SecureWorld Kansas City 2025

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?

• Why is the framework is valuable?

• What type of organizations can use the framework?
  

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

You’ve landed the coveted Chief Information Security Officer (CISO) role—now what? The cornerstone of every CISO’s success is crafting a security strategy that aligns with their organization’s unique needs. But where do you begin?

Join seasoned CISOs Yaron Levi, Neil Watkins & Elizabeth Souder in an intensive, hands-on workshop designed to equip you with the tools and frameworks to build a cybersecurity strategy that works for your organization.

In this interactive session, you will:

• Define your organization’s risk appetite.
• Identify the controls and capabilities needed for robust cybersecurity.
• Develop a purpose-driven strategy with clear principles and priorities.

By the end of the day, you will have created an actionable cybersecurity strategy tailored to your organization. You will also present your strategy for expert feedback and collaborate with peers to refine your approach.

This workshop is designed for acting CISOs or experienced security practitioners who aspire to lead at the highest level.

Agenda:

• 9:00–10:00 AM: Strategy Fundamentals—Insights from the Experts
• 10:00–12:00 PM: Group Work—Building Your Strategy
• 12:00–1:00 PM: Lunch
• 1:00-3:00 PM: Strategy Presentations, Feedback, and Winner Announcement

Seats are limited—Reserve your spot now!
With only 20 participants (5 groups of 4), this workshop offers personalized attention and invaluable insights from experts. Don’t miss this opportunity to accelerate your career and strengthen your organization’s security posture.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Once upon a time, in a sprawling kingdom of Operational Technology (OT), a sinister threat loomed over its most vital domains. Cyber sorcerers, wielding the dark arts of ransomware spells, crept through the hidden passageways between IT and OT networks, seeking to ensnare control systems and disrupt critical infrastructure.  The kingdom’s industrial fortresses, from energy grids to water treatment plants, faced relentless attacks. As these malevolent forces exploited vulnerabilities, defenders struggled to maintain their strongholds, uncovering the grim reality that IT-based security alone was insufficient to protect OT assets.

But fear not! A council of cybersecurity warriors and strategists has assembled, determined to break the ransomware curse and fortify the realm against future assaults. In this session, attendees whether battle-hardened OT defenders or strategic analysts will embark on an epic quest to:

🏰 DELIVERABLES – Your Cyber Quest Begins!

🔎 The Enchanted Risk Assessment Challenge – Step into the role of castle defenders as you uncover hidden vulnerabilities in a simulated OT environment.

📜 The Cyber Spellbook: Security Framework Checklist– A practical guide and framework filled with protective enchantments for organizations to strengthen their OT defenses and guard their kingdom’s most valuable assets.

⚔️ The Council of Guardians: Strategy Development & Group Discussion – Gather with fellow knights, sorcerers, and castle keepers to collaborate on battle tactics and exchange wisdom.

🛡️ Decode the interwoven fate of IT & OT– Understand the architectural weaknesses that cyber adversaries manipulate to infiltrate OT environments.

🔥 Examine emerging ransomware trends – Dive into the tactics, techniques, and procedures (TTPs) attackers use to evade detection and maximize their impact.

This cybersecurity fairytale is not merely about protecting a mythical castle, it’s about securing the foundations of modern civilization from increasingly sophisticated ransomware threats. Prepare to step into the battle for OT security, your fate as a cyber warrior awaits!

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

We need your help. Security experts with the Cybersecurity and Infrastructure Security Agency (CISA) are working to secure our nation’s cybersecurity, but we can’t do it alone. We need YOU to help us educate others, and we need everyone to take steps to help make themselves more secure online. That’s the purpose of the Secure Our World program. Secure Our World provides no-cost ways for individuals, businesses, and organizations to take the steps needed to reduce our collective cyber risk. Together we can secure America and secure our world.

As AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.

Our presenter(s) will delve into:

• The current state of AI adoption across various industries and its impact on cybersecurity
• Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
• Designing governance frameworks that ensure responsible AI use while fostering innovation
• Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
• Regulatory landscape and compliance requirements for AI implementation
• Best practices for data management and protection in AI-driven environments
• Ethical considerations in AI development and deployment
• Strategies for building AI literacy within organizations
• Future trends and preparing for the evolving AI landscape

Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.

As digital transformation accelerates, the traditional boundaries between infrastructure and security are fading. Today’s security professionals are responsible for safeguarding the enterprise while enabling agility, innovation, and operational resilience. This thought leadership session reframes security as a strategic enabler—anchored in the core principles of prevention, detection, and recovery.

We’ll explore how the convergence of infrastructure and security is creating new opportunities for alignment, efficiency, and visibility—helping technology leaders break down silos and respond to threats with greater speed and precision.

Equally important is the shift toward security as a managed service. With escalating compliance complexity, rapid technology cycles, and increasing resource constraints, security professionals must evaluate new delivery models that can scale with their organization’s needs.

Attendees will walk away with a clear picture of what a modern security program looks like: integrated, cloud-ready, agile, and built to adapt. Through strategic insights and practical takeaways, this session will empower technology leaders to build resilient programs that protect the business while driving it forward.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

This session discusses specific ways that many of these new tools that are used to power your organization’s AI-powered chatbots can easily lead to data leakage or reputational brand damage. We will also give a demonstration of exploiting a running chatbot and follow up with mitigation tactics, techniques, and patterns that you can apply.

Key take-away: Attendees will walk away with actionable steps that can be taken to help mitigate these attacks.

Presentation Level: TECHNICAL (deeper dive including TTPs)

In today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.

Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:

• Establishing trust in the supply chain
• Collaborative approaches to secure software development
• The role of transparency in building and maintaining trust
• Balancing intellectual property concerns with security needs
• Leveraging partnerships for more effective incident response
• Case studies of successful security-focused partnerships

Today’s professionals face challenges reminiscent of classic fairy tales: shadowy villains, unexpected allies, and battles for safety and survival. This panel will delve into the current threat landscape, from ransomware dragons to insider trolls. It will offer insights into the strategies and tools organizations need to craft their own happily ever after in cybersecurity.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Each generation brings unique strengths, perspectives, and challenges. Leading a diverse, multigenerational team requires more than just understanding technology—it requires understanding people. The strategies that resonate with seasoned professionals likely differ from those that inspire the youngest members of your team.

When you also consider the impact of technology and the pace of change brought about by that technology, interesting trends and patterns emerge. As leaders better understand those trends and patterns, they lead their teams to be much higher performing. The ultimate result is happier, more productive employees, higher retention and better recruiting possibilities.

In this session, we’ll explore why leadership is the foundation of every successful cybersecurity initiative. We’ll also dive into the nuances of leading across generations, offering proven tactics to effectively manage, motivate, and unify your team. Discover how to harness the potential of every team.

Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.

We cover the following topics:

• The state of SMB cybersecurity in the U.S.
• The cost and impact of cyber breaches on SMBs
• The main cyber threats and vulnerabilities that SMBs face
• The best practices and frameworks for SMB cybersecurity
• The steps to build or improve your cybersecurity program

Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Even if you don’t have a best practice cybersecurity framework in place, you must have a best practice security incident response plan in place. The plan sets the tone at the top, it highlight framework gaps, and it utilizes tools such as training and table top exercises to help focus on priorities. It is whistleblowing without blowing the whistle.

A best practice cybersecurity incident response plan must be founded in recognized and accepted industry standards. Standards such as the U.S. National Institute of Standards and Technologies (NIST) 800–61R3 for incident response and the NIST 800–53 for cybersecurity best practice controls must be referenced. These two key NIST documents highlight the critical components required to build an institution’s best cybersecurity framework.

In the timeless legend of King Arthur, the Sword in the Stone was more than just a mystical object—it symbolized destiny, potential, and the rightful passage of leadership. Just as Arthur was chosen for his unique qualities, today’s cybersecurity landscape demands an approach that identifies and nurtures emerging talent, ensuring that the next generation of cyber guardians is ready to lead with resilience and innovation.

This title parallels the magical act of drawing the sword and the strategic process of workforce talent pipeline development and training in cybersecurity. It emphasizes the following key ideas:

• Identifying the Right Talent
• Accelerated Skill Development
• Diverse Cyber Roles and Specializations
• Nurturing Emerging Leaders
• Ensuring Continuity and Resilience
• Empowering Through Transformation

“The Sword in the Stone of Succession Planning in Cyber” encapsulates the magic and imperative of strategic talent development across the full spectrum of cybersecurity roles. It serves as a call to action for organizations to invest in their most valuable asset—their people—ensuring that they are equipped, empowered, and ready to defend the digital realm now and in the future.

In this engaging fireside chat, we bring together a diverse group of women from across the cybersecurity industry to share their experiences and insights. The panel will feature three early-career women and three seasoned professionals, offering a unique blend of perspectives on navigating a career in cybersecurity, STEM, and IT.

From overcoming challenges and breaking into the industry to advancing to leadership roles, the conversation will explore the key milestones and pivotal moments in each stage of a cybersecurity career. Whether you’re just starting out or looking to level up, this session provides invaluable advice for women at every stage of their journey in the fast-paced and dynamic world of cybersecurity.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Join your peers for conversation and complimentary beverages. This is a great opportunity to network with other security professionals from the area and discuss the hot topics from the day.