Milwaukee Cybersecurity Conference

What if a single control could eliminate most of your cybersecurity risk—would you use it?

Cyber insurers consistently point to legal liability as your greatest exposure. The best predictor of post-breach legal costs isn’t the breach itself—it’s whether you can prove your cybersecurity program was reasonable.

Reasonableness doesn’t mean perfection. It means showing you made balanced, cost-justified decisions to reduce risks to the public as well as your business. Regulators and litigators evaluate how much you invested relative to the risks you sought to prevent. When a breach happens, they’ll find weaknesses—but what matters is whether your program was built to achieve fair, defensible outcomes.

Today, regulators increasingly define “reasonable” cybersecurity as: Safeguards that reduce risk to the public without being more burdensome than the risk itself.

Chris will walk you through how to break free from compliance checklists and maturity scores—and instead build a defensible risk management program that can withstand attackers, auditors, and attorneys.

Threat actors are weaponizing your organization’s OSINT through AI models to generate personalized and polymorphic phishing attacks and payloads at unprecedented scale and minimal cost. This session exposes how adversaries scrape publicly available data and leverage it to create dynamic phishkits that evade traditional email security defenses. We’ll examine real-world phishing examples that made it into enterprise mailboxes, the data sources that are most often being exploited, and provide actionable strategies to identify, monitor, and reduce your digital footprint and detect and mitigate AI-generated campaigns before they compromise your organization.

The Domain Name System (DNS) is often called the “phonebook of the internet”—but beneath its surface lies a complex and increasingly exploited attack vector. In “Behind the Name: Unmasking DNS Threats,” we’ll peel back the layers of this foundational technology to expose how cybercriminals are leveraging DNS for data exfiltration, command-and-control, phishing, and more.

• This session will explore real-world DNS threat scenarios, the latest trends in DNS-based attacks, and the often-overlooked vulnerabilities that can compromise even the most secure environments. Attendees will gain insights into:
• How DNS is weaponized in modern cyberattacks
• Techniques for detecting and mitigating DNS abuse
• The role of DNS security in a zero-trust architecture
• Best practices for securing DNS infrastructure

Whether you’re a security professional, IT leader, or simply curious about the hidden risks behind everyday internet activity, this talk will equip you with the knowledge to better defend your organization.

The age-old complaint in security engineering is that “big ideas die in the backlog.” Lengthy discovery, design, and coding cycles smother urgency—especially when threats are evolving faster than releases. Enter AI-first development, where language models collapse friction at every step of the SDLC and let small teams translate concept into running code in hours, not quarters. This talk tells the inside story of how we built a working Al Assisted Alert Agent & an Insider Threat & Fraud Detection module in a couple afternoons—then generalized the method into a repeatable playbook any security team can copy.