New York

In today’s interconnected world, your cybersecurity posture is only as strong as the vendors you rely on. From cloud providers to software partners, every link in the supply chain introduces new layers of risk and responsibility. In this fireside discussion, Amit Basu, CIO & CISO of International Seaways, joins J.D. Miller, SVP of CyberRisk Alliance, to explore how enterprise leaders can approach vendor relationships with greater clarity, transparency, and confidence. Together they’ll discuss what questions every organization should be asking—from due diligence and AI-enabled risk detection to ongoing compliance and incident response—and how to build partnerships rooted in accountability and shared resilience.

Artificial intelligence and quantum computing are transforming technology—and redefining cybersecurity risks. This presentation examines how AI introduces new attack surfaces through data manipulation and model exploitation, while quantum computing threatens to break current cryptographic protections. We’ll explore defenses which defend against attacks on AI models along with quantum-safe encryption, offering practical guidance for securing systems in the era of AI and quantum computing.

Agentic AI is redefining identity security—autonomously planning, adapting, and executing protections where traditional IAM falls short. Yet the “last mile” of manual processes and disconnected applications remains a prime target for attackers. This session examines real-world breach scenarios, what agentic AI can (and can’t) solve today, and how it can extend governance, automate identity tasks, and close critical gaps to build true resilience in a Zero Trust world.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Threat actors are increasingly targeting development pipelines in order to launch software supply chain attacks that have massive downstream impacts. These attacks are successful — the Snowflake breach of 2024 in which an attacker extorted $2.7 million out of customers is proof they work. Governments across the globe have also taken note of this threat, with SBOM mandates and regulations like the Cyber Resilience Act in Europe aiming to mitigate the risks. Open source malware, another name for a malicious open source package, is proliferating — Sonatype alone has observed more than 778,500 pieces of open source malware since 2019, representing more than 200% growth year-over-year. Attendees will learn about the most prominent types of open source malware including discoveries over the past year, what attributes differentiate open source malware from traditional malware and vulnerabilities, best practices for defending against open source malware, and how the attack vector will evolve in 2025. Join this talk to learn more about: How and why threat actors are focusing efforts on infiltrating software development via open source Differentiating attributes between open source malware and traditional malware The most prominent types of open source malware impacting enterprises today, as well as how enter development pipelines Best practices for SBOM management and securing the software development lifecycle against open source malware

Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode. Attend our session to learn: • Why traditional approaches to data security have failed
• How AI and context are revolutionizing data security
• Where to maximize the value of your existing security investments • What you can do to secure your Gen AI rollouts With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

The AI revolution is fundamentally transforming cybersecurity, while the future of networking evolves toward Hybrid Full Mesh—integrating 5G, WiFi, Ethernet, Fiber, and other network infrastructures. This presentation examines how AI is accelerating cyber threats: attack costs are skyrocketing, incidents surging 50% year-over-year, and ransomware development compressed from nine days to mere minutes*. We’ll explore why Hybrid SASE (not cloud-only) forms the core of an effective hybrid full-mesh security architecture and how organizations can respond when the rate of change and complexity outpace their capabilities. Most importantly, we’ll demonstrate why security isn’t just a feature but the essential foundation of operations in this new era of hyperconnected vulnerability.

Key Topics:

• Ransomware, phishing, and advanced persistent threats (APTs).
• Optimizing operations and improving security through Orchestration and Automation.
• Understanding the impact of AI and IoT on security vulnerabilities.

Why It Matters:
Staying informed about the latest threats helps leaders anticipate and prepare for risks that can disrupt operations.

Cybersecurity threats are continuously evolving and traditional Privileged Access Management (PAM) must also evolve and mature into Identity Security in order to address modern attack vectors. In this presentation, we will discuss the evolution of PAM, the importance of managing both human and non-human identities across distributed workforces and cloud environments, while introducing a PAM Maturity Model that will empowering organizations with a framework to evaluate their security posture through risk reduction, operational efficiency, compliance, and business protection.
Key strategies will include Zero Trust Architectures, Just-In-Time Access, and AI-Driven continuous monitoring, ensuring that all privileged access is granted security and only when necessary. We will highlight the importance of transitioning from legacy Pam practices, such as VPN reliance and standing privileges to passwordless authentication and least privilege enforcement.

Business benefits include:
· Meeting Cyber Insurance Mandates
· Improved Compliance
· Enhanced Security
· Holistic Visibility and Business Efficiency

Perimeter defenses are a long-standing strategy, but cybercriminals and ransomware operators are increasingly adept at bypassing them. Once inside, they exploit network blind spots, utilize encrypted traffic, and target cloud workloads to remain undetected. What if you could turn these tactics to your advantage? In this discussion, Fortinet cybersecurity expert will explore how SOC teams can proactively hunt for attackers by using their own strengths against them.

In today’s rapidly evolving digital landscape, organizations are struggling with diverse methods of interaction with employees, customers, and partners through a multitude of technologies. This complexity often leads to a lack of control over Identity and Access Management (IAM), leaving organizations vulnerable to security threats and compliance issues. The cost of ignoring the risk can haunt you for years; however, you cannot correct what you don’t know, so the first steps are assessing whether your organization is positioned for a successful implementation, migration, or fix and validating that the organization is focused on the right path and issue they are looking to mitigate. Join us as we demonstrate a proven, 3-stage IAM Strategic Assessment model that is NIST compliance driven, answering the “what, where, when, why, and how” surrounding both Workforce Identity & Access Management and Customer Identity & Access Management (CIAM) programs, projects, and operations.

This presentation equips executives with a business-focused strategy to shift from prevention-only cyber posture to measurable resilience. It summarizes the current threat landscape and business impacts, presents a four-pillar resilience framework (Prevent, Detect, Respond, Recover), and prioritizes practical recovery controls — immutable backups, isolated restore environments, clear RTO/RPOs, and regular testing. The session closes with a concise 90-day executive action plan to validate recovery readiness and reduce downtime risk.

Rapid changes in public‑key infrastructure are reshaping operational and compliance expectations. By 15 March 2026 the CA/B Forum will reduce the maximum validity of publicly trusted TLS certificates to 200 days, with a roadmap to 47 days by 2029. Google has announced removal of the ClientAuth EKU from browser‑trusted certificates. Recent events—including Entrust’s browser distrust and DigiCert’s emergency revocation of 84 000 certificates—demonstrate the scale of disruption when certificates must be replaced at short notice. In parallel, NIST formally approved its first post‑quantum algorithms on 13 August 2024, signaling the start of industry migration toward quantum‑resistant cryptography. This briefing provides security architects, product owners, and operations teams with a concise action plan for the next three years: Certificate Lifetime Reduction – implications of 47‑day validity periods and how end‑to‑end automation (ACME/EST issuance, delegated DNS‑01 or HTTP‑01 domain validation, stapled OCSP, and scheduled revocation tests) sustains availability. Managing Mass Revocations – analysis of recent CA incidents, readiness metrics to track, blast‑radius containment strategies, and effective stakeholder communication. Transition to Quantum‑Safe Cryptography – practical steps for introducing hybrid X.509 certificates, rotating keys within HSMs, and deploying NIST‑approved algorithms (Dilithium, Falcon, SPHINCS+) alongside existing elliptic‑curve and RSA deployments. Attendees will gain a clear understanding of the operational, security, and business consequences of these developments, together with pragmatic measures that can be incorporated into 2025–2027 plans. The session emphasizes fact‑based guidance and proven practices suitable for organizations of all sizes.

In fast-moving, hybrid environments, disabling an account isn’t enough. Identity sessions stay active. Risks stay open. And offboarding lags policy especially across complex stacks like Azure, Google Workspace, Slack, and Okta. In this session, Docusign’s Principal Security Architect, Peter Muller, shares how his team built a real-time identity governance model that operates at global scale. Learn how they enforce session termination, delegate access control across business units, and run the full Bravura Security Fabric to govern every stage of the user lifecycle from onboarding to incident response. This isn’t theory. It’s what functional, federated identity looks like in practice.

We are living through the most transformative technological shift of our generation the AI Revolution. But behind every breakthrough model, intelligent agent, and autonomous system lies one essential ingredient: data. In this presentation, Ronan Murphy explores how AI is reshaping industries, redefining trust, and accelerating innovation and why data readiness, governance, and security have become the critical enablers of success. Speaking from a Forcepoint perspective, Ronan will examine how organizations can harness AI responsibly and securely by ensuring their data is visible, understood, and protected. The session highlights how Forcepoint’s AI-driven Data Security Posture Management (DSPM) and Data Detection & Response (DDR) capabilities are helping enterprises prepare their data for the AI era transforming risk into readiness, and information into intelligence.