Agenda

Date and Time	Title
Jun 19, 2025 9:00am - 9:51am (Pacific)	[Opening Keynote] Déjà Vu All Over Again: Learning from Cloud's Early Misadventures to Secure Your AI Future Remember when “lift and shift” was cool? Well, neither do we! Well, history’s repeating itself with AI. Organizations are rushing into AI without clear strategies, falling for the “magic bullet” fallacy, and neglecting security. This session dissects the striking parallels between cloud’s wild west days and today’s AI gold rush, exposing common pitfalls like strategic vacuums and security blind spots. Learn actionable strategies to avoid past mistakes, define clear AI goals, prioritize security from day one, and foster a culture of AI literacy. Let’s make your AI journey optimized, not “oops.”
Jun 19, 2025 10:00am - 10:41am (Pacific)	Kubikle: Awareness Training Like You've Never Seen Tired of the same old cybersecurity awareness training? This session introduces “Kubikle,” a groundbreaking YouTube video series that’s transforming how we learn about online threats. Join us for an exclusive conversation with the Managing Director of the National Cybersecurity Alliance, Lisa Plaggemier, the organization behind this innovative approach. We’ll delve into specific “Kubikle” episodes, exploring the comedic yet crucial themes they address and uncovering the creative vision and strategic thinking that brought this unique awareness training to life. Discover how humor and a fresh perspective can make cybersecurity education more engaging and impactful than ever before.
Jun 19, 2025 10:00am - 10:50am (Pacific)	Your API Will Get You Breached: Here's How, Why, and What You Can Do to Stop It APIs are the hidden infrastructure that makes modern technology possible; you use one every day, even if you don’t realize it. Even if your teams are not making APIs, they’re probably still consuming them, taking advantage of the ease with which they connect organizations, partners, and teams. But with this gift of accessibility comes real attack risks; APIs handle sensitive data, core business processes, and valuable assets wrapped up in an easy-to-use interface in your infrastructure or a partner or supplier, perfect for developers or the would-be attacker. In this talk, we’ll cover API security’s what, why, how, and when and offer, real, practical advice even without a budget.
Jun 19, 2025 10:00am - 10:40am (Pacific)	Ritual, Repetition, and Remoteness: Linking Serial Cyber Attacks Serial cyber offenders often operate behind layers of anonymity, yet their behavioral patterns—like those of traditional serial criminals—leave behind digital signatures. This talk explores how principles from behavioral profiling and case linkage in violent crime investigations can be adapted to identify and attribute serial cyber attacks. By examining the concepts of modus operandi, offender ritual, escalation, victim selection and targeting preferences, we illuminate how repeat offenders reveal themselves across campaigns.
Jun 19, 2025 11:00am - 11:48am (Pacific)	Risk Is Danger The Godfather of Zero Trust, John Kindervag, will dive into the foundational concept that risk is inherently dangerous and needs to be mitigated with precision. John will challenge attendees to rethink traditional security approaches and embrace the Zero Trust mindset—where nothing is trusted implicitly, whether inside or outside the network.
Jun 19, 2025 11:00am - 11:40am (Pacific)	Cybersecurity Hiring: Report Reveals the Tide Is Turning In this session, we will uncover what is truly happening in the cybersecurity talent market by analyzing three years of U.S. job posting data across all 45 cybersecurity functional roles, with an average of 140,000 monthly postings. With 40% of the top 25 cybersecurity functional roles growing from 2023 to 2024, signaling positive trends for 2025, we’ll reveal emerging trends, in-demand positions, and those experiencing volatility, stability, or decline. Attendees will gain a clear understanding of how the talent landscape is evolving, the impact of the SEC breach reporting rule, and other key factors shaping the cybersecurity job market. They will walk away with actionable insights to help organizations and professionals navigate these challenges and succeed in 2025.
Jun 19, 2025 11:00am - 11:50am (Pacific)	Preventing, Detecting, Responding, and Recovering from a Ransomware Attack Ransomware attacks continue to pose a significant and evolving threat to organizations of all sizes. The potential for operational disruption, data loss, financial damage, and reputational harm is immense. This session will provide a comprehensive overview of a multi-layered strategy to effectively combat ransomware. Join us to explore the critical phases of ransomware defense: Prevention: Discover proactive measures to fortify your defenses, including robust security hygiene, employee awareness training, network segmentation, and vulnerability management. Learn how to minimize your attack surface and make your organization a less attractive target. Detection: Understand the key indicators of an active ransomware attack. We will discuss the tools and techniques for early detection, such as monitoring for unusual file activity, network traffic anomalies, and endpoint-level behavioral analysis, enabling a swift response. Response: Learn how to develop and implement an effective incident response plan specifically tailored for ransomware. This includes crucial steps like containment, eradication, communication strategies, and decision-making regarding ransom demands. Recovery: Explore best practices for restoring encrypted data and systems efficiently and safely. We will cover the importance of reliable backups, an orderly restoration process, and post-incident analysis to strengthen future resilience. This session will equip attendees with actionable insights and best practices to build a resilient cybersecurity posture capable of withstanding, identifying, and quickly recovering from ransomware incidents, ultimately safeguarding your critical assets and ensuring business continuity.
Jun 19, 2025 12:00pm - 12:48pm (Pacific)	Predatory AI The risks of predatory AI are multifaceted and include both real-world and hypothetical scenarios. One significant concern is the potential for AI to be used in predatory behavior, such as the manipulation of the technical and human behavior element through the exploitation of both types of vulnerabilities. For instance, AI algorithms can predict personal characteristics of users based on simple interactions such as “liking” content on social media platforms, which can then be used to manipulate behaviors. Couple that with the technological aspects and you have a potential worst-case scenario. This presentation examines the types of AI services promoted as services and the links of those services back to Dark AI. From there, learn how to mitigate these risks through various security solutions for your company and personal interactions.
Jun 19, 2025 12:00pm - 12:41pm (Pacific)	Cyber Intel Briefing This presentation will provide a comprehensive overview of the current cyber landscape, focusing on both global and domestic government-related threats and incidents. We will delve into recent high-profile attacks, explore emerging trends, and discuss the evolving tactics employed by cybercriminals and nation-states. Additionally, the presentation will examine the ongoing challenges faced by governments in protecting critical infrastructure, securing sensitive data, and mitigating the risks posed by cyber espionage. By understanding the latest developments in the cyber threat environment, attendees will gain valuable insights into safeguarding government networks and systems.
Jun 19, 2025 12:00pm - 12:45pm (Pacific)	The Current Threat Landscape The cyber threat landscape is rapidly evolving. This panel examines the multifaceted current and emerging cyber threats facing individuals, organizations, and nations. We explore sophisticated attack vectors like AI-driven malware, advanced persistent threats (APTs), ransomware, and social engineering, now amplified by technologies like deepfakes. Discussion will cover the expanding attack surface from IoT proliferation, widespread cloud adoption, interconnected systems, and complex global supply chains. We will also address evolving adversary tactics, including nation-state activities, cybercriminal enterprises, and persistent insider threats. Key themes include the critical need for adaptive and proactive defense, robust threat intelligence sharing, addressing the cybersecurity skills gap, and fostering a more resilient digital ecosystem. Join us for a comprehensive overview of today’s threats and a forward-looking discussion on navigating these complex challenges.
Jun 19, 2025 1:00pm - 1:44pm (Pacific)	Immersive Cross-Training for Upskilling Your Team Security teams are always asked to do more with less. Enter “Immersive Cross-Training,” the name we gave to the program developed to train security team members across functions. The goal is to increase the repertoire of skills for each individual and prepare them with the skills they need to move up if/when new positions open on teams. This strategy also allows the capacity to surge teams cross-functionally when the need arises.
Jun 19, 2025 1:00pm - 1:56pm (Pacific)	Defending Against Digital Defamation and Cyber Extortion The digital age exposes individuals and organizations to significant reputational risks, with digital defamation and cyber extortion posing increasingly prevalent threats. Malicious actors leverage online platforms to spread false, damaging information or to coerce victims through threats of reputational harm or data exposure. These attacks can lead to severe consequences, including financial loss, damaged credibility, operational disruption, and psychological distress. This work provides essential strategies for actively defending against such online assaults. It examines proactive measures like reputation monitoring, security hardening, and building online resilience. Furthermore, it outlines reactive tactics crucial for incident response, encompassing evidence collection, navigating platform removal processes, exploring technical countermeasures, and understanding potential legal recourses. By addressing the unique challenges posed by both digital defamation and cyber extortion, this overview aims to equip readers with the necessary knowledge to protect their online reputation and respond effectively when targeted.
Jun 19, 2025 1:00pm - 1:47pm (Pacific)	Securing the Airgap — Wait, It Needs to Be Secured? Air-gapped systems are often considered the pinnacle of security, but are they truly untouchable? This talk challenges the myth of absolute isolation, exploring real-world breaches – from Stuxnet to electromagnetic and acoustic attacks. Attendees will gain insight into modern threats, including supply chain risks and social engineering, while learning practical strategies to fortify air-gapped environments. Through physical security, procedural controls, and advanced detection methods, this session will reshape how you think about “unhackable” systems. Whether you secure critical infrastructure or simply love cybersecurity, you’ll leave with a deeper understanding of air-gap vulnerabilities and how to defend against them. Attendees will learn that air-gapped systems are not inherently secure and require continuous vigilance, layered defenses, and proactive threat mitigation to prevent sophisticated breaches.
Jun 19, 2025 2:00pm - 2:43pm (Pacific)	[Closing Keynote] SASE—Are We Nearly There Yet? The journey to SASE and zero trust isn’t a destination—it’s an ongoing evolution. As organizations modernize their security and networking, many face roadblocks: legacy architectures, fragmented solutions, and uncertainty about the right next steps. Building it right from the start is key to long-term success. Since 2013, Netskope has been at the forefront of redefining secure access, transforming SASE from a concept into a critical business enabler. This keynote visits the evolution of SASE, from its origins to its future, and explores how organizations can continuously mature their security posture by making the right architecture choices, leveraging deep integration, predictive insights, and strong partnerships.