Skip to content

UPCOMING EVENTS

Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois

Strategies for reducing risk to the enterprise.

February 20, 2025

9:00am – 5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

  

 

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Risk Mitigation Strategies – A CISO’s Guide
  • Learning from Risk Management and InfoSec Fails
  • Proactive Defense: Addressing Risks from External Threats
  • Balancing Risk and Innovation in a Cloud-First AI World
  • Adaptive Risk Management: Dealing with Punctuated Equilibrium in Cybersecurity
  • The Critical Nexus of Risk Management in Cybersecurity: A Gap in Professional Training
  • Balancing Cybersecurity Budgets with Business Needs (Panel Discussion)

Conference Price: $349.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 9:50am: Learning from Risk Management and InfoSec Fails

Derek Milroy, Security Architect, Arthur J. Gallagher

Learning from common infosec fails.  Implementing controls less complete/pervasive than you think can leave residual risk in your environment that you weren’t aware of.  This talk covers some common controls and potential failure points due to implementation etc.

Milroy

9:50am – 10:20am: Refreshment Break

10:20am – 11:10am: Proactive Defense: Addressing Risks from External Threats

Jacob Silutin, Global Sales Engineering Manager, Check Point

Most cyber attacks share a few common threads: they are perpetrated by external actors, they are financially motivated, and they leverage well-known initial attack vectors. Research shows that the vast majority of corporate breaches consistently begin with one of three attack vectors: the use of leaked credentials, a phishing attack that impersonates a well-known brand, or the exploitation of a vulnerability on an Internet-facing system.

To reduce the risk of a major cyber incident, businesses must proactively monitor, detect, and mitigate these external threats. In this session, Jacob Silutin will dive into the people, processes and technologies needed to root out external cyber threats as early in the cyber kill chain as possible. The sooner a threat is discovered and mitigated, the less likely it is to cause damages to the target. In addition, Mr. Silutin will discuss the Continuous Threat Exposure Management (CTEM) framework and discuss how implementing a CTEM can help significantly reduce the risk of a costly security incident. Join this session to learn more about managing external cyber risks.

Silutin

11:10am – 12:00pm: 2025: The Year of AI Governance. Build a Scalable AI Governance Program with ISO 42001

Dixon Wright, Head of GRC, TrustCloud

Every company is using AI and building AI into their products and services. AI frameworks (ISO 42001, NIST AI RMF, HITRUST AI Security Assessment) and legislation (EU AI Act, Colorado Senate Bill 205, etc.) are being developed and enacted rapidly. AI questionnaires are being sent to vendors with AI products. Whether you are ready or not, AI is the next frontier of security, GRC, and privacy.

What can leaders do now to build an AI governance program that scales? Enter ISO 42001, an AI management system standard that provides a governance structure that can help organizations maintain security, privacy and privacy as technology frameworks, and legislation continue to rapidly change.

This talk will explain how to implement a scalable and integrated AI governance program with ISO 42001. Specifically we will cover efficient and effective ways to:

  • Assess 1st and 3rd Party risks
  • Implement controls
  • Get assessed
  • Share your posture with customers and partners

Wright

12:00pm – 12:40pm: Lunch and Exhibit Break

12:40pm – 1:30pm: Risk Mitigation Strategies – A CISO’s Guide

Lori Kevin, Vice President, Enterprise IT & Security, IMO Health

Kevin

1:30pm – 2:20pm: Adaptive Risk Management: Dealing with Punctuated Equilibrium in Cybersecurity

Allan “Ransomware Sommelier” Liska, Senior Security Architect and Ransomware Specialist, Recorded Future

The cybersecurity threat landscape has always evolved, but we are in a period of punctuated equilibrium in cybersecurity. Looking at the 2025 threat landscape the threats aren’t just growing, they are growing exponentially and on all fronts. As recently as a few years ago, most security teams weren’t expected to have more than a surface level understanding of geopolitical analysis or data governance. Today, these two areas, among others, a core function of many security teams.

This talk will examine the 2025 threat landscape for cybercriminal, hacktivist and nation state actors and offer some practical suggestions for things organizations can do to better protect themselves from the overwhelming number of threats, targeted and not.

2:20pm – 2:50pm: Refreshment Break

2:50pm – 3:40pm: The Critical Nexus of Risk Management in Cybersecurity: A Gap in Professional Training

Jeff Gardiner, MBA, CD, BSc, BA: virtual CISO, Glasshouse Systems

In today’s rapidly evolving digital landscape, cybersecurity stands as a cornerstone for safeguarding our data and systems from an ever-expanding array of threats. Yet, a vital component—risk management—often slips through the cracks of professional training and development programs. While inherently tied to the essence of cybersecurity, risk management is frequently overshadowed or underrepresented in academic curricula and certification courses.

This presentation delves into the critical nexus between cybersecurity and risk management, illuminating its indispensable role in crafting robust defense strategies and enabling sound decision-making. By dissecting current educational frameworks in cybersecurity, we expose a concerning gap: the startling neglect of risk management as a core focus. This omission contrasts sharply with the profession’s intrinsic reliance on skills like risk assessment, mitigation, and strategic management.

Furthermore, a close examination of widely accepted definitions of cybersecurity reveals a troubling trend—many fail to explicitly reference risk, inadvertently downplaying its importance. Such omissions perpetuate a lack of emphasis on this essential domain, leaving professionals ill-equipped to handle the nuanced challenges of the field.

Attendees will gain insight into the broader implications of this educational void, exploring how it undermines the security posture of both organizations and individual practitioners. The session will offer actionable recommendations for educators, institutions, and industry leaders to bridge this gap. By integrating comprehensive risk management training into cybersecurity programs, we can foster a workforce that is not only prepared but resilient—ready to tackle the complexities of an increasingly perilous digital world.

 

Gardiner

3:40pm – 4:30pm: Balancing Cybersecurity Budgets with Business Needs (Panel Discussion)

Security is critical, but budgets are finite. This panel discussion will delve into the complex decision-making process behind prioritizing cybersecurity investments. Experts will share their approaches to balancing financial constraints with the need for robust defenses, addressing topics such as cost-effective tools, ROI on cybersecurity initiatives, and fostering executive buy-in. Attendees will gain insights into how to optimize security spending while aligning with broader business objectives.

Moderated by: Daniel Tangney, Sr. Manager, Compyl

Panelists will include:

  • Todd Covert, National General CISO, Allstate
  • Matt Cox, CISO, Mindsight
  • Michael Myint, Senior Vice President – CISO, AdaptHealth
  • Ron Zochalski, CTO & CISO, Lake County Government – Indiana
  • Other CISOs/Information Security Executives sharing strategies, tactics and lessons learned.

     

Tangney             Covert           Cox                 Myint                         Zochalski

 

Conference Price: $349.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

CONFERENCE SPONSORS

 

https://compyl.com/
https://cyberint.com/
https://www.ghsystems.com/
https://www.keepersecurity.com/
https://www.recordedfuture.com/
https://www.secureworks.com/
https://www.trustcloud.ai/