Topic: Information Security

  Presented by Structured

This session examines how organizations can align cybersecurity, privacy, and compliance programs with the realities of 2026. The presentation reviews current threat trends, executive accountability requirements, and the expanding impact of artificial intelligence on risk management. It then connects federal, state, and industry obligations, including NIST CSF 2.0, HIPAA, CJIS, PCI DSS 4.0, CMMC, and emerging privacy laws to practical security program design. Attendees will leave with a clear framework for building a complete security program that integrates governance, segmentation, risk management, Zero Trust principles, and penetration testing to reduce risk and support regulatory readiness.

  Presented by Tony Taylor, Sales Engineer • Horizon3.ai

Most security programs measure effort — not outcomes. Organizations patch thousands of vulnerabilities, deploy dozens of tools, and run annual tabletop exercises… but when an attacker shows up, none of that matters.

What matters is whether they can prove their defenses actually work.

In this talk, Horizon3.ai shares how leading organizations are using autonomous pentesting to see their environment through the attacker’s eyes — continuously, safely, and at scale. By shifting from assumptions to proof, they’ve learned to:

• Prioritize what’s exploitable. Focus limited resources on the weaknesses that truly put the business at risk that are known to be abused by threat actors.
• Quickly fix what matters. Close the loop from find → fix → verify and reduce your exploitable attack surface.
• Reduce attacker dwell time. Use pentest results to precisely deploy honeyTokens to detect compromise early, and to continuously prove your EDR and SIEM are tuned and working as intended.

Cyber resilience isn’t about being perfect — it’s about getting better over time. And the only perspective that truly matters is the attacker’s.

  Presented by Chad Alessi, Managing Director, Cybersecurity • CTG

Many organizations generate cybersecurity assessments and compliance reports, but struggle to translate them into actions that meaningfully reduce operational risk. This session explores practical strategies for turning cybersecurity insights into decision frameworks that support operational continuity and executive risk management. Drawing on experiences from critical infrastructure and healthcare environments, the talk highlights how organizations can move from compliance-driven security to true cyber resilience.

  Presented by Oscar Minks, President • FRSecure

The result of over 100 incident cases handled by the FRSecure response team in the last two years, President Oscar Minks will dive into the latest threats and response techniques you need to know—and what you can do to minimize the risk and impact of similar events. The breakdown will cover Business Email Compromise, Ransomware, and Internal Compromise. You can’t afford to miss it!

  Presented by Tom Ruoff, Principal Consultant • ImageSource

Organizations face rapidly evolving cyber threats, yet many still view technology as a cost center rather than a strategic partner. This presentation reframes the conversation by translating technical risks into business and financial terms leaders understand. Attendees will learn how to identify Business Essential Functions (BEFs), quantify operational and financial impacts, and apply practical risk‑estimation methods. By establishing a common language of risk, leaders can align priorities, invest where it matters most, and meaningfully reduce enterprise exposure. The session equips both executives and IT teams with tools to build consensus and drive smarter, outcome‑based cybersecurity decisions.

Tom Ruoff serves as Principal Consultant for ImageSource, Inc. providing cybersecurity consulting services (risk assessments, threat hunting, pen testing, breach remediation, security architectures, policies, business impact assessment) to commercial clients including Native American Tribes and Tribal Casinos, he is also a founder and current CEO of Zorse Cyber. Tom retired from the Dept of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) in June 2023, as Chief, Methodology Branch, supervising vulnerability assessments for elections, power generation/distribution, and pipelines, and Federal Government IT systems. Before DHS, Tom was the Director of Systems Division at Northrop Grumman, developing cross domain solutions (CDS) for National Security Agency (NSA) and Central Intelligence Agency (CIA). Air Force veteran with tours at NSA, CIA element of the National Geospatial-Intelligence Agency, and Defense Intelligence Agency He is a Level III Federally Certified Program Manager, PMP, CISSP, CMMI Associate, MS/BS degrees in physics and electrical engineering.

  Presented by Peter Ingebrigtsen, Sr Technical Marketing Manager • Arctic Wolf

Cybersecurity threats don’t emerge in isolation—they are observed, analyzed, and stopped by real people working on the front lines every day. This session pulls back the curtain on modern security operations, focusing on the human-driven research that powers effective threat detection, incident response, and adaptive security strategies.

Drawing on Arctic Wolf Labs research, SOC analyst expertise, and real-world incident data, this talk examines how today’s attacks are identified, contextualized, and disrupted in live environments. Attendees will gain insight into the patterns behind the most persistent threats, how adversaries continually adapt, and why defenders must evolve just as quickly. Rather than focusing solely on tools or alerts, this session highlights the people, processes, and intelligence that transform raw telemetry into actionable defense – illustrating how to turn frontline observations into scalable protection for organizations of all sizes.