UPCOMING EVENTS
Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois
Strategies for reducing risk to the enterprise.
October 7, 2025
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference attendees will learn:
- Designing a Resilient Enterprise Risk Management Strategy: The Boardroom to the Firewall
- Quantifying Cyber Risk: Turning Security into Business Intelligence
- Building a Threat-Informed Defense: Leveraging Threat Intel and MITRE ATT&CK
- Third-Party Risk and Software Supply Chain Attacks: Mitigating the Invisible Threat
- Insider Risk & Data Governance: Balancing Trust and Oversight
- AI, Automation & InfoSec: A New Attack Surface or a Strategic Advantage?
- CISO Panel – Modernizing Risk & Security Leadership for the Next Five Years
CONFERENCE AGENDA
8:00am – 9:00am: Registration and Continental Breakfast
9:00am – 9:50am: Designing a Resilient Enterprise Risk Management Strategy: The Boardroom to the Firewall
Randy Herold, Global CISO, Manpower
As cyber threats escalate and regulatory expectations grow, enterprise risk leaders must bridge business context with IT security measures. This session will outline a modern ERM framework integrating business continuity, data protection, and threat intelligence. Learn how to align your InfoSec and risk posture with board-level risk appetite and governance.
Herold
9:50am – 10:20am Refreshment & Exhibit Break
10:20am – 11:10am: Quantifying Cyber Risk: Turning Security into Business Intelligence
Cyber risk is no longer just an IT concern—it’s a business metric. This session will explore how organizations are adopting quantitative risk analysis (QRA), cyber risk modeling, and FAIR methodology to prioritize controls, drive executive conversations, and justify InfoSec investments.
11:10am – 12:00pm: The Convergence of Networking and Security: A Risk Management Perspective
David Henning, Director of Cybersecurity Services, Hughes
As digital infrastructure becomes increasingly complex and interconnected, the traditional boundaries between networking and security are dissolving. This talk explores the foundational principles of security—defining risk, the core triad of confidentiality, integrity, and availability—and how these principles underpin every secure system. We’ll examine the critical role of identity in modern architectures and trace the historical evolution of networking alongside the reactive development of security controls. With this context, the session will delve into the challenges of implementing a true Zero Trust model in today’s dynamic environments, where perimeter-based defenses are no longer sufficient. Finally, we’ll explore how the advent of 5G technology exemplifies the convergence of networking and security, enabling orchestration, automation, and policy enforcement at unprecedented scale and speed. Attendees will leave with a deeper understanding of how integrated approaches are shaping the future of secure, resilient networks.
Henning
12:00pm – 12:45pm: Lunch & Exhibit Break
12:45pm – 1:35pm: How Not to Get Hacked…Ransomware Lessons from the Attacker Who Got Paid $4 Million — and the Risk Reduction Advice He Left Behind
Jeremy Moskowitz, Vice President, Product Management, Netwrix
What happens after the ransom is paid? In one high-profile breach, the ransomware attacker didn’t just walk away with $4 million — he also left the victim with a chilling list of security risks and recommendations that every organization should take seriously.
In this eye-opening session, Jeremy Moskowitz — 20-time former Microsoft MVP and CTO of Endpoint Products at Netwrix — takes you inside that post-breach conversation. You’ll learn what the attacker recommended, what it reveals about modern endpoint risk, and why risk reduction must be operationalized before you’re the one negotiating over Bitcoin amounts.
Join Jeremy for a hard, unfiltered look at how ransomware attackers assess and exploit risk, what security blind spots they love most, and where organizations routinely leave themselves exposed. You’ll leave with actionable takeaways for reducing your attack surface, including:
- How attackers bypass traditional defenses with low-effort, high-reward tactics
- The most overlooked endpoint, identity, and operational risks
- How certain habits either escalate or contain damage during an incident
- High-impact, but easy to implement ways to close security gaps and mitigate exposure — fast
If you’ve ever said, “That wouldn’t happen to us,” this session will reset your risk mindset.
Moskowitz
1:35pm – 2:05pm: Refreshment & Exhibit Break
2:05pm – 2:55pm Go Hack Yourself: More War Stories from over 150,000 Pentests
Jake Mickley, Senior Solutions Architect, Horizon3.ai
Join Jake Mickley, Senior Solutions Architect at Horizon3.ai, for an engaging session on “Offense-Driven Defense.” Jake will challenge conventional risk assessment practices and unveil how focusing on real-world exploitability and impact can revolutionize your security approach. Drawing from insights gathered across more than 150,000 autonomous pentests, he’ll share compelling stories and actionable lessons that show how viewing your cyber terrain through an attacker’s lens can uncover hidden vulnerabilities, optimize resource allocation, and strengthen your defenses against advanced threats. Don’t miss this opportunity to learn from a leading industry practitioner on why it’s time to “go hack yourself” and build resilience in today’s borderless threat environment.
Mickley
2:55pm – 3:45pm: AppSec In The Age of AI: Scaling The Scan And Fix
Matt Bartley, GTM Architect (Emerging Technologies), Snyk
Bartley
3:45pm – 4:50pm: Communicating Cyber Risk to the Board (Panel Discussion)
Moderator: Bill Beattie, Strategics, North Central, Axonius
Panelists will include:
- Michael Boucher, Executive Director, Global Information Security, Jones Lang Lasalle
- Derek Milroy, Network Security Architect, Gallagher
- Randy Herold, Global CISO, Manpower
- Additional CISOs/Information Security Leaders sharing experiences and lessons learned
Boards of directors are increasingly aware that cyber risk is business risk. Yet, CISOs often struggle to translate technical threats into business terms that resonate with directors. This panel will explore practical approaches for CISOs to effectively communicate risk, align with business objectives, and foster board-level engagement in cybersecurity strategy.
In this session attendees will learn how CISOs and InfoSec executives are articulating the following:
1. Framing Cybersecurity as Business Risk
2. What the Board Really Wants to Hear
3. Building a Narrative
4. Balancing Transparency and Confidence
5. Strengthening Board–CISO Relationships
Beattie Boucher Milroy Herold
Conference Price: $349.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.