Ransomware in 2025: How Cybercriminals Operate & How to Stop Them – WC #1
- - What ransomware looks like today
- - Ransomware-as-a-service explained
- - How attackers set ransom prices
- - How attacks actually happen
- - Real-world tactics & marketplaces
- - How to prevent ransomware
- - Incident response best practices
Data Privacy for CISOs: How to Build a Privacy-First Security Strategy (2025 Guide) – WC #1
- - Introduction & Webinar Overview
- - About Cyber Risk Collaborative & CISO Toolkits
- - Meet the Expert Panel
- - Why Data Privacy Matters Today
- - Core Principles of Privacy-First Strategy
- - Data Inventory & Asset Mapping Challenges
- - Privacy by Design & Real-World Risks
- - Role of CISOs & Executive Leadership
- - Global Privacy Regulations Explained
- - Why You Should NOT Default to Strictest Compliance
- - AI, Vendor Risk & Privacy Concerns
- - AI Data Risks & Security Pitfalls
- - Tools & Technologies for Privacy Programs
- - Frameworks, Training & Practical Implementation
- - Data Retention vs Data Destruction
- - Archiving Strategies & Industry Challenges
- - Budget Constraints & Building a Program
- - Basic Security Controls That Prevent Breaches
- - Working with Legal & Compliance Teams
- - AI-Generated Data & Classification
- - Privacy Policies & Documentation Best Practices
- - Building Privacy Programs on a Budget
- - Key Takeaways & Final Thoughts
AI in Security Operations: How to Automate Your SOC & Stop Threats Faster – WC #1
- - Introduction & Webinar Overview
- - What AI Really Means in Cybersecurity
- - Machine Learning vs Generative AI in Security
- - Why Humans Still Matter in SOCs
- - AI in Security Workflows Explained
- - The Problem with Traditional SIEM & SOC Tools
- - Rethinking Detection Engineering
- - Platform vs “A La Carte” Security Tools
- - What is Cortex XSIAM? (Full Breakdown)
- - AI vs Automation: What Actually Matters
- - Why Automation is Now a MUST-Have
- - Challenges Managing Security Tools & Data
- - How AI Helps SOC Efficiency & Parsing Data
- - Practical AI Use Cases in Security Teams
- - How to Start Implementing AI in SOCs
- - Why Security Teams Need Practice & Simulation
- - Hackathons & Improving SOC Efficiency
- - Why Most Breaches Are Process Failures
- - Alert Fatigue: Red Flags vs Yellow Flags
- - Best SOC Use Cases for AI
- - Visibility Gaps & Using AI to Solve Them
- - Ensuring AI Helps (Not Replaces) Humans
- - Avoiding “Busy Work” in Security
- - Final Q&A & Key Takeaways
Generative AI & Cybersecurity: Risks, Ethics, and Governance Every CISO Must Know – WC #1
- - Introduction & Webinar Overview
- - What is Generative AI in Cybersecurity?
- - Meet the Expert Panel
- - Why AI Adoption is Accelerating So Fast
- - The “Nuclear Power Plant” Analogy for AI Risk
- - Why AI Governance is So Difficult
- - AI Frameworks & Compliance Explained
- - How CISOs Can Keep Up with AI
- - AI-Powered Cyber Threats Explained
- - Deepfakes & Real-World Attack Examples
- - Using Business Impact Analysis for AI Risk
- - Governance Strategies for AI Security
- - Enabling AI Innovation Safely
- - Key Metrics CISOs Should Track
- - Will AI Take Your Job?
- - AI: Benefit or Threat to Society?
- - Will AI Surpass Human Intelligence?
- - How AI is Improving Security Operations
- - Final Takeaways & Expert Advice
Microsoft Copilot Security Risks: How to Fix Data Oversharing with AI Governance – WC #1
- - Introduction & Webinar Overview
- - Why Enterprise Data is the New Battleground
- - Copilot & the “Flattening” of Knowledge
- - The Challenge of Data Access vs Security
- - Data Privacy, Compliance & Real Risks
- - “Data Chemistry” & Hidden AI Insights
- - Why Data is Like Uranium (High Risk, High Value)
- - The Copilot Oversharing Problem Explained
- - How AI Exposes Hidden Enterprise Risks
- - Limitations of Traditional Data Controls
- - Need-to-Know Access in the AI Era
- - Why Data Classification is Broken
- - Dynamic Access & Changing Business Context
- - Real-World Enterprise Use Cases
- - AI as a Business Enabler (Not a Blocker)
- - “Department of NO” vs “Department of KNOW”
- - AI, Automation & Security Value
- - Final Takeaways & Key Insights
Incident Response Tabletop Exercises: How CISOs Build Cyber Resilience Before Breach – WC #1
- - Introduction & Webinar Overview
- - What is a Tabletop Exercise?
- - Meet the Expert Panel
- - Why Tabletop Exercises Matter for CISOs
- - Prevention vs Resilience in Cybersecurity
- - Real Incident Failures & Lessons Learned
- - Why Simulation is Critical for Crisis Response
- - Minimizing Business Impact During Incidents
- - Communication Risks & Public Response
- - Who Should Be Involved in Tabletop Exercises?
- - Building an Effective Incident Response Team
- - Leadership vs Technical Roles in a Crisis
- - Common Mistakes in Incident Response
- - Metrics That Actually Matter in Tabletops
- - The Role of the Incident Commander
- - Post-Tabletop Review & Lessons Learned
- - Improving Processes & Decision-Making
- - How to Get Started with Tabletop Exercises
- - Final Takeaways & Expert Advice
Cyber Insurance Explained: What CISOs MUST Know Before a Breach – WC #1
- - Introduction & Webinar Overview
- - What is Cyber Insurance?
- - Meet the Expert Panel
- - Cyber Insurance Market Growth Explained
- - Why Cyber Insurance Matters for Businesses
- - Common Misconceptions About Coverage
- - What Cyber Insurance Does (and Doesn’t) Cover
- - Why Policies Often Fail During Claims
- - Key Security Requirements (MFA, Controls, etc.)
- - How to Align Security with Insurance Policies
- - Working Across Teams (Legal, Risk, Finance)
- - Understanding Policy Gaps & Exclusions
- - How Insurers Evaluate Your Security Posture
- - Metrics for Measuring Cyber Risk
- - How Much Cyber Insurance Do You Need?
- - AI, Emerging Threats & Insurance Impact
- - Common Reasons Claims Get Denied
- - Third-Party Risk & Vendor Requirements
- - Real-World Lessons & Case Scenarios
- - Final Takeaways & Expert Advice
Attack Surface Management Explained: Why You Don’t Know What You Own – WC #1
- - Introduction: The Attack Surface Problem
- - Why Attack Surface Exploded Post-Pandemic
- - Everything is an Attack Surface (Not Just Devices)
- - The Visibility Problem (You Can’t Secure What You Can’t See)
- - Unknown Assets: The Biggest Risk
- - How to Justify Budget for “Unknown” Risk
- - Asset Inventory is the Foundation
- - Prioritization: What Actually Matters
- - Crown Jewels vs Everything Else
- - Winning Buy-In Across Teams
- - Rogue Systems & Shadow IT
- - Detecting Unauthorized Assets
- - Identity as Attack Surface (Critical Insight)
- - Data-Centric Security Approach
- - Vulnerabilities vs Exposures (Key Shift)
- - How to Reduce 100K Vulns to What Matters
- - Third-Party & SaaS Risk Challenges
- - Where Attack Surface Management is Going
- - First Steps to Get Started
- - Final Takeaways
AI Governance Explained: How to Secure Data, Control Risk & Stay Compliant – WC #1
- - Introduction & AI Governance Overview
- - What is AI Governance?
- - Why AI Adoption is Outpacing Security
- - “Data is the New Uranium” Explained
- - Why Data Governance is Critical for AI
- - Discovery & Classification of Sensitive Data
- - Risks of Feeding AI the Wrong Data
- - Shadow AI & Enterprise Visibility Challenges
- - AI Tools vs Internal AI Systems
- - Real-World Data Exposure Examples
- - AI Regulations (GDPR, EU AI Act, NIST)
- - AI Compliance & Risk Frameworks
- - Building an AI Usage Policy
- - Employee Risk & Data Leakage via AI
- - Internal AI vs Public AI Tools
- - Data Governance at Scale (Enterprise Example)
- - Data Catalogs & Data Visibility Explained
- - AI + Data = Hidden Risk Multipliers
- - Who Owns AI Governance? (Security vs Data vs Legal)
- - AI Governance Challenges Across Organizations
- - Future of AI Governance & Regulation
- - Final Takeaways & Key Lessons
Mainframe Security Gaps: Why Your IAM Strategy is Failing (And How to Fix It) – WC #1
- - Introduction & Topic Overview
- - Mainframe Security Today Explained
- - IAM Blind Spots in Mainframes
- - Why Mainframes Are Still Critical (90% of Transactions)
- - Siloed IAM: Enterprise vs Mainframe
- - Real-World Access Control Failures
- - Regulatory Pressure (PCI DSS, MFA, DORA)
- - Why MFA is Now Mandatory
- - Why Mainframes Are Falling Behind Security
- - Security by Obscurity is Dead
- - Bridging Enterprise IAM with Mainframes
- - Zero Trust & Mainframe Access
- - Credential Theft & Insider Risk
- - Limiting Access & User Capabilities
- - Observability & Detecting Threats
- - Modernizing Mainframe Security (Without Disruption)
- - How MFA & SSO Work with Mainframes
- - Real Enterprise Use Cases
- - Challenges of Legacy Systems
- - Final Takeaways & Key Insights
Wireless Attacks on AI Data Centers: The Hidden Threat No One Is Watching – WC #1
- - Introduction & Topic Overview
- - What is an AI Data Center?
- - Why AI Infrastructure is a Target
- - The Value of AI Data (Crown Jewels)
- - Why Wireless Attacks Are Rising
- - Drone-Based Wireless Attacks Explained
- - Hidden Wireless Devices in Data Centers
- - IoT, Bluetooth & Rogue Access Points
- - Multi-Protocol Devices (WiFi, Zigbee, Cellular)
- - Real-World Attack Scenarios
- - Why Security Teams Miss Wireless Threats
- - The “You Have Wireless You Don’t Know About” Reality
- - Data Exfiltration via Hotspots & Cellular
- - AI-Powered Attacks & Automation
- - Human Risk & Insider Threats
- - Why Traditional Security Fails Here
- - Zero Trust & Segmentation Strategies
- - Monitoring & Detection Gaps
- - Best Practices for Wireless Security
- - Final Takeaways & Future Threats
Why One-Size-Fits-All Security Fails (And How to Reduce Your Attack Surface) – WC #1
- - Introduction & Topic Overview
- - Why One-Size-Fits-All Security Fails
- - Bitdefender’s Approach to Security Evolution
- - Detection vs Prevention: The Shift Back
- - How Attackers Exploit Legitimate Tools
- - Alert Fatigue & Resource Constraints
- - The Problem with Static Security Policies
- - What is Attack Surface Reduction?
- - Introducing Proactive Hardening (Phaser)
- - Individualized Security Policies Explained
- - Real-World Example: Blocking Lateral Movement
- - Living-off-the-Land Attacks (PowerShell, BitsAdmin)
- - Reducing Risk Without Adding Complexity
- - ROI: Making Existing Security Tools Better
- - Security Team Burnout & Operational Challenges
- - Why Prevention Improves Security Outcomes
- - AI, Automation & Future Security Risks
- - Final Takeaways & Key Insights
Info Stealer Malware Explained: How Hackers Steal Your Data & Bypass MFA – WC #1
- - Introduction & Webinar Overview
- - What is Threat Intelligence Today?
- - How Cybercriminal Ecosystems Work
- - What Are Info Stealers? (Simple Explanation)
- - From Banking Trojans to Info Stealers
- - Why Attackers Shifted Away from Credit Cards
- - How Info Stealers Actually Work
- - Session Hijacking & MFA Bypass Explained
- - The Rise of Cybercrime-as-a-Service
- - Initial Access Brokers & Attack Chains
- - How Credentials Are Sold on Dark Markets
- - RedLine, Luma & Top Info Stealer Malware
- - Why Malware Gets Shut Down (and Comes Back)
- - Common Infection Methods (Phishing, Cracked Software)
- - Vulnerabilities vs Phishing: What’s Growing Faster?
- - Supply Chain & Third-Party Risk
- - Real-World Attack Examples
- - How to Defend Against Info Stealers
- - Final Takeaways & Key Insights
AI-Generated Code Security Risks: Why “Vibe Coding” Can Break Your App – WC #1
- - Introduction & AI Code Security Overview
- - What is “Vibe Coding”?
- - AI vs Human Coding Errors
- - Real-World Vibe Coding Security Failure
- - API Key Leaks & Common Vulnerabilities
- - OWASP Top 10 vs AI-Specific Risks
- - New AI Attack Vectors (Prompt Injection, Slop Squatting)
- - Hallucinations & Misinformation Risks
- - Supply Chain Attacks in AI Code
- - AI “Gaslighting” Developers Explained
- - Context Windows & AI Limitations
- - Secure Coding Pipelines & Guardrails
- - Prompt Engineering for Security
- - AI Code Reviews vs Human Reviews
- - Developer Skill Gaps & AI Overreliance
- - Shadow AI & Enterprise Risk
- - Security Metrics for AI-Generated Code
- - Best Use Cases for AI in Development
- - Final Takeaways & Security Best Practices
AI Identity Security: The Hidden Risks of Non-Human Identities & Agents – WC #1
- - Introduction & Identity Security Overview
- - Identity is the New Perimeter
- - SaaS Explosion & Identity Sprawl
- - Shadow IT & Unmanaged Applications
- - AI Agents & Non-Human Identities Explained
- - New Attack Vectors with AI Agents
- - How Attackers Use AI Inside Your Environment
- - Identity-Based Attacks & Credential Abuse
- - AI Agents Acting on Your Behalf (Risk Explained)
- - Authentication Challenges (Human vs AI)
- - Deepfakes, Biometrics & Identity Risks
- - Visibility: The #1 Security Gap
- - AI Governance: Purpose, Risk & Controls
- - Securing AI Agents (Access, Ownership, Audit Trails)
- - MCP Servers & AI Infrastructure Explained
- - AI Security Posture Management Demo
- - Managing AI Identities & Access Chains
- - Real-World Use Cases & Benefits of AI in Security
- - Final Takeaways & Future of Identity Security
Browser Security Explained: How Attackers Steal Sessions, Bypass MFA & Phish Users – WC #1
- - Introduction & Why Browser Security Matters
- - What Push Security Does in the Browser
- - Why the Browser Is a Major Attack Target
- - Why Traditional Security Tools Miss Browser Threats
- - Research-Led Security & Attacker Tradecraft
- - Session Hijacking & Stolen Browser Sessions
- - OAuth Abuse & Post-Authentication Risk
- - MFA Downgrade Attacks Explained
- - ClickFix & FileFix Attacks
- - Browser-Based Phishing Outside Email
- - Real-Time Detection & Browser Intervention
- - Protecting Passwords in the Browser
- - Fish Kits, Evilginx & Credential Harvesting
- - Password Managers, Autofill & Risk
- - Browser Coverage, Platforms & Extension Controls
- - Passkeys, SaaS Sprawl & Identity Gaps
- - Product Direction & Future of Browser Security
- - Final Takeaways
AI Code Security: Why AppSec Must Evolve for the Era of AI-Generated Code – WC #1
- - Introduction & Why AI Changes AppSec
- - Why Developers Are Already Overwhelmed
- - How AI Coding Assistants Multiply Risk
- - More Code, More Pull Requests, More Findings
- - Trust, Provenance & AI-Generated Code
- - Why Traditional AppSec Workflows Break
- - The Need for a New AppSec Model
- - AI Risk vs Business Pressure to Ship Faster
- - Why “Scan More” Won’t Solve This
- - Context Matters More Than Code Alone
- - How AI Can Help with Threat Modeling
- - Guardrails, ASPM & IDE-Native Security
- - The Rise of Contextual Security Engineering
- - Secure-by-Design in the AI Era
- - Why Developer Experience Matters
- - Reducing Noise & Building Developer Trust
- - AI for Autofix, Review & Risk Reduction
- - Measuring Success: Fewer Findings, Better Outcomes
- - What CISOs Should Expect Next
- - The Future of AppSec with AI
- - Final Takeaways
Threat Intel & Security Awareness: How to Build a Proactive Cybersecurity Culture – WC #1
- - Introduction: Cybersecurity Awareness Month
- - Why Awareness Alone Isn’t Enough
- - Role of Threat Intelligence in Security
- - Detection, Prevention & Prioritization
- - The 3 Types of Threat Intelligence
- - Using Threat Intel in Awareness Training
- - Why Employees Don’t Retain Training
- - Real-World Phishing & Seasonal Attacks
- - Internal Threat Intelligence Goldmines
- - Turning Incident Data into Insight
- - Challenges Operationalizing Threat Intel
- - Strategic vs Tactical Intelligence
- - Noise, False Positives & Trust Issues
- - Making Non-Technical Staff Care
- - Real-World Security Blind Spots
- - KPIs That Actually Matter
- - Preventing Awareness Fatigue
- - Biggest Misconceptions About Threat Intel
- - Low-Cost Ways to Start Today
- - Key Takeaways & Final Advice
Vulnerability Management is Broken: How to Reduce Risk (Not Just CVEs) in Containers – WC #1
- - Introduction & Topic: Risk vs CVEs
- - Why Vulnerability Volume Is Exploding
- - Containers vs Traditional Patching
- - Dev vs Security Friction Explained
- - Why Only 10% of Vulnerabilities Get Fixed
- - Prioritization, Exploitability & Reality
- - Why CVSS Alone Isn’t Enough
- - The Problem with “Noise” in Security
- - Rethinking Vulnerability Management
- - Minimus Approach: Minimal Containers
- - Reducing Attack Surface at the Source
- - Mean Time to CVE Explained
- - Why Less Software = Less Risk
- - Developer Experience & Better Signal
- - Real Example: Faster Patch Turnaround
- - Hardening vs Reduction Explained
- - Why Old Vulnerabilities Keep Reappearing
- - Dependency Hell & Supply Chain Risk
- - How Adoption Actually Works
- - Security + Dev Collaboration Model
- - Key Takeaways & Final Thoughts
AI is Writing Your Code… And It’s Insecure | The New AppSec Reality – WC #1
- - Introduction: AppSec Meets AI
- - AI is Now Writing Code—What Changes?
- - Faster Development, Bigger Risks
- - Why AI Generates Insecure Code
- - The “Volume Problem” in Security
- - Hallucinations & Slop Squatting
- - Prompt Injection Explained (Real Attacks)
- - Camel Leak: Hidden Instructions in Code
- - AI Agents as Security Risks
- - Data Exfiltration via AI Tools
- - MCPs: The New Attack Surface
- - Why AI is Like a Phishable Employee
- - Losing Understanding of Code
- - Can AI Be Trusted in Security?
- - Using AI for AppSec (The Right Way)
- - Governance: The Missing Layer
- - Traditional Controls Still Matter
- - “Just Add: Make It Secure” (Seriously)
- - Prompt Engineering as a Security Control
- - Monitoring & AI Guardrails
- - The Future of Secure AI Development
- - Key Takeaways & Final Advice
Vulnerability Management is Broken (Here’s How to Fix It) – WC #1
Most vulnerability management programs are overwhelmed with noise and still missing the real risks. Learn why traditional scanning fails, what actually gets exploited, and how to prioritize what matters.
Thank you to our sponsor for this webcast, runZero!
Stop chasing thousands of vulnerabilities, start fixing the ones that actually get exploited. Learn how at https://scworld.com/webcasts
- - Introduction: Why Vulnerability Management is Broken
- - What “Vulnerability Management” Really Means Today
- - CVEs vs Real-World Risk (Huge Gap)
- - Why Most Vulnerabilities Don’t Matter
- - EPSS, CVSS, and Broken Prioritization
- - The First Scan Problem (Millions of Findings)
- - Why Your Scanner is Missing Half Your Environment
- - Auth Failures = Your Biggest Risk
- - Default Credentials & “Invisible” Vulnerabilities
- - Why Pentests and Scanners Don’t Overlap
- - How Attackers Actually Get In
- - Only a Few CVEs Actually Matter
- - The “Too Much Data” Problem
- - Risk-Based Vulnerability Management (Flaws)
- - Asset Visibility is Everything
- - Finding Unknown Assets (Real Techniques)
- - External Attack Surface vs Internal Reality
- - Intel-Driven vs Scan-Driven Security
- - Rapid Response vs Traditional Scanning
- - How to Tell If Your Program is Broken
- - Final Takeaways: What Actually Works
SSH Keys Are a Silent Security Risk: The Machine Identity Crisis Explained – WC #1
SSH keys and machine identities are everywhere, and almost completely unmanaged. Learn how attackers exploit key sprawl, why visibility is broken, and how to move toward zero trust with ephemeral access.
Thank you to our sponsor for this webcast, SSH Communication Security!
If you can’t see your machine identities, attackers can. Learn how to fix it at https://scworld.com/webcasts
- - Introduction: The Hidden Risk of SSH Keys
- - What Are Machine Identities?
- - Why Machine Identities Outnumber Humans 100:1
- - SSH Keys: From Convenience to Security Risk
- - Key Sprawl & Lack of Visibility
- - How Attackers Exploit SSH Keys
- - Info Stealers & Lateral Movement
- - Why SSH Keys Bypass Traditional Security
- - The Audit Problem: Failing Without Knowing Why
- - Shadow Access: Keys Outside Identity Systems
- - Why Identity Teams Miss Machine Identities
- - Zero Trust for Machines (Not Just Humans)
- - Certificates vs SSH Keys (Big Shift)
- - Just-in-Time Access Explained
- - Real-World Risk: Outages & Breaches
- - Compliance Pressure (PCI, SOC2, HIPAA)
- - Discovery: Finding Keys Across Your Environment
- - Key Features to Look For in Solutions
- - KPIs: How to Measure Improvement
- - First Steps to Fix the Problem
- - Final Takeaways
Rethinking Email Security in the AI Era How Modern Phishing Bypasses Traditional SEGs – WC #1
- - Intro
- - Evolution of email threats
- - AI-powered phishing
- - Why traditional SEGs fail
- - Behavioral AI explained
- - Operational benefits
- - Collaboration app threats
- - What buyers should look for
Shadow AI Risks Explained: Securing AI Agents, MCP & Enterprise Data – WC #1
CyberSecurity #AI #ShadowAI #CISO #SecurityOperations #LLM #MCP #PromptInjection #SIEM #SumoLogic
- - Introduction
- - What Is Shadow AI?
- - AI Agents & Security Risks
- - AI Threat Landscape
- - AI Visibility & Logging
- - AI Security Frameworks
- - Enterprise AI Governance
- - AI Data Leakage Risks
- - Best Practices for CISOs
ID Dataweb Panelcast – WC #1
Securing AI Agents & Non-Human Identities | The Next IAM Challenge – WC #1
Cybersecurity #AI #IdentitySecurity #ZeroTrust #IAM #AIAgents #NonHumanIdentities
- - Intro
- - What Are Non-Human Identities?
- - Why NHIs Are Exploding
- - AI Agents: Asset or Liability?
- - Just-in-Time Access for AI
- - NHIs and Zero Trust
- - Where CISOs Should Start
- - Lightning Round
- - Explaining AI Identity Risk to Boards
- - Final Advice for Security Leaders
Autonomous IT & AI Automation: How to Build Trust at Enterprise Scale – WC #1
Cybersecurity #AI #Automation #ITOperations #Tanium #AutonomousIT #PatchManagement #EnterpriseSecurity #EndpointManagement
- - Intro
- - Why Enterprise Automation Stalls
- - AI vs Traditional Automation
- - Real-Time Visibility & Patch Management
- - IT and Security Team Alignment
- - Building Confidence in Automation
- - Rollback & Guardrails
- - AI-Generated Playbooks
- - Continuous Compliance Automation
- - Where Enterprises Should Start
AI in Network Security: Solving Alert Fatigue or Creating New Risks? – Mandy Logan – WC #1
- - Introduction: AI in Network Security
- - Pre-AI Challenges: Skills Gap & Talent Shortage
- - Alert Fatigue & False Positives Problem
- - Dwell Time & Detection Delays
- - What AI Actually Improves Today
- - Reducing False Positives (70–80%)
- - AI for Alert Triage & SOC Efficiency
- - AI vs Attackers: Faster Threat Evolution
- - The “Unknown Behavior” Problem
- - AI Blind Spots & Explainability Gap
- - Using AI to Defend Against AI
- - AI as a Security Identity (New Risk Model)
- - Agentic AI & Autonomous Decisions
- - Overreliance on AI (Skills Degradation)
- - Practical Strategies for Secure AI Use
- - AI Governance & Cross-Functional Security
- - SMB Risk: Why Everyone Is a Target Now
- - Building Resilience Against AI Attacks
- - Key Takeaways & Final Thoughts
Advanced, multi-faceted professional with background in SWPP, construction management, functional architect/engineer to field liaison ship, commercial design, and marketing/business development. Re-entering world following fantastic recovery from intense injuries. Using experience and drive to focus on data science, tech development for non-verbal autistics, biohacking and building up the information security community. I’m a fighter, a comic, and a re-abled person through and through, with desire for positive change everywhere I go.
Cybersecurity Trends for 2026: AI Hype, Exposure Management & Resilience – WC #1
- - Intro & Favorite Concerts
- - AI Hype vs Reality
- - Agentic AI in Security
- - Shift Left & Security Champions
- - Exposure Management Explained
- - Most Underrated Security Trends
- - 2026 Security Priorities
- - What Vendors Are Missing
SOC Communication Failures: Why SIEM Projects Break Down | Sumo Logic – WC #1
- - Intro
- - Why SIEM Deployments Fail
- - SOC Burnout vs Alert Fatigue
- - AI for Detection Engineering
- - Why Most AI Security Tools Disappoint
- - SIEM Evaluation Best Practices
- - Improving SOC Communication
- - Final Advice for Security Teams
Agentic AI, Identity Security & Trust: Managing Human and AI Risk – WC #1
- Identity as the new security perimeter
- Generative AI vs. Agentic AI explained
- Managing non-human identities (NHIs) at scale
- Synthetic identity risks and fraud detection
- Human-in-the-loop security controls
- AI-driven threat detection and remediation
- Trust, verification, and autonomous security operations
- NIST, OWASP, and Cloud Security Alliance guidance for AI security
- - Introduction
- - Is Identity Still the Security Perimeter?
- - Generative AI vs Agentic AI
- - Securing AI Identities and Data Access
- - Can Agentic AI Make Unauthorized Decisions?
- - Non-Human Identities and Synthetic Identities
- - Trust But Verify: Managing AI Agents
- - AI for Threat Detection and Defense
- - Future of AI Security
- - AI Security Frameworks: NIST, OWASP & CSA
Why Trust & Data Integrity Are Critical for AI in Government | CISA Insights – WC #1
- - Introduction
- - The Trust Deficit in AI
- - Building AI Resilience
- - Data Integration & Replication
- - CISA's AI Governance Framework
- - Breaking Down Data Silos
- - Monitoring AI Systems
- - Detecting AI Manipulation
- - AI Readiness & Data Foundations
- - Auditing AI Systems
- - Key Takeaways
AI Accelerated DevSecOps: Building AI Trust Without Slowing Innovation – WC #1
- - Introduction
- - The AI Revolution in Software Development
- - Why Traditional DevSecOps Isn't Enough
- - AI Trust and Modern AppSec
- - The Evolution of Developer Roles
- - AI-Accelerated DevSecOps Framework
- - Fact Engine, Flow Engine & Threat Engine
- - Future of AI-Powered Security
- - Key Takeaways
CISO Stories: Protecting Application User Data – WC #1
How Cortex XDR & Unit 42 MDR Stop Modern Cyberattacks Faster – WC #1
- - Introduction
- - Unit 42 Threat Report Highlights
- - Why Traditional SOCs Are Struggling
- - What Is Cortex XDR?
- - How Unit 42 MDR Works
- - Correlating Threat Data Across Systems
- - Real-World Threat Hunting Examples
- - Reducing Alert Fatigue
- - Green Bay Packers Case Study
- - Key Takeaways for CISOs
- - Managed XSIAM Explained
- - Final Thoughts
Mainframe Security & Compliance: MFA, PCI DSS & Regulatory Readiness – WC #1
- PCI DSS, HIPAA, DORA, NYDFS and emerging regulations
- Multi-factor authentication (MFA) for mainframes
- Passwordless authentication and single sign-on (SSO)
- Protecting PII and sensitive data
- Data masking and encryption strategies
- Mainframe modernization without disruption
- Security challenges in legacy and hybrid environments
- IAM integration and compliance readiness
- - Introduction
- - Key Security Regulations Impacting Mainframes
- - What Data Lives on Mainframes?
- - Passwordless Authentication & MFA
- - Compliance Challenges & Compensating Controls
- - Protecting PII & Sensitive Data
- - Modernizing Mainframe Security
- - Recommendations for Security Teams
- - Final Takeaways
Cyberhaven Panelcast – WC #1
- Next-generation DSPM vs. traditional DSPM
- Data lineage, provenance, and AI-powered classification
- Securing data in motion and at rest
- Reducing false positives in data security programs
- Managing data sprawl across cloud and endpoints
- Protecting sensitive information from AI-related risks
- Building an effective data security strategy for the AI era
- - Introduction
- - How Generative AI Changed Data Security
- - Evolution from Legacy DLP to Next-Gen DSPM
- - Data Classification, Context & Lineage
- - Managing Data Sprawl and Risk
- - Reducing False Positives with AI
- - Natural Language Security Policies
- - Real-Time Data Discovery
- - Measuring Data Security Success
- - Building a Modern Data Security Program
- - Final Thoughts
Exposure Management Explained: Reduce Risk with Attack Path Analysis – WC #1
- - Introduction
- - What Is Exposure Management?
- - Beyond Traditional Vulnerability Management
- - Connecting Internal and External Attack Surfaces
- - Automated Remediation and AI
- - Integrating Security Tools and Context
- - Responding to Emerging Threats
- - Building Trust in Security Automation
- - Validating Real-World Exploitability
- - Secrets, Data Security, and Attack Paths
- - Operational Benefits of Exposure Management
- - Measuring Risk Reduction
- - Closing Thoughts
How Monday.com Saved $400K by Automating Identity & Access Management – WC #1
- Identity governance at scale
- SSO and SCIM challenges
- Automating user provisioning and deprovisioning
- Eliminating manual password management
- Reducing identity-related security risks
- Improving compliance and audit readiness
- Managing disconnected SaaS applications
- Supporting AI and non-human identities
- Real-world identity automation ROI
- - Introduction
- - Identity Security Threat Landscape
- - Why Traditional Identity Tools Fall Short
- - Monday.com's Growth Story
- - Identity Management Challenges at Scale
- - When Manual Processes Become Unsustainable
- - Extending Identity Governance to Every App
- - Before Identity Automation
- - Improving User Experience & Security
- - Measuring ROI: $400K Saved
- - Scaling Identity Automation Across 200 Apps
- - Future of Identity Governance & AI
- - Prioritizing Identity Risk
- - Integrating Identity Automation with Okta
- - Managing Legacy Apps and RPA Challenges
- - Live Demo Invitation
Cyber Threat Intelligence for CISOs: ISACs, Nation-State Threats & Resilience – WC #1
- - Introduction
- - Meet the Panel
- - Why Cyber Threat Intelligence Matters
- - Breaking Down Intelligence Silos
- - Choosing the Right Threat Intelligence Sources
- - Managing Risk Through Threat Intelligence
- - Building Relationships Before an Incident
- - Threat Intelligence KPIs for CISOs
- - Favorite Threat Intelligence Sources
- - How Small Teams Can Leverage Threat Intelligence
- - Final Takeaways
CyberArk (Access Team) – WC #1
API Security in the Age of AI: Managing Identity, Risk & AI Agents – WC #1
- - Introduction
- - Why AI Is Expanding the AppSec Attack Surface
- - API Security Lessons for AI Security
- - Identity, Least Privilege & AI Agents
- - Do We Need New Security Controls for AI?
- - Can AI Improve Application Security?
- - MCP Servers, Permissions & Risk
- - Why Data Governance Matters for AI
- - Runtime Security & Visibility
- - Selling AI Security to the Business
- - Biggest Mistakes Security Teams Make
- - RSA Preview & Final Thoughts
Identity Attacks Surge 389%: Inside the Industrialization of Cybercrime – WC #1
- 389% increase in identity-based attacks
- Why attackers now prefer "log in, don't break in" tactics
- Phishing-as-a-Service and MFA bypass techniques
- Tycoon 2FA and adversary-in-the-middle phishing attacks
- 14-minute exploitation windows after credential theft
- IT impersonation, vishing, and AI-powered social engineering
- Remote Monitoring & Management (RMM) abuse
- Identity Threat Detection & Response (ITDR) strategies
- Actionable defenses for security leaders
- - Introduction
- - Why Identity Is the New Perimeter
- - 85% Success Rate Using Valid Credentials
- - Phishing-as-a-Service & Tycoon 2FA
- - IT Impersonation & Vishing Attacks
- - ClickFix & Fileless Malware Delivery
- - The 14-Minute Exploitation Window
- - RMM Abuse & Persistence
- - Most Targeted Industries
- - How AI Helps Defenders
- - Defending Against AI-Powered Threats
- - Fake IT Workers & DPRK Operations
Securing AI-Generated Code: How to Protect Coding Agents & AI Dev Tools – WC #1
- - AI Coding Agents Are Changing Software Development
- - How AI Is Transforming Engineering
- - Why AI Creates New Security Risks
- - Testing AI-Generated Code at Scale
- - Securing the Agents Themselves
- - AI Supply Chain & Prompt Injection Risks
- - Can Traditional Security Still Help?
- - Shadow AI and Agent Visibility
- - The Future of AppSec Teams
- - Why AI Security Will Improve
- - Predictions for AI Development Security
Identity Security in 2026: Stopping Modern Attacks Before They Spread – WC #1
- Identity security best practices
- MFA and phishing-resistant authentication
- Identity Threat Detection & Response (ITDR)
- Service accounts and non-human identities (NHIs)
- AI agents and identity governance
- Identity sprawl and visibility challenges
- Risk-based authentication and Zero Trust
- Detecting lateral movement and account compromise
- - Introduction
- - Why Attackers Log In Instead of Hack In
- - Detecting Identity-Based Threats
- - Identity Sprawl & Visibility Challenges
- - Behavioral Analytics & Risk Signals
- - Authorization and AI Agents
- - Non-Human Identities Explained
- - Responding to Identity Threats in Real Time
- - Where Organizations Should Start
- - The Future of AI Agent Identity
Modern Identity Security: JML, Zero Standing Privileges & AI Agents – WC #1
- - Introduction
- - Why Identity Security Matters
- - Understanding Joiners, Movers & Leavers (JML)
- - Privilege Creep and Identity Risk
- - Automating Identity Lifecycle Management
- - AI-Powered Identity Analytics
- - Compliance, Audits & User Access Reviews
- - Modernizing Identity Governance
- - Zero Standing Privileges Explained
- - AI Agents and Identity Security Risks
- - Identity Security Priorities for CISOs
- - The Future of Identity Security Platforms
- - Closing Thoughts
Mobile App Security: Hidden SDK Risks, AI Coding & DevSecOps Best Practices – WC #1
- Why mobile apps have become the largest enterprise attack surface
- Hidden risks from third-party SDKs and software supply chains
- Mobile app security testing beyond traditional SAST and SCA
- AI-generated code (vibe coding) and securing AI-built mobile apps
- Continuous mobile application risk management
- DevSecOps best practices for mobile development
- Runtime analysis, reverse engineering, and binary security testing
- Managing first-party, third-party, and BYOD mobile application risk
- - Introduction
- - Why Mobile App Security Matters
- - First-Party vs Third-Party Mobile Apps
- - Anatomy of a Mobile App
- - Hidden Risks of SDKs
- - Why Traditional AppSec Misses Mobile Risks
- - Open Source Mobile Security Tools
- - AI-Generated Code Security
- - Building a Continuous Mobile Security Program
Cloud Security & AI: Governance, Automation and Risk for Security Leaders – WC #1
- AI's impact on cloud security and security operations
- Building trust in AI through governance and guardrails
- Agentic AI and security automation
- AI governance best practices
- Shadow AI and cloud visibility challenges
- AI-powered SOC workflows and incident response
- Securing APIs, identities, and cloud workloads
- Practical guidance for CISOs adopting AI securely
- - Introduction
- - AI's Impact on Cloud Security
- - Building Trust in AI
- - AI for Security Operations
- - AI Governance & Guardrails
- - Risks of AI in Cloud Environments
- - Balancing Innovation and Compliance
- - Lightning Round
- - Audience Q&A
- - Blink Ops Overview
- - Closing Remarks
Managing AI Agent Risks: Identity Security & Governance at Enterprise Scale – WC #1
- AI agent security and governance
- Machine identities and non-human identities
- Identity security for AI-powered enterprises
- Managing AI agent lifecycle and permissions
- Shadow AI discovery and remediation
- AI governance best practices
- Agent-to-agent communication risks
- AI hallucinations, memory, and security challenges
- Identity governance for cloud and AI environments
- Preparing security teams for the next generation of autonomous AI
- - Introduction
- - Why AI Changes Identity Security
- - AI Agents vs. Machine Identities
- - Multi-Agent Architectures
- - AI Governance Challenges
- - Shadow AI & Enterprise Visibility
- - AI Agent Lifecycle Management
- - Identity Governance Best Practices
- - AI Visibility & Monitoring
- - Asset Ownership & Agent Discovery
- - Three-Agent Governance Workshop
- - Closing Remarks




