Skip to content

UPCOMING EVENTS

Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois

Strategies for reducing risk to the enterprise.

May 28, 2026

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

  

 

 

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Risk Mitigation Strategies – A CISO’s Guide
  • Learning from Risk Management and InfoSec Fails
  • Proactive Defense: Addressing Risks from External Threats
  • Balancing Risk and Innovation in a Cloud-First AI World
  • Adaptive Risk Management: Dealing with Punctuated Equilibrium in Cybersecurity
  • The Critical Nexus of Risk Management in Cybersecurity: A Gap in Professional Training
  • Balancing Cybersecurity Budgets with Business Needs (Panel Discussion)

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 10:00am: From Threat Models to Boardroom Decisions: Integrating Threat Modeling with Enterprise Risk Management
Derek Milroy, Sr. Security Architect, Gallagher

In today’s rapidly evolving risk landscape, organizations can no longer afford to treat technical threats and business risks as separate conversations. Cyber vulnerabilities, operational disruptions, regulatory pressures, and reputational impacts are increasingly interconnected—demanding a more unified, strategic approach to risk.

This session explores how threat modeling, traditionally rooted in security and engineering, can be elevated and integrated into enterprise risk management (ERM) to drive better decision-making at every level of the organization. By connecting granular technical insights with enterprise-wide risk frameworks, organizations can move from reactive mitigation to proactive, intelligence-driven risk management.

Attendees will gain practical perspectives on:

  • Translating threat modeling outputs into business-relevant risk insights
  • Bridging communication gaps between technical teams and executive leadership
  • Prioritizing risks based on impact, likelihood, and strategic alignment
  • Embedding continuous risk thinking into organizational culture and processes

Milroy

10:00am – 10:30am: Sponsor & Refreshment Break

10:30am – 11:30am: Quantifying your Risk and Measuring your Cyber Program with Concrete Metrics
Riccardo Reati, General Manager, SpearTip

When was the last time you had to explain your cybersecurity approach to upper management? Do you wish it was easier to explain the technical aspects of your cyber implementation? This session will cover the ways you can analyze cybersecurity from a business perspective.

Riccardo will help you learn:

  • How to financially quantify your company’s cyber risk and exposure
  • How to calculate the return on investment for security controls
  • How to clearly measure implementations through concrete metrics

           Reati

11:30am – 12:30pm: When Controls Fail: Turning Incidents into Risk Intelligence

Incidents and near-misses are valuable sources of risk insight. This session examines how organizations extract meaningful lessons from security and compliance failures to strengthen future risk management efforts.

Includes:

  • Learning from incidents without assigning blame
  • Identifying systemic risk gaps
  • Feeding lessons learned back into risk frameworks

12:30pm – 1:30pm: Lunch and Exhibit Break

1:30pm – 2:30pm: Automating Security Operations through a Risk Framework
Eric Hulse, Director of Research, Command Zero

SOAR was supposed to transform security operations, to reduce risk faster. For most organizations, it delivered brittle playbooks, mounting technical debt, and automation that collapsed the moment the environment changed. Teams that invested years of effort walked away with marginal gains and a healthy skepticism of vendor promises.  AI is making the same pitch, and most organizations are about to make the same mistakes.

This diagnoses exactly why SOAR underdelivered and maps those failure patterns directly onto the AI deployments happening right now. The problem was never automation itself. It was automating the wrong layer. Traditional tooling targets Layer 1 (data retrieval) while analysts drown in Layer 2 (correlation and pattern recognition), the exact layer where AI creates genuine risk reduction and measurable business impact.

Attendees will leave with a three-layer framework for right-sizing AI across the full investigation stack, real metrics from organizations that deployed it correctly, and clear guidance on avoiding the implementation traps that made SOAR a cautionary tale.

We’ll also cover what this means for security leaders personally. The professionals who drive this transformation and can translate investigation efficiency into reduced risk exposure and business outcomes don’t just build better SOCs. They become indispensable to the organizations they serve.

            Hulse

2:30pm – 3:00pm: Refreshment Break

 

3:00pm – 4:00pm:  Managing Risk During Rapid Change: Cloud, AI, and Organizational Disruption (Panel Discussion)

Periods of rapid transformation introduce uncertainty and new risk patterns. This session explores how adaptive risk management helps organizations remain resilient during cloud adoption, AI initiatives, and business change.

Includes:

  • Managing risk during cloud and AI adoption
  • Responding to sudden shifts in the threat landscape

Applying adaptive risk management principles

Panelists will include:

  • Joseph Burkard, Chief Information Security Officer, Morgan Street Holdings
  • Jill Gunnufson, Senior Director, IT Risk Management, Northwestern Mutual
  • And other CISOs & InfoSec Executives sharing the strategies, tactics, and lessons learned.

 

      Burkard               Gunnufson

4:00pm – 5:00pm: Security Investment Panel: Aligning Risk, Budget, and Business Priorities (Panel Discussion)

Security and risk leaders must continuously justify investments in terms the business understands. This panel focuses on how organizations prioritize cybersecurity spending based on risk impact and business value.

Includes:

  • Risk-based budgeting and prioritization
  • Communicating security value to executives and boards
  • Addressing skills and training gaps in risk management
  • Audience Q&A

Panelists will include:

  • Dave Geudtner, VP, Enterprise Principle Architect, City National Bank, subsidiary of Royal National Bank
  • Victor Hsiang, CISO, GATX
  • Other CISOs & InfoSec Executives sharing the strategies, tactics, and lessons learned.

    

      Geudtner                         Hsiang

Conference Price: $349.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

                                                   

                   

 

 

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.