What Rebuilding a Poetry Site Taught Me About AI and Security

Edward Bonver spent weeks rebuilding a 25-year-old website with thousands of poems using AI (Claude Code in Visual Studio Code on Windows) as my coding partner. The AI wrote clean, confident code, passed its own reviews, and introduced changes that caused production outages — including a bad deployment and data routing issues.

This talk shares real examples from a real codebase: where AI hallucinates, where it skips steps, and how to build guardrails that actually work. We’ll cover input validation, output encoding, dependency minimization, and rollback planning — grounded in the OWASP Top 10 and the OWASP Top 10 for LLMs — and what actually improved (and didn’t) after those failures.

You’ll leave with a practical framework for building with AI without needing to trust it blindly, along with lessons from rebuilding at scale and safely introducing new features under AI-assisted development.

Who Should Attend:
Anyone whose team is adopting AI-assisted development: web developers, application security practitioners, IT auditors, digital asset managers, and technical leaders responsible for reliability and security.

What You’ll Learn:

• How AI-generated code fails in real systems (hallucinations, skipped steps)
• How to write security requirements AI can actually enforce
• Where AI hallucinations, platform assumptions, and dependency risks show up
• How to design guardrails: validation, encoding, and dependency minimization
• How to plan rollback and recovery when AI introduces production issues
• A practical framework for using AI as a development partner without trusting it blindly

Edward, CISSP, CSSLP, is a seasoned cybersecurity leader with more than 25 years of experience spanning software development, assurance, and product security. His background includes roles at Raytheon Technologies, Symantec, Digital Equipment Corporation, Veritas Technologies, and Arctera. Over the course of his career, he has worked across a wide technical spectrum, from developing real-time operating systems and networking protocols to building and leading enterprise-scale product security programs.

A recognized software security evangelist and product cybersecurity subject matter expert, Edward regularly speaks at global software industry security events and contributes to security community forums and industry alliances.

Edward served on the SAFECode Board of Directors, representing Symantec and Raytheon Technologies, and contributed actively to SAFECode working groups and publications.

Because ISSA Los Angeles makes commitments to our facilities well in advance of each event, we regret that we cannot offer any refunds or credits within 72 hours of any of our events. If you cannot attend an event you can send someone in your place as long as they have your written permission.

CPEs: There will be 2 CPE credits for the meeting.

Disclaimer: ISSA-LA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISSA-LA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISSA-LA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices.

All materials used in the preparation and delivery of presentations on behalf of ISSA-LA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISSA-LA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers. Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Permission to be Photographed: By attending this event, the registrant grants permission to be photographed during the event. The resultant photographs may be used by ISSA-LA for future promotion of ISSA-LA’s educational events on ISSA-LA’s web site and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs now or in the future.

Event Venue & Nearby Stays

TBD, TBD, Los Angeles, United States

Concerts, fests, parties, meetups - all the happenings, one place.

Get App