Cybersecurity Conference 2025

Date and Time

The conference will be held on October 30, 2025 from 8:30 am to 12:30 pm.

Add this event to your calendar using the Add to Calendar link at the bottom of the page.

Virtual Event

The conference will be held using Zoom.

Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.

Pricing

The fee for GWDC Members is $10 for the conference.
The fee for all other registrants is $30 for the conference.

To become a member and take advantage of the member rate for our events, among other benefits, join ISACA and select the Greater Washington D.C. Chapter as your local chapter.

Event Policies

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details.

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services.
All complaints should be submitted through the Registration Contact Form.

The Digital Butterfly Effect: From the Dry Cleaners to the D.I.B.

Presenter: Kurtis Minder (GroupSense)

A poignant and tangible look at why every cyber incident is meaningful. This talk provides a detailed examination of how cyber attacks are carried out and how even seemingly benign incidents can have a negative impact on national security.

Post-Quantum Cryptography: Fuel for Cryptographic Posture Management (Panel Discussion)

Host: Dorin Munteanu (InfoSec Global); Panelists: Dr. Vladimir Soukharev (InfoSec Global) and Ted Shorter (Keyfactor)

Cryptography is at the heart of digital trust and, therefore, at the heart of digital business. Organizations must recognize that cryptography is now critical infrastructure – infrastructure that must be measured and managed by multifaceted physical and virtual teams. Modern organizations need to identify their cryptographic assets and evaluate whether they are cryptographically secure, compliant, adhere to best practices, and are appropriately used.

Join us to explore how a cryptographic inventory serves as both an immediate security enhancement and a strategic foundation for quantum-resistant infrastructure.

Securing Gen AI RAG Data using Azure AI Search

Presenter: Eric Johnson (Puma Security, SANS)

Large Language Models (LLMs) and Generative AI have inherent limitations, such as outdated knowledge, lack of private data access, and the potential for hallucinations. In this session, we will introduce a strategy for overcoming these challenges: Retrieval-Augmented Generation (RAG). Attendees will see how a GenAI RAG application can provide access to real-time, private data stored in an external knowledge base without needing to fine-tune the base LLM model.

With an understanding of the GenAI RAG application, we will explore an example cloud infrastructure hosting the application using Azure AI Search, Azure Storage, and Azure Container Apps. The cloud architecture review will uncover new attack vectors and cloud security misconfigurations that can unintentionally leak RAG data to an attacker. Attendees will see how these vulnerabilities can be used to gain unauthorized access to AI data. Then, we will look at the cloud security controls needed to authorize access to the RAG data. Attendees will walk away with an understanding of GenAI RAG applications, the underlying cloud infrastructure powering these AI systems, and the security controls needed to protect sensitive RAG data.

Learning Objectives:

• Review GenAI RAG application architecture
• Identify misconfigurations in GenAI RAG cloud infrastructure
• Learn GenAI RAG cloud security controls

This webcast supports content and knowledge from SEC510: Cloud Security Engineering and Controls.

Your AI is vulnerable & you don’t even know it – Red Team Testing AI

Presenter: Tyler Wrightson (Leet Cyber Security)

Hackers aren’t just exploiting code anymore, they’re weaponizing the very AI systems designed to help your organization. The exploits are beyond easy, even absurd at times, and available to even non-technical adversaries. In this eye-opening session, discover how attackers are exploiting AI chatbots and AI Systems and get a better grasp on what organizations should be doing to secure their systems.

Kurtis Minder
CEO and Co-Founder @ GroupSense

Kurtis Minder is the CEO and co-founder of GroupSense, a leading provider of digital risk solutions. He built a robust cyber reconnaissance operation that protects some of the world’s largest enterprises and government organizations.

Kurtis is a recognized expert in ransomware negotiation, having served as the lead negotiator in some of the largest ransomware, breach, and data extortion cases globally. His experiences and insights are captured in his book, Cyber Recon, which explores the high-stakes world of cyber threat actor engagement and ransomware response.

He holds a FEMA certification in Critical Infrastructure Protection and actively contributes to public good projects. He is a key contributor to RAPIDS, a regional initiative based in Grand Junction, Colorado, focused on measuring and managing the health of the Colorado River through innovative technology and data collaboration. Kurtis’ book “Cyber Recon: My Live in Cyber Espionage and Ransomware Negotiation” (Wiley 2025) is an expose’ on the private cyber espionage industry and the economic impact of cyber attacks to the US economy.

Kurtis’s work has been featured in major media outlets including The New Yorker, Fortune, VICE, WIRED, CNN, Good Morning America, and many others.

Dorin Munteanu
Strategic Advisor @ InfoSec Global (a Keyfactor Company)

Dorin Munteanu serves as Strategic Advisor to InfoSec Global, a Keyfactor company and Fellow at the Future Government Institute.

He is co-founder of the Robotic Process Automation (RPA) Initiative, Community Director of the Virginia Academic RPA Community of Practice and senior advisor at the Center for Business Civic Engagement at the George Mason University, in Arlington, VA.

Dorin also serves as the President of the Romanian-American Chamber of Commerce, in Washington, D.C., where he founded and is co-chairing the DC Cyber Task Force between the U.S. and Romania.

Dorin is an Advisory Council member at the Krach Institute for Tech Diplomacy at Purdue University. He is an Advisory Board Member to the US-Bulgarian Chamber in America and to the AlphaTech Group, an initiative designed to engage with promising CEOs of emerging growth companies within the cybersecurity, big data and analytics industries. Additionally, Dorin is a member of the Black Sea Working Group (BSWG) at the Center for European Policy Analysis (CEPA).

He previously served as a Managing Partner at uRADMonitor network, an automated Internet of Things (IoT) and Big Data solution.

Before, Dorin has been a Research Associate and Assistant Program Coordinator of the U.S.-Romania Initiative at The Center for European Policy Analysis (CEPA) and Researcher at TD International, both organizations based in Washington, D.C.. Dorin holds degrees from Babeș-Bolyai University of Cluj-Napoca, Romania, and the School of International Service at American University. He is fluent in Romanian, Spanish, Italian, and Hungarian, and proficient in French.

Dr. Vladimir Soukharev
VP of Cryptographic R&D @ InfoSec Global (a Keyfactor Company)

Dr. Vladimir Soukharev is VP of Cryptographic R&D at InfoSec Global. He is focused on cryptographic research and development and is inspired by continuous innovation. Vladimir obtained his Ph.D. from the University of Waterloo’s David R. Cheriton School of Computer Science, specializing in cryptography, security and privacy under the supervision of David Jao. He was part of the Centre for Applied Cryptographic Research, CryptoWorks21 and has contributed and published works at world-renowned conferences and in journals, such as PQCrypto, Financial Cryptography and the Journal of Mathematical Cryptology. Since completing his formal studies in 2016, he has dedicated his work life to advancing the knowledge and application of cutting-edge cryptography and cyber security technologies to protect vital information and communications in complex, highly regulated environments. Vladimir is leading and managing the cryptographic R&D at InfoSec Global, with main focus on Post-Quantum Cryptography, Cryptographic Agility, and Cryptographic Discovery & Analytics. He is also contributing to and is part of government initiatives and standards related to PQC and cryptographic migration, which include NCCoE, NIST, and Quantum-Safe Canada.

Ted Shorter
Chief Technology Officer and Co-Founder @ Keyfactor
CISSP

Ted Shorter is the Chief Technology Officer and co-founder at Keyfactor. Responsible for Keyfactor’s Intellectual Property development efforts, Ted helps align Keyfactor’s focus with the changing security landscape, ensuring our clients understand the importance of crypto-agility.

Ted has worked in the security arena for over 30 years, in the fields of cryptography, Public Key Infrastructure, authentication and authorization, and software vulnerability analysis. His past experience includes 10 years at the National Security Agency, a master’s degree in computer science from The Johns Hopkins University, and an active CISSP certification.

Eric Johnson
Co-Founder and Principal Security Engineer @ Puma Security
Fellow @ the SANS Institute

Eric is a Co-Founder and Principal Security Engineer at Puma Security and a fellow at the SANS Institute. His experience includes cloud security assessments, public cloud architecture, Kubernetes and cloud native hardening, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Additionally, Eric is a member of the IANS Faculty and an AWS Community Builder. Eric is the lead author and an instructor for SEC540: Cloud Native Security and DevSecOps Automation and a co-author and instructor for both SEC549: Cloud Security Architecture, and SEC510: Cloud Security Engineering and Controls.

Tyler Wrightson
Founder @ Leet Cyber Security

Tyler Wrightson is the author of two books published by McGraw Hill; Advanced Persistent Threat Hacking, The Art and Science of Hacking Any Organization (2014); Wireless Network Security: A Beginner’s Guide (2012).

Tyler is the founder of Leet Cyber Security, which exists to fundamentally change the way organizations build their cyber security programs based on three principles: Threat Centric Wisdom, Pragmatism and The Context of their business.

Leet focuses on offensive security services such as Penetration Testing and Red Teaming to secure organizations against real world attackers. Tyler has over twenty years of experience in the cybersecurity field across many industries including healthcare and financial services with extensive experience in many areas of technical security including networking, systems architecture, offensive security and penetration testing. Tyler holds industry certifications such CISSP, CCSP, CCNA, CCDA, and MCSE. Tyler has also taught classes for CCNA certification, hacking and penetration testing, wireless security, and network security. Tyler is the founder of ANYCon, Albany New York’s Annual Hacker conference. He has been a frequent speaker at industry conferences including NY Bankers Association (NYBA), NYS CyberSecurity Conference, Derbycon, BSides, Rochester Security Summit, ISACA, ISSA, and others. Follow his security blog at blog.leetsys.com.

Poll Questions

Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls.

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

Learning Objective

After attending this event, attendees will learn about current and future trends in the cybersecurity space.

CPE-Related Details

• Prerequisites: None
• Advance Preparation: None
• Program Knowledge Level: Basic
• Delivery Method:  Group Internet Based
• Field of Study:  Information Technology – Technical