## Abstract Security advice is often generic, disconnected, or overly idealistic — especially when applied to real-world systems made of tangled cloud setups, developer toolchains, fragile CI/CD pipelines, and unpredictable AI interfaces. In this workshop, we focus on doing security the way it actually works: fixing what’s broken, one config line at a time. Guided by the NIST Cybersecurity Framework (Identify → Protect → Detect → Respond → Recover, with a dash of Governance), we walk through: - Inventorying your environment using tools you already have - Detecting dangerous misconfigurations in software and infrastructure - Applying sustainable, code-driven protections to your pipelines and environments - Responding to threats without overreaction - Recovering with automation, not panic Whether you're dealing with cloud drift, CI/CD chaos, or prompt-injected hallucinations, this workshop will give you a holistic and practical defensive roadmap — ready to implement in real enterprise environments. ## Learning Outcomes: - Build actionable inventories across software, infrastructure, and AI systems - Identify and detect high-risk misconfigurations using SBOMs, IaC scans, and cloud tooling - Apply secure-by-default configurations in CI/CD pipelines and cloud IAM - Implement mitigation strategies for prompt injection and insecure AI behavior - Map improvements to NIST CSF and defend security decisions to stakeholders ## Audience Level Beginner - The student has an interest in the topic presented and general technology knowledge that a power user or undergraduate student may have acquired. ## Prerequisite: 1. Personal Laptop with unrestricted internet access 2. ⁠Google Account with Access to Google Cloud Console & Cloud Shell (ref: docs.cloud.google.com/shell/docs/launching-cloud-shell) 3. ⁠Personal GitHub Account 4. Discord Account for support Due to the short duration of workshop, we would not be able to provide trouble shooting support to students. if the systems dont work recommended approach would be to see how others are doing and later on after workshop they can try it.