Open Sessions
Conference Pass
SecureWorld Plus
VIP / Exclusive
- Wednesday, November 5, 20257:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 1vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
7:30 am - 9:00 amThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
7:30 am[PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 1Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
7:30 am - 9:00 amAI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.
Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data CardsLesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College8:00 amNetworking Hall openRegistration Level:Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
Also, look for “Cyber Connect” discussions on select topics and join the conversation.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Registration Level:VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:00 amDeveloping Strategies and Governance Policies Around AIRegistration Level:Open Sessions
8:00 am - 8:45 amAs AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.
Our presenter(s) will delve into:
- The current state of AI adoption across various industries and its impact on cybersecurity
- Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
- Designing governance frameworks that ensure responsible AI use while fostering innovation
- Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
- Regulatory landscape and compliance requirements for AI implementation
- Best practices for data management and protection in AI-driven environments
- Ethical considerations in AI development and deployment
- Strategies for building AI literacy within organizations
- Future trends and preparing for the evolving AI landscape
Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.
8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:45 amNetworking BreakRegistration Level:Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] Securing the Emerald City and Beyond: Lessons in Leadership from Top CISOsCISO, Sound TransitSVP & CISO, NordstromCISO, PACCARExecutive Director, National Cybersecurity AllianceRegistration Level:Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterThe role of the CISO continues to evolve as cybersecurity leaders work to shape business resilience and protect critical assets. In this keynote panel, top CISOs from Seattle and beyond come together to share their hard-earned insights, leadership strategies, and lessons learned from defending some of the largest and most influential organizations.This engaging discussion explores topics such as navigating boardroom conversations, driving a culture of security across the enterprise, and adapting to emerging threats while enabling business growth. Designed for cybersecurity executives and their teams, this panel provides actionable advice, strategic takeaways, and inspiration to kick off the 24th edition of SecureWorld Seattle—SecureWorld’s first-ever conference.9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:10 amLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
10:10 am[Panel] Building Cyber Resilience in Washington StateInfrastructure & Industry Section Lead, Washington Military Department's Emergency Management DivisionChief of Special Operations Division, King County Sheriff's OfficeSr. Information Security & Compliance Engineer, Costco WholesaleRegistration Level:Conference Pass
10:10 am - 10:45 amExplore how Washington State is integrating cybersecurity into its comprehensive emergency management framework. This session provides a brief overview of emergency management principles before delving into the state’s current cybersecurity posture.
Learn about the Washington State Emergency Management Division’s proactive initiatives, including the formation of the Cybersecurity Advisory Council and the Cybersecurity Incident Response Team, dedicated to enhancing local jurisdiction resilience. Discover how an emergency management lens is applied to cyber incident response planning, how the state provides critical support for training and strategic plan development, and how your organization can partner with EMD to enhance the cyber safeguards of Washingtonians.
10:10 amThe Cyber Bridge: From Castle Tower to Village SquareAssistant Director, Information Security, Port of SeattleRegistration Level:Conference Pass
10:10 am - 10:45 amIn this session, let’s reframe the challenge of enterprise cybersecurity through the classic Rapunzel narrative. The C-suite and boardroom often function as a “castle tower,” offering a strategic, high-level view but far removed from the day-to-day realities of the “village square,” where employees on the front lines encounter daily cyber threats.
Without a strong bridge, critical intelligence fails to flow between leadership and the frontline, leading to delayed threat recognition and slow incident response. This talk explores how to build that essential “cyber bridge,” translating executive strategy into actionable guidance for all employees and leveraging frontline observations to inform leadership decisions. The session provides practical strategies for fostering a shared security culture, where every individual—from the boardroom to the break room—is empowered to be part of a proactive defense.
10:10 amUnmasking Deception: Harnessing Data Analytics for Robust Fraud Detection and PreventionRegistration Level:Open Sessions
10:10 am - 10:45 amThe anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.
10:10 amHarnessing Data Analytics for Robust Fraud Detection and PreventionRegistration Level:Open Sessions
10:10 am - 10:45 amSession description to come.
10:45 amNetworking BreakRegistration Level:Open Sessions
10:45 am - 11:10 amLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amPost-Quantum Cryptography Overview: What You Should Do NOW!Cyber Resiliency, T-MobileRegistration Level:Conference Pass
11:10 am - 11:45 amQuantum Computing has the potential to render traditional cryptographic systems breakable within the next decade. There are now standards and viable implementations of quantum-resistant cryptographic protocols. That is the first step. The next step is how to assess your organization’s risk and begin the transition to Post-Quantum Cryptography (PQC). You will walk away knowing you need to have and maintain a cryptographic protocol inventory; you need to transition to quantum-resistant cryptography starting with your highest risk data and platforms; and you need to transition in a way that doesn’t interrupt the business.
11:10 amLeadership in Security: Tools and Techniques to Gain Alignment and Drive ResultsBISO, SalesforceRegistration Level:Conference Pass
11:10 am - 11:45 amSecurity leaders face a choice: chase the illusion of perfect security, or take a pragmatic approach that aligns with business objectives, adapts to change, and drives measurable value.In this session, you’ll learn how to blend strategic thinking with pragmatic security to protect what matters most without slowing innovation.Through real-world stories, leadership frameworks, and interactive exercises, we’ll explore:- Who YOU are as a security leader and how that builds trust with the business (Leadership Pyramid)
- The difference between strategic and tactical thinking—and why most security failures start here.
- How scenario planning and systems thinking keeps your program agile without overspending on edge cases.
- Applying SWOT analysis to uncover opportunities inside threats.
- Using cost–benefit and risk analysis to make faster, smarter investment calls.
- Embedding risk management into daily leadership habits.
If you lead security—or influence it—you’ll walk away with tools to transform your security function into a strategic enabler that earns trust, accelerates growth, and keeps pace with the business.11:10 amFrom Reactive to Proactive: The Rise of Supply Chain Detection and ResponseDirector, Global Cyber Risk Solutions Delivery, SecurityScorecardRegistration Level:Open Sessions
11:10 am - 11:45 amThe fastest-growing cyber threat isn’t in your network—it’s hidden in the vendors, partners, and platforms you rely on every day. With third-party breaches driving the majority of major incidents, traditional approaches to third-party risk management (TPRM) are no longer enough.
This session introduces Supply Chain Detection and Response (SCDR), an emerging operational model for continuously monitoring, detecting, and responding to supply chain cyber threats. Unlike point-in-time assessments, SCDR unifies risk and security operations to deliver real-time intelligence, coordinated incident response, and measurable remediation across an organization’s entire vendor ecosystem.
Drawing from recent breach data, anonymized case studies, and lessons from large-scale supply chain security programs, we will cover:
-
Why supply chain attacks are outpacing traditional defenses
-
Key elements of the SCDR model any organization can adopt
-
Examples of real-world breaches and how SCDR practices could have contained them
-
Steps security leaders can take today to operationalize supply chain defense in their own environment
Whether you manage vendor risk, lead a SOC, or set governance and compliance strategy, you’ll leave with actionable steps to shift from reactive assessments to proactive supply chain defense—no matter what tools or platforms you use.
11:10 am[Panel] Unveiling the Hidden Threat Landscape and Unmasking Digital VillainsPrincipal Solutions Architect (Cloud Security SME), BitdefenderFounder & President, AgeLight Advisory & Research GroupRegistration Level:Open Sessions
11:10 am - 11:45 amIn the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.
Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.
Our panel provides a comprehensive overview of the current threat landscape.
12:00 pm[Lunch Keynote] Ask a CISO: Challenges, Lessons, and the Future of CybersecurityDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.VP, Chief Information Security & Infrastructure Officer, The Greenbrier CompaniesCISO, Snohomish County, WashingtonCISO, AAA WashingtonRegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterEver wondered what keeps CISOs up at night? In this interactive panel session to put a bow on the conference day, seasoned CISOs share their unfiltered perspectives on the evolving cybersecurity landscape. From navigating boardroom conversations and managing security incidents to balancing business needs with risk management, they’ll discuss the realities of the role, lessons learned from the front lines, and how they see security evolving in the years ahead.Expect candid insights on topics such as:-
The toughest decisions CISOs face daily
-
Emerging threats and how security leaders are preparing
-
The future of security operations, compliance, and resilience
-
Strategies for bridging the gap between security teams and executive leadership
-
Advice for aspiring security leaders and practitioners
This is your chance to ask burning questions, gain strategic insights, and walk away with a deeper understanding of what it really means to be a CISO in today’s high-stakes environment.12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite only)Sponsored by CohesityRegistration Level:VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
Sponsored by:
12:45 pmNetworking Break & Cyber ConnectBridging the Gap: The Role of the BISO in Modern Cybersecurity – Join this bonus session in the Networking HallDirector, Advisory, KPMG; Leadership Board, WiCyS BISO AffiliateRegistration Level:Open Sessions
12:45 pm - 1:10 pmLocation / Room: Exhibitor HallAs cybersecurity continues to evolve, so does the need for professionals who can seamlessly connect security initiatives with business objectives. Enter the Business Information Security Officer (BISO), a critical yet often misunderstood role. Come join this informal discussion for BISOs, would-be BISOs, and those who want to learn more about the role. Hear what a BISO does, how technical professionals can develop the necessary business acumen to become leaders, and practical strategies for bridging the gap between security and business priorities.
1:10 pmAssumption of Risk or the Risks of Assumption? Examining the Impact of Thoughtful CommunicationVP, Cyber Services, AmTrust Financial ServicesRegistration Level:Conference Pass
1:10 pm - 1:45 pmSecurity is a growth strategy, but are we delivering that message effectively? Risk assumption is the mainstay of the security professional, but let’s look at assumption through a different lens. What beliefs do you presume about other initiatives, teams, leaders in your organization? How might these be stymying your effectiveness or decelerating growth and innovation?This presentation explores what words and actions purport and examines how accurate (or inaccurate) our hasty conclusions about others can be. Participants will learn how abandoning assumptions in favor of objective alignment can multiply security program impact and efficacy, accelerating innovation and business growth.1:10 pmPhishing in the Age of AI: New Threats and How to Fight BackCo-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLCCo-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLPRegistration Level:Conference Pass
1:10 pm - 1:45 pmAttackers are using generative AI to launch more effective phishing and ransomware attacks. We’ll explore the recent Unit 42 example where an AI-driven attack was completed in under 25 minutes. Podcasters Kip and Jake share practical defense strategies organizations can use to defend themselves. Join in on the discussion and ask questions. Kip and Jake will leave you longing for more… setting you up for their Day 2 live podcast onsite. Join the duo after the lunch keynote on Thursday from 12:45-1:10 p.m.; they’ll be adjacent to the networking lounge on the Exhibitor Hall floor.1:10 pm[Panel] Guardians of the Cyber Realm: Building Castles in the CloudRegistration Level:Open Sessions
1:10 pm - 1:45 pmAs organizations migrate to the cloud, securing these virtual kingdoms requires a blend of innovation and vigilance. This panel will explore the challenges of cloud security, from defending against breaches to managing access, and how organizations can build cloud “castles” that are both robust and adaptable in the face of evolving threats.
1:10 pmCracking the Insider Threat Code: Using AI and Forensic Watermarking to Stop Data TheftRegistration Level:Open Sessions
1:10 pm - 1:45 pmInsider threats – ranging from intentional data theft to accidental disclosures – are on the rise, and traditional security measures are insufficient to protect sensitive information. In this session, we delve into a breakthrough solution that combines the use of AI, steganography, and computer vision to deter data theft and trace unauthorized leaks.
We share real-world use cases offering ways to safeguard data regardless of the leak vector–whether through digital copies, photos of screens, or manually retyped into another computer–ensuring valued data assets are kept secure. Learn how to stop data theft before it happens and track unauthorized disclosures with precision. From AI-driven detection to uniquely personalized invisible watermarks, discover how data security is being redefined.
1:45 pmNetworking Break & Cyber ConnectLevel Up Your Cyber Game: Join this bonus session in the networking lounge of the Networking HallExecutive Director, National Cybersecurity AllianceDirector, Information Security & Engagement, National Cybersecurity AllianceRegistration Level:Open Sessions
1:45 pm - 2:10 pmLocation / Room: Exhibitor HallToday, good cyber skills are good life skills, and we’re here to put your mind through the motions! Join us in the networking lounge of the Exhibitor Hall during the post-lunch keynote break for a turbocharged gameshow and test your abilities! We will engage you with thrilling challenges and strategic quandaries. Come for essential info and practical techniques to safeguard your digital life after the stadium lights have dimmed. This user-focused trivia game demonstrates how utilizing quick wits, tricky quandaries and fast thinking can engage your user audience to move the needle on keeping their digital lives (and your organization’s network) safer.
Along with the 15 or so scored questions, the game show hosts will discuss topics raised in each of the questions. We will also answer audience questions and provide insight on key behaviors. We will utilize a trivia platform that allows the audience to play along and see their score compared to other players in the game.
2:10 pmThe AI Moral Code: Embedding Ethical Integrity into AI and Cybersecurity OperationsProfessor of Practice, Cybersecurity, Norwich UniversityRegistration Level:Conference Pass
2:10 pm - 2:45 pmAs artificial intelligence systems become embedded in every layer of cybersecurity—from threat detection to automated response—the AI Moral Code provides a principled framework for ensuring that these systems remain aligned with human values, legal standards, and operational trust.
The AI Moral Code is a structured ethics architecture that integrates five value domains—Core, Social, Cultural, Personal, and Futuristic—mapped to key enforcement layers in cybersecurity and AI governance. Built from a longitudinal analysis of 291 global AI ethics documents (2006–2025), the framework is designed to be interpretable, traceable, and adaptable across AI deployments and cybersecurity missions.
Key components include:
• NRBC Framework (Normative, Regulatory, Behavioral, Conceptual): Guides how values are embedded in design, monitored in operation, and enforced post-deployment.
• Canonical Values and Disvalues: Defines what ethical AI must do (e.g., fairness, transparency) and must avoid (e.g., manipulation, opacity).
• Ethical Drift Prevention: Integrates with MLOps and adversarial AI defense layers to catch value misalignment over time.
• Moral Simulation & Reflexive Learning: Enables agent-based models and AI-assisted cybersecurity teams to test ethical decision making in high-stakes scenarios.This Code is not theoretical—it’s operational. It aligns directly with NIST AI Risk Management, the NICE Framework, and Zero Trust design principles. It enables both technical and non-technical stakeholders to audit and govern AI systems at scale.
By embedding moral reasoning into the cybersecurity fabric, the AI Moral Code strengthens digital trust, supports mission assurance, and prepares cybersecurity leaders to responsibly deploy AI systems with confidence.
2:10 pmManaging AI Platform Risk: How Security and Engineering Partner to Deliver Trusted ModelsRegistration Level:Conference Pass
2:10 pm - 2:45 pmThis panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.
2:10 pm[Panel] Proactive Security: Building Digital Fortresses Against Modern DragonsRegistration Level:Open Sessions
2:10 pm - 2:45 pmIn the realm of enterprise security, every organization faces a classic tale as old as time: the eternal battle between defenders and digital dragons. Just as fairy tale heroes relied on preparation, vigilance, and the right tools to protect their kingdoms, today’s cybersecurity professionals must deploy proactive measures to safeguard their digital domains.
This panel session explores how preventative measures serve as the ultimate “happily ever after” for enterprise security. Our expert panel guides attendees through the enchanted forest of modern threats, revealing how proactive security architecture can transform organizations from vulnerable victims to empowered heroes.
Panelists share real-world case studies, proactive security solutions, and how organizations can write their own security success stories.
2:10 pmAI-Driven Cybersecurity: The Good, the Bad, and the UglyRegistration Level:Open Sessions
2:10 pm - 2:45 pmSession description to come.
2:45 pmNetworking BreakRegistration Level:Open Sessions
2:45 pm - 3:00 pmLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
3:00 pmCLOSING KEYNOTECEO & Co-Founder, EchoMarkRegistration Level:Open Sessions
3:00 pm - 3:45 pmLocation / Room: Keynote TheaterSession topic and details to come.
3:45 pmNetworking BreakRegistration Level:Open Sessions
3:45 pm - 4:00 pmVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
3:45 pm[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 2vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
3:45 pm[PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 2Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
3:45 pm - 5:15 pmAI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.
Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data CardsLesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College - Thursday, November 6, 20257:00 amRegistration openRegistration Level:
Open Sessions
7:00 am - 4:15 pmLocation / Room: Registration Desk / LobbyCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
7:30 am[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 3vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
7:30 am - 9:00 amThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
7:30 am[PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 3Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
7:30 am - 9:00 amAI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.
Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data CardsLesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College8:00 amNetworking Hall openRegistration Level:Open Sessions
8:00 am - 4:30 pmLocation / Room: Exhibitor HallYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
Also, look for “Cyber Connect” discussions on select topics and join the conversation.
8:00 amOh Behave! The Annual Report on Security Attitudes and BehaviorsExecutive Director, National Cybersecurity AllianceRegistration Level:Open Sessions
8:00 am - 8:45 amThe National Cybersecurity Alliance’s annual report is hot off the press! Are we making progress on influencing the public’s perception of cybersecurity and their behaviors with technology? Come hear what we learned from this year’s research and how you can apply it in your org, and with your friends and family.8:00 amAssociation Chapter MeetingsRegistration Level:Open Sessions
8:00 am - 8:45 amParticipating professional associations and details to be announced.
8:00 amAdvisory Council Roundtable Breakfast (VIP / Invite only)Registration Level:VIP / Exclusive
8:00 am - 8:45 amModerated discussion for SecureWorld Advisory Council members. By invite only.
8:45 amNetworking BreakRegistration Level:Open Sessions
8:45 am - 9:00 amLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
9:00 am[Opening Keynote] The Threat You Didn't Vote For: Why European CISOs Fear U.S. Surveillance More than China or RussiaVP & CISO, ADTRegistration Level:Open Sessions
9:00 am - 9:45 amLocation / Room: Keynote TheaterWhen cybersecurity professionals think about their top threat actors, nation-state adversaries like China or Russia often top the list. But ask the same question in Berlin or Paris, and you’ll get a very different—and surprising—answer. European cybersecurity audiences often cite lawful U.S. government access to data as their top concern—outranking even nation-state threat actors.In this provocative keynote, Tim Rains, global cybersecurity expert and author of Cybersecurity Threats, Malware Trends, and Strategies (2nd Ed.), explores the enduring fallout from the Snowden revelations, the implications of FISA Section 702, and the real-world risks of U.S. intelligence surveillance to multinational enterprises. Attendees will gain insight into what European CISOs know that Americans often overlook, and why risk models must include legal jurisdiction as a threat vector. With cloud and AI adoption surging, the time to understand this threat isn’t next year—it’s now.9:45 amNetworking BreakRegistration Level:Open Sessions
9:45 am - 10:10 amLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
10:10 am[Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application SecurityRegistration Level:Conference Pass
10:10 am - 10:45 amChallenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.
10:10 amMake Risk Matter: From Wasted Time to Better Decisions Under UncertaintyCISO, Washington Department of Natural ResourcesRegistration Level:Conference Pass
10:10 am - 10:45 amMost cybersecurity risk processes spend more time writing reports than influencing decisions. Leaders skim the summaries, nod at the heat maps and charts, and move on—while critical decision making happens without any awareness of uncertainty. This talk shows you why we need to drop the activities that aren’t useful, and how to connect risk analysis directly to decisions, and make your risk analysis matter.
10:10 am[Panel] Generative AI: Contextual Chaos and the Rise of Security ComplexityCISO and Angel InvestorResearch Fellow, Cloud Security AllianceResearch Fellow, Cloud Security AllianceManaging Director, Executive Security, TIAARegistration Level:Open Sessions
10:10 am - 10:45 amGenerative AI is rapidly transforming how machines interact with human language, images, and code—but as these systems grow more capable, they also become more context-dependent and harder to secure. This panel discussion explores the evolving relationship between contextualintelligence—a generative model’s ability to interpret nuanced input, user intent, and environmental cues—and the rising complexity of securing these systems in real-world applications.The panel dives into how large language models and multimodal systems interpret context, where that context can be manipulated or misunderstood, and why traditional security models fall short in dynamic, prompt-driven environments. Key topics include prompt injection, data leakage, contextual spoofing, user profiling risks, and the challenges of securing black-box models in open systems.As generative AI continues to integrate into decision-making, communication, and automation, securing its context becomes not just a technical challenge, but a societal one.10:10 amTabletop Exercises: The Fun KindRegistration Level:Open Sessions
10:10 am - 10:45 amTabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!
This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.
10:45 amNetworking BreakRegistration Level:Open Sessions
10:45 am - 11:10 amLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
11:10 amClient Assurance Is Not a Checkbox: Building Trust Through TransparencySr. Cybersecurity BISO Analyst, CBRERegistration Level:Conference Pass
11:10 am - 11:45 amAs cybersecurity questionnaires become more frequent and complex, organizations face a choice: treat them as compliance exercises, or turn them into opportunities to build trust. In this session, learn how to elevate InfoSec responses beyond the checkbox by tying security controls to business risk, operational maturity, and shared outcomes with clients. Marivell breaks down how to collaborate across technical and legal teams, improve transparency, and strengthen relationships that go beyond policies and PDFs. Key takeaways: from this session:
- Turn routine client assessments into strategic conversations
- Translate technical controls (MFA, encryption, pen tests) into business terms
- Use assurance moments to drive cultural change and showcase cyber leadership
11:10 amDon't Panic: The Hitchhiker's Guide to Incident ResponseCISO, Washington State Liquor and Cannabis BoardCIO, Washington State Liquor and Cannabis BoardRegistration Level:Conference Pass
11:10 am - 11:45 amIn the face of a cyber crisis, a calm and organized response is your most powerful tool. This session offers a no-nonsense guide to incident response, drawing inspiration from a famous galactic hitchhiker’s wisdom. We’ll demystify the complexities of a breach, focusing on key survival rules: from establishing clear communication protocols and defining roles to avoiding common pitfalls and managing executive expectations. Learn how to prepare your team to navigate the chaos, maintain a steady course, and ensure that when disaster strikes, your response is as logical and reassuring as “Don’t Panic.” This session will equip you with the practical, actionable insights needed to develop a resilient and well-rehearsed incident response plan.11:10 am[Panel] The Sorcerer's Apprentice: Taming AI in CybersecurityDirector, Sales Engineering, CyberhavenCISO, AstrixHead of Trust and Security, ConveyorRegistration Level:Open Sessions
11:10 am - 11:45 amAI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.
11:10 amISC2 Seattle Leadership PanelNavigating the Landscape of Cybersecurity Certifications: From Traditional Foundations to AI-Driven FrontiersSecretary, ISC2 Seattle ChapterVP, ISC2 Seattle ChapterPresident, ISC2 Seattle ChapterTreasurer, ISC2 Seattle ChapterDirector at Large, ISC2 Seattle ChapterRegistration Level:Open Sessions
11:10 am - 11:45 amPresented by the ISC2 Seattle Chapter, this panel will feature ISC2 chapter leaders exploring the evolving world of cybersecurity certifications. From well-established credentials like CISSP and Security+ to emerging AI-focused certifications, this session will provide a comprehensive overview of the certification landscape and its relevance in today’s security environment.
We’ll discuss how certifications align with career paths, industry demands, and the growing influence of artificial intelligence in cybersecurity. Whether you’re a seasoned professional or just beginning your journey, you’ll gain valuable insights into selecting and pursuing the right certifications to stay competitive and informed.
This session will also serve as our ISC2 Seattle Chapter meeting for November, so attending will count toward your chapter participation and CPEs.
12:00 pm[Lunch Keynote] The Privacy Tightrope: Navigating Data in a Connected WorldHead of Data Governance and Privacy, Alaska AirlinesDirector of Information Security, HealthPointRegistration Level:Open Sessions
12:00 pm - 12:45 pmLocation / Room: Keynote TheaterIn an era of unprecedented data collection and AI-driven analytics, safeguarding personal information has become a paramount challenge. This panel brings together diverse privacy leaders to explore the evolving landscape of data protection, moving beyond traditional boundaries to address the unique complexities faced by public sectors, global enterprises, and sensitive industries like healthcare. From municipal data policies to airline passenger privacy and the intricate regulations surrounding health data, we’ll delve into the strategies, challenges, and future trends shaping how organizations manage, secure, and respect individual privacy in an increasingly interconnected and data-rich world.
12:00 pmAdvisory Council Roundtable Lunch (VIP / Invite Only)Registration Level:VIP / Exclusive
12:00 pm - 12:45 pmModerated discussion for SecureWorld Advisory Council members. By invite only.
12:45 pmNetworking Break & Cyber ConnectPhishing in the Age of AI: New Threats and How to Fight Back – Join this bonus session in the Networking HallCo-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLCCo-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLPRegistration Level:Open Sessions
12:45 pm - 1:10 pmLocation / Room: Exhibitor HallKip and Jake spoke on Day 1 about how attackers use generative AI to launch more effective phishing and ransomware attacks. As part of their live podcast recording, they will further explore the recent Unit 42 example where an AI-driven attack was completed in under 25 minutes. The duo shares practical defense strategies that organizations can use to defend themselves. Join the discussion, ask questions, and be part of the podcast recording!1:10 pmEnhancing Security, Easing Compliance: PCI DSS for Multi-Payment Channel OrganizationsDirector, Schellman Compliance LLCRegistration Level:Conference Pass
1:10 pm - 1:45 pmNavigating PCI DSS compliance can be daunting for multi-payment channel merchants and service providers handling diverse transaction environments. This presentation explores practical strategies to reduce compliance burden while bolstering security. Attendees will learn how simple process changes, such as tokenization and point-to-point encryption, can minimize sensitive data exposure. We’ll also examine the benefits of outsourcing specific PCI DSS responsibilities to trusted third-party providers, enabling organizations to focus on core operations without compromising security.
Drawing on real-world examples, the session will highlight how these approaches streamline compliance efforts, reduce costs, and enhance protection across online, in-store, and mobile payment channels. Ideal for merchants and service providers, this talk offers actionable insights to achieve PCI DSS compliance efficiently.
Learn how multi-payment channel merchants and service providers can simplify PCI DSS compliance and enhance security through strategic process changes and outsourcing.
1:10 pm[Panel] From Reaction to Prevention: Scaling Security with AIDirector of Engineering, SalesforceSr. Director, Security Assurance, SalesforceLead Security Engineer, SalesforceProduct Security, Compliance Automation Team, SalesforceRegistration Level:Conference Pass
1:10 pm - 1:45 pmCritical security vulnerabilities discovered late in the development cycle drain resources, cost weeks in reactive firefighting, and erode customer trust. Our manual security review process for high-level designs is a prime candidate for transformation—too slow, inconsistent, and unscalable for the speed of modern development. This session addresses the urgent need to shift security from a reactive, late-stage gate to a proactive, embedded layer in the design phase—eliminating over 80% of critical design and build flaws before a single line of code is checked in.
To achieve this, Salesforce is introducing a suite of intelligent security agents that embed security expertise directly into the developer workflow. The architecture integrates Securityforce with existing tools, enabling near real-time analysis of design documents, automated threat modeling, and build-time policy enforcement from pull request to check-in. By pairing this automation with curated knowledge from top security professionals, thisi automated approach delivers continuous, consistent feedback at scale.
Security is transformed from a manual bottleneck into a fast, intelligent, and integrated process—accelerating developer productivity, reducing cost to serve, and empowering teams to ship secure products with speed and confidence. By cutting review cycles from two weeks to minutes, there’s an estimated >90% efficiency gain, millions in annual engineering hours saved, and a substantial reduction in remediation and incident response costs.
1:10 pm[Panel] Elevating Security and Incident Response Through Threat Intelligence, Cloud Resilience, and AI InnovationsHead of Global Threat Intelligence, Google CloudSecurity Advisor, SplunkCISO, AAA WashingtonRegistration Level:Open Sessions
1:10 pm - 11:45 amThe battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.
Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.
And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.
1:10 pmEngaging with and Driving Innovation in CybersecurityRegistration Level:Open Sessions
1:10 pm - 1:45 pmSession description to come.
1:45 pmNetworking BreakRegistration Level:Open Sessions
1:45 pm - 2:10 pmLocation / Room: Exhibitor HallVisit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.
2:10 pmFrom Handshake to Code-Sign: Building Human and Agent TrustSr. Director, Security, Privacy and Data Governance, AdobeRegistration Level:Conference Pass
2:10 pm - 2:45 pmIn this session, we’ll unpack agentic AI governance. “Trust Chains: Humans → Agents → Agents,” a practical framework for bringing order to the chaos of agent sprawl. You’ll learn how to make AI agents verifiably trustworthy, to each other and to us, through identity checks, access controls, and auditability. Expect real-world examples, a few cautionary tales, and a roadmap for keeping your AI ecosystem from turning into the Wild West.2:10 pmA Practical Guide to Data Protection for Enterprise AI AdoptionHead of Enterprise Security, BoxRegistration Level:Conference Pass
2:10 pm - 2:45 pmAs enterprises embrace the limitless possibilities of AI, we security professionals need to adapt to safeguard sensitive data. In this talk, we’ll unpack a few real-world patterns of how data leaks into or out of AI systems and offer a simple framework for threat-modeling enterprise AI usage without slowing down innovation.2:10 pm[Panel] Cybersecurity Challenges for Small and Medium BusinessesDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.Director, Information Security, KP LLCDistrict President, Robert HalfRegistration Level:Conference Pass
2:10 pm - 2:45 pmSmall and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this discussion, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise. We cover the following topics:
- The state of SMB cybersecurity in the U.S.
- The cost and impact of cyber breaches on SMBs
- The main cyber threats and vulnerabilities that SMBs face
- The best practices and frameworks for SMB cybersecurity
- The steps to build or improve your cybersecurity program
Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.
2:10 pmPartnering with Industry to Protect Our Way of LifeRegistration Level:Open Sessions
2:10 pm - 2:45 pmThe cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses. By working together, we can defend U.S. cyberspace and protect our way of life.
2:45 pmNetworking Break and Dash for PrizesRegistration Level:Open Sessions
2:45 pm - 3:15 pmLocation / Room: Exhibitor HallVisit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.
3:15 pm[PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 4vCISO, Cyber Risk Opportunities LLCRegistration Level:SecureWorld Plus
3:15 pm - 4:45 pmThis intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:
- Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
- Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
- A step-by-step action plan – No more guessing what to do next
- Real-world case studies – See how organizations just like yours have successfully implemented the framework
- Expert-level confidence – Finally speak cybersecurity with authority and clarity
What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.Perfect for:
- IT Directors and Managers
- Cybersecurity Professionals
- Business Leaders responsible for risk management
- Compliance Officers
- Anyone tasked with “figuring out cybersecurity”
Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:
- Getting BUY-IN from your senior decision makers
- Discovering your top five cyber risks
- Creating a prioritized risk mitigation plan with implementation roadmap
- A score card you can use to track progress
Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.
Your organization’s cybersecurity can’t wait. Register now.
3:15 pm[PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 4Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:SecureWorld Plus
3:15 pm - 4:45 pmAI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.
Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data CardsLesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.
STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

- AppOmniBooth: TBD
AppOmni SaaS security helps security and IT teams protect and monitor their entire SaaS environment, from each vendor to every end-user.
- Astrix SecurityBooth: TBD
Astrix is the leader in securing non-human identities (API keys, service accounts, Access tokens,…), and extending identity security to machines. An RSA 2023 Innovation Sandbox finalist and a 2023 Gartner Cool Vendor for Identity First Security. We’ve raised $40M in total funding from the world’s top investors (CRV and Bessemer Venture Capital) tochange how apps connect to enterprises. We’re on a mission to allow businesses to leverage third-party apps and generative AI tools without compromising security, and we’re trusted by leading enterprises such as Priceline, Figma, Workato, and Agoda.
- AxoniusBooth: TBD
Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.
- BitdefenderBooth: TBD
Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, business, and government environments, Bitdefender is the industry’s trusted expert* for eliminating threats, protecting privacy and data, and enabling cyber resiliency. With deep investments in research and development, Bitdefender Labs discovers 400 new threats each minute and validates 30 billion threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 150 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170 countries with offices around the world. For more information, visit https://www.bitdefender.com.
- Blink Ops, IncBooth: TBD
Automate all things security in the Blink of AI.
BlinkOps is a security workflow automation platform designed to make building, collaborating, and scaling all things security & beyond effortless.
Whether you prefer code, low-code, or no-code, BlinkOps has you covered. Easily drag and drop the actions you want into a workflow, leveraging the over 30,000 actions available in the automation library, or use Blink Copilot™ to generate a workflow with a natural language prompt.
Use BlinkOps as an automation hub, where security teams go to quickly develop, collaborate, and automate their security ideas. Leverage the platform’s 8,000+ workflows that come out-of-the-box to quickly build workflows for real-time remediation. Generate automation workflows for standalone use cases or build an end-to-end proactive automation strategy, streamlining security responses across your entire organization.
- Check Point Software TechnologiesBooth: TBD
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Cohesity, IncBooth: TBD
We believe that simplicity is the foundation of modern data management. Our mission is to radically simplify how organizations manage their data and unlock limitless value. The company develops software that allows IT professionals to backup, manage, and gain insights from their data across multiple systems or cloud providers.
- ColorTokensBooth: TBD
ColorTokens, the premier enterprise microsegmentation provider, specializes in making organizations “breach ready” by halting the lateral spread of ransomware and malware within intricate network infrastructures using its innovative ColorTokens Xshield™ platform. The platform visualizes traffic patterns between workloads, devices, and users, enabling organizations to enforce granular micro-perimeters, swiftly isolate critical assets, and respond to breaches effectively. Recognized as a Leader in the Forrester Wave™: Microsegmentation Solutions, Q3 2024 evaluation, ColorTokens safeguards businesses by thwarting ransomware and malware attacks, ensuring significant savings in potential disruptions. For more information, visit www.colortokens.com.
- Conveyor Inc.Booth: TBD
Conveyor is the leading generative AI-powered platform that automates and scales the most tedious part of the sales process: customer security reviews. Trusted by the world’s top SaaS companies, Conveyor helps vendors build trust with customers while reducing the time spent on the mind-numbing task of sharing security information and answering security questionnaires by over 90%. Through the combination of its automated security questionnaire completion software and its trust portal, which allows documents and security information to be shared easily and securely, Conveyor ultimately helps vendors close sales faster. Conveyor’s lean team has deep and extensive collective experience in security and compliance.
- CyberhavenBooth: TBD
When the DLP market first emerged 20 years ago, the goal was to protect confidential information in on-premises databases, file servers, application servers, other data repositories, and endpoints. Today millions of sensitive documents, files, and other data are being exfiltrated in violation of corporate data policies every day because DLP is completely ineffective in the era of cloud-first applications and Zero Trust security. These data breaches result in stolen IP, damaged brands, and significant financial penalties. Let’s face it, DLP in its current form is nothing more than a compliance checkbox. Cyberhaven is transforming the DLP market and helping organizations secure all of the high-value data they must protect in order to compete and thrive in the digital economy. It’s a big hairy problem, and we are up to the challenge.
- CyeraBooth: TBD
Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in Data Security Posture Management, Cyera instantly provides companies visibility over their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. We are redefining the way companies secure their data. Learn more at cyera.io.
- DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10Booth: TBD
Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.
Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.
Region 10 personnel carry out CISA’s five priorities:
- Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
- Harden federal networks (the civilian .gov domain);
- Reduce risk at soft targets;
- Enhance election security; and
- Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
- EchoMarkBooth: TBD
Enterprise Software as a Service (SaaS) startup providing innovative information security and privacy products to enable the seamless flow of private information.
- ExpelBooth: TBD
Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.
- FortinetBooth: TBD
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- Google CloudBooth: TBD
Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.
- HPEBooth: TBD
Hewlett Packard Enterprise (HPE) is a global technology company that focuses on developing intelligent solutions for capturing, analyzing, and acting upon data. They operate in areas like networking, hybrid cloud, and AI, helping customers create new business models and improve operational performance.
- HUMAN SecurityBooth: TBD
HUMAN is a cybersecurity company that safeguards 1,200+ brands from digital attacks including bots, fraud and account abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trilliondigital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN.
- Washington State InfraGardBooth: TBD
InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.
The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”
- ISACA Puget Sound ChapterBooth: TBD
The aim of the Chapter is to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area.
The association is one of individual members who are practitioners of information systems auditing, security, risk, and/or governance in his or her organization. The membership of the ISACA reflects a multiplicity of backgrounds and skills that make our profession challenging and dynamic.
This chapter is run by volunteers who are ISACA members nominated and elected through an established process. Please contact us if you are interested in serving on the board.
- ISC2 Seattle ChapterBooth: TBD
Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.
- ISSA Puget Sound ChapterBooth: TBD
ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.
- National Cybersecurity AllianceBooth: TBD
Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.
- KeysightBooth: TBD
Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems; patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.
- Orca SecurityBooth: TBD
We’re on a mission to make it fast, easy, and cost effective for organizations to address the critical security issues in their AWS, Azure, and GCP estates so that they can operate in the cloud with confidence.
- Push SecurityBooth: TBD
Founded in 2020, Push Security is a cybersecurity company offering identity threat detection and response (ITDR) via a browser-based platform. The platform provides real-time visibility and security controls, targeting attacks such as phishing and credential stuffing. Push Security serves customers in technology, finance, and healthcare, with deployment on over 1.5 million endpoints, and has raised $45 million in funding. Based in London, the company’s approach includes automated guidance and behavioral nudges.
- Robert HalfBooth: TBD
Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.
- Seceon Inc.Booth: TBD
Seceon delivers a next-generation cybersecurity platform that empowers enterprises, MSPs, and MSSPs to detect, respond, and remediate threats in real-time, eliminating the need for 20+ security tools. What Sets Seceon Apart: * Unified Platform: Combines SIEM, SOAR, UEBA, EDR, NDR, Threat Intelligence, Vulnerability Management, and Compliance into one AI-powered solution. * AI-Powered Threat Detection & Auto-Response: Leverages ML, AI, and Dynamic Threat Models for real-time threat identification and automated remediation. * Scalable & Multi-Tenant: Supports massive scale, processing 10M+ events per second, across enterprises and MSSPs from a single dashboard. * Continuous Compliance: Streamlines security analytics and regulatory compliance (NIST, ISO, HIPAA, PCI-DSS, CMMC, NIS2) with aiSecurity360. Why Organizations Choose Seceon: * Cut cybersecurity costs by 60% by replacing siloed tools * Stop threats faster with AI-powered detection and automated response. * Achieve full visibility by correlating real-time logs, flows, identities, for situational awareness and historical threat intelligence. Faster protection, full visibility, and lower costs. Seceon powers the future of cybersecurity.
- SecuritiBooth: TBD
Securiti is the pioneer of the DataAI Command Center, a centralized platform that enables the safe use of data and GenAI. It provides unified data intelligence, controls and orchestration across hybrid multicloud environments. Large global enterprises rely on Securiti’s Data Command Center for data security, privacy, governance, and compliance. Securiti has been recognized with numerous industry and analyst awards, including “Most Innovative Startup” by RSA, “Top 25 Machine Learning Startups” by Forbes, “Most Innovative AI Companies” by CB Insights, “Cool Vendor in Data Security” by Gartner, and “Privacy Management Wave Leader” by Forrester. For more information, please follow us on LinkedIn and visit Securiti.ai.
- SecurityScorecardBooth: TBD
SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.
- Semgrep, Inc.Booth: TBD
Semgrep, Inc. is a cybersecurity company based in San Francisco. The company develops the Semgrep AppSec Platform (a commercial offering for SAST, SCA, and secrets scanning) and actively maintains the open-source static code analysis tool semgrep OSS.
- SplunkBooth: TBD
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- Sumo LogicBooth: TBD
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.
- Tevora + ProcessUnityBooth: TBD
Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.
ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources. For more information, visit https://www.processunity.com.
- ThreatLockerBooth: TBD
ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com
- TrusteroBooth: TBD
Trustero is developer of a corporate industry and regulatory compliance AI designed to handle time-consuming GRC tasks such as gap analysis, remediation guidance, questionnaire automation, and evidence collection. The company’s AI conducts audits like a human, detects industry and regulatory compliance gaps, suggests gap remediation procedures, answers GRC questions, completes security questionnaires, responds to RFPs, and more enabling businesses to save time and run their operations, processes, and systems to remain fully compliant.
- WiCyS Western Washington AffiliateBooth: TBD
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Alex Di GiacomoCISO, Sound Transit
Mr. Di Giacomo is an award-winning, veteran cybersecurity executive with over 26 years of experience leading security strategy and governance across critical infrastructure and corporate environments, both domestically and internationally. His expertise encompasses IT and OT security, security governance, cloud security, disaster recovery, risk and compliance management across multiple industry frameworks, and data privacy. In his current role as Chief Information Security Officer at Sound Transit, he built a nationally recognized, security program from the ground up based on the ISO 27001 international standard, achieving top-tier maturity ratings, confirmed by independent audits. Mr. Di Giacomo holds multiple rigorous, industry-relevant certifications including C|CISO, CISSP, CISM, CISA, CRISC, CDPSE and HISP, and is a frequent speaker, lecturer, and advisor on cybersecurity, risk, and resilience. Mr. Di Giacomo holds both a B.S. in Electronic Engineering degree, as well as a Master of Engineering and Technology Management, Summa Cum Laude.
A strategic visionary and hands-on leader, Mr. Di Giacomo is deeply committed to advancing cybersecurity maturity and resilience. He currently serves on the Washington State Technology Services Board Security Subcommittee and contributes to multiple professional associations including ISACA, ISC2 and ISSA and the IEEE, where he has achieved Senior Member status. Fluent in English, Spanish, and Italian, Mr. Di Giacomo brings a global perspective with a business and mission centric focus to today’s cybersecurity challenges and solutions.
- Mike HughesSVP & CISO, Nordstrom
As the Chief Information Security Officer at Nordstrom, I lead a team of cybersecurity professionals who are passionate about protecting the company's data, systems, and customers. I have over 10 years of experience in cybersecurity, spanning various domains such as incident response, forensics, malware analysis, network security, and data protection.
My mission is to bring honesty, transparency, and integrity to the cybersecurity function, and to partner with other technology and business teams to ensure a balanced and pragmatic approach to our common goals. I leverage my expertise in cybersecurity strategy, policy, governance, and risk management to enable REI's growth and innovation. I also foster a culture of security awareness, education, and empowerment across the organization.
- Chuck MarkarianCISO, PACCAR
As PACCAR's CISO, I am responsible for strategy, investigations, forensics work, policy and procedure creation and review, security risk assessments and project management. This is a global position, with information security responsibility for all PACCAR locations.
- Lisa Plaggemier, ModeratorExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Tristan AllenInfrastructure & Industry Section Lead, Washington Military Department's Emergency Management Division
Tristan works for the Washington Military Department’s Emergency Management Division. Leading the Infrastructure and Industry Section, his work is focused on critical infrastructure resilience, cybersecurity preparedness and response, and enhancing public-private cooperation before, during and after disasters. Prior to joining state service in 2016, Tristan worked for the federal government focusing on technology research and development to improve the nation’s defense and international humanitarian response operations.
- Jeffrey FlohrChief of Special Operations Division, King County Sheriff's Office
Chief Jeffrey (Jeff) Flohr has over 30 years of law enforcement experience. Jeff began his career in the Bay Area of California, where he worked for Moraga and San Pablo Police Departments. During his time in California, Jeff served as Field Training Officer, K9 Handler, Drug Recognition Expert, Gang Detective, and member of several state and federal task forces.
Drawn to the size and diversity of the King County Sheriff’s Office and the variety of assignments and opportunities it provides, Jeff began his career with KCSO in early 2005. He started as a Deputy in the contract city of Kenmore, served as a School Resource Officer in Kirkland, and quickly became a Master Police Officer (MPO) before being promoted to Sergeant in 2012. During his tenure as Sergeant, Jeff had numerous assignments, including North Precinct patrol, KCSO patrol K9 Unit, Sound Transit, Special Emphasis Team, and Explosive Detection K9 Unit. In 2016, Jeff was selected to be the Field Operations Administrative Sergeant for the Patrol Operations Chief. In this role, Jeff supported KCSO patrol operations and assignments county-wide, including Background Investigations, staffing, and recruiting. Jeff also coordinated the Critical Incident Review Boards for KCSO.
In 2018, Jeff was promoted to Captain and assigned to lead the King County Communications Center. He was promoted to Major in 2020 and assigned to lead the Southwest Precinct, which includes Skyway, White Center, and Vashon communities. In this role, Jeff joined the Urban King County Reimagining Policing Group, where he worked with numerous King County departments to explore what policing in unincorporated King County will look like in the future. In 2021, Jeff was promoted to Chief and assigned to the Technical Services Division. While there he oversaw the successful ratification of multiple groundbreaking labor contracts, inclusion of body worn cameras in the bi-annual budget and an increased effort surrounding recruiting and reducing vacancies. In 2023, with the addition of two new divisions at KCSO, Jeff was assigned to the Special Operations Division. The Special Operations Division includes two transit contacts, Metro Transit Police and Sound Transit Police, the Aircraft Rescue and Fire Fighting at the King County International Airport as well as the traditional Special Operations units such as TAC-30, Crisis Negotiation, Bomb Disposal, K9s, Air Support, Search and Rescue, Marine Rescue Dive Unit.
Jeff believes in community policing that is fair and accountable. Throughout his career, Jeff has led by example and built strong working relationships at all levels of government through open and honest communication. Jeff has served as Incident Commander for high-profile events including dignitary visits, anti-terrorism efforts, concerts, sporting events, and civil disturbances. He has also led the development and implementation of several initiatives, including the creation of Sound Transit’s Special Emphasis Team (SET) to enhance rider and employee safety; modernizing the statistical tracking of K9 deployments, contacts, and training documentation; working with the King County Council to implement ordinances impacting solicitations and noise complaints; and working with U.S. Senators and Congress members to update King County’s 911 system to address next-generation issues. Jeff has received numerous accolades and awards throughout his career, including Officer of the Year, Deputy of the Year, Sergeant of the Year, Lifesaver Award, and the Sheriff’s Medal.Jeff and his wife, Stevee, have been together for over 20 years. They enjoy traveling, watching their daughter play softball at Central Washington University, and playing with their dog.
- Jenifer Clark, ModeratorSr. Information Security & Compliance Engineer, Costco Wholesale
Jenifer Clark is a Senior Security Engineer at Costco Wholesale. As part of the enterprise Data Security team, her focus is on Data Loss Prevention (DLP) and liaison work with internal business teams. Jenifer is a long-time member of the SecureWorld Advisory Council and actively supports public/private partnership efforts. She is a member of Washington State Cybersecurity Advisory Committee, Domestic Security Alliance Council (DSAC), InfraGard, FBI Seattle Citizens Academy Alumni Association, and a multi-year participant in DHS Analyst Exchange Program (AEP). Jenifer also volunteers in the local community as a member and director in King County 4x4 Search and Rescue Association.
- Stephanie WarrenAssistant Director, Information Security, Port of Seattle
Stephanie Warren has over 28 years of experience in technology, with the past 15 years dedicated to the field of Information Security. As the Assistant Director of Information Security, she brings a seasoned perspective to federal and regulatory compliance, incident response, and data protection. She excels at bridging communication between frontline employees and executive leadership, fostering alignment that strengthens organizational resilience. Her expertise in risk management helps organizations anticipate threats, adapt to challenges, and sustain long-term operational continuity. She holds a Bachelor of Science in Cybersecurity and Information Assurance and is a Certified Information Systems Security Professional (CISSP).
- Jack SippelCyber Resiliency, T-Mobile
CISSP and Security+ certified Principal Cybersecurity Engineer using system engineering principles and a lot of curiosity.
- Brian SheaBISO, Salesforce
Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations, and Support. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America, as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and published two books and three industry papers on security.
- Brian DenmanDirector, Global Cyber Risk Solutions Delivery, SecurityScorecard
Brian Denman is the Director of Global Cyber Risk Solution Delivery for SecurityScorecard. In this role, he leads service delivery for our MAX third-party cyber risk management program.
Brian has over thirty years of executive and frontline experience in enterprise IT, cybersecurity, and cyberwarfare operations, twenty-five of which were in the national security sector or the Intelligence Community. As a global network operator, he was responsible for the daily operation and security of the United States Air Force’s classified and unclassified worldwide networks, including proactive management of cyber risk and all-hazards incident response. As a third-party incident responder, he organized and trained Cyber Protection Teams for U.S. Cyber Command’s to provide threat hunting, advisory, and incident response services. He led these teams to defend military systems, domestic and international critical infrastructure, and the Defense Industrial Base, including the Command’s first landmark “Defend Forward” missions in support of U.S. election security and partner defense in Eastern Europe. Since retiring from government service, Brian has advised and trained both U.S. government and private sector organizations, ranging from small and medium businesses to Fortune 50 firms, on enterprise cybersecurity, risk, and incident response management.
- Yasser FuentesPrincipal Solutions Architect (Cloud Security SME), Bitdefender
Yasser is a Principal Solutions Architect (Cloud Security SME) for Bitdefender and Security Practitioner with over 20 years of experience in Information Security. Along his career he has worked for Healthcare Providers, ISPs, MSPs and SOCs, among many other verticals and throughout multiple Information Security Domains. On his previous role as a Product Manager for Cloud Security, he enabled Sales, Technical Teams and Technical Partners and contributed to numerous architectural projects in both private and public sector. Regarding credentials and certifications, he possesses top Security Vendors Certifications such AWS and Azure as well as worldwide recognized credentials such as CISM (ISACA) and CISSP (ISC2).
- Craig Spiezle, ModeratorFounder & President, AgeLight Advisory & Research Group
Craig Spiezle is the Founder and President of AgeLight Advisory & Research Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.
- Panel Discussion
- Scott BensonDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.
Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.
- Erika CarraraVP, Chief Information Security & Infrastructure Officer, The Greenbrier Companies
Erika Carrara is a seasoned cybersecurity and technology expert with over two decades of experience. Skilled at helping businesses navigate cyber risks, data governance, and digital transformation, Erika has led several corporations through a security maturity curve in the defense industrial base, federal sector, and twice in manufacturing, now at Greenbrier. She is an expert in security governance, compliance, privacy, and digital systemic risk.
In her role as Chief Information Security & Infrastructure Officer, Erika presents at all board meetings, providing information and guidance on cyber protection and resiliency. As a Boardroom Qualified Technology Expert (QTE), she works closely with the board's enterprise risk and audit committee and C-Suite, providing updates on the materiality of cybersecurity risks and incidents. Erika has enhanced security governance at Wabtec by strengthening the company's governance framework, establishing effective risk management processes, conducting frequent risk assessments, and providing strategic guidance to the board and C-Suite on cyber risk matters. She maintains a pulse on the regulatory landscape, overseeing adherence to cybersecurity regulations, industry standards, and data protection laws in the 53 countries where Wabtec operates.
A Native American and veteran, Erika is passionate about championing DEI and social programs/causes. She advocates for gender diversity through education, industry sharing, and career development. As a values-based leader, Erika demonstrates diplomacy, flexibility, and a deep commitment to life-affirming principles such as honesty, integrity, trust, and compassion for others.
- Doug CavitCISO, Snohomish County, Washington
Doug Cavit has been involved in cybersecurity for 30 years as CIO of McAfee and Chief Security Strategist at Microsoft, as well as CISO for two tech startups working on automated cybersecurity in the cloud. He was a major contributor to Microsoft adding anti-malware and several versions of Windows. He has been involved in setting security standards for the financial services and utility industries as well as the ISO process for secure software development. He has helped the Global Fortune 1000 and governments around the world on security and is a noted speaker in the security industry. Doug was a finalist for an Orbie award for CISO of the year in 2025. He holds multiple patents for IT infrastructure. Currently, he is CISO for Snohomish County in Washington State. In addition, he is a volunteer board member for a local non-profit that provides computers to the disadvantaged.
- William Lidster, ModeratorCISO, AAA Washington
William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.
In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.
Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.
William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.
- Zabrina McIntyre, HostDirector, Advisory, KPMG; Leadership Board, WiCyS BISO Affiliate
Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.
- Courtney HansVP, Cyber Services, AmTrust Financial Services
Currently the Vice President of Cyber Services for AmTrustCyber, Courtney Hans brings a variety of experience into her work. In her early career, Courtney was an adventure travel guide with a short window to make a strong impression. Curiosity became her superpower as she learned how to uncover the inner motivations of diverse groups of guests. Guiding, just like cybersecurity, requires agility and a cool head during a crisis. Formerly the Head of Security and IT for a growing SaaS startup, Courtney joined AmTrust to help to reduce risk and deepen the relationship between carrier and insured.
- Kip BoyleCo-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Jake Bernstein, Esq.Co-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLP
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Panel Discussion
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Cliff SteinhauerDirector, Information Security & Engagement, National Cybersecurity Alliance
Cliff Steinhauer is a passionate information security and privacy professional. Currently based in Seattle, he has over a decade of experience in sales, marketing, and project management. With the National Cybersecurity Alliance, Cliff works to direct community engagement through live events, educates through thought leadership, and runs the Cybersecurity program for NCA. Cliff enjoys sharing the message of securing your digital life, protecting information systems and the people that run them, and mentoring young folks to promote interest in the field.
- Ran HinrichsProfessor of Practice, Cybersecurity, Norwich University
Randy J. Hinrichs is a national leader in AI ethics and cybersecurity education, serving as Professor of Practice at Norwich University and PhD candidate in CyberEthics at the University of Idaho. He directs multiple NSA-funded NCAE Co-Op Centers, advancing workforce development through experiential learning and ethical AI integration. Randy is the architect of the AI Moral Code—an empirical framework for embedding moral reasoning into AI systems—and the creator of the NSA-endorsed “CyberEd in a Box” program. With over 25 years of leadership across Microsoft, Sun Microsystems, and federal innovation projects, he combines immersive technologies, ethical governance, and workforce transformation to build a secure and responsible AI future.
- Colson HoxieSr. Sales Engineer, Axonius
Colson has been in the cybersecurity space for seven years now, with that journey starting at pre-Cisco Duo. Over the years he developed significant interest in cloud security and governance. While in the past that might have specifically referred to the public cloud, applications and the users that connect to them live everywhere, which means a broader viewpoint is needed to effectively secure the users, data, and devices that make up an organization. Colson has helped companies develop effective Zero Trust Network Access and data protection programs, starting with visibility and ending with effectively implementing policies that protect critical business data.
Today, his journey brings him back to devices, though still with a "zero trust" lens, where organizations are not just trusting the data their systems provide but validating and verifying via aggregating all of their different data sources into one place. This visibility, just as it does when building a data protection program, is the first step to effective risk management programs.
- Bryan WardSr. Sales Engineer, ColorTokens
Bryan Ward is a cybersecurity veteran with over two decades of experience helping global enterprises strengthen their security posture. He specializes in Zero Trust, microsegmentation, and practical approaches to network and infrastructure security, with leadership roles at companies like Akamai, Guardicore, and ColorTokens. Bryan is known for turning complex security challenges into actionable strategies that actually work.
- Panel Discussion
- Troy BatterberryCEO & Co-Founder, EchoMark
Troy Batterberry is the founder and CEO of EchoMark, a Software-as-a-Service (SaaS) company pioneering a new standard in information protection. The company was founded on that trust is central to empowering everyone to do their best work. Troy brings years of product and technology experience, including 25 years at Microsoft, where he most recently served as a Corporate Vice President as the product leader of Microsoft Teams Meetings, Calling, and Events. During his tenure, Troy also played an integral role in the growth and success of marquee Microsoft products, such as Windows, Explorer/Edge, Bing, Xbox, and MSN. Before joining Microsoft, Troy held engineering positions at Sony and within the U.S. Department of Defense. Troy is driven by a long-standing passion for creating new experiences and products.
In addition to his professional pursuits, Troy is a parent volunteer at his kids’ schools, spends time volunteering for Boy Scouts, and also enjoys time outdoors boating, hiking, and running. He holds an M.S. in Information Systems from the University of Southern California and a B.S. in Electrical and Electronic Engineering from North Dakota State University.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Lisa PlaggemierExecutive Director, National Cybersecurity Alliance
Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.
- Tim RainsVP & CISO, ADT
Tim Rains is an internationally recognized cybersecurity executive, advisor, and author.
Currently, Tim is Vice President and Chief Information Security Officer at ADT – the largest security and automation company in the United States, protecting 6.5 million households. In this role, Tim leads enterprise cybersecurity and product security.
Previously, Tim was Vice President Trust & Cyber Risk at T-Mobile where he led cybersecurity strategy, architecture, assurance, risk management, compliance, and the Business Information Security Officer function. While Tim was at T-Mobile, he was appointed to serve on a subcommittee of the President of the United States’ National Security Telecommunications Advisory Committee (NSTAC) that developed recommendations to the President focused on improving national cybersecurity.
Prior to T-Mobile, Tim held cybersecurity leadership positions at both Amazon Web Services and Microsoft. At AWS, Tim was the Global Security and Compliance Leader for Worldwide Public Sector, where he spent 3 years living in London.In the 17 years Tim spent at Microsoft, he held numerous roles including Global Chief Security Advisor, Director of Security, Identity, and Enterprise Mobility, Director of Trustworthy Computing, and founding Technical Lead of Microsoft’s customer facing Cybersecurity Incident Response Team.
Tim is the author of the popular book, now in its second edition, “Cybersecurity Threats, Malware Trends, and Strategies” published by Packt Publishing.
- Ralph HogaboomCISO, Washington Department of Natural Resources
Ralph Hogaboom is a seasoned cybersecurity leader with a deep commitment to public service and a human-centered approach to information security. A West Coast native from Aberdeen, Washington, Hogaboom worked his way up from grassroots tech support roles—from learning Perl and web design on the weekends to promote his string of punk bands, to serving as Chief Information Security Officer for the Washington State Department of Natural Resources. Today, Hogaboom is focused on building a world-class cybersecurity program powered by sound technical capability, practical risk management, trust, and empathy.
- Khaja AhmedCISO and Angel Investor
In a career spanning more than three decades, Mr. Khaja Ahmed has worked at the forefront of security technology — developing cutting-edge solutions in secure communications, data protection, and applied cryptography. He has led high-impact security teams at leading companies including Gemini (a cryptocurrency exchange), Microsoft, Google, and Amazon. His expertise spans hands-on system design, organizational leadership, and executive engagement—enabling him to architect solutions, build world-class teams, and shape security strategy at the highest levels. A sought-after speaker and panelist, he frequently addresses topics ranging from technical security practices to team building and leadership for individual and organizational growth. Currently, Khaja is an angel investor and advisor/consultant to startups in security. He enjoys teaching at his son’s institute, Ahmed Tech Academy, and at Bellevue College where he teaches Information Security and Computer Architecture as adjunct faculty.
- Anil KarmelResearch Fellow, Cloud Security Alliance
Anil Karmel is a cybersecurity leader, serial entrepreneur, and startup advisor, founding two companies from 0 to 1 to exit. Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Karmel began his government career as a Technical Staff Member of Los Alamos National Laboratory (LANL) and was responsible for inventing their cloud and collaboration technologies. Karmel and his team have garnered industry and government accolades, including the SANS National Cyber Security Innovators Award for Cloud Security, SINET Top 16 Cybersecurity Startups, InformationWeek 500 Top Government IT Innovators, and the DOE Secretary's Achievement Award. Anil served as the president of the Cloud Security Alliance’s DC Metro Area Chapter and is a member of the CSA's CxO Trust Advisory Council.
- Vishwas ManralResearch Fellow, Cloud Security Alliance
With more than 20 years of experience in the technology industry, Vishwas has a passion for innovation and problem-solving, and a track record of delivering high-impact products and projects in various domains, such as infrastructure, networking, security, cloud, IoT, and data. He is formerly the Chief Technologist and Head of Cloud Native Security at McAfee, where he led the vision, strategy, and execution of cutting-edge security solutions for the cloud. He has also been a founder, CEO, CTO, product manager, and engineer in large companies and startups, working with diverse technologies and languages. Has co-invented multiple technologies and authored several publications in the IETF, where he is an active contributor and member. His specialties include bringing new ideas to market, creating new technology, building energized teams, and providing technology execution, vision and direction.
- Aradhna Chetal, ModeratorManaging Director, Executive Security, TIAA
Aradhna serves as a Managing Director Executive – Digital & Cyber Transformations at TIAA, a financial services company, she is responsible for the cloud security DevSecOps for Applications, Data, AI Enterprise vision, strategy, standards, security patterns in a multi-cloud hybrid enterprise. Her expertise spans Cloud Security; IAM, Zero Trust, Data Protection and GenAI Security Engineering. She has worked in various cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft, and T-Mobile. Aradhna is an active member in the cyber security industry. She is Co-Chair of Cloud Native Computing Foundation Security TAG, Co-Chair for CSA Serverless Working group and a Cloud Security Alliance Research Fellow; she contributes to OWASP AI, CNCF , Cloud Security Alliance working groups and NIST Cloud computing standards, has influenced best practices and standards for cloud, containers and micro services security. She has also been providing expert guidance to a number of startups on security product roadmaps and feature development especially in the area of Identity and Access Management, Zero Trust and Container Security etc. Aradhna has a Masters in Cybersecurity, a bachelor's in electrical engineering, a
CISSP and CCSP from ISC2.org. Outside of work, Aradhna enjoys hiking, snowshoeing, and volunteering for women’s causes. - Marivell Alicea-GamlinSr. Cybersecurity BISO Analyst, CBRE
Marivell Alicea-Gamlin is a Senior Cybersecurity BISO Analyst at CBRE, where she connects cybersecurity strategy to business outcomes through client assurance, audit support, and third-party risk engagement. With more than 20 years of experience across IT operations, governance, and compliance, she plays a key role in shaping cyber strategy and building client trust. Marivell serves on the board of ISSA Puget Sound as Director of Membership and actively mentors emerging cybersecurity professionals. She holds a Master’s in Network and Communications Management, is ISC2 Certified in Cybersecurity (CC), and brings a global perspective with fluency in Spanish and developing proficiency in Portuguese.
- Iain SloanCISO, Washington State Liquor and Cannabis Board
Iain Sloan is an accomplished cybersecurity leader with more than 40 years of experience in information technology and security across both public and private sectors in the UK, Texas, and Washington State. As Chief Information Security Officer for the Washington State Liquor and Cannabis Board, he is responsible for safeguarding critical infrastructure, ensuring regulatory compliance, and driving strategic initiatives that enhance the agency’s security posture.
Throughout his career, Iain has led enterprise programs, implemented risk management frameworks, and fostered cross-functional collaboration to address evolving cyber threats. His deep technical expertise, combined with a commitment to operational excellence and public service, makes him a respected voice in the cybersecurity community.
- George WilliamsCIO, Washington State Liquor and Cannabis Board
George Williams is a seasoned technology executive and retired Senior Army Officer with over two decades of distinguished leadership in IT operations, strategic planning, and organizational transformation. Currently serving as Chief Information Officer and Director of IT Services for the Washington State Liquor and Cannabis Board, George leads enterprise-wide technology initiatives that drive innovation, efficiency, and mission alignment. His recent success includes spearheading a $70 million Salesforce CRM modernization project, replacing seven legacy systems and streamlining agency operations.
George’s career spans both public and private sectors, with prior roles including Senior IT Manager and Assistant Division Manager at Washington state agencies, and Engineering Manager at Iron Bow Technologies. His expertise encompasses cloud infrastructure, cybersecurity, enterprise systems, and vendor management—backed by hands-on experience with platforms like VMware, Azure, AWS, and Salesforce. A veteran of the U.S. Army and Washington Army National Guard, George held pivotal roles in global operations, including strategic planning for NATO in Afghanistan and communications leadership in Iraq. His military tenure culminated in commanding a missile defense site and developing communications doctrine for the Army’s digital transformation.
George holds an MBA in IT Management from Western Governors University (Feb 2024) and a BA in Education from Eastern Washington University. He is a Certified Scrum Master, Lean Six Sigma Green Belt, and IPMA LeaderPath graduate. Known for his disciplined approach, mentoring mindset, and results-driven leadership, George continues to bridge technology and strategy to empower teams and transform organizations.
- Brian HilemanDirector, Sales Engineering, Cyberhaven
Brian has over a decade of experience in data protection, specializing in DLP and Insider Risk Management. As Cyberhaven’s Director of Sales Engineering and creator of DLPTest.com, he has held key roles at Palo Alto Networks, Digital Guardian, and InteliSecure, and regularly shares insights at conferences like ISSA, CSA, and RMISC.
- Timothy YoungbloodCISO, Astrix
Timothy Youngblood is the former SVP, Chief Security Officer and Product Security Officer for T-Mobile, where he led the company’s cybersecurity organization. Prior to T-Mobile, Youngblood served as the Chief Information Security Officer for McDonald’s. He also established the CISO roles for two major industry brands, becoming the first Global CISO for both Dell and Kimberly-Clark. Earlier in his career, Youngblood held leadership roles at KPMG, providing advisory services to leading companies across industries. In addition to his board activities, Youngblood is an active angel investor with a focus on cybersecurity, medical devices, clean tech, media, and CPG. In 2024, he was recognized as the top member of the world’s largest angel investment organization, Keiretsu Forum. Youngblood also serves as an adviser to some of the most innovative cybersecurity startups in the industry. He currently holds the role of CISO-in-Residence for Astrix Security, the leader in Agentic and Non-Human Identity Security.
- Joe VeroneauHead of Trust and Security, Conveyor
Joe is a risk management professional with experience across many security, risk and compliance domains. Past roles include advising on GRC software implementations at highly regulated customers and supporting data protection efforts at Aptible, a HITRUST Certified Platform-as-a-Service. Joe currently leads the Trust & Security function at Conveyor, an AI agent company automating the customer security review process and he regularly participates in and presents at regional and national ISACA events.
- Jake Bernstein, Esq.VP, ISC2 Seattle Chapter
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Frank SimorjayPresident, ISC2 Seattle Chapter
Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)
- AK TorgesonTreasurer, ISC2 Seattle Chapter
AK obtained her CISSP in 2023, after attending an ISC2 Seattle CISSP Bootcamp. She holds a Masters in Analytical Chemistry from the University of Washington and Bachelors in Biochemistry and Computer Science, both from Seattle University.
- Jean Pawluk, ModeratorDirector at Large, ISC2 Seattle Chapter
Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).
- Lana DeMariaHead of Data Governance and Privacy, Alaska Airlines
Lana is a motivated and results-oriented leader with 20+ years of international experience.
She is experienced in supervising and training teams, building global enterprise-wide programs from the ground up, and leading, planning & executing projects in a variety of industries, ranging from aviation to software, to manufacturing, to telecom and education. She has over 23 years of team management and technology experience, with 19 years of strong contributions to the privacy, security and risk management space at Alaska Airlines Group, Microsoft and Ernst & Young, and with 18 years of training, communications and marketing experience at Alaska Airlines, Microsoft, Ernst & Young, Boeing, PacifiCorp and SCS.
She has earned and been awarded the Six Sigma, CIPP, CIPM, CISA and ITIL Foundations certifications, and is a member of the Digital Marketing Association, Institute of Internal Auditors, the International Association of Privacy Professionals, as well as the IT Compliance Institute. She has an MBA in International Business.
- Harald UpeguiDirector of Information Security, HealthPoint
- Panel Discussion
- Kip BoyleCo-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Jake Bernstein, Esq.Co-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLP
Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.
- Matt CraneDirector, Schellman Compliance LLC
Matt Crane, Director at Schellman, oversees PCI DSS assessments for diverse industries, leveraging over a decade of information security expertise. He conducts PCI workshops, speaks at industry events, and collaborates with Fortune 500 companies on compliance challenges, including SWIFT CSCF. Before joining Schellman in 2017, Matt specialized in PCI and NIST assessments and intelligence analysis in both private and public sectors. He holds a BBA in Information Security and Assurance and certifications including CISSP, CISA, CRISC, and QSA, ensuring clients receive expert guidance in achieving compliance goals.
- Justin HartDirector of Engineering, Salesforce
- Andrew LeethSr. Director, Security Assurance, Salesforce
- Mario MercaldiLead Security Engineer, Salesforce
Mario Mercaldi is a Lead Security Engineer at Salesforce, with a career rooted in building security tools, reverse engineering software, and leading large-scale risk assessments. For over a decade, he has combined offensive and product security expertise with a passion for automation and developing practical frameworks that help organizations scale security without losing precision. Today, Mario focuses on applying AI and emerging standards such as the Model Context Protocol (MCP) to shift security from reactive detection to proactive prevention - bringing a practitioner’s eye for detail to one of the industry’s biggest transformations.
- Jerry Hahn, ModeratorProduct Security, Compliance Automation Team, Salesforce
- Tim GalloHead of Global Threat Intelligence, Google Cloud
Tim Gallo is the Head of Global Threat Intelligence at Google Cloud, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower
- Elizabeth SchaedlerSecurity Advisor, Splunk
Elizabeth Schaedler is a seasoned Splunk Security Advisor, specializing in helping organizations align their security strategies with business risk objectives. She has extensive expertise in leveraging risk-based alerting to address complex challenges such as fraud prevention. With over 20 years of experience in data center operations and cybersecurity, Elizabeth has held senior roles at leading technology companies including Cray Research, HP, RSA, Sun Microsystems, and IBM, mostly in the high-performance computing (HPC) sector. Based in Portland, Elizabeth is a 3rd generation U of O Duck and spends her free time with her husband, recently embarking on the project of organizing the treasures left behind by their two adult children.
- William Lidster, ModeratorCISO, AAA Washington
William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization. William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.
In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.
Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.
William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.
- Sonali BhagwatSr. Director, Security, Privacy and Data Governance, Adobe
Sonali Bhagwat is Senior Director Adobe, leading global programs in Security Engineering, Privacy and Data Protection. With over 20 years of experience at Adobe, Twitter, and Microsoft, she has built scalable AI governance frameworks, privacy-by-design initiatives, and enterprise security capabilities. She holds a Bachelor’s in Engineering from the University of Mumbai and an MBA from the University of North Carolina, Chapel Hill.
- Akhila NamaHead of Enterprise Security, Box
Akhila Nama leads the Enterprise Security organization at Box where she oversees security design, strategy, architecture and risk management, with a focus on securing modern enterprise environments while driving business growth. With more than a decade of experience, Akhila has worked through multiple roles and domains, helping organizations navigate complex threats while building security programs and teams that scale.
- Scott BensonDirector of Cybersecurity and Infrastructure, Mud Bay, Inc.
Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.
- Aaron HuntDirector, Information Security, KP LLC
An Information Security leader with experience establishing resilient security strategies and procedures enhancing the corporate security posture, through evaluation of risk, promoting security awareness and privacy training, management of incident response, managing relationships with customers and business partners, and ensuring continued compliance through internal, customer and certification security audits.
A proven leader, skilled in managing network and application operations, knowledgeable in many collaboration and web environments and successfully managed services and large scale projects. Experienced in several security frameworks, including ISO 27001, PCI DSS, HITRUST, NIST 800-53, HIPAA, GDPR and SOC.
- Megan Slabinski, ModeratorDistrict President, Robert Half
Megan Slabinski is the District President for Robert Half, the world’s first and largest specialized talent solutions firm. Megan oversees operations for the Technology and Marketing and Creative practice groups in the Pacific Northwest, Utah, New Mexico and Northern California.
Megan joined Robert Half in 1999 and has held numerous leadership roles within the company, including Regional Vice President and Executive Director of The Creative Group. A veteran of the staffing industry, she has helped place thousands of professionals in rewarding careers and has provided local businesses with the talent they need to be successful.
Megan is considered an industry expert and quoted frequently on career-related topics as well as speaking publicly at various events throughout the regions she oversees. She is a graduate of the University of Washington.
- Kip Boyle, InstructorvCISO, Cyber Risk Opportunities LLC
Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Hone your skills and connect with your regional peers in InfoSec.
