When: December 3, 2025 1300-1630
Where: Virtual via teams and In-person at Frontier RTP
Cost: Free
CPEs: Upto 3
Registration: Teams Registration
*** Both speakers are remote but members are encouraged to attend in person at the venue to network and have some great food ***
Session I -1300-1430 - 2026 Emerging Threats
The cybersecurity landscape in 2026 will be defined by unprecedented complexity and speed. Threat actors—ranging from nation-states to organized cybercrime syndicates—are leveraging AI-driven automation, identity-centric exploits, and machine-speed vulnerability weaponization to scale attacks beyond traditional defenses. The convergence of IT, OT, and cloud ecosystems, combined with the rise of autonomous AI agents and quantum computing, introduces new attack surfaces and amplifies systemic risk. Organizations must pivot from reactive security to proactive resilience, embedding Zero Trust, AI governance, and quantum-safe cryptography into their strategies. This session will explore the top emerging threats, their implications for enterprises, and actionable steps to mitigate risk in an era where trust -not technology - becomes the ultimate defense.
Speaker: Juman Doleh-Alomay, CISO, BorgWarner
Juman Doleh-Alomary is BorgWarner's Global Chief Information Security Officer. With over 15 years of experience in security, audit, investigation, compliance, and privacy policy/standards, Juman most recently held the position of Director of Cybersecurity Governance Risk & Compliance at Little Caesar's Enterprises serving the Ilitch holdings portfolio of companies. Her prior positions include Director of IT Audit at Wayne State University and a significant tenure in IT and Risk Management at Ford Motor Company. A leader within the ISACA community, Juman has held various roles, including past president and past ISACA International Audit Board Member. She is an active volunteer with Michigan Council of Women in Technology (MCWT), Women Security Alliance (WomSA), T200, and on the advisory board of Women in Cyber (WiCys) Michigan. An alumnus of the University of Michigan, she holds both a bachelor’s and a master’s degree, complemented by a suite of certifications: CISA, CISM, CRISC, CDPSE, and ISO 27001.
Session II - 1500-1630 Framework Overload to Oversight: Regaining Control with the CIS Controls
Have you ever felt overwhelmed by the endless cycle of control implementation and audits? Whether you are working with one framework or juggling several, the process can quickly become a mountain of evidence requests, tight deadlines, and endless follow-ups. At the center of it all is one word: control.
In this session, we’ll shift the focus to a specific set of controls—the CIS Critical Security Controls, a prioritized, prescriptive, and simplified set of best practices designed to help organizations build a stronger cybersecurity foundation. By adopting the CIS Controls, organizations not only improve their security posture but also move closer to aligning with major compliance frameworks like NIST 800-53, ISO 27001, PCI DSS, HIPAA, and many others.
We’ll explore two major challenges that organizations face:
1. Framework Overload
Many organizations must comply with multiple frameworks, depending on their industry. The good news? Most frameworks share common ground. Instead of treating each one as a separate mountain to climb, you can leverage control mapping to reduce redundancy. CIS makes this easier by offering mappings to over 25 frameworks, along with tools to streamline the process.
2. Tooling Troubles
Tracking evidence, control ownership, and implementation status can be chaotic—especially during assessments. Even with external auditors, internal organization is key. For those pursuing continuous compliance, where audits happen throughout the year, having a centralized tool is essential. That’s where the CIS Controls Self-Assessment Tool (CSAT) comes in. It helps teams monitor, prioritize, and manage their implementation efforts effectively.
Join us for a dynamic discussion that not only highlights the pain points but also delivers practical solutions to help you regain control—literally and figuratively.
Speaker: Valecia Stocchetti, Sr. Cybersecurity Engineer, CIS
Valecia Stocchetti is a Senior Cybersecurity Engineer at the Center for Internet Security, Inc. (CIS®). As a member of the CIS Critical Security Controls team, she has led multiple projects including: the CIS Cost of Cyber Defense for IG1, CIS Community Defense Model (CDM) v2.0, CIS Risk Assessment Method (CIS RAM) v2.1, as well as multiple Living off the Land (LotL) guides. Stocchetti was also one of the principal authors of the Blueprint for Ransomware Defense. Prior to joining the CIS Controls team, she was the Information Security Audit Manager at CIS where she evaluated and managed the control implementation within CIS and measured compliance to various standards and best practices. She also previously led the Cyber Incident Response Team (CIRT) at CIS. While managing CIRT, Stocchetti spearheaded multiple forensic investigations and incident response engagements for the MS-ISAC’s state, local, tribal, and territorial (SLTT) community. Stocchetti came to CIS from the eCommerce field where she worked complex financial fraud cases. She holds multiple certifications, including GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), and GIAC Security Essentials Certification (GSEC). While she enjoys all things InfoSec, Stocchetti particularly finds the cybercrime and espionage fields fascinating, which is what prompted her career choice. Stocchetti earned her Bachelor of Science degree in Digital Forensics from the University at Albany, State University of New York, as well as her Master of Science degree in Information Security at Champlain College.