SecureWorld Atlanta 2025

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Also, look for “Cyber Connect” discussions on select topics and join the conversation.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Participating professional associations and details to be announced.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Artificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.

Please join us in the Networking Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.

Building control systems are increasingly targeted in today’s threat landscape—but the bigger danger may lie in how IT and OT teams respond. In this engaging session, Fred shares lessons from a career that began in IT and shifted to building control system security after a wake-up call while supporting WarnerMedia global operations. Through real-world case studies—like a vulnerability scan that knocked 6,000 devices offline—Fred illustrates the hidden risks of misaligned IT/OT priorities.

Attendees will explore how to implement right-sized security measures that safeguard building systems without disrupting critical operations. Key themes include risk assessment, the limitations of traditional IT tools in OT environments, and the enduring power of curiosity as a primary attack vector.

Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

Despite all the tools and technology, people remain the most unpredictable variable in security. Whether insider threats, awareness training, or culture-building, human behavior is central to your cyber strategy.

Please join us in the Networking Hall to connect with peers over coffee and snacks and discuss how organizations are tackling the people side of cybersecurity.

Session description to come.

You’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.

Today’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

The days of reacting to alerts are over. From continuous monitoring to threat hunting, organizations are shifting to proactive security models that anticipate and prevent incidents before they happen.

Please join us in the Networking Hall to connect with peers over coffee and snacks and explore how to make proactive security a reality in your environment.

Phishing is still the most common attack method because it taps into natural human biases. In this session, we’ll break down the key psychological triggers—like authority, urgency, and social proof—that make these attacks work.

You’ll learn how to build awareness programs that actually connect with employees by focusing on what motivates real behavior. We’ll walk through a practical framework for designing empathy-based simulations, tracking behavior change over time, and improving your training based on what works.

You’ll walk away with a proven, psychology-based blueprint and ready-to-use templates to build phishing awareness programs that cut click rates by over 30% in just three months.

This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

In the realm of enterprise security, every organization faces a classic tale as old as time: the eternal battle between defenders and digital dragons. Just as fairy tale heroes relied on preparation, vigilance, and the right tools to protect their kingdoms, today’s cybersecurity professionals must deploy proactive measures to safeguard their digital domains.

This panel session explores how preventative measures serve as the ultimate “happily ever after” for enterprise security. Our expert panel guides attendees through the enchanted forest of modern threats, revealing how proactive security architecture can transform organizations from vulnerable victims to empowered heroes.

Panelists share real-world case studies, proactive security solutions, and how organizations can write their own security success stories.

The cybersecurity workforce shortage is real—and growing. From finding skilled talent to reducing burnout and investing in upskilling, leaders are rethinking how to build resilient teams for the future.

Please join us in the Networking Hall to connect with peers over coffee and snacks and exchange ideas for navigating one of the industry’s most significant ongoing challenges.

This panel discussion confronts the challenge of building InfoSec teams with the skills to manage stress under pressure. Cybersecurity executive leaders explore how to create team cultures, practices, and processes for proactively building mental well-being instead of addressing mental health from a reactive position. Much like building a security program, the group looks at the role mindfulness can play in helping defenders increase job satisfaction, improve focus, and lower the risk of burnout. Attendees can expect to gain actionable insights and practical steps that can be implemented within their organizations to cultivate this type of resilience.

Explore how Zero Trust security principles are evolving to protect against emerging threats in the era of Generative AI. This session will delve into real-world risks, including prompt injection, data leakage, and shadow AI, while showcasing how organizations can apply Zero Trust principles to secure AI models, data, and users. Learn practical strategies, industry case studies, and best practices to build AI-resilient infrastructure. Ideal for cybersecurity leaders, IT professionals, and AI practitioners aiming to future-proof their security posture.

Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.

This is your final chance to visit the Networking Hall and get scanned by our participating partners for our Dash for Prizes. You can also turn in your Passport cards at the Registration Desk before we announce our winner!

Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.