Event Agenda

● Are we overemphasizing human behavior in cybersecurity at the expense of technical and systemic controls?
● How can Californian organizations measure the real impact of awareness and training programs? How can we ensure value through these programs?
● Should IT systems be designed to be resilient to human error rather than relying on users as the first line of defense?
● What lessons can sectors across California offer on balancing human and technical security? How can we ensure we are getting the basics; right?
..
– Moderator: Nick Padron, Director of Information Security, Fairfield Residential
– Vimal Subramanian, CISO, Foodsmart
– Robert Rees, Director of Cybersecurity and Technology Operations, Rexford Industrial
– Rouman Ebrahim, Head Deputy, Cyber Crime Division, Los Angeles County District Attorney’s Office
– Jeanette Lind, Director of IT and Information Security, Unison

Sensitive data movement across borders can be risky but restricting it outright can create operational and security challenges. As agentic AI, generative AI, and quantum computing reshape global organizations, CISOs must modernize security platforms to protect data amid increasingly sophisticated attacks and evolving global data regulations.
.
● Planning migration strategies to protect critical data and infrastructure while complying with international data protection laws
● Ensuring security platforms adapt to risk, user behavior and AI-driven interactions
● Preparing for the future including the post-quantum encryption shift
.
– Ari Giguere, Vice President – Security and Intelligence Operations, Netskope
.

OT cybersecurity has moved beyond risk mitigation to become a measurable driver of business value. As cyber compromise is now expected across critical infrastructure, organizations must protect uptime, safety, and revenue while operating in highly constrained environments. This session shows how a framework-driven OT security strategy—anchored in IEC 62443, operational visibility, and platform consolidation—reduces response times, simplifies operations, and delivers real financial and operational outcomes.
.
– Matt Britter, Senior OT SME, Fortinet
.

● Our lessons learned in identifying systemic capability gaps and informing executive-level risk prioritization
● How we utilized active monitoring across our enterprises to improve situational awareness
● How we learned to embed risk-informed decision-making into our business and operational processes for sustainable security outcomes
● How we shifted from reactive response to anticipatory defense, with focus on recovery, segmentation, and attack-surface reduction
.
– Brandon Wilson, CISO, Confidential
.

.
AI is reshaping governance, risk, and compliance from a reactive, audit-driven function into a continuous, intelligence-driven trust system. In the next 24 months, leading organizations will use AI to continuously test controls, predict and remediate risk before it becomes an issue, and automate evidence, questionnaires, and vendor risk workflows end-to-end—freeing teams to focus on higher-order risk decisions. This presentation outlines what’s changing, what “good” looks like in the AI-native GRC stack, and how Drata is building the leading agentic trust management platform that connects controls, evidence, vendors, and external trust signals into always-on assurance.
.
– Akshay Sharma, Senior Solutions Engineer, Drata
.

● Embed security-by-design across the product lifecycle, aligning with business risk and resilience goals
● Establish clear ownership and governance between CISO, engineering, and product teams
● Strengthen supply chain assurance, including SBOMs and third-party risk management
● Build rapid detection, response, and recovery capabilities for product-related incidents
.
– David Scott, Sr. Director, Product Security, Intuitive
.

● How must the CISO role evolve to transition from a technical supervisor to a strategic business partner who influences board-level decision-making?
● In an increasingly automated landscape, what frameworks should leaders use to balance the speed of AI-driven defense with the necessity of human ethical oversight?
● How can future leaders restructure cybersecurity training to prioritize emotional intelligence and mental resilience as a solution to industry-wide burnout?
● What leadership strategies are required to shift organizational culture from a “fail-safe” mentality to a “safe-to-fail” resilience model?
.
– Brandon Wilson, CISO, Confidential
.

● How we integrated cyber risk to account for increasing geopolitical challenges
● Where we implemented threat intelligence and scenario planning to anticipate ransomware, supply-chain, and state-sponsored attacks while aligning with new California regulations
● How we safeguarded our systems through targeted awareness campaigns and realistic simulations of credential theft
● How we applied zero-trust principles, segmentation, MFA, and contingency planning to minimize operational disruption and ensure business-critical functions continue
.
– Jacob Combs, VP of Cybersecurity, CISO, Tandem Diabetes Care, Inc.
.

● What are the key issues facing Top California firm’s cybersecurity? How can we overcome them?
● How do new cybersecurity rules under Article 9 of amended California Consumer Privacy Act (CCPA) regulations help strengthen our cyber resilience? Do they?
● Where will new rules surrounding ADMT (Automated Decision-Making Technology) play a role in securing and strengthening cybersecurity in California?
● To what extent have shifts in the geopolitical landscape affected Californian cybersecurity? How can we ensure our strategies remain resilient against such changes?
.
– Moderator: Timothy Dzierzek, Director, Security and Compliance, Atomic
– Nick Padron, Director of Information Security, Fairfield Residential
– Robert Cantrell, Director Engineering and Information Security, San Ysidro Health
– Rouman Ebrahim, Head Deputy, Cyber Crime Division, Los Angeles County District Attorney’s Office
– Dario Loeb, IT Director, Young Community Developers
.

● Is AI driving more cybersecurity innovation, or creating new exposure we aren’t ready to manage?
● How can governance frameworks ensure AI delivers innovation without multiplying risk?
● How do new cybersecurity rules under Article 9 of amended California Consumer Privacy Act (CCPA) regulations help strengthen our cyber resilience with the increasing use of AI? Do they?
● How should we balance the push for AI-driven innovation with the need to limit potential cyber threats?
.
– Moderator: Brandon Wilson CISO, Confidential
– Jacob Combs, VP of Cybersecurity, CISO, Tandem Diabetes Care, Inc.
– Tim Jee, Director, Cybersecurity Services, New American Funding
– Jason Christopher, Cyber Security Director, University of California, Berkeley
– David Scott, Sr. Director, Product Security, Intuitive
– Ari Giguere, Vice President – Security and Intelligence Operations, Netskope
.