Skip to content

UPCOMING EVENTS

Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois

Strategies for reducing risk to the enterprise.

May 28, 2026

9:00am-4:50pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

  

 

 

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Risk Mitigation Strategies – A CISO’s Guide
  • Learning from Risk Management and InfoSec Fails
  • Proactive Defense: Addressing Risks from External Threats
  • Balancing Risk and Innovation in a Cloud-First AI World
  • Adaptive Risk Management: Dealing with Punctuated Equilibrium in Cybersecurity
  • The Critical Nexus of Risk Management in Cybersecurity: A Gap in Professional Training
  • Balancing Cybersecurity Budgets with Business Needs (Panel Discussion)

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 9:50am: From Threat Models to Boardroom Decisions: Integrating Threat Modeling with Enterprise Risk Management
Derek Milroy, Sr. Security Architect, Gallagher

In today’s rapidly evolving risk landscape, organizations can no longer afford to treat technical threats and business risks as separate conversations. Cyber vulnerabilities, operational disruptions, regulatory pressures, and reputational impacts are increasingly interconnected—demanding a more unified, strategic approach to risk.

This session explores how threat modeling, traditionally rooted in security and engineering, can be elevated and integrated into enterprise risk management (ERM) to drive better decision-making at every level of the organization. By connecting granular technical insights with enterprise-wide risk frameworks, organizations can move from reactive mitigation to proactive, intelligence-driven risk management.

Attendees will gain practical perspectives on:

  • Translating threat modeling outputs into business-relevant risk insights
  • Bridging communication gaps between technical teams and executive leadership
  • Prioritizing risks based on impact, likelihood, and strategic alignment
  • Embedding continuous risk thinking into organizational culture and processes

       Milroy

9:50am – 10:20am: Sponsor & Refreshment Break

10:20am – 11:10am: Quantifying your Risk and Measuring your Cyber Program with Concrete Metrics
Riccardo Reati, General Manager, SpearTip

When was the last time you had to explain your cybersecurity approach to upper management? Do you wish it was easier to explain the technical aspects of your cyber implementation? This session will cover the ways you can analyze cybersecurity from a business perspective.

Riccardo will help you learn:

  • How to financially quantify your company’s cyber risk and exposure
  • How to calculate the return on investment for security controls
  • How to clearly measure implementations through concrete metrics

           Reati

11:10am – 12:00pm Performance Under Pressure: A Ransomware Story Told Through Competitive Dance
Josh Brant, Director – Emerging Technology & Cybersecurity Strategy, LRS

This session examines a real ransomware incident that caused a near‑total business outage for a regulated, mid‑size organization. Using an engaging competitive dance analogy, the presentation illustrates how preparation and execution under pressure determine cybersecurity outcomes. Attendees will follow the incident lifecycle—from initial compromise through lateral movement, backup failure, and data exfiltration—highlighting how common gaps such as weak credentials, misconfigured MFA, and incomplete EDR coverage enabled the attack. The focus is on response and recovery, including triage, coordination with legal and insurance stakeholders, and a phased, ransom‑free restoration. Practical, experience‑based takeaways emphasize fundamentals security leaders can apply immediately.

           Brant

12:00pm – 1:00pm: Lunch and Exhibit Break

1:00pm – 1:50pm: Automating Security Operations through a Risk Framework
Eric Hulse, Director of Research, Command Zero

SOAR was supposed to transform security operations, to reduce risk faster. For most organizations, it delivered brittle playbooks, mounting technical debt, and automation that collapsed the moment the environment changed. Teams that invested years of effort walked away with marginal gains and a healthy skepticism of vendor promises.  AI is making the same pitch, and most organizations are about to make the same mistakes.

This diagnoses exactly why SOAR underdelivered and maps those failure patterns directly onto the AI deployments happening right now. The problem was never automation itself. It was automating the wrong layer. Traditional tooling targets Layer 1 (data retrieval) while analysts drown in Layer 2 (correlation and pattern recognition), the exact layer where AI creates genuine risk reduction and measurable business impact.

Attendees will leave with a three-layer framework for right-sizing AI across the full investigation stack, real metrics from organizations that deployed it correctly, and clear guidance on avoiding the implementation traps that made SOAR a cautionary tale.

We’ll also cover what this means for security leaders personally. The professionals who drive this transformation and can translate investigation efficiency into reduced risk exposure and business outcomes don’t just build better SOCs. They become indispensable to the organizations they serve.

            Hulse

1:50pm – 2:40pm: The Enterprise Communication Layer: The Hidden Cybersecurity and Operational Risk in Plain Sight
Mayank Kamalia, Sr Director of Product Management, NetSfere/Infinite

Enterprises have heavily focused on securing infrastructure, cloud platforms, applications, and data—but the communication layer remains one of the least-governed and highest-risk areas in modern IT environments. Sensitive information is exposed every day through unmanaged messaging platforms, phishing attacks, compromised devices, and communication channels operating outside IT control, leaving organizations vulnerable to data exposure, compliance violations, regulatory penalties, and operational risk. During cyber incidents, outages, and operational disruptions, the lack of secure out-of-band communication capabilities further increases security, governance, and business continuity challenges.

This session examines why the communication layer has emerged as a critical cybersecurity and operational resilience challenge, and what security and IT leaders should consider as AI-driven threats and operational continuity requirements continue to evolve.

           Kamalia

2:40pm – 3:10pm: Refreshment Break

3:10pm – 4:00pm:  Managing Risk During Rapid Change: Cloud, AI, and Organizational Disruption (Panel Discussion)

Periods of rapid transformation introduce uncertainty and new risk patterns. This session explores how adaptive risk management helps organizations remain resilient during cloud adoption, AI initiatives, and business change.

Includes:

  • Managing risk during cloud and AI adoption
  • Responding to sudden shifts in the threat landscape

Applying adaptive risk management principles

Moderated by:

  • Robi Papp, Regional Director, CommandZero

Panelists will include:

  • Joseph Burkard, Chief Information Security Officer, Morgan Street Holdings
  • Derek Dixon, CISO, Fresenius Kabi
  • Jill Gunnufson, Senior Director, IT Risk Management, Northwestern Mutual
  • William Russell, Director of Technology, Department of Corrections, State of Indiana
  • And other CISOs & InfoSec Executives sharing the strategies, tactics, and lessons learned.

       

          Papp                    Burkard                   Dixon                       Gunnufson                    Russell

4:00pm – 4:50pm: Security Investment Panel: Aligning Risk, Budget, and Business Priorities (Panel Discussion)

Security and risk leaders must continuously justify investments in terms the business understands. This panel focuses on how organizations prioritize cybersecurity spending based on risk impact and business value.

Includes:

  • Risk-based budgeting and prioritization
  • Communicating security value to executives and boards
  • Addressing skills and training gaps in risk management
  • Audience Q&A

Moderated by:

Patrick O’Connell, RSM, Stellar Cyber

Panelists will include:

  • Dave Geudtner, VP, Enterprise Principle Architect, City National Bank, subsidiary of Royal National Bank
  • Victor Hsiang, CISO, GATX
  • Ron Zochalski, CISO/CTO, Lake County Government, Indiana
  • Other CISOs & InfoSec Executives sharing the strategies, tactics, and lessons learned.

      

       O’Connell                   Geudtner                     Hsiang                   Zochalski

Conference Price: $349.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.