San Diego

In today’s fast-changing threat landscape, resiliency is more than recovery – it’s about foresight, adaptability, and minimizing risk before it disrupts the business. Join Billy Norwood, CISO of FFF Enterprises, in a fireside discussion with J.D. Miller, SVP at CyberRisk Alliance, as they explore how organizations are rethinking cyber resiliency and risk management strategies for 2026. This conversation will highlight emerging threats, evolving frameworks, and the practical steps security leaders must take to ensure business continuity and build stronger defenses in the years ahead.

Artificial Intelligence is rapidly transforming the cybersecurity landscape – reshaping how threats are detected, analyzed, and mitigated. But while AI offers unprecedented opportunities, its real value depends on how security leaders integrate these tools into their teams and workflows. In this session, Gary Hayslip, Co-Author of the CISO Desk Reference Guides, will share practical strategies for aligning people, processes, and AI-driven technologies to create resilient, high-performing security operations.

What does “reasonable security” really mean in today’s evolving threat landscape, and how does AI reshape that definition? In this session, Matt Stamper, CISO Cross-Sector Council Chair for InfraGard, CEO of Executive Advisors Group, and Co-Author of the CISO Desk Reference Guide, will unpack the legal, regulatory, and practical dimensions of reasonable security. With an emphasis on AI-driven tools and application stacks, Matt will explore how organizations can align compliance expectations with operational realities, ensuring that security controls are both defensible and effective. Attendees will walk away with a clearer understanding of how to evaluate their own programs, strengthen governance, and apply AI thoughtfully to meet the ever-rising standard of “reasonable” in cybersecurity.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode. Attend our session to learn: • Why traditional approaches to data security have failed • How AI and context are revolutionizing data security • Where to maximize the value of your existing security investments • What you can do to secure your Gen AI rollouts With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

It’s coming — we all know it. Agentic AI will touch every part of security, including identity governance. But what’s the impact of having a more traditional NHI or service account — which we’ve all seen before — versus a non-human agent who is empowered to act on behalf of a human user? What will it mean to confront AI agents that often work autonomously and act like real people in nearly all respects? What should we be thinking about in terms of identity security, and how should we prepare for the year ahead? You’ve heard lots of discussion about agents and identity, but never like this. Join us!

Key Topics:

• Ransomware, phishing, and advanced persistent threats (APTs).
• Optimizing operations and improving security through Orchestration and Automation.
• Understanding the impact of AI and IoT on security vulnerabilities.

Why It Matters:
Staying informed about the latest threats helps leaders anticipate and prepare for risks that can disrupt operations.

Data resilience is becoming a cornerstone of modern industry, ensuring continuous access to critical information that drives smarter decision-making, automation, and innovation. As digital infrastructures grow more complex and interconnected, the need for robust cybersecurity becomes paramount. AI now throws a whole new point of concern—making it even more critical to ensure your data is secure, as intelligent systems rely heavily on accurate, trusted information. Threats such as ransomware, data corruption, system failures, and malicious attacks underscore the importance of protecting data at every stage—from creation and transmission to storage and recovery. Data resiliency plays a vital role in cybersecurity—because if your data isn’t recoverable, how long would it take your organization to recover, if at all? Ensuring that your infrastructure can restore vital data is essential for maintaining business continuity. Investing in data security and resilient infrastructure is not just a technical requirement—it’s a strategic necessity for sustainable and secure operations.

As AI reshapes the digital world, cyber threats are growing in scale and complexity. This session explores the essentials of cyber risk insurance—who’s at risk, why coverage matters, and how AI is transforming both the threat landscape and defense strategies. Learn how to leverage AI for proactive protection and align insurance with evolving risks to safeguard your organization.

The age of quantum computing is no longer a distant theoretical risk; it is an imminent strategic threat that will fundamentally redefine data security. While cryptographically relevant quantum computers (CRQCs) are still years away, the danger is already here. Adversaries are actively engaged in “Harvest Now, Decrypt Later” attacks, exfiltrating encrypted data today with the full knowledge that quantum computers will render current encryption standards obsolete, exposing today’s most sensitive secrets. This session will cut through the hype and focus on the practical realities of the quantum threat. We will explore the “Long-Lifecycle Reality” , where systems deployed today will be vulnerable within their operational lifetime. We will also address the “Trust Anchor Collapse” , the critical need for crypto-agility, and the concrete steps security leaders must take to prepare for the post-quantum cryptography (PQC) migration. Attendees will leave with a clear understanding of the timeline, the risks, and an actionable plan to begin building a quantum-resistant security posture.

In this session, we’ll explore how a converged SASE platform combined with AI and machine learning (ML) enables real-time threat detection and mitigation, transforming network security from a reactive to a proactive model. The focus will be on how AI-driven solutions within the SASE framework can identify, analyze, and neutralize security threats in real-time across distributed environments.

Third-party risk has become one of the most pressing challenges facing CISOs and risk leaders today. With global supply chains growing in complexity and vulnerability, organizations are exposed to an array of disruptions – from cyberattacks and data breaches to geopolitical instability, trade disputes, and natural disasters. In this discussion, co-authors Matt Stamper and Gary Hayslip of the CISO Desk Reference Guide will share insights from their latest book, Mastering Third-Party Risk, offering a practical roadmap for identifying, assessing, and managing vendor and supply chain threats. Drawing on their deep practitioner experience, they will explore governance models, resilience strategies, and proven practices that help organizations strengthen trust, ensure continuity, and reduce exposure to third-party risks in 2026 and beyond.