Cybersecurity Conference

Securing the Road Ahead: NIST Cybersecurity Framework 2.0

Presenter: Cherilyn Pascoe (NIST)

Back in February, the National Institute of Standards and Technology (NIST) published the Cybersecurity Framework (CSF) 2.0—the first major update to its landmark cybersecurity guidance since 2014. Join NIST’s National Cybersecurity Center of Excellence (NCCoE) Director and CSF Lead Cherilyn Pascoe for this presentation to learn about the key updates to CSF 2.0, including a new suite of implementation tools and resources to address specific organizational needs, and how you can engage with NIST.

Ignore Cybersecurity in Your Third-Party Ecosystem at Your Own Peril

Presenter: Jeffrey Wheatman (Black Kite)

Historically, and even as recently as less than a decade ago, third-party risk management was about this: if legal and finance said OK, we were good to go. But no more! What would happen to your organization if a critical partner got slammed with the latest ransomware and were down for a week, a month, or forever. What would be the impact on your company? Real time, continuous visibility into cybersecurity posture within your ecosystem is no longer a “nice to have”. In this presentation we will explore:

• Are questionnaires enough? (SPOILER ALERT: No)
• How can we shift focus to resilience in our full ecosystem
• Best practices in integrating cybersecurity risk into the process of managing your partners

Back to Basics: The Indispensable Role of Cybersecurity Fundamentals in a Complex World

Presenter: Rich Greene (SANS Institute)

In today’s fast-paced digital landscape, it’s easy to be swept up in the allure of cutting-edge technologies and advanced security measures. However, amidst the rush towards innovation, the core principles of cybersecurity—the fundamentals—often get overlooked. In this engaging 45-minute talk, Rich Greene, will explore why these foundational elements are more critical than ever. Drawing on real-world examples and personal experiences, Rich will illustrate how neglecting the basics can lead to significant vulnerabilities and how a solid grasp of these principles can fortify an organization’s defense strategy. Attendees will leave with a renewed appreciation for the essential building blocks of cybersecurity and practical insights on how to integrate these fundamentals into their security practices.

Navigating the Cyber Frontier: 2025 Threats and Strategies Protect Your Workforce, Assets & IP

Presenter: Juman Doleh-Alomary (BorgWarner)

In an era where cyber threats are evolving at an unprecedented pace, organizations must stay ahead of the curve to safeguard their workforce, assets, and intellectual property (IP). This presentation delves into the anticipated cyber threats of 2025, offering a comprehensive overview of emerging risks and the strategies necessary to mitigate them.

Key topics include:

• Emerging Cyber Threats: An analysis of the latest trends in cyber-attacks, including advanced persistent threats (APTs), ransomware, and insider threats.
• Protecting Your Workforce: Strategies to enhance employee awareness and training, ensuring that your first line of defense is well-prepared.
• Safeguarding Assets and IP: Best practices for securing critical assets and intellectual property, from robust encryption methods to advanced access controls.
• Innovative Defense Mechanisms: Exploration of cutting-edge technologies and methodologies, such as AI-driven security solutions and zero-trust architectures.
• Case Studies and Lessons Learned: Real-world examples of cyber incidents and the lessons they offer for future preparedness.

Join us to gain valuable insights and actionable strategies to navigate the complex cyber landscape of 2025, ensuring your organization remains resilient against the ever-evolving threats.

Cherilyn Pascoe
Director, National Cybersecurity Center of Excellence (NCCoE) @ NIST

Cherilyn Pascoe is the Director of the NIST National Cybersecurity Center of Excellence (NCCoE). She provides strategic direction and technical leadership for the NCCoE, aligns the NCCoE’s work with the industry, government, and NIST priorities, and builds relationships with key stakeholders. Prior to her role as Director of the NCCoE she served as the Senior Technology Policy Advisor, advising NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also led the NIST Cybersecurity Framework program and was a team member of the NIST AI Risk Management Framework. Prior to joining NIST in 2021, she served more than a decade in staff leadership roles on the US Senate Committee on Commerce, Science, and Transportation. Most recently, she served as Deputy Policy Director managing the Committee’s Space and Science Subcommittee, which has jurisdiction over science, technology, standards, and civil space policy.

Jeffrey Wheatman
SVP, Cyber Risk Strategist @ Black Kite

A strategic thought leader with extensive expertise in security and cyber risk management, Jeffrey Wheatman is regarded as a foremost expert in guiding public sector clients and Fortune 500 companies in connection with their cybersecurity and risk management programs. Jeffrey’s history of working with clients to plan, grow, and transform their cyber risk management programs has been instrumental in ensuring organizations’ continued viability and health as they define short- and long-term expansion plans. Under Jeffrey’s guidance, board and C-level leaders are fortified with the best practice solutions to realize exceptional performance outcomes.

In his current capacity as SVP, Cyber Risk Strategist at Black Kite, Jeffrey has been tasked with raising awareness of the enterprise-wide risk impacts of third party Cyber risk, both in the digital and traditional supply chain and supporting the strategic vision of the executive leadership team and investors.

Prior to joining Black Kite, Jeffrey acted as a VP, Advisor with Gartner, the global strategic advisory firm, where he worked with clients to build and improve their security programs, assess risk, focus on reporting on program status, metrics, performance management, stakeholder engagement, executive communication, and bridging the connection between technology and security risk. Jeffrey guided leaders in selecting frameworks to run cyber programs in compliance with regulatory requirements and expectations of auditors and partners.

Rich Greene
Senior Solutions Engineer @ SANS Institute
GFACT, GISF, GSEC, GCIA, GCIH, GPYC, GWAPT, GMOB, GPEN, GSTRT, SSAP, GDSA, GICSP, GRID, CISSP

Presently, Rich wears many hats, serving as a Senior Solutions Engineer at the prestigious SANS Institute while also steering the ship at SITH2, LLC, where he is the owner and operator. At SANS, he harnesses his extensive 20-year background in cybersecurity, intelligence, and special operations to craft tailored solutions and deliver comprehensive training to clients spanning diverse industries and sectors. Rich’s expertise is underscored by an impressive arsenal of certifications, boasting 14 GIAC certifications alongside a CISSP credential. His proficiency spans a wide spectrum of cybersecurity domains, including incident response, mobile device security, information security fundamentals, and penetration testing.

Beyond his professional endeavors, Rich is a passionate advocate for mentorship and collaboration, steadfastly committed to imparting his knowledge and skills through captivating presentations, interactive workshops, and insightful reports. His commitment to excellence is evident in his track record of consistently exceeding target goals and client expectations, consistently delivering exceptional results.

Driven by an unwavering dedication to staying ahead of the curve in the face of evolving cyber threats, Rich is perpetually engaged in the pursuit of knowledge, embracing new technologies, tools, and methodologies with fervor. His impressive array of certifications which include active GFACT, GISF, GSEC, GCIA, GCIH, GPYC, GWAPT, GMOB, GPEN, GSTRT, SSAP, GDSA, GICSP, GRID and CISSP–further solidifies his standing as a preeminent cybersecurity expert, revered within the field for his unparalleled expertise and unwavering commitment to excellence.

Juman Doleh-Alomary
Chief Information Security Officer @ BorgWarner
CISA, CISM, CRISC, CDPSE, ISO 27001

Juman Doleh-Alomary is BorgWarner’s Chief Information Security Officer and an active volunteer board member of the ISACA Detroit Chapter.  With over 15 years of experience in security, audit, investigation, compliance, and privacy policy/standards, Juman most recently held the position of Director of Cybersecurity GRC at Little Caesar’s Enterprises serving the Ilitch holdings portfolio of companies. Her prior positions include Director of IT Audit at Wayne State University and a significant tenure in IT and Risk Management at Ford Motor Company. A leader within the ISACA community, Juman has held various roles, including past president and, notably, chair of the IIA/ISACA Spring Conference, which achieved a record attendance. She is active volunteer with Michigan Council of Women in Technology (MCWT), Women Security Alliance (WomSA), and Women in Cyber (WiCys) Michigan.  An alumnus of the University of Michigan, she holds both a bachelor’s and a master’s degree, complemented by an impressive suite of certifications: CISA, CISM, CRISC, CDPSE, and ISO 27001.