NYC CxO Security Forum

Quarterly Executive Briefing

Wednesday 25 February 2026

Days

Hours

Minutes

Seconds

A Private, Peer-Led Forum for Cybersecurity Leaders

CxO Security Forum brings together senior executives in cybersecurity, risk, and compliance to engage in peer-driven dialogue — not one-way presentations or vendor pitches. Our curated discussions are designed to elevate strategic decision-making, sharpen leadership perspective, and support both professional growth and personal mastery in today’s complex threat landscape.

Each Executive Briefing has a unique agenda, which follows our engaging format with Discussion Leaders and thoughtful “TED Talk” presentations followed by moderated conversations where the assembled executives from the Community share their best practices, experiences, lessons learned, etc.

Participants gain:

Trusted peer insight: candid discussion with leaders facing the same strategic challenges
Personal & professional growth: sharpen leadership and strategic judgment through real executive exchange
Actionable dialogue: moderated, high-impact conversations focused on what matters now
No noise, no pitches: gatherings where peers drive the agenda and learning
Stronger decision confidence: discussions that help you avoid costly missteps and evaluate solutions with clarity

Next Forum Agenda

As with past NYC CxO Security Forum briefings, the February gathering will feature a tightly curated agenda built around real-world insight, peer experience, and practical guidance — not theory or sales pitches.

Planned discussions and briefings will include:

Agentic AI in the Enterprise
A practitioner-focused discussion on where agentic AI is already being deployed, where it’s creating new risk, and how leading organizations are thinking about governance, controls, and accountability.

Learning from High-Profile Breaches (TBC)
Candid perspectives from nationally recognized CISO peers, examining recent, well-publicized breaches — what actually happened, what was missed, and what leaders would do differently with the benefit of hindsight.

Workforce, Talent, and the Security Organization
Insight from one of the world’s largest staffing firms on how cybersecurity, risk, and compliance teams are evolving — including hiring trends, organizational design, and where leaders are struggling to find (and retain) critical skills.

New Thinking from Leading Authors
Select authors will share ideas from their latest work, offering fresh perspectives on leadership, risk, security, and the changing role of the CxO — with time reserved for discussion and audience engagement.

Legal, Regulatory, and Liability Realities
A partner from a major law firm will share insights drawn from real client cases and advisory work, covering today’s most pressing issues around regulation, security, privacy, liability, and the use of AI in business applications — with a focus on practical guidance leaders can apply immediately.

As always, each session will be succinct, moderated, and discussion-driven, building toward a cohesive set of takeaways rather than disconnected presentations.

Thank You to Our Partners

Agenda

Our community-led gatherings ALWAYS have an amazing agenda filled with thoughtful Discussion Leaders and security, risk, & compliance influencers – including nationally-recognized authors and cyber-celebrities!

Registration & Networking

3:00 PM

Welcome/Introductions

3:30 PM

From Breach to Boardroom: Legal Lessons in Cybersecurity Strategy
[Discussion Pod #1]

In this talk, our Attorney (partner) distills key lessons from high-profile cases and confidential client engagements, showing how companies have navigated ransomware demands, disclosure dilemmas, and cross-border data incidents. In today’s high-stakes cyber environment, technical defenses are only part of the story — the real test comes when legal, regulatory, and business pressures collide. In this fast-paced talk, he’ll share what works, what fails, and what every executive should know before the next crisis hits — from structuring contracts to withstand supply chain attacks, to leveraging breach response as a catalyst for lasting governance improvements.

3:45 PM

Start-Up Showcase #1

4:15 PM

Beyond the Headlines: Executive Accountability, Regulatory Pressure, and the Reality of CISO Risk
[Discussion Pod #2]

Tim Brown - Chief Information Security Officer & VP at SolarWinds is one of the most nationally recognized CISOs in the industry (perhaps in history?)

He was previously the subject of the first U.S. SEC enforcement action brought personally against a sitting CISO—a case that was ultimately dropped. In this candid, practitioner-to-practitioner discussion, Tim will go beyond public reporting to explore:

What the SEC action actually felt like from inside the role
How regulatory scrutiny is changing executive decision-making
Where CISOs should draw sharper lines between accountability, authority, and governance
Practical lessons for security leaders navigating board relationships, disclosure, and personal risk

This talk and our subsequent moderated discussion is a rare opportunity to hear directly from an executive who has lived through a defining moment for the profession—and emerged with a clear, actionable perspective.

4:20 PM

Networking & Organized Interaction Break

4:45 PM

Start-Up Showcase #2

5:10 PM

Agentic AI Meets Zero Trust: What Actually Breaks—and How to Fix It
[Discussion Pod #3]

Josh Woodruff is the Author of "Agentic AI + Zero Trust," a former CISO, and a long-time advisor in the industry. He will talk more about the years of research that went into the book.

In the rush to deploy autonomous/semi-autonomous AI, Community Members have shared their doubts that existing identity, data, and control frameworks are ready. Drawing from years of research for his book and field experience, Josh will share:

Why most agentic AI initiatives fail operationally, not technically
How Zero Trust principles must evolve for AI agents, workflows, and non-human identities
Where security teams need to rethink identity, authorization, and monitoring
What CISOs and CIOs can do now to avoid costly architectural mistakes

This session blends short-form insights with moderated group discussion, focused on immediately actionable takeaways for enterprise leaders.

5:15 PM

AI-Native Identity: Why IAM Is Being Rewritten
[Discussion Pod #4]

Barak Perelman is a industry veteran and the Founder & CEO of Opti.ai. Fresh from a well-received presentation at the Gartner IAM Summit, Barak will reprise and expand on his research gathering input from dozens of your peers around identity.

To move identity from the current hodge-podge of big vendor solutions with “2025 AI-washed” marketing to real “baked in” AI is hindered by structural issues related to governance and accountability. Barak looked in detail at this from a risk-based approach and will share actionable insights for participants they can readily apply with their teams.

5:45 PM

Reception & Networking

Cyber author book signing!

Refreshments, food, cocktails & discussions till 8pm

6:30 PM

Forum Discussion Leaders

(Past, Present & Future)

Tim Brown

CISO & VP, SolarWinds

Tim Brown joined SolarWinds in 2017 as vice president of security and is now the CISO for SolarWinds, overseeing internal IT security, product security, and security strategy. After the SUNBURST attack in December 2020, Tim Brown led the response and remediation efforts. Tim has spoken to thousands of customers and has been instrumental in all customer remediation support and services.

He has worked closely with the SolarWinds® CEO in designing the future state of security and their “Secure by Design” philosophy. This new philosophy on software design will not only benefit SolarWinds but the industry as a whole, and it sets a precedent for responses to future cyberattacks.

As a former Dell Fellow and CTO, Tim deeply understands the challenges and aspirations of the person responsible for driving digital innovation and change. Tim has over 25 years of experience, and his trusted advisor status has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. He’s also an avid inventor and holds 18 issued patents on security-related topics.

Josh Woodruff

Author, Agentic AI + Zero Trust: A Guide for Business Leaders br>
IANS Faculty | CSA Zero Trust Working Groups

Josh Woodruff is the author of Agentic AI + Zero Trust: A Guide for Business Leaders, a practical framework for safely operationalizing autonomous AI using Zero Trust principles. Drawing on nearly 30 years of experience as both a CIO and CISO, Josh translates real-world enterprise deployments into clear executive guidance on trust, governance, and risk in agentic systems.

The book—co-authored with Michelle Savage and featuring a foreword by Zero Trust pioneer John Kindervag—cuts through AI hype to explain why most AI initiatives stall in pilot mode, and what successful organizations do differently. Josh is also the Founder and CEO of Massive Scale Consulting, co-leads the Cloud Security Alliance Zero Trust Working Group, and serves as IANS Faculty, advising enterprises across regulated and high-risk industries.

Known for his ability to frame complex AI and security challenges in plain executive language, Josh focuses on helping leaders design guardrails that accelerate innovation without sacrificing control, accountability, or resilience.

Barak Perelman

CEO & Co-Founder, Opti

Barak Perelman is the CEO & Co-founder of Opti, where he is focused on addressing structural challenges in identity, governance, and accountability as AI becomes embedded into enterprise systems. A seasoned cybersecurity operator and founder, Barak brings more than two decades of hands-on experience building products, leading strategy, and protecting critical infrastructure in highly complex environments.

Previously, Barak was the Co-founder and CEO of Indegy, an industrial cybersecurity company that built a comprehensive security and governance platform for industrial networks. Indegy was acquired by Tenable in 2019, where Barak went on to serve as VP OT Security, helping integrate industrial and enterprise security perspectives. Earlier in his career, he led product design at Stratoscale, where he managed large-scale cybersecurity projects.

Barak holds degrees in computer science, mathematics, and physics, as well as an MBA. He is known for his ability to connect deep technical systems thinking with executive-level governance concerns, particularly around identity, accountability, and the unintended consequences of AI-driven automation inside large enterprises.

John Kindervag

Creator of Zero Trust
Chief Evangelist at Illumio

John Kindervag is considered one of the world’s foremost cybersecurity experts. With over 25 years of experience as a practitioner and industry analyst, he is best known for creating the revolutionary Zero Trust Model of Cybersecurity. As Chief Evangelist at Illumio, John Kindervag is responsible for accelerating awareness and adoption of Zero Trust Segmentation.

Most recently, John led cybersecurity strategy as a Senior Vice President at On2IT. He previously served as Field CTO at Palo Alto Networks and, before that, spent over eight years as a Vice President and Principal Analyst on the security and risk team at Forrester Research.

In 2021, John was named to the President’s National Security Telecommunications Advisory Committee (NSTAC) Zero Trust Sub-Committee and was a primary author of the NSATC Zero Trust report that was delivered to the President. That same year, he was also named CISO Magazine’s Cybersecurity Person of the Year. John serves as an advisor to several organizations, including the Cloud Security Alliance and venture capital firm NightDragon.

Richard Stiennon

Chief Research Analyst - IT Harvest
frmr. VP of Research - Gartner

Richard founded IT-Harvest in 2005 to cover the 4,550+ vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 32 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Surviving Cyberwar (Government Institutes, 2010) and Washington Post Best Seller, There Will Be Cyberwar, as well as the annual Security Yearbook, published by Wiley for 2025. He was the VP of Research at Gartner. He has a B.S. in Aerospace Engineering from the University of Michigan, and his MA in War in the Modern World from King’s College, London.

Kurtis Minder

CEO & Co-Founder, GroupSense
Author, Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation

Kurtis Minder is one of the world’s foremost experts in ransomware response and cyber threat intelligence. As CEO and co-founder of GroupSense, he has led negotiations in some of the largest ransomware and data extortion cases globally, engaging directly with threat actors and nation-state affiliates. With over 25 years in cybersecurity—including roles at Fortinet, AT&T, and Citrix-acquired Caymus Systems—Kurtis has combined operational security, cyber reconnaissance, and real-world intelligence tradecraft into a uniquely effective digital risk strategy. His pioneering work and insights have been featured in The New Yorker, BBC, The Wall Street Journal, and Fortune.

At ACCSFF 2025, Kurtis will deliver a TED-style keynote and participate in a moderated discussion on themes from his acclaimed new book, Cyber Recon, offering a rare behind-the-scenes look at the people, tools, and tactics behind today’s cyber espionage and ransomware ecosystem.

Tim Rohrbaugh

Founder - RadicalNotion.AI, 3x Public Co. CISO

Tim Rohrbaugh brings 20+ years of C-level cybersecurity leadership to the frontier of AI for security and applied engineering. As founder of RadicalNotion.AI and former CISO of JetBlue Airways, he has built and operated enterprise programs that protect high-value, regulated data— including responsibility for safeguarding more than 40 million consumer records at a public financial services company.

A career security architect and systems engineer, Tim advances a practical view of GenAI as “augmented intelligence”: trustworthy, domain-tuned reasoning agents that reduce noise, challenge bias, and accelerate evidence-backed decisions without exposing IP. He has served as Vice Chair of the Airlines for America Cyber Security Council and as a board member of the Online Trust Alliance, where he contributed to national privacy and security policy. His work has been recognized with multiple awards, including Top Global CISO by Cyber Defense Magazine. Tim holds two joint patents in identity verification and authentication and is a frequent speaker and advisor to boards and engineering teams alike.

Dr. Chase Cunningham, PhD.

“Dr. Zero Trust” - Author, Speaker and Industry Thought-Leader

Dr. Chase Cunningham is a globally recognized cybersecurity strategist, bestselling author, and trusted advisor to both the public and private sectors. Widely known as “Dr. Zero Trust,” Chase pioneered the Zero Trust security framework during his time as a Senior Analyst at Forrester Research—an approach now adopted as a standard across government and Fortune 500 enterprises alike.

Over a 20+ year career that spans the U.S. Navy, Department of Defense, and senior industry roles, Chase has led initiatives in cryptographic systems, threat intelligence, cyber forensics, and national cyber defense strategy. He holds a PhD in Computer Science and Cybersecurity, with research centered on insider threats and advanced detection algorithms. He also maintains CISSP and CEH certifications.

An engaging keynote speaker and regular contributor to leading cybersecurity forums, Chase is the author of several acclaimed books including Cyber Warfare: Truth, Tactics, and Strategies and his latest, Buy the Breach: Hacking Failure for Market Success. In Buy the Breach, he unveils a contrarian but data-backed strategy for turning corporate cyber failures into personal financial gains—arming cyber professionals with the tools to outperform hedge funds by investing in the inevitable post-breach market rebound.

Chase is a rare voice who blends deep technical expertise with sharp financial insight. Whether briefing the Executive Branch or advising the boardroom, his mission is clear: empower defenders, demystify complexity, and challenge the status quo.

Morgan Jones

Partner, Cybersecurity/Data Privacy Practice Group, Brown Rudnick LLP

On tech evolution and regulatory/legal trends, business planning amid rapid tech evolution, and managing risk/liability profiles. Brown Rudnick frequently guides clients on how to navigate emerging issues with an eye to helping them to avoid having to start over again down the road. Expect a candid conversation about the current regulatory landscapes for AI and privacy, and data breach best practices.

Mark Sangster

Cybersecurity Author, Strategic Advisor, and Storyteller of the Unseen

Mark Sangster (mbsangster.com/) is a recognized authority on cybersecurity risk and a compelling voice in the fight against digital crime. A celebrated author and award-winning speaker, Mark brings a unique ability to distill complex cyber threats into practical, boardroom-ready insights. His books, No Safe Harbor and Cyber-Conscious Leadership, challenge conventional thinking by exposing the stories that don’t make headlines—highlighting the human and systemic failures behind major breaches.

Mark’s thought leadership spans industries and continents, with appearances on major stages including Harvard Law School and RSAConference, and contributions to The Wall Street Journal, CSO Magazine, and other leading media. He’s an advocate for shifting the cybersecurity conversation away from technical jargon and toward real business risk—translating the language of threat intelligence into the language of leadership.

With deep insight into emerging threats, geopolitical risks, and the psychology of cybercrime, Mark arms executives with the frameworks they need to lead resilient organizations. Whether drawing parallels between cyberattacks and aviation disasters or unraveling the hidden mechanics of “grey crime,” Mark’s work is as thought-provoking as it is actionable.

At the Forum, expect a conversation that’s more than informative—it’s transformative.

Dr. Frederick Scholl

Quinnipiac University - Program Director Cyber & Associate Teaching Professor

Frederick Scholl is a highly accomplished Global Senior Information Security Risk Manager. Dr. Scholl earned a BS and Ph.D. in Electrical Engineering from Cornell University. He is currently at Quinnipiac University, where he is MS Cybersecurity Program Director and Associate Teaching Professor. Previously, Fred founded Monarch Information Networks, LLC to enable trusted clients to protect their information. He also served as Senior Manager of Information Security and Control for Nissan Americas. His business experience also includes co-founding Codenoll Technology Corporation (NASDAQ: CODN) where he was Senior Vice President and Board Member. Career accomplishments also include 13 US Patents related to network technology and fiber optics. He chaired the IEEE committee that wrote the first standard for Ethernet communication over fiber optic links, now used world-wide.

Hazel Cerra

Resident Agent in Charge – U.S. Secret Service, Atlantic City Resident Office

Resident Agent in Charge – U.S. Secret Service, Atlantic City Resident Office Hazel Cerra is a seasoned federal law enforcement leader with 20+ years of experience in cyber-enabled financial crime prevention, national security investigations, and executive protection. As the Resident Agent in Charge (RAIC) for the U.S. Secret Service’s Atlantic City Resident Office, she leads the region’s Cyber Fraud Task Force (CFTF), coordinating complex investigations into cryptocurrency fraud, business email compromise, identity theft, and network intrusions.

Earlier in her career, RAIC Cerra served on former President Bill Clinton’s detail and traveled globally in support of the Clinton Global Initiative. She later became a supervisory special agent in the Philadelphia Field Office’s Financial Crimes Squad, where she oversaw a team of agents working on emerging cyber fraud threats.

RAIC Cerra holds an MBA in Finance from Johns Hopkins University and a Bachelor of Science in Criminal Justice from New Jersey City University. She recently completed the prestigious CISO Certificate Program at Carnegie Mellon University and is a Certified Information Security Manager (CISM).

A bilingual (English/Spanish) advocate for the next generation of cybersecurity talent, she volunteers as an adjunct professor and mentors Civil Air Patrol cadets in the national CyberPatriot competition. She brings a mission-driven, cross-disciplinary approach to protecting financial infrastructure—and continues to build bridges between law enforcement, the private sector, and the broader cybersecurity community.

Dr. Robert C. Riegle, J.D.

CEO, TripleID | Former Director, U.S. Department of Homeland Security

Dr. Robert Riegle is a nationally recognized authority on intelligence sharing, critical infrastructure protection, and national security policy. He currently serves as CEO of TripleID, a company pioneering next-generation identity and authenticity solutions for operational technology, edge devices, and autonomous systems.

Previously, Dr. Riegle served as Director of the State and Local Program Office within the Office of Intelligence & Analysis at the U.S. Department of Homeland Security (DHS), where he was instrumental in shaping the national intelligence-sharing framework between federal agencies and state and local Fusion Centers. As a senior executive and intelligence officer, he co-led DHS-wide efforts to formalize policy for interagency collaboration and helped align intelligence coordination across multiple domains, including counterterrorism, cyber, and counterintelligence.

His earlier roles include serving with the Defense Intelligence Agency in support of Operations Iraqi Freedom and Enduring Freedom, and in leadership positions at Booz Allen Hamilton, Chevy Chase Bank, and Indeck Power. A veteran with multiple commendations, Dr. Riegle holds a J.D. from The Catholic University of America and a B.S. in Government from the University of Maryland.

Dr. Riegle brings a unique lens to today’s challenges at the intersection of national security, technology, and trust—championing the need for verifiable authenticity in the systems we rely on most.

Amanda Draeger

Principal Cyber Risk Engineer, Liberty Mutual Insurance

Amanda Draeger is an accomplished cybersecurity leader, with a distinguished career rooted in leadership, education, and technological excellence. As a Sergeant Major in the U.S. Army, Amanda exemplified these traits by not only educating and leading fellow soldiers, but by becoming one of the first four women to ever achieve the GIAC Security Expert (GSE) designation from SANS.

Now retired from the armed forces, she utilizes her expertise, knowledge, and passion for educating others in her role at Liberty Mutual as a Principal Cyber Risk Engineer. In this role she provides subject matter expertise to underwriters and insureds on critical cybersecurity topics, as well as presenting at major infosec conferences around the country. Outside of work, Amanda is a fiber arts enthusiast.

Michael Hiskey

[Moderator] Founder, CxO Security Forum | Author | Speaker | Executive Strategist

Michael Hiskey is an author, blogger, and speaker with more than 20 years of experience in enterprise B2B strategy across cybersecurity, fintech, data, and AI. His work has appeared in Forbes, InformationWeek, WSJ.com, ITProPortal, and he has been featured on CNBC and C|Net.

A seasoned executive, Michael has held Chief Marketing Officer and Chief Strategy Officer roles at companies including Avanan, Socure, Semarchy, Trifacta, and Data Connectors, as well as leadership positions at IBM and MicroStrategy. He has lived and worked on three continents, managing global teams and driving measurable ROI for complex organizations.

Michael is the founder of the CxO Security Forum, a community-led network reinventing how executives connect for education, mentoring, and peer exchange. Having moderated and organized hundreds of cybersecurity conferences, roundtables, and executive forums, he is dedicated to creating practitioner-first environments that foster collaboration between industry, government, and academia.

He holds an MBA from Columbia Business School, and lives on Long Island with his wife and two daughters. More at linkedin.com/in/mphnyc.