SecureWorld Seattle 2025

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

As AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.

Our presenter(s) will delve into:

• The current state of AI adoption across various industries and its impact on cybersecurity
• Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
• Designing governance frameworks that ensure responsible AI use while fostering innovation
• Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
• Regulatory landscape and compliance requirements for AI implementation
• Best practices for data management and protection in AI-driven environments
• Ethical considerations in AI development and deployment
• Strategies for building AI literacy within organizations
• Future trends and preparing for the evolving AI landscape

Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.

Participating professional associations and details to be announced.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Explore how Washington State is integrating cybersecurity into its comprehensive emergency management framework. This session provides a brief overview of emergency management principles before delving into the state’s current cybersecurity posture.

Learn about the Washington State Emergency Management Division’s proactive initiatives, including the formation of the Cybersecurity Advisory Council and the Cybersecurity Incident Response Team, dedicated to enhancing local jurisdiction resilience. Discover how an emergency management lens is applied to cyber incident response planning, how the state provides critical support for training and strategic plan development, and how your organization can partner with EMD to enhance the cyber safeguards of Washingtonians.

Security buyers are often inundated with requests from startups to engage in a variety of ways, making it difficult to separate the signal from the noise. What are these startups really looking for from the security community, and how can security executives and practitioners best leverage their roles to mitigate risk within their organizations, contribute to the broader cybersecurity discussion, and further their careers in an ever-changing industry?

This talk includes a survey of the cybersecurity venture capital world, as well as the variety of ways that security buyers can contribute to and benefit from the complex and innovative worlds of startups and venture capital.

The anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.

Session description to come.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

We have all heard about Phishing, Spear Phishing, Social Engineering, and various new threats like deepfake videos, and AI voice / video fakes.  We all need to defend against them for sure, but what are they and why do they work?  What are the best ways to stop or reduce these threats and their impact on our lives and our businesses?  This talk discusses the human aspects of con jobs, and how we can catch them or reduce their impact on our businesses and lives.

Cybersecurity is no longer just an IT issue; it’s a boardroom buzzword. But how do you get the board to care about firewalls and phishing without their eyes glazing over? Enter this session, your crash course in translating cyber-speak into something the C-suite will actually understand (and maybe even enjoy).

This session breaks down how to turn terrifying tactical tech talk into a blueprint for boardroom brilliance. Learn how to frame cyber threats as business risks, sell the ROI of that new security software, and align your pitch with corporate goals – all without triggering a “404: Audience Not Found” error.

Prepare for some laughs, a lot of lightbulb moments, and the confidence to make your next boardroom chat a smash hit. Whether you’re a cybersecurity wizard or just trying to avoid a crash-and-burn presentation, this talk helps you bridge the gap between the server room and the boardroom.

Regardless of the sophistication of the ransomware, the end goal is always the same: get in through a vulnerability and move laterally through your network. Join this presentation as we help peel back the layers to provide you with simple steps to get started that include:

• Gaining visibility to where you are the most vulnerable
• Closing risky ports
• Leveraging tools you already have in place without adding layers of complexity

In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

Our panel provides a comprehensive overview of the current threat landscape.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Get ready to dive into the future of cybersecurity education! Join us for an electrifying session that showcases how AI is revolutionizing the way we train the next generation of cybersecurity professionals. Alejandro Ayala and Lalitha Subramanian unveil the cutting-edge ‘CyberEd in a Box’ program – a dynamic blend of AI-driven personalization and ethical training that’s closing the gap between academia and industry.

Discover how tools like ChatGPT are used to create tailored learning experiences that not only boost technical skills but also instill the moral integrity needed to tackle real-world cyber threats. With proven results in student performance and engagement, this innovative program is set to redefine the standards of cybersecurity education.

Don’t miss out on this opportunity to see how AI is bridging the gap and shaping the future of the cybersecurity workforce. Be part of the conversation that’s turning heads and setting the stage for a new era in education.

As organizations migrate to the cloud, securing these virtual kingdoms requires a blend of innovation and vigilance. This panel will explore the challenges of cloud security, from defending against breaches to managing access, and how organizations can build cloud “castles” that are both robust and adaptable in the face of evolving threats.

Insider threats – ranging from intentional data theft to accidental disclosures – are on the rise, and traditional security measures are insufficient to protect sensitive information. In this session, we delve into a breakthrough solution that combines the use of AI, steganography, and computer vision to deter data theft and trace unauthorized leaks.

We share real-world use cases offering ways to safeguard data regardless of the leak vector–whether through digital copies, photos of screens, or manually retyped into another computer–ensuring valued data assets are kept secure. Learn how to stop data theft before it happens and track unauthorized disclosures with precision. From AI-driven detection to uniquely personalized invisible watermarks, discover how data security is being redefined.

Today, good cyber skills are good life skills, and we’re here to put your mind through the motions! Join us in the networking lounge of the Exhibitor Hall during the post-lunch keynote break for a turbocharged gameshow and test your abilities! We will engage you with thrilling challenges and strategic quandaries. Come for essential info and practical techniques to safeguard your digital life after the stadium lights have dimmed. This user-focused trivia game demonstrates how utilizing quick wits, tricky quandaries and fast thinking can engage your user audience to move the needle on keeping their digital lives (and your organization’s network) safer.

Along with the 15 or so scored questions, the game show hosts will discuss topics raised in each of the questions. We will also answer audience questions and provide insight on key behaviors. We will utilize a trivia platform that allows the audience to play along and see their score compared to other players in the game.

As artificial intelligence systems become embedded in every layer of cybersecurity—from threat detection to automated response—the AI Moral Code provides a principled framework for ensuring that these systems remain aligned with human values, legal standards, and operational trust.

The AI Moral Code is a structured ethics architecture that integrates five value domains—Core, Social, Cultural, Personal, and Futuristic—mapped to key enforcement layers in cybersecurity and AI governance. Built from a longitudinal analysis of 291 global AI ethics documents (2006–2025), the framework is designed to be interpretable, traceable, and adaptable across AI deployments and cybersecurity missions.

Key components include:

• NRBC Framework (Normative, Regulatory, Behavioral, Conceptual): Guides how values are embedded in design, monitored in operation, and enforced post-deployment.
• Canonical Values and Disvalues: Defines what ethical AI must do (e.g., fairness, transparency) and must avoid (e.g., manipulation, opacity).
• Ethical Drift Prevention: Integrates with MLOps and adversarial AI defense layers to catch value misalignment over time.
• Moral Simulation & Reflexive Learning: Enables agent-based models and AI-assisted cybersecurity teams to test ethical decision making in high-stakes scenarios.

This Code is not theoretical—it’s operational. It aligns directly with NIST AI Risk Management, the NICE Framework, and Zero Trust design principles. It enables both technical and non-technical stakeholders to audit and govern AI systems at scale.

By embedding moral reasoning into the cybersecurity fabric, the AI Moral Code strengthens digital trust, supports mission assurance, and prepares cybersecurity leaders to responsibly deploy AI systems with confidence.

This panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.

In the realm of enterprise security, every organization faces a classic tale as old as time: the eternal battle between defenders and digital dragons. Just as fairy tale heroes relied on preparation, vigilance, and the right tools to protect their kingdoms, today’s cybersecurity professionals must deploy proactive measures to safeguard their digital domains.

This panel session explores how preventative measures serve as the ultimate “happily ever after” for enterprise security. Our expert panel guides attendees through the enchanted forest of modern threats, revealing how proactive security architecture can transform organizations from vulnerable victims to empowered heroes.

Panelists share real-world case studies, proactive security solutions, and how organizations can write their own security success stories.

Session description to come.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Session description to come.

Participating professional associations and details to be announced.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Challenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.

As AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.

Our distinguished panelists will delve into:

• The current state of AI adoption across various industries and its impact on cybersecurity
• Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
• Designing governance frameworks that ensure responsible AI use while fostering innovation
• Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
• Regulatory landscape and compliance requirements for AI implementation
• Best practices for data management and protection in AI-driven environments
• Ethical considerations in AI development and deployment
• Strategies for building AI literacy within organizations
• Future trends and preparing for the evolving AI landscape

Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.

Hear directly how someone who has spent years reviewing and prioritizing bug bounty program submissions approaches the task. In this talk, discover how to craft reports that stand out, ensuring your findings are presented for maximum impact and value. Discover the most common pitfalls to avoid, tips on how to structure your reports for clarity and precision, and hear highlights of the key elements triagers focus on to determine the severity and validity of vulnerabilities.

Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

As cybersecurity questionnaires become more frequent and complex, organizations face a choice: treat them as compliance exercises, or turn them into opportunities to build trust. In this session, learn how to elevate InfoSec responses beyond the checkbox by tying security controls to business risk, operational maturity, and shared outcomes with clients. Marivell breaks down how to collaborate across technical and legal teams, improve transparency, and strengthen relationships that go beyond policies and PDFs. Key takeaways: from this session:

• Turn routine client assessments into strategic conversations
• Translate technical controls (MFA, encryption, pen tests) into business terms
• Use assurance moments to drive cultural change and showcase cyber leadership

In today’s interconnected digital ecosystem, the security of any product is only as strong as its weakest link. This panel session explores the critical role of trusted partnerships in developing and maintaining secure products throughout their lifecycle.

Our distinguished panel delves into the challenges and opportunities of fostering collaborative relationships between vendors, suppliers, and customers to enhance product security. They examine how these partnerships can lead to more robust security measures, improved threat intelligence sharing, and faster response times to emerging vulnerabilities. Key topics include:

• Establishing trust in the supply chain
• Collaborative approaches to secure software development
• The role of transparency in building and maintaining trust
• Balancing intellectual property concerns with security needs
• Leveraging partnerships for more effective incident response
• Case studies of successful security-focused partnerships

AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

You’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Navigating PCI DSS compliance can be daunting for multi-payment channel merchants and service providers handling diverse transaction environments. This presentation explores practical strategies to reduce compliance burden while bolstering security. Attendees will learn how simple process changes, such as tokenization and point-to-point encryption, can minimize sensitive data exposure. We’ll also examine the benefits of outsourcing specific PCI DSS responsibilities to trusted third-party providers, enabling organizations to focus on core operations without compromising security.

Drawing on real-world examples, the session will highlight how these approaches streamline compliance efforts, reduce costs, and enhance protection across online, in-store, and mobile payment channels. Ideal for merchants and service providers, this talk offers actionable insights to achieve PCI DSS compliance efficiently.

Learn how multi-payment channel merchants and service providers can simplify PCI DSS compliance and enhance security through strategic process changes and outsourcing.

Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this talk, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise.

We cover the following topics:

• The state of SMB cybersecurity in the U.S.
• The cost and impact of cyber breaches on SMBs
• The main cyber threats and vulnerabilities that SMBs face
• The best practices and frameworks for SMB cybersecurity
• The steps to build or improve your cybersecurity program

Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

The battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.

Session description to come.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Session description to come.

Session description to come.

In the face of relentless cyber threats, organizations must cultivate a culture of cybersecurity awareness, empowering employees to become the unsung heroes of the digital realm. Just as a superhero’s strength lies in the support of the community, building a resilient organization requires a collective effort to protect against cyberattacks.

Join our expert panel as they explore the strategies for fostering a culture of cybersecurity awareness, transforming employees into vigilant guardians of critical data and systems. Our panel unveils the secrets to building a cybersecurity-conscious organization, enabling them to empower employees as first defenders, integrate cybersecurity into workplace culture, promote open communication and reporting, utilize gamification and incentives, and measure and communicate success.

Our panel provides a comprehensive guide to building a culture of cybersecurity awareness, empowering organizations to transform their workforce into a resilient force against cyber threats and safeguarding their digital fortress from within.

The cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses.  By working together, we can defend U.S. cyberspace and protect our way of life.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

• Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
• Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
• A step-by-step action plan – No more guessing what to do next
• Real-world case studies – See how organizations just like yours have successfully implemented the framework
• Expert-level confidence – Finally speak cybersecurity with authority and clarity

What makes this different?
This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

Perfect for:

• IT Directors and Managers
• Cybersecurity Professionals
• Business Leaders responsible for risk management
• Compliance Officers
• Anyone tasked with “figuring out cybersecurity”

Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

• Getting BUY-IN from your senior decision makers
• Discovering your top five cyber risks
• Creating a prioritized risk mitigation plan with implementation roadmap
• A score card you can use to track progress

Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

Your organization’s cybersecurity can’t wait. Register now.

AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is Artificial Intelligence?
Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

Lesson 2: What are the AI threats?
Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

Lesson 3: What are the AI vulnerabilities?
Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

Lesson 4: What are AI security controls?
Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

Lesson 5: What is AI risk management?
Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

Lesson 8: Building an AI security program
Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

STUDENT TESTIMONIAL:
“Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
— Andrew F. Powell Jr., Information Security Director, Williams College