with Kurt Wieber from White Knight Labs
Abstract: Everyone has received a scam phone call or seen a phishing email, but not everyone has come face to face with a hacker that wants direct access to your server room. Learn the tricks of the trade from a red team operator and how to catch them in the act.
with Kurt Wieber from White Knight Labs
Abstract: RFID Badges are a long standing and prolific security access system. Join us as we discuss its weaknesses, both from a technological and social engineering standpoint to better understand how attackers exploit these systems.
with Kurt Wieber from White Knight Labs
Abstract: Most physical security is either installed incorrectly or just theatre in the first place. In this talk, Kurt Wieber will be going over some of the most common physical attack vectors used by penetration testers and how to successfully defend against them.
10:00AM
TUESDAY
JULY 29th
with Michael Silva, Director of Solutions Engineering from Astrix
Abstract: The rise of agentic AI promises transformative automation, yet it simultaneously demands a new frontier in identity management: securing non-human intelligent agent identities at scale.
This session provides CxOs with a definitive strategic framework for architecting robust identity programs, emphasizing that Non-Human Identity (NHI) security is the foundational backbone for trusting autonomous AI.
We will dissect how traditional identity challenges manifest uniquely with NHIs, necessitating new paradigms for detection, rapid response, and lifecycle management. The presentation will focus on managing identities by behavior, posture, and usage at an unprecedented scale, offering insights into advanced techniques for continuous analytics and dynamic access controls.
Attendees will gain a clear understanding of what success entails for an identity program engineered for agentic AI, including key metrics, architectural principles, and strategic considerations for secure, efficient, and compliant autonomous systems.
11:00AM
TUESDAY
JULY 29th
with Michael Silva, Director of Solutions Engineering from Astrix
Abstract: The explosion of Non-Human Identities (NHIs) – APIs, service accounts, tokens, and the burgeoning realm of Agentic AI – has created a sprawling, often unguarded landscape ripe for exploitation. Forget password sprays and phishing campaigns; the real juicy targets lie within these programmatic access points.
This talk peels back the layers of NHI security (or lack thereof) and reveals how you, the offensive security expert, can leverage these overlooked identities to achieve deep access, lateral movement, and ultimately, complete compromise. We’ll explore how the absence of a mature NHI security program is your greatest ally in modern red teaming and real-world attacks.
We’ll dissect the inherent weaknesses stemming from the lack of focus on NHI security, directly mirroring the vulnerabilities highlighted in the OWASP Top 10 for Non-Human Identities (NHI:2025). Think about it: Improper Offboarding (NHI1) leaves dormant keys and tokens scattered like breadcrumbs. Secret Leakage (NHI2) in code, logs, and configurations is the low-hanging fruit you’ve been waiting for.
Overprivileged NHIs (NHI5) grant immediate god-like access, and Insecure Cloud Deployments (NHI6) expose sensitive credentials. The emergence of Agentic AI amplifies these opportunities exponentially. These autonomous systems, operating with increasing authority, rely entirely on NHIs. Compromise the AI agent’s underlying credentials, and you’ve effectively weaponized the AI itself.
10:00AM
TUESDAY
JULY 29th
with Michael Silva, Director of Solutions Engineering from Astrix
Abstract: The proliferation of non-human identities (NHIs) – APIs, service accounts, tokens, and the rapid emergence of Agentic AI, where autonomous systems operate with increasing authority – has introduced a vast and often underestimated attack surface.
This talk unveils the hidden dangers inherent in these programmatic access points and equips defenders with the knowledge and strategies to combat them, highlighting how securing NHIs is foundational to trusting your AI agents.
with Michael Silva, Director of Solutions Engineering from Astrix
Abstract: Need a break from keynotes and chaos? Join us for a laid-back session where you can relax, chat with fellow attendees, and build your very own infinity cube—LEGO-style.
No pitches. No pressure. Just hands-on creativity, casual vibes, and some light conversation around the weird and wonderful world of Non-Human Identities (NHIs). Whether you’re deep into IAM or just here for the bricks, you’re welcome.
by Andrew Gordon, Senior Solutions Engineer from Snyk
Abstract: The craft of software engineering, and thus the organizational risk that accompanies building applications, is always evolving. From mainframes to web and mobile, waterfall to agile, monoliths to microservices, bare-metal to DevOps and cloud, the past several years have seen massive disruptions to the ways software is developed, and the security tools and processes needed to manage emerging threats have often lagged behind.
We are now in the midst of another generational shift in the way applications are created; this time away from human-centered software development and toward a new world of machine-generated code, large language models, prompt engineering, and AI agents writing and managing software autonomously. This new landscape includes an entirely novel set of attack vectors that the application security practices of yesterday are not equipped to handle.
Just as the methodology of DevSecOps evolved to manage the new risks of DevOps-oriented software practice, a new framework is needed to identify, prioritize, remediate and manage the new classes of vulnerabilities being introduced rapidly into AI-native applications.
Join Snyk, the leader in Developer Security and AI Trust, as we…
with Matt Bianco from Netskope
Abstract: Sensitive data movement is often seen as a risk but restricting it outright can create operational and security challenges. In the era of AI, organisations need security frameworks that protect data while ensuring agility.
This session explores how modern security strategies enable secure data flows that defend against AI risk, adapt to real-time risk signals, and turn security into an enabler for innovation with AI.
Key Takeaways:
with Sean Trudeau, Partner Executive with IT Partners
Abstract: In today’s fast-paced digital economy, organizations are under constant pressure to innovate, secure their systems, and maintain operational efficiency. However, many IT departments are stretched thin due to a shortage of skilled professionals, increasing complexity of technology, and rising cybersecurity threats. Challenges such as vendor fatigue, technician inefficiency, underutilized talent, and budget constraints are slowing progress and increasing risk.
Co-managed IT services offer a powerful solution—enabling businesses to scale their IT capabilities, reduce internal strain, and accelerate digital transformation without compromising control or security.
with Mick Leach, Field CISO, Abnormal AI
Abstract: Email remains the most common entry point for cyberattacks—and today’s threat landscape has outpaced traditional defenses. In this compelling session, Abnormal AI Field CISO Mick Leach explores how attackers have evolved from generic phishing to highly targeted, AI-generated campaigns that easily bypass secure email gateways.
With insights drawn from real-world attacks and emerging threat trends, Mick will unpack:
Why traditional email security tools can no longer keep up
How attackers are leveraging automation and social engineering at scale
What modern organizations need to do differently to protect their people and data
Attendees will gain a clear understanding of the shifting email threat landscape—and walk away with strategic guidance on how to modernize defenses in a world where even a single email can lead to millions in losses.
A panel discussion led by Aaron Bregg including Zach Trank-Zelewicz, Lead Application Developer from Priority Health and Heath Taylor, Senior Data Engineer from Corewell Health.
Abstract: In the past, people associated the term “developer” with software, such as websites or mobile applications. Nowadays, a wide range of people are using R, Python, and other languages to create much more than traditional software. In this track, we will dive into broadening the role by changing from “software developer” to “developer”.
10:00AM
TUESDAY
JULY 29th
with Robert Anderson, Security Engineer from Check Point
Topic: Harmony SASE
Abstract: Lagging VPNs. Frustrated users. A tangled web of tools. If your current secure access solution is striking out, step up to the plate with Harmony SASE.
Robert Anderson—25-year security veteran and former Army Intel pro—will show how Check Point’s SASE platform brings 2x faster connections, full Zero Trust mesh, and smart SD-WAN into one clean, cloud-first package. No more trade-offs. Just security that wins the game.
with Tim Campbell, Security Engineer from Check Point
Topic: Harmony Email & Collaboration (HEC)
Abstract: Threats don’t wait for the second inning—most emails are opened in under 60 seconds. If your current solution reacts too late, it’s time for a new defense strategy.
In this session, Tim Campbell shows how Check Point’s Harmony Email & Collaboration (HEC) closes the gap between delivery and detection. Learn how a true last-layer solution stops advanced threats across email and SaaS tools before they land—keeping users safe and your team in control.
with Oak McCulloch, Retired Lieutenant Colonel, United States Army
Abstract: Retired Lieutenant Colonel Oakland McCulloch has 40 + years of leadership experience, in Combat, Peacekeeping Operations, Disaster Relief and in the Board Room.
His “Arm Yourself for Success” talk is based on his wealth of knowledge andlessons learned in coaching, teaching, and mentoring people during years as a leader. Oak highlights principles that will help you be a more successful person at work and in your personal life.
In this talk we will covers the following areas to help you reach your potential:
Learning Objectives
Learning Objective 1: The participant will be able to describe the importance of Critical Thinking.
Learning Objective 2: The participant will learn techniques to help in making better
decisions in their lives.
Learning Objective 3: The participant will learn techniques to help them set SMART
goals and ways to accomplish those goals.
Learning Objective 4: The participant will learn the importance of having a positive
attitude and techniques to help improve their attitude.
Learning Objective 5: The participant will learn techniques to help overcome fear so
they can become the best version of themselves.
Learning Objective 6: The participant will learn techniques to help them become one
of the best at whatever they choose to do.
with Steve Shelton from Green Shoe Consulting
Abstract: All Cybersecurity Professionals
This session empowers practitioners to take ownership of their mental energy and sustain peak performance in high-stakes environments. You’ll be introduced to a customizable Self-Resilience Check-In framework—three questions each morning and a deeper weekly audit—that links your energy levels to engagement, decision quality, and risk management.
Through a compelling case study, hands-on worksheet practice, and a toolkit of micro-interventions (from 5-minute walks to focused breathing), you’ll craft a personal daily and weekly habit plan designed to keep your “resilience tank” topped off.
with Steve Shelton from Green Shoe Consulting
Abstract: Cybersecurity Managers & Directors
In this hands-on session, leaders will explore the three pillars of intrinsic motivation—autonomy, competence, and relatedness—and learn how to embed them into daily team practices to boost engagement and performance. Through real-world examples and interactive role-plays, you’ll discover early warning signs of chronic distress, implement a simple “stress thermometer” for your team, and master a three-question check-in routine that sparks honest dialogue and timely support. Walk away with a week-long action plan that equips you to proactively fuel motivation and catch burnout before it takes hold.
with Yasser Fuentes, Principal Solutions Architect – Bitdefender
Abstract: In this presentation, Bitdefender will outline actionable strategies that you and your organization can implement to minimize your attack surface. Attendees will discover how our cutting-edge solution effectively connects risk identification with mitigation efforts by correlating user access to legitimate administrative tools.
Furthermore, we will explore how monitoring for misuse can help prevent the most prevalent data breaches we’ve investigated historically, empowering your company to strengthen its cybersecurity posture.
With Cody Steffens from Corewell Health
Abstract: Cody will share the story of how his team has moved from ad-hoc access requests to a more standardized, process driven approach, which has been oddly similar to ordering and making food at a restaurant.
with Leah Voigt, Chief Compliance and Privacy Officer and Cortney Schaffer, Directory, Information Security Governance, Risk, Compliance and Privacy & Deputy Chief Privacy Officer for Corewell Health
Abstract: Join us for an engaging and insightful panel discussion on the critical topics of privacy, risk, and governance in the rapidly evolving landscape of generative artificial intelligence (Gen AI). As Gen AI technologies continue to advance, the implications for personal privacy and information governance become increasingly complex and significant.
We will explore how AI can both protect and infringe on individual privacy, and the measures that can be implemented to ensure data is handled responsibly. Additionally, Leah and Cortney will delve into their organization’s risk-focused governance journey with a discussion on key internal partnerships, potential policy developments, and best practices for organizations to navigate risks of Gen AI.
We encourage you to bring your questions for what promises to be a lively and informative discussion. We look forward to seeing you there!
with Steve Shelton from Green Shoe Consulting
Abstract: We’ve mastered “never trust, always verify” for our systems—now let’s apply that same clarity to how we think, communicate, and collaborate. In this session, you’ll learn three universal mindset principles (perception, choice, and resilience) grounded in our State of Stress research, paired with three simple coaching rituals you can start today.
Through humor (including a “Byte Me” one-liner on digital trust) and a live improv exercise, you’ll walk away with practical steps to transform blame into curiosity, reinforce psychological safety, and unite security, network, and business teams under a shared commitment to both robust defenses and human well-being.
with Brian McKeiver, Co-Owner | Microsoft Azure MVP from BizStream
Abstract: Model Context Protocol (MCP) is quickly becoming the backbone for advanced AI ecosystems. The protocol enables context sharing, agent collaboration, and integration with large language models (LLMs).
In this session, we’ll dive into what MCP is, why it’s gaining traction, and how it addresses the growing complexity of AI workflows. You’ll learn how MCP standardizes communication between AI agents and tools. Whether you’re building AI products, integrating models, or curious about the future of AI this session is for you.
with Shane “The Sentinel” Harsch from SentinelOne
Abstract: What foundations need to exist for successfully automating your SOC? What skills would the team need to operate in that environment? What organizational support needs to exist in order to succeed in this transformation? Shane will discuss these questions and provide a guide for navigating their challenges.
with Jim Kuiphof from Corewell Health
Abstract: TBD
with Ben Corll, CISO in Residence from ZScaler
Abstract: Artificial Intelligence (AI) is revolutionizing security operations by enhancing efficiency, precision, and scalability in addressing today’s most complex cyber threats. As organizations increasingly adopt AI to bolster their cybersecurity frameworks, this session at CloudCon will delve into the transformative role of AI in modern security practices, with a special focus on real-time threat detection, rapid incident response, and predictive analytics.
Attendees will gain insights into how AI-driven tools empower organizations to detect vulnerabilities faster, identify anomalies, and proactively mitigate risks. The presentation will also address pressing challenges, such as ethical considerations, adversarial machine learning threats, and the critical importance of transparent governance and workforce readiness. Join us to explore how AI is reshaping the cybersecurity landscape, equipping organizations to confidently safeguard their digital and physical assets in an evolving threat environment.
with Jeremy Rogers from Acrisure
Abstract: Starting this track, we will cover some statistics on increased phishing and account takeover activity. Then, we will discuss why traditional multi-factor authentication methods are becoming less effective at preventing these attacks. In doing so, we will cover how token-based OIDC Authentication works and why it’s vulnerable to AITM Attacks. During this, I’ll demo an attack I conducted against my lab environment to compromise a Microsoft User Account.
with SafeSecurity
Abstract: TBD
with TBD
Abstract: TBD
with Clint Baker, Strategic Account Executive and Terry Olaes, Senior Solutions Engineer from AppOmni
Abstract:As organizations grow more reliant on SaaS, securing these environments requires more than point-in-time checks. This session explores how to build and operationalize a SaaS security program that delivers visibility, enforces policy, and reduces risk at scale.
Learn how to align security efforts with business goals, streamline response with existing tools, and establish a foundation for continuous protection across your SaaS ecosystem.
with Patrick Orzechowski (also known as “PO”), Field CISO from Torq
Abstract: Learn how Torq is reshaping the future of security operations by integrating autonomous, agentic, and agile technologies into its Hyperautomation Platform.
Through AI-powered agents, Torq Socrates are able to drastically reduce manual workload. Its agentic framework enables dynamic collaboration between specialized AI agents, ensuring rapid, accurate responses to complex threats.
This agile approach empowers security teams to scale efficiently, improve analyst productivity, and stay ahead of evolving cyber risks.
with Trevor Bidle from US Signal
Abstract: In today’s fast-paced digital world, where a single misstep can lead to significant repercussions, effective cyber risk management is essential. Join us as we explore acceptable risk, third-party risk, and risk avoidance strategies. This session will equip you with practical insights to navigate the evolving threat landscape and strengthen your organization’s security posture.
Abstract: Threat Intelligence is an overused and abused “lingo” like “AI”. Here we talk about the difference between signal intel and actionable intel. Walk up and swing hard on curating your own intelligence specific to your business and score a run through intel sharing and data-driven insights leading to better prioritization, understanding, and application of threats and threat detection.
with Justin Lentz from Solis Security
Abstract: EDR platforms promise deep visibility and rapid response across endpoints, but the evolving threat landscape and proliferation of cloud workloads have exposed their limitations. This talk takes a candid look at where EDR tools fall short—whether due to technical blind spots, attacker evasion, or organizational missteps.
Drawing on real incident response and threat hunting experience, we’ll map out the most common gaps, from cloud-native assets and ephemeral workloads to lateral movement and credential abuse. We’ll then equip attendees with actionable steps to spot EDR limitations in their own environment, layer additional controls, and, crucially, recognize the signals that mean it’s time to escalate and bring in outside expertise before minor incidents become major breaches.
with Ryan Doon, Sr. Director, Solution Engineering at Tanium
Abstract: What does the first internet multiplayer space battle game have to do with modern IT systems management and AI-enabled tooling? Find out in this entertaining story of video game history leading to cybersecurity innovation. Learn something from the past. Learning something for today.
with Clint Pollock, Principal Architect Solutions Engineering – Britive
Abstract: Cloud transformation has fractured the way identities are managed. Different tools govern humans, service accounts, DevOps pipelines, and SaaS tools. AI agents are adding even more complexity and security gaps.
This session explores how enterprises can reduce operational risk and complexity by managing all privileged access through a unified policy engine. We’ll examine how runtime access decisions, least-privilege enforcement, and zero standing privileges can be applied across identity types without slowing down cloud adoption.
with Glen Roebuck, Senior Solution Architect and Manny Liwang, Principal Security Engineer from Thales
Abstracts:
Implementing Zero Trust – Leveraging Key Management and Secrets Management for Security
We will be talking about zero trust and how you can get to a layered approach using tools and knowledge available today and understanding where to start.
The Hidden Threat in the Cloud: The Real Impact of Bots
Bots aren’t just annoying, they’re stealing millions. Credential stuffing, price scraping, and fake engagement distort analytics, drain budgets, and erode trust. Traditional tools fail because today’s bots learn, adapt, and disguise themselves as human users. Winning requires AI that spots micro-behaviors, dynamic rate limiting, and deep fingerprinting. See real-world cases where businesses lost millions and how they fought back with next-gen bot mitigation.
with Bob Rabbitt from Concentric AI
Abstract: Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode.
Attend our session to learn
With the right strategy and technology, you can transform your data from a liability to a well-managed asset.
with Brett Sommers, Director of Products, GRC at Onspring
Abstract: Join Brett Sommers, Director of GRC Products at Onspring along with local Cyber executives Jeromy Butts (LMCU) Jorel VanOs (Acrisure) and Jim Kuiphof (Corewell Health) for a practical discussion on dismantling GRC silos to foster a more resilient and agile organization. This conversation will explore the real-world challenges of departmental divides, from inconsistent data and reporting breakdowns to cultural resistance and the “that’s not my problem” mentality.
Attendees will learn actionable strategies to initiate change without “boiling the ocean,” focusing on starting small, building consensus, and standardizing risk language across the enterprise. The chat will highlight the importance of executive buy-in and finding internal champions to drive cultural shifts. Discover what the “promised land” of integrated GRC looks like: a state where risk management is no longer a roadblock but a strategic business enabler, allowing leaders to make faster, more informed decisions with confidence.
Leave with a single, powerful piece of advice to begin your journey toward a unified GRC framework tomorrow.
Reserve your 45 minute time slot in the ExpoPass app.
We know that there’s still work to be done, meetings to be had and hey, sometimes we all just need to get away for a few. You can reserve this Luxury suite for any 45 minute session during the event. You must reserve them in the ExpoPass app
with Yaniv Miron from Proofpoint
Abstract: As the security landscape continues to evolve, actors progressively look for ways to bypass enterprise defenses by directly compromising end-user accounts. Protecting these users is fundamental to a human-centric security posture. Join Proofpoint’s cloud threat research team as they walk through the stages of attacks centered on account takeover (ATO), from initial access through persistence.
with Mike Janson, Channel Sales Engineer, Object First
Abstract: In today’s threat landscape, backup infrastructure has become a primary target for ransomware and insider threats. This session explores how modern security-first backup appliances deliver unmatched data protection by bringing security to the forefront of on-premise backup architecture.
Attendees will learn how next-generation backup solutions enforce out-of-the-box immutability, eliminate root-level access vulnerabilities, and incorporate third-party verified Zero Trust principles without requiring deep security expertise or complex configurations. We’ll examine the critical importance of immutable storage, air-gapped architectures, and hardened operating systems in creating resilient backup environments that can withstand sophisticated attacks.
The technical discussion will cover deep integration capabilities with modern backup platforms through advanced APIs, demonstrating how security-focused appliances can scale linearly to meet enterprise-level demands while maintaining security boundaries and delivering high-performance data protection.
Key topics include implementing Zero Trust principles in backup infrastructure, hardware-level security features, network segmentation strategies, automated threat detection, and scalability considerations for enterprise and service provider environments.
Whether you’re an MSP, enterprise IT leader, or backup architect, this session will demonstrate how to radically simplify your on-premise data protection while strengthening your defense posture with verifiable, resilient storage solutions.
The session will conclude with a detailed examination of Object First’s Ootbi appliance and its integration with Veeam environments, including practical implementation of the Smart Object Storage API (SOS API) and real-world deployment scenarios supporting up to 1.7PB per cluster with ingest speeds of up to 8 GB/s.
with Joanna Udo from Corewell Health
Abstract: Digital Employee Experience (DEX) is no longer just a “nice-to-have” — it’s a powerful lever for securing data, reducing waste, and delivering measurable value across the enterprise.
In this session, Joanna Udo — unpacks how poor Digital Employee Experience leads to real-world consequences:
• Shadow IT and security vulnerabilities
• Wasted spend from low device utilization
• Lost productivity and user burnout
• A broken trust cycle between users and IT
Drawing from real enterprise use cases, Joanna shows how a strategic DEX program improves compliance, reduces costs, and builds tech ecosystems employees actually want to use — not work around.
Whether you manage infrastructure, security, support, or experience — this talk will challenge your team to stop measuring uptime and start measuring impact.
with Retired Lieutenant Colonel (US Army) Oakland McCulloch
Abstract: Retired Lieutenant Colonel Oakland McCulloch has 40 + years of leadership experience, in Combat, Peacekeeping Operations, Disaster Relief and in the Boardroom. His “Building Effective and Efficient Teams” talk, and book, is based on his wealth of knowledge and lessons learned during his career as a leader. Oak highlights team building principles that will allow leaders in any profession or at any level can use to build effective and efficient teams in their organization. There is NO discussion of theory in this talk. We will discuss what every leader can do every day to improve their teams effectiveness and efficiency.
In this talk we will cover the following topics for leaders:
with David Gwizdala, Sr. Sales Engineer, Ping Identity
Abstract: New account fraud and account takeover are persistent problems for CIOs and CISOs because fraudsters are constantly evolving their tactics, requiring security teams to adapt rapidly while maintaining user-friendly experiences.
The cost of fraud is high. The fear of data breaches and the potential financial and reputational damage they cause keep CIOs and CISOs awake at night, as does the pressure to balance stringent security measures with smooth customer experiences.
CIOs and CISOs might cite budget constraints, legacy infrastructure complexities, and the potential for negative customer experience impacts as reasons for not fully achieving fraud prevention initiatives. This highlights the tension between security needs and organizational priorities.
Key Takeaways –
At this session we will review how you can differentiate genuine users from potential fraudsters and prevent account takeover attempts while minimizing friction for legitimate users by:
with Craig Pfister from Kiteworks
Abstract: Kiteworks explores the evolution, impact, and security implications of artificial intelligence (AI), with a focus on safeguarding data privacy and intellectual property (IP) in enterprise environments. Tracing AI’s development from its inception in the 1950s to the present-day proliferation of large language models (LLMs), it highlights key technological milestones, including the rise of machine learning, deep learning, and the explosion of unstructured data.