Agenda

Date and Time	Title
Nov 13, 2025 11:00am - 11:30am (Eastern)	[Opening Keynote] When Policy Isn't Enough: Enforcing Zero Trust Before It's Too Late A well-crafted access policy might look airtight on paper—but reality tells a different story. When security measures slow productivity, users find workarounds, unintentionally opening doors to outside threats. In this session, Joel Burleson-Davis, CTO of Imprivata, shares how to bridge the gap between policy and practice. Learn how to design policies that users will actually follow, enforce access seamlessly, and detect anomalous behavior before small slips become major breaches.
Nov 13, 2025 12:00pm - 12:37pm (Eastern)	Behavioral Threat Intelligence: Profiling the Human Adversary To stop an adversary, you must first understand them. This session moves beyond traditional cyber defense to explore the human element driving attacks on critical infrastructure. In “Behavioral Threat Intelligence,” we dissect the “who” and “why” behind today’s most significant threats—from nation-state sabotage to criminal campaigns. By examining the psychological drivers, cultural biases, and cognitive patterns of attackers, we reveal how to anticipate their next move. You will leave with practical strategies for integrating behavioral profiling with technical intelligence, transforming your ability to predict, attribute, and neutralize threats to the systems we all depend on.
Nov 13, 2025 12:00pm - 12:40pm (Eastern)	The Global AI Dilemma: How the EU and U.S. Are Balancing Innovation and Regulation Artificial Intelligence is impacting our work, and every aspect of our lives, creating both possibilities and challenges. The European Union has enacted broad, mandatory regulations on AI. The United States is focusing on innovation and choosing a different approach by allowing states to decide for themselves. In this session, we explore these two distinct strategies, with a focus on the critical need to balance the protection of human rights and ethical standards, with support for technological advancement.
Nov 13, 2025 12:00pm - 12:50pm (Eastern)	AI-Augmented Threats in Higher Education: Who's Being Targeted and Why AI-powered cyber threats are rising in higher education, with targeted phishing and deepfake attacks becoming more sophisticated. As the attack surface expands, colleges and universities must focus on securing workforce identity—often the weakest link. A layered, human-centric defense is key to protecting faculty, students, and staff. Join Proofpoint’s Ryan Witt and Chris Montgomery for a discussion on the latest threat intelligence and strategies to help institutions better understand and defend against today’s advanced cyberattacks. We will explore: Emerging AI-enabled attack trends Threat insights into which departments and roles are most at risk Actionable strategies to proactively defend against these advanced AI attacks
Nov 13, 2025 1:00pm - 2:03pm (Eastern)	The Essentials of Building a Foundational Cybersecurity Program to Safeguard AI Systems and Applications Artificial intelligence, including Generative AI and Large Language Models (LLMs), is rapidly transforming business and technology. As organizations adopt AI, new and evolving cybersecurity risks emerge. This accelerated session provides cybersecurity practitioners with the essential knowledge and actions needed to immediately begin safeguarding AI systems. The session will focus on three critical, actionable areas: Understanding the Core AI Attack Surface and Key Threats This module provides a rapid-fire overview of the AI landscape, defining essential terms like Generative AI, LLMs, and AI Agents. It will quickly pivot to identifying the most critical AI threats and vulnerabilities, focusing on Adversarial AI and the immediate takeaways from the OWASP Top 10 for LLM Applications. Essential AI Security Controls and Frameworks This section will present a concise, high-level overview of practical, industry-leading security frameworks applicable to AI. The focus will be on the core principles and immediate actions derived from resources like the NIST SP 800-218A Secure Software Development Practices for Generative AI and the Google Secure AI Framework (SAIF). Attendees will learn what controls to prioritize in their current cybersecurity programs. Integrating AI Risk and Governance into Existing Programs We will discuss the fundamental steps for incorporating AI into your organization’s existing Risk Management, Compliance, and Governance structure. This includes a look at the NIST AI Risk Management Framework (RMF) and an overview of emerging global regulations (e.g., the EU AI Act) to help organizations prepare for AI audits and policy development. From this session, attendees will gain a foundational understanding of the AI-driven attack surface and immediate, actionable steps to integrate AI security, risk management, and governance into their current cybersecurity strategy.
Nov 13, 2025 1:00pm - 1:45pm (Eastern)	The Psychology of Phishing: Designing Human‑Centered Awareness Programs Phishing is still the most common attack method because it taps into natural human biases. In this session, we’ll break down the key psychological triggers—like authority, urgency, and social proof—that make these attacks work. You’ll learn how to build awareness programs that actually connect with employees by focusing on what motivates real behavior. We’ll walk through a practical framework for designing empathy-based simulations, tracking behavior change over time, and improving your training based on what works. You’ll walk away with a proven, psychology-based blueprint and ready-to-use templates to build phishing awareness programs that cut click rates by over 30% in just three months.
Nov 13, 2025 1:00pm - 1:45pm (Eastern)	You Are Not a CISO, You Are a 'CO IS' The term Chief Information Security Officer, or CISO, is one that is often defined incorrectly. Many people assume that a CISO is part of the career step, or stop, toward becoming a world-class security engineer. It’s often said the way you become a CISO is to be a security engineer for 10 years and get promoted—but that is all wrong. It is a broken model and why many companies struggle with defining the role of the CISO. A CISO is, by all definitions, a Chief Officer (CO) with a focus and obsession for Information Security (IS). Thus, a true CISO is a CO with an emphasis on IS. In this talk, Dr. Eric Cole breaks down how we got here, why the old CISO model is broken, what we can do, and what you can do to become a better CO IS for yourself and your organization. Whatever your title, you will come away invigorated to rethink your role in security leadership!
Nov 13, 2025 2:00pm - 2:40pm (Eastern)	Threat Landscape 2025: Navigating Identity, Scams, and Resilience in Government & Higher Education Government agencies and higher education institutions face a unique and relentless cyber offensive, balancing mission-critical services with resource constraints and transient user populations. This expert panel dissects the threat landscape, focusing on the vectors that exploit people and trust. Lisa Plaggemier of the National Cybersecurity Alliance will reveal why college students are prime targets for sophisticated scams and how to build effective security behaviors. Russell Dowdell of Imprivata will address the escalating chaos of Identity Governance, focusing on third-party access, cloud sprawl, and the critical need to secure non-human identities. Join these experts for a discussion on actionable strategies to boost operational resilience and navigate the complex, often underfunded, journey toward Zero Trust in the public sector.
Nov 13, 2025 2:00pm - 2:26pm (Eastern)	Breaking Protocol: Email Subversion in Dark-Net and AI Remediation The dark web hosts numerous encrypted email providers marketed as privacy-centric platforms. However, many of these services are increasingly subverted by malicious actors—ranging from cybercriminals to extremist groups—who exploit weak authentication protocols, flawed onion routing implementations, and unmonitored registration pipelines. This study identifies and demonstrates key vulnerabilities in these anonymous email infrastructures, including account hijacking, metadata leakage, and bot-based mass account creation. We showcase real-world exploitation tactics used to bypass safeguards and embed persistent backdoors.
Nov 13, 2025 2:00pm - 2:40pm (Eastern)	The Cyber Frontier: Navigating Security Challenges Posed by AI, Quantum Computing, and Emerging Technologies This presentation examines the critical cybersecurity challenges and opportunities presented by the rapid advancement of emerging technologies, which are advancing faster than society’s ability to absorb and understand them. The first core focus is on Artificial Intelligence (AI), which acts as a double-edged sword in the security landscape. AI is a powerful enabler for defense, capable of mitigating threats through automated process monitoring, predictive analytics, malware identification, and autonomous patching. Conversely, cyber attackers are leveraging offensive AI to create sophisticated, self-mutating (polymorphic) malware that can learn from failed attacks and self-propagate by exploiting system vulnerabilities. Next, the discussion addresses Quantum Computing, and the impending risk of “Q-Day”. Large-scale quantum computers, once operational, will be able to use Shor’s algorithm to break all current public key cryptosystems, including RSA, Diffie-Hellman, and Elliptic Curve Cryptography. This mandates an urgent global transition to new, stronger post-quantum algorithms (cryptosystems). Finally, the presentation highlights Emerging Sector Risks, specifically focusing on the cyber vulnerabilities of commercial space and satellite systems, which are increasingly seen as critical infrastructure. Weaknesses often stem from the use of long-range telemetry with open telecom network security protocols, which offer numerous inroads for attackers. To secure the future, strategies must be proactive, requiring substantial research investment in both AI and cybersecurity9999. Essential principles include adopting a Zero Trust architecture, implementing Security by Design, and preparing for the necessary shift to Post-Quantum Cryptography.
Nov 13, 2025 3:00pm - 3:49pm (Eastern)	Enhancing Security, Easing Compliance: PCI DSS for Multi-Payment Channel Organizations Navigating PCI DSS compliance can be daunting for multi-payment channel merchants and service providers handling diverse transaction environments. This presentation explores practical strategies to reduce compliance burden while bolstering security. Attendees will learn how simple process changes, such as tokenization and point-to-point encryption, can minimize sensitive data exposure. We’ll also examine the benefits of outsourcing specific PCI DSS responsibilities to trusted third-party providers, enabling organizations to focus on core operations without compromising security. Drawing on real-world examples, the session will highlight how these approaches streamline compliance efforts, reduce costs, and enhance protection across online, in-store, and mobile payment channels. Ideal for merchants and service providers, this talk offers actionable insights to achieve PCI DSS compliance efficiently.
Nov 13, 2025 3:00pm - 3:52pm (Eastern)	Cyber Intelligence Briefing: Defending Public Trust and Civic Infrastructure Government agencies at every level are on the front lines of a persistent cyber conflict, entrusted with safeguarding citizen data, delivering essential services, and upholding public trust. This presentation delivers a focused intelligence briefing on the threats facing the public sector. We will dissect recent attacks on civic infrastructure, analyze the tradecraft of nation-states engaged in cyber espionage, and map the emerging trends in criminal campaigns targeting government entities. This session is designed for public sector leaders and technical staff, providing actionable intelligence to harden defenses, ensure the continuity of government, and protect the sensitive data that powers our society.
Nov 13, 2025 3:00pm - 3:58pm (Eastern)	[Panel] Critical Data, Critical Hits: Cybersecurity Leaders on the Front Lines What does it take to lead cybersecurity for a city or county, a multi-billion dollar healthcare network, or a state’s regulatory body for a new industry? This panel cuts straight to the reality of protecting critical public services and high-value data from relentless attacks. The conversation will focus on the hard-won lessons and tackle the immediate, tactical issues like securing an explosion of remote work devices, managing legacy technology, and fighting the growing sophistication of social engineering. Learn how these leaders prioritize risk, build resilient systems on public-sector budgets, and prepare their organizations for the inevitable “critical hit.”
Nov 13, 2025 4:00pm - 4:58pm (Eastern)	[Closing Keynote] Wrecking Ransomware with Defense-in-Depth Ransomware is a massive and persistent problem, and ALL businesses are targets. But defending against these attacks is sometimes treated like an endpoint security issue, giving ransomware groups and threat actors like initial access brokers a major advantage over businesses and organizations working to defend themselves. In this presentation, we teach you how to defend against ransomware attacks with a “defense-in-depth” approach—from humans to identities to infrastructure to endpoints—to give you the upper hand. We’ll dive into real-life ransomware events the Huntress SOC and threat hunting team has dealt with, so you can see how a defense-in-depth approach wrecks attackers.