Boston

Scott Margolis will share insights on the evolving supply chain threat landscape and its impact on critical infrastructure, along with MBTA’s approach to managing vendor and third-party risks across IT, OT, and operations. I will also highlight practical strategies such as Zero Trust, virtualization, and regulatory alignment, while providing a forward-looking perspective on emerging risks and the importance of building resilient vendor ecosystems.

As organizations rush to integrate generative AI into their products and workflows, many overlook one critical aspect, security at every layer of the AI pipeline. From data ingestion to model deployment, each component introduces unique risks that traditional cloud security frameworks were never designed to handle. This session explores practical strategies to secure generative AI workloads in cloud-native environments, focusing on model integrity, data confidentiality, and supply chain protection. Drawing from real-world implementations, I will show how to safeguard LLM pipelines, mitigate prompt injection and data exfiltration risks, and enforce Zero Trust principles across AI services. They will gain actionable insights into how tools like Kubernetes, service meshes (e.g., Istio), and secrets managers can be orchestrated to build secure, scalable AI systems without slowing innovation. By the end of this talk, attendees will understand what a secure GenAI lifecycle truly looks like and how to operationalize it in their own organizations.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode. Attend our session to learn:
• Why traditional approaches to data security have failed
• How AI and context are revolutionizing data security
• Where to maximize the value of your existing security investments
• What you can do to secure your Gen AI rollouts With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

The AI revolution is fundamentally transforming cybersecurity, while the future of networking evolves toward Hybrid Full Mesh—integrating 5G, WiFi, Ethernet, Fiber, and other network infrastructures. This presentation examines how AI is accelerating cyber threats: attack costs are skyrocketing, incidents surging 50% year-over-year, and ransomware development compressed from nine days to mere minutes*. We’ll explore why Hybrid SASE (not cloud-only) forms the core of an effective hybrid full-mesh security architecture and how organizations can respond when the rate of change and complexity outpace their capabilities. Most importantly, we’ll demonstrate why security isn’t just a feature but the essential foundation of operations in this new era of hyperconnected vulnerability.

Key Topics:

• Ransomware, phishing, and advanced persistent threats (APTs).
• Optimizing operations and improving security through Orchestration and Automation.
• Understanding the impact of AI and IoT on security vulnerabilities.

Why It Matters:
Staying informed about the latest threats helps leaders anticipate and prepare for risks that can disrupt operations.

We know people, not firewalls are the front line defense. But attackers don’t break-in, they log-in, and more often than not, it is a human who unknowingly hands them the keys. In this session, we will explore real-world breaches detailing how Social Engineering skills were leveraged by adversaries to get the initial access and set off a chain of compromise. We will share the insights from Verizon’s DBIR 2025 and real examples from Verizon cyber investigations on social engineering trends, and how adversaries leverage trust to gain unauthorized access.

Perimeter defenses are a long-standing strategy, but cybercriminals and ransomware operators are increasingly adept at bypassing them. Once inside, they exploit network blind spots, utilize encrypted traffic, and target cloud workloads to remain undetected. What if you could turn these tactics to your advantage? In this discussion, Fortinet cybersecurity expert will explore how SOC teams can proactively hunt for attackers by using their own strengths against them.

In today’s cyber threat landscape, your backup is no longer your safety net, it’s the first system attackers aim to compromise. According to recent research, 98% of ransomware attacks now target backups, and more than half are successful. As threat actors evolve, so must your defense posture. This session will explore the growing need for security and IT to work together to not only protect production environments but your backups and backup ecosystems as well. We’ll expose critical gaps in traditional backup strategies that leave organizations vulnerable to ransomware attacks, compromised credentials, and malicious insiders. Using Druva’s Cyber Resilience Maturity Model along with the NIST 2.0 framework, we’ll walk through the five levels of cyber recovery readiness, from data immutability to advanced threat detection, and how to operationalize them without adding complexity or cost. Real-world examples will highlight how security-forward organizations are using cloud-native, agentless architectures to achieve: Immutable, air-gapped backups for workloads no matter if they are edge, cloud, or datacenter 24/7 threat monitoring and forensics across backup environments Automated ransomware detection, quarantine, and clean recovery Zero Trust-aligned backup environments decoupled from primary infrastructure We’ll also tackle how modern platforms like Druva simplify compliance, reduce operational burden, and augment your cyber resilience and recovery by embedding security into the backup layer. Join us to learn why cyber recovery is the new front line of cyber defense, and why your backup strategy might be your biggest vulnerability, or your strongest asset.

The unsanctioned use of AI tools—creates blind spots for security teams. This session examines how hidden adoption drives data leakage, compliance violations, and attack surface expansion. We’ll analyze emerging threat models, real-world failures, and practical controls, equipping security leaders to assess risk, enforce governance, and safely enable AI innovation.

Venture capital and private equity firms play a powerful role in defining the future of technology – and cybersecurity is now at the center of that strategy. In this session, James Stanzler, a managing director at Atreides Management, will share insights on how top firms are evaluating cybersecurity opportunities, what trends are driving investment decisions, and how innovation, risk, and resilience intersect in the modern tech landscape. Attendees will gain a rare inside look at how capital markets are fueling the next generation of cybersecurity solutions, what signals investors watch for in emerging tech, and where the industry is headed next.