SecureWorld Denver 2025

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Also, look for “Cyber Connect” discussions on select topics and join the conversation.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

This session offers a rare, firsthand account of how fraud happens from the inside out—how small rationalizations escalate into financial crimes and how internal controls fail to stop them.

In “How I Got Caught,” Craig Stanland takes audiences beyond case studies and into the decision-making process behind an $800,000 fraud against a Fortune 500 company.

We’ll examine the red flags his company missed, the internal controls he exploited, and the warning signs that could have stopped him sooner.

We’ll also break down the investigative process, including the three key methods the victim and the FBI used to build their case. And we’ll explore how AI and emerging technology could have detected the fraud much earlier.

This dynamic and interactive session provides internal auditors with actionable insights into strengthening internal controls, recognizing behavioral warning signs, and enhancing fraud detection—helping organizations prevent financial damage before it happens.

Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

Attend this session and learn how. From Senior 20+ career leaders to newbies on the job, everyone should have a personal growth and prosperity plan. Newbies don’t know what they don’t know. Senior leaders and career professionals rightfully earned their initial success, but often end up plateauing or coasting. Further, it’s a tragedy of leadership that companies, teams and leaders are not intentionally mentoring them in the principles of personal growth and prosperity. Imagine the positive purpose, diligence and synergy that will radiate from a team where each member is energized in life with a personal growth plan. A growth plan designed to bring them into alignment with their vision of their own personal prosperity!! What’s your potential as a leader and/or team member where personal growth plans are part of the culture? One word – limitless!

Whether you’re the CEO, the CEOs right hand man/woman, a senior or mid-level leader, just starting out, or a few years into your career – reignite your passion to relentlessly plan, achieve and live the prosperity you envision for yourself.

In this session participants will :

• Be taught the personal growth and prosperity plan model that studies show can achieve 95% success rate
• Learn the one concept and technique that creates not just a diverse capable team, but an inspired, purpose and relationship-driven tribe
• Actively participate in a 30 second hands on exercise that will “leader-shift” everyone in the room to a new perspective on the irreplaceable value of personal growth plans
• Learn a simple 3-step goal setting technique they can use in their personal growth plan or energize their teams
• Walk away with practical growth plan materials they can use later at home or at work to achieve the next level of personal or professional success in any area of life
• Leave the session with THE SEED that can change the trajectory of their life and those they lead.

Real, practical, everyday actionable information every leader needs to know and do. In this session, many leaders who just forgot their purpose will be reignited with a small but timely “reminder spark.”

As digital transformation accelerates, the traditional boundaries between infrastructure and security are fading. Today’s security professionals are responsible for safeguarding the enterprise while enabling agility, innovation, and operational resilience. This thought leadership session reframes security as a strategic enabler—anchored in the core principles of prevention, detection, and recovery.

We’ll explore how the convergence of infrastructure and security is creating new opportunities for alignment, efficiency, and visibility—helping technology leaders break down silos and respond to threats with greater speed and precision.

Equally important is the shift toward security as a managed service. With escalating compliance complexity, rapid technology cycles, and increasing resource constraints, security professionals must evaluate new delivery models that can scale with their organization’s needs.

Attendees will walk away with a clear picture of what a modern security program looks like: integrated, cloud-ready, agile, and built to adapt. Through strategic insights and practical takeaways, this session will empower technology leaders to build resilient programs that protect the business while driving it forward.

Artificial intelligence rapidly redefines how we defend our networks—and how attackers target them. From threat detection to deepfakes, explore the double-edged nature of AI in cybersecurity and how it’s impacting your daily work.

Please join us in the Networking Hall to connect with peers over coffee and snacks and share real-world experiences, strategies, and concerns around AI’s growing role in security.

Cyber attackers are nothing if not innovative. Exploits, attack vectors, and players seemingly change on a daily basis, keeping the rest of us on our toes to ‘expect the unexpected’. But this is no longer just an issue of protecting organizations from the theft of IP, commercial trade secrets, or from devastating DDOS, ransomware, and other cyber extortion attacks. Today, cyber-attacks are quickly becoming an existential threat for survival for many organizations, especially critical national infrastructure industries being pushed to the edge of financial viability. The United States has seen hospitals close-up business following a cyberattack, while the impact of a power outage to a large urban population would quickly result in a public health crisis and mass casualty event.

Organized crime and pariah national military and intelligence units are combining attack tools and sharing intelligence in-order-to take-down or weaken American institutions. This includes federal and state governments, education, healthcare, water, energy, and other critical national infrastructure industries which have come under increasing attack.

The United States however is not the sole recipient of these attacks. Other NATO members have also been targeted. The timing of some of these apparent ‘cybercrime attacks’ cannot be overlooked. A Lockbit ransomware attack against the UK Royal Mail in 2023 followed directly on the heels of the UK providing new weapon systems to Ukraine for it to defend itself from Russian attacks on the battlefield.

Some critical infrastructure attacks appear to be dry runs in case of future escalation, others, as in China’s case, have focused upon cyber espionage with its attacks against the Office of Personnel Management, Anthem Health, and Singapore Health to exact leverage in trade negotiations or to identify and erase undercover assets. Russia when its not shooting itself in the foot with poorly thought through attacks like NotPetya, has tended to focus more recently on disruption, misinformation, and disinformation campaigns, designed to create confusion and stroke existing divisions.

The Colonial Pipeline ransomware attack panicked American consumers and created political stress for the government, while Russian interference in the 2016 election was designed to create confusion and inflame existing discontent, thus distracting governments by creating domestic social and political turmoil. The adaptation of 1950’s and 1960s’s KGB tactics to take advantage of the omnipresent use today of technology, and in particular social media, has changed the playing field. As a consequence, Russia and China have both invested heavily in troll farms, fake social media personas, and uber amplification of false narratives using AI bot networks in order to divide and weaken western capabilities. Today, they each direct millions of dollars per week at troll farms in a hybrid war against the west.

As cyber defenders, we need to take a step back to see the big picture and understand the context in which individual cyberattacks take place today. That in turn, will help us to better design defensive strategies and tactics to thwart future attacks.

Sensitive data movement poses risks, but outright restriction can hinder operations. Organizations need agile security frameworks to protect data in the AI and quantum era. This session explores modern security platforms that enable secure data flow and prepare for post-quantum encryption (PQE).

Join this session to learn:

• Choosing secure access methods for diverse use cases
• Adapting security to risk, user behavior, and AI interactions
• Preparing for post-quantum encryption’s enterprise impact

Today’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.

Session details to come.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Following lunch, join us in the Networking Lounge for coffee, conversation, and connections. Members of the SecureWorld Advisory Council will be walking the floor, giving you the chance to meet and engage directly with local cybersecurity leaders. This is a unique opportunity to expand your network, exchange ideas, and build relationships with experts who are helping shape the regional security community.

In 2024, Schellman became one of the first accredited certification bodies for ISO 42001, providing invaluable insights into AI governance. Our experience revealed that ISO 42001 equips organizations with a robust framework to navigate the complex landscape of AI regulation. By establishing clear guidelines for ethical AI practices, organizations can enhance transparency, accountability, and compliance. This standard not only helps mitigate risks associated with AI deployment but also fosters trust among stakeholders. We believe that ISO 42001 is essential for organizations striving to balance innovation with regulatory demands, ultimately paving the way for responsible AI adoption in diverse sectors.

This presentation treats deepfakes as a dual problem: first, scalable social-engineering for fraud and extortion, second, evidentiary trust and admissibility.

We outline an operational triage for scams and a forensic pipeline for courtroom authentication. On the technical side, we interrogate video at three layers: container metadata, codec bitstream, and sensor. For HEVC (H.265) we examine GOP layout and I/P/B distributions in contrast to AI Generated Images.

AI-generated sequences are profiled for temporal inconsistencies, mouth-eye desynchrony, lighting and specular drift, unstable motion-vector fields relative to content, and atypical of camera originals. The goal is for a playbook for rapid scam mitigation and a repeatable, tool-logged, frame-by-frame method to either authenticate legitimate HEVC captures or challenge AI-assisted fabrications in court.

We also cover tools and methodology used in deepfakes.

In the realm of enterprise security, every organization faces a classic tale as old as time: the eternal battle between defenders and digital dragons. Just as fairy tale heroes relied on preparation, vigilance, and the right tools to protect their kingdoms, today’s cybersecurity professionals must deploy proactive measures to safeguard their digital domains.

This panel session explores how preventative measures serve as the ultimate “happily ever after” for enterprise security. Our expert panel guides attendees through the enchanted forest of modern threats, revealing how proactive security architecture can transform organizations from vulnerable victims to empowered heroes.

Panelists share real-world case studies, proactive security solutions, and how organizations can write their own security success stories.

Head to the Networking Lounge to connect with peers and sponsors. This open-ended discussion theme invites you to share what’s top of mind in your role—whether it’s emerging threats, resource challenges, or the next big project on your plate. Compare perspectives, swap strategies, and see how others in the community are tackling the same late-night concerns.

Session details to come.

In today’s remote-first world, ensuring that the people doing the work are actually who they claim to be has become a critical challenge. From North Korean agents posing as freelance developers to employees collecting full-time paychecks from three different companies, the risks are as real as they are hard to detect.

This session will offer practical strategies for managing this complex problem. The solution requires close collaboration between Executives, Human Resources, Security, Compliance, and Supervisors. How do you create a program that balances the competing priorities of security and teamwork? How do you regularly validate workers while not giving the impression that “big brother is watching you”?

Leave with new insights, sharper instincts, and a fresh perspective on modern workforce protection.

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

This is your final chance to visit the Networking Hall and get scanned by our participating partners for our Dash for Prizes. You can also turn in your Passport cards at the Registration Desk before we announce our winner!

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Scan your badge at the Registration Desk to receive your CPE Certificate after Dash for Prizes.