Steve Stasiukonis
10:00 am - 10:50 am
AI made breaking into a secure data center a lot less like "Mission: Impossible" and more like "Mission: Improbably Easy." We used an AI tool to gather public information (OSINT) from all over the internet. When sensitive information is entered into AI systems—especially public or third-party platforms—it stops being just your private data and quietly becomes shared or "cooperatively private" data. My session will step you through the scenario of how this intelligence was used to compromise a highly secure facility. The session is informative while also carries a lot of humor.
Steve serves as President of Secure Network Technologies, focusing on Penetration Testing, Information Security Risk Assessments, Incident Response, Digital Forensic Investigations and Training. He has worked in the field of Information Security for over 28 years, as a part of that experience, Steve is an expert in Social Engineering methodologies and strategy. He also serves as a columnist for Information Week magazine and DarkReading.com
David Santeramo
11:00 am - 11:50 am
Artificial Intelligence (AI) is rapidly transforming industries and societies worldwide, offering unprecedented opportunities and benefits. However, the deployment of AI systems also introduces significant security risks and challenges. This presentation will delve into the critical aspects of AI security, with a particular emphasis on risk management and governance frameworks. We will explore the types of risks associated with AI, including breaches, adversarial attacks, and compliance challenges. The discussion will cover the potential vulnerabilities in AI systems and the impact these risks can have on organizational operations and trust.
David Santeramo, Network and Security Leader for Pellera Technologies, combines more than two decades of security expertise and risk management securing some of the world’s most critical infrastructures. From technical research to building and implementing enterprise security programs, David has a track record of success with a wide variety of organizations. David is an active contributor in the security community and participates in a variety of industry groups. David has earned a number of vendor security certifications as well as holding the CISSP, CISA and CGEIT credentials.
Bruce Cheney
1:00 pm - 1:50 pm
Cybercriminals aren’t just using ransomware—they’re running extortion campaigns, leaking data on the dark web, and adapting faster than ever. With losses exceeding $16.6 billion in 2024, the stakes are higher than ever for security teams. In this technical session, Bruce Cheney, Sr. Engineer at Arctic Wolf, dives deep into how today’s most dangerous threat actors operate. He’ll analyze real-world data leaks, dissect extortion tactics, and walk through the dark web ecosystems where stolen data is traded. Expect real-world insights, examples of leaked data, and a no-jargon framework to guide strategic cybersecurity decisions. This talk is designed to sharpen your understanding of Risk and strengthen your response.
Bruce Cheney is a seasoned cybersecurity expert with over 25 years of experience in IT and security. He is known for translating complex cyber threats into practical, real-world insight, helping organizations understand and mitigate risks such as ransomware, data leaks, extortion campaigns, and emerging threats from the dark web. Bruce has deep technical expertise across the full technology stack (Layers 1–7) and is skilled at bridging the gap between technical teams and executive leadership. He excels in identifying security gaps and clearly articulating the steps needed to close them. Bruce has a proven track record in designing, deploying, and securing enterprise technologies. His passion lies in operationalizing cybersecurity—ensuring that defenses are not only implemented but also maintained through effective training and knowledge transfer. Whether consulting, mentoring, or speaking, Bruce brings clarity and actionable solutions to today’s most pressing cyber risks.
Sherwyn Moodley & James Hasewinkle
2:00 pm - 2:50 pm
The information security field focuses on preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information. This is accomplished by securing assets and people, using frameworks and methodologies such as the CIS top 18 and NIST. Hacking a Business Process requires hacking these assets or people first, but the business process still needs to be secured. Financial Processes such as Purchase Order process, HR processes such as employee termination pose a great risk to any organization because if the process is manipulated sufficiently any theft rising from it becomes much harder to identify.
Sherwyn Moodley is the Director of Offensive Security at Zyston. Before joining Zyston, Sherwyn founded Exocet Security, a cybersecurity consultancy aimed at helping startups gain cybersecurity maturity. He has also participated in security research programs and has received accolades from Sony, the Royal Bank of Scotland, Redhat, and the US DoD. Before Cybersecurity, Sherwyn started as a Network Engineer working on large LAN projects for Dimension Data and Vodacom.