SecureWorld Dallas 2025

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Participating professional associations and details to be announced.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Artificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.

Please join us at the lounge in the Exhibitor Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.

This presentation highlights the importance of using certified components, enforcing security controls with automated validation, and leveraging AI-driven insights for smarter and more efficient exception management. In modern cloud environments, trusted components and continuous validation accelerate secure application delivery and reduce misconfiguration risks. Automated security architecture validation ensures controls are consistently applied, enabling teams to detect drift early and respond with confidence. With AI-driven insights and exception management oversight, organizations can prioritize risks and streamline approvals. These combined practices empower businesses to move applications to the cloud faster, improve developer productivity, and maintain strong, scalable cloud security postures.

Governance, Risk, and Compliance (GRC) is more than just a regulatory checkbox; it’s a critical framework for protecting information systems and data while ensuring third-party compliance. When effectively implemented, GRC empowers organizations to mitigate risks and align security strategies with business objectives. However, poorly executed GRC processes can lead to compliance failures, operational disruptions, and significant financial consequences. This session dives into:

• Core Principles of GRC in Information Security: Understand how GRC frameworks support the protection of information systems and sensitive data while addressing third-party compliance requirements.
• Practical Implementation Strategies: Explore actionable approaches to integrate GRC processes into your information security program without creating unnecessary complexity or friction.
• The Financial Risks of Poor GRC: Learn how inadequate GRC practices can lead to regulatory fines, reputational damage, and wasted resources—and how strong GRC can protect your bottom line.
• Balancing Compliance and Security: Discover how to meet compliance obligations without compromising the agility and effectiveness of your security posture.

Whether you’re establishing a GRC program or seeking to optimize an existing framework, this session provides the insights and tools to align your governance, risk, and compliance efforts with your InfoSec priorities while safeguarding your organization’s financial health.

Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

Despite all the tools and technology, people remain the most unpredictable variable in security. Whether insider threats, awareness training, or culture-building, human behavior is central to your cyber strategy.

Please join us at the lounge in the Exhibitor Hall to connect with peers over coffee and snacks and discuss how organizations are tackling the people side of cybersecurity.

As AI becomes a cornerstone of innovation across industries, the importance of robust data security has never been more critical. This presentation will explore the essential role of data security in enabling the widespread adoption of AI technologies. Attendees will gain insights into how safeguarding sensitive data builds trust, ensures compliance, and mitigates risks in AI systems. We’ll discuss real-world challenges that encompass data breaches, privacy concerns, and ethical considerations while highlighting strategies to secure data pipelines that promote trustworthy AI deployment.

Increase your knowledge of cyber resiliency by examining it through the lens of American football. This presentation delves into the surprising parallels between the sport and cybersecurity, discussing themes such as teamwork, strategic planning, and continuous improvement. Discover how football’s principles can inform and enhance your organization’s cybersecurity posture, and learn how to “win the game” against cyber threats.

Today’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

The days of reacting to alerts are over. From continuous monitoring to threat hunting, organizations are shifting to proactive security models that anticipate and prevent incidents before they happen.

Please join us at the lounge in the Exhibitor Hall to connect with peers over coffee and snacks and explore how to make proactive security a reality in your environment.

Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.

We cover the following topics:

• The state of SMB cybersecurity in the U.S.
• The cost and impact of cyber breaches on SMBs
• The main cyber threats and vulnerabilities that SMBs face
• The best practices and frameworks for SMB cybersecurity
• The steps to build or improve your cybersecurity program

Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

The cybersecurity workforce shortage is real—and growing. From finding skilled talent to reducing burnout and investing in upskilling, leaders are rethinking how to build resilient teams for the future.

Please join us at the lounge in the Exhibitor Hall to connect with peers over coffee and snacks and exchange ideas for navigating one of the industry’s most significant ongoing challenges.

This panel discussion confronts the challenge of building InfoSec teams with the skills to manage stress under pressure. Cybersecurity executive leaders explore how to create team cultures, practices, and processes for proactively building mental well-being instead of addressing mental health from a reactive position. Much like building a security program, the group looks at the role mindfulness can play in helping defenders increase job satisfaction, improve focus, and lower the risk of burnout. Attendees can expect to gain actionable insights and practical steps that can be implemented within their organizations to cultivate this type of resilience.

In the realm of enterprise security, every organization faces a classic tale as old as time: the eternal battle between defenders and digital dragons. Just as fairy tale heroes relied on preparation, vigilance, and the right tools to protect their kingdoms, today’s cybersecurity professionals must deploy proactive measures to safeguard their digital domains.

This panel session explores how preventative measures serve as the ultimate “happily ever after” for enterprise security. Our expert panel guides attendees through the enchanted forest of modern threats, revealing how proactive security architecture can transform organizations from vulnerable victims to empowered heroes.

Panelists share real-world case studies, proactive security solutions, and how organizations can write their own security success stories.

This is your final chance to visit the Exhibitor Hall and get scanned by our participating partners for our Dash for Prizes. You can also turn in your Passport cards at the Registration Desk before we announce our winner!

Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Come join your fellow attendees for an exciting conclusion to the conference with a complimentary Happy Hour prior to a one-of-a-kind event.

The Cyber Pitch Battle Royale reimagines how cybersecurity vendors and senior leaders connect. Brought to life by the hosts of the award-winning cybersecurity podcast, Bare Knuckles and Brass Tacks, this event combines their raw energy with the fun of a comedy roast. The result is an electric atmosphere where vendors brave the stage for five minutes before a crowd that’s encouraged to cheer innovation and jeer jargon. With a panel of five CISO judges and an audience of decision-makers from Canada’s leading organizations, contestants will compete for the Battle of Toronto Champion Belt in a format that strips away traditional corporate pretense. This breakthrough event promises to transform industry networking through authenticity, humor, and high-energy engagement. As one CISO put it, “I didn’t know what to expect, but it blew my expectations. I’d wanna do this again and again!”