St. Louis Cybersecurity Conference

Every CISO faces the same pressure: the business wants AI everywhere, yesterday. The instinct is to slow it down, lock it down, approve one tool, and block the rest. But that approach is failing – employees find workarounds, shadow tools multiply, and security loses visibility entirely.

Naman Ambavi is the founder of Oximy, the system of record for enterprise AI usage. Oximy analyzes millions of AI requests every day across enterprises in financial services, healthcare, and tech. In this session, Naman shares what separates CISOs who are stuck playing defense from those who’ve become AI enablers for their organizations.

He’ll introduce a visibility-first framework that lets security say “safe yes”; governing AI usage without blocking productivity. Attendees will leave with a practical playbook for enabling AI adoption while maintaining the control and visibility their role demands

The Identity-Based Network Eliminating Lateral Movement by Design by Marty Lager, argues for replacing layered, box‑centric designs with outcome‑driven networks where security is native. It champions “security built‑in, not bolted on” via native Zero Trust at the access layer, per‑device isolation to stop lateral movement, and an integrated, cloud‑driven architecture that operates at “cloud speed,” replacing brittle VLAN/ACL/NAC stacks with an identity‑aware fabric that’s continuously current, observable, and assured.

Today’s security landscape is defined by fragmentation—siloed tools, disconnected teams, and an overwhelming volume of data lacking business context. This complexity is compounded by a rapidly evolving attack surface that now includes AI-driven workloads, ephemeral cloud instances, and decentralized identities. In this environment, security teams are often left reacting to technical alerts instead of reducing actual business risk.

This session explores how operationalizing Exposure Management brings much-needed clarity and cohesion to modern cybersecurity programs. Rather than chasing every isolated vulnerability or drowning in the noise of AI-integrated systems, organizations must shift to an adversarial perspective. We will discuss how to move from “list-based” security to “path-based” defense—understanding how a single misconfiguration or identity flaw can be the first step in a catastrophic attack chain.

By unifying visibility and prioritization across the entire attack surface—including the emerging risks within the AI tech stack—Exposure Management helps organizations shift from fragmented firefighting to proactive, measurable risk reduction. Attendees will learn how to mobilize the right teams to act efficiently, ensuring that security efforts are a direct contributor to resilient, secure business growth.

Let’s get honest for a second. You’ve spent years — and a small fortune — building a security stack that protects your data. Firewalls? Check. DLP? Check. CASB? Check. You’ve got more acronyms than a government agency. And yet, roughly 80% of your organization’s data — the unstructured stuff living in file shares, cloud drives, email attachments, and that one SharePoint site nobody wants to claim ownership of — is essentially invisible to all of it.

That’s not a minor gap. That’s the gap. And it’s exactly where breaches happen, where compliance audits turn into nightmares, and where regulators are increasingly pointing their flashlights.

Here’s the uncomfortable truth: your DLP isn’t broken. It’s just flying blind. You can’t protect what you can’t classify, and you can’t classify what you can’t see. Most DSPM solutions will tell you where your data lives. That’s nice. But knowing you have 4.2 million files on a server doesn’t help you sleep at night. Knowing which of those files contain PII, PHI, PCI, or your CEO’s fantasy football spreadsheet labeled “Q3 Strategy” — that’s what actually matters.

In this session, we’ll cut through the noise and show you how AI-powered data classification is solving the harder half of the DSPM equation — the unstructured half — without ripping and replacing the tools you already have. We’ll walk through real-world scenarios from regulated industries (healthcare, financial services, insurance — yes, the fun ones) and demonstrate how mid-market organizations are classifying over a billion documents, integrating with their existing security stack, and finally giving their compliance teams something to smile about. Or at least stop stress-eating.

You’ll walk away with:

• A clear understanding of why unstructured data is the actual risk — not the structured data your current tools already handle
• A practical framework for evaluating DSPM solutions that goes beyond vendor slide decks and buzzword bingo
• A live look at how AI classification works at scale — no black boxes, no magic, just results
• Proof that you don’t need an enterprise budget to solve an enterprise-sized problem

Bring your skepticism. We like it.

New threat research analyzing 1,400+ evasion technique combinations reveals that more than a third of email-borne attacks now exploit architectural blind spots that secure email gateways cannot detect — by design. The largest attack family in the dataset isn’t ransomware, isn’t BEC, and doesn’t contain a single malicious URL. It’s a phone number. This session presents original data from December 2025 through February 2026 showing how attackers have industrialized a “counterfeit Rolex” model — assembling phishing campaigns from legitimate infrastructure components (SendGrid, Cloudflare, Google redirects) so that everything in the supply chain is authentic except the intent. You’ll see the specific attack families targeting your SEG tier, learn why TOAD attacks grew 487% in one month, and leave with a practical framework for mapping your defenses against the threats your current tools were never built to see.

Artificial Intelligence has revolutionized how we work, but it has also armed cybercriminals with unprecedented capabilities. From automated reconnaissance to “Clickfix” social engineering tactics that bypass reputation-based security tools—including AV, EDR/EPP, firewalls, and SWGs/CASBs—attackers are moving faster and smarter.

Are your defenses ready for 2026?

We often talk about threats in terms of dollars lost, data stolen, or headlines made. But the real threat lives deeper—in the structure, the strategy, and the growing ambition of the actors behind the screen. Today’s cybercriminals don’t just encrypt files; they build economies, launder, influence, and forge alliances that stretch across borders and industries. In this talk, we’ll peel back the layers of modern cybercrime and explore how loosely affiliated hackers have evolved into organized syndicates. These groups operate more like multinational corporations than rogue disruptors—complete with HR departments, recruitment pipelines, insider relationships, and state protections.