DC Metro

In the relentless battle against evolving cyber threats, security professionals find themselves in a never-ending race, always trying to outmaneuver the next big attack vector. As AI continues to be widely adopted and quantum computing on the rise, the threatscape is only growing.

The escalating trend of cyber threats targeting AI-powered systems and the sensitive data they handle has sparked an urgent demand for advanced security protocols. Not only do businesses need to bolster the protection of these systems, but they’re also grappling with a new reality: malicious actors are harnessing AI to execute more attacks as well as increasingly complex attacks. As a result, ensuring the secure authentication and authorization of users accessing these systems is critical, particularly in today’s working environment where traditional security perimeters are no longer effective.

This session will cover multiple types of AI attacks to provide a better understanding of modern AI security threats along with some suggestions for securing the data, the model, the usage and the infrastructure. Additionally, we’ll do a deep dive into QuantumSafe cryptography and the importance of adopting today instead of tomorrow.

The threat landscape is evolving, join us for a deep dive into how your organization can meet today’s security and governance standards.

Join Anthony “TonyP” Pillitiere, Co-Founder of Horizon3.ai, for an engaging session on “Offense-Driven Defense.” TonyP will challenge conventional risk assessment practices and unveil how emphasizing real-world exploitability and impact can revolutionize your security approach. Drawing from over 100,000 autonomous pentests, he’ll share compelling stories and actionable insights that reveal how viewing your cyber terrain through an attacker’s lens can uncover hidden vulnerabilities, optimize resource allocation, and fortify your defenses against advanced threats. Don’t miss this chance to learn from a leading industry trailblazer on why it’s time to “go hack yourself” to build resilience in today’s borderless threat environment.

As organizations rapidly adopt generative AI and emerging technologies, security leaders face a critical challenge: enabling innovation while managing risk. Traditional approaches to security and risk management are being tested by AI’s unique characteristics and far-reaching business impact.

The solution may not lie in complex new organizational structures like “fusion centers,” but rather in a more fundamental reimagining of how we approach security governance. Enter the Five Cs framework – a pragmatic approach that bridges the gap between innovation and security without creating additional organizational complexity.

Join LevelBlue, a global leader in security services, as we share field insights from helping organizations navigate AI adoption. Learn how the Five Cs framework can help you.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Threat actors are increasingly targeting development pipelines in order to launch software supply chain attacks that have massive downstream impacts. These attacks are successful — the Snowflake breach of 2024 in which an attacker extorted $2.7 million out of customers is proof they work. Governments across the globe have also taken note of this threat, with SBOM mandates and regulations like the Cyber Resilience Act in Europe aiming to mitigate the risks. Open source malware, another name for a malicious open source package, is proliferating — Sonatype alone has observed more than 778,500 pieces of open source malware since 2019, representing more than 200% growth year-over-year. Attendees will learn about the most prominent types of open source malware including discoveries over the past year, what attributes differentiate open source malware from traditional malware and vulnerabilities, best practices for defending against open source malware, and how the attack vector will evolve in 2025. Join this talk to learn more about: How and why threat actors are focusing efforts on infiltrating software development via open source Differentiating attributes between open source malware and traditional malware The most prominent types of open source malware impacting enterprises today, as well as how enter development pipelines Best practices for SBOM management and securing the software development lifecycle against open source malware

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode. Attend our session to learn: • Why traditional approaches to data security have failed • How AI and context are revolutionizing data security • Where to maximize the value of your existing security investments • What you can do to secure your Gen AI rollouts With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

In today’s digital world, enterprises have never been more hyper-connected. And the interconnectedness is only accelerating. Every organization is in the process of some digital transformation or digital modernization. Additionally, the explosion of Artificial Intelligence is stealing the attention, resources, and budgets of cyber teams at the expense of other aspects of their IT environments. This rate and pace of change often draw attention away from ensuring legacy systems keep up with the evolving threat landscape. With approximately 90% of all breaches beginning with an email, email security is a very big rock. In this session, we will discuss the current state of email security, the trends in moving to cloud-based email like Gmail and O365, the additional risks, and why a comprehensive email security strategy doesn’t just include email.

Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars. And things change fast in this space – RaaS groups rise and fall with law enforcement takedowns, or disband and reorganize under different brands, so it can all be a little confusing. Each quarter, the Halcyon team of ransomware experts put together a RaaS power rankings guide for the ransomware threat landscape.

Learn how to build a ransomware resilience strategy that goes beyond prevention. You’ll learn how containment plays a vital role in limiting damage, maintaining business continuity, and accelerating recovery. We’ll walk through the core elements of a resilient approach—what it looks like in practice, why it matters now, and how you can get started.

This talk will explore how threat intelligence is strengthened when inclusive perspectives are combined with real-time operational data, especially across domains like healthcare, public sector systems, and critical infrastructure. I’ll discuss how organizations can build proactive and resilient incident response frameworks by leveraging both human-centric design and data-driven orchestration strategies.

Key Topics:

• Evaluating and selecting security technologies that align with organizational goals.
• Best practices for integrating new tools into existing security infrastructures.
• Orchestrating technology solutions to maximize their effectiveness and return on investment.

Why It Matters:
Choosing, using, and integrating the right technologies is vital for building a robust cybersecurity infrastructure, and Effective technology management optimizes security investments and enhances overall protection against evolving threats.

As the healthcare landscape evolves with increasing digitization, the volume and sensitivity of patient data continue to grow—alongside the sophistication of threats targeting it. In this forward-looking session, Bezawit Sumner, CISO at CRISP, explores the challenges and opportunities healthcare organizations will face in 2026 and beyond. From navigating complex compliance requirements to securing real-time data exchanges across systems and states, Sumner will outline strategic priorities for healthcare CISOs. Attendees will gain insight into emerging technologies, future threat models, and the collaborative efforts needed to safeguard patient trust in a rapidly changing environment.

This session will explore the critical role of cyber resiliency in helping organizations withstand and recover from today’s evolving threats. We’ll dive into strategies for reducing attack surfaces, visualizing networks, and securing critical IT assets—while also examining how compliance regulations can enhance security and safeguard sensitive data. Attendees will come away with actionable insights for strengthening their security posture, minimizing vulnerabilities, and preparing their organizations to face future challenges in an increasingly complex threat landscape.

 Join Rick Howard, President of the Cybersecurity Canon Project, for a forward-looking conversation about the evolving landscape of cybersecurity education and the literature shaping it. As the threats grow more complex and the industry continues to mature, how do we ensure that professionals—new and veteran alike—are equipped with the right knowledge and critical thinking tools? Rick will explore the future of cybersecurity curricula, the role of foundational books and thought leadership, and how the Cybersecurity Canon is helping define the essential reading list for the next generation of cyber defenders. Whether you’re a CISO, practitioner, or educator, this session offers a roadmap for how cybersecurity knowledge will be taught, shared, and preserved in the years ahead.