Security and Risks Insights Conference 2025

Date and Time

The conference will be held on December 18, 2025 from 8:30 am to 12:30 pm.

Add this event to your calendar using the Add to Calendar link at the bottom of the page.

Virtual Event

The conference will be held using Zoom.

Prior to the event, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.

Pricing

The fee for GWDC Members is $10 for the conference.
The fee for all other registrants is $30 for the conference.

To become a member and take advantage of the member rate for our events, among other benefits, join ISACA and select the Greater Washington D.C. Chapter as your local chapter.

Event Policies

Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system by the date registration closes. Refunds vary depending on the date of cancellation and cost of the event. See ISACA GWDC Event Policies for details.

The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services.
All complaints should be submitted through the Registration Contact Form.

Unpopular Opinions in Cybersecurity: What CISOs Must Know and Do Differently in 2025

Presenter: Joshua Copeland (Crescendo)

Joshua’s signature candid style tackling myths, best practices, and actionable insights for CISOs to lead effectively in a rapidly changing cyber landscape.

A Pragmatic Approach to Security Leadership – From Vision to Investment

Presenter: Charu Bansal (ING Bank)

With the rapidly evolving threat landscape, rise in emerging technologies and increasing regulatory oversight, the role of a security leader is to enable the business and manage risk while continuously investing in proactive defense.

In this talk, I will share the fundamental pillars of our security roadmap, highlighting key initiatives and risk management priorities that shape our approach. I’ll share how we view the “business of security” in a pragmatic way and the metrics used to measure impact and success. By bridging vision and investment, this session will shed a light on how we foster a culture of security, enable sustainable growth and build trust.

It’s the end of the world as we know it (and I feel fine)

Presenter: Mike Coogan (Brinks Home)

Every year for the past 30 years, security folks have talked about how next year will change the game. And for the most part, we have been right. Threats increase, adversaries get smarter, and losses mount. Looking back on 2025, we have seen a big increase in the threat landscape, and there is no reason to believe that 2026 will get easier. That said, rather than complaining about it and stirring up angst and fear, perhaps we should look to the future with anticipation and hope. We get better every year as well and as long as we make attacks more costly for our adversaries, we make progress in the war.

Strategic Compliance Investment & ROI Optimization for Federal Contractors

Presenter: Derrich Phillips (Aspire Cyber)

CMMC 2.0 isn’t just a compliance hurdle it’s a strategic opportunity disguised as a requirement. Derrich Phillips dismantles the “checkbox mentality” plaguing CMMC implementations, revealing how smart CISOs transform mandatory compliance into competitive advantage. Drawing from his military cyber operations background and federal contractor expertise, this session provides a battlefield-tested approach to CMMC budgeting that strengthens security posture while maximizing business value.

What Participants Will Achieve:

• Master Strategic Budgeting: Develop comprehensive cost models covering assessments, technology upgrades, training, and ongoing maintenance for sustainable CMMC compliance
• Build Executive Buy-In: Learn proven techniques to present CMMC investments as business enablers that unlock federal contract opportunities and enhance market positioning
• Optimize Resource Allocation: Prioritize CMMC spending across 17 domains using risk-based frameworks that deliver maximum security impact per dollar invested
• Create Implementation Roadmaps: Walk away with actionable 2026 planning templates that integrate CMMC milestones with broader cybersecurity and business objectives
• Leverage Compliance for Growth: Transform CMMC readiness into a competitive differentiator that accelerates federal contracting opportunities and client trust

Target Audience: CISOs, Security Directors, and Finance Leaders at organizations pursuing or maintaining federal contracts, particularly those planning CMMC compliance strategies for 2026 and beyond.

Joshua Copeland
Director of Cybersecurity @ Crescendo

Joshua Copeland is a seasoned cybersecurity leader and engineer with 25 years of experience focused on cloud and on-prem security. He specializes in building and operating security stacks, SOC operations, and cybersecurity governance, risk, and compliance (GRC) processes. Joshua excels at assembling diverse teams that translate technical details into actionable business capabilities. He has managed cybersecurity teams ranging from 1 to over 100 members and led security and compliance programs across physical, personnel, and cyber domains. Since 2021, he has been known as the “Unpopular Opinion Guy” (UOG) on LinkedIn, sharing candid perspectives on hiring, mentoring, and cybersecurity topics. Joshua serves as Adjunct Faculty at Tulane University and is a member of the Louisiana State Guard. He holds expertise across cybersecurity, risk management, VPN, SIEM tools like McAfee ESM and Devo, social engineering, pen testing, DISA STIGs, and more. He previously held TS/SCI, Public Trust, and CJIS clearances.

Charu Bansal
Information Security Lead, Global Infrastructure @ ING Bank

Charu is an accomplished information security leader with over 15 years of experience spanning a variety of industries – Media and Entertainment, Technology, and most recently Financial Services. Having lived and worked in Asia, North America and Europe, she has a global mindset and is known for her strategic foresight and ability to drive organizational transformation. She has successfully implemented enterprise-wide security programs, strengthened organizational resilience against emerging cyber threats, and fostered a culture of security awareness. In her current role, she oversees the security for Global Infrastructure including cloud environments at ING bank and is based in the Netherlands.

Mike Coogan
Vice President, IT Services & Chief Information Security Officer (CISO) @ Brinks Home

Mike Coogan is a Texas cybersecurity executive and the Vice President, IT Services & Chief Information Security Officer (CISO) at Brinks Home. He joined the company in 2024, bringing more than 25 years of broad IT experience across multiple industry sectors including financial services, logistics and education. At Brinks Home, Mike Coogan oversees global network, infrastructure, cloud, database, and security operations, driving risk management, production resilience, technology innovation, and budget optimization in partnership with business and IT leaders.

A recognized community leader, Mike has served in various roles with ISSA, ISACA, Infragard, WiCyS, Gartner/Evanta, and HMG Strategy’s Houston Advisory Board, shaping the regional and national executive dialogue on security, risk, and digital transformation.

Derrich Phillips
President and Founder @ Aspire Cyber

Derrich Phillips is the President and Founder of Aspire Cyber, a consultancy dedicated to guiding organizations through complex cybersecurity compliance frameworks like CMMC, HIPAA, and ISO 27001. A U.S. Army veteran and former Cyber Network Defender, Derrich managed Top Secret communications in combat zones, bringing military-grade discipline and precision to every mission. His post-service career spans top firms including Lockheed Martin and Bank of America, where he recognized a critical need for cybersecurity support among small businesses and federal contractors. Today, through Aspire Cyber, Derrich empowers clients with clear, actionable strategies and tools, rooted in integrity, service, and leadership.

Poll Questions

Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The GWDC will not be responsible for the participant’s inability to respond to the polls.

CPE Distribution and Evaluation Survey

CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.

Learning Objective

After attending this event, attendees will learn about current and future trends in the cybersecurity and risk space.

CPE-Related Details

• Prerequisites: None
• Advance Preparation: None
• Program Knowledge Level: Basic
• Delivery Method:  Group Internet Based
• Field of Study:  Information Technology – Technical