SecureWorld Houston 2025

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?

• Why is the framework is valuable?

• What type of organizations can use the framework?
  

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

In an era of tightening budgets and expanding threats, how do CISOs ensure their security programs are neither overbuilt nor under-resourced? This closed-door roundtable brings together security leaders to share how they’ve approached “rightsizing” their InfoSec programs—aligning risk tolerance, business objectives, and available resources. From rationalizing tools and staffing to communicating trade-offs to the board, join your peers for a candid conversation on doing more with what you’ve got—while keeping security outcomes front and center.

Participating professional associations and details to be announced.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Threat actors constantly collaborate, share tactics, and leverage intelligence to exploit vulnerabilities. Shouldn’t we be doing the same? This session will explore the critical role of threat intelligence in fostering collaboration among organizations—especially in the Greater Houston area and energy sectors. By sharing best practices, real-world strategies, and compliance considerations, we can strengthen our collective defenses and stay ahead of emerging threats. Join us to discuss how security professionals can work together to protect their organizations, industry, and community.

As cybersecurity continues to evolve, so does the need for professionals who can seamlessly connect security initiatives with business objectives. Enter the Business Information Security Officer (BISO)—a critical yet often misunderstood role.

In this engaging panel discussion, regional BISOs will share insights into their responsibilities, challenges, and the strategic impact they have within their organizations. Whether you’re a technical professional looking to advance your career or an executive seeking to understand the business side of cybersecurity, this session will help demystify the BISO role and its importance in today’s security landscape.

Attendees will gain:

• A clear understanding of what a BISO does and how they differ from CISOs and other security leaders
• Insights into how technical professionals can develop the business acumen necessary to transition into leadership roles
• Practical strategies for bridging the gap between security and business priorities

Join us to explore the intersection of business and security—and how mastering both can accelerate your career.

Despite businesses investing more in security than ever, cyber attackers continue to outsmart defenses—just like the cunning villains of classic tales. So, where is it all going wrong? In this session, we’ll reveal why attackers are thriving and why traditional security strategies just aren’t strong enough to keep modern threats out.

Through real-world case studies, we’ll explore how attackers wield AI and automation like magic, breaking into systems faster than ever before. You’ll discover how your team can overcome resource constraints by implementing practical, cost-effective strategies—no enchanted swords or armies required. By the end of the session, you’ll leave with the confidence and tools needed to ensure your business lives happily ever after in cybersecurity.

Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

In the era of rapid technological change, the intersection of artificial intelligence (AI) and cybersecurity presents both tremendous opportunities and complex challenges. This presentation will explore how AI is transforming security awareness programs and shaping security culture within organizations. Attendees will learn how to leverage AI to build a more resilient and proactive security culture that empowers individuals to become active participants in the fight against cyber threats. We’ll discuss the importance of human behavior in security, practical tools for implementing AI-driven training, and how to create a dynamic culture where employees continuously adapt to emerging threats.

In today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.

Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:

• Establishing trust in the supply chain
• Collaborative approaches to secure software development
• The role of transparency in building and maintaining trust
• Balancing intellectual property concerns with security needs
• Leveraging partnerships for more effective incident response
• Case studies of successful security-focused partnerships

You’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.

Today’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.

We cover the following topics:

• The state of SMB cybersecurity in the U.S.
• The cost and impact of cyber breaches on SMBs
• The main cyber threats and vulnerabilities that SMBs face
• The best practices and frameworks for SMB cybersecurity
• The steps to build or improve your cybersecurity program

Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

Attackers try to exploit our technologies, processes, and people to breach our systems and steal data. We educate our technology teams, train elevated access teams in secure processes, and keep users informed on emerging threats. That’s easier said than done. Most security teams do not include professional educators or communication specialists. We tend to sprinkle bits of information, or we push everything to everyone all at once leaving it to the user to decide what to view. 

How do we know when we’ve said enough? Is it possible to share too much? (Psst, yes, it is.) Experts recommend using stories, but what makes a good story and what’s the best way to deliver it so the message sticks? How do we balance customization with available resources? Attendees will learn a new framework to create and structure content for each of your audiences so security awareness and training will have the greatest impact with the least amount of security team time. This framework will ensure all areas you need to educate are covered and the right amount of information is shared.

This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

In 2024, Schellman became one of the first accredited certification bodies for ISO 42001, providing invaluable insights into AI governance. Our experience revealed that ISO 42001 equips organizations with a robust framework to navigate the complex landscape of AI regulation. By establishing clear guidelines for ethical AI practices, organizations can enhance transparency, accountability, and compliance. This standard not only helps mitigate risks associated with AI deployment but also fosters trust among stakeholders. We believe that ISO 42001 is essential for organizations striving to balance innovation with regulatory demands, ultimately paving the way for responsible AI adoption in diverse sectors.

Session description to come.

Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.

In today’s dynamic cyber risk landscape, risk managers must stay informed and adapt their strategies accordingly. Recent global cyber events have had a profound impact on critical functions across multiple sectors, underscoring the gravity of cyber events. Risk managers also face complexities from trends like reliance on third parties and evolving data protection laws.

To successfully navigate these challenges, risk managers are tasked with learning from significant cyber events, implementing best practices for managing third-party cyber risk, and staying updated on privacy regulations. This session assists risk managers in effectively mitigating cyber risks and safeguarding their organizations by discussing strategies for managing third-party cyber risk and providing updates on privacy regulations.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.