security considerations, while discussing generative AI's impact on healthcare, legal industries, and business applications.Topics Include:Panel Introductions by David CristiniWhere is Focura at in their AI journeySummary of Epiq’s AI journey to dateCohere’s AI journey to dateWhere did each company begin and assessing the market opportunitiesPrioritizing of use cases for EpiqFocura’s quick focus and results with generative AISimplifying healthcare and improving patient experience with generative AIHow do experiments and proof of concepts develop into production?Indicators that Cohere uses to identify customers ready to move fastUsecases that allows Forcura customers to move forwardGuidance on engaging the Executive Team – getting Executive alignmentHow are legal and healthcare customers responding to AI solutions and challengesChanges of priority from customer advisory panelsEvolving questions and concerns of functionality and dataSome customers reporting AI evaluation is slowing them downUsecases that are easier to start off with to gain trust and tractionDealing with AI concerns of ethics, security and privacy – managing objectionsUnderstanding ethics concerns – privacy can often be about where data residesCustomers often want “traceability”Accuracy and reducing hallucinations – AI comes with risk, business have to decide on business riskFuture facing – what are we excited about?Generative AI is excellent at translation services – ROI is excellentBusiness applications and social impact of generative AIParticipants:MaryAnn Wofford – VP of Sales, CoherePaul O'Hagan - Senior Director Product Management – AI Platform, EpiqAnnie Mueller Erstling – COO, ForcuraDavid Cristini - Director, ISV Sales North America, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

J.B. Brown, VP of Engineering at Smartsheet, shares how integrating Amazon Q with Smartsheet's flexible work management platform has streamlined productivity and enhanced employee support through AI-driven automation.Topics Include:Introduction by J.B. Brown, VP of Engineering at Smartsheet.Story about improving productivityContext about Smartsheet as an enterprise-scale work management platform.Examples of Smartsheet use in healthcare, TV streaming, and small businesses.Focus on not changing how companies work, offering flexibility.Integration with popular enterprise tech stack tools like Okta and Slack.Automations in Smartsheet for notifications and data synchronization.Smartsheet’s customer base includes large enterprises and small businesses.Overview of Smartsheet’s scale: 15 million users and $1 billion revenue.Smartsheet’s employee support system, including 270+ "Ask Us" Slack channels.Mention of AWS and the introduction of Amazon Q Business.Building a Smartsheet Q Business app for streamlined employee support.Setting up an Amazon Q Business app with proprietary data sources.Implementation of Slack integration for Smartsheet employee support.Example of AI summarizing Slack threads for improved efficiency.Demo of Amazon Q Business outperforming human experts in knowledge retrieval.Emphasizing the value of reducing response time and decision-making delays.Future development plans: Smartsheet-Amazon Q connector.Using AI to interrogate and manage Smartsheet project data.Invitation to AI-minded Smartsheet customers to test the new connector.Participants:J.B. Brown - VP of Engineering at SmartsheetSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

AWS's Shahid Mohammed and Darktrace's Michael Beck discuss how generative AI innovations are transforming cybersecurity by both enhancing defences and introducing new, sophisticated threat management strategies.Topics Include:Shahid Mohammed introduces himself as a lead solution architect at AWS.Mike Beck is Global Chief Information Security Officer at Darktrace.Darktrace specializes in AI-driven cybersecurity solutions for digital environments.Darktrace secures multiple digital data pots: email, network, cloud, SaaS, and endpoint.The conversation focuses on innovation in cybersecurity through AI.Mike emphasizes the benefits of Gen AI despite its security risks.Gen AI enables more complex, targeted attacks against organizations.Attackers use Gen AI to tailor attacks through phishing and deepfakes.Gen AI increases phishing complexity by eliminating common detection cues.Data privacy risks arise when large models process sensitive business data.Businesses must be mindful of AI’s impact on data sovereignty and security.Shahid compares the cybersecurity space to an arms race due to Gen AI.Mike stresses the importance of choosing the right AI for each task.Darktrace uses unsupervised machine learning and Gen AI together for defense.AI is essential for scaling cybersecurity efforts given today's threat complexity.Darktrace relies on AWS cloud for compute power, scaling, and innovation.AWS infrastructure helps accelerate Darktrace's R&D and operations securely.Security leaders should implement Gen AI policies and training.Mike advises technical controls and monitoring for safe Gen AI use.Gen AI is here to stay, but businesses must handle its security implications carefully.Participants:Michael Beck – Global CISO - DarktraceShahid Mohammed – Solution Architect Manager – Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Daryl Martis of Salesforce and Rashna Chadha of AWS share how Amazon Bedrock integrates with Salesforce to enhance AI applications, highlighting the partnership's strategic benefits, AI model customization, and secure deployment options.Topics Include:Introduction to Amazon Bedrock and Salesforce partnership.Overview of Amazon Bedrock as an API-based generative AI service.The strategic collaboration between AWS and Salesforce.Salesforce Data Cloud and its integration with Amazon Bedrock.Overview of Salesforce Einstein and its use of Amazon SageMaker.Recent AI launches between Salesforce and AWS, including Slack AI and MuleSoft.Use cases of AI services like Amazon Textract within Salesforce.Bringing Your Own Large Language Model (BYO LLM) with Bedrock.Foundation models offered by Amazon Bedrock (Anthropic, Cohere, Llama).Overview of security, privacy, and compliance in Bedrock AI services.Salesforce Data Cloud’s unified customer data and real-time AI capabilities.Bedrock’s support for custom AI model evaluation and metrics.Consumption models in Bedrock: on-demand vs. provision throughput.Bedrock’s agent capabilities for real-world applications like scheduling.Demo of using Amazon Bedrock models within Salesforce.Participants:Daryl Martis – Director of Product Management, Einstein AI - SalesforceRashna Chadha – AI/ML Specialist – Principal Solution Architect – Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Ashish Arora, Head of Engineering & Machine Learning, Product Analytics at Autodesk, shares how personalized AI-powered experiences and real-time data can drive product adoption, featuring insights into Autodesk’s transformation journey, leveraging machine learning, and delivering actionable recommendations to millions of users.Topics Include:Real-time data description and examplesLeveraging AWS for real time and generative AI servicesAutodesk’s journey leveraging AWS to transform architecture and deliver personalized insightsOverview of Autodesk and product portfolioUtilizing data gathered for customersPersonalized data-driven insights for customers on Autocad and other productsDescriptive insights: providing usage data for customersPrescriptive insights: Making recommendations to customers based on their workflowsPredictive insights: Using ML to recommend products and featuresAutodesk processes 100+ billion events across all products, delivered 350+ million insights to customers, served to 3.5 million customersExample walkthrough – RachaelArchitecture of Autodesk data and insight processLeveraging LLMs – Sagemaker and BedrockBringing it altogetherSession wrap upParticipants:Ashish Arora – Head of Engineering & ML, Product Analytics - AutodeskBrian Slater – Principal Solutions Architect – Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

A panel discussion on presenting on security and data to Boards of Directors, focusing on metrics, ROI, generative AI, securing intellectual property, and strategic board engagement.Topics Include:What security metrics are most valuable for Board of DirectorsArticulating ROI of security programQuantifying benefits of security programSales enablement of the security teamDriving efficiencies within the business with generative AI and moreQuantifying business and template-based reporting to Boards with Diligent softwareLeveraging consultants and 3rd parties to leverage messages to Board of DirectorsManaging and communicating data posture and risk managementWorking with data leadership, securing intellectual propertyChallenges of labelling dataEducating boards on software architecture principles and generative AIHigh focus and techniques for securing IPEnrolling Boards with generative AI use cases and innovationCreating communities of excellenceGamifying security and generative AI to increase internal knowledgeQ&A 1: Taking action on a summarized documentQ&A 2: Mental model for evaluative SaaS partnersQ&A 3: Using the board to influence budgetary decisionsSession wrap upParticipants:Satheesh Ravala - Chief Technology Officer, DiligentJosh Blackwelder – Deputy CISO, Sentinel OneRobert Huber - Chief Security Officer, Head of Tenable Research, President Tenable PublicKaren Henlsey - Principal WW Data & Generative AI Strategist, AWS

Lacework’s VP and Head of Engineering Arash Nikkar, and Product and Security Software Engineer Teddy Reed, discuss their work with generative AI and Amazon Bedrock, focusing on threat detection, chat interface improvements, and the rapid development of AI-driven solutions.Topics Include:Introducing Lacework with Arash NikkarWorking with AWS and BedrockFocusing on threat detectionLacework ingests over a trillion events each dayComposite alerts for detecting anomaliesDeveloping and improving the chat interfaceTeddy Reed talking chat interface improvementsReviewing the architectureFast engagement with generative AI / AWS BedrockThe rapid delivery with Bedrock – took 20% of expected timeBest practice – build in time to review and verify responsesMeasuring customer’s engagement and return frequency and feedbackUnderstanding customer sentiment and topic analysisAchieving 60% completed results and feedbackTransparency of source, responseEnabling assistant to have more access to data from LLMUsing AWS’ model evaluator, raising the accuracy scoresMoving everything over to Bedrock for multiple reasonsFamiliarity of AWS tools helpful for all development and security teamsAlways challenging assumptions – is chat interface the right interface?Q&A 1: Using vector database for analysis, using results as system promptQ&A 2: Approaching cost-optimization and balancing ROIQ&A 3: Using as automated remediation for findingsQ&A 4: Data source Bedrock in leveragingSession wrap upParticipants:Arash Nikkar – VP, Head of Engineering – LaceworkTeddy Reed – Product and Security Software Engineer - Lacework

Massimo Ghislandi from AWS interviews Frank Contrepois, Chief Innovation Officer of Strategic Blue and Dvir Mizrahi, Head of FinOps for WIX sharing perspectives and best practices for FinOps, implementation, challenges and future FinOps trends for software companies.Topics Include:FinOps is a new approach to managing cloud finances, bridging the gap between finance, engineering, and business stakeholdersThe implementation of FinOps can take a top-down or bottom-up approach, requiring collaboration and a common language across teamsShifting the conversation from "costs" to "investment" and "efficiency" has been an effective strategy for driving cultural changeFocusing on automation, governance, remediation, and anomaly detection can have a greater impact than just cost observabilityEducating finance teams on technical cloud concepts and vice versa is crucial for building trust and alignmentThe future of FinOps may involve expanding beyond just cloud to encompass all IT assets and aligning with a company's overall values and business objectivesPotential changes in legislation or accounting practices related to cloud could drastically impact the FinOps landscapeParticipants:Frank Contrepois – Chief Innovation Officer, Strategic BlueDvir Mizrahi – Head of Financial Engineering (FinOps), WIXMassimo Ghislandi – ISV Marketing Leader, EMEA, AWS