Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Wednesday, April 8, 20267:30 am[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
SecureWorld Plus
7:30 am - 9:00 amUpon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.
Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.
The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.
Module 1: What is Artificial Intelligence (AI) and how does AI work?
Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.
Module 2: AI Cloud Adoption Frameworks (CAFs)
An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).
Module 3: AI threats and Vulnerabilities
AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).
Module 4: AI security controls
Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.
Module 5: Building an AI Security Program
This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.
Module 6: AI governance, AI risk management, AI compliance, AI audit
This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
7:30 am[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:
SecureWorld Plus
7:30 am - 9:00 amThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
7:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amNetworking Hall openRegistration Level:
Open Sessions
8:00 am - 4:30 pmLocation / Room: Networking HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
Also, look for “Cyber Connect” discussions on select topics and join the conversation.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Balancing and Managing PrioritiesCISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:
VIP / Exclusive
8:00 am - 8:45 amSession details to come.
8:00 amISACA New England Chapter Meeting (open to all attendees)Managing Blockchain Security and Privacy: Learning from Our Past MistakesProfessor, Carroll School of Management, Boston CollegeRegistration Level:
Open Sessions
8:00 am - 8:45 amFocus Areas: Blockchain & Web3 Security; Decentralized Identity & Risk; Emerging Tech GovernanceWe all know that managing cybersecurity is incredibly difficult, and given the cybersecurity failures of recent times, we see that we are still struggling to get it right. That said, the foundational elements that make blockchain and DLT possible, such as decentralization and robust consensus algorithms, will make securing these systems even more difficult. And time is not on our side given how quickly these systems are being applied to our financial and other systems.This session presents a manageable approach to blockchain security and privacy that leverages what we have learned the hard way in managing cybersecurity. We examine, for example, how established practices for risk assessment and identity management must evolve to meet the truly decentralized nature of the blockchain ecosystem.Given that there is no perfect answer to any of this, this session is much more of a workshop with a lot of discussion, rather than the classic slide-driven conference session. This format aims to spark the kind of critical analysis and collaborative problem‑solving these emerging technologies demand, and it is based on the presenter’s experience gleaned from teaching graduate-level computer science courses and MBA courses on both blockchain systems and cybersecurity management.8:00 amSimple Daily Habits to Strengthen Your Security PostureRegistration Level:
Open Sessions
8:00 am - 8:45 amSession details to come.
8:45 amNetworking BreakRegistration Level:
Open Sessions
8:45 am - 9:00 amLocation / Room: Networking HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Security Catharsis: What InfoSec Professionals Are REALLY ThinkingFocus Areas: Cybersecurity Realism & Anti-Hype; Foundational Security Hygiene; Human Risk & Security CultureHead of Product Security, Product Security Officer, Cubic Transportation SystemsCISO, AvidRegistration Level:
Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThe security industry has reinvented itself annually to sell us new fears. Quantum threats. AI-powered everything. The next generation of awareness training. Each year, a new wave of FUD designed to convince us we need to spend more to be “future-proof.”
But here’s what we’ve been saying at happy hours and inside conversations for years: most of it is BS.
Security Catharsis is the conversation we’ve been too afraid to have on stage. No vendor pitches. No corporate talking points. Just honest dialogue about where the industry has lost its way—and what we’re going to do about it. We’ll tackle a few topics:
- Hype vs. real threat: Quantum-proof encryption, Gen-AI Chatbot Proxies, even printer security. What became of our ability to threat model?
- Security awareness training: From compliance checkbox to victim blaming
- Foundations vs. quick fixes: Why we keep buying band-aids for festering wounds
Join us for an unfiltered panel discussion where security professionals say what they actually think. We’ll validate what you’ve been thinking but weren’t sure you could say out loud. We’ll challenge the FUD. And we’ll talk about what it actually takes to get back to fundamentals.
This isn’t therapy. This is a call to action. If you’ve been having these conversations in private for years, it’s time we had them in public.
9:45 amNetworking Break & Cyber ConnectAI in Cybersecurity: Game-Changer or Growing Threat?Registration Level:
Open Sessions
9:45 am - 10:10 amLocation / Room: Networking HallArtificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.
Please join us in the Networking Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.
10:10 amBreaking Into the BoardroomFocus Areas: Board Communication & Governance; Cyber Risk Strategy & Quantification; Leadership & Strategic AlignmentOperating Partner | CISO, Welsh, Carson, Anderson & StoweRegistration Level:
Conference Pass
10:10 am - 10:45 amAre you leading your audit committee meetings with vulnerability statistics and budget requests? It’s essential to understand the real concerns of the board and provide them with the information they need. In this session, learn how to transition from being a security leader to becoming a trusted cyber risk leader.10:10 amIdentity Security Beyond MFA: Continuous Verification and Risk-Based ControlsRegistration Level:
Conference Pass
10:10 am - 10:45 amSession details to come.
10:10 amThreat Hunting with AI: Turning Noise into Actionable IntelligenceVP & CISO in Residence, ZscalerRegistration Level:
Open Sessions
10:10 am - 10:45 amSession details to come
10:10 amModern Ransomware: Double Extortion, Data Destruction, and Targeted CampaignsRegistration Level:
Open Sessions
10:10 am - 10:45 amSession details to come.
10:45 amNetworking Break & Cyber ConnectThe Human Element in CybersecurityRegistration Level:
Open Sessions
10:45 am - 11:10 amLocation / Room: Networking HallDespite all the tools and technology, people remain the most unpredictable variable in security. Whether insider threats, awareness training, or culture-building, human behavior is central to your cyber strategy.
Please join us in the Networking Hall to connect with peers over coffee and snacks and discuss how organizations are tackling the people side of cybersecurity.
11:10 amFrom 'No' to 'How': The CISO's Upgrade in 2026Interest tags: CISO Strategy; AI Security Governance; Security MetricsCISO / Head of Infrastructure, Income Research + ManagementRegistration Level:
Conference Pass
11:10 am - 11:45 amIn 2026, CISOs sit at the intersection of cyber risk, AI, regulation, and growth. The days of the “department of no” are over; security leaders are expected to be business operators who enable transformation—instead of blocking it.
This session explores how the role is evolving, what boards and regulators now expect, and how to shift your security team from reactive firefighting to proactive business enablement. You’ll leave with a practical playbook you can apply immediately: new ways to communicate with the business, embed security into AI and digital initiatives, and measure success in terms that actually matter to executives.
11:10 amThe Rise of AI Assistants: New Insider Threat and Data Exposure ChallengesRegistration Level:
Conference Pass
11:10 am - 11:45 amSession details to come.
11:10 amThird-Party Risk: Managing Exposure Across Expanding Vendor EcosystemsRegistration Level:
Open Sessions
11:10 am - 11:45 amSession details to come.
11:10 am[Panel] Navigating the Evolving Digital BattlefieldFocus Areas: Identity-First Security; Attack Surface Management; Supply Chain & Fourth-Party RiskSr. Solutions Engineer, Sumo LogicSr. Product Marketing Manager, Threat Intel, InfobloxFounder & CEO, P0 SecurityRegistration Level:
Open Sessions
11:10 am - 11:45 amAs organizational footprints expand across cloud, SaaS, OT/IoT, and dispersed workforces, defenders face a more complex and interconnected digital battlefield. This panel brings together experts to explore how today’s threat actors combine automation, social engineering, identity breaches, and software supply-chain attacks into highly coordinated assaults.
Panelists will examine the expanding importance of identity in the modern SOC, the emergence of AI-driven threats such as automated reconnaissance and deepfake-assisted breaches, and how fourth-party dependencies are changing risk visibility. The discussion also connects these trends to organizational resilience—showing how teams can improve detection, response, and business continuity across an evolving attack surface. This comprehensive session provides practical insights for any security leader seeking clarity amid converging threats.
11:45 amNetworking BreakRegistration Level:
Open Sessions
11:45 am - 12:00 pmLocation / Room: Networking HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pm[Lunch Keynote] AI-Accelerated Attacks and Defenses: Preparing for Machine-Speed ThreatsRegistration Level:
Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterSession details to come.
12:45 pmNetworking Break & Cyber ConnectProactive by Design: Anticipating Threats Before They StrikeRegistration Level:
Open Sessions
12:45 pm - 1:10 pmLocation / Room: Networking HallThe days of reacting to alerts are over. From continuous monitoring to threat hunting, organizations are shifting to proactive security models that anticipate and prevent incidents before they happen.
Please join us in the Networking Hall to connect with peers over coffee and snacks and explore how to make proactive security a reality in your environment.
1:10 pmHow Are You, Really? The Hidden Power of Identity in the EnterpriseFocus Areas: IAM as a Business Enabler; Strategic IAM Governance & Leadership; Human-Centric Security & Operational ResilienceVP, Global Head IT & Security, EDETEK Inc.Registration Level:
Conference Pass
1:10 pm - 1:45 pmThis presentation delves into why identity is more than just login credentials—it’s the linchpin of organizational security, collaboration, and strategic growth. This session peels back the layers of traditional access management, revealing how a robust IAM framework not only fortifies defenses against breaches but also empowers teams to innovate and scale. By understanding the full spectrum of identity’s influence, attendees will discover practical strategies to leverage IAM as a driving force for resilience and competitive advantage in a rapidly evolving digital world.
1:10 pmThreat Modeling for Modern Architectures: From Cloud to EdgeRegistration Level:
Open Sessions
1:10 pm - 1:45 pmSession details to come.
1:10 pmWorkforce Identity in the Age of Remote DeceptionFocus Areas: Identity & Access Governance; Insider Risk & Workforce Integrity; Cross-Functional Security LeadershipCISO, TMF Health Quality InstituteDeputy CISO, TMF Health Quality InstituteRegistration Level:
Conference Pass
1:10 pm - 1:45 pmIn today’s remote-first world, ensuring that the people doing the work are actually who they claim to be has become a critical challenge. From North Korean agents posing as freelance developers to employees collecting full-time paychecks from three different companies, the risks are as real as they are hard to detect.This session will offer practical strategies for managing this complex problem. The solution requires close collaboration between executives, human resources, security, compliance, and supervisors. How do you create a program that balances the competing priorities of security and teamwork? How do you regularly validate workers while not giving the impression that “big brother is watching you”?Leave with new insights, sharper instincts, and a fresh perspective on modern workforce protection.1:10 pm[Panel] The Double-Edged Sword of AI in Cyber DefenseFocus Areas: AI-Powered SecOps; Adversarial AI & Synthetic Media; AI Governance & AssuranceField CISO, Abnormal AIRegistration Level:
Open Sessions
1:10 pm - 1:45 pmAI is revolutionizing cybersecurity at all levels, speeding up detection and enabling automated attacks on an unprecedented scale. This session examines AI’s dual role as both a powerful defensive tool and a new threat vector for attackers. Panelists will discuss how AI copilots enhance analyst workflows, triage, and anomaly detection, while also addressing emerging risks such as LLM data leakage, prompt injection, model poisoning, and hallucinations within high-trust SOC processes.
The discussion will cover AI governance and assurance frameworks, evolving regulatory expectations, and the impact of synthetic content—including deepfakes, audio spoofing, and hyper-personalized phishing—on social engineering defenses. Attendees will leave with a solid understanding of AI’s potential, the safety measures needed for responsible deployment, and practical steps for preparing teams and pipelines for an AI-driven threat environment.
1:45 pmNetworking Break & Cyber ConnectCyber Talent Crisis: Recruiting, Retaining, and Reskilling Your TeamRegistration Level:
Open Sessions
1:45 pm - 2:10 pmLocation / Room: Networking HallThe cybersecurity workforce shortage is real—and growing. From finding skilled talent to reducing burnout and investing in upskilling, leaders are rethinking how to build resilient teams for the future.
Please join us in the Networking Hall to connect with peers over coffee and snacks and exchange ideas for navigating one of the industry’s most significant ongoing challenges.
2:10 pmBuilding Incident Response Plans for Highly Distributed WorkforcesRegistration Level:
Conference Pass
2:10 pm - 2:45 pmSession details to come.
2:10 pmMicrosegmentationTechnical Director of Security, EchoStorRegistration Level:
Open Sessions
2:10 pm - 2:25 pmSession details to come.
2:10 pmInfraGard Boston Chapter Meeting (open to all attendees):Coloring Outside the Lines: Operationalizing AI GovernanceManaging Director, Novus LaurusRegistration Level:
Open Sessions
2:10 pm - 2:45 pmAI isn’t politely arriving on a rollout plan. It’s already embedded in vendors, workflows, and decisions that slipped past policy. That reality forces a shift. Governance has to mean more than binders, policies, and charter documents. What does governance look like when you cannot yet see the shape, scale or future use of AI, inside or outside your organization, and yet it is already shaping decisions today? How do you operationalize governance so AI can support growth rather than suppress innovation? And how do you design governance to be durable when it may never be complete?This session brings a grounded perspective from the realities of making AI governance work in practice.2:45 pmNetworking BreakRegistration Level:
Open Sessions
2:45 pm - 3:15 pmLocation / Room: Networking HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
3:15 pm[Closing Keynote] Ask Us Anything! A Live Conversation with Security LeadersFocus Areas: Leadership, Decision Making, CommunicationCISO & SVP of IT, SHLCISO, Cambridge Health AllianceCISO, AdvarraRegistration Level:
Open Sessions
3:15 pm - 4:00 pmLocation / Room: Keynote TheaterIn an industry defined by constant change, some challenges have proven remarkably persistent. New technologies emerge, threat actors adapt, and the latest “revolution” captures headlines—but many of the core issues security leaders face today are the same ones they’ve been navigating for years.
This interactive closing keynote brings together a panel of experienced security leaders for a candid, audience-driven conversation about what hasn’t changed in cybersecurity. From managing risk and influencing the business to building trust, leading teams, and responding to inevitable incidents, the discussion will focus on the enduring lessons that remain relevant—regardless of the tools, platforms, or trends of the moment.
Attendees are encouraged to shape the conversation by asking live questions, sharing reflections, and sharing real-world scenarios. Whether the topic is AI, cloud, ransomware, or the next unknown disruption, this session offers perspective grounded in experience—and a reminder that while technology evolves, the fundamentals of security leadership remain surprisingly constant.
Join us for an honest conversation, shared learning, and a thoughtful end to the day before we continue the discussion at happy hour.
4:00 pmHappy HourRegistration Level:
Open Sessions
4:00 pm - 5:30 pmLocation / Room: Networking HallJoin your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
4:00 pm[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
SecureWorld Plus
4:00 pm - 5:30 pmUpon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.
Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.
The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.
Module 1: What is Artificial Intelligence (AI) and how does AI work?
Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.
Module 2: AI Cloud Adoption Frameworks (CAFs)
An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).
Module 3: AI threats and Vulnerabilities
AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).
Module 4: AI security controls
Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.
Module 5: Building an AI Security Program
This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.
Module 6: AI governance, AI risk management, AI compliance, AI audit
This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
4:00 pm[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:
SecureWorld Plus
4:00 pm - 5:30 pmThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
- Thursday, April 9, 20267:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
SecureWorld Plus
7:30 am - 9:30 amUpon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.
Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.
The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.
Module 1: What is Artificial Intelligence (AI) and how does AI work?
Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.
Module 2: AI Cloud Adoption Frameworks (CAFs)
An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).
Module 3: AI threats and Vulnerabilities
AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).
Module 4: AI security controls
Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.
Module 5: Building an AI Security Program
This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.
Module 6: AI governance, AI risk management, AI compliance, AI audit
This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
7:30 am[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:
SecureWorld Plus
7:30 am - 9:00 amThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
8:00 amNetworking Hall openRegistration Level:
Open Sessions
8:00 am - 4:45 pmLocation / Room: Networking HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
Also, look for “Cyber Connect” discussions on select topics and join the conversation.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Registration Level:
VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amAssociation Chapter MeetingsRegistration Level:
Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:00 amInsider Threats: The Call Is Coming from Inside the HouseInterest Tags: Insider Threats; Risk Quantification; User and Entity Behavior AnalyticsAuthor, "Blank Canvas: How I Reinvented My Life After Prison"Registration Level:
Open Sessions
8:00 am - 8:45 amMost insider threats don’t begin with malicious intent. They begin with a human being under pressure. Fear. Scarcity. Insecurity. These emotional drivers create tiny rationalizations that bypass even the strongest controls: “They owe me.” “I’ll fix it before anyone notices.” “This isn’t a big deal.”
By the time a security system detects something unusual, the damage is already in motion, because insider threats are fundamentally human threats. And humans are always smarter than the system when they’re driven by need and fueled by rationalization.
In this gripping, first-person session, Craig Stanland, who committed and served time for an $800K fraud, exposes how rationalization quietly rewires judgment, overrides policy, and turns trusted employees into your most significant vulnerability. This session goes beyond frameworks and compliance.
8:45 amNetworking BreakRegistration Level:
Open Sessions
8:45 am - 9:00 amLocation / Room: Networking HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] The Death of the Perimeter and Rise of the Federated Identity FabricRegistration Level:
Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterSession details to come.
9:45 amNetworking Break & Cyber ConnectAI in Cybersecurity: Game-Changer or Growing Threat?Registration Level:
Open Sessions
9:45 am - 10:10 amLocation / Room: Networking HallArtificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.
Please join us in the Networking Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.
10:10 amBuilding Back Up a Seasoned Security Architecture Team in the OT WorldFocus Areas: OT Security Leadership & Talent Management; Critical Infrastructure Architecture; Strategic IT-OT Business AlignmentManager, Security Architecture & Strategy, Eversource EnergyRegistration Level:
Conference Pass
10:10 am - 10:45 amWhat happens when you inherit a large security architecture team of mixed disciplines in power and energy? You get to work. Understand what everyone is doing, understand how unique each offering architect is, find out what makes them tick, find out their interests. Then, as Mike Rowe said…safety third…then refine. Learn how to focus on your people, focus on IT; then align to the business to get it all done.
10:10 amRansomware Resilience: Building a True Immutable Backup StrategyRegistration Level:
Conference Pass
10:10 am - 10:45 amSession details to come.
10:10 amSecuring the SaaS Jungle: Access Control and Shadow Data in the CloudRegistration Level:
Open Sessions
10:10 am - 10:45 amSession details to come.
10:10 am[Panel] The Intersection of Cyber Incident Response, Regulatory Compliance, and Enforcement in a Rapidly Evolving Threat EnvironmentFocus Areas: Regulatory Compliance & Enforcement; Incident Response Strategy; Cyber Liability & Legal RiskPartner & Chair - International Trade, National Security, Cybersecurity & AI, Hinckley AllenRegistration Level:
Open Sessions
10:10 am - 10:45 amOur panel of experts discusses bridging the critical gap between corporate legal strategy, operational security, and law enforcement intervention. Panelists have expertise in cybersecurity compliance issues and the increasing liability risks associated with failing to comply with U.S. data security requirements, including under the False Claims Act, as well as cyber incident response, cyber threats, and increasing enforcement actions by state AGOs.
10:50 amNetworking Break & Cyber ConnectThe Human Element in CybersecurityRegistration Level:
Open Sessions
10:50 am - 11:10 amLocation / Room: Networking HallDespite all the tools and technology, people remain the most unpredictable variable in security. Whether insider threats, awareness training, or culture-building, human behavior is central to your cyber strategy.
Please join us in the Networking Hall to connect with peers over coffee and snacks and discuss how organizations are tackling the people side of cybersecurity.
11:10 amMerge with Caution: Navigating the Security Gravity of Large-Scale Tenant ConsolidationFocus Areas: Cloud Governance & Architecture; M&A Cybersecurity Strategy; Identity & Access Management (IAM)CISO | SVP, Infrastructure and Operations, KnitWell GroupRegistration Level:
Conference Pass
11:10 am - 11:45 amIn an era of rapid-fire mergers and acquisitions (M&A) and organic “cloud sprawl,” enterprises frequently find themselves managing a chaotic archipelago of disparate cloud tenants. While consolidation promises operational efficiency and cost savings, the act of merging these environments is a high-stakes surgical procedure. One wrong move in sequencing or identity mapping can create “security gravity”—where the complexity of the move itself creates new, unforeseen vulnerabilities.
This session provides a strategic blueprint for CISOs, architects, and risk managers tasked with folding multiple cloud environments into a unified structure. We will move beyond the basic migration checklist to explore the deep-tissue risks of tenant consolidation, including identity collisions, “inherited” misconfigurations, and the concentration risk of a centralized blast radius. Attendees will leave with a framework for phased sequencing that prioritizes security stability over mere speed.
11:10 amOT/ICS Security: Bridging the Air Gap and Achieving Visibility in Critical InfrastructureRegistration Level:
Conference Pass
11:10 am - 11:45 amSession details to come.
11:10 amISC2 Eastern Massachusetts Chapter Meeting (open to all attendees)Pyongyang’s Programmers: Solving Developer Shortage with Kim's Keyboard CommandosCISO & VP, Information Security & Risk Management, Bright HorizonsRegistration Level:
Open Sessions
11:10 am - 11:45 amNorth Korea (DPRK) has weaponized remote work and has been infiltrating IT workers into U.S. and European companies. They are generating revenue for the rogue state, stealing intellectual property and cryptocurrency, and compromising infrastructure for future ransomware extortion. Join this session for key TTPs of this insider threat and mitigation strategies.
Focus Areas: Global Workforce Risk; State-Sponsored Financial Crime; Fraudulent Identity & Recruitment Vetting
11:10 am[Panel] The Human Layer: Insider Risk, Social Engineering, and Behavioral AnalyticsFocus Areas: Insider Risk & Behavioral Analytics; Social Engineering & AI Deception; Identity Security & Access GovernanceSales Engineering Director, DelineaRegistration Level:
Open Sessions
11:10 am - 11:45 amThe human element remains the most targeted and least predictable part of every security program—now intensified by AI-powered social engineering. This panel examines how attackers weaponize synthetic voice and video deepfakes, personalized phishing, MFA fatigue, session hijacking, and multi-channel lures across email, mobile, chat, and collaboration apps.
Experts in insider risk, UEBA, identity security, and DLP will discuss how behavioral analytics detect subtle anomalies while maintaining privacy guardrails for employees. Panelists will also address how privileged access governance is evolving in cloud-heavy environments. Attendees will leave with practical guidance for reducing user friction, improving detection, countering AI-driven lures, and building a resilient workforce that remains the strongest defense against evolving attacker tactics.
11:45 amNetworking BreakRegistration Level:
Open Sessions
11:45 am - 12:00 pmLocation / Room: Networking HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pm[Lunch Keynote] Resilience over Reaction: Securing Critical Functions in an Age of Systemic RiskRegistration Level:
Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterSession details to come.
12:45 pmNetworking Break & Cyber Connect:Balancing and Managing Priorities as a Cybersecurity ProfessionalCISO, Massachusetts Bay Transportation Authority (MBTA)Registration Level:
Open Sessions
12:45 pm - 1:10 pmLocation / Room: Networking HallSession details to come.
1:10 pmBehind the Prompt: A CISO's Practical AI JourneyFocus Areas: Practical AI Implementation; Security Operations Automation; Leadership PerspectivesCISO, Executive Office of Economic Development, Commonwealth of MassachusettsRegistration Level:
Conference Pass
1:10 pm - 1:45 pmAI isn’t just a buzzword — it’s become a practical tool in everyday life. In this session, cybersecurity leader Mark Annati shares how he uses AI both professionally and personally, from automating policy work and streamlining threat analysis to planning trips and solving real-world problems at home. With relatable examples, lessons learned, and a focus on what works (and what doesn’t), this talk offers a grounded perspective on AI’s role in modern cybersecurity and beyond — accessible to both technical and non-technical audiences.
1:10 pmBuilding Cybersecurity Resilience for Small Businesses: State Programs and Practical ToolsFocus areas: Small Business Resilience & Funding; Security Foundations & Baselines: Interactive Security TrainingOutreach Program Manager, MassCyberCenterSr. Program Manager, MassCyberCenterRegistration Level:
Conference Pass
1:10 pm - 1:45 pmRepresentatives from the MassCyberCenter lead an informative session on how small businesses in Massachusetts can strengthen their cybersecurity posture with the help of state-supported programs and resources. Learn about the minimum cybersecurity baseline recommended for small businesses, explore available state initiatives and funding opportunities, including the MassCyberCenter’s Security Operations Center / Cyber Range Initiative and the Cyber Resilient Massachusetts Grant Program, and discover engaging tools like the Cybersecure: Defend the Network card game that make learning cyber defense strategies interactive and fun. This session is designed to empower small businesses with practical steps and accessible resources to protect their operations and thrive in today’s digital landscape.
1:10 pmData Minimization: Turning ROT Data into Risk Reduction and SavingsRegistration Level:
Open Sessions
1:10 pm - 1:45 pmSession details to come.
1:10 pm[Panel] Resilience Engineering: Incident Response, Business Continuity, and Cyber InsuranceFocus Areas: Operational Resilience & BCP; Incident Response & Crisis Management; Cyber Insurance & Executive ReportingDirector, Information Security, Hypertherm AssociatesRegistration Level:
Open Sessions
1:10 pm - 1:45 pmResilience has shifted from a compliance task to a vital business skill. This panel explores how organizations prepare for disruptive cyber incidents involving multi-cloud setups, SaaS dependencies, supply chain issues, and rapid ransomware attacks. With experts in incident response, digital forensics, MDR, insurance, and crisis management, the panel emphasizes developing response playbooks that mirror current operational dependencies.
Panelists will explore insurer-driven requirements for identity security and MFA, lessons from major SaaS outages, and how to communicate effectively with executives and boards when downtime impacts revenue-critical operations. Attendees will gain a comprehensive understanding of how to engineer resilience—not just respond—and how to align IR, continuity planning, insurance, and business priorities into a unified, enterprise-wide strategy.
1:50 pmNetworking Break & Cyber ConnectCyber Talent Crisis: Recruiting, Retaining, and Reskilling Your TeamRegistration Level:
Open Sessions
1:50 pm - 2:10 pmLocation / Room: Networking HallThe cybersecurity workforce shortage is real—and growing. From finding skilled talent to reducing burnout and investing in upskilling, leaders are rethinking how to build resilient teams for the future.
Please join us in the Networking Hall to connect with peers over coffee and snacks and exchange ideas for navigating one of the industry’s most significant ongoing challenges.
2:10 pmCode, AI, and Vibes: Securing Apps When the Robots Start FreelancingFocus Areas: Application Security; Generative AI Security; DevSecOpsApplication Security Leader, McKinsey & Co.Registration Level:
Conference Pass
2:10 pm - 2:45 pmAs AI takes over the heavy lifting in code generation, “vibe coding,” where developers steer AI with ideas instead of syntax, is changing the game. But with great AI power comes great security responsibility. This talk dives into the quirks of AI-built code, the new role of developers as vibe curators, and how application security needs to level up to keep pace with our robot co-workers.
2:10 pmThe Talent Multiplier: Automation and Orchestration Strategies for Understaffed TeamsRegistration Level:
Conference Pass
2:10 pm - 2:45 pmSession details to come.
2:10 pmOT/ICS Incident Response: Specialized Triage for Critical Infrastructure BreachesRegistration Level:
Open Sessions
2:10 pm - 2:45 pmSession details to come.
2:10 pm[Panel] The Great Consolidation: Rationalizing the Security StackFocus Areas: Security Stack Consolidation; SecOps Efficiency & ROI; Unified Detection & Response (XDR/SIEM Integration)Global Principal Solutions Architect - Cyber Intelligence & Risk, Google CloudRegistration Level:
Open Sessions
2:10 pm - 2:45 pmSecurity teams are under increasing pressure to reduce tool sprawl, streamline SOC workflows, and demonstrate measurable ROI—fueling a wave of consolidation across the industry. This panel explores the shift toward unified detection and response platforms, integrated identity and data controls, AI-enabled SOC copilots that unify telemetry, and architectural simplification that reduces operational drag.
Panelists from XDR, SIEM, platform security, and MSSP providers will discuss frameworks for evaluating ROI, navigating contract consolidation, avoiding visibility gaps, and deciding where consolidation strengthens or weakens security posture. Ideal for leaders facing budget constraints or platform migrations, this session offers practical guidance for optimizing spending without sacrificing coverage.
2:45 pmNetworking Break and Dash for PrizesRegistration Level:
Open Sessions
2:45 pm - 3:15 pmLocation / Room: Networking HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:15 pm[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
SecureWorld Plus
3:15 pm - 4:45 pmUpon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.
Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.
The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.
Module 1: What is Artificial Intelligence (AI) and how does AI work?
Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.
Module 2: AI Cloud Adoption Frameworks (CAFs)
An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).
Module 3: AI threats and Vulnerabilities
AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).
Module 4: AI security controls
Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.
Module 5: Building an AI Security Program
This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.
Module 6: AI governance, AI risk management, AI compliance, AI audit
This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
3:15 pm[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:
SecureWorld Plus
3:15 pm - 4:45 pmThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
- Abnormal AIBooth: 610
Abnormal AI is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior and analyze the risk of every cloud email event—detecting and stopping sophisticated, socially-engineered attacks that target the human vulnerability.
You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly. Additional protection is available for Slack, Workday, ServiceNow, Zoom, and multiple other cloud applications. Abnormal is currently trusted by more than 3,200 organizations, including over 20% of the Fortune 500, as it continues to redefine how cybersecurity works in the age of AI.
- AccessIT GroupBooth: 400
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- Akamai TechnologiesBooth: 275
Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.
- AppOmniBooth: TBD
AppOmni SaaS security helps security and IT teams protect and monitor their entire SaaS environment, from each vendor to every end-user.
- Arctic Wolf NetworksBooth: 610
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- AxoniusBooth: 645
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- Backslash SecurityBooth: TBD
Backslash Security offers a fresh approach to application security, addressing the new risks of Vibe Coding, the AI revolution in software development. Backslash provides instant visibiliy, governance and protection for AI-coding environments, reduces the risk of unsactioned models and MCP servers, and preempts the creation of insecure code. Forward-looking organizations use Backslash to modernize their security for the AI era, drive AI efficiencies and agility, and accelerate time-to-market of their applications.
- BforeAIBooth: 635
BforeAI is a cybersecurity company specializing in proactive threat prevention. Our PreCrime™ technology autonomously predicts, blocks, and preempts malicious campaigns before they impact your business. Our core services are Behavioral Analysis & Predictive Results: Our cutting-edge AI goes beyond reactive blocklists, predicting dangerous domains before they launch attacks. Our predictive security solution, Brand Protection identifies and takes down online impersonation threats, securing your brand from financial and reputational harm.
- Blue MantisBooth: 330
Blue Mantis is a security-first IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization by applying next-generation technologies including managed services, cybersecurity and cloud. Headquartered in Portsmouth, New Hampshire, the company provides digital technology services and strategic guidance to ensure clients quickly adapt and grow through automation and innovation. Blue Mantis partners with more than 1,500 leading mid-market and enterprise organizations in a multitude of vertical industries and is backed by leading private equity firm, Recognize. For more information about Blue Mantis and its services, please visit www.bluemantis.com.
- BrinqaBooth: TBD
Make security chaos work for you with AI-powered Exposure Management, built on data. The Brinqa platform delivers scalable, AI-driven exposure management that unifies every data source for a complete picture of risk. Separate false alarms from real risk by uniting Security and IT, accelerating remediation, and delivering a single, trusted source of truth for the business.
- Canary TrapBooth: 120
Canary Trap is a recognized industry leader in offensive security, security advisory and assessment services. Founded by ethical hackers and certified security experts who share in the common goal of protecting organizations from becoming a victim of the next cyber-attack.
Canary Trap combines human expertise with sophisticated tools and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to all security testing and assessments.
- ChainguardBooth: 332
Chainguard Images provide the building blocks for a secure software supply chain. Leverage container images that have cryptographic signatures, SBOMs, SLSA provenance, and more to help meet compliance and prevent supply chain attacks.
- Clarity SecurityBooth: 145
Clarity Security makes identity governance autonomous, intelligent, and effortless. Powered by attribute-based access control, we automate user access reviews and every aspect of identity lifecycle management—saving time, cutting cost, reducing risk, and turning IT into a business enabler.
- Cloud Security Alliance Boston ChapterBooth: TBD
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events, and products. CSA’s activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs, and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA Boston holds meetings on a variety of topics directly related to cloud security.
- ColorTokensBooth: TBD
ColorTokens, the premier enterprise microsegmentation provider, specializes in making organizations “breach ready” by halting the lateral spread of ransomware and malware within intricate network infrastructures using its innovative ColorTokens Xshield™ platform. The platform visualizes traffic patterns between workloads, devices, and users, enabling organizations to enforce granular micro-perimeters, swiftly isolate critical assets, and respond to breaches effectively. Recognized as a Leader in the Forrester Wave™: Microsegmentation Solutions, Q3 2024 evaluation, ColorTokens safeguards businesses by thwarting ransomware and malware attacks, ensuring significant savings in potential disruptions. For more information, visit www.colortokens.com.
- Concentric AIBooth: 345
Concentric AI delivers data risk assessment, monitoring, and protection for corporate data.
- Control DBooth: 630
ControlD is a fully customizable DNS service that allows you to not only block annoyances like malware, tracking, ads or IoT telemetry, but also unblock over 200 services through a network of servers in over 100 cities. All without any apps to install.
- CybleBooth: 140
Cyble provides capabilities for customers to manage cyber risks with AI powered actionable threat intelligence. We are specialists in gathering intelligence across the Deepweb, Darkweb, and the Surface Web.
- CyeraBooth: 305
Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in Data Security Posture Management, Cyera instantly provides companies visibility over their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. We are redefining the way companies secure their data. Learn more at cyera.io.
- DelineaBooth: 520
Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies.
- DrataBooth: TBD
Replace manual GRC efforts, reduce costs, and save time preparing for audits and maintaining compliance. Drata is the world’s most advanced security and compliance automation platform with the mission to help companies earn and keep the trust of their users, customers, partners, and prospects. We help thousands of companies streamline compliance for SOC 2, ISO 27001, HIPAA, GDPR, your own custom frameworks, and many more through continuous, automated control monitoring and evidence collection. Drata is backed by ICONIQ Growth, Alkeon, Salesforce Ventures, GGV Capital, Okta Ventures, SVCI (Silicon Valley CISO Investments), Cowboy Ventures, Leaders Fund, Basis Set Ventures, SV Angel, and many key industry leaders. Drata is based in San Diego, CA with team members across the globe.
- EchoStor TechnologiesBooth: TBD
EchoStor Technologies is a leading information technology solutions provider focusing on enterprise storage, virtualization and data protection.
We offer products from industry leading manufactures integrated with EchoStor professional services.
Headquartered in New England, our highly skilled sales and technical teams have extensive experience and certifications with the latest storage and virtualization solutions. Our capabilities and broad services portfolio compels our manufacturer partners to utilize EchoStor’s bench of engineering resources for their customer engagements.
- ExabeamBooth: TBD
Exabeam is a global cybersecurity leader that adds intelligence to every IT and security stack. The leader in Next-gen SIEM and XDR, Exabeam is reinventing the way security teams use analytics and automation to solve Threat Detection, Investigation, and Response (TDIR), from common security threats to the most critical that are difficult to identify. Exabeam offers a comprehensive cloud-delivered solution that leverages machine learning and automation using a prescriptive, outcomes-based approach to TDIR. We design and build products to help security teams detect external threats, compromised users and malicious adversaries, minimize false positives and best protect their organizations.
- ExtraHop Networks, Inc.Booth: 265
ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com
- FlareBooth: 310
Flare Systems enables financial institutions to prevent financial crime. Using AI and over 10 years of criminology research, it extracts actionable intelligence from millions of data points from the dark, deep and clear web in real time.
- GhostEyeBooth: 600
The human-centric security validation platform. GhostEye uses autonomous AI agents to continuously test how attackers exploit human vulnerabilities to compromise organizations. Just as red teams simulate technical attacks against infrastructure, we simulate sophisticated social engineering campaigns against people. Our multi-agent platform validates complete attack paths from initial social engineering to data exfiltration, providing security teams with actionable intelligence about their true human attack surface exposure before attackers find it.
- Google Cloud SecurityBooth: 130
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- Imper.aiBooth: TBD
imper.ai prevents AI-driven impersonation and social engineering by analyzing the device, network, and behavioral signals attackers can’t fake. Its real-time risk scoring and automated blocking verify every participant across voice, video, and chat before trust is established.
- InfobloxBooth: TBD
Infoblox unites networking and security to deliver unmatched performance and protection for a world that never stops. By providing real-time visibility and control over who and what connects to the network, we use intelligent DNS and user context to stop threats other solutions will miss, enabling organizations to build safer, more resilient environments. We’re continually supporting more than 13,000 customers—including 92 of Fortune 100 companies, as well as emerging innovators—by building the brightest, most diverse teams and by thoughtfully engineering intelligent networking and security solutions for an increasingly distributed world.
- InfraGard BostonBooth: TBD
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
- ISACA New England ChapterBooth: TBD
The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).
The primary objective of the New England Chapter is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.
- ISC2 Eastern MassachusettsBooth: TBD
Advancing Information Security One Community at a Time
As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits! - IslandBooth: 100
What if the enterprise had complete control over the browser? What would it mean for security, for productivity, for work itself? Introducing Island, the Enterprise Browser—the ideal enterprise workplace, where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility, and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect. Led by experienced leaders in enterprise security and browser technology and backed by leading venture funds—Insight Partners, Sequoia Capital, Cyberstarts and Stripes Capital—Island is redefining the future of work for some of the largest, most respected enterprises in the world.
- ISSA New EnglandBooth: TBD
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.
Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.
Visit the National Headquarter’s website at www.issa.org.
- K LogixBooth: 650
K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.
- KeysightBooth: 615
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- LightbeamBooth: 220
LightBeam.ai, the zero trust data protection pioneer, converges and simplifies data security, privacy, and AI governance, so businesses can accelerate their growth in new markets with speed and confidence. Leveraging generative AI as a foundational technology, LightBeam ties together sensitive data cataloging, control, and compliance across structured, unstructured, and semi-structured data applications providing 360-visibility, risk remediation, and compliance with PCI, GLBA, GDPR, HIPAA among other regulations. Continuous monitoring with full data residency ensures ultimate zero-trust data protection. LightBeam is on a mission to create a secure privacy-first world.
- MassCyberCenterBooth: TBD
The MassCyberCenter, launched in September 2017, strives to create a diverse, vibrant, and competitive Massachusetts cybersecurity ecosystem that enhances resiliency for public and private entities, provides workforce development opportunities, and elevates public cybersecurity awareness.
In 2022, the Massachusetts Legislature codified the establishment of the Center and confirmed its mission of convening the Massachusetts cybersecurity ecosystem to improve cybersecurity resiliency, workforce development, and public awareness within the Commonwealth by developing cutting edge programs, organizing engaging events, and leading collaborative working groups.
Cybersecurity encompasses the people, process, and technology that provide confidentiality, integrity, and availability of data and critical control systems that keep our Commonwealth running. The Center focuses its activities on balancing the core principles of cybersecurity: People, Process, and Technology.
- Military Cyber Professionals Association (MCPA) New England ChapterBooth: TBD
The New England Chapter leads MCPA efforts across the states of that region. We have periodic events planned that provide truly world-class networking and learning for anyone in the broader military cyber community of interest since we have a number of military cyber units and other important organizations in our footprint. We invite you to join us while you’re in town! Find details on the member-only intranet. The Chapter President is Colonel Richard Berthao.
- National Cybersecurity AllianceBooth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- New England IT Security ConsortiumBooth: TBD
Objective: The group will foster collaboration and knowledge sharing among IT security professionals by discussing challenges, trends, and opportunities around IT Security.
What to Expect:
- Engaging Discussions: This peer-to-peer forum will foster knowledge sharing among IT security professionals. We’ll discuss current challenges, emerging trends, and opportunities to optimize your security posture.
- Focus on Efficiency: The central topic will be “Making IT Security Spend More Efficient.” With many organizations facing budget constraints, we’ll explore strategies to maintain tight security while potentially reducing costs.
- Thought Leadership Participation: Active participation is encouraged! This is a space for thought leaders to share insights and develop collaborative
- NexumBooth: TBD
Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.
- NovacoastBooth: 210
A uniquely positioned IT services and solutions company, Novacoast is less defined by our broad range of expertise and services than by a perspective rooted in our cooperative environment of adaptable problem solving.
Beyond security specialists, software developers or network engineers, we are guides, allies, and problem solvers.
From implementation services, license fulfillment and technical training to software development, staffing services and custom or emerging solutions, Novacoast is an experienced and comprehensive IT business resource empowered on every level by our flexible and fearless perspective.
- One IdentityBooth: TBD
One Identity, a Quest Software business, helps organizations achieve an identity-centric security strategy with a uniquely broad and integrated portfolio of identity management offerings developed with a cloud-first strategy including AD account lifecycle management, identity governance and administration, and privileged access management. One Identity empowers organizations to reach their full potential, unimpeded by security, yet safeguarded against threats without compromise regardless of how they choose to consume the services. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data—on-prem, cloud, or hybrid.
- P0 SecurityBooth: 110
P0 Security is helping companies modernize PAM for multi-cloud and hybrid environments with the most agile way to ensure least-privileged, short-lived and auditable production access for users, NHIs and agents. Centralized governance, just-enough-privilege and just-in-time controls deliver secure access to production, as simply and scalably as possible. Every identity. Every system. All the time.
P0’s Access Graph and Identity DNA data layer make up the foundational architecture that powers privilege insights and access control across all identities, production resources and environments. With P0, production access is least-privilege, short-lived and auditable by default, including the new class of AI-driven agentic workloads emerging in modern environments.
To explore P0 Security further or book a demo, visit p0.dev.
- Per ScholasBooth: TBD
Per Scholas is a national nonprofit organization of 24 chapters dedicated to unlocking potential and increasing access to high-growth tech careers. Per Scholas has provided rigorous no-cost training, industry-recognized credentials, professional development, and employer connections to adults for 30 years and trained more than 30,000 technologists in the most sought-after tech skills. The Greater Boston campus, located in Kendall Square, trains 250 adults (18+) per year in 13-15 week, full time bootcamp style courses, both in person and remotely, in the areas of IT Support (CompTIA A+), Cybersecurity (CompTIA CySA+), Salesforce Administrator, and AWS Cloud Practitioner. Graduates go on to secure roles at employer partners throughout the region as Desktop Support Technicians, Network Engineers, Cyber Analysts, and more. This 1-minute video provides a thorough overview of the program, including testimonials from three Greater Boston employer partners: TEKsystems, PEGA, and EverQuote: https://www.youtube.com/watch?v=3VyoS6ZZ_Qw.
- Picus SecurityBooth: TBD
Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Control Validation Platform is trusted by leading organizations worldwide to continuously validate the effectiveness of security controls against cyber-attacks and supply actionable mitigation insights to optimize them.
Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. The company is dedicated to helping security professionals become more threat-centric and via its Purple Academy offers free online training to share the latest offensive and defensive cybersecurity strategies.
- Ping IdentityBooth: 515
Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.
- PresidioBooth: 300
Presidio is the premier provider of digital transformation; solutions built on agile secure infrastructure deployed; in a multi-cloud world with business analytics.
- Pure Storage, Inc.Booth: 605
Pure Storage is pioneering a new class of enterprise storage that has been designed from the ground up to take full advantage of flash memory. The company’s products accelerate random I/O-intensive applications like server virtualization, desktop virtualization (VDI), database (OLTP, rich analytics/OLAP, SQL, NoSQL), and cloudcomputing.
Pure Storage makes it cost-effective to broadly deploy flash within the data center, enabling organizations to manage growth within existing power and space constraints. Launching later this year, the company’s products are in private beta with select customers. Pure Storage is funded by Greylock Partners and Sutter Hill Ventures.
- Push SecurityBooth: 640
Founded in 2020, Push Security is a cybersecurity company offering identity threat detection and response (ITDR) via a browser-based platform. The platform provides real-time visibility and security controls, targeting attacks such as phishing and credential stuffing. Push Security serves customers in technology, finance, and healthcare, with deployment on over 1.5 million endpoints, and has raised $45 million in funding. Based in London, the company’s approach includes automated guidance and behavioral nudges.
- Reach SecurityBooth: 125
Reach is defining AI-Native Exposure Management by bridging the gap between knowing where you’re exposed and taking action to fix it. We help organizations reduce risk by making better use of the tools they already have delivering clarity, prioritization, and automation to turn understanding into results.
- RevBitsBooth: 150
Established in 2018, RevBits is dedicated to providing customers with superior protection against the most sophisticated cyber threats companies face. Its integrated platform, CIP, includes five main modules, all accessible via single sign-on through CIP’s dashboard: RevBits Endpoint Security & EDR, RevBits Email Security, RevBits Privileged Access Management, RevBits Zero Trust Network, and RevBits Deception Technology.
- SecureFlagBooth: TBD
SecureFlag is a Secure Coding Training platform for Developers and DevOps engineers to learn secure coding through hands-on exercises.
Forget boring slideshows and ineffective quizzes that “teach” developers to just take tests–and are forgotten faster than they can say “security breach.”
Enterprises can effectively augment their Secure Coding Training program with SecureFlag’s on-demand, 100% practical training. Through our platform, developers learn how to identify and remediate real security issues using familiar tools and technologies, in an authentic development environment accessed through the web browser.
SecureFlag delivers on-demand “Adaptive AppSec Learning” through individualized learning paths, real-time feedback, and content tailored to the needs of each learner. Our metrics dashboard highlights areas of improvement at individual, team, and organizational levels to clarify competency, risks, and remedial actions.
- SentraBooth: TBD
Sentra’s multi-cloud data security platform, discovers, classifies, and prioritizes the most business-critical data security risks for organizations, enabling more effective, faster remediation and compliance adherence.
Specializing in Data Security Posture Management (DSPM), Sentra ensures that the correct security posture moves with sensitive cloud data.
By automatically detecting vulnerabilities, misconfigurations, over-permissions, unauthorized access, data duplication, and more – Sentra empowers data handlers to work freely and safely with public cloud data, while leveraging rich insights to drive business growth and innovation. - SimbianBooth: 215
Simbian’s AI Agents work together across SOC, threat hunt, and pentest to provide unified, modern SecOps that gets smarter every time you use it. Simbian captures your unique security context, building on the knowledge of your team, then uses that context to generate precision response and build a living playbook.
- SophosBooth: 500
Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos’ products and services.
- Splunk, a Cisco CompanyBooth: 510
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- Sprocket SecurityBooth: 205
Sprocket Security was founded to improve the way we approach cybersecurity. Currently the industry performs services in a timeboxed, or point-in-time approach. We think this is fundamentally flawed. We protect your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.
- Sublime SecurityBooth: 625
Sublime is the new standard for email security. Not just another black box, our AI-powered detection engine detects and prevents email attacks, so security teams can spend less time on email-originated incidents.
- Sumo LogicBooth: 432
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.
- TorqBooth: TBD
Torq is your security product’s favorite security product. Torq Hyperautomation unifies and automates the entire security infrastructure to deliver unparalleled protection and productivity.
- ThreatAwareBooth: 428
ThreatAware gives you real-time visibility across your entire estate, exposing the 30% of devices that are typically invisible and unprotected. Our award-winning platform continuously validates security controls across every cyber asset, ensuring nothing slips through the cracks.
While most tools operate in silos, leaving 15% of devices with protection gaps. ThreatAware unifies your entire security stack via API feeds. With automated remediation, intuitive visualization, and tailored risk profiling, we deliver complete visibility and continuous protection across all assets.
- UtimaticoBooth: 135
Utimaco develops on-premises and cloud-based hardware security modules, solutions for key management and data protection as well as data intelligence solutions for regulated critical infrastructures and Public Warning Systems. Utimaco is one of the world’s leading manufacturers in its key market segments.
500+ employees around the globe create innovative solutions and services to protect data, identities and communication networks with responsibility for global customers and citizens. Customers and partners in many different industries value the reliability and long-term investment security of Utimaco’s high-security products and solutions.
- WiCyS Massachusetts AffiliateBooth: TBD
The Massachusetts WiCyS Affiliate offers mentoring, learning, networking and career development to professionals at all stages of their cybersecurity careers, Whether you are a student just considering a career in cybersecurity or an experienced leader in the cybersecurity workforce, WiCyS provides tangible benefits and a supportive community of all genders. Our affiliate provides an online community for mentorship, networking, and collaboration as well as local meetups, community awareness programs, and support for other organizations with a common mission to bridge the Cybersecurity workforce gap while addressing diversity and inclusion of women and minorities.
- Zafran SecurityBooth: 115
The Zafran Threat Exposure Management Platform is the first and only consolidated platform that integrates with your security tools to reveal, remediate, and mitigate the risk of exposures across your entire infrastructure. Zafran uses an agentless approach to reveal what is truly exploitable, while reducing manual prioritization and remediation through automated response workflows.
- ZscalerBooth: 340
Zscaler is universally recognized as the leader in zero trust. Leveraging the largest security cloud on the planet, Zscaler anticipates, secures, and simplifies the experience of doing business for the world’s most established companies.
Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson CyberLarry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLCKip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
Scott Margolis, ModeratorCISO, Massachusetts Bay Transportation Authority (MBTA)Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
Len Evenchik, Guest SpeakerProfessor, Carroll School of Management, Boston CollegeProfessor Len Evenchik has more than 25 years of senior management and engineering experience in industry, government, and academia. He teaches courses on the strategic use of Information Technology (IT) and Data Analytics, and a course on Cybersecurity Strategy and Management. He has also served as the faculty supervisor for experiential learning courses for MBA students.
Before coming to Boston College, he was the Assistant Dean and founding director of the online education program at Harvard's Division of Continuing Education. Mr. Evenchik managed all aspects of the program from its inception in 1997, when one online course with four students was offered, to an enrollment of over 10,000. He has also taught graduate level computer science courses on Internet protocols and information security at the Harvard Extension School for over 25 years, including the first course at Harvard to use video streaming and multimedia to deliver classroom lectures to online students around the world.
Mr. Evenchik began his professional career at BBN in Cambridge, where he developed some of the first networking protocols used in the Internet, and then managed the implementation of large commercial networks. He was Director of Communications for the State of Massachusetts where he managed the organization responsible for the strategic planning, implementation, and operation of statewide networks supporting over 15,000 users. His industry experience also includes senior management positions in sales, program management and engineering at both large firms and at a number of venture capital backed startups, one of which had a successful IPO.
Prof. Evenchik earned three degrees from MIT in the fields of both Engineering and Management. He received a B.S. and an M.S. in Electrical Engineering and Computer Science, and he was awarded a patent based on some of his work while a graduate student. He also earned a B.S from the Sloan School of Management where he worked with Prof. Fischer Black on the first online implementation of the Black-Scholes options model.
Praveen SharmaHead of Product Security, Product Security Officer, Cubic Transportation Systems
Kyle Bubp, ModeratorCISO, AvidKyle Bubp is currently serving as Chief Information Security Officer at Avid Technology and is also a member of IANS Faculty. He's a seasoned cybersecurity leader with over 20 years of IT and security experience.
Kyle has worked for Fortune 200 enterprises, hosting providers, the FBI, the Department of Energy, and the Department of Defense to analyze and improve their security posture. His expertise spans security architecture, application security, vulnerability management, incident response, and developing comprehensive security programs.He's also a published author, featured in the "Tribe of Hackers" book series, mentors students as part of MassCyberCenter’s Mentorship Program, serves on multiple cybersecurity startup advisory boards, and continues to research security issues and present on improving the security industry.
Panel Discussion
Bill BowmanOperating Partner | CISO, Welsh, Carson, Anderson & StoweBill Bowman built the information security programs as the initial cybersecurity leader at Bright Horizons, Houghton Mifflin Harcourt, Eze Software, ZoomInfo, and Emburse. With over two decades of experience creating cybersecurity programs that meet rigorous certifications such as PCI, ISO 27001, ISO 27701, SOC 1, and SOC 2, he has consistently satisfied both client demands and regulatory requirements.
Bowman is passionate about data privacy, having established the Office of the Data Protection Officer at two organizations. His leadership has also contributed to the success of four companies that have exited private equity. Over the past 14 years, he has cultivated a strong network of security leaders, following his role as the founding President of the ISC2 Eastern Massachusetts chapter.
Sam CurryVP & CISO in Residence, ZscalerSam Curry, VP & CISO in Residence, Sam Curry is a 30-year veteran of the cybersecurity industry. He began his career in signals and cryptanalysis and was the first employee at Signal 9 Solutions, a small start-up that invented the personal firewall, executed the first commercial implementation of Blowfish, and devised early stealthy (symmetric key) VPN technology that was ultimately sold to McAfee.
Sam would go on to serve as Chief Security Architect there and as head of Product for McAfee.com before holding several positions at RSA including head of RSA labs at MIT, head of product, and CTO, as well as Distinguished Engineer for EMC. After seven years with RSA, Curry acted as SVP and CISO at Microstrategy, CSO & CTO for Arbor Networks before it became Netscout, and as CSO for Cyberreason.Sam is a Forbes contributor, holds 17 active patents in cybersecurity and a master’s degree in counterterrorism, and sits on two boards of directors. In addition, he teaches courses at Harvard (online), Wentworth Technology Institute, and Nichols College. He is also a Fellow at the National Security Institute at George Mason University.
Randall JacksonCISO / Head of Infrastructure, Income Research + ManagementSeasoned IT and Cybersecurity Executive with a track record of leading enterprise-wide technology, security, and support operations. Proven ability to align IT strategy with business goals, drive process improvements, and lead complex implementations. Deep expertise in cybersecurity, technology transformation, managed services, and team leadership. Known for strategic thinking, decisive execution, and a pragmatic approach to solving high-stakes problems.
Jack ButlerSr. Solutions Engineer, Sumo LogicJack Butler is a Senior Solutions Engineer at Sumo Logic, specializing in logging, SIEM, and application security. He helps organizations modernize security operations, streamline data integration, and strengthen resilience against evolving threats. Jack also serves as an OWASP Boston chapter leader, helping advance security education, promote secure-by-design principles, and drive collaboration within the local community.
Bart LenaertsSr. Product Marketing Manager, Threat Intel, InfobloxBart Lenaerts is a Senior Threat Intelligence Product Marketing Manager with Infoblox. Bart is a 20+ year veteran in Network Systems & Security with a focus in Digital Risk Management and Automated Investigations.
Shashwat SehgalFounder & CEO, P0 SecurityShashwat Sehgal is the Co-Founder and CEO of P0 Security. He’s spent most of his career building security and observability products for developers, DevOps, and security teams. Shashwat is passionate about solving the problem of cloud access security and helping security engineers control "who has access to what sensitive resources" in any environment. He enjoys playing tennis, spending time with his family, teaching his son how to play chess, and geeking out on all things security.
Anatoly PodstrelovVP, Global Head IT & Security, EDETEK Inc.Anatoly oversees global technology, cloud, security, and product operations, and he is dedicated to delivering and managing EDETEK’s innovative suite of clinical platforms. As a technology leader, Anatoly brings more than 25 years of experience which spans multiple industries and business verticals. Prior to joining EDETEK, Anatoly worked in both small startups and large established companies, including leadership positions at SmashFly, where he was responsible for navigating company’s technology team through rapid growth cycle; and global brokerage firm ITG (now Virtu Financial), where he was architecting, building, and operating best of breed SaaS platforms for financial services industry. Anatoly has a Master’s Degree in Computer Sciences and Electrical Engineering from St. Petersburg Polytechnic University.
Justin ArmstrongCISO, TMF Health Quality InstituteJustin Armstrong is a security, privacy, and regulatory compliance leader with over 25 years of experience in the Healthcare Industry. He led Product Security at MEDITECH, a top three Electronic Health Record vendor, and has helped numerous organizations as a fractional CISO. He has engaged with Hospitals in nearly 100 ransomware incidents, and is dedicated to securing Healthcare and Critical Infrastructure. Justin is a contributor to the IEEE/UL 2933™ Standard for Clinical IoT Data and Device Interoperability with TIPPSS — Trust, Identity, Privacy, Protection, Safety, and Security, which defines secure and interoperable practices for connected healthcare systems.
He holds the CISSP, CCSP, and HCISPP certifications and obtained his Masters in Cybersecurity Leadership at Brandeis University.
Ben FochtDeputy CISO, TMF Health Quality InstituteBen is a cybersecurity leader with over a decade of experience shaping and scaling security programs across diverse industries including healthcare, finance, and education. From building red teams and security operations centers to leading executive strategy and cultural transformation, his career spans nearly every dimension of the cyber landscape.
Throughout his career, Ben has been driven by a belief that successful cybersecurity is built not just on controls and compliance, but on culture, communication, and continuous improvement. He's known for turning complex challenges into collaborative solutions whether guiding incident response, launching DevSecQps initiatives, or mentoring the next generation of security professionals.
A Colorado native with a deep passion for building teams and growing successful programs, Ben sees his ideal role as that of a cyber culture architect, fostering environments where security becomes second nature, not an afterthought. His presentations blend real-world experience with practical takeaways and a human-centered approach that resonates across technical and executive audiences alike.
Patricia TitusField CISO, Abnormal AIPatricia Titus, a Field Chief Information Security Officer at Abnormal AI, has more than 25 years of CISO experience. Her extensive background includes CISO positions at prominent organizations such as Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the U.S. Transportation Security Administration. Throughout her career, she has been responsible for developing and implementing security strategies that align with business objectives and ensure adherence to global regulations. Recognized for her expertise in areas like risk management, artificial intelligence, cybersecurity operations, and crisis management, Patricia has a proven track record of optimizing security frameworks, improving business resilience, and incorporating innovative solutions, including AI, into security practices. She currently contributes her expertise by serving on the boards of Black Kite, The Girl Scouts of the Commonwealth of Virginia, and Glasswing Ventures.
Panel Discussion
Jonathan BorgesenTechnical Director of Security, EchoStorAs Technical Director of Security at EchoStor Technologies, Jonathan leads the organization’s comprehensive security practice. He focuses on building strong security programs that align with modern trends, ensuring customers meet both their security and business objectives.
With more than 15 years of experience in the cybersecurity industry, Jonathan has built and led security practices for multiple organizations. His approach emphasizes business impact, cross-architecture solutions, and strategic alignment rather than simply focusing on technology, earning him a reputation as a trusted advisor and thought leader among clients and peers.
Jagathi Gururajan, Guest SpeakerManaging Director, Novus LaurusJagathi is a global executive, strategic operator and advisor with over two decades of experience across technology, governance and large scale transformation. She has held senior leadership roles at Thomson Reuters, PwC and venture backed firms, leading global teams and scaling operations in highly regulated environments. Today, she advises high-growth, resource-constrained organizations on using AI to compete, innovate, and grow with discipline and intent.
Nick BrunoCISO & SVP of IT, SHL
Astrid LambertCISO, Cambridge Health AllianceAstrid Lambert is a seasoned leader with expertise in information security, healthcare analytics, database administration, and website development. Known for her forward-thinking leadership and innovative approach, she currently serves as CISO/Senior Director in the IT department at Cambridge Health Alliance, where she oversees strategic initiatives critical to the organization's success.
Astrid's expertise has enabled Cambridge Health Alliance to make data-driven decisions, driving efficiency and improvements across multiple domains. A strong advocate for information security, she implements robust measures to protect sensitive healthcare data and ensure compliance with regulatory standards. She holds degrees in Industrial-Organizational Psychology and Industrial Engineering and is a Certified Information Systems Security Professional (CISSP).
Beyond her professional accomplishments, Astrid is committed to making a positive impact on the broader healthcare community. She volunteers her time and expertise with various organizations, sharing her knowledge and helping others develop creative solutions to complex challenges.
Esmond Kane, ModeratorCISO, AdvarraEsmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.
Happy Hour
Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson CyberLarry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLCKip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson CyberLarry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLCKip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
Craig StanlandAuthor, "Blank Canvas: How I Reinvented My Life After Prison"
Matthew InceraManager, Security Architecture & Strategy, Eversource EnergyMatt is a security architecture manager with more than 20 years of experience helping critical industries, including experience driving growth through business alignment and operational excellence.
Stephanie Siegmann, ModeratorPartner & Chair - International Trade, National Security, Cybersecurity & AI, Hinckley AllenLeveraging her extensive and vast trial experience as a former Navy JAG and national security prosecutor, B. Stephanie Siegmann specializes in handling high-stakes criminal and civil litigation matters, sensitive internal investigations, government enforcement proceedings, and cyber-related incidents of all kinds. Stephanie is a litigation partner, Chair of the International Trade & National Security group, and Co-Chair of the Cybersecurity, Privacy & Data Protection, and Artificial Intelligence practice groups.
Panel Discussion
Robyn ReadyCISO | SVP, Infrastructure and Operations, KnitWell GroupWith more than 17 years’ experience in the cybersecurity field, Robyn has led five organizations in their transformation from no security program or a minimal security program to a mature security organization. Starting with an organization that needed to achieve NIST compliance to survive, moving to a large financial firm, and then into the retail industry, Robyn has been instrumental in achieving continuous risk reduction for all these organizations. These risk reductions allowed her to move to her next challenge while leaving a team that was set up to succeed and continue their maturity journey. This includes not only cybersecurity but also the IT risk, IT compliance, and when it came, privacy disciplines.
Currently responsible for security, IT risk, IT compliance, and privacy at the Knitwell Group, Robyn has been asked to lead the IT Operations team, as well. This adds the Service Desk, Identity and Access, Major Incident Response, Production Control, and Operations to her responsibilities, which is a little bit of back to the future for her, as she started her journey on the Help Desk and in Professional Services, prior to making the move into the security field.
Javed Ikbal, Guest SpeakerCISO & VP, Information Security & Risk Management, Bright HorizonsJaved Ikbal is the CISO at Bright Horizons. Prior to that, he held CISO positions at Upromise Rewards, GTECH, and Omgeo, and brings 20 years of information security experience in financial services, gaming, and scientific research sectors. He specializes in building or re-engineering information security programs, regulatory compliance, application security, and aligning IT and information security programs to business goals. He is the co-author of "The Laidoff Ninja" and is currently working on his next book, "Clicking Up: Building a Great Information Security Program."
Brian CarmenSales Engineering Director, DelineaBrian Carmen is a security leader with more than 15 years of experience helping C-level executives and technologists solve complex security and risk management challenges while keeping initiatives on time and on budget. Guided by a “people first, technology second” philosophy, he focuses on strengthening organizational security through education, enablement, and practical strategy that aligns policy, process, and technology.
He has presented on cyber and operational security at major industry conferences and serves as a trusted advisor to government agencies and global enterprises, including the FAA, Department of Energy, U.S. Senate, Honeywell, John Deere, Volvo, and Booz Allen.
Panel Discussion
Scott MargolisCISO, Massachusetts Bay Transportation Authority (MBTA)Senior Information Technology/Security Executive with over 25 years of experience at premier institutions successfully building services and client relationships, developing methodologies, and integrating cross-functional skills. Specializes in information security and risk management, compliance, knowledge management, strategy, business continuity, and operational efficiency. Reputation for leading new initiatives focused on transforming operations, establishing partner/industry relationships, increasing revenue, and reducing cost and risk exposure. Proactive leader with intense focus on customers and beneficial outcomes.
Mark AnnatiCISO, Executive Office of Economic Development, Commonwealth of MassachusettsMark Annati is an experienced IT and cybersecurity leader, currently CISO for the Executive Office of Economic Development, Commonwealth of Massachusetts. A board member of InfraGard Boston, he previously served as CISO for advansappz.com and Extreme Reach. With over 20 years in IT security and two successful startups, Mark has led security operations, risk management, enterprise IT, and cloud initiatives. A former U.S. Navy submariner, he values teamwork, strategic planning, and continuous learning. Holding CISSP and SSCP certifications, he is passionate about aligning security with business goals and advancing security awareness.
Nick ButtsOutreach Program Manager, MassCyberCenterNick Butts is the Outreach Program Manager at the MassCyberCenter at the Massachusetts Technology Collaborative (MassTech). In his role, Nick focuses on amplifying the Center’s programs and initiatives to strengthen cybersecurity resilience across the Commonwealth. He leads outreach efforts to engage businesses, municipalities, and key stakeholders, ensuring they have access to practical tools and resources for improving their cybersecurity posture. Nick also manages major events for the MassCyberCenter, creating opportunities for collaboration and knowledge-sharing among industry leaders, government partners, and the broader cybersecurity community.
Prior to joining the MassCyberCenter, Nick served in a variety of positions within Massachusetts state government. His experience includes working in the Office of Governor Charles D. Baker as Deputy Director of Boards and Commissions and subsequently as Director of Constituent Services..
Nick holds a B.A. in Politics and History from Curry College.
Max FathySr. Program Manager, MassCyberCenterMax Fathy is the Senior Program Manager, Cybersecurity Innovation, at the MassCyberCenter at the Massachusetts Technology Collaborative (MassTech). He is responsible for supporting the MassCyberCenter’s workforce development efforts, including the Cybersecurity Training and Education Working Group and the Cybersecurity Mentorship Program, and building stronger relationships with the private sector cybersecurity community.
Prior to joining the MassCyberCenter, Max worked as a Manager of Government Relations and Public Policy for ML Strategies, where he advised private sector companies across a range of industries on state and local public policy in Massachusetts. He also served as a Project Analyst at Mintz Levin, where he supported legal, government relations, and community service initiatives.
Max holds a Master of Arts in Law and Diplomacy with a focus on International Security and Technology Policy from the Fletcher School of Law and Diplomacy at Tufts University. During his studies at Fletcher, he served as a Rosenthal Fellow in the Office of the Under Secretary of Defense for Policy in the United States Department of Defense. He also received his B.A. in International Relations from Tufts.
James Thompson, ModeratorDirector, Information Security, Hypertherm AssociatesJames brings more than 20 years of experience in Information Technology including seven years in cybersecurity within the manufacturing vertical. He has a passion for team development and attributes his program’s success to relationship and team building skills developed earlier in his career. He started his career in higher education and has since shifted to private sector organizations and holds several industry certifications including CISSP, CISA, PMP and PCIP.
A motivated builder and problem solver who loves working with others to create the solutions that drive innovation, optimization, and change.
Panel Discussion
Joshua BreglerApplication Security Leader, McKinsey & Co.Joshua Bregler is a cybersecurity executive with deep expertise in application security, cloud architecture, and mission-critical systems. He currently serves as the Application Security Leader at McKinsey & Company, where he builds and scales firmwide application security capabilities, enabling secure product development and enterprise resilience.
Before joining McKinsey, Joshua was a Principal Security Architect at Amazon Web Services, where he supported the U.S. Department of Defense and the Intelligence Community. In that role, he led secure cloud transformation initiatives, architected high-assurance systems, and partnered with national security stakeholders to advance zero-trust security models across classified and critical workloads.
Joshua holds an MBA from Johns Hopkins University and is a U.S. Marine Corps veteran, bringing a mission-first mindset and disciplined leadership style to every engagement. His career reflects more than two decades of advancing cybersecurity strategy, designing secure digital ecosystems, and guiding organizations through complex technical and regulatory environments.
Ryan RoobianGlobal Principal Solutions Architect - Cyber Intelligence & Risk, Google CloudRyan Roobian has over 25 years of experience in various specialties in IT including Cybersecurity. As a Global Solutions Architect at Google Cloud Security, Ryan serves as a subject matter expert for all security products and services within the Google Cloud portfolio. In his current role, Ryan works with strategic customers around the world in developing complex solutions with security inherent in their design, while also helping with internal product and go-to-market strategies.
Panel Discussion
Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson CyberLarry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLCKip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Hone your skills and connect with your regional peers in InfoSec.




















