Seattle/Bellevue

While large-scale quantum computers may be years away, adversaries are already harvesting encrypted data today for future decryption. This session equips CISOs with practical strategies to implement quantum-resistant security now, before it’s too late. We’ll demystify quantum risk and demonstrate real-world deployment patterns that combine post-quantum and classical cryptography: implementing hybrid TLS 1.3 key exchanges, deploying composite X.509 certificates, and establishing dual-signature code signing frameworks. You’ll learn how to build crypto-agility into your PKI and KMS infrastructure, navigate performance impacts and MTU constraints, ensure interoperability across legacy systems and cloud platforms, and establish governance checkpoints for safe migration. Discover and leave with a clear roadmap for protecting data against tomorrow’s quantum threats.

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode.
Attend our session to learn:
• Why traditional approaches to data security have failed
• How AI and context are revolutionizing data security
• Where to maximize the value of your existing security investments
• What you can do to secure your Gen AI rollouts With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

John-Luke Peck from The Stillwater Group will talk about what goes well and what doesn’t go well for organizations that fall victim to an intrusion or a ransomware attack, and how so much depends on how well a company has prepared /before/ the ransomware strikes.  Whether your business or organization is large or small, public or private, we will talk about cyber threats, what a major incident looks like, and give you actionable recommendations for what you and your team can do /today/ to be ready and prepared for tomorrow’s “when”, not “if”.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Mobile DevSecOps has evolved faster in the last year than in the previous decade. With the rapid integration of AI-assisted pipelines and heightened platform security standards from Apple and Google, the traditional approach to mobile testing and threat modeling is being redefined. This session explores the shift toward a modern, enhanced mobile security risk stack. The goal is to discuss techniques that empower not only developers but also product leaders and strategists with limited coding backgrounds to engage meaningfully in mobile risk management. The talk will demonstrate new methods for creating and validating mobile-specific threat models, focusing on how to align human intuition with AI-powered reasoning to produce better predictive security insights. We’ll also look at practical use cases of mobile-specific MCP tools and generative AI mechanisms that can streamline testing and compliance while enhancing overall stack visibility. Rather than replacing human expertise, AI can become an active partner amplifying our capability to secure complex mobile ecosystems at scale. This session delivers a hands-on roadmap to leveraging AI within modern mobile DevSecOps for stronger, faster, and smarter security outcomes.

Key Topics:

• Ransomware, phishing, and advanced persistent threats (APTs).
• Optimizing operations and improving security through Orchestration and Automation.
• Understanding the impact of AI and IoT on security vulnerabilities.

Why It Matters:
Staying informed about the latest threats helps leaders anticipate and prepare for risks that can disrupt operations.

Join critical infrastructure incident responder Bjorn Townsend for a look at incident response in the world of community water systems that will also hold valuable information for leaders, IT and security personnel for any organization using OT/ICS/SCADA in other ways. Through Bjorn’s experience, lessons drawn from the ongoing war in Ukraine, and a little wisdom from Bruce Lee, you’ll learn about what an attacker could do if they gain control of a community water system, the most critical things to do to prepare for and prevent an incident before it starts, how to recognize an attack on your control systems, and what to do first in order to regain control of the network. This talk will also touch on how the response process plays into the other ICS:  the Incident Command System used by public sector emergency management agencies to coordinate with one another during a major emergency. Inter-agency coordination is especially important for community water systems because they tend to be heavily interconnected, particularly in densely urbanized areas of the Puget Sound, and community defense is a major key to success. Attendees will leave with a handy set of tips, conversation starters and “next steps” to take back to their organizations in order to help them prepare for incidents in their OT/ICS/SCADA networks. 

Hear from the women shaping the future of cybersecurity. This executive panel features trailblazing female cybersecurity leaders who are not only securing global enterprises and critical infrastructure, but also redefining what leadership looks like in the industry. In a candid, high-impact discussion, panelists will share lessons from the front lines—navigating complex threats, building high-performing teams, and breaking barriers in a traditionally male-dominated field. Attendees will gain executive-level insights into how diverse leadership drives stronger outcomes, how to build more inclusive cultures from the top down, and why supporting women in cyber isn’t just good optics—it’s smart strategy.

In this focused 20-minute session, Alex Salazar, IT Security Architect for Snohomish County Department of Information Technology, shares how he used Microsoft Co-Pilot to automate and streamline alert setup within the county’s SIEM environment. Attendees will gain a firsthand look at how AI tools can reduce manual effort, improve accuracy, and accelerate response times in security operations. Alex will walk through lessons learned, implementation challenges, and key takeaways for teams looking to safely and effectively integrate AI assistance into their SOC workflows.