Keynote Speaker
Through a Lens Darkly: Seeing yourself as the adversaries see you is the best way to understand your risk

Time
September 10 @ 12:45pm in Serenity Room

Abstract
Today’s attackers enjoy infinite infrastructure, leverage AI-assisted coding and have no concern for consequences. They can scan the entire internet in a day and can exploit a new flaw simultaneously worldwide. Meanwhile, defenders are constrained by the needs and priorities of running their business. In this candid keynote, Eric Olson, one of the original pioneers of cyber threat intelligence, presents a clear-eyed view of the structural asymmetry in modern cyber conflict—and why looking at yourself through the eyes of your attackers is actually the best way to understand your exposure and prioritize defensive actions.

Eric Olson
Cybersecurity Leader & Author

Eric Olson has been at the forefront of cyber intelligence and threat detection for over two decades. One of the earliest team members at Cyveillance in the early 2000s, Eric helped pioneer some of the world’s first large-scale OSINT and cyber intelligence capabilities—tools that laid the groundwork for today’s cyber defense operations.

Today, he leads cyber threat detection and response for a US airline where he applies whole-system thinking to protect millions of passengers and one of the world’s most recognized travel brands. A business leader by training and a security expert by evolution, Eric brings a rare blend of strategic insight, technical depth, and human-centered leadership to every stage he takes.

Eric’s passion is helping others navigate the complex, high-stakes world of security and technology with clarity, humor, and actionable wisdom. His talks draw on real-world lessons from startups, boardrooms, SOC floors, and high-impact incident response teams—and are infused with the same sharp insight and storytelling found in his new book, The Toilet Paper Principle: A funny little book about the overlooked human side of incident response.

Keynote Speaker
AI is transforming NetOps

Time
September 10 @ 12:45pm in Serenity Room

Abstract
Artificial intelligence is revolutionizing how network operations are managed. This session explores the latest innovations and industry trends driving automation in NetOps. Attendees will gain insights into how AI is reshaping operational workflows and improving efficiency across IT environments. Learn what’s next in intelligent infrastructure and how organizations can prepare for a future where operations are increasingly autonomous and adaptive.

Tom Wilburn
VP Global AI Driven Enterprise @ Juniper Networks

Responsible for Juniper’s Global AI Driven Enterprise business, and for global field operations of the Mist and 128T organizations, Tom has extensive experience in the wireless and networking industry.

Keynote Speaker
Cyber Resilience: Shifting from Risk to Readiness

Time
September 10 @ 12:45pm in Serenity Room

Abstract
In today’s dynamic threat environment, traditional risk management approaches are no longer enough to keep organizations secure. Tia Hopkins, Chief Cyber Resilience Officer & Field CTO at eSentire, will share how adopting a cyber resilience mindset enables organizations to anticipate, withstand, and recover from cyber disruptions while ensuring business continuity. She will highlight the role of Continuous Threat Exposure Management (CTEM) as a key driver in transforming security strategies from reactive to proactive. Attendees will gain insights into the core pillars of cyber resilience and leave with a clear understanding of how to navigate modern threats with confidence and agility.

Tia Hopkins
Chief Cyber Resilience Officer & Field CTO @ eSentire

Tia is a Cybersecurity Executive who has spent the past 20+ years of her career in various IT and IT Security roles with over a decade of experience in the managed services space. Her work focuses on helping organizations achieve cyber resilience through effective and efficient combinations of people, process, and technology; as well as influencing the rapid transformation and market value of high-growth, disruptive cybersecurity start-ups through market research and education, thought leadership and evangelism, product messaging, competitive differentiation, and roadmap guidance.

Keynote Speaker
Cyber Fraud: Building Resilience Against Digital Threats

Time
September 11 @ 8:45am in Serenity Room

Abstract
This presentation dives into the strategy and structure behind launching a cyber fraud team that fuses cybersecurity, fraud ops, and data analytics. Learn how to evolve from reactive defenses to adaptive intelligence, break fraud kill chains, and build a maturity model that drives prevention, collaboration, and member trust—all while reducing digital threats and financial impact.

Matt Meis
Cyber Fraud Manager @ Summit Credit Union

Matt Meis is a Cyber Fraud Manager at Summit Credit Union with over 15 years of experience in the cybersecurity and IT space. He has built banking fraud detection systems, written college level cybersecurity curriculum, and started DomainAlarm to proactively detect phishing sites. In addition, Matt recently published a new book: Survive Online, which aims to help individuals improve their cybersecurity posture.

Keynote Speaker
Building Cyber Programs with Effective Challenge and Board Oversight

Time
September 11 @ 8:45am in Serenity Room

Abstract
Is your cybersecurity program benefiting from oversight and effective challenge? This keynote explores how risk-based challenges, external assessments and frameworks can strengthen your program and guide budget and roadmap decisions. The presentation will also introduce the six cyber oversight principles recommended by the National Association of Corporate Directors (NACD). Using effective challenges and preparing to answer the questions your board should be asking, you will be better equipped to manage risk and align with business expectations.

Victor Vinogradov
Cyber Security Leader, ex-CISO $100B Bank

Vic is an accomplished cybersecurity executive with over 30 years in technology leadership across financial services and global enterprises. From 2015 to 2025, he served as CISO for Western Alliance Bancorporation, one of the nation’s top-performing banking institutions. During his decade-long tenure, Vic led both first- and second-line security and fraud programs through a period of rapid organic and acquisition-driven growth, overseeing a rise in bank assets from $14 billion to over $86 billion.

Prior to his role at Western Alliance, Vic held senior positions in network architecture, data center operations, and cybersecurity at Charles Schwab, American Express, and TÜV Rhineland. He holds a bachelor’s degree in electrical engineering, a master’s degree in information security, and multiple credentials including CISSP and the NACD/Carnegie Mellon Certificate in Cybersecurity Oversight. Vic also contributed to national policy efforts as a member of the Federal Reserve’s Secure Payments Task Force.

Known for his strategic vision and board-level engagement, Vic brings a wealth of insight into building resilient cyber programs, aligning security with business growth, and navigating complex regulatory landscapes.

Keynote Speaker
The AI Imperative: A CISO’s Guide to Leading with Boldness, Security, and Purpose

Time
September 11 @ 8:45am in Serenity Room

Abstract
Artificial intelligence is no longer on the horizon — it’s here, and CISOs are uniquely positioned to shape how it’s adopted, governed, and secured. In this provocative keynote, Patricia Titus challenges security leaders to see AI not as a threat, but as a strategic opportunity to influence enterprise innovation and resilience. We’ll explore the critical role of behavioral AI in modern defense strategies, offering new layers of protection through contextual intelligence and anomaly detection that surpass traditional models. From building governance frameworks with “human in the loop” to preparing for emerging roles like AI Security Architect and Engineer, this session will equip you to guide AI adoption with confidence, clarity, and purpose. The message is clear: Think big. Be bold. And ensure your organization moves forward securely — and ethically — in the age of AI.

Patricia Titus
Field CISO @ Abnormal AI

Patricia Titus, Field CISO at Abnormal AI, has over 25 years of CISO experience in both the public and private sector. Known for her expertise in risk management, AI, cybersecurity operations, and crisis management, she has optimized security, enhanced resilience, and integrated AI into security programs. Titus also serves on the board of directors of Black Kite and The Girl Scouts of the Commonwealth of Virginia.

Session
From Stolen Credentials to Lamborghinis: Following the Money to Stop Cybercrime

Time
September 11 @ 10:50 am in Serenity Room

Abstract
Cybercrime doesn’t end with a data breach — it ends when criminals turn stolen assets into profit, sometimes funding luxury cars. This talk will show how organizations can disrupt that criminal economy by combining Attack Surface Management and Dark Web Monitoring into a proactive defense strategy that stops cybercrime before it pays off.

Todd Crick
COO @ Searchlight Cyber

Executive in the Telecom/High Tech/Internet Industries. Initially, a Strategy Consultant with Deloitte Consulting and InCode Telecom Group. Transitioned into leading large Service Organizations at VeriSign and Ericsson. Also, CEO at a mid-sized professional services company through an MBO and successful exit.

Recent experience in an Operations role with SaaS Security company and as an Co-Founder and Partner with a High Tech-focused Private Equity Company. Board Member/Advisor and Investor in several start-ups.

Session
Data Security: The Missing Context

Time
September 10 @ 3:30pm in Clarity Room

Abstract
Data security has been around for decades, and yet, it still feels like an unsolvable puzzle. Legacy technologies are typically resource-intensive, find just a small portion of companies’ sensitive data, and produce a ton of false positives. The impact to operations is often so significant that businesses never move their DLP out of monitoring mode.

Attend our session to learn:

• Why traditional approaches to data security have failed
• How AI and context are revolutionizing data security
• Where to maximize the value of your existing security investments
• What you can do to secure your Gen AI rollouts

With the right strategy and technology, you can transform your data from a liability to a well-managed asset.

Jim Robertson
Director, Pre-Sales Engineering @ Concentric AI

Jim has 10+ years in the data security space and has been an SE at Varonis, StealthBits (Netwrix), Splunk, IBM and Bionic AI. Before that he served in network and systems engineering roles at MSP’s in the upper Midwest. His broad experience in deploying and securing systems and data has translated into thought-leadership about the practical challenges in the data security posture management space.

Session
Data Security Posture Management, what next?

Time
September 11 @ 2:10pm in Inspire Room

Abstract
Data Security Posture Management (DSPM). Why is DSPM a popular IT topic? What problem does DSPM solve? What does a DSPM technology do? How do I remediate my vulnerabilities using DSPM? How do I protect my data for now and into the future?

Muamone Yang
Sales Engineer @ Thales

Muamone Yang, Hmong-American born and raised in Milwaukee, WI. Marquette University Alumnus. He started work at a large financial institution implementing encryption devices at their data centers. He transitioned from implementing encryption at the bank to consulting on different encryption solutions at Thales. Now at Thales, he teaches customers, sales teams, partners, and anyone else who would listen about cyber security best practices.

Session
What’s hiding in your DNS?

Time
September 10 @ 3:30pm in Inspire Room

Abstract
With Threat Actors increasingly finding new ways to get into networks – are you looking at DNS to identify malicious traffic? Stopping traffic at the DNS layer give organizations a proactive approach to preventing breaches. Find out what could be lurking in your DNS and how predictive blocking can add valuable intel to your security stack.

Dave Carter
Product Security Specialist/DNS Security Specialist @ Infoblox

Product Security Specialist/DNS Security Specialist covering Enterprise accounts across 7 states. With over 25 years of experience in the cybersecurity and technology industries, Dave has been a Systems Engineer in Cyber Security companies like Fortinet, Palo Alto Networks, and SecureWorks (acquired by Sophos). Dave continues to help customers with cutting-edge technologies to safeguard organizations from evolving threats.

Session
Autonomous SecOps with Palo Alto Networks Cortex XSIAM

Time
September 11 @ 2:10pm in Serenity Room

Abstract
This session explores Autonomous SecOps in 2025. Beginning with the evolution and challenges of SecOps over the years, this session discusses how Palo Alto’s Cortex XSIAM answers the call of modern security needs in new and novel ways.

Manuel Zurita
Manager, Systems Engineering, Cortex (SecOps) @ Palo Alto Networks

Manny is an Information Technology (IT) practitioner with over 20 years across many disciplines in the government, private and public sectors but have gravitated toward and devoted himself to the security field.  Throughout his career he has achieved several certifications for Palo Alto, Cisco, Fortinet, CompTIA and ISC2 (CCNP-RS, CCNP-Sec, NSE1-4, Security +, PCNSE, and CISSP).  Currently he is fulfilling a Management role for System Engineers in the Central Region for the world’s largest Cyber Security Firm; Palo Alto Networks. Formally, he has attained a B.S.C.S. and M.S.I.T.M. through Trident University and currently teaches various cyber security courses as an Adjunct Professor at St. Louis University. Personally, he is a father of 2 and a husband of 25 years, and enjoys serving in his local church, playing chess, and skydiving during his free time.

Session
Cyber Resilience in the Age of AI: Securing Hybrid Networks with Precision

Time
September 11 @ 10:50am in Clarity Room

Abstract
As enterprises modernize with AI and hybrid cloud strategies, the threat landscape grows more complex. This keynote explores how intent-based threat detection, bot protection, and hybrid DDoS mitigation are reshaping cybersecurity. Attendees will gain insights into securing AI workloads, streamlining infrastructure performance, and reducing operational complexity through unified management and intelligent automation—empowering organizations to build resilient, adaptive networks for the future.

Paul Dragin
Sr. Systems Engineer @ A10 Networks

Paul is a networking and security professional with nearly 30 years of experience spanning roles from tier-1 support to network architect. Over the course of his career, he has built a reputation for bridging the gap between highly technical teams and business leaders, ensuring that complex solutions translate into real-world value. With deep expertise in modern infrastructure, security, and application delivery, Paul brings both hands-on technical knowledge and strategic perspective to every engagement.

Session
LASIK for Security

Time
September 11 @ 1:30pm in Inspire Room

Abstract
The modern attack surface has expanded beyond the traditional perimeter to include IoT devices, remote work, and cloud services, making the network edge a prime target. Traditional SIEM + EDR security falls short because it lacks comprehensive network visibility. This creates a critical blind spot, allowing attackers to bypass endpoint solutions and move laterally undetected. To effectively combat these threats, security leaders must augment their stack with deep, pervasive network visibility, making Network Detection and Response (NDR) a new security imperative.

Pete Revel
Sr. Engineering Channel Leader @ Corelight

Pete Revel brings over 25 years of expertise in information security and cyber counterintelligence tradecraft. Over the course of his career, he has driven transformative growth and innovation across the cybersecurity landscape. Notably, he helped scale the first NDR solution (APT & DFIR) to record-breaking success in 2009, spearheaded the rise of an early-stage EDR/EPP platform in 2015 that reshaped the market within three years, and advised Fortune 500 enterprises while cultivating critical relationships in cyber and information security.

His career spans a wide range of leadership roles including solutions engineer, worldwide technical leader for strategic alliances, senior director of threat and competitive intelligence, and sales director within both emerging startups and global, multi-billion-dollar organizations.

Pete currently serves as Senior Engineering Channel Leader at Corelight, where he continues to advance the adoption of network detection and response technologies while empowering partners to succeed in a rapidly evolving threat landscape.

Session
Revolutionizing the CISO’s Role in Driving Business Value

Time
September 11 @ 1:30pm in Clarity Room

Abstract
Today’s CISOs are expected to go beyond protecting systems — they’re expected to drive measurable business outcomes. This session explores how modernizing secure data exchange and email data management helps organizations close gaps in zero trust, third-party risk, and AI data protection, all while staying ahead of evolving compliance requirements.

By turning compliance into a catalyst for efficiency, companies can streamline operations, reduce risk, and create greater agility across the enterprise. Learn how aligning security modernization with strategic business priorities transforms cybersecurity from a cost center into a trusted driver of growth and innovation.

Craig Pfister
VP, Sales Engineering @ Kiteworks

Craig is a global security leader focused on strengthening cybersecurity, enhancing governance, and driving transparency across enterprises. With a background in financial theory, risk management, and encryption/privacy, he brings a strategic perspective that bridges complex technical challenges with clear, actionable business strategies.

Known for making security concepts accessible to both technical teams and executive leadership, Craig helps organizations navigate evolving threats, meet regulatory demands, and turn security into a business enabler.

Session
NetBrain + Security: From Visibility to Vigilance

Time
September 11 @ 1:30pm in Serenity Room

Abstract
Security teams already invest heavily in scanners, firewalls, and SIEM platforms but traditionally, those tools can only tell you what’s wrong; they can’t automate the response. NetBrain closes that gap. In this session, we’ll show how NetBrain continuously validates CVEs against the NIST database, enforces Zero Trust segmentation, and automates compliance checks using Golden Assessments. You’ll also see real-world use cases, from triaging SIEM alerts to detecting policy drift, and how NetBrain turns detection into actionable remediation. Together with SynerComm, we help customers move from visibility to vigilance.

Nigel Hickey
Senior Technical Marketing Manager @ Netbrain

Nigel Hickey is the Senior Technical Marketing Manager at NetBrain Technologies, where he leads the creation of technical content that highlights the value and innovation behind NetBrain’s network automation solutions. His work includes the development of eBooks, solution briefs, and interactive guides designed to educate and engage customers, partners, and industry thought leaders.

Session
Inside the Hunt: CrowdStrike Insights on Cyber Threats

Time
September 11 @ 10:50am in Inspire Room

Abstract
The CrowdStrike 2025 Global Threat Landscape takes a look back at 2024 so readers can gain a fuller picture of the threats they face. This presentation consists of observations from the elite CrowdStrike Counter Adversary Operations team, which combines the power of threat intelligence with the speed of dedicated threat hunting teams and trillions of telemetry events from the AI-native CrowdStrike Falcon® platform.

Mike Saviano
Sr. Sales Engineer @ Crowdstrike

With a professional journey deeply rooted in cybersecurity and technical sales, Mike’s recent years have been focused on architecting robust IT security solutions at Sirius Computer Solutions and propelling sales as a Regional Sales Engineer at CrowdStrike. At Sirius, his role involved consulting with Fortune 1000 companies on security solutions, program development, and operational enhancements that aligned with their risk management goals. Now, with CrowdStrike, he is at the forefront of addressing evolving cyber threats, leveraging state-of-the-art technologies to safeguard client interests.

• 25+ years in Information Technology
• 20 Years in Cybersecurity
• Proficient in most security and compliance domains
• Jack of all trades, Master of a few
• Passionate about Cyber Risk Reduction and Exposure Management

Session
The OWASP Business Logic Abuse Top 10

Time
September 11 @ 2:10pm in Clarity Room

Abstract
Coming soon

Tim Erlin
VP of Product & Product Marketing @ Wallarm

Tim Erlin, Wallarm’s VP of Product & Product Marketing, bringing more than 20 years of cybersecurity product management experience. He spent the early part of his career in vulnerability management, managing and leading products teams at nCircle, Tripwire and Belden. More recently, Tim led the product innovation function at SecurityScorecard. He has expertise in multiple cybersecurity markets, including vulnerability management, configuration assessment, compliance assessment, application security, cloud security, threat intelligence, and attack surface management. Tim is also an accomplished contributor to the cybersecurity community as a speaker, writer, podcast host, and frequently quoted source in the media.

Session
Risk INSIGHTS: Maximizing the Return on Security Investments

Time
September 11 @ 2:50pm in Clarity Room

Abstract
Cybersecurity risk is business risk. You are expected to maximize the business value of your cybersecurity investment. However, many security teams struggle to present value in terms the business can understand. If you are seeking strategies to enhance communication with the business and demonstrate the value of cybersecurity initiatives, this session will be of interest. Join us to explore and discuss case studies showcasing how security teams have effectively improved understanding and alignment with business objectives regarding past, current, and future cybersecurity investments.

Marc Spindt
VP of Service Delivery / Strategy Consultant @ SynerComm

Marc Spindt has 30 years of Carrier, Large Enterprise, and Service Provider technical, operational, and organizational experience. Marc has worked with SynerComm for 12 years delighting customers with IT organizational improvement and actionable strategic planning. Marc has a BS in Computer Science, an MBA, and he served in the U.S. Air Force. Marc has a long history of building and maturing technology and security services and organizations in industries including Financial Services, Defense Contracting, and Healthcare.

Session
Network INSIGHTS: Ready for the Impending Network Engineer Shortage?

Time
September 11 @ 2:50pm in Harmony Room

Abstract
Recent surveys of Chief Information Officers indicate a projected 25% decrease in network engineering staff over the next three to five years, largely due to retirements and a limited pool of qualified replacements. Reliable, high-performing networks are essential to business operations. Is your organization prepared for this shift? We invite you to join a discussion on how proactive organizations are responding, leveraging rapid assessments to better understand technical debt, and evaluating network architecture, resilience, and maintainability to ensure future readiness.

Aaron Howell
Managing Consultant – Multi-Cloud Architecture and Innovation @ SynerComm

Aaron has over 15 years of information technology (IT) experience, operating in the complete lifecycle of Information Technology. He works on projects, designing and implementing multiple solutions across various platforms, supports and improves operations, and drives effective transitions to new infrastructure and technology. Aaron is a “Full Stack” consultant experienced with Scripting & Development, Cloud (AWS and Azure) & Systems, and Network & Security.

Session
Converged Infrastructure INSIGHTS – Security and Network Coming Together

Time
September 10 @ 4:50pm in Inspire Room
September 11 @ 3:30pm in Harmony Room

Abstract
Security and Network infrastructure and operations are converging to address modern business needs: business services in multi-cloud environments, users working from anywhere, and zero trust security require new network and security approaches. Software-defined networking (e.g., SD-WAN), Secure Service Edge (SSE), and Secure Access Service Edge (SASE) solutions are growing in popularity to address these needs and are also challenging traditional network and security team roles. Join us to explore the benefits of these technologies, some common challenges, and how organizations are working through them.

Aaron Howell
Managing Consultant – Multi-Cloud Architecture and Innovation @ SynerComm

Aaron has over 15 years of information technology (IT) experience, operating in the complete lifecycle of Information Technology. He works on projects, designing and implementing multiple solutions across various platforms, supports and improves operations, and drives effective transitions to new infrastructure and technology. Aaron is a “Full Stack” consultant experienced with Scripting & Development, Cloud (AWS and Azure) & Systems, and Network & Security.

Session
Firewall INSIGHTS: Are You Maximizing the Value of Your Current Security Investments?

Time
September 11 @ 11:25am in Harmony Room

Abstract
As business needs evolve, threat landscapes shift, and security controls advance at a rapid pace, firewalls remain essential components in safeguarding organizational assets. Despite their critical role, some organizations may overlook the full potential of the investment they have made in their firewall infrastructure. Some even make redundant and unnecessary purchases, not realizing they already own a capability. This session will address how organizations are systematically realizing the maximum value from their firewall investments.

Andy Piché
Sr. Information Solutions Consultant @ SynerComm

Andy Piché has over 20 years of hands-on experience working on security, networking, data center, and cloud-based solutions. Andrew is experienced working with Palo Alto, Juniper, and Cisco equipment in enterprise, service provider, and data center environments. He has delivered solutions and supported customers in Enterprise, Carrier, Commercial and Government organizations.

Andrew has developed, operated, and supported security, networking, and application delivery solutions using a variety of products from multiple vendors. He is a Palo Alto Certified Network Security Consultant (PCNSC) since 2018 and is the lead in firewall migrations, Best Practice Assessments, and training. He has developed and supported solutions ranging from implementing network security and segmentation to server/system virtualization solutions, support for application load balancing and network segmentations via the F5 solution extend Andrew’s experience beyond traditional firewall skill sets. As a Senior Information Solutions Consultant for SynerComm, Andrew has the background, experience, and customer-focus to treat each customer as though they are SynerComm’s only customer.

Session
Production Deployment INSIGHTS: Making your next network configuration production change a non-event

Time
September 10 @ 4:50pm in Prosperity Room

Abstract
Development, Test, Non-Production, UAT, and Production environments are standard in DevOps and application workflows. However, replicating these multiple environments within network infrastructures is seldom practical due to the significant costs and complexities involved. As a result, organizations often rely on extended maintenance windows and may face repeated rollbacks of network changes when issues arise. Advances in technology now enable the testing and validation of production network changes prior to implementation, significantly increasing the likelihood of successful updates. Many organizations have adopted such practices with notable results. We invite you to join our discussion on effective strategies for optimizing network change management.

Andy Piché
Sr. Information Solutions Consultant @ SynerComm

Andy Piché has over 20 years of hands-on experience working on security, networking, data center, and cloud-based solutions. Andrew is experienced working with Palo Alto, Juniper, and Cisco equipment in enterprise, service provider, and data center environments. He has delivered solutions and supported customers in Enterprise, Carrier, Commercial and Government organizations.

Andrew has developed, operated, and supported security, networking, and application delivery solutions using a variety of products from multiple vendors. He is a Palo Alto Certified Network Security Consultant (PCNSC) since 2018 and is the lead in firewall migrations, Best Practice Assessments, and training. He has developed and supported solutions ranging from implementing network security and segmentation to server/system virtualization solutions, support for application load balancing and network segmentations via the F5 solution extend Andrew’s experience beyond traditional firewall skill sets. As a Senior Information Solutions Consultant for SynerComm, Andrew has the background, experience, and customer-focus to treat each customer as though they are SynerComm’s only customer.

Session
DNS Security INSIGHTS: Everything Relies on DNS, Every Bad Actor Seeks to Exploit It

Time
September 10 @ 4:10pm in Clarity Room

Abstract
Tunneling, spoofing, cache poisoning, DGA domains, fast flux, and distributed denial-of-service (DDOS) attacks are just some of the threats facing the Domain Name System (DNS), which is a critical component of modern infrastructure and a frequent target for cyberattacks. Despite its importance, DNS-related risks are often not fully understood and remain only partially mitigated by current security measures. In this session, we will examine the specific risks that DNS vulnerabilities pose to your business and provide examples of how other organizations have effectively addressed these challenges.

Lisa Niles, CISSP
Chief Solution Architect @ SynerComm

Lisa Niles has over 30 years of experience working in security and networking. Lisa’s specialization is understanding the customers business needs and mapping to the correct security controls.

Lisa experience provides for vast knowledge in many different network environments. The ability to understand business and technical needs and map to various different vendor solutions to achieve desired results. Lisa helps customers understand and improve their network security and implement Industry Best Practice Security Controls Frameworks such as CIS, NIST, PCI DSS, ISO. The ability to help customers integrate and navigate to Frameworks help customers mature, measure and validate their security environment.

Session
Operational INSIGHTS – Automate Your Converging Network and Security Operations; Align to Business Intentions

Time
September 11 @ 3:30pm in Clarity Room

Abstract
Network and security infrastructure evolve over time and across different management teams as organizations respond to changing business requirements. This evolution can lead to substantial and operationally complex network and security debt. Can legacy infrastructure solutions effectively address future challenges and resolve this accumulated debt? Here, we will examine specific cases and explore how certain organizations have strategically addressed both technical and security debt by updating their infrastructure to enhance manageability and better align with organizational objectives.

Nate Ressel
Managing Consultant @ SynerComm

Workshop
Off the Grid and On the Mesh: Hands On with Meshtastic and Decentralized Communications

Time
September 11 @ 12:00pm in Harmony Room

Abstract
In this workshop, participants will build, flash, and configure their own Meshtastic devices using ESP32 and LoRa hardware. Meshtastic is an open-source project that enables long range, off grid communication through encrypted mesh networks, making it ideal for field operations, emergencies, or tactical scenarios where cellular and Wi Fi are unavailable or untrusted. We will explore how the technology works, including Bluetooth and Wi Fi pairing, GPS tracking, message routing, and device configuration. Participants will leave with a working device and the knowledge to build and extend their own decentralized mesh networks. Along the way, we will also discuss the real-world use cases and security considerations for this type of low power communication infrastructure.

Space is limited: contact [email protected] to reserve your spot today!

Ryan Zagrodnik
Sr. Information Assurance Consultant @ SynerComm

Ryan brings over eighteen years of red and blue team experience. Ryan started his career in 2007 as a System Administrator for a large health insurance corporation. Ryan earned his CISSP in 2011 and has been working in offensive security ever since. Prior to starting at SynerComm, Ryan spent three years on an internal red team for a Fortune 1000. Ryan also spent several years working in offensive and defensive security roles for the U.S. Department of Defense and Department of Education contractors.

Ryan has a broad and diverse security background with a specialization in web application testing. His multiple security roles have allowed him to pick up Network, Development, and Systems Administration capabilities. Ryan has worked with Development teams to deploy security solutions that integrate with their CICD pipelines.

Ryan also has experience deploying, customizing, and maintaining enterprise-level security tools such as Splunk, PaloAlto, CrowdStrike, FireEye, Snort, and Nessus. Ryan also has a strong background in intrusion detection and development of custom IDS rules.

Session
The AI Attack Surface – What Every Security Team Should Be Testing

Time
September 11 @ 11:25am in Clarity Room

Abstract
AI-powered apps bring new risks that traditional security testing often misses. This session reveals how glue code, APIs, plugins, and wrappers around LLMs create attack surfaces for prompt injection and over-permissive actions. Learn how penetration testers—and attackers—use AI to speed exploit development and reconnaissance, and why point-in-time reviews fall short. Whether building or defending AI, you’ll leave knowing what to test, where to start, and how to stay ahead.

Ryan Zagrodnik
Sr. Information Assurance Consultant @ SynerComm

Ryan brings over eighteen years of red and blue team experience. Ryan started his career in 2007 as a System Administrator for a large health insurance corporation. Ryan earned his CISSP in 2011 and has been working in offensive security ever since. Prior to starting at SynerComm, Ryan spent three years on an internal red team for a Fortune 1000. Ryan also spent several years working in offensive and defensive security roles for the U.S. Department of Defense and Department of Education contractors.

Ryan has a broad and diverse security background with a specialization in web application testing. His multiple security roles have allowed him to pick up Network, Development, and Systems Administration capabilities. Ryan has worked with Development teams to deploy security solutions that integrate with their CICD pipelines.

Ryan also has experience deploying, customizing, and maintaining enterprise-level security tools such as Splunk, PaloAlto, CrowdStrike, FireEye, Snort, and Nessus. Ryan also has a strong background in intrusion detection and development of custom IDS rules.

Session
From the Parking Lot to the Cloud: How We Find Your Weak Spots

Time
September 10 @ 4:10pm in Inspire Room
September 11 @ 11:25am in Serenity Room

Abstract
This session is my shameless plug for SynerComm’s world-class security services. Cybersecurity gaps exist everywhere, from your parking lot to your cloud, and attackers know it. We will tour SynerComm’s AssureIT offerings, including penetration testing and Continuous Penetration Testing powered by our CASM platform for year-round protection. Topics include adversary simulations, red team operations, application and wireless assessments, physical security testing, and Microsoft 365 and Entra ID reviews. We will also cover compliance assessments aligned to NIST, ISO, GLBA, HIPAA, PCI, and CIS. Learn how we help organizations uncover weaknesses and strengthen defenses.

Brian Judd, CISSP, CISA, CRISC
VP Information Assurance @ SynerComm

With three decades of immersion in the cybersecurity realm, Brian’s journey has been marked by a steadfast commitment to enhancing information security. Leading the AssureIT division at SynerComm, Inc, his team excels in delivering top-tier security audits, risk assessments, and penetration testing services.

Session
Setting the Table

Time
September 10 @ 4:10pm in Prosperity Room

Abstract
In this interactive session, we will explore how the efforts of incident response, disaster recovery, and business continuity are all merging to provide what the business is really after: resilience. Utilizing tabletop exercises to unite these areas is similar to a conductor bringing together the musical families that comprise a symphony. Participants will be involved in a discussion of how tabletops should be designed for all phases of an organization’s maturity; from those that have never performed a tabletop, to those that have been doing them for years, and will go through the building and execution of a sample tabletop exercise together.

Jeffrey Lemmermann, CPA, CITP, CISA, CEH
Sr. Information Assurance Consultant @ SynerComm

Jeff has more than 30 years of business experience, and is currently an information assurance consultant for SynerComm, a cybersecurity services and network engineering company in Brookfield, WI. Prior to joining SynerComm, he was the CIO and CFO for Precision Plus for 5 ½ years, and the Wisconsin Practice Manager for Risk Services at CliftonLarsonAllen, where he worked for over 21 years. His specialties include assisting businesses with assessing and auditing information systems, the performance of HIPAA, GLBA & SOC related engagements, PCI compliance consulting, and general information system security.

Session
Policy vs. Practice: How Strong Password Policies Lead to Weak Passwords

Time
September 11 @ 2:50pm in Serenity Room

Abstract
Password policies often focus on technical requirements; a minimum length, complexity, and aging. However, organizations continue to experience credential based breaches. SynerComm’s Information Assurance Consultant examines the gaps between policy implementation and real user behavior. Through real-world examples and SynerComm’s own research we’ll uncover how users meet the organization policy with weak passwords, how attackers find them, and how organizations can better defend themselves.

Alex Philiotis
Information Assurance Consultant @ SynerComm

Alex brings 5 years of consulting experience and just shy of three years of penetration testing experience. Alex started his career working in business consulting in 2019 shortly before receiving his bachelors from Loyola University Chicago. While working, Alex began pursuing offensive and information security as a passion on the side.

After leaving the business consulting world to further pursue offensive security, Alex earned his OSCP in early 2022, followed by his OSWP and OSWA in quick succession.

In his early career, Alex has built a broad and diverse set of security skills with a focus on external penetration testing. His certifications and education have provided him with a strong background in networking and web application assessments.

Session
The Annual Physical

Time
September 11 @ 3:30pm in Prosperity Room

Abstract
This presentation will provide insight into how physical penetration tests are scoped, planned, and executed by SynerComm and why they should be a regular part of your security assessments.

Chad Finkenbiner
Information Assurance Consultant @ SynerComm

Chad Finkenbiner has over 15 years of experience in information technology and security. Before joining the team at SynerComm, Chad worked in the healthcare industry supporting medical imaging and voice dictation systems across the country. He also served as a Data Network Specialist in the United States Marine Corps. Chad is skilled in both audit and penetration testing from his home near Louisville, Kentucky. When he isn’t consulting, Chad serves as a professional development mentor, guest speaker, as well as an elected official on his local city council.

As an Information Assurance Consultant with SynerComm, Chad performs network penetration tests, wireless penetration tests, physical penetration tests, risk and vulnerability assessments, information security policy development, and security awareness training. Chad leverages his background to discover security flaws and effectively report and consult on their mitigation.

Session
Building Secure Software With AI Agents

Time
September 10 @ 4:50pm in Clarity Room

Abstract
This presentation will provide insight into how physical penetration tests are scoped, planned, and executed by SynerComm and why they should be a regular part of your security assessments.

Bill Kiley
Software Architect @ SynerComm

Bill has been designing and developing web applications for over 10 years. He leads the software team at SynerComm in building the Continuous Penetration Testing app and consults on software security. With a deep interest in data modeling, Bill enjoys solving problems with automation and building secure-by-design applications.