9:00 am - 9:10 am
CT
2:00 pm - 2:10 pm UTC | Opening Remarks |
9:15 am - 10:00 am
CT
2:15 pm - 3:00 pm UTC | Keynote
Show More
|
10:00 am - 10:15 am
CT
3:00 pm - 3:15 pm UTC | Break |
10:15 am - 11:50 am
CT
3:15 pm - 4:50 pm UTC | Navigating Regulatory Challenges: Understanding NIS2, DORA, and CRA In an era where cybersecurity and digital resilience are paramount, organizations must effectively navigate the complexities of emerging regulations such as the Network and Information Security Directive 2 (NIS2), the Digital Operational Resilience Act (DORA), and the Cyber Resilience Act (CRA). This talk aims to equip management with a comprehensive understanding of these critical regulations and their implications for organizational operations. Experts Maxim Deweerdt, Principal SANS Instructor, and Pieter Batsleer, Senior Manager at NVISO, will provide an insightful overview of each regulation, emphasizing key elements that demand attention. Participants will gain actionable advice on compliance strategies, risk management, and best practices to ensure robust cybersecurity measures. This session is designed to empower leaders with the knowledge and tools necessary to proactively address regulatory challenges and enhance their organization's resilience against cyber threats.
|
10:50 am - 11:25 am
CT
3:50 pm - 4:25 pm UTC | Believing in Yourself to Lead Your Team You just had a meeting with Product Engineering where they laughed at your silly security requirements. You had a long time, valued employee with extensive company knowledge turn in their resignation. Your company just announced that it got acquired, but has no other details at this time. A typical day, right? Every organization has their own form of chaos; the common factor in leading security teams in these organizations is you. And sometimes, the hurdles seem impossible and endless. In this talk, I will share some of my own experiences that led me to leadership roles, turning some of my technical experiences and learning from struggles in confidence into ways to help various teams achieve success in organizations. We'll look at use cases and techniques to succeed, but also explore some fast ways to fail. You can get there from here…if you believe that you can!
Show More
|
11:30 am - 12:05 pm
CT
4:30 pm - 5:05 pm UTC | Bridging The Gap: The Playbook Of A BISO Aligning security initiatives with an organization’s culture is no longer optional—it’s essential for fostering resilience, employee engagement, and long-term success. As the bridge between business objectives and cybersecurity priorities, the Business Information Security Officer (BISO) plays a pivotal role in shaping a security culture that empowers employees while minimizing risk.
This talk will provide a practical, step-by-step playbook for evaluating your organization’s cultural readiness, aligning security initiatives with core values, and embedding security into everyday operations. Learn how to shift from a compliance-driven mindset to a human-centric approach that fosters trust, collaboration, and shared responsibility across teams.
Through real-world examples and actionable strategies, attendees will gain insights into:
Assessing and understanding organizational culture.
- Building partnerships across business units to embed security seamlessly.
- Creating tailored messaging and programs that resonate with employees.
- Measuring and iterating on cultural alignment for continuous improvement.
Whether you’re a seasoned BISO or an emerging cyber leader, this session will equip you with the tools to align security with culture, overcome resistance, and drive meaningful organizational change.
Show More
|
12:10 pm - 12:40 pm
CT
5:10 pm - 5:40 pm UTC | Lunch Break |
12:40 pm - 1:15 pm
CT
5:40 pm - 6:15 pm UTC | Bridging the Gap Between Engineers and Security Practitioners by Embedding Security Practices to Drive Positive Business Outcomes Travis Villanueva, Sr. Manager, Application Data Security Global Cyber Security, McDonald’s In today’s digital landscape, the necessity for robust security measures is critical, however, implementation of those measures can be complex and costly. To mitigate risk and combat emerging threats, our primary goal as security practitioners is to make security a foundational part of engineering work. At McDonald’s we are working to bring that goal to life through a variety of engineering outreach and education techniques designed to make the security standards for application data easy to consume and use for our engineering teams.
Show More
|
1:20 pm - 1:55 pm
CT
6:20 pm - 6:55 pm UTC | CISOs: Your Cyber Program Is A Profit Center, Not A Cost Center Cybersecurity programs - and CISOs - often consider themselves a "cost center" with minimal ability to help the business make money. This session will bust that myth once and for all. This talk will teach CISOs how three factors have converged to make cybersecurity a profit center for their enterprise.
Those three factors include: 1) regulatory requirements (the one we are most familiar with) 2) customer / partner requirements (the new one) and 3) cyberinsurance requirements (another newer one).
I will then explain how to use these three externalities to showcase how cybersecurity is a profit center for the enterprise. This includes case studies and metrics for CISOs to put this into practice in their program.
Case studies include: using customer and partner security requirements - along with customer revenue - to make the case for security spending and prove a true return.
Metrics include: using time spent on third party risk management questionnaires to demonstrate how security has a direct impact on contribution to revenue during the sales cycle.
Finally I'll wrap up with a few actionable steps to explain what they can do in the next 30, 90, and 180 days to put this into practice with an emphasis on storytelling and presenting to the Board to make sure these contributions don't go unrecognized.
Show More
|
2:00 pm - 2:35 pm
CT
7:00 pm - 7:35 pm UTC | Maximizing Potential: Leveraging and Developing Your Deputy CISO for Organizational Success As a CISO, your ability to drive a successful security program depends not only on your leadership but also on empowering and developing the next tier of security leadership. Your Deputy CISO plays a critical role in managing day-to-day operations, executing strategic initiatives, and preparing for future challenges.
This session explores how CISOs can effectively leverage and nurture their Deputy CISOs to amplify the organization's security capabilities and ensure leadership continuity. Attendees will learn actionable strategies, including setting a clear vision, delegating responsibilities, providing consistent feedback, fostering business acumen, and preparing them for future leadership roles.
We’ll dive into techniques for empowering Deputy CISOs as trusted advisors, exposing them to broader business functions, and positioning them as visible leaders within the organization and the industry. Whether you're a seasoned CISO or an aspiring Deputy, this presentation will equip you with insights to strengthen leadership alignment and build a more resilient security program.
Show More
|
2:40 pm - 2:45 pm
CT
7:40 pm - 7:45 pm UTC | Closing Remarks |
