Registration & Networking

Welcome/Introductions

The Summit is a collaboration point for the many member-driven professional associations across the region. Hear a brief introduction from Board Members of each of those InfoSec & Fraud Associations as we open the agenda

The State of Cybersecurity 2025: Mapping the Industry, Measuring AI’s Real Impact, and Making Sense of 4,550 Vendors [Discussion Pod #1]

Richard Stiennon, veteran analyst and industry provocateur will kick off the Summit, taking us on a data-rich tour of the entire cybersecurity industry—all 4,550 vendors, 660 subcategories, and $12 billion in recent funding. Drawing from his forthcoming book Security Yearbook 2025, Stiennon will share insights derived from two decades of studying cyber trends at Gartner and now IT-Harvest—the only firm systematically cataloging the global cyber vendor ecosystem.

This talk is not just about the numbers. Richard will break down the practical implications for executives:

• How to navigate a vendor landscape bloated with similar claims and vague value props
• Where AI is truly being built in cybersecurity—what’s real, what’s noise, and what agentic AI might change
• What vendor origin says about product capability, reliability, and alignment with enterprise needs
• Why vendor consolidation isn't the answer—and what to do instead

He’ll also spotlight key global dynamics, such as Israel’s IDF-fueled innovation engine, Germany’s vendor loyalty culture, and the emergence of AI Security as a distinct and fast-growing segment.

If you’ve ever asked “What should I actually be paying attention to in cybersecurity right now?”—this is your answer. This session will set the tone and context for the day, offering a strategic foundation for every discussion that follows.

#BuyTheBreach: How Cyber Failures Can Fund Your Future [Discussion Pod #2]

Chase Cunningham, Ph.D. the Author of “Buy the Breach: Hacking Failure for Market Success,” is also known to cyber leaders as  “Dr. Zero Trust.” He will lead a fun, informative, and thought-provoking talk which will lead into what should be an eye-opening discussion! 

In this talk, he shines a spotlight on one of cybersecurity’s most under-explored truths: the market *rewards* failure. Drawing from his groundbreaking book, Chase walks through how cybersecurity professionals—yes, you—can outperform hedge funds without ever learning complex finance. Just by applying the same analytical skills you use to track vulnerabilities and threat actors, you can spot profitable market patterns tied to breaches, outages, and incidents.

This isn’t theoretical: Chase will share real-world portfolio results, case studies from Marriott, Equifax, CrowdStrike, and others, and the exact strategy he uses to buy low during breach-triggered panic and ride the inevitable recovery wave.

Participants will learn:

• How to decode SEC 8-K filings like a forensic investor
• Why public outrage rarely translates to long-term losses
• What timing data shows about the “bounce” after a breach
• How to ethically profit from chaos—while still fighting the good fight

Then stay for the live *Buy the Breach* discussion with Chase, where he’ll answer tough questions, unpack recent breach-related trades, and offer practical guidance on turning your cybersecurity expertise into a market edge.

Bottom line: If you're already protecting companies from failure, why not learn to profit when others don’t? The game is rigged—this session shows you how to beat it.

Leading the Fight: Leading the Fight: Cybersecurity & Government Agencies [Discussion Pod #3]

In this talk, government agency leaders will share how they approach coordinated threat disruption, interagency collaboration, and executive-level response to cyber-enabled crimes.

When cybercrime intersects with national security, terrorism, cross-boarder issues, or financial stability, the US Secret Service, Department of Homeland Security, FBI and state fusion center (CTIC) step in—not just with investigations, but with leadership.

What does it take to lead under pressure, across jurisdictions, and in defense of critical assets? In this fast-moving session, participants will get practical takeaways on how to elevate their cyber leadership posture—and why the most effective defenders think like protectors, not just responders.

Cyber Insurance: What is risk transfer anyway? [Discussion Pod #7]

If you’ve ever taken a course on the basics of cybersecurity you’ve learned about some standard risk management techniques: Reduction, Avoidance, Acceptance, and Transfer. The training material probably went into great depth on risk reduction, some amount on avoidance, talked about how you can't mitigate all risk, so you'll have to accept some… and then said "you can transfer risk by buying insurance." And that's probably about all it said about risk transfer. What does risk transfer or the buying of cyber insurance actually *do* for your overall security program? Hear from an insurance insider about what cyber insurance does and does not do for organizations, and why “just buy insurance” is not a solution to every cybersecurity problem.

Inside the Mind of the Adversary: Espionage, Negotiation, and the Battle for Digital Control [Discussion Pod #4]

Kurtis Minder has spent the last decade doing what most cybersecurity professionals only read about—negotiating directly with cybercriminals, including ransomware gangs, nation-state affiliates, and digital extortionists. As the founder and CEO of GroupSense, Minder built a world-class cyber espionage team, managing over 4,000 personas in multiple languages. He helped victims navigate headline-making ransomware attacks, and briefed everyone-from Congress to the Intelligence Community.

In this gripping, TED-style keynote, Kurtis draws from his new book, Cyber Recon, and his real-world experience leading some of the largest ransomware response efforts globally. He’ll walk attendees through the tradecraft of cyber reconnaissance, the nuances of engaging threat actors using mindful negotiation, and what it really takes to protect your organization in today’s hostile digital landscape.

Blending operational insights with personal stories—from fake identities like “Vinny,” to briefing Congressional subcommittees—Kurtis offers a rare, behind-the-scenes look at the human element of cyber conflict. Whether you lead security for a Fortune 500 or a regional bank, you’ll leave with concrete lessons on digital risk, negotiation, and resilience in the age of cybercrime.

Lunch & Solution Showcase Networking Discussions

Participants will enjoy a lovely full hot lunch while connecting with the thoughtful Solution Providers who are supporting the community at the Summit!

Cyber-Conscious Leadership: Boardroom Issue vs. IT Problem [Discussion Pod #5]

Mark Sangster goes beyond the headlines and surface-level frameworks to expose the invisible forces that shape today’s most devastating breaches. Drawing from his books “Cyber-Conscious Leadership” and “No Safe Harbor,” Mark unpacks real-world case studies—ransomware attacks that began as innocent supplier emails, regulatory landmines triggered by seemingly minor missteps, and grey zone attacks that blur the lines between criminal and nation-state actors.

As cybersecurity is recognized as a board-level issue, what is less clear is how to lead effectively in a world where the threat landscape is shaped by geopolitics, systemic business vulnerabilities, and adversaries who don’t play by rules.

Leaders at the Forum will walk away with:

• A framework for identifying root-cause failures in security strategy—before they become front-page crises.
• Techniques to translate cyber risk into the language of business outcomes and executive accountability.
• Insights into the psychology of breach response—how leadership behavior can either reduce risk or deepen liability.
• Practical approaches to shift from reactive defense to proactive cyber resilience, with clear roles for boards, legal, and operations.

Not just about protecting your company—it’s about sharpening your strategic edge as an executive.

Cyber Insurance: What is risk transfer anyway? [Discussion Pod #7]

Amanda Draeger, Principal Cyber Risk Engineer, Liberty Mutual Insurance will discuss something much talked about in the board room: 
If you’ve ever taken a course on the basics of cybersecurity you’ve learned about some standard risk management techniques: Reduction, Avoidance, Acceptance, and Transfer. The training material probably went into great depth on risk reduction, some amount on avoidance, talked about how you can't mitigate all risk, so you'll have to accept some… and then said "you can transfer risk by buying insurance." And that's probably about all it said about risk transfer. What does risk transfer or the buying of cyber insurance actually *do* for your overall security program? Hear from an insurance insider about what cyber insurance does and does not do for organizations, and why “just buy insurance” is not a solution to every cybersecurity problem.

It’s Not Just Bad Hygiene—It’s Criminal Negligence [Discussion Pod #7]

What the Largest Bank Fine in U.S. History Means for Cybersecurity Leaders

IRS-Criminal Investigations will talk us through what started as a routine money laundering investigation and then became the largest criminal BSA case in U.S. history: TD Bank pled guilty and paid a record-breaking $3 billion fine for failing to detect and report financial crimes between 2018 and 2024. But this wasn’t just a banking compliance failure—it was a breakdown of fundamental controls that cybersecurity teams should recognize as eerily familiar: weak identity verification, outdated monitoring tools, no internal escalation, and massive blind spots in onboarding.

With the passage of the AI Clarity Act and GENIUS Act, any company involved in digital asset transactions—especially fintechs and crypto-related entities—will now fall under the Bank Secrecy Act (BSA). That means cybersecurity functions may be criminally liable if they fail to detect malicious or illicit behavior.

This session reframes cybersecurity risk from “fear of breach” to fear of prosecution. If your organization touches crypto, stablecoins, or manages digital financial flows, this talk is your wake-up call. Learn what went wrong at TD, how BSA violations can stem from cyber failings, and what proactive cyber leaders should do now to protect not just their companies—but themselves.

Cyber-Fraud Fusion: Why the Future of Fraud Prevention Is a Security Strategy [Discussion Pod #8]

Fraud is no longer just a cost of doing business—it’s a security issue. More organizations are merging fraud prevention and cybersecurity into unified teams and frameworks to confront shared threats more effectively. This session explores the rise of Cyber-Fraud Fusion, where cyber threat intel, identity protection, and fraud operations are integrated to create a layered defense.

We’ll highlight how enterprises across industries are shifting from reactive fraud tools to proactive, intelligence-driven strategies—using concepts like the Cyber-Fraud Kill Chain to identify and disrupt attacks earlier. Attendees will gain a practical understanding of how convergence improves detection, response, and cross-functional coordination.

Degrees, Certs & Entry-Level Grit: What Cyber Grads Can (& Can’t) Do For You
[Panel]

This panel discussion features a real-world exchange between cyber educators and industry leaders. Professors will share how they’re designing programs with hands-on labs, industry-funded projects, and even high school hackathons. CISOs and CTOs will weigh in on the “last-mile” problem: grads with zero experience, mismatched expectations, and a professionalism gap that’s hard to ignore.

With over 700,000 unfilled cybersecurity jobs in the U.S., you’d think the hiring problem would solve itself. But here’s the rub: cybersecurity programs are churning out grads, and CISOs still ask, “What can they actually do on day one?” Are they SOC-ready? Do they understand fraud prevention, governance, compliance—or even what cybersecurity is?

We’ll dig into big questions:

• Are four-year degrees still the gold standard—or are certs and bootcamps the smarter play for mid-career upskilling?
• How do you hire interns and set expectations when “everyone is busy”?
• What can companies do (without breaking budgets) to actually shape the talent pipeline?
• And how can we close the generation gap without lowering the bar?

Come for the honest dialogue, stay for the practical takeaways—and leave with a few ideas for fixing a system that isn’t working for educators, employers, or students.

Trust, Verify, and Authenticate: Securing the Edge in a New Era of Operational Threats [Discussion Pod #9]

Dr. Robert Riegle—former DHS Director and national intelligence expert—will challenge participants to rethink how authenticity, attribution, and assurance must be redefined at the device and data layer.  In today’s environment of AI-driven disinformation, autonomous systems, and rising threats to critical infrastructure, the old model of “trust but verify” no longer cuts it. We must now verify before we trust—especially when it comes to operational technology, hardware identity, and machine-level decision-making.

In this provocative talk, he will be drawing on his national security background and work with emerging identity technologies, Dr. Riegle will explore how edge devices, autonomous systems, and even supply chains must be provably trustworthy to support U.S. counter-terrorism, counter-intelligence, and cybersecurity goals.

Following the talk, a moderated discussion will open the floor for participants to explore practical implications—how to support policy shifts, certify device lineage, and adopt technologies that “burn in” authenticity at the point of creation.

The Next Mission: Turning Insight Into Impact

In Closing - We’ve heard from the spies and the scientists. The agents and the analysts. The CEOs, strategists, and storytellers. Now, as we close the Summit, we return to the reason we came together in the first place: to make a difference.

In this final session, we’ll recap the boldest ideas, sharpest warnings, and most actionable takeaways shared throughout the day—from ransomware negotiation tradecraft to the market forces behind cyber failures, from AI-fueled attacks to law enforcement collaboration models that actually work.

But more than a summary, this is a call to action. Whether you’re protecting a regional bank, a global enterprise, or your local community college’s network, the mission is the same: build trust, verify identity, out-think the adversary—and never go it alone.

Join us to reflect, reconnect, and recharge for what comes next. Because the future of cybersecurity and fraud prevention isn’t just about staying ahead of threats—it’s about leading with purpose, and leaving with a plan.

Closing Discussion & Networking

Stay & Connect: Informal Networking + Solution Showcase
Before hitting the road, grab a coffee and take time to connect. Trade insights with peers, chat with Solution Providers, and follow up on the ideas sparked throughout the day.

No panels, no pitches—just real conversations to wrap things up right.