ISSA LA: What Rebuilding a Poetry Site Taught Me About AI and Security

Come network with your peers, make new friends and hear two great talks

The founding Chapter of ISSA invites you to come and network with your friends and colleagues, make new friends and hear two great speakers. Enjoy a delicious full buffet dinner and drinks.

Topic One: Quoth the AI: “Nevermore” — What Rebuilding a Poetry Site Taught Me About AI and Security

Edward Bonver spent weeks rebuilding a 25-year-old website with thousands of poems using AI (Claude Code in Visual Studio Code on Windows) as my coding partner. The AI wrote clean, confident code, passed its own reviews, and introduced changes that caused production outages — including a bad deployment and data routing issues.

This talk shares real examples from a real codebase: where AI hallucinates, where it skips steps, and how to build guardrails that actually work. We’ll cover input validation, output encoding, dependency minimization, and rollback planning — grounded in the OWASP Top 10 and the OWASP Top 10 for LLMs — and what actually improved (and didn’t) after those failures.

You’ll leave with a practical framework for building with AI without needing to trust it blindly, along with lessons from rebuilding at scale and safely introducing new features under AI-assisted development.

Who Should Attend:
Anyone whose team is adopting AI-assisted development: web developers, application security practitioners, IT auditors, digital asset managers, and technical leaders responsible for reliability and security.

What You’ll Learn:

• How AI-generated code fails in real systems (hallucinations, skipped steps)
• How to write security requirements AI can actually enforce
• Where AI hallucinations, platform assumptions, and dependency risks show up
• How to design guardrails: validation, encoding, and dependency minimization
• How to plan rollback and recovery when AI introduces production issues
• A practical framework for using AI as a development partner without trusting it blindly

Speaker One: Edward Bonver

Edward, CISSP, CSSLP, is a seasoned cybersecurity leader with more than 25 years of experience spanning software development, assurance, and product security. His background includes roles at Raytheon Technologies, Symantec, Digital Equipment Corporation, Veritas Technologies, and Arctera. Over the course of his career, he has worked across a wide technical spectrum, from developing real-time operating systems and networking protocols to building and leading enterprise-scale product security programs.

A recognized software security evangelist and product cybersecurity subject matter expert, Edward regularly speaks at global software industry security events and contributes to security community forums and industry alliances.

Edward served on the SAFECode Board of Directors, representing Symantec and Raytheon Technologies, and contributed actively to SAFECode working groups and publications.

Topic Two: Tales from the Coalface: How AI Is Transforming Software Development Culture to Enforce Cybersecurity and Privacy Compliance

Cybersecurity policies and privacy compliance frameworks often fail—not because they are poorly written, but because development teams struggle to operationalize them consistently. The real challenge lies at the coalface, where developers, DevOps teams, and security requirements intersect under real-world pressure.

In this session, Gavin Jackson shares practical field-tested insights on how artificial intelligence is reshaping software development culture and enabling teams to consistently implement cybersecurity and privacy compliance requirements. Drawing from real operational experience, this presentation explores how AI-driven tools can reinforce secure coding practices, automate policy enforcement, and create measurable accountability across development teams.

Attendees will gain a practical understanding of how AI can be embedded into daily workflows to transform cybersecurity from a compliance obligation into an operational discipline.

Key Takeaways:

• How AI-assisted development tools help enforce secure coding standards
• Using automation to bridge the gap between policy and practice
• Building developer accountability without slowing delivery velocity
• Cultural shifts required to sustain long-term cybersecurity compliance

Speaker Two: Gavin Jackson

Gavin Jackson is the Co-Founder and Chief Technology Officer of Syncrasy Dynamicx LLC, where he leads the design and execution of secure, scalable digital platforms that align technology infrastructure with core business objectives. With an executive technology career spanning the United Kingdom, Europe, Middle East, and United States, Gavin brings a global perspective to cybersecurity strategy, software engineering, and enterprise IT transformation.

Gavin specializes in building resilient architectures that integrate cybersecurity, hybrid cloud environments, and predictive analytics into operational workflows. His work focuses on enabling organizations to transition from reactive IT models to proactive, intelligence-driven security and operational frameworks.

Throughout his career, Gavin has led initiatives that delivered measurable business value through automation, data-driven decision-making, and security-first system design. He is particularly known for translating complex technical risk into clear operational strategies that executives and DevSecOps teams can execute with confidence.

Thank you to our sponsor Acalvio

Because ISSA Los Angeles makes commitments to our facilities well in advance of each event, we regret that we cannot offer any refunds or credits within 72 hours of any of our events. If you cannot attend an event you can send someone in your place as long as they have your written permission.

CPEs: There will be 2 CPE credits for the meeting.

Disclaimer: ISSA-LA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISSA-LA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISSA-LA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices.

All materials used in the preparation and delivery of presentations on behalf of ISSA-LA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISSA-LA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers. Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Permission to be Photographed: By attending this event, the registrant grants permission to be photographed during the event. The resultant photographs may be used by ISSA-LA for future promotion of ISSA-LA’s educational events on ISSA-LA’s web site and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs now or in the future.