In an era of relentless cyber threats and an ever-shifting technological landscape, cybersecurity professionals, particularly CISOs, often find themselves caught in a perpetual cycle of chasing the latest “shining objects”—new technologies, frameworks, or buzzwords.

This reactive approach fundamentally undermines an organization’s security posture. True resilience and effective defense are built upon a deep understanding and rigorous application of cybersecurity first principles. These foundational concepts—such as least privilege, defense in depth, segmentation, and incident response—are foundational and technology-agnostic. They provide a bedrock upon which robust and adaptable security architectures can be constructed, regardless of the emerging threat landscape or the latest marketing hype.
A disciplined return to these core principles empowers CISOs and practitioners to cut through the noise, make strategic and informed decisions, and ultimately build a truly defensible cybersecurity program. By focusing on what truly matters, organizations can achieve a level of security maturity that transcends fleeting trends and stands the test of time.

• Prioritize Foundational Principles over Hype
• Resist “Shining Objects” Syndrome
• Build a Solid, Adaptable Foundation
• Strategic Decision-Making
• Cultivate a Culture of Foundational Security

In the rapidly evolving landscape of cybersecurity, the need for efficient and effective security remediation strategies has never been more critical. Through the use of machine learning algorithms, natural language processing, and data analytics, the approach automates the identification of vulnerable sensitive data and how to remediate the data at the group, individual or document level. We further explore the challenges associated with implementing such a system, including ownership identification, integration with existing processes, and how to prioritize actions to deliver the greatest risk reduction.

• Use AI to enable existing process to reduce security vulnerability and risk.
• Remediate at various levels of security risks to address different outcomes.
• Enable automation to increase time to value.

1. Introduction: The Spotlight on Cybersecurity

• Incident response: The “sexy” side of cybersecurity
• Enter GRC: The strategic backbone

2. What Is Cybersecurity Risk and Compliance?

• Cybersecurity risk – the potential for financial loss, operational disruption, and reputation damage.
• Cybersecurity compliance – adhering to laws, regulations, standards, and frameworks.

3. Cybersecurity GRC: Quietly Making You Money – The Business Case for GRC

• Governance: Setting the Direction with IT General Controls
• Risk Management: Measuring, Prioritizing, Remediating
• Compliance: Staying Ahead of Regulation
• Attaining Cybersecurity Certifications (ISO 27001 and SOC 2 Type II): Sales Driver

4. GRC as a Strategic Enabler

• GRC – Strong programs create healthy organizations
• Metrics create transformation

• Sexy (but damaging) Headlines OR GRC Budgeta. We don’t want to be in the headiness for cyberattacks or breaches and you can’t prevent them if you don’t. understand your ecosystem (including where you are strong and where you are weak)b. Be Secure, be compliant, know your risk and elevate profits

The Salt Typhoon cyberespionage campaign, described as the “worst telecom hack in our nation’s history,” compromised nine major providers and exposed millions to surveillance. This presentation provides actionable strategies for critical infrastructure operators based on joint guidance from the CISA, NSA, and FBI following these attacks.

We’ll examine the five essential defensive pillars: enhanced network visibility, robust access controls, effective segmentation, change detection, and configuration management. Attendees will learn the practical implementation of defense-in-depth strategies.

• The presentation will focus on hardening vulnerable network devices and applying the FCC’s new cybersecurity frameworks. Critical infrastructure operators will gain implementable security controls that balance federal guidance with operational realities, providing a comprehensive playbook for detecting, preventing, and responding to sophisticated attacks on vital systems.

Most customers are having a primary cloud but an additional presence at least in Office365 and another cloud platform. This talk will highlight AWS native cloud security features but we also share what other multi cloud customers are doing for the most prominent use cases. We will cover areas like identity, data, monitoring and observability to share highlight working architectures.

Customers will learn about current AWS security services and how they can be integrated into a multicloud monitoring and observability solution. This will cover some of the leading 3rd party vendors and what you need to consider when integrating AWS security.

Quantum computing and artificial intelligence are redefining the cybersecurity landscape, introducing a high-stakes countdown to overhaul the cryptographic foundations that underpin digital trust. As ‘Q-Day’ looms, when quantum machines could break today’s encryption, security leaders face unprecedented urgency. Meanwhile, AI is both accelerating cryptographic breakthroughs and enabling more sophisticated cyber threats. This session unpacks the critical innovations shaping cryptographic resilience, explores how industries are preparing for post-quantum threats, and presents actionable strategies for future-proofing your organization’s security stack. With real-world case studies and a leadership-focused readiness checklist, attendees will leave equipped to lead through this tectonic shift in cyber risk.

1. Understanding Quantum Urgency:
Recognize the timeline and urgency posed by quantum computing threats to existing cryptographic systems, and the risks associated with the “harvest now, decrypt later” threat.
2. AI’s Dual Impact:
Learn how artificial intelligence is rapidly accelerating both cryptographic threats and defenses, reshaping security strategies.
3. Cryptographic Innovation:
Discover emerging innovations, including post-quantum cryptography (PQC), quantum key distribution (QKD), and AI-enhanced cryptographic solutions designed to resist quantum attacks.
4. Industry-Specific Insights:
Examine real-world case studies from finance, government, healthcare, telecom, and critical infrastructure to understand industry-specific quantum security challenges and solutions.
5. Practical Readiness Checklist:
Receive actionable guidance through a readiness checklist outlining immediate steps security leaders must take to achieve crypto-agility and quantum resilience.

Quantum computing and artificial intelligence are redefining the cybersecurity landscape, introducing a high-stakes countdown to overhaul the cryptographic foundations that underpin digital trust. As ‘Q-Day’ looms, when quantum machines could break today’s encryption, security leaders face unprecedented urgency. Meanwhile, AI is both accelerating cryptographic breakthroughs and enabling more sophisticated cyber threats. This session unpacks the critical innovations shaping cryptographic resilience, explores how industries are preparing for post-quantum threats, and presents actionable strategies for future-proofing your organization’s security stack. With real-world case studies and a leadership-focused readiness checklist, attendees will leave equipped to lead through this tectonic shift in cyber risk.

1. Understanding Quantum Urgency:
Recognize the timeline and urgency posed by quantum computing threats to existing cryptographic systems, and the risks associated with the “harvest now, decrypt later” threat.
2. AI’s Dual Impact:
Learn how artificial intelligence is rapidly accelerating both cryptographic threats and defenses, reshaping security strategies.
3. Cryptographic Innovation:
Discover emerging innovations, including post-quantum cryptography (PQC), quantum key distribution (QKD), and AI-enhanced cryptographic solutions designed to resist quantum attacks.
4. Industry-Specific Insights:
Examine real-world case studies from finance, government, healthcare, telecom, and critical infrastructure to understand industry-specific quantum security challenges and solutions.
5. Practical Readiness Checklist:
Receive actionable guidance through a readiness checklist outlining immediate steps security leaders must take to achieve crypto-agility and quantum resilience.

Experienced IT leader with a strong background in information security, compliance, risk management, virtualization, and strategic planning. Skilled in identity management, auditing, and governance across diverse IT environments. Passionate about technology, leadership, and tackling complex challenges—both technical and metaphorical (yes, even zombies!).

Christopher Ross is a cybersecurity leader with 15+ years of experience in Security Operations, Incident Response, and Threat Intelligence. A Cyber Warfare Technician in the U.S. Army National Guard, he specializes in MSSP management, cloud security, and executive risk reporting. Christopher holds a Master’s in Information Security Engineering and numerous certifications.

With 20+ years in cybersecurity, I specialize in Endpoint and Data Security, Identity and Access Management (IAM), and Governance, Risk & Compliance (GRC). My recent focus includes AI security and risk management, addressing the evolving landscape of secure and ethical AI adoption.
I’ve led complex global IT security projects, delivering robust solutions that enhance data protection, mitigate risks, and drive innovation. Known for strategic execution, I design secure frameworks that support digital transformation and responsible AI practices

Michael L. Woodson is a cybersecurity executive and board advisor with over three decades of experience in enterprise security, law enforcement, and AI governance. Beginning his career at Digital Equipment Corporation, he later led cybercrime investigations with the Boston Police Department and held executive roles at State Street Bank, MBTA, Sonesta Hotels, and Infosys. Michael has advised global institutions including the U.S. DOJ and ASEAN and contributed to the deployment of Microsoft’s Child Exploitation Tracking System (CETS) in Indonesia.

He holds advanced degrees in criminal justice and economic crime, and certifications including C|CISO, CISM, and CAMS.

A frequent speaker and educator, he helps organizations align cybersecurity with business strategy, risk management, and regulatory demands in the AI-driven world.

Charles Setor is the Director of Internal Audit and SOX at Moderna, bringing over 17 years of experience in internal audit, risk assurance, and IT security. He leads global audit programs ensuring compliance with SOX, NIST, and ISO frameworks, and is known for transforming control environments into proactive, automated systems. Charles began his career at PwC, later holding audit leadership roles at UMass Memorial Healthcare. He holds a Master’s from Harvard Extension School, is CISA, CISM, and CDPSE certified, and trained in Lean Six Sigma Green Belt. Charles is a strategic advisor in governance, risk, and compliance.

As Practice Manager for Microsoft Security and Compliance, Kevin is responsible for developing the Security and Compliance practice within Spyglass and helping our clients successfully migrate, use, and secure the Microsoft cloud (Azure/M365). He is also responsible for developing best practices, evaluating new technology and determining how it can be adopted by our clients, as well as maintaining strong relationships with clients and partners.

Kevin has over 30 years of experience in supporting Microsoft technologies for corporation of all sizes. Kevin has supported the Microsoft cloud since it was first known as Business Productivity Online Suite (BPOS) (Predecessor to Office 365)and SQL as a Service (Later called Azure). He has a broad background in leveraging Microsoft tooling to support productivity, security, device management, data governance and compliance, and identity and access management (IAM). Kevin has worked directly or in support of companies across all segments including Financial, Healthcare, Manufacturing, Technology, and Retail.

Kevin graduated from the University of Massachusetts with B. S. degree and is SC-300, SC-400, MS-500 and AZ-500 certified.

Rob Black is the CEO and Founder of Fractional CISO, a Virtual CISO firm specialized in helping midmarket companies start and scale their cybersecurity program to meet the demands of their enterprise customers. He has held product and corporate security positions at PTC ThingWorx, Axeda, and RSA Security – where he participated in the response and recovery of a cyber attack conducted by an adversarial nation state. He publishes short, comedic, and educational GRC videos to hundreds of thousands of viewers each year.