Skip to content

UPCOMING EVENTS

Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois

Strategies for reducing risk to the enterprise.

October 7, 2025

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

  

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Designing a Resilient Enterprise Risk Management Strategy: The Boardroom to the Firewall
  • Quantifying Cyber Risk: Turning Security into Business Intelligence
  • Building a Threat-Informed Defense: Leveraging Threat Intel and MITRE ATT&CK
  • Third-Party Risk and Software Supply Chain Attacks: Mitigating the Invisible Threat
  • Insider Risk & Data Governance: Balancing Trust and Oversight
  • AI, Automation & InfoSec: A New Attack Surface or a Strategic Advantage?
  • CISO Panel – Modernizing Risk & Security Leadership for the Next Five Years

CONFERENCE AGENDA

 

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 9:50am: Designing a Resilient Enterprise Risk Management Strategy: The Boardroom to the Firewall

Randy Herold, Global CISO, Manpower

As cyber threats escalate and regulatory expectations grow, enterprise risk leaders must bridge business context with IT security measures. This session will outline a modern ERM framework integrating business continuity, data protection, and threat intelligence. Learn how to align your InfoSec and risk posture with board-level risk appetite and governance.

 

Herold

9:50am – 10:20am  Refreshment & Exhibit Break

10:20am – 11:10am: Quantifying Cyber Risk: Turning Security into Business Intelligence

Cyber risk is no longer just an IT concern—it’s a business metric. This session will explore how organizations are adopting quantitative risk analysis (QRA), cyber risk modeling, and FAIR methodology to prioritize controls, drive executive conversations, and justify InfoSec investments.

11:10am – 12:00pm: Building a Threat-Informed Defense: Leveraging Threat Intel and MITRE ATT&CK

This tactical session focuses on how security teams are operationalizing threat intelligence using MITRE ATT&CK and other frameworks to build proactive defenses. Learn how threat-informed approaches can improve incident response, SOC efficiency, and overall cyber readiness.

12:00pm – 12:45pm: Lunch & Exhibit Break

12:45pm – 1:35pm: How Not to Get Hacked…Ransomware Lessons from the Attacker Who Got Paid $4 Million — and the Risk Reduction Advice He Left Behind

Jeremy Moskowitz, Vice President, Product Management, Netwrix

What happens after the ransom is paid? In one high-profile breach, the ransomware attacker didn’t just walk away with $4 million — he also left the victim with a chilling list of security risks and recommendations that every organization should take seriously.

In this eye-opening session, Jeremy Moskowitz — 20-time former Microsoft MVP and CTO of Endpoint Products at Netwrix — takes you inside that post-breach conversation. You’ll learn what the attacker recommended, what it reveals about modern endpoint risk, and why risk reduction must be operationalized before you’re the one negotiating over Bitcoin amounts.

Join Jeremy for a hard, unfiltered look at how ransomware attackers assess and exploit risk, what security blind spots they love most, and where organizations routinely leave themselves exposed. You’ll leave with actionable takeaways for reducing your attack surface, including:

  • How attackers bypass traditional defenses with low-effort, high-reward tactics
  • The most overlooked endpoint, identity, and operational risks
  • How certain habits either escalate or contain damage during an incident
  • High-impact, but easy to implement ways to close security gaps and mitigate exposure — fast

If you’ve ever said, “That wouldn’t happen to us,” this session will reset your risk mindset.

Moskowitz

1:35pm – 2:05pm: Refreshment & Exhibit Break

2:05pm – 2:55pm Insider Risk & Data Governance: Balancing Trust and Oversight

Insider risk—from negligence to malicious actions—remains a major blind spot. This session will explore how to create a data-centric security culture, deploy data loss prevention (DLP) solutions, and apply behavioral analytics without eroding employee trust.

2:55pm – 3:45pm: AI, Automation & InfoSec: A New Attack Surface or a Strategic Advantage?

The use of AI in security operations is growing—but so is its use in cyberattacks. This session covers how InfoSec leaders can harness AI and automation for anomaly detection, response acceleration, and reducing false positives—while managing emerging AI-related risks.

3:45pm – 4:50pm: Communicating Cyber Risk to the Board (Panel Discussion)

Moderator: TBD

Panelists will include:

  • Michael Boucher, Executive Director, Global Information Security, Jones Lang Lasalle
  • Derek Milroy, Network Security Architect, Gallagher
  • Randy Herold, Global CISO, Manpower
  • Additional CISOs/Information Security Leaders sharing experiences and lessons learned

Boards of directors are increasingly aware that cyber risk is business risk. Yet, CISOs often struggle to translate technical threats into business terms that resonate with directors. This panel will explore practical approaches for CISOs to effectively communicate risk, align with business objectives, and foster board-level engagement in cybersecurity strategy.

In this session attendees will learn how CISOs and InfoSec executives are articulating the following:
1. Framing Cybersecurity as Business Risk
2. What the Board Really Wants to Hear
3. Building a Narrative
4. Balancing Transparency and Confidence
5. Strengthening Board–CISO Relationships

 

Boucher                           Milroy                 Herold

Conference Price: $349.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

 

https://www.axonius.com/
https://www.centripetal.ai/
https://www.fortinet.com/
https://horizon3.ai/
https://www.hughes.com/what-we-offer/managed-network-services
https://www.knowbe4.com/
https://www.netwrix.com/
https://snyk.io/
https://www.tevora.com/