In this fireside chat, Scot Miller, CISO at Mr. Cooper, joins J.D. Miller, SVP at CyberRisk Alliance, for an open and practical dialogue on how security leaders can intentionally build culture and grow as leaders. While technology continues to change, the foundation of effective cybersecurity remains deeply human, rooted in trust, clarity, and authentic leadership.

Miller will share actionable tools and leadership practices that help strengthen security culture, improve governance, and empower teams to perform at a higher level. This conversation is designed to equip security leaders with ideas they can apply immediately, from fostering accountability and resilience to creating an environment where people feel connected, trusted, and motivated to protect the organization together.

In this presentation, LevelBlue Digital Forensics and Incident Response Manager, draws from extensive experience investigating thousands of cyber incidents to share practical insights on high-volume incident response. The talk explores key lessons learned from real-world investigations, highlighting common patterns, recurring challenges, and the importance of structured approaches when dealing with frequent security events. Attendees will hear about proven best practices for effective triage, prioritization, and coordination during investigations, as well as strategies for improving overall response maturity — such as refining processes, leveraging available tools and intelligence, and conducting thorough post-incident reviews to strengthen defenses over time. Through anonymized war stories from the field, the session illustrates how seemingly routine matters can escalate, the value of quick but measured decision-making, and the critical role of preparation and teamwork in containing impact and supporting recovery. These relatable accounts underscore broader takeaways applicable to organizations of various sizes and sectors. Ideal for security professionals, incident responders, and leadership looking to build or enhance their investigative and response capabilities in environments where incidents are frequent and demands are high.

News headlines show you the breaches at massive corporations, but it’s everyday organizations that face the most threats. Adversaries prey on the human psyche and use AI to advance their tactics and target the companies that keep our communities running.  For these companies, a ransomware or BEC attack isn’t just a stressful event—it’s the reason they can’t make payroll. This session explores how hackers plan to win, and why you don’t need a massive budget to fight back.  We’ll get into how Huntress brings cyber resilience through a powerful combo of purpose-built technology and human SOC expertise to stop threats before they cause damage—because organizations of ALL sizes deserve a fighting chance against attackers.

Based on frontline investigations by Sophos’ IR and MDR teams, the 2026 Active Adversary Report delivers an evidence-based look at how attackers are breaching organizations today.  In this session, we translate the report’s key findings into clear business implications. With 67% of incidents beginning with compromised identities, ransomware most often deployed outside business hours (88%), firewall vulnerabilities continuing to provide entry points, accelerating attacks on Active Directory, and growing telemetry gaps hindering detection, the message is clear: attackers are exploiting visibility gaps, identity weaknesses, and operational blind spots.  Attendees will gain practical insight into where organizations are most exposed and what strategic shifts are needed to meaningfully reduce cyber risk in 2026 and beyond.

APIs are now the primary interface for modern digital businesses, concentrating identity, data, and control in a single layer, and making them a prime target for attackers. Across cloud, SaaS, and enterprise environments, adversaries increasingly exploit APIs for initial access, establish persistence using tokens or service identities, and move laterally through internal APIs and trusted service-to-service communication.    This session breaks down the modern API-driven attack path using real-world incidents, explaining why API breaches so often escalate, why perimeter-based defenses fail to contain them, and how organizations can shift toward runtime detection and east-west containment. The focus is on resilience: limiting blast radius and keeping API incidents from becoming full-environment compromises.

Abstract
AI and new digital technologies will continue to shift the cybersecurity landscape in 2026. This session explores how modern tools can enhance detection, response, and decision making while introducing new risks tied to generative systems, data integrity, and fast moving threat innovation. Leaders will gain a clear view of how to adopt emerging technology in a responsible and strategic way that supports resilience and aligns with enterprise risk goals.

Key Takeaways
• How AI and emerging tech are reshaping core security functions
• The new risks created by generative models and evolving attack techniques
• Practical governance steps that support responsible AI use
• Examples of organizations pairing innovation with disciplined risk management

KISS" (Keep It Simple, Stupid) is a luxury rarely afforded to modern security teams dealing with legacy tool sprawl. While executives push for consolidation to reduce budget and risk, the transition from disjointed "best-of-breed" tools to a unified ecosystem is fraught with friction. Too often, security tools serve SecOps well but remain invisible obstacles to the DevOps pipeline. This session guides security leaders through the difficult journey of dismantling complexity to build a team-neutral "Golden Path", as coined by Spotify back in 2020.  

We will move beyond emotional attachments to specific tools and focus on defining objective business and regulatory requirements. Learn how to transform your security program from a bottleneck into a streamlined pipeline that delivers safer software, faster.  

Unify Tooling: Integrate disparate tools into a simplified process that reduces paths to production.  

Define Metrics: Develop KPIs that demonstrate success to Developers, Audit, and the C-Suite.  

Drive Culture Change: Educate and encourage stakeholders to adopt the path of least resistance.  

Prevent Drift: Implement detection mechanisms to ensure the pipeline remains streamlined.

Most security programs measure effort — not outcomes. Organizations patch thousands of vulnerabilities, deploy dozens of tools, and run annual tabletop exercises… but when an attacker shows up, none of that matters. What matters is whether they can prove their defenses actually work.  

In this talk, Ellen Sundra, Vice President of Customers at Horizon3.ai, shares how leading organizations are using autonomous pentesting to see their environment through the attacker’s eyes — continuously, safely, and at scale. By shifting from assumptions to proof, they’ve learned to:

• Prioritize what’s exploitable. Focus limited resources on the weaknesses that truly put the business at risk that are known to be abused by threat actors.

• Quickly fix what matters. Close the loop from find → fix → verify and reduce your exploitable attack surface.

• Reduce attacker dwell time. Use pentest results to precisely deploy honeyTokens to detect compromise early, and to continuously prove your EDR and SIEM are tuned and working as intended.  Cyber resilience isn’t about being perfect — it’s about getting better over time. And the only perspective that truly matters is the attacker’s.

Many of today’s identity security gaps stem from exposed data you can’t easily see – harvested from malware-infected devices and successful phishing campaigns targeting your employees, contractors, and suppliers. Criminals operationalize this data to carry out targeted cyberattacks, using it to deploy ransomware, steal sensitive data and critical IP, and quietly establish persistent access.These identity assets enable attackers to create synthetic identities, impersonate trusted users, bypass security controls, and move laterally across applications and systems with alarming efficiency.    

In this session, we’ll explore how these identity assets come together to form an attack surface that traditional controls can’t fully cover. Drawing from SpyCloud’s insights into the criminal underground and the cybercrime economy, we’ll share practical tips on what you need to know to better defend your organization from identity threats in 2026.

Abstract:
As organizations expand their digital ecosystems, risks extend far beyond internal networks. Threat actors are increasingly exploiting supply chains, third-party vendors, and identity gaps to gain access. This session brings together cybersecurity leaders and solution providers to explore how these interwoven risks create a complex attack surface -and how technology can help mitigate them.

Panelists will share real-world examples, lessons from managing large vendor networks, and innovative tools and frameworks for continuous risk assessment. Discussions will highlight strategies for mapping hidden dependencies, enforcing strong identity governance, and strengthening resilience through automation, collaboration, and transparency. Attendees will gain actionable insights on reducing exposure, improving third-party risk visibility, and leveraging technology to secure their extended digital ecosystem.

Key Takeaways:
• Understand how supply chains, vendors, and identities amplify organizational risk.
• Explore practical methods and tools for assessing, monitoring, and mitigating third-party and ecosystem vulnerabilities.
• Learn how to treat identity as a security perimeter using zero trust, access governance, and automated solutions.
• Gain insights from real-world breaches that reveal common gaps in vendor and identity controls.
• Walk away with a technology-informed framework to enhance resilience, secure partnerships, and reduce exposure across your digital ecosystem.

From vibe coding and autonomous agents to generative chatbots in everyday workflows, AI adoption is constant and occurring at a pace that most security programs have not been able to realistically govern. Well-intentioned employees, misaligned agents, overly permissive access, and weak data controls are introducing new forms of risk, often without malicious intent. At the same time, adversaries are actively probing these gaps through indirect prompt injection and jailbreaking techniques. But there's good news too. More often than not, failures leave signals long before they become significant incidents. In this session, you’ll learn how an AI security blueprint can help you identify emerging risk, align controls to new AI projects, and ensure adoption and deployment happen securely without impacting speed or access.

In a world where AI agents are no longer mere chatbots but autonomous decision-makers, CISOs must rethink identity security—and fast. From OpenText’s Core Identity Foundation (including AI-powered governance) to the footprints of agentic AI and quantum-safe readiness, this session explores how security leaders can stay one step ahead. Discover how to treat AI agents as first-class identities, enforce Zero Trust across hybrid environments, and orchestrate dynamic, auditable access across humans, machines, and bots. Walk away ready to outsmart tomorrow’s identity threats with today’s best-in-class IAM muscle.

As attackers increasingly focus on identity-based attacks, traditional defenses are no longer enough. This session helps attendees gain insight into how adversaries exploit misconfigurations, legacy protocols, and operational gaps to move laterally and establish persistence. The discussion then shifts to practical defense strategies, covering prevention, detection, and recovery techniques that security and IT teams can apply in real-world environments. Attendees will leave with a clear understanding of what is needed to protect their IdPs in today's threat landscape, along with actionable steps to strengthen identity resilience within their organization.

Fully autonomous pentesting promises speed but often sacrifices safety, credibility, and signal quality. This talk explains why autonomy without human control creates real risk, and outlines a better model: agentic execution with expert oversight that scales offensive security without breaking trust.

As organizations become more interconnected, third-party risk continues to expand in scale, complexity, and business impact. In this fireside discussion, Robert Pace, CISO of Invitation Homes, sits down with J.D. Miller, SVP at CyberRisk Alliance, to explore how security leaders are rethinking risk management frameworks to meet the realities of 2026 and beyond. The conversation will examine evolving third-party risk challenges, practical approaches to prioritization and accountability, and how CISOs can align risk decisions with business objectives without slowing innovation. Attendees will gain real-world insights into building resilient, adaptable risk programs that extend beyond the enterprise perimeter and stand up to increasing regulatory, operational, and supply chain pressures.

Abstract:
Cybersecurity challenges are complex, and solving them requires teams with diverse perspectives, skills, and experiences. This panel explores how diversity drives better problem-solving, innovation, and threat detection in security organizations.

Panelists will share strategies for attracting and retaining talent from varied backgrounds, leveraging unique thinking styles, and applying different experiences to uncover blind spots in risk management. Attendees will gain actionable insights for building teams that are not only technically skilled but more adaptive, creative, and resilient in the face of evolving cyber threats.

Key Takeaways:

• Understand how diversity strengthens problem-solving, innovation, and threat response.
• Learn approaches to recruit and retain talent from non-traditional backgrounds.
• Explore how different perspectives and thinking styles reveal hidden risks.
• Gain strategies to create teams that are adaptable, collaborative, and resilient.
• Walk away with practical ideas for integrating diversity into cybersecurity team design and strategy.

As enterprises expand their operations across various regions and systems, managing identity and access becomes increasingly complex. This session will address real-world challenges such as fragmented access processes, regulatory compliance, and rising security and fraud risks. It will explore how enterprises can tackle these issues by aligning regulatory needs, consolidating access workflows, implementing advanced verification, automating lifecycle events, and leveraging AI for continuous compliance and fraud detection. Attendees will gain strategies to minimize identity risk, streamline operations, and ensure secure growth in the financial services sector.

AI and large language models are no longer theoretical, they actively reshape how cyberattacks are built, scaled, and executed. So how are attackers using AI to compress reconnaissance from hours to minutes, automate impersonation, and accelerate email-based fraud? Through real-world examples of vendor fraud, consent phishing, and account compromise, we highlight why identity, behavior, and human context—not malware—are now the primary attack surface. Let's discuss what actually works in an AI-driven threat landscape and how organizations can start defending at machine speed.

As the "Agentic Enterprise" introduces a new generation of non-human insider risks, organizations must reject the dangerous "Autonomous SOC" in favor of Accelerated Security Operations. Join us to learn how a "human on the loop" strategy empowers analysts to outpace threats, delivering the speed of AI with the confidence of human control

In cybersecurity, pressure is constant, stakes are high, and leaders are expected to project confidence even when the ground is shifting beneath them. As the closing keynote of the Official Cybersecurity Summit, Ryan Reynolds will share a candid, leadership focused perspective on guiding teams through sustained stress, uncertainty, and moments that truly test resilience. Drawing from real world experience in cybersecurity risk oversight, Ryan will explore what it means to lead people, not just programs, when fatigue, burnout, and decision overload are part of the job. This session moves beyond theory to examine practical ways leaders can create clarity during chaos, support mental resilience without sacrificing accountability, and model steadiness that teams can trust.

Attendees will leave with actionable insights on how to communicate with intention under pressure, recognize early warning signs of team strain, and build an environment where people can perform at a high level while remaining healthy, engaged, and supported. This keynote is designed to leave leaders grounded, focused, and better equipped to carry both the mission and the people forward.