Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, November 5, 2025
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 1
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

    • Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
    • Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
    • A step-by-step action plan – No more guessing what to do next
    • Real-world case studies – See how organizations just like yours have successfully implemented the framework
    • Expert-level confidence – Finally speak cybersecurity with authority and clarity

    What makes this different?
    This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

    Perfect for:

    • IT Directors and Managers
    • Cybersecurity Professionals
    • Business Leaders responsible for risk management
    • Compliance Officers
    • Anyone tasked with “figuring out cybersecurity”

    Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

    • Getting BUY-IN from your senior decision makers
    • Discovering your top five cyber risks
    • Creating a prioritized risk mitigation plan with implementation roadmap
    • A score card you can use to track progress

    Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

    Your organization’s cybersecurity can’t wait. Register now.

    7:30 am
    [PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 1
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

    Lesson 1: What is Artificial Intelligence?
    Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

    Lesson 2: What are the AI threats?
    Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

    Lesson 3: What are the AI vulnerabilities?
    Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

    Lesson 4: What are AI security controls?
    Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

    Lesson 5: What is AI risk management?
    Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

    Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
    One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

    Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
    Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

    Lesson 8: Building an AI security program
    Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

    Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

    STUDENT TESTIMONIAL:
    “Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
    Andrew F. Powell Jr., Information Security Director, Williams College

    8:00 am
    Networking Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    Also, look for “Cyber Connect” discussions on select topics and join the conversation.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    8:00 am
    Developing Strategies and Governance Policies Around AI
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    As AI continues to revolutionize the business landscape, organizations face the critical challenge of harnessing its potential while mitigating associated risks. This panel session brings together experts from varying industries to explore the intricacies of developing comprehensive AI strategies and governance policies.

    Our presenter(s) will delve into:

    • The current state of AI adoption across various industries and its impact on cybersecurity
    • Key components of an effective AI strategy, including alignment with business objectives and ethical considerations
    • Designing governance frameworks that ensure responsible AI use while fostering innovation
    • Addressing AI-specific risks, including bias, privacy concerns, and potential security vulnerabilities
    • Regulatory landscape and compliance requirements for AI implementation
    • Best practices for data management and protection in AI-driven environments
    • Ethical considerations in AI development and deployment
    • Strategies for building AI literacy within organizations
    • Future trends and preparing for the evolving AI landscape

    Gain valuable insights into creating balanced, forward-thinking AI strategies that maximize benefits while maintaining robust security and ethical standards. The session provides practical guidance on navigating the complex intersection of AI, business objectives, and regulatory requirements.

    8:00 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    Participating professional associations and details to be announced.

    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] Securing the Emerald City and Beyond: Lessons in Leadership from Top CISOs
    • session level icon
    speaker photo
    CISO, Sound Transit
    speaker photo
    SVP & CISO, Nordstrom
    speaker photo
    CISO, PACCAR
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    The role of the CISO continues to evolve as cybersecurity leaders work to shape business resilience and protect critical assets. In this keynote panel, top CISOs from Seattle and beyond come together to share their hard-earned insights, leadership strategies, and lessons learned from defending some of the largest and most influential organizations.
    This engaging discussion explores topics such as navigating boardroom conversations, driving a culture of security across the enterprise, and adapting to emerging threats while enabling business growth. Designed for cybersecurity executives and their teams, this panel provides actionable advice, strategic takeaways, and inspiration to kick off the 24th edition of SecureWorld Seattle—SecureWorld’s first-ever conference.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:10 am
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:10 am
    [Panel] Building Cyber Resilience in Washington State
    • session level icon
    speaker photo
    Infrastructure & Industry Section Lead, Washington Military Department's Emergency Management Division
    speaker photo
    Chief of Special Operations Division, King County Sheriff's Office
    speaker photo
    Sr. Information Security & Compliance Engineer, Costco Wholesale
    Registration Level:
    • session level iconConference Pass
    10:10 am - 10:45 am

    Explore how Washington State is integrating cybersecurity into its comprehensive emergency management framework. This session provides a brief overview of emergency management principles before delving into the state’s current cybersecurity posture.

    Learn about the Washington State Emergency Management Division’s proactive initiatives, including the formation of the Cybersecurity Advisory Council and the Cybersecurity Incident Response Team, dedicated to enhancing local jurisdiction resilience. Discover how an emergency management lens is applied to cyber incident response planning, how the state provides critical support for training and strategic plan development, and how your organization can partner with EMD to enhance the cyber safeguards of Washingtonians.

    10:10 am
    The Cyber Bridge: From Castle Tower to Village Square
    • session level icon
    speaker photo
    Assistant Director, Information Security, Port of Seattle
    Registration Level:
    • session level iconConference Pass
    10:10 am - 10:45 am

    In this session, let’s reframe the challenge of enterprise cybersecurity through the classic Rapunzel narrative. The C-suite and boardroom often function as a “castle tower,” offering a strategic, high-level view but far removed from the day-to-day realities of the “village square,” where employees on the front lines encounter daily cyber threats.

    Without a strong bridge, critical intelligence fails to flow between leadership and the frontline, leading to delayed threat recognition and slow incident response. This talk explores how to build that essential “cyber bridge,” translating executive strategy into actionable guidance for all employees and leveraging frontline observations to inform leadership decisions. The session provides practical strategies for fostering a shared security culture, where every individual—from the boardroom to the break room—is empowered to be part of a proactive defense.

    10:10 am
    Unmasking Deception: Harnessing Data Analytics for Robust Fraud Detection and Prevention
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:10 am - 10:45 am

    The anti-fraud effort continues to grow in complexity and it requires analytics-based insights. An optimized approach for identification and mitigation is needed. Learn to analyze data at the speed of the business.

    10:10 am
    Harnessing Data Analytics for Robust Fraud Detection and Prevention
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:10 am - 10:45 am

    Session description to come.

    10:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Post-Quantum Cryptography Overview: What You Should Do NOW!
    • session level icon
    speaker photo
    Cyber Resiliency, T-Mobile
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:45 am

    Quantum Computing has the potential to render traditional cryptographic systems breakable within the next decade. There are now standards and viable implementations of quantum-resistant cryptographic protocols. That is the first step. The next step is how to assess your organization’s risk and begin the transition to Post-Quantum Cryptography (PQC). You will walk away knowing you need to have and maintain a cryptographic protocol inventory; you need to transition to quantum-resistant cryptography starting with your highest risk data and platforms; and you need to transition in a way that doesn’t interrupt the business.

    11:10 am
    Leadership in Security: Tools and Techniques to Gain Alignment and Drive Results
    • session level icon
    speaker photo
    BISO, Salesforce
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:45 am
    Security leaders face a choice: chase the illusion of perfect security, or take a pragmatic approach that aligns with business objectives, adapts to change, and drives measurable value.
    In this session, you’ll learn how to blend strategic thinking with pragmatic security to protect what matters most without slowing innovation.
    Through real-world stories, leadership frameworks, and interactive exercises, we’ll explore:
    • Who YOU are as a security leader and how that builds trust with the business (Leadership Pyramid)
    • The difference between strategic and tactical thinking—and why most security failures start here.
    • How scenario planning and systems thinking keeps your program agile without overspending on edge cases.
    • Applying SWOT analysis to uncover opportunities inside threats.
    • Using cost–benefit and risk analysis to make faster, smarter investment calls.
    • Embedding risk management into daily leadership habits.
    If you lead security—or influence it—you’ll walk away with tools to transform your security function into a strategic enabler that earns trust, accelerates growth, and keeps pace with the business.
    11:10 am
    From Reactive to Proactive: The Rise of Supply Chain Detection and Response
    • session level icon
    speaker photo
    Director, Global Cyber Risk Solutions Delivery, SecurityScorecard
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:45 am

    The fastest-growing cyber threat isn’t in your network—it’s hidden in the vendors, partners, and platforms you rely on every day. With third-party breaches driving the majority of major incidents, traditional approaches to third-party risk management (TPRM) are no longer enough.

    This session introduces Supply Chain Detection and Response (SCDR), an emerging operational model for continuously monitoring, detecting, and responding to supply chain cyber threats. Unlike point-in-time assessments, SCDR unifies risk and security operations to deliver real-time intelligence, coordinated incident response, and measurable remediation across an organization’s entire vendor ecosystem.

    Drawing from recent breach data, anonymized case studies, and lessons from large-scale supply chain security programs, we will cover:

    • Why supply chain attacks are outpacing traditional defenses

    • Key elements of the SCDR model any organization can adopt

    • Examples of real-world breaches and how SCDR practices could have contained them

    • Steps security leaders can take today to operationalize supply chain defense in their own environment

    Whether you manage vendor risk, lead a SOC, or set governance and compliance strategy, you’ll leave with actionable steps to shift from reactive assessments to proactive supply chain defense—no matter what tools or platforms you use.

    11:10 am
    [Panel] Unveiling the Hidden Threat Landscape and Unmasking Digital Villains
    • session level icon
    speaker photo
    Principal Solutions Architect (Cloud Security SME), Bitdefender
    speaker photo
    Founder & President, AgeLight Advisory & Research Group
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:45 am

    In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

    Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the ever-expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

    Our panel provides a comprehensive overview of the current threat landscape.

    12:00 pm
    [Lunch Keynote] Ask a CISO: Challenges, Lessons, and the Future of Cybersecurity
    • session level icon
    speaker photo
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.
    speaker photo
    VP, Chief Information Security & Infrastructure Officer, The Greenbrier Companies
    speaker photo
    CISO, Snohomish County, Washington
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater
    Ever wondered what keeps CISOs up at night? In this interactive panel session to put a bow on the conference day, seasoned CISOs share their unfiltered perspectives on the evolving cybersecurity landscape. From navigating boardroom conversations and managing security incidents to balancing business needs with risk management, they’ll discuss the realities of the role, lessons learned from the front lines, and how they see security evolving in the years ahead.
    Expect candid insights on topics such as:

    • The toughest decisions CISOs face daily
    • Emerging threats and how security leaders are preparing
    • The future of security operations, compliance, and resilience
    • Strategies for bridging the gap between security teams and executive leadership
    • Advice for aspiring security leaders and practitioners
    This is your chance to ask burning questions, gain strategic insights, and walk away with a deeper understanding of what it really means to be a CISO in today’s high-stakes environment.
    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite only)
    • session level icon
    Sponsored by Cohesity
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    Sponsored by:

    12:45 pm
    Networking Break & Cyber Connect
    • session level icon
    Bridging the Gap: The Role of the BISO in Modern Cybersecurity – Join this bonus session in the Networking Hall
    speaker photo
    Director, Advisory, KPMG; Leadership Board, WiCyS BISO Affiliate
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:10 pm
    Location / Room: Exhibitor Hall

    As cybersecurity continues to evolve, so does the need for professionals who can seamlessly connect security initiatives with business objectives. Enter the Business Information Security Officer (BISO), a critical yet often misunderstood role. Come join this informal discussion for BISOs, would-be BISOs, and those who want to learn more about the role. Hear what a BISO does, how technical professionals can develop the necessary business acumen to become leaders, and practical strategies for bridging the gap between security and business priorities.

    1:10 pm
    Assumption of Risk or the Risks of Assumption? Examining the Impact of Thoughtful Communication
    • session level icon
    speaker photo
    VP, Cyber Services, AmTrust Financial Services
    Registration Level:
    • session level iconConference Pass
    1:10 pm - 1:45 pm
    Security is a growth strategy, but are we delivering that message effectively? Risk assumption is the mainstay of the security professional, but let’s look at assumption through a different lens. What beliefs do you presume about other initiatives, teams, leaders in your organization? How might these be stymying your effectiveness or decelerating growth and innovation?
    This presentation explores what words and actions purport and examines how accurate (or inaccurate) our hasty conclusions about others can be. Participants will learn how abandoning assumptions in favor of objective alignment can multiply security program impact and efficacy, accelerating innovation and business growth.
    1:10 pm
    Phishing in the Age of AI: New Threats and How to Fight Back
    • session level icon
    speaker photo
    Co-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLC
    speaker photo
    Co-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLP
    Registration Level:
    • session level iconConference Pass
    1:10 pm - 1:45 pm
    Attackers are using generative AI to launch more effective phishing and ransomware attacks. We’ll explore the recent Unit 42 example where an AI-driven attack was completed in under 25 minutes. Podcasters Kip and Jake share practical defense strategies organizations can use to defend themselves. Join in on the discussion and ask questions. Kip and Jake will leave you longing for more… setting you up for their Day 2 live podcast onsite. Join the duo after the lunch keynote on Thursday from 12:45-1:10 p.m.; they’ll be adjacent to the networking lounge on the Exhibitor Hall floor.
    1:10 pm
    [Panel] Guardians of the Cyber Realm: Building Castles in the Cloud
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:10 pm - 1:45 pm

    As organizations migrate to the cloud, securing these virtual kingdoms requires a blend of innovation and vigilance. This panel will explore the challenges of cloud security, from defending against breaches to managing access, and how organizations can build cloud “castles” that are both robust and adaptable in the face of evolving threats.

    1:10 pm
    Cracking the Insider Threat Code: Using AI and Forensic Watermarking to Stop Data Theft
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:10 pm - 1:45 pm

    Insider threats – ranging from intentional data theft to accidental disclosures – are on the rise, and traditional security measures are insufficient to protect sensitive information. In this session, we delve into a breakthrough solution that combines the use of AI, steganography, and computer vision to deter data theft and trace unauthorized leaks.

    We share real-world use cases offering ways to safeguard data regardless of the leak vector–whether through digital copies, photos of screens, or manually retyped into another computer–ensuring valued data assets are kept secure. Learn how to stop data theft before it happens and track unauthorized disclosures with precision. From AI-driven detection to uniquely personalized invisible watermarks, discover how data security is being redefined.

    1:45 pm
    Networking Break & Cyber Connect
    • session level icon
    Level Up Your Cyber Game: Join this bonus session in the networking lounge of the Networking Hall
    speaker photo
    Executive Director, National Cybersecurity Alliance
    speaker photo
    Director, Information Security & Engagement, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    1:45 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Today, good cyber skills are good life skills, and we’re here to put your mind through the motions! Join us in the networking lounge of the Exhibitor Hall during the post-lunch keynote break for a turbocharged gameshow and test your abilities! We will engage you with thrilling challenges and strategic quandaries. Come for essential info and practical techniques to safeguard your digital life after the stadium lights have dimmed. This user-focused trivia game demonstrates how utilizing quick wits, tricky quandaries and fast thinking can engage your user audience to move the needle on keeping their digital lives (and your organization’s network) safer.

    Along with the 15 or so scored questions, the game show hosts will discuss topics raised in each of the questions. We will also answer audience questions and provide insight on key behaviors. We will utilize a trivia platform that allows the audience to play along and see their score compared to other players in the game.

    2:10 pm
    The AI Moral Code: Embedding Ethical Integrity into AI and Cybersecurity Operations
    • session level icon
    speaker photo
    Professor of Practice, Cybersecurity, Norwich University
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:45 pm

    As artificial intelligence systems become embedded in every layer of cybersecurity—from threat detection to automated response—the AI Moral Code provides a principled framework for ensuring that these systems remain aligned with human values, legal standards, and operational trust.

    The AI Moral Code is a structured ethics architecture that integrates five value domains—Core, Social, Cultural, Personal, and Futuristic—mapped to key enforcement layers in cybersecurity and AI governance. Built from a longitudinal analysis of 291 global AI ethics documents (2006–2025), the framework is designed to be interpretable, traceable, and adaptable across AI deployments and cybersecurity missions.

    Key components include:

    • NRBC Framework (Normative, Regulatory, Behavioral, Conceptual): Guides how values are embedded in design, monitored in operation, and enforced post-deployment.
    • Canonical Values and Disvalues: Defines what ethical AI must do (e.g., fairness, transparency) and must avoid (e.g., manipulation, opacity).
    • Ethical Drift Prevention: Integrates with MLOps and adversarial AI defense layers to catch value misalignment over time.
    • Moral Simulation & Reflexive Learning: Enables agent-based models and AI-assisted cybersecurity teams to test ethical decision making in high-stakes scenarios.

    This Code is not theoretical—it’s operational. It aligns directly with NIST AI Risk Management, the NICE Framework, and Zero Trust design principles. It enables both technical and non-technical stakeholders to audit and govern AI systems at scale.

    By embedding moral reasoning into the cybersecurity fabric, the AI Moral Code strengthens digital trust, supports mission assurance, and prepares cybersecurity leaders to responsibly deploy AI systems with confidence.

    2:10 pm
    Managing AI Platform Risk: How Security and Engineering Partner to Deliver Trusted Models
    • session level icon
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:45 pm

    This panel discusses why trust is so important to Salesforce and how we approach securing our Generative AI offerings for our customers. The panelists share best practices, tooling, and pitfalls to avoid along the way.

    2:10 pm
    [Panel] Proactive Security: Building Digital Fortresses Against Modern Dragons
    • session level icon
    speaker photo
    Sr. Sales Engineer, Axonius
    speaker photo
    Sr. Sales Engineer, ColorTokens
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:45 pm

    In the realm of enterprise security, every organization faces a classic tale as old as time: the eternal battle between defenders and digital dragons. Just as fairy tale heroes relied on preparation, vigilance, and the right tools to protect their kingdoms, today’s cybersecurity professionals must deploy proactive measures to safeguard their digital domains.

    This panel session explores how preventative measures serve as the ultimate “happily ever after” for enterprise security. Our expert panel guides attendees through the enchanted forest of modern threats, revealing how proactive security architecture can transform organizations from vulnerable victims to empowered heroes.

    Panelists share real-world case studies, proactive security solutions, and how organizations can write their own security success stories.

    2:10 pm
    AI-Driven Cybersecurity: The Good, the Bad, and the Ugly
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:45 pm

    Session description to come.

    2:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:00 pm
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:00 pm
    CLOSING KEYNOTE
    • session level icon
    speaker photo
    CEO & Co-Founder, EchoMark
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Keynote Theater

    Session topic and details to come.

    3:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:45 pm - 4:00 pm

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    3:45 pm
    [PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 2
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

    • Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
    • Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
    • A step-by-step action plan – No more guessing what to do next
    • Real-world case studies – See how organizations just like yours have successfully implemented the framework
    • Expert-level confidence – Finally speak cybersecurity with authority and clarity

    What makes this different?
    This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

    Perfect for:

    • IT Directors and Managers
    • Cybersecurity Professionals
    • Business Leaders responsible for risk management
    • Compliance Officers
    • Anyone tasked with “figuring out cybersecurity”

    Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

    • Getting BUY-IN from your senior decision makers
    • Discovering your top five cyber risks
    • Creating a prioritized risk mitigation plan with implementation roadmap
    • A score card you can use to track progress

    Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

    Your organization’s cybersecurity can’t wait. Register now.

    3:45 pm
    [PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 2
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:45 pm - 5:15 pm

    AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

    Lesson 1: What is Artificial Intelligence?
    Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

    Lesson 2: What are the AI threats?
    Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

    Lesson 3: What are the AI vulnerabilities?
    Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

    Lesson 4: What are AI security controls?
    Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

    Lesson 5: What is AI risk management?
    Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

    Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
    One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

    Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
    Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

    Lesson 8: Building an AI security program
    Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

    Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

    STUDENT TESTIMONIAL:
    “Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
    Andrew F. Powell Jr., Information Security Director, Williams College

  • Thursday, November 6, 2025
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 4:15 pm
    Location / Room: Registration Desk / Lobby

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    7:30 am
    [PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 3
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

    • Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
    • Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
    • A step-by-step action plan – No more guessing what to do next
    • Real-world case studies – See how organizations just like yours have successfully implemented the framework
    • Expert-level confidence – Finally speak cybersecurity with authority and clarity

    What makes this different?
    This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

    Perfect for:

    • IT Directors and Managers
    • Cybersecurity Professionals
    • Business Leaders responsible for risk management
    • Compliance Officers
    • Anyone tasked with “figuring out cybersecurity”

    Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

    • Getting BUY-IN from your senior decision makers
    • Discovering your top five cyber risks
    • Creating a prioritized risk mitigation plan with implementation roadmap
    • A score card you can use to track progress

    Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

    Your organization’s cybersecurity can’t wait. Register now.

    7:30 am
    [PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 3
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

    Lesson 1: What is Artificial Intelligence?
    Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

    Lesson 2: What are the AI threats?
    Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

    Lesson 3: What are the AI vulnerabilities?
    Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

    Lesson 4: What are AI security controls?
    Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

    Lesson 5: What is AI risk management?
    Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

    Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
    One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

    Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
    Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

    Lesson 8: Building an AI security program
    Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

    Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

    STUDENT TESTIMONIAL:
    “Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
    Andrew F. Powell Jr., Information Security Director, Williams College

    8:00 am
    Networking Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible, as well as association chapters! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    Also, look for “Cyber Connect” discussions on select topics and join the conversation.

    8:00 am
    Oh Behave! The Annual Report on Security Attitudes and Behaviors
    • session level icon
    speaker photo
    Executive Director, National Cybersecurity Alliance
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    The National Cybersecurity Alliance’s annual report is hot off the press! Are we making progress on influencing the public’s perception of cybersecurity and their behaviors with technology? Come hear what we learned from this year’s research and how you can apply it in your org, and with your friends and family.
    8:00 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am

    Participating professional associations and details to be announced.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] The Threat You Didn't Vote For: Why European CISOs Fear U.S. Surveillance More than China or Russia
    • session level icon
    speaker photo
    VP & CISO, ADT
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater
    When cybersecurity professionals think about their top threat actors, nation-state adversaries like China or Russia often top the list. But ask the same question in Berlin or Paris, and you’ll get a very different—and surprising—answer. European cybersecurity audiences often cite lawful U.S. government access to data as their top concern—outranking even nation-state threat actors.
    In this provocative keynote, Tim Rains, global cybersecurity expert and author of Cybersecurity Threats, Malware Trends, and Strategies (2nd Ed.), explores the enduring fallout from the Snowden revelations, the implications of FISA Section 702, and the real-world risks of U.S. intelligence surveillance to multinational enterprises. Attendees will gain insight into what European CISOs know that Americans often overlook, and why risk models must include legal jurisdiction as a threat vector. With cloud and AI adoption surging, the time to understand this threat isn’t next year—it’s now.
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:10 am
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:10 am
    [Panel] ASPIRE Your Approach: Repay Engineering by Investing in Application Security
    • session level icon
    Registration Level:
    • session level iconConference Pass
    10:10 am - 10:45 am

    Challenges with engineering moving faster with their CI/CD pipelines, releases, and environment updates still need security involved to adopt and scale. Security investments often increasingly create friction within the organization. This session helps security professionals look at their AppSec program with a “more investment is good” model. This mantra allows security and engineering—and the business—to scale with quality, speed, and innovation that improves security and fosters better engineering partnerships.

    10:10 am
    Make Risk Matter: From Wasted Time to Better Decisions Under Uncertainty
    • session level icon
    speaker photo
    CISO, Washington Department of Natural Resources
    Registration Level:
    • session level iconConference Pass
    10:10 am - 10:45 am

    Most cybersecurity risk processes spend more time writing reports than influencing decisions. Leaders skim the summaries, nod at the heat maps and charts, and move on—while critical decision making happens without any awareness of uncertainty. This talk shows you why we need to drop the activities that aren’t useful, and how to connect risk analysis directly to decisions, and make your risk analysis matter.

    10:10 am
    [Panel] Generative AI: Contextual Chaos and the Rise of Security Complexity
    • session level icon
    speaker photo
    CISO and Angel Investor
    speaker photo
    Research Fellow, Cloud Security Alliance
    speaker photo
    Research Fellow, Cloud Security Alliance
    speaker photo
    Managing Director, Executive Security, TIAA
    Registration Level:
    • session level iconOpen Sessions
    10:10 am - 10:45 am
    Generative AI is rapidly transforming how machines interact with human language, images, and code—but as these systems grow more capable, they also become more context-dependent and harder to secure. This panel discussion explores the evolving relationship between contextual
    intelligence—a generative model’s ability to interpret nuanced input, user intent, and environmental cues—and the rising complexity of securing these systems in real-world applications.
    The panel dives into how large language models and multimodal systems interpret context, where that context can be manipulated or misunderstood, and why traditional security models fall short in dynamic, prompt-driven environments. Key topics include prompt injection, data leakage, contextual spoofing, user profiling risks, and the challenges of securing black-box models in open systems.
    As generative AI continues to integrate into decision-making, communication, and automation, securing its context becomes not just a technical challenge, but a societal one.
    10:10 am
    Tabletop Exercises: The Fun Kind
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:10 am - 10:45 am

    Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

    This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

    10:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    Client Assurance Is Not a Checkbox: Building Trust Through Transparency
    • session level icon
    speaker photo
    Sr. Cybersecurity BISO Analyst, CBRE
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:45 am

    As cybersecurity questionnaires become more frequent and complex, organizations face a choice: treat them as compliance exercises, or turn them into opportunities to build trust. In this session, learn how to elevate InfoSec responses beyond the checkbox by tying security controls to business risk, operational maturity, and shared outcomes with clients. Marivell breaks down how to collaborate across technical and legal teams, improve transparency, and strengthen relationships that go beyond policies and PDFs. Key takeaways: from this session:

    • Turn routine client assessments into strategic conversations
    • Translate technical controls (MFA, encryption, pen tests) into business terms
    • Use assurance moments to drive cultural change and showcase cyber leadership
    11:10 am
    Don't Panic: The Hitchhiker's Guide to Incident Response
    • session level icon
    speaker photo
    CISO, Washington State Liquor and Cannabis Board
    speaker photo
    CIO, Washington State Liquor and Cannabis Board
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:45 am
    In the face of a cyber crisis, a calm and organized response is your most powerful tool. This session offers a no-nonsense guide to incident response, drawing inspiration from a famous galactic hitchhiker’s wisdom. We’ll demystify the complexities of a breach, focusing on key survival rules: from establishing clear communication protocols and defining roles to avoiding common pitfalls and managing executive expectations. Learn how to prepare your team to navigate the chaos, maintain a steady course, and ensure that when disaster strikes, your response is as logical and reassuring as “Don’t Panic.” This session will equip you with the practical, actionable insights needed to develop a resilient and well-rehearsed incident response plan.
    11:10 am
    [Panel] The Sorcerer's Apprentice: Taming AI in Cybersecurity
    • session level icon
    speaker photo
    Director, Sales Engineering, Cyberhaven
    speaker photo
    CISO, Astrix
    speaker photo
    Head of Trust and Security, Conveyor
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:45 am

    AI can be both a powerful ally and a mischievous force if left unchecked. This panel will explore how organizations can harness the magic of AI for cybersecurity—automating defenses, detecting threats, and enhancing decision-making—while addressing the risks of bias, over-reliance, and adversarial AI. Use this transformative technology wisely to write your cybersecurity success story.

    11:10 am
    ISC2 Seattle Leadership Panel
    • session level icon
    Navigating the Landscape of Cybersecurity Certifications: From Traditional Foundations to AI-Driven Frontiers
    speaker photo
    Secretary, ISC2 Seattle Chapter
    speaker photo
    VP, ISC2 Seattle Chapter
    speaker photo
    President, ISC2 Seattle Chapter
    speaker photo
    Treasurer, ISC2 Seattle Chapter
    speaker photo
    Director at Large, ISC2 Seattle Chapter
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:45 am

    Presented by the ISC2 Seattle Chapter, this panel will feature ISC2 chapter leaders exploring the evolving world of cybersecurity certifications. From well-established credentials like CISSP and Security+ to emerging AI-focused certifications, this session will provide a comprehensive overview of the certification landscape and its relevance in today’s security environment.

    We’ll discuss how certifications align with career paths, industry demands, and the growing influence of artificial intelligence in cybersecurity. Whether you’re a seasoned professional or just beginning your journey, you’ll gain valuable insights into selecting and pursuing the right certifications to stay competitive and informed.

    This session will also serve as our ISC2 Seattle Chapter meeting for November, so attending will count toward your chapter participation and CPEs.

    12:00 pm
    [Lunch Keynote] The Privacy Tightrope: Navigating Data in a Connected World
    • session level icon
    speaker photo
    Head of Data Governance and Privacy, Alaska Airlines
    speaker photo
    Director of Information Security, HealthPoint
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    In an era of unprecedented data collection and AI-driven analytics, safeguarding personal information has become a paramount challenge. This panel brings together diverse privacy leaders to explore the evolving landscape of data protection, moving beyond traditional boundaries to address the unique complexities faced by public sectors, global enterprises, and sensitive industries like healthcare. From municipal data policies to airline passenger privacy and the intricate regulations surrounding health data, we’ll delve into the strategies, challenges, and future trends shaping how organizations manage, secure, and respect individual privacy in an increasingly interconnected and data-rich world.

    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    12:45 pm
    Networking Break & Cyber Connect
    • session level icon
    Phishing in the Age of AI: New Threats and How to Fight Back – Join this bonus session in the Networking Hall
    speaker photo
    Co-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLC
    speaker photo
    Co-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLP
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:10 pm
    Location / Room: Exhibitor Hall
    Kip and Jake spoke on Day 1 about how attackers use generative AI to launch more effective phishing and ransomware attacks. As part of their live podcast recording, they will further explore the recent Unit 42 example where an AI-driven attack was completed in under 25 minutes. The duo shares practical defense strategies that organizations can use to defend themselves. Join the discussion, ask questions, and be part of the podcast recording!
    1:10 pm
    Enhancing Security, Easing Compliance: PCI DSS for Multi-Payment Channel Organizations
    • session level icon
    speaker photo
    Director, Schellman Compliance LLC
    Registration Level:
    • session level iconConference Pass
    1:10 pm - 1:45 pm

    Navigating PCI DSS compliance can be daunting for multi-payment channel merchants and service providers handling diverse transaction environments. This presentation explores practical strategies to reduce compliance burden while bolstering security. Attendees will learn how simple process changes, such as tokenization and point-to-point encryption, can minimize sensitive data exposure. We’ll also examine the benefits of outsourcing specific PCI DSS responsibilities to trusted third-party providers, enabling organizations to focus on core operations without compromising security.

    Drawing on real-world examples, the session will highlight how these approaches streamline compliance efforts, reduce costs, and enhance protection across online, in-store, and mobile payment channels. Ideal for merchants and service providers, this talk offers actionable insights to achieve PCI DSS compliance efficiently.

    Learn how multi-payment channel merchants and service providers can simplify PCI DSS compliance and enhance security through strategic process changes and outsourcing.

    1:10 pm
    [Panel] From Reaction to Prevention: Scaling Security with AI
    • session level icon
    speaker photo
    Director of Engineering, Salesforce
    speaker photo
    Sr. Director, Security Assurance, Salesforce
    speaker photo
    Lead Security Engineer, Salesforce
    speaker photo
    Product Security, Compliance Automation Team, Salesforce
    Registration Level:
    • session level iconConference Pass
    1:10 pm - 1:45 pm

    Critical security vulnerabilities discovered late in the development cycle drain resources, cost weeks in reactive firefighting, and erode customer trust. Our manual security review process for high-level designs is a prime candidate for transformation—too slow, inconsistent, and unscalable for the speed of modern development. This session addresses the urgent need to shift security from a reactive, late-stage gate to a proactive, embedded layer in the design phase—eliminating over 80% of critical design and build flaws before a single line of code is checked in.

    To achieve this, Salesforce is introducing a suite of intelligent security agents that embed security expertise directly into the developer workflow. The architecture integrates Securityforce with existing tools, enabling near real-time analysis of design documents, automated threat modeling, and build-time policy enforcement from pull request to check-in. By pairing this automation with curated knowledge from top security professionals, thisi automated approach delivers continuous, consistent feedback at scale.

    Security is transformed from a manual bottleneck into a fast, intelligent, and integrated process—accelerating developer productivity, reducing cost to serve, and empowering teams to ship secure products with speed and confidence. By cutting review cycles from two weeks to minutes, there’s an estimated >90% efficiency gain, millions in annual engineering hours saved, and a substantial reduction in remediation and incident response costs.

    1:10 pm
    [Panel] Elevating Security and Incident Response Through Threat Intelligence, Cloud Resilience, and AI Innovations
    • session level icon
    speaker photo
    Head of Global Threat Intelligence, Google Cloud
    speaker photo
    Security Advisor, Splunk
    speaker photo
    CISO, AAA Washington
    Registration Level:
    • session level iconOpen Sessions
    1:10 pm - 11:45 am

    The battle between cybersecurity defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face; and how to deal with them once. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

    Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

    And SHOULD a breach or ransomware attack occur, the response to an incident is as important as trying to keep the bad actors out in the first place.

    1:10 pm
    Engaging with and Driving Innovation in Cybersecurity
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:10 pm - 1:45 pm

    Session description to come.

    1:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:45 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Networking Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    From Handshake to Code-Sign: Building Human and Agent Trust
    • session level icon
    speaker photo
    Sr. Director, Security, Privacy and Data Governance, Adobe
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:45 pm
    In this session, we’ll unpack agentic AI governance. “Trust Chains: Humans → Agents → Agents,” a practical framework for bringing order to the chaos of agent sprawl. You’ll learn how to make AI agents verifiably trustworthy, to each other and to us, through identity checks, access controls, and auditability. Expect real-world examples, a few cautionary tales, and a roadmap for keeping your AI ecosystem from turning into the Wild West.
    2:10 pm
    A Practical Guide to Data Protection for Enterprise AI Adoption 
    • session level icon
    speaker photo
    Head of Enterprise Security, Box
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:45 pm
    As enterprises embrace the limitless possibilities of AI, we security professionals need to adapt to safeguard sensitive data. In this talk, we’ll unpack a few real-world patterns of how data leaks into or out of AI systems and offer a simple framework for threat-modeling enterprise AI usage without slowing down innovation.
    2:10 pm
    [Panel] Cybersecurity Challenges for Small and Medium Businesses
    • session level icon
    speaker photo
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.
    speaker photo
    Director, Information Security, KP LLC
    speaker photo
    District President, Robert Half
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:45 pm

    Small and medium businesses (SMBs) are the backbone of the U.S. economy, generating over half of the annual GDP and employing millions of Americans. But they also face unique cybersecurity challenges that can threaten their survival and growth. In this discussion, learn how to assess and mitigate the cyber risks that SMBs face, and how to implement a robust cybersecurity program with limited resources and expertise. We cover the following topics:

    • The state of SMB cybersecurity in the U.S.
    • The cost and impact of cyber breaches on SMBs
    • The main cyber threats and vulnerabilities that SMBs face
    • The best practices and frameworks for SMB cybersecurity
    • The steps to build or improve your cybersecurity program

    Whether you are an IT manager, a cybersecurity professional, or a business owner, this talk is informative and practical. Walk away with a better understanding of the cyber landscape and the tools and techniques to protect your SMB from cyberattacks.

     

    2:10 pm
    Partnering with Industry to Protect Our Way of Life
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:45 pm

    The cyber threats facing the United States are growing increasingly sophisticated. To combat these threats, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is partnering with industry on a range of priorities and products to bolster our cyber defenses.  By working together, we can defend U.S. cyberspace and protect our way of life.

    2:45 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:15 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    3:15 pm
    [PLUS Course] Master the NIST Cybersecurity Framework v2.0 in Just Six Hours - Part 4
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:45 pm

    This intensive, live workshop is your shortcut to cyber resilience mastery. In just one power-packed day, you’ll walk away with:

    • Complete mastery of NIST CSF 2.0 – Understand every component and why it matters to YOUR business
    • Your personalized Cyber Risk Map – Identify your organization’s exact vulnerabilities and blind spots
    • A step-by-step action plan – No more guessing what to do next
    • Real-world case studies – See how organizations just like yours have successfully implemented the framework
    • Expert-level confidence – Finally speak cybersecurity with authority and clarity

    What makes this different?
    This isn’t another theoretical lecture. You’ll spend most of your time actually BUILDING your organization’s cybersecurity roadmap using the proven Cyber Risk Management Action Plan (CR-MAP) methodology. You’ll leave with tools and know-how you can implement immediately.

    Perfect for:

    • IT Directors and Managers
    • Cybersecurity Professionals
    • Business Leaders responsible for risk management
    • Compliance Officers
    • Anyone tasked with “figuring out cybersecurity”

    Exclusive Bonus: Every attendee receives our comprehensive digital CR-MAP Online Workbook ($197 value), your step-by-step guide to:

    • Getting BUY-IN from your senior decision makers
    • Discovering your top five cyber risks
    • Creating a prioritized risk mitigation plan with implementation roadmap
    • A score card you can use to track progress

    Warning: This live, in-person intensive has limited seating. Don’t let another cyber incident catch your organization unprepared.

    Your organization’s cybersecurity can’t wait. Register now.

    3:15 pm
    [PLUS Course] Building a Cybersecurity Program to Safeguard AI Systems and Applications - Part 4
    • session level icon
    speaker photo
    Sr. Cybersecurity Consultant, Wilson Cyber
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:45 pm

    AI technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI based applications (for example autonomous vehicles) can make detailed recommendations to users and experts, act independently, replacing the need for human intelligence or intervention. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

    Lesson 1: What is Artificial Intelligence?
    Includes an overview of Artificial Intelligence including how AI works, AI architecture components and processes (models, algorithms, workflows). We will cover Generative AI, Large Language Models (LLMs), foundation models and AI agents. In addition, we will discuss today’s top AI use cases across multiple industry sectors.

    Lesson 2: What are the AI threats?
    Includes an overview of MITRE ATLAS (a framework that provides adversary profiles, techniques, and mitigations for securing AI-enabled systems). We will cover AI threats based on FS-ISAC Adversarial AI Framework and NIST AI 100-2: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. AI Threats include those related to AI models, the data such models are trained and tested on, the third-party components, plug-ins, and libraries utilized in their development, as well as the platform models are hosted on.

    Lesson 3: What are the AI vulnerabilities?
    Includes an overview of AI vulnerabilities including data related vulnerabilities and model related vulnerabilities. We will cover the Top 10 for LLM Applications (2025). We also cover the top vulnerabilities found in AI Agents.

    Lesson 4: What are AI security controls?
    Includes an overview of the Google Secure AI Framework (SAIF), the OWASP AI Security and Privacy Guide, the UK Department for Science, Innovation and Technology’s (DSIT’s) developing AI Cyber Security Code of Practice and Black Duck Blueprint for Generative AI Security.

    Lesson 5: What is AI risk management?
    Includes an overview of NIST-AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile and companion document AI RMF Playbook. The profile helps organizations identify unique risks posed by generative AI and proposes actions for generative AI risk management that best aligns with their goals and priorities.

    Lesson 6: What is AI Test, Evaluate, Validate, and Verify (TEVV)
    One of the key activities highlighted in the NIST AI Risk Management Framework is TEVV (Test, Evaluation, Verification, and Validation)—tasks that are performed throughout the AI lifecycle to measure and govern risk from non-deterministic AI systems. This lesson includes an overview of AI Threat Modeling, AI Penetration Testing, AI Red Team Exercises, AI Model Cards, and AI Data Cards

    Lesson 7: What are the AI governance, AI compliance, AI audit requirements?
    Includes an overview of AI Governance, Compliance and AI Audit requirements. AI governance includes processes, standards and guardrails that help ensure AI systems and tools are safe and ethical. AI compliance refers to the decisions and practices that enable businesses to stay in line with the laws and regulations that govern the use of AI systems. AI audit requirements focus on ensuring transparency, accountability, and compliance in AI systems.

    Lesson 8: Building an AI security program
    Includes a systematic approach to building an AI security program to protect AI systems and applications. Based on best practices covered in the class. The goal is to establish a process, assign resources, establish program requirements and deliverables and design / build / maintain a comprehensive AI system security program.

    Upon completion of the class, the attendees will have an up-to-date understanding of AI and its impact on cybersecurity as well as what actions an organization should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

    STUDENT TESTIMONIAL:
    “Mr. Wilson presented an incredibly complex, emerging topic that includes significant risks in such a way that it left me convinced GenAI is just another piece of software. He walked us through defining the technical components, understanding the risks of and threats to these systems, and the security controls to help mitigate them. He wrapped the class by outlining how we may want to develop a program for managing the risks associated with AI, and did it with a wealth of practical knowledge, relatable personal anecdotes, and a ton of thoughtful research. Best class of SecureWorld Boston 2025!”
    Andrew F. Powell Jr., Information Security Director, Williams College

Exhibitors
  • AppOmni
    Booth: TBD

    AppOmni SaaS security helps security and IT teams protect and monitor their entire SaaS environment, from each vendor to every end-user.

  • Astrix Security
    Booth: TBD

    Astrix is the leader in securing non-human identities (API keys, service accounts, Access tokens,…), and extending identity security to machines. An RSA 2023 Innovation Sandbox finalist and a 2023 Gartner Cool Vendor for Identity First Security. We’ve raised $40M in total funding from the world’s top investors (CRV and Bessemer Venture Capital) tochange how apps connect to enterprises. We’re on a mission to allow businesses to leverage third-party apps and generative AI tools without compromising security, and we’re trusted by leading enterprises such as Priceline, Figma, Workato, and Agoda.

  • Axonius
    Booth: TBD

    Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy with solutions for both cyber asset attack surface management (CAASM) and SaaS management.

  • Bitdefender
    Booth: TBD

    Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, business, and government environments, Bitdefender is the industry’s trusted expert* for eliminating threats, protecting privacy and data, and enabling cyber resiliency. With deep investments in research and development, Bitdefender Labs discovers 400 new threats each minute and validates 30 billion threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 150 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170 countries with offices around the world. For more information, visit https://www.bitdefender.com.  ​

  • Blink Ops, Inc
    Booth: TBD

    Automate all things security in the Blink of AI.

    BlinkOps is a security workflow automation platform designed to make building, collaborating, and scaling all things security & beyond effortless.

    Whether you prefer code, low-code, or no-code, BlinkOps has you covered. Easily drag and drop the actions you want into a workflow, leveraging the over 30,000 actions available in the automation library, or use Blink Copilot™ to generate a workflow with a natural language prompt.

    Use BlinkOps as an automation hub, where security teams go to quickly develop, collaborate, and automate their security ideas. Leverage the platform’s 8,000+ workflows that come out-of-the-box to quickly build workflows for real-time remediation. Generate automation workflows for standalone use cases or build an end-to-end proactive automation strategy, streamlining security responses across your entire organization.

  • Check Point Software Technologies
    Booth: TBD

    Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.

  • Cohesity, Inc
    Booth: TBD

    We believe that simplicity is the foundation of modern data management. Our mission is to radically simplify how organizations manage their data and unlock limitless value. The company develops software that allows IT professionals to backup, manage, and gain insights from their data across multiple systems or cloud providers.

  • ColorTokens
    Booth: TBD

    ColorTokens, the premier enterprise microsegmentation provider, specializes in making organizations “breach ready” by halting the lateral spread of ransomware and malware within intricate network infrastructures using its innovative ColorTokens Xshield™ platform. The platform visualizes traffic patterns between workloads, devices, and users, enabling organizations to enforce granular micro-perimeters, swiftly isolate critical assets, and respond to breaches effectively. Recognized as a Leader in the Forrester Wave™: Microsegmentation Solutions, Q3 2024 evaluation, ColorTokens safeguards businesses by thwarting ransomware and malware attacks, ensuring significant savings in potential disruptions. For more information, visit www.colortokens.com.

  • Conveyor Inc.
    Booth: TBD

    Conveyor is the leading generative AI-powered platform that automates and scales the most tedious part of the sales process: customer security reviews. Trusted by the world’s top SaaS companies, Conveyor helps vendors build trust with customers while reducing the time spent on the mind-numbing task of sharing security information and answering security questionnaires by over 90%. Through the combination of its automated security questionnaire completion software and its trust portal, which allows documents and security information to be shared easily and securely, Conveyor ultimately helps vendors close sales faster. Conveyor’s lean team has deep and extensive collective experience in security and compliance.

  • Cyberhaven
    Booth: TBD

    When the DLP market first emerged 20 years ago, the goal was to protect confidential information in on-premises databases, file servers, application servers, other data repositories, and endpoints. Today millions of sensitive documents, files, and other data are being exfiltrated in violation of corporate data policies every day because DLP is completely ineffective in the era of cloud-first applications and Zero Trust security. These data breaches result in stolen IP, damaged brands, and significant financial penalties. Let’s face it, DLP in its current form is nothing more than a compliance checkbox. Cyberhaven is transforming the DLP market and helping organizations secure all of the high-value data they must protect in order to compete and thrive in the digital economy. It’s a big hairy problem, and we are up to the challenge.

  • Cyera
    Booth: TBD

    Cyera is the data security company that gives businesses context and control over their most valuable asset: data. As a pioneer in Data Security Posture Management, Cyera instantly provides companies visibility over their sensitive data, context over the risk it represents and their security exposure, and automated remediation to reduce the attack surface and ensure operational resilience. We are redefining the way companies secure their data. Learn more at cyera.io.

  • DHS Cybersecurity and Infrastructure Security Agency (CISA), Region 10
    Booth: TBD

    Through CISA’s efforts to understand and advise on cyber and physical risks to the Nation’s critical infrastructure, we help partners strengthen their own capabilities. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, physical and communications security, and, in turn, strengthen national resilience.

    Led by Regional Director Patrick J. Massey, based in Seattle, Washington, CISA’s Region 10 staff provides cybersecurity, physical infrastructure security, chemical security, and sector outreach services to 271 Tribal Nations and the following states: Alaska, Idaho, Oregon, and Washington.

    Region 10 personnel carry out CISA’s five priorities:

    • Improve supply chain security against cyber threats from malicious actors and the rollout of 5G technologies;
    • Harden federal networks (the civilian .gov domain);
    • Reduce risk at soft targets;
    • Enhance election security; and
    • Protect critical infrastructure that includes industrial control systems and the processes that provide vital services in critical infrastructure.
  • EchoMark
    Booth: TBD

    Enterprise Software as a Service (SaaS) startup providing innovative information security and privacy products to enable the seamless flow of private information.

  • Expel
    Booth: TBD

    Expel provides transparent managed security, on-prem and in the cloud. It’s the antidote for companies trapped in failed relationships with their managed security service provider (MSSP) and those looking to avoid the frustration of working with one in the first place. To learn more, go to https://www.expel.io.

  • Fortinet
    Booth: TBD

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • Google Cloud
    Booth: TBD

    Google Cloud Security provides organizations with leading infrastructure, platform capabilities and industry solutions to help them solve their most critical business problems. Google Cloud Security helps customers protect their global operations with solutions such as zero trust security, application and data protection, fraud prevention, and threat detection and response.

  • HPE
    Booth: TBD

    Hewlett Packard Enterprise (HPE) is a global technology company that focuses on developing intelligent solutions for capturing, analyzing, and acting upon data. They operate in areas like networking, hybrid cloud, and AI, helping customers create new business models and improve operational performance.

  • HUMAN Security
    Booth: TBD

    HUMAN is a cybersecurity company that safeguards 1,200+ brands from digital attacks including bots, fraud and account abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trilliondigital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN.

  • Washington State InfraGard
    Booth: TBD

    InfraGard is a partnership of individuals representing businesses, academic institutions, state and local law enforcement agencies, and communities who are dedicated to collaborating and sharing information to prevent hostile acts against the United States.

    The Evergreen InfraGard Members Alliance area of operation is Washington State and over 600 members. As part of the Western Region, we work closely with the IMAs in Los Angeles, San Diego, Oregon, and Idaho. Our chapter’s mission is, “To protect Washington State’s Infrastructure and critical services by providing a secure platform and trusted community to share experiences and information.”

  • ISACA Puget Sound Chapter
    Booth: TBD

    The aim of the Chapter is to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area.

    The association is one of individual members who are practitioners of information systems auditing, security, risk, and/or governance in his or her organization. The membership of the ISACA reflects a multiplicity of backgrounds and skills that make our profession challenging and dynamic.

    This chapter is run by volunteers who are ISACA members nominated and elected through an established process. Please contact us if you are interested in serving on the board.

  • ISC2 Seattle Chapter
    Booth: TBD

    Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.

  • ISSA Puget Sound Chapter
    Booth: TBD

    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. Join today.

  • National Cybersecurity Alliance
    Booth: TBD

    Our alliance stands for the safe and secure use of all technology. We encourage everyone to do their part to prevent digital wrongdoing of any kind. We build strong partnerships, educate and inspire all to take action to protect ourselves, our families, organizations and nations. Only together can we realize a more secure, interconnected world.

  • Keysight
    Booth: TBD

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • Orca Security
    Booth: TBD

    We’re on a mission to make it fast, easy, and cost effective for organizations to address the critical security issues in their AWS, Azure, and GCP estates so that they can operate in the cloud with confidence.

  • Push Security
    Booth: TBD

    Founded in 2020, Push Security is a cybersecurity company offering identity threat detection and response (ITDR) via a browser-based platform. The platform provides real-time visibility and security controls, targeting attacks such as phishing and credential stuffing. Push Security serves customers in technology, finance, and healthcare, with deployment on over 1.5 million endpoints, and has raised $45 million in funding. Based in London, the company’s approach includes automated guidance and behavioral nudges.

  • Robert Half
    Booth: TBD

    Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.

  • Seceon Inc.
    Booth: TBD

    Seceon delivers a next-generation cybersecurity platform that empowers enterprises, MSPs, and MSSPs to detect, respond, and remediate threats in real-time, eliminating the need for 20+ security tools. What Sets Seceon Apart: * Unified Platform: Combines SIEM, SOAR, UEBA, EDR, NDR, Threat Intelligence, Vulnerability Management, and Compliance into one AI-powered solution. * AI-Powered Threat Detection & Auto-Response: Leverages ML, AI, and Dynamic Threat Models for real-time threat identification and automated remediation. * Scalable & Multi-Tenant: Supports massive scale, processing 10M+ events per second, across enterprises and MSSPs from a single dashboard. * Continuous Compliance: Streamlines security analytics and regulatory compliance (NIST, ISO, HIPAA, PCI-DSS, CMMC, NIS2) with aiSecurity360. Why Organizations Choose Seceon: * Cut cybersecurity costs by 60% by replacing siloed tools * Stop threats faster with AI-powered detection and automated response. * Achieve full visibility by correlating real-time logs, flows, identities, for situational awareness and historical threat intelligence. Faster protection, full visibility, and lower costs. Seceon powers the future of cybersecurity.

  • Securiti
    Booth: TBD

    Securiti is the pioneer of the DataAI Command Center, a centralized platform that enables the safe use of data and GenAI. It provides unified data intelligence, controls and orchestration across hybrid multicloud environments. Large global enterprises rely on Securiti’s Data Command Center for data security, privacy, governance, and compliance. Securiti has been recognized with numerous industry and analyst awards, including “Most Innovative Startup” by RSA, “Top 25 Machine Learning Startups” by Forbes, “Most Innovative AI Companies” by CB Insights, “Cool Vendor in Data Security” by Gartner, and “Privacy Management Wave Leader” by Forrester. For more information, please follow us on LinkedIn and visit Securiti.ai.

  • SecurityScorecard
    Booth: TBD

    SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Information.

  • Semgrep, Inc.
    Booth: TBD

    Semgrep, Inc. is a cybersecurity company based in San Francisco. The company develops the Semgrep AppSec Platform (a commercial offering for SAST, SCA, and secrets scanning) and actively maintains the open-source static code analysis tool semgrep OSS.

  • Splunk
    Booth: TBD

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • Sumo Logic
    Booth: TBD

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Tevora + ProcessUnity
    Booth: TBD

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.

    ProcessUnity’s cloud-based solutions help organizations of all sizes automate their risk and compliance programs. Our highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation. As a software-as-a-service technology, ProcessUnity deploys quickly with minimal effort from customers and their IT resources. For more information, visit https://www.processunity.com.

  • ThreatLocker
    Booth: TBD

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • Trustero
    Booth: TBD

    Trustero is developer of a corporate industry and regulatory compliance AI designed to handle time-consuming GRC tasks such as gap analysis, remediation guidance, questionnaire automation, and evidence collection. The company’s AI conducts audits like a human, detects industry and regulatory compliance gaps, suggests gap remediation procedures, answers GRC questions, completes security questionnaires, responds to RFPs, and more enabling businesses to save time and run their operations, processes, and systems to remain fully compliant.

  • WiCyS Western Washington Affiliate
    Booth: TBD
Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Alex Di Giacomo
    CISO, Sound Transit

    Mr. Di Giacomo is an award-winning, veteran cybersecurity executive with over 26 years of experience leading security strategy and governance across critical infrastructure and corporate environments, both domestically and internationally. His expertise encompasses IT and OT security, security governance, cloud security, disaster recovery, risk and compliance management across multiple industry frameworks, and data privacy. In his current role as Chief Information Security Officer at Sound Transit, he built a nationally recognized, security program from the ground up based on the ISO 27001 international standard, achieving top-tier maturity ratings, confirmed by independent audits. Mr. Di Giacomo holds multiple rigorous, industry-relevant certifications including C|CISO, CISSP, CISM, CISA, CRISC, CDPSE and HISP, and is a frequent speaker, lecturer, and advisor on cybersecurity, risk, and resilience. Mr. Di Giacomo holds both a B.S. in Electronic Engineering degree, as well as a Master of Engineering and Technology Management, Summa Cum Laude.

    A strategic visionary and hands-on leader, Mr. Di Giacomo is deeply committed to advancing cybersecurity maturity and resilience. He currently serves on the Washington State Technology Services Board Security Subcommittee and contributes to multiple professional associations including ISACA, ISC2 and ISSA and the IEEE, where he has achieved Senior Member status. Fluent in English, Spanish, and Italian, Mr. Di Giacomo brings a global perspective with a business and mission centric focus to today’s cybersecurity challenges and solutions.

  • speaker photo
    Mike Hughes
    SVP & CISO, Nordstrom

    As the Chief Information Security Officer at Nordstrom, I lead a team of cybersecurity professionals who are passionate about protecting the company's data, systems, and customers. I have over 10 years of experience in cybersecurity, spanning various domains such as incident response, forensics, malware analysis, network security, and data protection.

    My mission is to bring honesty, transparency, and integrity to the cybersecurity function, and to partner with other technology and business teams to ensure a balanced and pragmatic approach to our common goals. I leverage my expertise in cybersecurity strategy, policy, governance, and risk management to enable REI's growth and innovation. I also foster a culture of security awareness, education, and empowerment across the organization.

  • speaker photo
    Chuck Markarian
    CISO, PACCAR

    As PACCAR's CISO, I am responsible for strategy, investigations, forensics work, policy and procedure creation and review, security risk assessments and project management. This is a global position, with information security responsibility for all PACCAR locations.

  • speaker photo
    Lisa Plaggemier, Moderator
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Tristan Allen
    Infrastructure & Industry Section Lead, Washington Military Department's Emergency Management Division

    Tristan works for the Washington Military Department’s Emergency Management Division. Leading the Infrastructure and Industry Section, his work is focused on critical infrastructure resilience, cybersecurity preparedness and response, and enhancing public-private cooperation before, during and after disasters. Prior to joining state service in 2016, Tristan worked for the federal government focusing on technology research and development to improve the nation’s defense and international humanitarian response operations.

  • speaker photo
    Jeffrey Flohr
    Chief of Special Operations Division, King County Sheriff's Office

    Chief Jeffrey (Jeff) Flohr has over 30 years of law enforcement experience. Jeff began his career in the Bay Area of California, where he worked for Moraga and San Pablo Police Departments. During his time in California, Jeff served as Field Training Officer, K9 Handler, Drug Recognition Expert, Gang Detective, and member of several state and federal task forces.

    Drawn to the size and diversity of the King County Sheriff’s Office and the variety of assignments and opportunities it provides, Jeff began his career with KCSO in early 2005. He started as a Deputy in the contract city of Kenmore, served as a School Resource Officer in Kirkland, and quickly became a Master Police Officer (MPO) before being promoted to Sergeant in 2012. During his tenure as Sergeant, Jeff had numerous assignments, including North Precinct patrol, KCSO patrol K9 Unit, Sound Transit, Special Emphasis Team, and Explosive Detection K9 Unit. In 2016, Jeff was selected to be the Field Operations Administrative Sergeant for the Patrol Operations Chief. In this role, Jeff supported KCSO patrol operations and assignments county-wide, including Background Investigations, staffing, and recruiting. Jeff also coordinated the Critical Incident Review Boards for KCSO.

    In 2018, Jeff was promoted to Captain and assigned to lead the King County Communications Center. He was promoted to Major in 2020 and assigned to lead the Southwest Precinct, which includes Skyway, White Center, and Vashon communities. In this role, Jeff joined the Urban King County Reimagining Policing Group, where he worked with numerous King County departments to explore what policing in unincorporated King County will look like in the future. In 2021, Jeff was promoted to Chief and assigned to the Technical Services Division. While there he oversaw the successful ratification of multiple groundbreaking labor contracts, inclusion of body worn cameras in the bi-annual budget and an increased effort surrounding recruiting and reducing vacancies. In 2023, with the addition of two new divisions at KCSO, Jeff was assigned to the Special Operations Division. The Special Operations Division includes two transit contacts, Metro Transit Police and Sound Transit Police, the Aircraft Rescue and Fire Fighting at the King County International Airport as well as the traditional Special Operations units such as TAC-30, Crisis Negotiation, Bomb Disposal, K9s, Air Support, Search and Rescue, Marine Rescue Dive Unit.
    Jeff believes in community policing that is fair and accountable. Throughout his career, Jeff has led by example and built strong working relationships at all levels of government through open and honest communication. Jeff has served as Incident Commander for high-profile events including dignitary visits, anti-terrorism efforts, concerts, sporting events, and civil disturbances. He has also led the development and implementation of several initiatives, including the creation of Sound Transit’s Special Emphasis Team (SET) to enhance rider and employee safety; modernizing the statistical tracking of K9 deployments, contacts, and training documentation; working with the King County Council to implement ordinances impacting solicitations and noise complaints; and working with U.S. Senators and Congress members to update King County’s 911 system to address next-generation issues. Jeff has received numerous accolades and awards throughout his career, including Officer of the Year, Deputy of the Year, Sergeant of the Year, Lifesaver Award, and the Sheriff’s Medal.

    Jeff and his wife, Stevee, have been together for over 20 years. They enjoy traveling, watching their daughter play softball at Central Washington University, and playing with their dog.

  • speaker photo
    Jenifer Clark, Moderator
    Sr. Information Security & Compliance Engineer, Costco Wholesale

    Jenifer Clark is a Senior Security Engineer at Costco Wholesale. As part of the enterprise Data Security team, her focus is on Data Loss Prevention (DLP) and liaison work with internal business teams. Jenifer is a long-time member of the SecureWorld Advisory Council and actively supports public/private partnership efforts. She is a member of Washington State Cybersecurity Advisory Committee, Domestic Security Alliance Council (DSAC), InfraGard, FBI Seattle Citizens Academy Alumni Association, and a multi-year participant in DHS Analyst Exchange Program (AEP). Jenifer also volunteers in the local community as a member and director in King County 4x4 Search and Rescue Association.

  • speaker photo
    Stephanie Warren
    Assistant Director, Information Security, Port of Seattle

    Stephanie Warren has over 28 years of experience in technology, with the past 15 years dedicated to the field of Information Security. As the Assistant Director of Information Security, she brings a seasoned perspective to federal and regulatory compliance, incident response, and data protection. She excels at bridging communication between frontline employees and executive leadership, fostering alignment that strengthens organizational resilience. Her expertise in risk management helps organizations anticipate threats, adapt to challenges, and sustain long-term operational continuity. She holds a Bachelor of Science in Cybersecurity and Information Assurance and is a Certified Information Systems Security Professional (CISSP).

  • speaker photo
    Jack Sippel
    Cyber Resiliency, T-Mobile

    CISSP and Security+ certified Principal Cybersecurity Engineer using system engineering principles and a lot of curiosity.

  • speaker photo
    Brian Shea
    BISO, Salesforce

    Brian is an IT Executive with 29 years of experience from Security Operations and Support, Compliance, Risk Management, Technology Innovation, IT Operations, and Support. Currently, Brian is a Business Information Security Officer (BISO) supporting multiple business units at Salesforce, delivering security and compliance across our people, process, technology, and data. In addition to this, he has worked in Security and GRC at Starbucks, Microsoft, and Bank of America, as well as served as a Cybersecurity Advisor for CREATE.ORG, sat on the Board of Technical Advisors for NODUS technologies, served as an alternate to the PCI-DSS Customer Advisory Council, held CISSP and CISM certifications, and published two books and three industry papers on security.

  • speaker photo
    Brian Denman
    Director, Global Cyber Risk Solutions Delivery, SecurityScorecard

    Brian Denman is the Director of Global Cyber Risk Solution Delivery for SecurityScorecard. In this role, he leads service delivery for our MAX third-party cyber risk management program.

    Brian has over thirty years of executive and frontline experience in enterprise IT, cybersecurity, and cyberwarfare operations, twenty-five of which were in the national security sector or the Intelligence Community. As a global network operator, he was responsible for the daily operation and security of the United States Air Force’s classified and unclassified worldwide networks, including proactive management of cyber risk and all-hazards incident response. As a third-party incident responder, he organized and trained Cyber Protection Teams for U.S. Cyber Command’s to provide threat hunting, advisory, and incident response services. He led these teams to defend military systems, domestic and international critical infrastructure, and the Defense Industrial Base, including the Command’s first landmark “Defend Forward” missions in support of U.S. election security and partner defense in Eastern Europe. Since retiring from government service, Brian has advised and trained both U.S. government and private sector organizations, ranging from small and medium businesses to Fortune 50 firms, on enterprise cybersecurity, risk, and incident response management.

  • speaker photo
    Yasser Fuentes
    Principal Solutions Architect (Cloud Security SME), Bitdefender

    Yasser is a Principal Solutions Architect (Cloud Security SME) for Bitdefender and Security Practitioner with over 20 years of experience in Information Security. Along his career he has worked for Healthcare Providers, ISPs, MSPs and SOCs, among many other verticals and throughout multiple Information Security Domains. On his previous role as a Product Manager for Cloud Security, he enabled Sales, Technical Teams and Technical Partners and contributed to numerous architectural projects in both private and public sector. Regarding credentials and certifications, he possesses top Security Vendors Certifications such AWS and Azure as well as worldwide recognized credentials such as CISM (ISACA) and CISSP (ISC2).

  • speaker photo
    Craig Spiezle, Moderator
    Founder & President, AgeLight Advisory & Research Group

    Craig Spiezle is the Founder and President of AgeLight Advisory & Research Group, a professional services firm focused on online and digital services. Craig is a recognized authority on trust and the convergence of privacy and security promoting ethical privacy practices, end-to-end security and the importance on moving from a compliance mindset to stewardship. Craig is the Charmain emeritus of the Online Trust Alliance, an initiative of the Internet Society. He frequently briefs international policy makers driving awareness of best practices by both the public and private sectors and importance of internet governance. Craig has championed security best practices to help protect consumers while promoting innovation and the role of meaningful self-regulation. Prior to OTA, Craig spent over a decade at Microsoft focused on security and privacy enhancing technologies and standards. Craig chairs the Online Trust & Integrity Council and is on the board of the Identity Theft Council, editorial board of SC Magazine and a member of InfraGard, the IAPP and the APWG.

  • speaker photo
    Panel Discussion
  • speaker photo
    Scott Benson
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.

    Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.

  • speaker photo
    Erika Carrara
    VP, Chief Information Security & Infrastructure Officer, The Greenbrier Companies

    Erika Carrara is a seasoned cybersecurity and technology expert with over two decades of experience. Skilled at helping businesses navigate cyber risks, data governance, and digital transformation, Erika has led several corporations through a security maturity curve in the defense industrial base, federal sector, and twice in manufacturing, now at Greenbrier. She is an expert in security governance, compliance, privacy, and digital systemic risk.

    In her role as Chief Information Security & Infrastructure Officer, Erika presents at all board meetings, providing information and guidance on cyber protection and resiliency. As a Boardroom Qualified Technology Expert (QTE), she works closely with the board's enterprise risk and audit committee and C-Suite, providing updates on the materiality of cybersecurity risks and incidents. Erika has enhanced security governance at Wabtec by strengthening the company's governance framework, establishing effective risk management processes, conducting frequent risk assessments, and providing strategic guidance to the board and C-Suite on cyber risk matters. She maintains a pulse on the regulatory landscape, overseeing adherence to cybersecurity regulations, industry standards, and data protection laws in the 53 countries where Wabtec operates.

    A Native American and veteran, Erika is passionate about championing DEI and social programs/causes. She advocates for gender diversity through education, industry sharing, and career development. As a values-based leader, Erika demonstrates diplomacy, flexibility, and a deep commitment to life-affirming principles such as honesty, integrity, trust, and compassion for others.

  • speaker photo
    Doug Cavit
    CISO, Snohomish County, Washington

    Doug Cavit has been involved in cybersecurity for 30 years as CIO of McAfee and Chief Security Strategist at Microsoft, as well as CISO for two tech startups working on automated cybersecurity in the cloud. He was a major contributor to Microsoft adding anti-malware and several versions of Windows. He has been involved in setting security standards for the financial services and utility industries as well as the ISO process for secure software development. He has helped the Global Fortune 1000 and governments around the world on security and is a noted speaker in the security industry. Doug was a finalist for an Orbie award for CISO of the year in 2025. He holds multiple patents for IT infrastructure. Currently, he is CISO for Snohomish County in Washington State. In addition, he is a volunteer board member for a local non-profit that provides computers to the disadvantaged.

  • speaker photo
    William Lidster, Moderator
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Zabrina McIntyre, Host
    Director, Advisory, KPMG; Leadership Board, WiCyS BISO Affiliate

    Zabrina McIntyre is a Director with KPMG focusing on large scale cybersecurity transformations for clients with a focus on compliance. She holds the CISSP and PMP certifications and is working on her PCI QSA. She is a dedicated supporter of Women in Cybersecurity (WiCyS) and is currently on the leadership board for the Business Information Security Officer (BISO) Affiliate.

  • speaker photo
    Courtney Hans
    VP, Cyber Services, AmTrust Financial Services

    Currently the Vice President of Cyber Services for AmTrustCyber, Courtney Hans brings a variety of experience into her work. In her early career, Courtney was an adventure travel guide with a short window to make a strong impression. Curiosity became her superpower as she learned how to uncover the inner motivations of diverse groups of guests. Guiding, just like cybersecurity, requires agility and a cool head during a crisis. Formerly the Head of Security and IT for a growing SaaS startup, Courtney joined AmTrust to help to reduce risk and deepen the relationship between carrier and insured.

  • speaker photo
    Kip Boyle
    Co-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Jake Bernstein, Esq.
    Co-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLP

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Panel Discussion
  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Cliff Steinhauer
    Director, Information Security & Engagement, National Cybersecurity Alliance

    Cliff Steinhauer is a passionate information security and privacy professional. Currently based in Seattle, he has over a decade of experience in sales, marketing, and project management. With the National Cybersecurity Alliance, Cliff works to direct community engagement through live events, educates through thought leadership, and runs the Cybersecurity program for NCA. Cliff enjoys sharing the message of securing your digital life, protecting information systems and the people that run them, and mentoring young folks to promote interest in the field.​

  • speaker photo
    Ran Hinrichs
    Professor of Practice, Cybersecurity, Norwich University

    Randy J. Hinrichs is a national leader in AI ethics and cybersecurity education, serving as Professor of Practice at Norwich University and PhD candidate in CyberEthics at the University of Idaho. He directs multiple NSA-funded NCAE Co-Op Centers, advancing workforce development through experiential learning and ethical AI integration. Randy is the architect of the AI Moral Code—an empirical framework for embedding moral reasoning into AI systems—and the creator of the NSA-endorsed “CyberEd in a Box” program. With over 25 years of leadership across Microsoft, Sun Microsystems, and federal innovation projects, he combines immersive technologies, ethical governance, and workforce transformation to build a secure and responsible AI future.

  • speaker photo
    Colson Hoxie
    Sr. Sales Engineer, Axonius

    Colson has been in the cybersecurity space for seven years now, with that journey starting at pre-Cisco Duo. Over the years he developed significant interest in cloud security and governance. While in the past that might have specifically referred to the public cloud, applications and the users that connect to them live everywhere, which means a broader viewpoint is needed to effectively secure the users, data, and devices that make up an organization. Colson has helped companies develop effective Zero Trust Network Access and data protection programs, starting with visibility and ending with effectively implementing policies that protect critical business data.

    Today, his journey brings him back to devices, though still with a "zero trust" lens, where organizations are not just trusting the data their systems provide but validating and verifying via aggregating all of their different data sources into one place. This visibility, just as it does when building a data protection program, is the first step to effective risk management programs.

  • speaker photo
    Bryan Ward
    Sr. Sales Engineer, ColorTokens

    Bryan Ward is a cybersecurity veteran with over two decades of experience helping global enterprises strengthen their security posture. He specializes in Zero Trust, microsegmentation, and practical approaches to network and infrastructure security, with leadership roles at companies like Akamai, Guardicore, and ColorTokens. Bryan is known for turning complex security challenges into actionable strategies that actually work.

  • speaker photo
    Panel Discussion
  • speaker photo
    Troy Batterberry
    CEO & Co-Founder, EchoMark

    Troy Batterberry is the founder and CEO of EchoMark, a Software-as-a-Service (SaaS) company pioneering a new standard in information protection. The company was founded on that trust is central to empowering everyone to do their best work. Troy brings years of product and technology experience, including 25 years at Microsoft, where he most recently served as a Corporate Vice President as the product leader of Microsoft Teams Meetings, Calling, and Events. During his tenure, Troy also played an integral role in the growth and success of marquee Microsoft products, such as Windows, Explorer/Edge, Bing, Xbox, and MSN. Before joining Microsoft, Troy held engineering positions at Sony and within the U.S. Department of Defense. Troy is driven by a long-standing passion for creating new experiences and products.

    In addition to his professional pursuits, Troy is a parent volunteer at his kids’ schools, spends time volunteering for Boy Scouts, and also enjoys time outdoors boating, hiking, and running. He holds an M.S. in Information Systems from the University of Southern California and a B.S. in Electrical and Electronic Engineering from North Dakota State University.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Lisa Plaggemier
    Executive Director, National Cybersecurity Alliance

    Lisa Plaggemier is Executive Director at the National Cybersecurity Alliance. She is a recognized thought leader in security awareness and education with a track record of engaging and empowering people to protect themselves, their families, and their organizations. Lisa is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.

  • speaker photo
    Tim Rains
    VP & CISO, ADT

    Tim Rains is an internationally recognized cybersecurity executive, advisor, and author.

    Currently, Tim is Vice President and Chief Information Security Officer at ADT – the largest security and automation company in the United States, protecting 6.5 million households. In this role, Tim leads enterprise cybersecurity and product security.
    Previously, Tim was Vice President Trust & Cyber Risk at T-Mobile where he led cybersecurity strategy, architecture, assurance, risk management, compliance, and the Business Information Security Officer function. While Tim was at T-Mobile, he was appointed to serve on a subcommittee of the President of the United States’ National Security Telecommunications Advisory Committee (NSTAC) that developed recommendations to the President focused on improving national cybersecurity.
    Prior to T-Mobile, Tim held cybersecurity leadership positions at both Amazon Web Services and Microsoft. At AWS, Tim was the Global Security and Compliance Leader for Worldwide Public Sector, where he spent 3 years living in London.

    In the 17 years Tim spent at Microsoft, he held numerous roles including Global Chief Security Advisor, Director of Security, Identity, and Enterprise Mobility, Director of Trustworthy Computing, and founding Technical Lead of Microsoft’s customer facing Cybersecurity Incident Response Team.

    Tim is the author of the popular book, now in its second edition, “Cybersecurity Threats, Malware Trends, and Strategies” published by Packt Publishing.

  • speaker photo
    Ralph Hogaboom
    CISO, Washington Department of Natural Resources

    Ralph Hogaboom is a seasoned cybersecurity leader with a deep commitment to public service and a human-centered approach to information security. A West Coast native from Aberdeen, Washington, Hogaboom worked his way up from grassroots tech support roles—from learning Perl and web design on the weekends to promote his string of punk bands, to serving as Chief Information Security Officer for the Washington State Department of Natural Resources. Today, Hogaboom is focused on building a world-class cybersecurity program powered by sound technical capability, practical risk management, trust, and empathy.

  • speaker photo
    Khaja Ahmed
    CISO and Angel Investor

    In a career spanning more than three decades, Mr. Khaja Ahmed has worked at the forefront of security technology — developing cutting-edge solutions in secure communications, data protection, and applied cryptography. He has led high-impact security teams at leading companies including Gemini (a cryptocurrency exchange), Microsoft, Google, and Amazon. His expertise spans hands-on system design, organizational leadership, and executive engagement—enabling him to architect solutions, build world-class teams, and shape security strategy at the highest levels. A sought-after speaker and panelist, he frequently addresses topics ranging from technical security practices to team building and leadership for individual and organizational growth. Currently, Khaja is an angel investor and advisor/consultant to startups in security. He enjoys teaching at his son’s institute, Ahmed Tech Academy, and at Bellevue College where he teaches Information Security and Computer Architecture as adjunct faculty.

  • speaker photo
    Anil Karmel
    Research Fellow, Cloud Security Alliance

    Anil Karmel is a cybersecurity leader, serial entrepreneur, and startup advisor, founding two companies from 0 to 1 to exit. Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Karmel began his government career as a Technical Staff Member of Los Alamos National Laboratory (LANL) and was responsible for inventing their cloud and collaboration technologies. Karmel and his team have garnered industry and government accolades, including the SANS National Cyber Security Innovators Award for Cloud Security, SINET Top 16 Cybersecurity Startups, InformationWeek 500 Top Government IT Innovators, and the DOE Secretary's Achievement Award. Anil served as the president of the Cloud Security Alliance’s DC Metro Area Chapter and is a member of the CSA's CxO Trust Advisory Council.

  • speaker photo
    Vishwas Manral
    Research Fellow, Cloud Security Alliance

    With more than 20 years of experience in the technology industry, Vishwas has a passion for innovation and problem-solving, and a track record of delivering high-impact products and projects in various domains, such as infrastructure, networking, security, cloud, IoT, and data. He is formerly the Chief Technologist and Head of Cloud Native Security at McAfee, where he led the vision, strategy, and execution of cutting-edge security solutions for the cloud. He has also been a founder, CEO, CTO, product manager, and engineer in large companies and startups, working with diverse technologies and languages. Has co-invented multiple technologies and authored several publications in the IETF, where he is an active contributor and member. His specialties include bringing new ideas to market, creating new technology, building energized teams, and providing technology execution, vision and direction.

  • speaker photo
    Aradhna Chetal, Moderator
    Managing Director, Executive Security, TIAA

    Aradhna serves as a Managing Director Executive – Digital & Cyber Transformations at TIAA, a financial services company, she is responsible for the cloud security DevSecOps for Applications, Data, AI Enterprise vision, strategy, standards, security patterns in a multi-cloud hybrid enterprise. Her expertise spans Cloud Security; IAM, Zero Trust, Data Protection and GenAI Security Engineering. She has worked in various cybersecurity leadership roles at JP Morgan Chase, Boeing Company, Microsoft, and T-Mobile. Aradhna is an active member in the cyber security industry. She is Co-Chair of Cloud Native Computing Foundation Security TAG, Co-Chair for CSA Serverless Working group and a Cloud Security Alliance Research Fellow; she contributes to OWASP AI, CNCF , Cloud Security Alliance working groups and NIST Cloud computing standards, has influenced best practices and standards for cloud, containers and micro services security. She has also been providing expert guidance to a number of startups on security product roadmaps and feature development especially in the area of Identity and Access Management, Zero Trust and Container Security etc. Aradhna has a Masters in Cybersecurity, a bachelor's in electrical engineering, a
    CISSP and CCSP from ISC2.org. Outside of work, Aradhna enjoys hiking, snowshoeing, and volunteering for women’s causes.

  • speaker photo
    Marivell Alicea-Gamlin
    Sr. Cybersecurity BISO Analyst, CBRE

    Marivell Alicea-Gamlin is a Senior Cybersecurity BISO Analyst at CBRE, where she connects cybersecurity strategy to business outcomes through client assurance, audit support, and third-party risk engagement. With more than 20 years of experience across IT operations, governance, and compliance, she plays a key role in shaping cyber strategy and building client trust. Marivell serves on the board of ISSA Puget Sound as Director of Membership and actively mentors emerging cybersecurity professionals. She holds a Master’s in Network and Communications Management, is ISC2 Certified in Cybersecurity (CC), and brings a global perspective with fluency in Spanish and developing proficiency in Portuguese.

  • speaker photo
    Iain Sloan
    CISO, Washington State Liquor and Cannabis Board

    Iain Sloan is an accomplished cybersecurity leader with more than 40 years of experience in information technology and security across both public and private sectors in the UK, Texas, and Washington State. As Chief Information Security Officer for the Washington State Liquor and Cannabis Board, he is responsible for safeguarding critical infrastructure, ensuring regulatory compliance, and driving strategic initiatives that enhance the agency’s security posture.

    Throughout his career, Iain has led enterprise programs, implemented risk management frameworks, and fostered cross-functional collaboration to address evolving cyber threats. His deep technical expertise, combined with a commitment to operational excellence and public service, makes him a respected voice in the cybersecurity community.

  • speaker photo
    George Williams
    CIO, Washington State Liquor and Cannabis Board

    George Williams is a seasoned technology executive and retired Senior Army Officer with over two decades of distinguished leadership in IT operations, strategic planning, and organizational transformation. Currently serving as Chief Information Officer and Director of IT Services for the Washington State Liquor and Cannabis Board, George leads enterprise-wide technology initiatives that drive innovation, efficiency, and mission alignment. His recent success includes spearheading a $70 million Salesforce CRM modernization project, replacing seven legacy systems and streamlining agency operations.

    George’s career spans both public and private sectors, with prior roles including Senior IT Manager and Assistant Division Manager at Washington state agencies, and Engineering Manager at Iron Bow Technologies. His expertise encompasses cloud infrastructure, cybersecurity, enterprise systems, and vendor management—backed by hands-on experience with platforms like VMware, Azure, AWS, and Salesforce. A veteran of the U.S. Army and Washington Army National Guard, George held pivotal roles in global operations, including strategic planning for NATO in Afghanistan and communications leadership in Iraq. His military tenure culminated in commanding a missile defense site and developing communications doctrine for the Army’s digital transformation.

    George holds an MBA in IT Management from Western Governors University (Feb 2024) and a BA in Education from Eastern Washington University. He is a Certified Scrum Master, Lean Six Sigma Green Belt, and IPMA LeaderPath graduate. Known for his disciplined approach, mentoring mindset, and results-driven leadership, George continues to bridge technology and strategy to empower teams and transform organizations.

  • speaker photo
    Brian Hileman
    Director, Sales Engineering, Cyberhaven

    Brian has over a decade of experience in data protection, specializing in DLP and Insider Risk Management. As Cyberhaven’s Director of Sales Engineering and creator of DLPTest.com, he has held key roles at Palo Alto Networks, Digital Guardian, and InteliSecure, and regularly shares insights at conferences like ISSA, CSA, and RMISC.

  • speaker photo
    Timothy Youngblood
    CISO, Astrix

    Timothy Youngblood is the former SVP, Chief Security Officer and Product Security Officer for T-Mobile, where he led the company’s cybersecurity organization. Prior to T-Mobile, Youngblood served as the Chief Information Security Officer for McDonald’s. He also established the CISO roles for two major industry brands, becoming the first Global CISO for both Dell and Kimberly-Clark. Earlier in his career, Youngblood held leadership roles at KPMG, providing advisory services to leading companies across industries. In addition to his board activities, Youngblood is an active angel investor with a focus on cybersecurity, medical devices, clean tech, media, and CPG. In 2024, he was recognized as the top member of the world’s largest angel investment organization, Keiretsu Forum. Youngblood also serves as an adviser to some of the most innovative cybersecurity startups in the industry. He currently holds the role of CISO-in-Residence for Astrix Security, the leader in Agentic and Non-Human Identity Security.

  • speaker photo
    Joe Veroneau
    Head of Trust and Security, Conveyor

    Joe is a risk management professional with experience across many security, risk and compliance domains. Past roles include advising on GRC software implementations at highly regulated customers and supporting data protection efforts at Aptible, a HITRUST Certified Platform-as-a-Service. Joe currently leads the Trust & Security function at Conveyor, an AI agent company automating the customer security review process and he regularly participates in and presents at regional and national ISACA events.

  • speaker photo
    Stephen Bellville
    Secretary, ISC2 Seattle Chapter
  • speaker photo
    Jake Bernstein, Esq.
    VP, ISC2 Seattle Chapter

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Frank Simorjay
    President, ISC2 Seattle Chapter

    Frank Simorjay (CISSP, ISSA Distinguished Fellow) is a cloud security and compliance subject matter expert. Frank works for Microsoft Azure global ecosystem organization as the Lead PM of the Azure automation Blueprint program, that includes the PCI automation blueprint. Frank has written an extensive library of papers, and blogs (http://cloudntech.blogspot.com/)

  • speaker photo
    AK Torgeson
    Treasurer, ISC2 Seattle Chapter

    AK obtained her CISSP in 2023, after attending an ISC2 Seattle CISSP Bootcamp. She holds a Masters in Analytical Chemistry from the University of Washington and Bachelors in Biochemistry and Computer Science, both from Seattle University.

  • speaker photo
    Jean Pawluk, Moderator
    Director at Large, ISC2 Seattle Chapter

    Jean is an Executive Consultant, ISSA Distinguished Fellow, and honored as a 2015 SC Magazine “Woman of Influence”. With a global focus on strategy, architecture, and technology in the high tech and financial industries, she alternates between technical and executive leadership roles. Once focused on security and cryptography for the financial industry, her current focus is on the use and abuse of blockchains, augmented reality, and the Internet of Things (IoT).

  • speaker photo
    Lana DeMaria
    Head of Data Governance and Privacy, Alaska Airlines

    Lana is a motivated and results-oriented leader with 20+ years of international experience.

    She is experienced in supervising and training teams, building global enterprise-wide programs from the ground up, and leading, planning & executing projects in a variety of industries, ranging from aviation to software, to manufacturing, to telecom and education. She has over 23 years of team management and technology experience, with 19 years of strong contributions to the privacy, security and risk management space at Alaska Airlines Group, Microsoft and Ernst & Young, and with 18 years of training, communications and marketing experience at Alaska Airlines, Microsoft, Ernst & Young, Boeing, PacifiCorp and SCS.

    She has earned and been awarded the Six Sigma, CIPP, CIPM, CISA and ITIL Foundations certifications, and is a member of the Digital Marketing Association, Institute of Internal Auditors, the International Association of Privacy Professionals, as well as the IT Compliance Institute. She has an MBA in International Business.

  • speaker photo
    Harald Upegui
    Director of Information Security, HealthPoint
  • speaker photo
    Panel Discussion
  • speaker photo
    Kip Boyle
    Co-Host, Cyber Risk Management Podcast; vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Jake Bernstein, Esq.
    Co-Host, Cyber Risk Management Podcast; Partner, Data Protection, Privacy & Security Group, K&L Gates LLP

    Jake Bernstein is a practicing attorney and CISSP who counsels clients trying to understand their cybersecurity risks and the legal duties that arise from those risks. In his decade-plus of practice, Jake has acted as both regulator as an Assistant Attorney General with the Washington State Attorney General's Office and as private defense counsel representing companies subject to data security and privacy regulations enforced by federal, state, and international authorities.

  • speaker photo
    Matt Crane
    Director, Schellman Compliance LLC

    Matt Crane, Director at Schellman, oversees PCI DSS assessments for diverse industries, leveraging over a decade of information security expertise. He conducts PCI workshops, speaks at industry events, and collaborates with Fortune 500 companies on compliance challenges, including SWIFT CSCF. Before joining Schellman in 2017, Matt specialized in PCI and NIST assessments and intelligence analysis in both private and public sectors. He holds a BBA in Information Security and Assurance and certifications including CISSP, CISA, CRISC, and QSA, ensuring clients receive expert guidance in achieving compliance goals.

  • speaker photo
    Justin Hart
    Director of Engineering, Salesforce
  • speaker photo
    Andrew Leeth
    Sr. Director, Security Assurance, Salesforce
  • speaker photo
    Mario Mercaldi
    Lead Security Engineer, Salesforce

    Mario Mercaldi is a Lead Security Engineer at Salesforce, with a career rooted in building security tools, reverse engineering software, and leading large-scale risk assessments. For over a decade, he has combined offensive and product security expertise with a passion for automation and developing practical frameworks that help organizations scale security without losing precision. Today, Mario focuses on applying AI and emerging standards such as the Model Context Protocol (MCP) to shift security from reactive detection to proactive prevention - bringing a practitioner’s eye for detail to one of the industry’s biggest transformations.

  • speaker photo
    Jerry Hahn, Moderator
    Product Security, Compliance Automation Team, Salesforce
  • speaker photo
    Tim Gallo
    Head of Global Threat Intelligence, Google Cloud

    Tim Gallo is the Head of Global Threat Intelligence at Google Cloud, he specializes in Cyber Threat Intelligence and Risk everything from Intelligence Operations and Cyber Threat Profile development to risk based analytic approaches to Security Operations. He Joined Google Cloud through the acquisition of Mandiant by Google in 2022, he had spent 5 years at Mandiant prior to the acquisition in a variety of field facing roles covering the aforementioned topics. Before joining Mandiant, Tim leveraged his over 20 years’ experience in information security and intelligence operations to aid in the development and deployment of a number of solutions. Including building client and organizational expertise in Intelligence Led Security and Business Operations. This included the development and product management of some of the first cyber intelligence solutions ever brought to market. These solutions have included threat and vulnerability management tools, IOC prediction algorithms, intelligence services, and strategic intelligence consulting. Today he spends his days helping clients understand the importance of Intelligence as a guiding principle for building out effective security processes and operations and helping clients and vendors find ways to leverage technologies responsibly to build their cyber defense centers and security operations practices. Every once in a while he can be found out in the desert, sometimes on his Harley with a flamethrower, sometimes with just a flamethrower

  • speaker photo
    Elizabeth Schaedler
    Security Advisor, Splunk

    Elizabeth Schaedler is a seasoned Splunk Security Advisor, specializing in helping organizations align their security strategies with business risk objectives. She has extensive expertise in leveraging risk-based alerting to address complex challenges such as fraud prevention. With over 20 years of experience in data center operations and cybersecurity, Elizabeth has held senior roles at leading technology companies including Cray Research, HP, RSA, Sun Microsystems, and IBM, mostly in the high-performance computing (HPC) sector. Based in Portland, Elizabeth is a 3rd generation U of O Duck and spends her free time with her husband, recently embarking on the project of organizing the treasures left behind by their two adult children.

  • speaker photo
    William Lidster, Moderator
    CISO, AAA Washington

    William serves as the leader of AAA Washington’s information security and compliance efforts. He is responsible to establish a responsive, dynamic, and flexible cybersecurity program to meet continually changing information security, regulatory, and compliance needs in the organization.  William has been with AAA Washington since August of 2017. Other roles that William serves in the company include coordinating business continuity program activities and leading the company through emerging privacy legislation management.

    In the evenings, William instructs graduate and undergraduate cybersecurity courses at the University of Washington and The Penn State University. William completed his Bachelor of Science in Computer Science from the U.S. Military Academy at West Point. He subsequently earned a Masters in Management Information Systems and an MBA from the University of Maryland. In December of 2018, he completed his Doctorate of Philosophy in Cybersecurity and Information Assurance from Capella University.

    Prior to William starting at AAA Washington, he served five years as the Manager of IT Security Engineering at Puget Sound Energy. Prior to that, he also served as the regional CISO for Providence Health and Services. He has also served in similar positions with Alaska USA Federal Credit Union, Chugach Electric Association, and the State of Alaska, Department of Public Safety.

    William served in the U.S. Army from 1990 to 1996 as an officer in the Infantry and is a combat veteran for Operation Desert Storm.

  • speaker photo
    Sonali Bhagwat
    Sr. Director, Security, Privacy and Data Governance, Adobe

    Sonali Bhagwat is Senior Director Adobe, leading global programs in Security Engineering, Privacy and Data Protection. With over 20 years of experience at Adobe, Twitter, and Microsoft, she has built scalable AI governance frameworks, privacy-by-design initiatives, and enterprise security capabilities. She holds a Bachelor’s in Engineering from the University of Mumbai and an MBA from the University of North Carolina, Chapel Hill.

  • speaker photo
    Akhila Nama
    Head of Enterprise Security, Box

    Akhila Nama leads the Enterprise Security organization at Box where she oversees security design, strategy, architecture and risk management, with a focus on securing modern enterprise environments while driving business growth. With more than a decade of experience, Akhila has worked through multiple roles and domains, helping organizations navigate complex threats while building security programs and teams that scale.

  • speaker photo
    Scott Benson
    Director of Cybersecurity and Infrastructure, Mud Bay, Inc.

    Scott Benson is the Director of Cybersecurity and Infrastructure at Mud Bay, with over 25 years of experience in the field. He holds certifications such as CISSP, CEH, and PCIP. Scott leads a team responsible for cybersecurity, infrastructure, and help desk services, ensuring successful business outcomes and compliance with industry standards. He has a strong background in risk management, cloud security, and cybersecurity strategies.

  • speaker photo
    Aaron Hunt
    Director, Information Security, KP LLC

    An Information Security leader with experience establishing resilient security strategies and procedures enhancing the corporate security posture, through evaluation of risk, promoting security awareness and privacy training, management of incident response, managing relationships with customers and business partners, and ensuring continued compliance through internal, customer and certification security audits.

    A proven leader, skilled in managing network and application operations, knowledgeable in many collaboration and web environments and successfully managed services and large scale projects. Experienced in several security frameworks, including ISO 27001, PCI DSS, HITRUST, NIST 800-53, HIPAA, GDPR and SOC.

  • speaker photo
    Megan Slabinski, Moderator
    District President, Robert Half

    Megan Slabinski is the District President for Robert Half, the world’s first and largest specialized talent solutions firm. Megan oversees operations for the Technology and Marketing and Creative practice groups in the Pacific Northwest, Utah, New Mexico and Northern California.

    Megan joined Robert Half in 1999 and has held numerous leadership roles within the company, including Regional Vice President and Executive Director of The Creative Group. A veteran of the staffing industry, she has helped place thousands of professionals in rewarding careers and has provided local businesses with the talent they need to be successful.

    Megan is considered an industry expert and quoted frequently on career-related topics as well as speaking publicly at various events throughout the regions she oversees. She is a graduate of the University of Washington.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Sr. Cybersecurity Consultant, Wilson Cyber

    Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Propel your cyber career at SecureWorld!

Hone your skills and connect with your regional peers in InfoSec.