To guide your submissions, we have created seven tracks though the final agenda will be guided by submissions,
and our independent program committee.

1. Cloud Security: As cloud adoption accelerates, the need to manage cloud security as an integrated part of your security program is paramount. Cloud infrastructure also offers unique opportunities for elevating baseline posture and increasing security automation. This track focuses on understanding common risks in cloud infrastructure, how to assess your cloud security posture, cloud-centric threat models, and how to manage/mitigate potential vulnerabilities.
   
   Topics include:
   • Cloud discovery / Shadow IT / Attack surface management
   • Cloud configuration and vulnerability management
   • External and internal/insider threat models
   • Effective use of native security tools such as identity and access management (IAM), data loss prevention (DLP), network security, security monitoring and logging, business continuity and disaster recovery services
   • Multi-cloud security considerations, opportunities, and challenges
   • Regulatory Compliance
   
   
2. Intelligence: Sessions in this track focus on the current state of play in cyber threat intelligence; recent advancements in tools, technologies, and methodologies to track cyber adversary groups; and ways to effectively communicate analytic findings to minimize cyber risk exposure. Additional areas covered in this track include research and analysis processes, combating analytic cognitive biases, the evolution of enrichment data sources, cyber adversary tradecraft, and developing key skills to succeed within the cyber threat intelligence discipline.
   
   Topics include:
   • Cyber Threat Frameworks
   • Understanding and evaluating vendor intelligence collection
   • The three types of CTI stakeholders and their intelligence needs
   • Common cognitive biases analysts encounter
   • Key data enrichment sets for CTI analysts
   • Shifts in cyber adversary tradecraft
   • Attribution Analysis
   
   
3. Next Gen CISO: Sessions in this class track will be curated by current global 1000 CISOs and designed to help the next generation of CISOs perform when they rise to the level of CISO. What are the skills and knowledge a CISO needs to be successful?
   
   Topics include:
   • Speaking to the Board
   • Ever-changing threat landscape, data leak, and prompt injection attacks
   • Regulatory compliance: Navigating complex compliance requirements
   • Third-party vendors: Managing risks from third-party vendors
   • Data privacy: Ensuring robust data privacy and protection
   • Personal liability: Concerns over personal litigation stemming from breaches
   • Talent: Lack of qualified cybersecurity talent
   
   
4. Security Engineering: This track focuses on building and maintaining security posture by incorporating security controls into systems to prevent misuse and malicious behavior and maintain security policies.
   
   Topics include:
   • DevOps and DevSecOps
   • API security
   • Network design
   • Secure Access Service Edge (SASE)
   • Zero Trust networks
   • Data protection
   • Cloud/hybrid security
   • Cryptography/encryption standards/certificate management
   • System integration
   • Access control, MFA, federation and SSO
   • Security architecture
   • Application development
   • Identity management
   • Patch management
   • DDoS prevention
   • Container security
   • Protecting OT, IoT, and IIoT networks
   
   
5. Security Operations: Discussions focused on critical areas related to security issues on an organizational and technical level, directed on people, processes and technology for managing and enhancing an organization’s security posture and preventing, detecting, analyzing and responding to cybersecurity incidents.
   
   Topics include:
   • Data telemetry and leakage
   • Protection and risk prevention
   • SIEM/SOAR
   • SOC
   • Detection/threat hunting
   • Recovery
   • Blue team/red team
   • Vulnerability management
   • Active defense
   
   
6. Security Threats and Exploits: Talks in these sessions focus on attacks and exploits aimed at damaging or disrupting computer networks or systems through unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
   
   Topics include:
   • Intrusion Detection and Prevention
   • Security Risk Management
   • Vulnerability Management
   • Ransomware
   • Dark web
   • Incident response (breach notification, eradication, remediation/reverse malware engineering, investigation/forensics)
   
   
7. Third Party and Cyber Risk Management: Sessions in this track are focused on the ongoing process of discovering, correcting, and preventing security problems, and implanting plans to address future risks.
   
   Topics include:
   • Business impact analysis (vulnerability scan, dependencies)
   • 3rd party risk + supply chain
   • Penetration testing (social engineering, infrastructure, whitebox, blackbox)
   • Data control risk assessment (data flow map)
   • Cyber insurance
   • Crisis management
   • Risk appetite