Full Free day with various speakers and topics!
Paul Zindell
How to get away with Cybercrime
We often talk about threats in terms of dollars lost, data stolen, or headlines made. But the real threat lives deeper—in the structure, the strategy, and the growing ambition of the actors behind the screen. Today’s cybercriminals don’t just encrypt files; they build economies, launder, influence, and forge alliances that stretch across borders and industries.
In this talk, we’ll peel back the layers of modern cybercrime and explore how loosely affiliated hackers have evolved into organized syndicates. These groups operate more like multinational corporations than rogue disruptors—complete with HR departments, recruitment pipelines, insider relationships, and state protections.
JP Barta
Defend. Detect. Govern. AI Risk Management for GRC Teams in the Age of AI
AI is reshaping risk and control landscapes inside the enterprise — yet many GRC teams are still navigating blind spots. In this session, J.P. Batra explores how auditors, compliance leads, and risk managers can operationalize AI governance before threats scale. From small/medium-sized companies to large enterprises, you’ll learn how to defend against AI misuse, detect early warning signs, and govern responsibly — all while balancing innovation with accountability. This talk offers a practical framework to build risk-aware, audit-ready AI programs from day one.
Jonathan Harber
Principles of Cyber Hygiene
This presentation focuses on the importance of cybersecurity hygiene and the current state of information security. It highlights that a significant portion of the information security budget is spent on keeping attackers out, but there are still gaps that need to be addressed.
Learning Objective: Understand recent attacks, and be able to implement basic principles of good cyber security hygiene. Key points covered in the presentation include:
- Current State: Emphasizes the challenges in maintaining security, such as the need for constant vigilance and the various factors that make it difficult to secure data.
- Recent Large-Scale Attacks: Discusses notable cyberattacks, including the SolarWinds attack and other prominent vendor attacks by the Russian Government, and their impact on various organizations.
- What You Can Do: Provides actionable steps for individuals and organizations to enhance their cybersecurity posture, such as asking questions, participating in work groups, and raising awareness.
- How To Do It: Offers detailed strategies for making it hard for attackers to navigate the network, use data, and exfiltrate information. This includes network segmentation, data encryption, and implementing security measures like firewalls and intrusion detection systems.
- Other Tips: Shares additional recommendations for maintaining cybersecurity, such as disciplined asset management, good endpoint security, and physical security measures.
At the conclusion, attendees will have an opportunity to ask questions and discuss current issues.
Michael Cannady
Securing Intellectual Property: Data Loss Prevention (DLP) basics
This presentation introduces securing intellectual property through Data Loss Prevention (DLP) basics and Roles and Responsibilities (RACI), outlining the agenda with key questions: Why, Who, How, What, Where, and When. DLP implementation is driven by compliance with regulations such as GDPR, HIPAA, PCI DSS, SOX, FISMA, CCPA/CPRA, ISO/IEC 27001, NIST Framework, GLBA, and CMMC to protect sensitive data and meet legal requirements.IT handles technical implementation, policy enforcement, monitoring, incident response, and user training, while business units develop policies, assess risks, classify data, and ensure compliance. Both collaborate on strategy, governance, and fostering a security culture.
Blaise Wabo
CMMC 2.0: Understanding Cybersecurity Maturity Model Certification for Compliance and Protection
The Cybersecurity Maturity Model Certification (CMMC) 2.0 is an updated framework developed by the U.S. Department of Defense (DoD) to enhance the cybersecurity posture of the Defense Industrial Base (DIB). The goal is to protect sensitive unclassified information, such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), shared with contractors and subcontractors. CMMC 2.0 became effective as a law on December 16, 2024.
This webinar will provide a comprehensive overview of CMMC 2.0, including timelines, levels, scope, and compliance requirements. We'll delve into the key domains and practices, outline the steps to achieve certification, provide cost estimates, and discuss the benefits of CMMC 2.02. Whether you're a government contractor, cybersecurity professional, or simply interested in enhancing your organization's cybersecurity posture, this webinar will equip you with the knowledge to navigate the CMMC landscape effectively.
Learning Objectives:
1. Attendees will gain a thorough understanding of the updated CMMC 2.0 framework, including timelines, levels, scope, and compliance requirements.
2. Attendees will learn about the key domains and practices required for CMMC 2.0 certification.
3. Attendees will discover the steps necessary to achieve CMMC 2.0 certification and prepare your organization for compliance.
4. Attendees will get insights into the estimated costs associated with achieving and maintaining CMMC 2.0 certification.
5. Attendees will understand the benefits of implementing CMMC 2.0, including enhanced cybersecurity measures and improved protection against cyber threats.
Thomas Codevilla
How to integrate AI compliance with a Privacy compliance regime
Modern AI and Privacy laws are drafted similarly. Privacy law compliance emphasizes governance, data mapping, internal processing systems, external policies, and regulatory oversight, similar to the EU AI Act and Colorado AI Act. While privacy laws impose obligations depending on the sensitivity of data collected, AI laws turn on the risk the AI system presents to society. Grafting an AI compliance regime onto a privacy compliance is easier than you might think. Governance is driven by culture, data mapping can be expanded to AI systems, and identifying and mitigating risk becomes a public exercise. Technical documentation and instructions to downstream deployers mimic the requirements in privacy laws of DPAs and DPIAs. This presentation highlights areas of synergy in AI and privacy compliance regimes while offering practical tips for implementation.
Learning Objectives:
-Understand the obligations of the EU and Colorado AI Act, as well as the differences between them
-Learn how to foster a culture of compliance for both AI and Privacy laws
-Leverage parallels between data mapping for AI and Privacy
-Understand how Privacy Law’s DPIAs and DPAs can translate to AI’s risk assessments and technical documentation
-Learn how to integrate AI disclosures into existing public-facing privacy policies and terms of use
Nina Currigan & Joe Gioffre
Navigating SEC Cybersecurity Disclosure Rules: Insights from Recent Breaches and Assurance Strategies for Stakeholder Trust
In this session, KPMG will provide an overview of the SEC rules related to cybersecurity disclosure, highlighting their significance in today's regulatory landscape. The presentation will examine recent large breaches impacting financial reporting systems and the additional control measures organizations have implemented in response. Attendees will gain insights into leveraging controls tested under SOX and SOC frameworks to enhance cybersecurity measures and explore various third-party assurance report options, including SOC for Cyber, SOC 2, ISO 27001, and Cyber Maturity Assessments, to build trust with internal and external stakeholders.