CruiseCon

After now doing (actually over) 100 cybersecurity assessments for governments, critical infrastructure, companies, and organizations of all sizes, Mr. Bigman has found some under-appreciated techniques, tricks, and configuration settings that really do work in minimizing cybersecurity risk. There are also (some surprising) things that almost all cybersecurity programs are doing that do little to stop the bad guys and absorb critical time and effort. This presentation will describe which cybersecurity activities Mr. Bigman believes you should prioritize and which ones you should deemphasize. Be prepared for some controversial ideas.

As Quantum technology advances, today’s classical cryptographic systems face potential threat and compromise. While efforts may be discussed on how to avert this catastrophe, it can only be managed through reasonable, timely and proactive preparation. How should CISOs begin to prepare? What priority should be given to starting Quantum Resistance/Resilience projects over the next few years? How should these projects be funded and prioritized with other pressing day-to-day operational security challenges?

The cybersecurity industry is facing a silent epidemic: underdeveloped leadership. As the field grows, highly skilled technicians are often thrust into leadership roles before they’re ready and without the tools to succeed. This weakens team morale and organizational health and can introduce security vulnerabilities, the very risks we work to mitigate. In this talk, Chris Cochran will share candid leadership stories—some disastrous, some triumphant-along with the philosophies and battle-tested tactics that have helped him navigate the toughest leadership challenges. Whether you are grooming new leaders or handling a leadership challenge yourself, this session will equip you with practical strategies to lead confidently, build strong teams, and drive success in cybersecurity.

Turning Defense into Dollars, Dan Meacham presents a compelling framework for transforming your cybersecurity program into a strategic profit center. Drawing from real-world implementations and lessons learned at Legendary Entertainment, Dan will share how brand enforcement security initiatives can drive measurable business value, strengthen the IP posture, and generate some revenue.

In leading a team of Nation-State hackers, Omer Horev was the nemesis of hostile governments and terrorists around the world. In order to be the best, he had to understand and channel his adversaries. He was forced to stay abreast of the offensive and defensive capabilities of the enemy to be able to effectively penetrate their defenses, go undetected and accomplish his objectives. In this unique presentation, Omer details the capabilities and methods of the prominent APTs and terrorist organizations, and gives insights into how to prevent, detect, and repel their attacks.

Admittedly the topic name seems boring, but this might be the most valuable topic of the event. Ira specifically asked Tracy to deliver this presentation given his experience in some of the largest cybersecurity programs in the world. The most effective cybersecurity programs have project managers integrated into all major efforts, PMs help ensure a repeatable process into all efforts. Good project managers provide metrics allowing a CISO to know the status of all critical projects. While it would be great for all programs to have a team of PMs, the reality is that most programs will not have that level of resources available. For that reasons, Dr Celaya-Brown will be covering the elements of good project management practices, and provide guidance on to how to incorporate good practices into programs even with limited resources.

Group shore excursions will be organized and announced in the coming week.

In 2025, AI agents are quickly evolving into an important aspect of enterprise operations, enhancing tasks from customer service to complex problem-solving. However, they also introduce significant security challenges. Key issues include vulnerabilities in AI architecture, data manipulation, tool exploitation, and Non-Human Identity abuse. The threats are real and can result in data breaches, resource consumption, and agent hijacking.

In an era where personal branding can significantly impact professional opportunities and perceptions, Chief Information Security Officers (CISOs) must navigate how to effectively establish and grow their personal brands. This talk, presented by a CISO renowned for their extensive industry contributions through podcasts, articles, and online courses, explores strategic approaches to personal branding tailored for cybersecurity leaders. It will dive into creating a compelling personal narrative that resonates with both industry peers and the broader business community. The session will offer practical advice on integrating personal branding with professional responsibilities to enhance visibility, influence, and leadership within the cybersecurity industry. Attendees will leave with actionable insights on using personal branding as a tool for career advancement and thought leadership in the evolving landscape of cyber security.

The convergence of advanced AI technologies and social engineering tactics has introduced sophisticated threats leveraging deepfakes and synthetic media. These malicious tools manipulate trust, compromise security, and exploit vulnerabilities within organizations. By utilizing realistic synthetic voices, manipulated videos, and fake credentials, cybercriminals deceive individuals, bypass authentication systems, and undermine organizational integrity. Understanding the mechanics of these attacks, their potential impacts, and the strategies to detect and mitigate them is critical for maintaining security. Insights into real-world examples and forward-looking solutions provide the foundation for safeguarding organizations against these increasingly convincing synthetic deceptions. Learning Objectives:

Identify and Analyze Synthetic Media Threats

Evaluate the Impact of Synthetic Media on Insider Threats

Implement Defensive Measures to Combat Deepfakes