Boston

Join Anthony “TonyP” Pillitiere, Co-Founder of Horizon3.ai, for an engaging session on “Offense-Driven Defense.” TonyP will challenge conventional risk assessment practices and unveil how emphasizing real-world exploitability and impact can revolutionize your security approach. Drawing from over 100,000 autonomous pentests, he’ll share compelling stories and actionable insights that reveal how viewing your cyber terrain through an attacker’s lens can uncover hidden vulnerabilities, optimize resource allocation, and fortify your defenses against advanced threats. Don’t miss this chance to learn from a leading industry trailblazer on why it’s time to “go hack yourself” to build resilience in today’s borderless threat environment.

Key Topics:

• Building and managing effective incident response plans.
• Detecting and mitigating cyber and physical threats.
• Using real-time data and intelligence for decision-making.

Why It Matters:
Security managers often handle tactical responses. Understanding effective response strategies ensures timely containment and resolution of incidents.

Security shouldn’t be a speed bump – it should be built in like a seatbelt. In this session, we’ll explore how leading organizations are integrating security into their software pipelines through platform engineering and DevSecOps. You’ll learn how automation – not AI hype – reduces risk without slowing teams down, and walk away with actionable strategies to scale security, simplify compliance, and move fast with confidence.

Threat actors are increasingly targeting development pipelines in order to launch software supply chain attacks that have massive downstream impacts. These attacks are successful — the Snowflake breach of 2024 in which an attacker extorted $2.7 million out of customers is proof they work. Governments across the globe have also taken note of this threat, with SBOM mandates and regulations like the Cyber Resilience Act in Europe aiming to mitigate the risks. Open source malware, another name for a malicious open source package, is proliferating — Sonatype alone has observed more than 778,500 pieces of open source malware since 2019, representing more than 200% growth year-over-year. Attendees will learn about the most prominent types of open source malware including discoveries over the past year, what attributes differentiate open source malware from traditional malware and vulnerabilities, best practices for defending against open source malware, and how the attack vector will evolve in 2025. Join this talk to learn more about: How and why threat actors are focusing efforts on infiltrating software development via open source Differentiating attributes between open source malware and traditional malware The most prominent types of open source malware impacting enterprises today, as well as how enter development pipelines Best practices for SBOM management and securing the software development lifecycle against open source malware.

Key Topics:

• Ransomware, phishing, and advanced persistent threats (APTs).
• Optimizing operations and improving security through Orchestration and Automation.
• Understanding the impact of AI and IoT on security vulnerabilities.
•  

Why It Matters:
Staying informed about the latest threats helps leaders anticipate and prepare for risks that can disrupt operations.

In this session, discover how data lineage provides the foundation for stronger data protection strategies. Learn how tracing your data from source to destination enhances classification accuracy, strengthens security controls, and enables real-time anomaly detection. We’ll explore how combining lineage with AI-driven insights can identify, prioritize, and respond to abnormal data flows, ensuring your sensitive information stays protected throughout its lifecycle. Join us to see how comprehensive data visibility is key to safeguarding your organization.

Despite billions invested in security tools, organizations continue to suffer breaches—because most defenses stop at the network or endpoint level. But attackers are getting smarter, targeting what matters most: your data.

In this session, Alex Hesterberg, CEO of Superna, will explore the critical need for data-layer defense and how cybersecurity teams can finally see, detect, and stop threats where they matter most. Attendees will gain practical insights into how proactive cyberstorage protection can change the game for security teams, helping them act earlier, respond smarter, and recover faster from threats like ransomware and insider attacks.

Key Takeaways:

· Why Traditional Security Falls Short – Learn how attackers bypass perimeter defenses and why storage-layer visibility is the missing link.

· Act Earlier – Discover how real-time threat detection at the storage level allows organizations to stop attacks before they reach critical data.

· Respond Smarter – Understand how automated forensic insights and rapid in-place recovery reduce downtime and data loss.

· Breathe Easier – See why leading global brands like Amazon, Mercy Health, and NASA trust Superna’s cyberstorage security to protect nearly five exabytes of data.

With cyber threats evolving fast, now defense must run deeper. This session will equip security leaders with the knowledge and strategies to stay ahead of the next attack—before it happens.

Artificial Intelligence is revolutionizing the world at an unprecedented pace—reshaping industries, redefining possibilities, and occasionally, delivering laugh-out-loud failures. But how safe is this brave new world of AI? And what does it mean for businesses, individuals, and society at large? We’ll explore the evolution and proliferation of APIs, the unsung heroes powering mobile apps, supply chain optimization, and the Internet of Things, and the role they play in the future of the internet. Billions of bots silently execute tasks, but at what cost? We’ll dive into the hidden, obvious, and subtle expenses of this automation boom, from operational efficiencies to unforeseen vulnerabilities. And just when you thought DDoS attacks were a thing of the past, we’ll debunk the myth: DDoS isn’t dead—it’s evolving. We’ll discuss why volume still reigns supreme, the rise of sophisticated Layer 7 attacks, and how to stay ahead in this ever-changing landscape. Finally, we’ll look to the future, guided by three principles: Futurize, Unite, Simplify. Join us for an engaging, insightful, and occasionally humorous journey through the cutting-edge technologies shaping tomorrow’s world.

Key Topics:

• Evaluating and selecting security technologies that align with organizational goals.
• Best practices for integrating new tools into existing security infrastructures.
• Orchestrating technology solutions to maximize their effectiveness and return on investment.

Why It Matters:
Choosing, using, and integrating the right technologies is vital for building a robust cybersecurity infrastructure, and Effective technology management optimizes security investments and enhances overall protection against evolving threats.

Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars. And things change fast in this space – RaaS groups rise and fall with law enforcement takedowns, or disband and reorganize under different brands, so it can all be a little confusing. Each quarter, the Halcyon team of ransomware experts put together a RaaS power rankings guide for the ransomware threat landscape.