As organizations expand their reliance on third-party providers, insider threats—whether driven by malice or mistake—become increasingly difficult to detect and control. This session, presented in collaboration with the CERT Division’s Insider Threat Center and Risk Management team, explores the critical intersection of insider risk and supply chain security. Using real-world examples, the session will highlight the challenges of monitoring and mitigating threats from both internal actors and Trusted External Entities (TEEs).

In this session you will:

• Examine real-world insider incidents that reveal how third-party relationships can expand attack surfaces
• Learn strategies to integrate insider threat considerations into enterprise-wide risk management programs
• Discover tools and metrics to help build, assess, and maintain a trusted ecosystem of external providers

In 2024, the National Reconnaissance Office (NRO), in partnership with vendors like SpaceX and Northrop Grumman, launched over 100 satellites—more than in any previous year in its history. This monumental achievement reflects a dramatic shift in how the NRO approaches space operations: fast, agile, and cyber-resilient. With satellite development cycles collapsing from years to months, and commercial-grade IT systems now integrated across space vehicles and communications, the need for adaptable, robust cybersecurity has never been greater.

In this session you will:

• Learn how the NRO and its vendors leveraged commercial capabilities, security best practices, and the NIST Risk Management Framework to reduce risk in space operations
• Explore how cybersecurity vulnerabilities common to ground systems are now present in space-based platforms—and how to address them
• Gain insights from Lance Dubsky on risk adaptation in satellite environments and successful public-private teaming strategies for securing next-generation constellations

In a rapidly evolving threat landscape, securing critical infrastructure requires forward-thinking strategies. This session explores how AI, Zero Trust, and attack surface management can strengthen organizational resilience— while also addressing the emerging risks of quantum computing and IoT expansion.

In this session you will:

• Discover how AI enhances threat detection and response across dynamic environments
• Understand the role of Zero Trust and continuous verification in modern cybersecurity
• Gain insights into managing expanding attack surfaces and preparing for quantum-era encryption challenges

In the fast-moving world of cybersecurity, innovative ideas can quickly become game-changers—or targets. Without proper intellectual property (IP) protection, groundbreaking cybersecurity advancements risk being exploited or misused. This session empowers cybersecurity professionals, researchers, and innovators to identify patent-worthy inventions and navigate the often-overlooked patent process. Led by a renowned cybersecurity evangelist with 88 granted U.S. patents, the session offers a practical roadmap to safeguarding innovation while aligning IP strategy with business objectives.

In this session you will:

• Learn how to recognize and evaluate potentially patentable cybersecurity innovations
• Understand the difference between general security concepts and true patentable inventions
• Discover how to integrate intellectual property into your business strategy and avoid common pitfalls in the patent process

When ransomware hits, the clock starts ticking—and the decisions made in the first 24 hours can mean the difference between swift recovery and prolonged chaos. This session provides a tactical, hour-by-hour roadmap for responding to ransomware attacks, highlighting key actions to take, mistakes to avoid, and strategies to contain damage and restore operations efficiently.

In this session you will:

• Learn immediate response steps to take within the first hours of a ransomware attack
• Discover containment techniques that minimize business disruption and data loss
• Gain a strategic playbook for IT teams, incident responders, and executives to lead effective ransomware recovery