Chicago Cybersecurity Conference

In this session, Mariana Padilla shares insights from an analysis of 22 million enterprise AI prompts, highlighting where sensitive data exposure really occurs and why common responses like blanket blocking often fail. Attendees will learn how security leaders can regain visibility, focus on the risks that matter most, and support responsible AI use without disrupting productivity.

Since the release of ChatGPT 3.5 in 2022, AI (artificial intelligence) has become the default answer to almost every cybersecurity problem—including risk assessments. AI and large language models (LLM) can generate polished, confident-looking risk analyses in seconds. The problem? Confidence is not competence, and speed is not accountability. When used as a substitute for human judgment, AI-driven risk assessments can obscure real exposure, misrepresent priorities, and create a dangerous illusion of control.

In this session, Chris Cronin will demonstrate why AI is fundamentally incapable of managing cybersecurity risk on its own—and how overreliance on AI can actually increase organizational risk. Attendees will see where AI outputs break down, why “AI-generated” does not mean “defensible,” and how regulators, auditors, and courts still expect human decision-making grounded in reasonableness.

Chris Cronin, creator of the Duty of Care Risk Analysis (DoCRA) Standard, has advised governments, courts, Fortune 100 companies, and startups on cybersecurity risk analysis and regulatory compliance. His work centers on helping organizations make risk decisions that can be explained, justified, and defended—not just automated.

Chris will reveal the simple rule Reasonable Risk uses to decide when AI belongs in their SaaS platform—and when it absolutely does not. Attendees will leave with a clear framework for using AI as a supporting tool rather than a decision-maker, and a practical understanding of how DoCRA principles are shaping AI, cybersecurity, and privacy laws around the world.

Join Matt Moss, Senior Sales Engineer at ESET, to learn about cyber risk insurance essentials in an AI-driven digital landscape!  During this session, Matt Moss will speak to the current cybersecurity landscape and explain the reasoning behind cybersecurity risk insurance.  Matt will also speak about AI’s impact on the threat landscape, to include how AI can be leveraged to bolster a proactive and adaptive defense strategy.  This is your opportunity to learn more about cyber risk insurance and why it is so important for organizations of all sizes!

Cyber teams are drowning in a sea of alerts and false positives. AI promises to resolve this, but it also enables attackers to generate massive amounts of unique noise to hide their true intentions. The real battle isn’t about creating more detections, it’s about refining detection logic and creating better detections. The art of maintaining signal fidelity in an environment underwater from AI amplified noise. Learn about the truth of using AI as a solution and exploring AI as a vector for a new class of attacks that exploit our reliance on automated decision making and new threat intelligence examples of AI success and failures.

The End of Legacy Network Security, by Todd Ellison, argues for replacing layered, box‑centric designs with outcome‑driven networks where security is native. It champions “security built‑in, not bolted on” via native Zero Trust at the access layer, per‑device isolation to stop lateral movement, and an integrated, cloud‑driven architecture that operates at “cloud speed,” replacing brittle VLAN/ACL/NAC stacks with an identity‑aware fabric that’s continuously current, observable, and assured.

We often talk about threats in terms of dollars lost, data stolen, or headlines made. But the real threat lives deeper—in the structure, the strategy, and the growing ambition of the actors behind the screen. Today’s cybercriminals don’t just encrypt files; they build economies, launder, influence, and forge alliances that stretch across borders and industries. In this talk, we’ll peel back the layers of modern cybercrime and explore how loosely affiliated hackers have evolved into organized syndicates. These groups operate more like multinational corporations than rogue disruptors—complete with HR departments, recruitment pipelines, insider relationships, and state protections.