Minneapolis

Ransomware remains one of the most damaging and persistent threats facing organizations today. But while payloads evolve, attackers continue to rely on a familiar weakness: the legacy network. Flat architectures, VPNs, and implicit trust models provide the lateral movement needed to turn a single compromised endpoint into a widespread breach. Based on findings from the latest Zscaler ThreatLabz Ransomware Report, this session explores how traditional hub-and-spoke networks—built for connectivity, not containment—enable ransomware to traverse corporate environments unchecked, and how a cafe-like Zero Trust Branch architecture can shrink your attack surface and limit malware spread.

Data resilience is becoming a cornerstone of modern industry, ensuring continuous access to critical information that drives smarter decision-making, automation, and innovation. As digital infrastructures grow more complex and interconnected, the need for robust cybersecurity becomes paramount. AI now throws a whole new point of concern—making it even more critical to ensure your data is secure, as intelligent systems rely heavily on accurate, trusted information. Threats such as ransomware, data corruption, system failures, and malicious attacks underscore the importance of protecting data at every stage—from creation and transmission to storage and recovery. Data resiliency plays a vital role in cybersecurity—because if your data isn’t recoverable, how long would it take your organization to recover, if at all? Ensuring that your infrastructure can restore vital data is essential for maintaining business continuity. Investing in data security and resilient infrastructure is not just a technical requirement—it’s a strategic necessity for sustainable and secure operations.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode. Attend our session to learn: • Why traditional approaches to data security have failed • How AI and context are revolutionizing data security • Where to maximize the value of your existing security investments • What you can do to secure your Gen AI rollouts With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

Join Jay Shah, Senior Solutions Architect at Horizon3.ai, for an engaging session on “Offense-Driven Defense.” Jay will challenge conventional risk assessment practices and unveil how focusing on real-world exploitability and impact can revolutionize your security approach. Drawing from insights gathered across more than 150,000 autonomous pentests, he’ll share compelling stories and actionable lessons that show how viewing your cyber terrain through an attacker’s lens can uncover hidden vulnerabilities, optimize resource allocation, and strengthen your defenses against advanced threats. Don’t miss this opportunity to learn from a leading industry practitioner on why it’s time to “go hack yourself” and build resilience in today’s borderless threat environment.

Join a candid conversation between a Fortune 500 manufacturing security leader and a solutions architect as they dissect two decades of network segmentation evolution. From the nightmare of managing thousands of firewall rules across siloed teams to today’s identity-based approaches, this fireside chat reveals what actually happens when IT, Security, and OT teams collide over competing priorities. Learn how CISA mandates transformed segmentation from optional to essential, why traditional approaches create “Swiss cheese” networks, and how modern manufacturing leaders are building trust across teams while implementing dynamic, context-aware security. No vendor pitches—just hard-won lessons from the factory floor.

AI offers a compelling path to scale detection, triage, and response. But building an AI-powered Security Operations Center (SOC) isn’t just about plugging in a model – it’s about aligning the right technology, people, and workflows. In this session, we’ll walk through the key considerations for operationalizing AI in your SOC. You’ll learn how to evaluate AI technologies (LLMs vs. traditional automation), where to integrate them into alert and case workflows, and what makes an interface truly usable for analysts. We’ll deconstruct the practical side of maintaining quality – from tuning and feedback loops to continuous pruning and routine case sampling. Finally, we’ll lock in how to measure success with clear KPIs that go beyond “more alerts closed.” Whether you’re augmenting human analysts or laying the groundwork for full AI-led response, this talk will give you a blueprint for doing it right.

Rapid changes in public‑key infrastructure are reshaping operational and compliance expectations. By 15 March 2026 the CA/B Forum will reduce the maximum validity of publicly trusted TLS certificates to 200 days, with a roadmap to 47 days by 2029. Google has announced removal of the ClientAuth EKU from browser‑trusted certificates. Recent events—including Entrust’s browser distrust and DigiCert’s emergency revocation of 84 000 certificates—demonstrate the scale of disruption when certificates must be replaced at short notice. In parallel, NIST formally approved its first post‑quantum algorithms on 13 August 2024, signaling the start of industry migration toward quantum‑resistant cryptography. This briefing provides security architects, product owners, and operations teams with a concise action plan for the next three years: Certificate Lifetime Reduction – implications of 47‑day validity periods and how end‑to‑end automation (ACME/EST issuance, delegated DNS‑01 or HTTP‑01 domain validation, stapled OCSP, and scheduled revocation tests) sustains availability. Managing Mass Revocations – analysis of recent CA incidents, readiness metrics to track, blast‑radius containment strategies, and effective stakeholder communication. Transition to Quantum‑Safe Cryptography – practical steps for introducing hybrid X.509 certificates, rotating keys within HSMs, and deploying NIST‑approved algorithms (Dilithium, Falcon, SPHINCS+) alongside existing elliptic‑curve and RSA deployments. Attendees will gain a clear understanding of the operational, security, and business consequences of these developments, together with pragmatic measures that can be incorporated into 2025–2027 plans. The session emphasizes fact‑based guidance and proven practices suitable for organizations of all sizes.

In this presentation you will understand the baseline minimum cybersecurity program practices and the industry accepted BEST PRACTICES for a cybersecurity program. You will gain an increased understanding of what it takes to protect sensitive data, maintain system integrity, and ensure availability and business continuity in our increasingly digital world.

As cyber threats grow in sophistication and frequency, organizations must adopt proactive strategies to defend against data breaches, financial loss, reputational damage, and legal consequences. Best cybersecurity program practices—such as regular risk assessments, employee training, access controls, and incident response planning—provide a structured and resilient approach to mitigating risks. By embedding cybersecurity into every layer of operations, organizations not only safeguard their assets but also build trust with stakeholders and stay compliant with regulatory requirements.

Key Topics:

• Ransomware, phishing, and advanced persistent threats (APTs).
• Optimizing operations and improving security through Orchestration and Automation.
• Understanding the impact of AI and IoT on security vulnerabilities.

Why It Matters:
Staying informed about the latest threats helps leaders anticipate and prepare for risks that can disrupt operations.

In today’s cybersecurity landscape, humans remain both our last line of defense and our most vulnerable point of failure. Despite sophisticated tools and layered defenses, risky human behaviors—whether accidental or intentional—continue to expose organizations to threats. In this session, Beth Singer, Director of IT Compliance, shares her experience developing an approach to empower teams to proactively reduce human-driven vulnerabilities.  Attendees will gain insights into how visibility can drive accountability, and how culture, communication, and targeted interventions can transform human risk from a liability into a strength.