Today's enterprises are comprised of incredibly complex software stacks ranging from cloud-deployed applications, mobile device software and endpoint applications to embedded device firmware in our telecommunications, IoT, and OT systems.

This software ecosystem becomes exponentially more complex when you take into account the supply chain aspect - what appears to be a single software package or application from a third party supplier is often comprised of hundreds of underlying dependencies, all with their own hidden risks and vulnerabilities.

In this session, Derek will highlight the challenges that enterprises face as a result of the complex modern software ecosystem, as well as the importance of implementing people, processes, and tools to tackle such challenges.

This panel will consist of educators, researchers, and practitioners who will explore recent incidents and lessons learned that help Texas organizations reduce risk. They will discuss the role of regulations to drive change and opportunities for employers to develop a skilled workforce equipped fight cybercrime.

In 2024, 83% of organizations experienced at least one cloud security incident. The traditional cloud security model, based on CNAPPs with periodic penetration testing is falling short.  

We'll consider the inherent challenges of the current approach, how to bring together security and cloud teams to improve collaboration in an ever-changing cloud environment. 

This session will explore the critical need for a Purple Team paradigm and culture. We will discuss how merging the offensive expertise of the Red Team with the defensive capabilities of the Blue Team creates a unified force. By operating as an autonomous, continuous function, Purple Team provides real-time evaluation and validation of security controls. The constant feedback loop and shared goal of continuous improvement prove that in today's cloud-native world, the Red Team and Blue Team must merge to be truly effective. A purple team model transforms security from a reactive function into a preemptive, agile, and resilient strategy to reduce business risk. 

As large language models and agentic systems become core infrastructure, their security challenges are rapidly evolving. This talk traces the shift from the early focus on adversarial examples to today's realities of prompt injection, data poisoning, and attacks against protective models, clearing up common misconceptions along the way. We explore how protecting LLMs and autonomous agents calls for new approaches to threat modeling, monitoring, and incident response while extending established security frameworks to address these emerging risks. Security for AI isn't about rewriting security from scratch but about turning existing security knowledge into the foundation for defending the next generation of intelligent systems.

In this keynote, world‑renowned cyber expert and former hacker Hector Monsegur makes the case that periodic penetration tests and annual assessments no longer match the tempo of modern attackers. When a report is delivered, the clock is already running—new CVEs emerge, credentials leak, cloud posture drifts, and identities become the shortest path to impact. 

Hector outlines a pragmatic shift from point‑in‑time testing to the adoption of Continuous Threat Exposure Management (CTEM).  He argues that cybersecurity is no longer just about defense, it's about continuous visibility, proactive assessments, and timely mitigation.   This dynamic approach ensures that exposure management evolves alongside the threat landscape and business priorities.  

Attendees will leave with an actionable blueprint for designing and implementing a CTEM program tailored to their digital infrastructure and business risk appetite.  The goal is to help security professionals turn noise into action.

As automation becomes more embedded in security operations, the question isn’t just can we automate, but how much is too much? This panel explores where organizations are drawing the line between manual control and automated action.

We’ll discuss how enterprises are safely deploying automation, how to build guardrails that prevent unintended consequences, and what it takes to prove these systems are secure, reliable, and accountable. 

Cybersecurity “World Tour”:

Rachel will describe the current cybersecurity threats facing companies and institutions from nation states like Russia, North Korea and Iran, from cyber organized crime syndicates, and from individual hackers looking to make money or create mayhem.

Cybersecurity Threats in 2025:

Rachel will define 2025 cyber threats as "The Three R's - Russia, Ransomware, and Resilience" and will explain the strategic importance and tactical implications of each.

The New Threat - Artificial Intelligence:

Rachel will walk us through the benefits and the detriments of artificial intelligence as it pertains to cybersecurity.

Action Steps:

Drawing from her experience at the NSA and in the financial sector, she will discuss what professionals need to be considering in the current cyber risk environment and describe the aspects of an effective corporate cyber resiliency strategy.