22nd Annual

SecureWorld Boston 2026

April 8-9, 2026 | Hynes Convention Center

EVENT DETAILS

Click here to view registration types and pricing (PDF)

Download Now

Conference Agenda

Day 1
Day 2

Filter by registration level:

Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive

Wednesday, April 8, 2026
7:30 am
[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 1
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
Registration Level:
SecureWorld Plus
7:30 am - 9:00 am

Upon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.

Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.

The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.

Module 1: What is Artificial Intelligence (AI) and how does AI work?

Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.

Module 2: AI Cloud Adoption Frameworks (CAFs)

An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).

Module 3: AI threats and Vulnerabilities

AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).

Module 4: AI security controls

Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.

Module 5: Building an AI Security Program

This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.

Module 6: AI governance, AI risk management, AI compliance, AI audit

This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
7:30 am
[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 1
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
Registration Level:
SecureWorld Plus
7:30 am - 9:00 am
This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business

Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots

A step-by-step action plan – No more guessing what to do next

Real-world case studies – See how organizations just like yours have successfully implemented the framework

Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

IT Directors and Managers

Cybersecurity Professionals

Business Leaders responsible for risk management

Compliance Officers

Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

Getting BUY-IN from your senior decision makers

Discovering your top five cyber risks

Creating a prioritized risk mitigation plan with implementation roadmap

A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.
7:00 am
Registration open
Registration Level:
Open Sessions
7:00 am - 4:15 pm
Location / Room: Registration Desk / Lobby
Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 am
Networking Hall open
Registration Level:
Open Sessions
8:00 am - 4:30 pm
Location / Room: Networking Hall
Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Also, look for “Cyber Connect” discussions on select topics and join the conversation.
8:00 am
Advisory Council Roundtable Breakfast (VIP / Invite only)
Registration Level:
VIP / Exclusive
8:00 am - 8:45 am
Moderated discussion for SecureWorld Advisory Council members. By invite only.
8:00 am
Association Chapter Meetings
Registration Level:
Open Sessions
8:00 am - 8:45 am
Participating professional associations and details to be announced.
8:00 am
Simple Daily Habits to Strengthen Your Security Posture
Registration Level:
Open Sessions
8:00 am - 8:45 am
Session details to come.
8:45 am
Networking Break
Registration Level:
Open Sessions
8:45 am - 9:00 am
Location / Room: Networking Hall
Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am
[Opening Keynote] The State of Cybersecurity in 2026: Threats, Trends, and What Comes Next
Registration Level:
Open Sessions
9:00 am - 9:45 am
Location / Room: Keynote Theater
Session details to come.
9:45 am
Networking Break & Cyber Connect
AI in Cybersecurity: Game-Changer or Growing Threat?
Registration Level:
Open Sessions
9:45 am - 10:10 am
Location / Room: Networking Hall
Artificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.

Please join us in the Networking Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.
10:10 am
Quantum Readiness: Preparing Your Organization for a Post-Quantum Future
Registration Level:
Conference Pass
10:10 am - 10:45 am
Session details to come.
10:10 am
Identity Security Beyond MFA: Continuous Verification and Risk-Based Controls
Registration Level:
Conference Pass
10:10 am - 10:45 am
Session details to come.
10:10 am
Threat Hunting with AI: Turning Noise into Actionable Intelligence
Registration Level:
Open Sessions
10:10 am - 10:45 am
Session details to come
10:10 am
Modern Ransomware: Double Extortion, Data Destruction, and Targeted Campaigns
Registration Level:
Open Sessions
10:10 am - 10:45 am
Session details to come.
10:45 am
Networking Break & Cyber Connect
The Human Element in Cybersecurity
Registration Level:
Open Sessions
10:45 am - 11:10 am
Location / Room: Networking Hall
Despite all the tools and technology, people remain the most unpredictable variable in security. Whether insider threats, awareness training, or culture-building, human behavior is central to your cyber strategy.

Please join us in the Networking Hall to connect with peers over coffee and snacks and discuss how organizations are tackling the people side of cybersecurity.
11:10 am
From 'No' to 'How': The CISO's Upgrade in 2026
Interest tags: CISO Strategy; AI Security Governance; Security Metrics
Randall Jackson
CISO / Head of Infrastructure, Income Research + Management
Registration Level:
Conference Pass
11:10 am - 11:45 am
In 2026, CISOs sit at the intersection of cyber risk, AI, regulation, and growth. The days of the “department of no” are over; security leaders are expected to be business operators who enable transformation—instead of blocking it.

This session explores how the role is evolving, what boards and regulators now expect, and how to shift your security team from reactive firefighting to proactive business enablement. You’ll leave with a practical playbook you can apply immediately: new ways to communicate with the business, embed security into AI and digital initiatives, and measure success in terms that actually matter to executives.
11:10 am
The Rise of AI Assistants: New Insider Threat and Data Exposure Challenges
Registration Level:
Conference Pass
11:10 am - 11:45 am
Session details to come.
11:10 am
Third-Party Risk: Managing Exposure Across Expanding Vendor Ecosystems
Registration Level:
Open Sessions
11:10 am - 11:45 am
Session details to come.
11:10 am
[Panel] Navigating the Evolving Digital Battlefield
Focus Areas: Identity-First Security; Attack Surface Management; Supply Chain & Fourth-Party Risk
Shashwat Sehgal
Founder & CEO, P0 Security
Panel Discussion
Registration Level:
Open Sessions
11:10 am - 11:45 am
As organizational footprints expand across cloud, SaaS, OT/IoT, and dispersed workforces, defenders face a more complex and interconnected digital battlefield. This panel brings together experts to explore how today’s threat actors combine automation, social engineering, identity breaches, and software supply-chain attacks into highly coordinated assaults.

Panelists will examine the expanding importance of identity in the modern SOC, the emergence of AI-driven threats such as automated reconnaissance and deepfake-assisted breaches, and how fourth-party dependencies are changing risk visibility. The discussion also connects these trends to organizational resilience—showing how teams can improve detection, response, and business continuity across an evolving attack surface. This comprehensive session provides practical insights for any security leader seeking clarity amid converging threats.
11:45 am
Networking Break
Registration Level:
Open Sessions
11:45 am - 12:00 pm
Location / Room: Networking Hall
Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pm
[Lunch Keynote] AI-Accelerated Attacks and Defenses: Preparing for Machine-Speed Threats
Registration Level:
Open Sessions
12:00 pm - 12:45 pm
Location / Room: Keynote Theater
Session details to come.
12:45 pm
Networking Break & Cyber Connect
Proactive by Design: Anticipating Threats Before They Strike
Registration Level:
Open Sessions
12:45 pm - 1:10 pm
Location / Room: Networking Hall
The days of reacting to alerts are over. From continuous monitoring to threat hunting, organizations are shifting to proactive security models that anticipate and prevent incidents before they happen.

Please join us in the Networking Hall to connect with peers over coffee and snacks and explore how to make proactive security a reality in your environment.
1:10 pm
Breaking Into the Boardroom
Focus Areas: Board Communication & Governance; Cyber Risk Strategy & Quantification; Leadership & Strategic Alignment
Bill Bowman
Operating Partner | CISO, Welsh, Carson, Anderson & Stowe
Registration Level:
Conference Pass
1:10 pm - 1:45 pm
Are you leading your audit committee meetings with vulnerability statistics and budget requests? It’s essential to understand the real concerns of the board and provide them with the information they need. In this session, learn how to transition from being a security leader to becoming a trusted cyber risk leader.
1:10 pm
Burnout in Cybersecurity: Recognizing, Preventing, and Managing Team Fatigue
Registration Level:
Conference Pass
1:10 pm - 1:45 pm
Session details to come.
1:10 pm
Threat Modeling for Modern Architectures: From Cloud to Edge
Registration Level:
Open Sessions
1:10 pm - 1:45 pm
Session details to come.
1:10 pm
[Panel] The Double-Edged Sword of AI in Cyber Defense
Focus Areas: AI-Powered SecOps; Adversarial AI & Synthetic Media; AI Governance & Assurance
Panel Discussion
Registration Level:
Open Sessions
1:10 pm - 1:45 pm
AI is revolutionizing cybersecurity at all levels, speeding up detection and enabling automated attacks on an unprecedented scale. This session examines AI’s dual role as both a powerful defensive tool and a new threat vector for attackers. Panelists will discuss how AI copilots enhance analyst workflows, triage, and anomaly detection, while also addressing emerging risks such as LLM data leakage, prompt injection, model poisoning, and hallucinations within high-trust SOC processes.

The discussion will cover AI governance and assurance frameworks, evolving regulatory expectations, and the impact of synthetic content—including deepfakes, audio spoofing, and hyper-personalized phishing—on social engineering defenses. Attendees will leave with a solid understanding of AI’s potential, the safety measures needed for responsible deployment, and practical steps for preparing teams and pipelines for an AI-driven threat environment.
1:45 pm
Networking Break & Cyber Connect
Cyber Talent Crisis: Recruiting, Retaining, and Reskilling Your Team
Registration Level:
Open Sessions
1:45 pm - 2:10 pm
Location / Room: Networking Hall
The cybersecurity workforce shortage is real—and growing. From finding skilled talent to reducing burnout and investing in upskilling, leaders are rethinking how to build resilient teams for the future.

Please join us in the Networking Hall to connect with peers over coffee and snacks and exchange ideas for navigating one of the industry’s most significant ongoing challenges.
2:10 pm
Workforce Identity in the Age of Remote Deception
Focus Areas: Identity & Access Governance; Insider Risk & Workforce Integrity; Cross-Functional Security Leadership
Justin Armstrong
CISO, TMF Health Quality Institute
Ben Focht
Deputy CISO, TMF Health Quality Institute
Registration Level:
Conference Pass
2:10 pm - 2:45 pm
In today’s remote-first world, ensuring that the people doing the work are actually who they claim to be has become a critical challenge. From North Korean agents posing as freelance developers to employees collecting full-time paychecks from three different companies, the risks are as real as they are hard to detect.

This session will offer practical strategies for managing this complex problem. The solution requires close collaboration between executives, human resources, security, compliance, and supervisors. How do you create a program that balances the competing priorities of security and teamwork? How do you regularly validate workers while not giving the impression that “big brother is watching you”?

Leave with new insights, sharper instincts, and a fresh perspective on modern workforce protection.
2:10 pm
Building Incident Response Plans for Highly Distributed Workforces
Registration Level:
Conference Pass
2:10 pm - 2:45 pm
Session details to come.
2:10 pm
Data Privacy in 2026: Navigating New Regulations and Compliance Pressures
Registration Level:
Open Sessions
2:10 pm - 2:25 pm
Session details to come.
2:10 pm
[Panel] Cloud Security & Multi-Cloud Defense: Securing the Modern Enterprise
Focus Areas: Multi-Cloud & SaaS Governance; Workload & Data Protection; Zero Trust & Edge Security
Panel Discussion
Registration Level:
Open Sessions
2:10 pm - 2:45 pm
Modern enterprises rely on a complex mix of cloud providers, SaaS platforms, APIs, and distributed identities—offering agility but also creating new control gaps. This panel gathers leaders in CSPM, workload protection, cloud identity, API security, and SaaS governance to explore the challenges of securing multi-cloud environments at scale.

Panelists will discuss AI-driven misconfigurations, rapid SaaS sprawl, and the persistent risk of API-related breaches, as well as how zero trust principles are applied to cloud entitlements and data flows. The conversation also covers DSPM-led visibility, cross-cloud identity governance, and the convergence of network and cloud security through SASE/SSE. Whether you’re cloud-mature or still early in the journey, this session provides strategies for protecting cloud workloads, identities, and data in environments where every misconfiguration can become a breach.
2:45 pm
Networking Break
Registration Level:
Open Sessions
2:45 pm - 3:15 pm
Location / Room: Networking Hall
Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
3:15 pm
[Closing Keynote] Building High-Trust Security Cultures in an Era of Constant Disruption
Registration Level:
Open Sessions
3:15 pm - 4:00 pm
Location / Room: Keynote Theater
Session details to come.
4:00 pm
Happy Hour
Happy Hour
Registration Level:
Open Sessions
4:00 pm - 5:30 pm
Location / Room: Networking Hall
Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.
4:00 pm
[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 2
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
Registration Level:
SecureWorld Plus
4:00 pm - 5:30 pm

Upon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.

Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.

The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.

Module 1: What is Artificial Intelligence (AI) and how does AI work?

Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.

Module 2: AI Cloud Adoption Frameworks (CAFs)

An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).

Module 3: AI threats and Vulnerabilities

AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).

Module 4: AI security controls

Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.

Module 5: Building an AI Security Program

This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.

Module 6: AI governance, AI risk management, AI compliance, AI audit

This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
4:00 pm
[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 2
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
Registration Level:
SecureWorld Plus
4:00 pm - 5:30 pm
This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business

Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots

A step-by-step action plan – No more guessing what to do next

Real-world case studies – See how organizations just like yours have successfully implemented the framework

Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

IT Directors and Managers

Cybersecurity Professionals

Business Leaders responsible for risk management

Compliance Officers

Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

Getting BUY-IN from your senior decision makers

Discovering your top five cyber risks

Creating a prioritized risk mitigation plan with implementation roadmap

A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.
Thursday, April 9, 2026
7:00 am
Registration open
Registration Level:
Open Sessions
7:00 am - 4:15 pm
Location / Room: Registration Desk
Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am
[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 3
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
Registration Level:
SecureWorld Plus
7:30 am - 9:30 am

Upon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.

Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.

The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.

Module 1: What is Artificial Intelligence (AI) and how does AI work?

Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.

Module 2: AI Cloud Adoption Frameworks (CAFs)

An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).

Module 3: AI threats and Vulnerabilities

AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).

Module 4: AI security controls

Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.

Module 5: Building an AI Security Program

This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.

Module 6: AI governance, AI risk management, AI compliance, AI audit

This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
7:30 am
[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 3
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
Registration Level:
SecureWorld Plus
7:30 am - 9:00 am
This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business

Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots

A step-by-step action plan – No more guessing what to do next

Real-world case studies – See how organizations just like yours have successfully implemented the framework

Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

IT Directors and Managers

Cybersecurity Professionals

Business Leaders responsible for risk management

Compliance Officers

Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

Getting BUY-IN from your senior decision makers

Discovering your top five cyber risks

Creating a prioritized risk mitigation plan with implementation roadmap

A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.
8:00 am
Networking Hall open
Registration Level:
Open Sessions
8:00 am - 4:45 pm
Location / Room: Networking Hall
Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Also, look for “Cyber Connect” discussions on select topics and join the conversation.
8:00 am
Advisory Council Roundtable Breakfast (VIP / Invite only)
Registration Level:
VIP / Exclusive
8:00 am - 8:45 am
Moderated discussion for SecureWorld Advisory Council members. By invite only.
8:00 am
Association Chapter Meetings
Registration Level:
Open Sessions
8:00 am - 8:45 am
Participating professional associations and details to be announced.
8:00 am
Insider Threats: The Call Is Coming from Inside the House
Interest Tags: Insider Threats; Risk Quantification; User and Entity Behavior Analytics
Craig Stanland
Author, "Blank Canvas: How I Reinvented My Life After Prison"
Registration Level:
Open Sessions
8:00 am - 8:45 am
Most insider threats don’t begin with malicious intent. They begin with a human being under pressure. Fear. Scarcity. Insecurity. These emotional drivers create tiny rationalizations that bypass even the strongest controls: “They owe me.” “I’ll fix it before anyone notices.” “This isn’t a big deal.”

By the time a security system detects something unusual, the damage is already in motion, because insider threats are fundamentally human threats. And humans are always smarter than the system when they’re driven by need and fueled by rationalization.

In this gripping, first-person session, Craig Stanland, who committed and served time for an $800K fraud, exposes how rationalization quietly rewires judgment, overrides policy, and turns trusted employees into your most significant vulnerability. This session goes beyond frameworks and compliance.
8:45 am
Networking Break
Registration Level:
Open Sessions
8:45 am - 9:00 am
Location / Room: Networking Hall
Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am
[Opening Keynote] The Death of the Perimeter and Rise of the Federated Identity Fabric
Registration Level:
Open Sessions
9:00 am - 9:45 am
Location / Room: Keynote Theater
Session details to come.
9:45 am
Networking Break & Cyber Connect
AI in Cybersecurity: Game-Changer or Growing Threat?
Registration Level:
Open Sessions
9:45 am - 10:15 am
Location / Room: Networking Hall
Artificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.

Please join us in the Networking Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.
10:15 am
From Alert Fatigue to Adaptive Defense: Operationalizing AI in the SOC
Registration Level:
Conference Pass
10:15 am - 10:50 am
Session details to come.
10:15 am
Ransomware Resilience: Building a True Immutable Backup Strategy
Registration Level:
Conference Pass
10:15 am - 10:50 am
Session details to come.
10:15 am
Securing the SaaS Jungle: Access Control and Shadow Data in the Cloud
Registration Level:
Open Sessions
10:15 am - 10:50 am
Session details to come.
10:15 am
Beyond the Signature: Advanced Endpoint Detection and Hardening
Registration Level:
Open Sessions
10:15 am - 10:50 am
Session details to come.
10:50 am
Networking Break & Cyber Connect
The Human Element in Cybersecurity
Registration Level:
Open Sessions
10:50 am - 11:10 am
Location / Room: Networking Hall
Despite all the tools and technology, people remain the most unpredictable variable in security. Whether insider threats, awareness training, or culture-building, human behavior is central to your cyber strategy.

Please join us in the Networking Hall to connect with peers over coffee and snacks and discuss how organizations are tackling the people side of cybersecurity.
11:10 am
Unpacking the New SEC Rules: Transitioning from Manual Reporting to Continuous Compliance
Registration Level:
Conference Pass
11:10 am - 11:45 am
Session details to come.
11:10 am
OT/ICS Security: Bridging the Air Gap and Achieving Visibility in Critical Infrastructure
Registration Level:
Conference Pass
11:10 am - 11:45 am
Session details to come.
11:10 am
The New Era of Phishing: Defending Against Deepfakes and AI-Driven Deception
Registration Level:
Open Sessions
11:10 am - 11:45 am
Session details to come.
11:10 am
[Panel] The Human Layer: Insider Risk, Social Engineering, and Behavioral Analytics
Focus Areas: Insider Risk & Behavioral Analytics; Social Engineering & AI Deception; Identity Security & Access Governance
Panel Discussion
Registration Level:
Open Sessions
11:10 am - 11:45 am
The human element remains the most targeted and least predictable part of every security program—now intensified by AI-powered social engineering. This panel examines how attackers weaponize synthetic voice and video deepfakes, personalized phishing, MFA fatigue, session hijacking, and multi-channel lures across email, mobile, chat, and collaboration apps.

Experts in insider risk, UEBA, identity security, and DLP will discuss how behavioral analytics detect subtle anomalies while maintaining privacy guardrails for employees. Panelists will also address how privileged access governance is evolving in cloud-heavy environments. Attendees will leave with practical guidance for reducing user friction, improving detection, countering AI-driven lures, and building a resilient workforce that remains the strongest defense against evolving attacker tactics.
11:45 am
Networking Break
Registration Level:
Open Sessions
11:45 am - 12:00 pm
Location / Room: Networking Hall
Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
12:00 pm
[Lunch Keynote] Resilience over Reaction: Securing Critical Functions in an Age of Systemic Risk
Registration Level:
Open Sessions
12:00 pm - 12:45 pm
Location / Room: Keynote Theater
Session details to come.
12:45 pm
Networking Break
Registration Level:
Open Sessions
12:45 pm - 1:10 pm
Location / Room: Networking Hall
Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
1:10 pm
Behind the Prompt: A CISO's Practical AI Journey
Focus Areas: Practical AI Implementation; Security Operations Automation; Leadership Perspectives
Mark Annati
CISO, Executive Office of Economic Development, Commonwealth of Massachusetts
Registration Level:
Conference Pass
1:10 pm - 1:45 pm
AI isn’t just a buzzword — it’s become a practical tool in everyday life. In this session, cybersecurity leader Mark Annati shares how he uses AI both professionally and personally, from automating policy work and streamlining threat analysis to planning trips and solving real-world problems at home. With relatable examples, lessons learned, and a focus on what works (and what doesn’t), this talk offers a grounded perspective on AI’s role in modern cybersecurity and beyond — accessible to both technical and non-technical audiences.
1:10 pm
Building Cybersecurity Resilience for Small Businesses: State Programs and Practical Tools
Focus areas: Small Business Resilience & Funding; Security Foundations & Baselines: Interactive Security Training
Nick Butts
Outreach Program Manager, MassCyberCenter
Max Fathy
Sr. Program Manager, MassCyberCenter
Registration Level:
Conference Pass
1:10 pm - 1:45 pm
Representatives from the MassCyberCenter lead an informative session on how small businesses in Massachusetts can strengthen their cybersecurity posture with the help of state-supported programs and resources. Learn about the minimum cybersecurity baseline recommended for small businesses, explore available state initiatives and funding opportunities, including the MassCyberCenter’s Security Operations Center / Cyber Range Initiative and the Cyber Resilient Massachusetts Grant Program, and discover engaging tools like the Cybersecure: Defend the Network card game that make learning cyber defense strategies interactive and fun. This session is designed to empower small businesses with practical steps and accessible resources to protect their operations and thrive in today’s digital landscape.
1:10 pm
Data Minimization: Turning ROT Data into Risk Reduction and Savings
Registration Level:
Open Sessions
1:10 pm - 1:45 pm
Session details to come.
1:10 pm
[Panel] Resilience Engineering: Incident Response, Business Continuity, and Cyber Insurance
Focus Areas: Operational Resilience & BCP; Incident Response & Crisis Management; Cyber Insurance & Executive Reporting
Panel Discussion
Registration Level:
Open Sessions
1:10 pm - 1:45 pm
Resilience has shifted from a compliance task to a vital business skill. This panel explores how organizations prepare for disruptive cyber incidents involving multi-cloud setups, SaaS dependencies, supply chain issues, and rapid ransomware attacks. With experts in incident response, digital forensics, MDR, insurance, and crisis management, the panel emphasizes developing response playbooks that mirror current operational dependencies.

Panelists will explore insurer-driven requirements for identity security and MFA, lessons from major SaaS outages, and how to communicate effectively with executives and boards when downtime impacts revenue-critical operations. Attendees will gain a comprehensive understanding of how to engineer resilience—not just respond—and how to align IR, continuity planning, insurance, and business priorities into a unified, enterprise-wide strategy.
1:50 pm
Networking Break & Cyber Connect
Cyber Talent Crisis: Recruiting, Retaining, and Reskilling Your Team
Registration Level:
Open Sessions
1:50 pm - 2:10 pm
Location / Room: Networking Hall
The cybersecurity workforce shortage is real—and growing. From finding skilled talent to reducing burnout and investing in upskilling, leaders are rethinking how to build resilient teams for the future.

Please join us in the Networking Hall to connect with peers over coffee and snacks and exchange ideas for navigating one of the industry’s most significant ongoing challenges.
2:10 pm
Leveraging the CTI Ecosystem: Actionable Intelligence for Regional Threats
Registration Level:
Conference Pass
2:10 pm - 2:45 pm
Session details to come.
2:10 pm
The Talent Multiplier: Automation and Orchestration Strategies for Understaffed Teams
Registration Level:
Conference Pass
2:10 pm - 2:45 pm
Session details to come.
2:10 pm
OT/ICS Incident Response: Specialized Triage for Critical Infrastructure Breaches
Registration Level:
Open Sessions
2:10 pm - 2:45 pm
Session details to come.
2:10 pm
[Panel] The Great Consolidation: Rationalizing the Security Stack
Focus Areas: Security Stack Consolidation; SecOps Efficiency & ROI; Unified Detection & Response (XDR/SIEM Integration)
Panel Discussion
Registration Level:
Open Sessions
2:10 pm - 2:45 pm
Security teams are under increasing pressure to reduce tool sprawl, streamline SOC workflows, and demonstrate measurable ROI—fueling a wave of consolidation across the industry. This panel explores the shift toward unified detection and response platforms, integrated identity and data controls, AI-enabled SOC copilots that unify telemetry, and architectural simplification that reduces operational drag.

Panelists from XDR, SIEM, platform security, and MSSP providers will discuss frameworks for evaluating ROI, navigating contract consolidation, avoiding visibility gaps, and deciding where consolidation strengthens or weakens security posture. Ideal for leaders facing budget constraints or platform migrations, this session offers practical guidance for optimizing spending without sacrificing coverage.
2:45 pm
Networking Break and Dash for Prizes
Registration Level:
Open Sessions
2:45 pm - 3:15 pm
Location / Room: Networking Hall
Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:15 pm
[PLUS Course] Protecting AI Systems from Malicious Cyber Attacks - Part 4
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
Registration Level:
SecureWorld Plus
3:15 pm - 4:45 pm

Upon completion of this course, attendees will have an up-to-date understanding of how AI works, AI implementation options, AI threats and vulnerabilities, AI security controls standards, best practices for building an AI security program, and assessing risks assessing AI security risks. The course covers technical security controls applied to AI systems and underlying infrastructure before, during, and after a cyberattack. Finally, administrative security capabilities, including AI governance, risk management, compliance, and audit considerations will be discussed.

Today’s companies develop, deploy, access AI applications and workloads through many computing environments including public cloud, private cloud, multi-cloud, hybrid cloud, and on-premises. These AI implementations and operations involve the risk of one or more cyberattacks that target the AI systems directly (model tampering, agent manipulation, data poisoning, GPU runtime exploits, etc.) or target the underlying infrastructure (public cloud, private cloud, on-premises, etc.) where the AI systems reside. The various development and deployment solutions make securing high-risk AI systems a challenge. A comprehensive AI cybersecurity program should account the various of development / deployment / operations scenarios.

The objective of this class is to help organizations design, develop, build, and manage high-risk AI systems and the underlying cloud, multi-cloud, hybrid cloud, on-premises environments that support AI systems throughout design, development, deployment, and operations. The course deliverables are grouped into six modules which cover key topics related to building a highly effective AI Security Program.

Module 1: What is Artificial Intelligence (AI) and how does AI work?

Includes an overview of Artificial Intelligence (AI) including how AI works (applications and workloads), AI architecture, components, and processes (models, algorithms, workflows). Module 1 includes topics such as AI Models (Generative AI, Large Language Models (LLMs), foundation models), and Multi-Agent Systems (MAS). A review of AI Use Cases across multiple industry sectors is included.

Module 2: AI Cloud Adoption Frameworks (CAFs)

An AI Cloud Adoption Framework (CAF) provides a structured approach to adopting AI solutions effectively and responsibly. It is designed to guide organizations through the process of implementing AI workloads ensuring scalability, security, and operational excellence. Topics include developing, deploying, and securing AI solutions in Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) and Oracle Cloud Infrastructure (OCI). Deployment models include IaaS (bring your AI), PaaS (build your AI), and SaaS (buy your AI).

Module 3: AI threats and Vulnerabilities

AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on. Topics include an overview of the FS-ISAC Adversarial AI Framework, MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems), and OWASP Agentic AI Threats. Module 3 also includes a discussion of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. Topics include the OWASP Top 10 for LLM Applications (2025) and the OWASP Top 10 for Agentic Applications (2026).

Module 4: AI security controls

Includes an overview of NIST SP 800-218A Secure Software Development Framework (SSDF) for AI, the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, and the Cloud Security Alliance AI Controls Matrix (AICM). NIST SP 800-218A provides secure software development practices specifically for generative AI and dual-use foundation models. The Google Secure AI Framework (SAIF) provides guidance for securing AI systems, including the SAIF Risk Self-Assessment to help build and deploy AI systems securely. The OWASP AI Security and Privacy Guide provides clear and actionable insights on designing, creating, testing, and procuring secure and privacy-preserving AI systems. The AI Controls Matrix (AICM) is a comprehensive framework developed by the Cloud Security Alliance (CSA) to help organizations align their AI practices with international standards and regulations.

Module 5: Building an AI Security Program

This module focuses on building a comprehensive AI security program to protect AI systems (in development and in production) as well as a security program for the underlying multi-cloud / hybrid-cloud solution. NIST SP 800-18 Rev. 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems outlines the essential components of a System Security Pan (SSP), which documents security requirements for a system and describes the controls in place or planned to meet those requirements. NIST SP 1800-35 Implementing a Zero Trust Architecture, which includes a discussion on enabling secure authorized access to enterprise resources distributed across on-premises and multiple cloud environments. Module 5 also includes is a summary of NIST practices for Assessing Risks and Impacts of AI (ARIA) which supports three evaluation levels: model testing, red-teaming, and field testing.

Module 6: AI governance, AI risk management, AI compliance, AI audit

This module Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.
3:15 pm
[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 4
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
Registration Level:
SecureWorld Plus
3:15 pm - 4:45 pm
This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business

Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots

A step-by-step action plan – No more guessing what to do next

Real-world case studies – See how organizations just like yours have successfully implemented the framework

Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

IT Directors and Managers

Cybersecurity Professionals

Business Leaders responsible for risk management

Compliance Officers

Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

Getting BUY-IN from your senior decision makers

Discovering your top five cyber risks

Creating a prioritized risk mitigation plan with implementation roadmap

A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

Keynote & Speaker Information

SecureWorld Boston

April 8-9, 2026

Exhibitors

Abnormal AI
Booth: TBD
Abnormal AI is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior and analyze the risk of every cloud email event—detecting and stopping sophisticated, socially-engineered attacks that target the human vulnerability.

You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly. Additional protection is available for Slack, Workday, ServiceNow, Zoom, and multiple other cloud applications. Abnormal is currently trusted by more than 3,200 organizations, including over 20% of the Fortune 500, as it continues to redefine how cybersecurity works in the age of AI.
AccessIT Group
Booth: TBD
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
Akamai Technologies
Booth: TBD
Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.
Axonius
Booth: TBD
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
BforeAI
Booth: TBD
BforeAI is a cybersecurity company specializing in proactive threat prevention. Our PreCrime™ technology autonomously predicts, blocks, and preempts malicious campaigns before they impact your business. Our core services are Behavioral Analysis & Predictive Results: Our cutting-edge AI goes beyond reactive blocklists, predicting dangerous domains before they launch attacks. Our predictive security solution, Brand Protection identifies and takes down online impersonation threats, securing your brand from financial and reputational harm.
Canary Trap
Booth: TBD
Canary Trap is a recognized industry leader in offensive security, security advisory and assessment services. Founded by ethical hackers and certified security experts who share in the common goal of protecting organizations from becoming a victim of the next cyber-attack.

Canary Trap combines human expertise with sophisticated tools and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to all security testing and assessments.
Clarity Security
Booth: TBD
Meet audit and compliance requirements while saving time and money. Clarity’s simplified access certification, highly granular access governance, and automated lifecycle management create the ultimate all-in-one identity governance platform.
Cloud Security Alliance Boston Chapter
Booth: TBD
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events, and products. CSA’s activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs, and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA Boston holds meetings on a variety of topics directly related to cloud security.
Concentric AI
Booth: TBD
Concentric AI delivers data risk assessment, monitoring, and protection for corporate data.
Control D
Booth: TBD
ControlD is a fully customizable DNS service that allows you to not only block annoyances like malware, tracking, ads or IoT telemetry, but also unblock over 200 services through a network of servers in over 100 cities. All without any apps to install.
Cyble
Booth: TBD
Cyble provides capabilities for customers to manage cyber risks with AI powered actionable threat intelligence. We are specialists in gathering intelligence across the Deepweb, Darkweb, and the Surface Web.
Cyera
Booth: TBD
Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in Data Security Posture Management, Cyera instantly provides companies visibility over their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. We are redefining the way companies secure their data. Learn more at cyera.io.
ExtraHop Networks, Inc.
Booth: TBD
ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com
Flare
Booth: TBD
Flare Systems enables financial institutions to prevent financial crime. Using AI and over 10 years of criminology research, it extracts actionable intelligence from millions of data points from the dark, deep and clear web in real time.
GhostEye
Booth: TBD
The human-centric security validation platform. GhostEye uses autonomous AI agents to continuously test how attackers exploit human vulnerabilities to compromise organizations. Just as red teams simulate technical attacks against infrastructure, we simulate sophisticated social engineering campaigns against people. Our multi-agent platform validates complete attack paths from initial social engineering to data exfiltration, providing security teams with actionable intelligence about their true human attack surface exposure before attackers find it.
InfraGard Boston
Booth: TBD
InfraGard is a United States government (FBI) and private sector alliance. InfraGard Boston was developed by the Boston FBI office in 1998 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. The purpose of the synergistic exchange is to allow members to better protect themselves and their corporate interests while enhancing the ability of the United States government to provide national security.
ISACA New England Chapter
Booth: TBD
The New England Chapter of ISACA® was founded in 1976. From the modest beginnings of its first meeting—which was held at Valle’s Steak House on Route 9 in Newton, Massachusetts—the chapter has grown to over 2000 members across four states (MA, NH, ME, VT).

The primary objective of the New England Chapter is to provide quality Information Systems audit and security-related education to support its members and their professional certifications.
ISC2 Eastern Massachusetts
Booth: TBD
Advancing Information Security One Community at a Time
As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!
ISSA New England
Booth: TBD
The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

Visit the National Headquarter’s website at www.issa.org.
K Logix
Booth: TBD
K logix is the leading information security company. We provide security consulting, technology solutions, and integration services to enterprise companies. Our experienced team and our established process help enterprise customers make confident security decisions that impact their business goals.
Keysight
Booth: TBD
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
Lightbeam
Booth: TBD
LightBeam.ai, the zero trust data protection pioneer, converges and simplifies data security, privacy, and AI governance, so businesses can accelerate their growth in new markets with speed and confidence. Leveraging generative AI as a foundational technology, LightBeam ties together sensitive data cataloging, control, and compliance across structured, unstructured, and semi-structured data applications providing 360-visibility, risk remediation, and compliance with PCI, GLBA, GDPR, HIPAA among other regulations. Continuous monitoring with full data residency ensures ultimate zero-trust data protection. LightBeam is on a mission to create a secure privacy-first world.
MassCyberCenter
Booth: TBD
The MassCyberCenter, launched in September 2017, strives to create a diverse, vibrant, and competitive Massachusetts cybersecurity ecosystem that enhances resiliency for public and private entities, provides workforce development opportunities, and elevates public cybersecurity awareness.

In 2022, the Massachusetts Legislature codified the establishment of the Center and confirmed its mission of convening the Massachusetts cybersecurity ecosystem to improve cybersecurity resiliency, workforce development, and public awareness within the Commonwealth by developing cutting edge programs, organizing engaging events, and leading collaborative working groups.

Cybersecurity encompasses the people, process, and technology that provide confidentiality, integrity, and availability of data and critical control systems that keep our Commonwealth running. The Center focuses its activities on balancing the core principles of cybersecurity: People, Process, and Technology.
Military Cyber Professionals Association (MCPA) New England Chapter
Booth: TBD
The New England Chapter leads MCPA efforts across the states of that region. We have periodic events planned that provide truly world-class networking and learning for anyone in the broader military cyber community of interest since we have a number of military cyber units and other important organizations in our footprint. We invite you to join us while you’re in town! Find details on the member-only intranet. The Chapter President is Colonel Richard Berthao.
National Cybersecurity Alliance
Booth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
New England IT Security Consortium
Booth: TBD
Objective: The group will foster collaboration and knowledge sharing among IT security professionals by discussing challenges, trends, and opportunities around IT Security.

What to Expect:
- Engaging Discussions: This peer-to-peer forum will foster knowledge sharing among IT security professionals. We’ll discuss current challenges, emerging trends, and opportunities to optimize your security posture.
- Focus on Efficiency: The central topic will be “Making IT Security Spend More Efficient.” With many organizations facing budget constraints, we’ll explore strategies to maintain tight security while potentially reducing costs.
- Thought Leadership Participation: Active participation is encouraged! This is a space for thought leaders to share insights and develop collaborative
Novacoast
Booth: TBD
A uniquely positioned IT services and solutions company, Novacoast is less defined by our broad range of expertise and services than by a perspective rooted in our cooperative environment of adaptable problem solving.

Beyond security specialists, software developers or network engineers, we are guides, allies, and problem solvers.

From implementation services, license fulfillment and technical training to software development, staffing services and custom or emerging solutions, Novacoast is an experienced and comprehensive IT business resource empowered on every level by our flexible and fearless perspective.
P0 Security
Booth: TBD
P0 Security is helping companies modernize PAM for multi-cloud and hybrid environments with the most agile way to ensure least-privileged, short-lived and auditable production access for users, NHIs and agents. Centralized governance, just-enough-privilege and just-in-time controls deliver secure access to production, as simply and scalably as possible. Every identity. Every system. All the time.

P0’s Access Graph and Identity DNA data layer make up the foundational architecture that powers privilege insights and access control across all identities, production resources and environments. With P0, production access is least-privilege, short-lived and auditable by default, including the new class of AI-driven agentic workloads emerging in modern environments.

To explore P0 Security further or book a demo, visit p0.dev.
Per Scholas
Booth: TBD
Per Scholas is a national nonprofit organization of 24 chapters dedicated to unlocking potential and increasing access to high-growth tech careers. Per Scholas has provided rigorous no-cost training, industry-recognized credentials, professional development, and employer connections to adults for 30 years and trained more than 30,000 technologists in the most sought-after tech skills. The Greater Boston campus, located in Kendall Square, trains 250 adults (18+) per year in 13-15 week, full time bootcamp style courses, both in person and remotely, in the areas of IT Support (CompTIA A+), Cybersecurity (CompTIA CySA+), Salesforce Administrator, and AWS Cloud Practitioner. Graduates go on to secure roles at employer partners throughout the region as Desktop Support Technicians, Network Engineers, Cyber Analysts, and more. This 1-minute video provides a thorough overview of the program, including testimonials from three Greater Boston employer partners: TEKsystems, PEGA, and EverQuote: https://www.youtube.com/watch?v=3VyoS6ZZ_Qw.
Ping Identity
Booth: TBD
Ping Identity delivers intelligent identity solutions for the enterprise. We enable companies to achieve Zero Trust identity-defined security and more personalized, streamlined user experiences.
Presidio
Booth: TBD
Presidio is the premier provider of digital transformation; solutions built on agile secure infrastructure deployed; in a multi-cloud world with business analytics.
Pure Storage, Inc.
Booth: TBD
Pure Storage is pioneering a new class of enterprise storage that has been designed from the ground up to take full advantage of flash memory. The company’s products accelerate random I/O-intensive applications like server virtualization, desktop virtualization (VDI), database (OLTP, rich analytics/OLAP, SQL, NoSQL), and cloudcomputing.

Pure Storage makes it cost-effective to broadly deploy flash within the data center, enabling organizations to manage growth within existing power and space constraints. Launching later this year, the company’s products are in private beta with select customers. Pure Storage is funded by Greylock Partners and Sutter Hill Ventures.
Push Security
Booth: TBD
Founded in 2020, Push Security is a cybersecurity company offering identity threat detection and response (ITDR) via a browser-based platform. The platform provides real-time visibility and security controls, targeting attacks such as phishing and credential stuffing. Push Security serves customers in technology, finance, and healthcare, with deployment on over 1.5 million endpoints, and has raised $45 million in funding. Based in London, the company’s approach includes automated guidance and behavioral nudges.
Reach Security
Booth: TBD
Reach is defining AI-Native Exposure Management by bridging the gap between knowing where you’re exposed and taking action to fix it. We help organizations reduce risk by making better use of the tools they already have delivering clarity, prioritization, and automation to turn understanding into results.
Simbian
Booth: TBD
Simbian’s AI Agents work together across SOC, threat hunt, and pentest to provide unified, modern SecOps that gets smarter every time you use it. Simbian captures your unique security context, building on the knowledge of your team, then uses that context to generate precision response and build a living playbook.
Sophos
Booth: TBD
Sophos delivers superior cybersecurity outcomes by providing cybersecurity as a service to protect companies of all sizes from the most advanced cyberthreats. Our cybersecurity products and services include managed detection and response (MDR), firewall, email, endpoint (XDR), and cloud native security protection. Sophos products and services defend against ransomware, phishing, malware, and more. They connect through the cloud-based Sophos Central management console and are powered by Sophos X-Ops, our cross-domain threat intelligence unit. We provide fully managed security solutions so you can manage your cybersecurity directly with our security operations platform. Or, you can supplement your in-house team with Sophos’ products and services.
Splunk, a Cisco Company
Booth: TBD
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
Sprocket Security
Booth: TBD
Sprocket Security was founded to improve the way we approach cybersecurity. Currently the industry performs services in a timeboxed, or point-in-time approach. We think this is fundamentally flawed. We protect your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.
Sublime Security
Booth: TBD
Sublime is the new standard for email security. Not just another black box, our AI-powered detection engine detects and prevents email attacks, so security teams can spend less time on email-originated incidents.
Sumo Logic
Booth: TBD
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.
Utimatico
Booth: TBD
Utimaco develops on-premises and cloud-based hardware security modules, solutions for key management and data protection as well as data intelligence solutions for regulated critical infrastructures and Public Warning Systems. Utimaco is one of the world’s leading manufacturers in its key market segments.

500+ employees around the globe create innovative solutions and services to protect data, identities and communication networks with responsibility for global customers and citizens. Customers and partners in many different industries value the reliability and long-term investment security of Utimaco’s high-security products and solutions.
WiCyS Massachusetts Affiliate
Booth: TBD
The Massachusetts WiCyS Affiliate offers mentoring, learning, networking and career development to professionals at all stages of their cybersecurity careers, Whether you are a student just considering a career in cybersecurity or an experienced leader in the cybersecurity workforce, WiCyS provides tangible benefits and a supportive community of all genders. Our affiliate provides an online community for mentorship, networking, and collaboration as well as local meetups, community awareness programs, and support for other organizations with a common mission to bridge the Cybersecurity workforce gap while addressing diversity and inclusion of women and minorities.
Zscaler
Booth: TBD
Zscaler is universally recognized as the leader in zero trust. Leveraging the largest security cloud on the planet, Zscaler anticipates, secures, and simplifies the experience of doing business for the world’s most established companies.

Return to Agenda

Keynote Speakers

Speakers

Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
https://www.cyberriskopportunities.com/
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
Randall Jackson
CISO / Head of Infrastructure, Income Research + Management
Seasoned IT and Cybersecurity Executive with a track record of leading enterprise-wide technology, security, and support operations. Proven ability to align IT strategy with business goals, drive process improvements, and lead complex implementations. Deep expertise in cybersecurity, technology transformation, managed services, and team leadership. Known for strategic thinking, decisive execution, and a pragmatic approach to solving high-stakes problems.
Shashwat Sehgal
Founder & CEO, P0 Security
https://www.p0.dev/
Shashwat Sehgal is the Co-Founder and CEO of P0 Security. He’s spent most of his career building security and observability products for developers, DevOps, and security teams. Shashwat is passionate about solving the problem of cloud access security and helping security engineers control "who has access to what sensitive resources" in any environment. He enjoys playing tennis, spending time with his family, teaching his son how to play chess, and geeking out on all things security.
Panel Discussion
Bill Bowman
Operating Partner | CISO, Welsh, Carson, Anderson & Stowe
Bill Bowman built the information security programs as the initial cybersecurity leader at Bright Horizons, Houghton Mifflin Harcourt, Eze Software, ZoomInfo, and Emburse. With over two decades of experience creating cybersecurity programs that meet rigorous certifications such as PCI, ISO 27001, ISO 27701, SOC 1, and SOC 2, he has consistently satisfied both client demands and regulatory requirements.

Bowman is passionate about data privacy, having established the Office of the Data Protection Officer at two organizations. His leadership has also contributed to the success of four companies that have exited private equity. Over the past 14 years, he has cultivated a strong network of security leaders, following his role as the founding President of the ISC2 Eastern Massachusetts chapter.
Panel Discussion
Justin Armstrong
CISO, TMF Health Quality Institute
Justin Armstrong is a security, privacy, and regulatory compliance leader with over 25 years of experience in the Healthcare Industry. He led Product Security at MEDITECH, a top three Electronic Health Record vendor, and has helped numerous organizations as a fractional CISO. He has engaged with Hospitals in nearly 100 ransomware incidents, and is dedicated to securing Healthcare and Critical Infrastructure. Justin is a contributor to the IEEE/UL 2933™ Standard for Clinical IoT Data and Device Interoperability with TIPPSS — Trust, Identity, Privacy, Protection, Safety, and Security, which defines secure and interoperable practices for connected healthcare systems.

He holds the CISSP, CCSP, and HCISPP certifications and obtained his Masters in Cybersecurity Leadership at Brandeis University.
Ben Focht
Deputy CISO, TMF Health Quality Institute
Ben is a cybersecurity leader with over a decade of experience shaping and scaling security programs across diverse industries including healthcare, finance, and education. From building red teams and security operations centers to leading executive strategy and cultural transformation, his career spans nearly every dimension of the cyber landscape.

Throughout his career, Ben has been driven by a belief that successful cybersecurity is built not just on controls and compliance, but on culture, communication, and continuous improvement. He's known for turning complex challenges into collaborative solutions whether guiding incident response, launching DevSecQps initiatives, or mentoring the next generation of security professionals.

A Colorado native with a deep passion for building teams and growing successful programs, Ben sees his ideal role as that of a cyber culture architect, fostering environments where security becomes second nature, not an afterthought. His presentations blend real-world experience with practical takeaways and a human-centered approach that resonates across technical and executive audiences alike.
Panel Discussion
Happy Hour
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
https://www.cyberriskopportunities.com/
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
https://www.cyberriskopportunities.com/
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
Craig Stanland
Author, "Blank Canvas: How I Reinvented My Life After Prison"
Panel Discussion
Mark Annati
CISO, Executive Office of Economic Development, Commonwealth of Massachusetts
Mark Annati is an experienced IT and cybersecurity leader, currently CISO for the Executive Office of Economic Development, Commonwealth of Massachusetts. A board member of InfraGard Boston, he previously served as CISO for advansappz.com and Extreme Reach. With over 20 years in IT security and two successful startups, Mark has led security operations, risk management, enterprise IT, and cloud initiatives. A former U.S. Navy submariner, he values teamwork, strategic planning, and continuous learning. Holding CISSP and SSCP certifications, he is passionate about aligning security with business goals and advancing security awareness.
Nick Butts
Outreach Program Manager, MassCyberCenter
https://masscybercenter.org/
Nick Butts is the Outreach Program Manager at the MassCyberCenter at the Massachusetts Technology Collaborative (MassTech). In his role, Nick focuses on amplifying the Center’s programs and initiatives to strengthen cybersecurity resilience across the Commonwealth. He leads outreach efforts to engage businesses, municipalities, and key stakeholders, ensuring they have access to practical tools and resources for improving their cybersecurity posture. Nick also manages major events for the MassCyberCenter, creating opportunities for collaboration and knowledge-sharing among industry leaders, government partners, and the broader cybersecurity community.

Prior to joining the MassCyberCenter, Nick served in a variety of positions within Massachusetts state government. His experience includes working in the Office of Governor Charles D. Baker as Deputy Director of Boards and Commissions and subsequently as Director of Constituent Services..

Nick holds a B.A. in Politics and History from Curry College.
Max Fathy
Sr. Program Manager, MassCyberCenter
https://masscybercenter.org/
Max Fathy is the Senior Program Manager, Cybersecurity Innovation, at the MassCyberCenter at the Massachusetts Technology Collaborative (MassTech). He is responsible for supporting the MassCyberCenter’s workforce development efforts, including the Cybersecurity Training and Education Working Group and the Cybersecurity Mentorship Program, and building stronger relationships with the private sector cybersecurity community.

Prior to joining the MassCyberCenter, Max worked as a Manager of Government Relations and Public Policy for ML Strategies, where he advised private sector companies across a range of industries on state and local public policy in Massachusetts. He also served as a Project Analyst at Mintz Levin, where he supported legal, government relations, and community service initiatives.

Max holds a Master of Arts in Law and Diplomacy with a focus on International Security and Technology Policy from the Fletcher School of Law and Diplomacy at Tufts University. During his studies at Fletcher, he served as a Rosenthal Fellow in the Office of the Under Secretary of Defense for Policy in the United States Department of Defense. He also received his B.A. in International Relations from Tufts.
Panel Discussion
Panel Discussion
Larry Wilson, CISSP, CISA, Instructor
Sr. Cybersecurity Consultant, Wilson Cyber
https://wilsoncyber.com/
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
Kip Boyle, Instructor
vCISO, Cyber Risk Opportunities LLC
https://www.cyberriskopportunities.com/
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Propel your cyber career at SecureWorld!

Hone your skills and connect with your regional peers in InfoSec.