Boston Cybersecurity Conference

Current security models are failing to keep up with the speed, complexity, and scale of modern software. Security professionals are doing their jobs—and yet, attacks still get through. In this session, hear the story of four people caught in the aftermath of a breach: a developer, a SecOps lead, an AppSec engineer, and a compliance officer. All working in good faith. All stuck in a broken system. This talk will introduce a new blueprint for modern software defense, modeled on the smartest of cities that have instrumented infrastructure to see, adapt, and respond in real time. Walk away with a prescriptive framework – based on context, coordination, and culture – that teams can use to stop guessing and start defending.

As AI reshapes the digital world, cyber threats are growing in scale and complexity. This session explores the essentials of cyber risk insurance—who’s at risk, why coverage matters, and how AI is transforming both the threat landscape and defense strategies. Learn how to leverage AI for proactive protection and how to safeguard your organization

Organizations continue to struggle with the ever-growing influx of vulnerabilities introduced by developers each day. Despite years of investment, Application Security programs are still dominated by endless finding and triage, with far too little actual fixing—and almost no true prevention. The rise of AI-enhanced development has accelerated not only the speed of code delivery but also the frequency and complexity of vulnerabilities within that code. At the same time, attackers are arming themselves with AI to exploit weaknesses faster and inflict greater damage.

Unless we evolve our practices and build stronger partnerships with development teams, the gap between attackers and defenders will only widen, leading to even greater losses. This session will provide practical, actionable guidance to help security leaders stem the tide of vulnerabilities and empower developers to become their most effective defense against modern threats.

The cybersecurity threat landscape has grown more sophisticated and relentless than ever, marked by surging ransomware volumes, widespread identity-centric attacks, supply-chain compromises, and the rapid integration of generative AI into attacker toolkits. Analysis of major incidents throughout the year, corroborated by leading industry reports, reveals a consistent pattern: once initial access is gained, threat actors exploit flat or poorly segmented environments to achieve lateral movement at unprecedented speed, often reaching critical assets in hours or minutes.

A defining factor in nearly every large-scale breach was the lack of granular, enforceable segmentation across hybrid IT, OT, IoT, and cloud environments. Real-world cases demonstrate that comprehensive asset visibility and policy enforcement—capabilities exemplified by platforms like Forescout—repeatedly proved decisive in detecting anomalous movement, blocking lateral traversal, and containing damage before encryption or exfiltration could occur.

This session combines 2025 threat landscape statistics, newly observed breach tactics, and concrete examples of segmentation done right to illustrate why modern, identity- and asset-aware segmentation has become the cornerstone control for limiting blast radius and maintaining resilience in today’s environment.

In today’s threat landscape, attackers prioritize identity and access management systems like Microsoft’s Active Directory (AD) because they hold the keys to the kingdom in most enterprises. In other words, compromise AD, and you control the organization. That’s why modern cyber resilience strategies must focus on AD hardening, monitoring, and recovery planning.

During this session, you’ll learn how organizations can better prepare, respond, and recover when disaster strikes. And we’ll discuss the questions that need answers to get you back online quickly and offer actionable guidance for building operational resilience.

We often talk about threats in terms of dollars lost, data stolen, or headlines made. But the real threat lives deeper—in the structure, the strategy, and the growing ambition of the actors behind the screen. Today’s cybercriminals don’t just encrypt files; they build economies, launder, influence, and forge alliances that stretch across borders and industries. In this talk, we’ll peel back the layers of modern cybercrime and explore how loosely affiliated hackers have evolved into organized syndicates. These groups operate more like multinational corporations than rogue disruptors—complete with HR departments, recruitment pipelines, insider relationships, and state protections.