SecureWorld Boston 2025

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?
• Why is the framework is valuable?
• What type of organizations can use the framework?

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Presenting cybersecurity strategies and risks to the board of directors is one of the most high-stakes responsibilities for CISOs. Yet, translating technical jargon into actionable business insights can be a daunting challenge. This closed-door roundtable discussion brings together seasoned CISOs to share their experiences, strategies, and tips for effectively communicating with board members.

From aligning cybersecurity metrics with business goals to handling tough questions about ROI and risk tolerance, this session explores practical approaches to building trust and influencing decision-makers at the highest levels. Leave with actionable advice on how to craft compelling narratives, leverage visuals and data effectively, and create meaningful dialogues with your boards.

Managing cybersecurity in the real world today is all about managing complexity and communications. Managing communications, from an organizational perspective, is exceedingly difficult given the diversity and increasing number of partners, vendors, and industry and government players. The complexity, and the problems that come from it, are driven by the rapidly changing technology, the diversity and scale of the threats, and the wide-ranging and shifting regulatory environment.  Given these challenges, which will only grow more difficult with the increasing use of AI, managing cybersecurity and privacy today can only be managed by using a structured approach based on a consistent set of models, tools and frameworks.  A simple example of this is the CIA triad, while the CIS Controls, COBIT and NIST CSF provide more elaborate frameworks.

This presentation discusses how to analyze, choose and then implement a small number of frameworks that best meet your organization’s technical, regulatory and management structure. This workshop-style session a lot of discussion since any framework must be tailored to the organization to be successful. This approach is based on the experiences gleamed from teaching graduate level computer science courses on protocol and network design, and MBA courses on cybersecurity strategy and management.

When HR and security teams understand their respective roles, value each other, and have an open, productive partnership, life is good. They can help each other be more effective and complement each other’s functions. Unfortunately, that symbiotic state can be hard to achieve. For security teams, HR folks can be hard to understand. Sometimes they seem like a great advocate for security, and at other times they can seem more like a blocker of our efforts to better secure the organization.

For HR professionals, dealing with the security team can be a challenge. For example, the security team might send out an emotionally-triggering simulated phish to everyone in the organization, causing numerous employee complaints that HR has to manage. So what can you do if you don’t have the best relationship with the HR team?

This talk, based on years of experience navigating the relationship between HR and security teams, will cover the issues that cause the biggest disconnects between HR and security. We’ll look at the issues from both sides and cover proposed solutions for each. Improving the relationships for both departments can lead to happier HR and security professionals who are more effective in their roles, and a company that’s better protected and prepared against cyber threats.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

This session provides a unique perspective on how the CISO of the MBTA navigates cybersecurity challenges in critical infrastructure. Scott Margolis will delve into managing an ever-evolving threat landscape with constrained resources while prioritizing safety, operational resilience, and the secure, effective use of digital assets. Attendees will learn practical strategies for balancing risks and focusing efforts on actions that have the greatest impact on protecting vital operations and ensuring continuity.

Recent incidents involving major cybersecurity vendors like CrowdStrike and Microsoft have highlighted the critical issue of single-point failures in our digital defense ecosystems. This panel session delves into the aftermath of these events and explores the broader implications for organizational cybersecurity strategies. Our expert panel discusses:

• The dangers of over-reliance on single vendors: Exploring the risks associated with putting all your security eggs in one basket.
• Developing a multi-vendor strategy: Balancing the benefits of integrated solutions with the need for redundancy and resilience.
• Incident response planning: Preparing for vendor-related outages or failures as part of your overall cybersecurity strategy.
• Future outlook: How the industry might evolve to address these challenges.

Gain valuable insights into creating more resilient security architectures that can withstand vendor-specific incidents.

As SaaS adoption accelerates, so do the risks—31% of organizations have already faced a SaaS-related data breach. This session explores emerging SaaS security threats, common misconfigurations, and evolving attacker tactics. By leveraging AppOmni’s insights, we’ll cover proactive threat detection and risk mitigation strategies to help you safeguard critical data and maintain business resilience in today’s dynamic threat landscape.

Session description to come.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

As AI continues to reshape the software development landscape, traditional DevSecOps practices must evolve to meet new challenges. This presentation will explore the integration of AI technologies into DevSecOps pipelines, highlighting how security, automation, and collaboration can be redefined for the next generation of AI-driven software. Attendees will learn how to balance innovation with security, navigate emerging risks, and optimize workflows for AI-centric development environments. By understanding the unique requirements of AI software, organizations can better protect their systems while accelerating delivery.

Key takeaways from this session include:

• Strategies for balancing the age-old tension with innovation and security
• The role of automation and AI in enhancing DevSecOps processes
• Adapting DevSecOps to secure AI-driven development workflows
• How to mitigate new risks in AI-powered software system development

As cybersecurity professionals, we know that technical risks can have profound business implications. But translating these risks into language that resonates with non-technical stakeholders – like executives, board members, or cross-functional leaders – remains a critical challenge. This session explores how to bridge the gap between technical jargon and business priorities to drive meaningful action. Key takeaways include:

• Speaking Their Language: Learn how to frame cybersecurity risks in terms of business impact, such as financial, operational, and reputational consequences, rather than technical vulnerabilities.
• Visualizing Risk: Discover tools and techniques for presenting complex risk assessments through storytelling, metrics, and visuals that engage and inform non-technical audiences.
• Building Trust and Buy-In: Understand how to position cybersecurity as a business enabler, not a cost center, to gain alignment and support from decision-makers.
• Adapting to Stakeholder Perspectives: Master the art of tailoring your communication style to diverse audiences, from risk-averse executives to budget-conscious financial officers.

Whether you’re pitching a budget increase for security initiatives or explaining the implications of a recent threat, this session equips you with strategies to ensure your message lands effectively and inspires informed decision-making.

Session description to come.

Today’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Ransomware attacks are causing significant financial and operational damage to organizations around the world. In this roundtable, we’ll look at tactics that have proven to defeat ransomware – and which have missed the mark.

This moderated interactive discussion tackles how to stop, detect, and mitigate ransomware. As leaders in the trenches, come ready to share and learn which steps you can take to transform security from a mere compliance exercise into a cornerstone of your company’s resilience and long-term success. Don’t miss this opportunity to have a peer-to-peer conversation on how to safeguard your organization from today’s most pervasive cyber threats.

Sponsored by:

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Technology alone cannot safeguard your organization – your people are your most important security tool. This session dives into the essence of principle-based leadership and its transformative role in recruiting, developing, and retaining top cybersecurity talent.

Brian explores:

• Why People Are Key: Cybersecurity tools and systems are only as effective as the individuals managing them. Learn how to prioritize your human resources as the linchpin of a resilient security strategy.
• Leadership Essentials: Discover the leadership skills and practices security leaders need to inspire and cultivate high-performing teams. From fostering continuous learning opportunities to providing meaningful feedback, we’ll discuss actionable strategies for employee development.
• Clear Communication for Team Success: Great leadership requires clarity and alignment. This session will unpack how to communicate priorities effectively, align team members with your security goals, and create an environment where every individual understands their contribution to organizational success.

Join the session for practical insights into fostering a culture where top talent thrives, enabling your security team to become a competitive differentiator.

Session description to come.

As the cybersecurity landscape evolves, the associated PCI requirements supporting those security considerations are also changing. Is your organization well positioned to adapt to the updated guidance issued with version 4.0.1 and the upcoming implementation deadlines for the March 31, 2025, requirements? This presentation explores the essential quick wins for payment card security and PCI compliance related to the new version, 4.0.1, and how to best guard your cardholder data without committing the whole IT team defensive line to compliance-related tasks.

Key topics include:

• Rule Changes: Updates to PCI DSS in version 4.0.1
• Game Footage: Common High-Risk Misses
• Away Games: Future Dated (2025) Requirements

As organizations migrate to the cloud, securing these virtual kingdoms requires a blend of innovation and vigilance. This panel will explore the challenges of cloud security, from defending against breaches to managing access, and how organizations can build cloud “castles” that are both robust and adaptable in the face of evolving threats.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

This session unveils the latest trends in cyber threats and equips attendees with practical strategies to protect themselves and their organizations in an increasingly connected world. The session explores:

• The alarming 257% increase in cryptocurrency-related phishing attempts over the past year
• How cybercriminals are adapting to the volatile crypto market, with North Korean state-sponsored actors stealing $1.34 billion in cryptocurrency this year alone
• The shift toward stablecoins as the preferred currency for illicit transactions
• The rise of AI-powered malware and deepfake fraud in the crypto space
• Practical tips to safeguard your digital assets and crypto wallets

Whether you’re a crypto enthusiast or a concerned citizen, you’ll gain valuable insights into the evolving landscape of cybersecurity in the age of digital currencies. Don’t miss this opportunity to strengthen your personal and business cyber defenses and become a proactive guardian of you and your organization’s online presence in the face of increasingly sophisticated digital desperados.

This panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.

Session description to come.

The advancements of artificial intelligence (AI) have taken both popular culture and almost every industry by storm, due to the technology’s far-reaching abilities to augment human skills and bring safety and efficiency to several areas of our everyday lives. But these systems also bring with them a wealth of challenges, from ethics to security. We must be just as concerned about an organizations’ use of AI in critical workflows as we should be about LLMs disclosing sensitive data. How we evaluate these systems security, resilience, and robustness will be driven by well-established bedrock principles in both audit and assessments.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?
• Why is the framework is valuable?
• What type of organizations can use the framework?

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?
• Why is the framework is valuable?
• What type of organizations can use the framework?

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

This session is for SecureWorld Advisory Council members only.

In the aftermath of the devastating and deplorable attack on a Healthcare Insurance executive, in this workshop we will explore the evolving landscape of executive protection. We’ll examine the lessons learned from the incident and discuss actionable insights for strengthening the security posture of C-suite executives. Participants will gain practical tools for improving executive safety in today’s complex threat environment.

Key takeaways from this interactive session include:

• Best practices for executive protection.
• Strategies for integrating security with executive leadership.
• Tools for identifying and mitigating emerging security threats.

The ISSA-NE Chapter hosts a breakfast roundtable discussion on various security topics, including AI and cyber exercises. David Dumas, Secretary and board member of the chapter, will facilitate the discussion. Please come to the meeting with your questions to be discussed. A continental breakfast will be served. ISSA members and anyone that would like to consider joining the chapter are welcome.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

The term Chief Information Security Officer, or CISO, is one that is often defined incorrectly. Many people assume that a CISO is part of the career step, or stop, toward becoming a world-class security engineer. It’s often said the way you become a CISO is to be a security engineer for 10 years and get promoted—but that is all wrong. It is a broken model and why many companies struggle with defining the role of the CISO. A CISO is, by all definitions, a Chief Officer (CO) with a focus and obsession for Information Security (IS). Thus, a true CISO is a CO with an emphasis on IS.

In this talk, Dr. Eric Cole breaks down how we got here, why the old CISO model is broken, what we can do, and what you can do to become a better CO IS for yourself and your organization. Whatever your title, you will come away invigorated to rethink your role in security leadership!

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

There are hundreds of security vendors who can sell you their widget; will the tool insulate you from a data breach? Probably not! Get back to basics. Bill walks you through the non-negotiable items that you need in your program to ensure your cyber security program is going in the right direction.

This panel discussion confronts the challenge of building InfoSec teams with the skills to manage stress under pressure. Cybersecurity executive leaders explore how to create team cultures, practices, and processes for proactively building mental well-being instead of addressing mental health from a reactive position. Much like building a security program, the group looks at the role mindfulness can play in helping defenders increase job satisfaction, improve focus, and lower the risk of burnout. Attendees can expect to gain actionable insights and practical steps that can be implemented within their organizations to cultivate this type of resilience.

Hear directly how someone who has spent years reviewing and prioritizing bug bounty program submissions approaches the task. In this talk, discover how to craft reports that stand out, ensuring your findings are presented for maximum impact and value. Discover the most common pitfalls to avoid, tips on how to structure your reports for clarity and precision, and hear highlights of the key elements triagers focus on to determine the severity and validity of vulnerabilities.

Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Governance, Risk, and Compliance (GRC) is more than just a regulatory checkbox; it’s a critical framework for protecting information systems and data while ensuring third-party compliance. When effectively implemented, GRC empowers organizations to mitigate risks and align security strategies with business objectives. However, poorly executed GRC processes can lead to compliance failures, operational disruptions, and significant financial consequences. This session dives into:

• Core Principles of GRC in Information Security: Understand how GRC frameworks support the protection of information systems and sensitive data while addressing third-party compliance requirements.
• Practical Implementation Strategies: Explore actionable approaches to integrate GRC processes into your information security program without creating unnecessary complexity or friction.
• The Financial Risks of Poor GRC: Learn how inadequate GRC practices can lead to regulatory fines, reputational damage, and wasted resources—and how strong GRC can protect your bottom line.
• Balancing Compliance and Security: Discover how to meet compliance obligations without compromising the agility and effectiveness of your security posture.

Whether you’re establishing a GRC program or seeking to optimize an existing framework, this session provides the insights and tools to align your governance, risk, and compliance efforts with your InfoSec priorities while safeguarding your organization’s financial health.

In today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.

Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:

• Establishing trust in the supply chain
• Collaborative approaches to secure software development
• The role of transparency in building and maintaining trust
• Balancing intellectual property concerns with security needs
• Leveraging partnerships for more effective incident response
• Case studies of successful security-focused partnerships

You’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.

The quest for resilience is critical in the face of rising attacks, from ransomware to natural disasters. This panel will discuss how organizations can prepare for the worst, recover quickly, and learn from the past to ensure they are stronger for the battles ahead—turning every trial into a triumph in their cybersecurity story.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Sponsored by:

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

The traditional way of repetitious secure code development training and pitching security by design and default is not working when we continually code scan and pen test and find code vulnerabilities due to a lack of adherence to coding standards and best practices.

Changing the enterprise approach towards secure code development through effective motivation and alignment on rewarding secure code development practices within the annual evaluation and bonus structure.

Participate in the play-through of the CyberSecureDeck: Defend the Network Card Game, an interactive tabletop exercise card game, and learn how to identify, protect, respond, and recover from cyberattacks while creating a more cyber-aware culture. During the game, participants will be asked to assume a role in an organization impacted by a simulated cyberattack and discuss cyber incident response actions. Attendees will also be given a copy of the deck so they can facilitate simple tabletop exercises within their own organizations.

This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

As the threat landscape continues to evolve, technical controls alone are not enough – adopting the right cybersecurity behaviors is critical to reducing risk. This engaging session will introduce 12 essential behaviors that cybersecurity professionals should integrate into their daily practice to enhance security culture and resilience. Modeled after proven fraud prevention strategies, these behaviors offer a human-centric approach to mitigating threats like phishing, social engineering, credential theft, and insider risk. Attendees will learn how to operationalize these habits within their organizations, empowering both security teams and end-users to be proactive, rather than reactive, in their cyber defenses. Whether you’re a CISO, security analyst, or IT leader, this session will equip you with actionable insights to strengthen your security posture.

Session description to come.

Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.

In today’s dynamic cyber risk landscape, risk managers must stay informed and adapt their strategies accordingly. Recent global cyber events have had a profound impact on critical functions across multiple sectors, underscoring the gravity of cyber events. Risk managers also face complexities from trends like reliance on third parties and evolving data protection laws.

To successfully navigate these challenges, risk managers are tasked with learning from significant cyber events, implementing best practices for managing third-party cyber risk, and staying updated on privacy regulations. This session assists risk managers in effectively mitigating cyber risks and safeguarding their organizations by discussing strategies for managing third-party cyber risk and providing updates on privacy regulations.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?
• Why is the framework is valuable?
• What type of organizations can use the framework?

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.