ToorCon TwentyOne speaker: Ulrich Lang, PhD

Ulrich Lang | Co-Founder and CEO | ObjectSecurity LLC

Ulrich received his Ph.D. from the University of Cambridge Computer Laboratory (Security Group) on conceptual aspects of middleware security in 2003 (sponsored by the UK Defence and Evaluation Research Agency (DERA), after having completed a Master’s Degree (M. Sc.) in Information Security with distinction from Royal Holloway College (University of London) in 1997.

On the management side, Ulrich has recently completed a Business Marketing Strategy course at the Kellogg School of Management (Northwestern University). Ulrich is a renowned thought leader in cybersecurity (incl. model-driven security, access control policy, and application platform security), big data analytics, artificial intelligence, and virtual/augmented reality. He is currently working on an intelligent big-data supply chain risk analytics solution, and numerous projects around policy automation and policy testing. He is on the Board of Directors of the Cloud Security Alliance (Silicon Valley Chapter) and is a technical expert witness. He is responsible for the development of the OpenPMF user interface, policy automation and testing features. Ulrich runs the U.S. office in sunny San Diego, CA – and sometimes finds the time to play his sax (->open).

The speaker's profile picture

Talks

AI HACKER! Automatic vulnerability assessment & pen-testing of embedded & other systems

We present the results of our government-funded R&D to develop an intelligent automated “vulnerability assessor and penetration tester (VAPT), usable as a virtual appliance for use on enterprise networks or cyber ranges, and as a portable device for use on embedded systems. It consists of two parts, an AI-supported vulnerability assessor and an AI-supported penetration tester. In one use case it intelligently automates software vulnerability assessment for embedded systems; in another use case, it intelligently automates the tasks of an ethical hacker (penetration tester) via the network, finding systems on the network, discovering vulnerabilities, and exposing them.