

































Join Us in Pittsburgh for the Futurecon Cybersecurity Event!
Hear from our esteemed speakers while gaining up to 10 CPE credits. Immerse yourself in the latest cybersecurity developments to gain valuable insights in today’s dynamic threat landscape. Learn how to effectively manage risk, demo the newest technologies from an array of different sponsors, and network with your local community.
Don’t miss our special ceremony recognizing our honorary attendees receiving an Award of Excellence!
Join us live for breakfast, lunch, and a wrap up cocktail happy hour!
Keynote Speaker
“Can you secure it all? How protecting a University from cyberattacks can educate others!”
Tom Dugas
Associate Vice President/Deputy CIO/Chief Information Security Officer Duquesne University
As the Associate Vice President/Deputy Chief Information Officer/Chief Information Security Officer (AVP/DCIO/CISO) Tom responsible for overseeing operations of Computing and Technology Services (CTS). CTS is Duquesne University’s central IT organization. As the AVP/DCIO/CISO Tom oversees and directs the efforts of CTS including the oversight of Information Security, Administrative Applications, IT Engineering & Operations and IT Service and Support Management. Tom is also an occasional Adjunct Professor of Cybersecurity in the McAnulty College of Liberal Arts.
Tom is the recipient of the 2023 EDUCAUSE Community Leadership Award and in 2019 was recognized as the CISO of the Year by the Pittsburgh Technology Council.
Tom has been featured in Network World, Inside Higher Education, University Business, and Mighty Guides for his work in Higher Education Cloud Computing. He has spoken at conferences nationally and regionally on topics ranging from leadership, cloud computing, information security, customer support, project management and service management.
Tom serves as a leader as a Vice President and Board member of the Pittsburgh InfraGard Chapter. He is also on the Advisory Board for the Greater Pittsburgh CISO Group and Evanta Pittsburgh Governing Body. He also is an active member of the Internet2 Cloud Scorecard Working Group, Educause Cloud Computing Community Group, AICUP Information Security Consortium, and Steel City Information Security Group. He previously served as co-chair of the EDUCAUSE ECAR Cloud Computing Working Group. Tom has also been a member of the Internet2 Cloud Services Working Group(CSWG) and also the ECAR Cloud Total Cost of Ownership(TCO) Working Group. Tom served several years as the co-lead of the EDUCAUSE Cloud Computing Constituent Group.
CISO/Industry Leader Panel
"Securing the Future: CISO Insights and Industry Leaders Discussing Current Cyber Threats and Strategic Defense Practices"
Jessica Hoffman
Deputy Chief Information Security Officer & HIPAA Security Officer City of Philadelphia
Steve Rocco
VP, Chief Information Security Officer & Head of IT Infrastructure Matthews International
John O'Rourke
Global IT Director - IT Security (CISO) PPG Industries
Jerome Robert
Chief Executive Officer Symbiotic Security
Naomi Buckwalter
Senior Director of Product Security Contrast Security


Sponsors
Premier Platinum Sponsors

Platinum Sponsors


Gold Sponsors






Silver Sponsors



















Partner








“Cybersecurity is no longer just an IT problem”

FutureCon Events brings high-level Cyber Security Training to C-suite executives and CISOs (chief information security officers).
Join us for a day with multiple illuminating presentations and a panel discussion featuring C-level executives who have effectively mitigated the risk of Cyber Attacks, demo the newest technology, and discover the cutting-edge security approaches to prepare you for the future of the Cyber World.
You will gain the latest knowledge you need to enable applications while keeping your computing environment secure from even the most advanced Cyber Threats. Interact with the world’s security leaders and your peers to gather details on other pressing topics of interest to the information security community.

Have questions? Check out the FAQ.
Agenda
Times are subject to change
Opening Introductions | Check In | Networking
Presentation
Weaponizing DNS to Defend the Enterprise
DNS is trusted by default in the enterprise. Threat actors continually exploit this to gain access or initiate command & control. Learn how DNS can go from being a connectivity oriented zero trust nightmare to the first line of defense in the enterprise.
Sponsored by

Presentation
Rebuild Your Software Security Program from the Breach Up
Current security models are failing to keep up with the speed, complexity, and scale of modern software. Security professionals are doing their jobs—and yet, attacks still get through. In this session, hear the story of four people caught in the aftermath of a breach: a developer, a SecOps lead, an AppSec engineer, and a compliance officer. All working in good faith. All stuck in a broken system.
This talk will introduce a new blueprint for modern software defense, modeled on the smartest of cities that have instrumented infrastructure to see, adapt, and respond in real time. Walk away with a prescriptive framework – based on context, coordination, and culture – that teams can use to stop guessing and start defending.
Sponsored by

Presentation
Rapid AI Prototyping
The age-old complaint in security engineering is that “big ideas die in the backlog.” Lengthy discovery, design, and coding cycles smother urgency—especially when threats are evolving faster than releases. Enter AI-first development, where language models collapse friction at every step of the SDLC and let small teams translate concept into running code in hours, not quarters. This talk tells the inside story of how we built a working Al Assisted Alert Agent & an Insider Threat & Fraud Detection module in a couple afternoons—then generalized the method into a repeatable playbook any security team can copy.
Highlights:
– Rethink Development Cycles – AI-assisted competitive analysis, ROI modeling, architecture drafting, and test generation—each shaved from weeks to minutes.
– Vibe Coding in practice – how “prompt-to-prototype” workflows boost individual throughput 30–40 % and democratize coding to non-developers Business Insider.
– Model Context Protocol (MCP) – an open standard that plugs LLMs into live telemetry and knowledge bases, turning context wiring from weeks of API work into minutes of config Home.
– Multi-model evaluation on AWS Bedrock – side-by-side scoring that lets you A/B test foundation models, RAG pipelines, and guardrails before a single line hits main Amazon Web Services, Inc.
Sponsored by

Sponsor Networking Time
Visit Sponsor Booths – find amazing people, information, and prizes! Get updated on the latest technologies!
Presentation
Trust but Verify? The Risks Lurking in AI-Generated Code
As AI-powered coding assistants become more prevalent, developers are increasingly incorporating AI-generated code snippets into their projects. But the last Dora report made it clear: there is a 7.2% drop in delivery stability for every 25% increase in AI use.
In this session, we’ll explore the risks AI-generated code has on development environments. From quality issues to outright security vulnerabilities, we’ll break down real-world examples of how AI-generated code can introduce security flaws, compliance issues, and reduce overall code quality.
Key takeaways include:
• The pitfalls of AI-generated code regarding code quality and security.
• How blind implementation of GenAI code can lead to increased technical and security debt.
• Why traditional reviews often fail to catch AI-induced issues.
• Best practices for validating, securing, and integrating AI-generated code responsibly.
Join us for an engaging session where we go beyond the hype and take a critical look at the risks, while offering actionable strategies to mitigate them—without stifling innovation.
Sponsored by

Presentation
Today’s Threat Landscape Requires a Unique Solution
The convergence of IT and OT networks has significantly broadened the cyber threat landscape, exposing critical infrastructure to new vulnerabilities. Legacy OT systems, often lacking modern security controls, are now accessible through interconnected networks, increasing risk. To counter these threats, organizations must achieve full visibility of all networked assets using advanced discovery and monitoring tools. Equally vital is the implementation of automated threat response system- that enable rapid detection, containment, and mitigation of cyber incidents, enhancing overall resilience and security.
Sponsored by

Sponsor Networking Time
Visit Sponsor Booths – find amazing people, information, and prizes! Get updated on the latest technologies!
Lunch
Keynote
Can you secure it all? How protecting a University from cyberattacks can educate others!
Tom Dugas
Associate Vice President/Deputy CIO/Chief Information Security Officer Duquesne University
Sponsor Networking Time
Visit Sponsor Booths – find amazing people, information, and prizes! Get updated on the latest technologies!
Building a Response Strategy
Presentation
Cyber Resiliency: Going Beyond Backup
Cyber resiliency is a multifaceted approach that goes far beyond the simple act of backing up data. While backups are a crucial component, they are only one piece of a comprehensive strategy. To truly achieve cyber resiliency, organizations must integrate a range of advanced practices and technologies. This includes not only backup and backup recovery but also primary snapshot orchestration, which ensures that critical data is consistently protected and can be quickly restored. Additionally, services such as Threat Scan and Air Gap systems provide an extra layer of protection by isolating sensitive data from potential threats. Clean room environments and forensic tools are also essential, as they enable organizations to investigate and respond to security incidents effectively. By understanding and implementing these various elements, attendees will gain a deeper appreciation of what it takes to build a robust and resilient cyber defense.
Sponsored by

Sponsor Networking Time
Visit Sponsor Booths – find amazing people, information, and prizes! Get updated on the latest technologies!
Presentation
Understanding Insider Threats through Human-Centric Analytics
Learn how to defend your organization against insider threats using the latest AI and Psycholinguistics. Insider threats from trusted individuals with legitimate access can cause serious harm through negligence or intent. UEBA, powered by machine learning, helps detect such threats by analyzing behavior and spotting anomalies like privilege abuse or data theft. Motivations include financial, personal, and geopolitical pressures, but detection is hindered by limited intelligence and context gaps. Enhancing analysis with psycholinguistics and language AI improves accuracy by revealing intent. A proactive, behavior-driven strategy is critical to mounting an effective insider threat defense.”
Sponsored by

Presentation
Breaking Down Silos: Unify Assets and Minimize Attack Exposure
Fragmented asset visibility creates dangerous security blind spots. This presentation explores how breaking down silos to unify control over managed, semi-managed, and unmanaged assets is crucial for minimizing your attack surface. Learn how to gain comprehensive visibility, prioritize risks, and build confidence in your security posture by establishing a unified approach to asset management.
Sponsored by

Sponsor Networking Time
Visit Sponsor Booths – find amazing people, information, and prizes! Get updated on the latest technologies!