November 14, 2025, 8:00 AM – 5:00 PM Pacific Time || Venue: Las Positas College, Livermore, CA

In an era of escalating geopolitical tensions and the growing impact of climate change, the cybersecurity landscape is undergoing a radical transformation. ‘The Long Game: AI-Driven Cyber Strategy in an Era of Global Disruption’ explores how organizations can leverage artificial intelligence to develop resilient, long-term cybersecurity strategies. This conference will address the critical challenges posed by systemic disruptions, offering insights into navigating complex geopolitical risks, mitigating climate-related cyber threats, and harnessing AI’s potential to anticipate and counter evolving threats. Attendees will gain actionable strategies for building robust cyber defenses, ensuring business continuity, and shaping a secure future in an increasingly unpredictable world.

Key Takeaways for Attendees:

Understanding the interconnectedness of geopolitical, climate, and cyber risks.
Learning how to leverage AI to enhance cybersecurity defenses.
Developing strategic frameworks for long-term cyber resilience.
Building a culture of cybersecurity awareness and preparedness.

Attendees receive up to 8 CPEs for attending and providing feedback on their participation. Networking Pass can earn up to 5 CPEs. Speakers and volunteers can earn up to 13 CPEs. Contact conferencecommittee@isc2-eastbay-chapter.org to let us know you want to help with sponsor tables, serving food, coordinating live demos, signage, sign-in registration, or building set up and breaking down activities. If you can volunteer to mentor, coach, or hire interns, please get in touch with careers@isc2-eastbay-chapter.org. Volunteers earn their ticket. However, they must be assigned to a committee and registered no later than October 1st to participate in the fall conference planning.

Pricing and Registration

To ensure the best value, please register early! Early Bird rates extend until October 31st. Your price is determined by your ISC2 East Bay Chapter Member Status, which can be applied by using your primary chapter-registered email in the “Access Code” field during registration. Members with up-to-date annual dues will automatically have a $45 member credit applied. Volunteers, Sponsors, and Speakers will receive their own distinct free registration codes.

If your member record is pending or you haven’t yet set up your account, please start by securing your private record. Once you are on your membership page, you can then proceed to purchase your conference tickets. If you are already a paid member, you can sign up from your member page or go directly to the registration link below.

Early Bird Pricing ends October 31

Networking Pass: For attendance from 11:30 AM to 5:00 PM. Rates range from $45 (member) to $65 (guest), or $75 (member) to $85 (guest) for a fully loaded backpack and Long Game Kit.
Full Day Pass: For full conference access from 8:00 AM to 5:00 PM, including Breakfast, Lunch, Networking, & Cake Break. Rates are $100 for members and up to $175 for non-members. The Full Day Pass also includes the Long Game Emergency Kit Backpack for as long as our supplies last. After the Early Bird pricing has ended, options to purchase the “Emergency Kit” may be limited.

Registration Type	Price (No Kit)	Price (With “Long Game” Cyber Emergency Kit)	Notes
Networking Pass (11:30 AM – 5:00 PM)			Access to Panels and Vendor Area only.
Guest Networking Pass	$65.00	$85.00	Enjoy lunch; attend panels, workshops, visit vendors
Member Networking Pass	$45.00	$75.00	Enjoy lunch; attend panels, workshops, visit vendors
Full Conference Passes (8:00 AM to 5:00 PM, Breakfast, Lunch, Networking & Cake Break)			This includes all sessions, panels, main lobby and Vendor Sponsor areas
Early Bird Member (Register by Oct 31st)	$100.00	$100.00	Kit guaranteed.
Early Bird Guest (Register by Oct 31st)	$145.00	$145.00	Kit guaranteed.
Guest (After Oct 31st)	$145.00	$175 (if available)	Kit availability is not guaranteed after Oct 31st.
Member (After Oct 31st)	$100	$100 (if available)	Kit availability is not guaranteed after Oct 31st.
Student Member* up to 25 seats (LPC and High School Award winners Free with Code) All other students pay student rate.	$45	$75	Kit guaranteed. *Valid student ID required.
Volunteer Code (Register by Oct 1st)	$0.00	$0.00	Kit guaranteed.

Create or Update Member Record

Purchase Event Tickets

Conference Sessions & Schedule

8:00 AM Breakfast and Registration

Pick up your badge, ribbons, and optional pre-ordered “Long Game: Cyber Emergency Kit Backpack.” Throughout the day, as you visit each vendor, your bag gets a variety of books, tools, and swag. At the end of the day, events and further awards will focus on your key takeaways. Earn additional CPE and distinction by sharing how you might or already leverage what you now have “in the bag.”

Coffee throughout the day is sponsored by One Identity. All meals are paid for by the entire list of sponsors and by a portion of each registration. Thank you to our sponsor and our members. Please visit the list of sponsoring vendors below.

8:50 AM Greetings from the ISC2 East Bay Chapter

Welcome Students, Entrepreneurs, Civic, Business, and Education Leaders, Cyber Professionals, Job Seekers. We are pleased to share a brief discussion of the ISC2 East Bay Chapter Mission, Rules for our day at Las Positas, expectations for the “In The Bag” activity, and a reminder about your mandatory feedback requirement.

Featured Speakers

Session One – 9:00 to 9:30 AM | The AI Supply Chain: A National Security Imperative; the high stakes and the integration of AI into the supply chain itself | Bob Kolasky, SVP Critical Infrastructure Sectors, Exiger

Navigating escalating cyber threats and complex global interdependencies, this session will delve into proactively managing pervasive supply chain risks. Bob Kolasky will explore the pivotal role of artificial intelligence and data-driven strategies, leveraging platforms like Exiger, to identify, assess, and mitigate vulnerabilities across the digital ecosystem. Attendees will gain insights into building resilient supply chains, strengthening third-party risk management, and fostering robust public-private partnerships vital for national and economic security. He will highlight actionable strategies for anticipating and addressing security needs, ensuring critical functions remain operational against cyber warfare and systemic disruptions, and demonstrating how advanced technology facilitates better risk outcomes. This discussion is vital for cybersecurity professionals and industry leaders, enhancing organizational cyber resilience.

Bob Kolasky is a distinguished leader in cybersecurity and critical infrastructure resilience. He was the Founding Head of the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center, where he played a pivotal role in establishing strategic, cross-sector government and industry approaches to cyber and supply chain threats. Currently, as SVP, Critical Infrastructure Sectors at Exiger, he leads the go-to-market strategy and delivery of technology, processes, and expertise to address third-party and supply chain risk for critical infrastructure. Kolasky is a recognized expert in leveraging AI and data-driven insights to illuminate supply chains, evaluate risk factors, and continuously monitor threats, significantly contributing to national and economic security.

**Bob Kolasky, SVP Critical Infrastructure Sectors, Exiger**

Exiger – Founded in 2013, Exiger arms government entities, the world’s largest corporations, including 90 of the Fortune 250, and financial institutions with Software as a Service (“SaaS”) technology solutions that allow a proactive approach to risk and compliance. Exiger has expanded its offerings to create consistency across a market struggling with an ever-growing vendor risk landscape, addressing the need for third-party, supply chain, cyber, and ESG risk solutions.

Session Two – 9:45 to 10:15 AM | The Invisible Threat Layer: Harnessing AI and Practical Physics to Secure Hardware for the Long Game | Yossi Applebaum, CEO | Sepio

The Invisible Threat Layer: Harnessing AI and Practical Physics to Secure Hardware for the Long Game. This session delves into the often overlooked physical layer of cybersecurity, learning how advanced AI and novel approaches rooted in practical physics transform the way organizations identify, manage, and mitigate hidden hardware device risks. Explore how IT, OT, and IoT environments are crucial for building enduring resilience and developing a true “Long Game” cyber strategy against systemic disruptions.

Yossi Applebaum is the CEO and co-founder of Sepio Systems, a company disrupting the cybersecurity industry by uncovering hidden hardware attacks and providing actionable visibility to manage the risk of all known and shadow assets continuously. With decades of experience in engineering and leadership, Yosi’s background includes foundational work in the Israeli intelligence corps (Unit 8200) and successfully co-founding and leading multiple startups before establishing Sepio in 2016. Under his leadership, Sepio has developed multi-disciplinary SaaS solutions that combine practical physics, Machine Learning, and Big Data for unified hardware device risk management. His team has earned global recognition for fighting attacks through malicious hardware devices, offering invaluable insights into securing IT, OT, and IoT environments. Sepio’s Rogue Device Mitigation (RDM) capabilities and notable work in Asset Risk Management and IoT Security Software, including a featured use case by the Cybersecurity and Infrastructure Security Agency (CISA), exemplify his commitment to building enduring resilience against evolving cyber threats.

Sepio: Founded in 2016 by a team of cybersecurity experts from both private industry and government agencies, Sepio is revolutionizing security by uncovering hidden hardware attacks. Embracing its name, derived from the Latin word “Sepio” meaning “defend” and “guard,” the company provides actionable visibility to continuously manage the risk of all known and shadow assets at any scale. Sepio’s Asset Risk Management (ARM) solution is built on pillars of actionable visibility, objective truth, and infinite scalability, instilling confidence in organizations facing continuously expanding and uncontrolled ecosystems of connected assets. Their innovative multi-disciplinary SaaS solutions leverage practical physics, Machine Learning, and Big Data to deliver unified hardware device risk management, including powerful Rogue Device Mitigation (RDM) capabilities across IT, OT, and IoT environments. Sepio’s significant contributions to Asset Risk Management and IoT Security Software are highlighted by a featured use case from the Cybersecurity and Infrastructure Security Agency (CISA).

Session Three – 10:15 to 10:45 AM | Resilience in the deep fake face of AI cybercrime Alissa (Dr Jay) Abdullah, PhD, SVP, Emerging Corporate Security Solutions, CISO | Mastercard

Dr. Alissa Abdullah (Dr. Jay), Deputy Chief Security Officer, Mastercard

Dr. Alissa Abdullah (Dr. Jay), is Mastercard’s deputy chief security officer. In this role, she leads the Emerging Corporate Security Solutions team and is responsible for protecting Mastercard’s information assets as well as driving the future of security.

Dr. Jay joined Mastercard in 2019 after serving as the chief information security officer of Xerox, where she established and led a corporate-wide information risk management program. She also served as the deputy chief information officer of the White House, where she helped modernize the Executive Office of the President’s IT systems with cloud services and virtualization. She currently hosts Cybercrime Magazine’s Mastering Cyber and CISO 500 podcasts. Dr. Jay is a member of Smartsheet’s Board of Directors and Girls in Tech’s Board of Directors. She also serves as vice chair of BITS, the technology policy division of the Bank Policy Institute (BPI). Dr. Jay holds a PhD in Information Technology Management from Capella University, a master’s degree in Telecommunications and Computer Networks from The George Washington University, and a bachelor’s degree in mathematics from Savannah State University.

Mastercard: Mastercard is a global technology company in the payments industry. Its mission is to connect and power an inclusive digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. For over 50 years, Mastercard has pioneered technology to reshape the digital economy, using secure data and networks, partnerships, and passion. They provide innovative solutions that help individuals, financial institutions, governments, and businesses realize their greatest potential, driving value for consumers, businesses, and shareholders worldwide.

Session Four – 10:50 to 11:25 AM | Beyond the Benchmark: AI’s Role in Resilient Cybersecurity | Indus Khaitan | RedBlock

In a landscape where traditional security measures are often insufficient against sophisticated threats, building truly resilient cybersecurity requires moving “beyond the benchmark.” Indus Khaitan, a recognized leader in AI and data resilience and the founder of Redblock, will explore how advanced AI is critical to achieving this next level of security. This session will delve into how AI-driven platforms, much like modern instantiations of computational intelligence, enable proactive risk management, intelligent data backup, and rapid recovery, minimizing downtime and ensuring business continuity. By harnessing AI’s power to automate complex tasks and illuminate unseen risks, organizations can develop a truly “Long Game” cyber strategy, transforming their approach to resilience and operations in an era of global disruption.

Indus Khaitan, Agentic AI for Identity Security. Redblock.

CEO, Indus Khaitan, is a visionary leader in cybersecurity and data resilience, currently driving innovation at Redblock. With a background deeply rooted in developing cutting-edge technology solutions, Indus is passionate about safeguarding critical enterprise assets against an increasingly complex threat landscape. His expertise lies in leveraging artificial intelligence to architect robust data protection strategies that ensure business continuity and minimize the impact of cyberattacks and system failures. Through his work, Indus aims to empower organizations with intelligent, rapid recovery capabilities, strengthening their overall operational resilience.

Redblock (redblock.com) is a company focused on AI-driven data backup and rapid recovery solutions designed to ensure business continuity. Their innovative platform delivers resilient data protection for critical enterprise assets by minimizing downtime and data loss during cyberattacks, system failures, or disasters. Redblock’s solutions provide intelligent backup scheduling and accelerate recovery processes, significantly enhancing an organization’s operational resilience.

Session Five – 11:30 AM to 12:00 PM | Beyond Tech: Building Resilient Security Culture and Rapid Response for the AI Era | Jules Okafor, JD, CEO of RevolutionCyber

In today’s dynamic threat landscape, effective cybersecurity extends beyond technology alone. This session, led by Juliet Okafor, CEO of RevolutionCyber, will explore the critical role of human-centric security in building organizational resilience. Juliet will delve into strategies for cultivating a robust security culture across an enterprise, emphasizing how to increase user engagement, minimize friction during technology rollouts, and improve overall security program performance. The discussion will also cover key approaches to rapid incident response, empowering organizations to proactively prepare for and effectively navigate large-scale cyberattacks and disruptions, ultimately playing “The Long Game” in an AI-driven world.

Jules Okafor, JD, CXO | Attorney | Creator of ‘Build & Scale AI Ops in 90 Days’ | Security Culture & DevSecOps for High-Growth Orgs | Scalable Privacy, Risk & Trust Programs for Enterprise | Delivering Resilience at Speed

Juliet Okafor, JD, CEO, RevolutionCyber, is a cybersecurity professional who has combined her knowledge of the legal system and cybersecurity solution models into success stories across Fortune 500 industries throughout the USA. A passionate security solutions visionary and strategist, Okafor determines how to solve the company’s problem, be it vulnerability management, incident response or reducing the risk associated with technology or vendors, and then puts a plan into action. Okafor graduated from UMass Amherst with a B.A. in communication, Fordham University with an M.A. in public communication and media studies, and received her juris doctorate from Temple University – Beasley School of Law. She is currently the CEO of RevolutionCyber.

RevolutionCyber (https://www.revolutioncyber.com/) is a boutique cybersecurity and resilience consulting firm that blends strategic advisory, cultural transformation, and technology enablement to redefine how organizations approach security. They focus on aligning security with core business outcomes, such as resilience, trust, and revenue generation, rather than treating it as a standalone technical function. Living at the intersection of security culture, operational resilience, and customer trust, RevolutionCyber operates as a unique hybrid: a traditional consulting firm, a managed security service provider (MSSP), and a technology-enabled service provider. Their mission is to empower businesses and individuals by creating personalized security experiences at scale, reducing technology rollout friction, increasing user happiness, and demonstrably improving overall security program performance. They also offer critical guidance and playbooks for rapid incident response, preparing organizations to navigate large-scale cyberattacks and build long-term cyber resilience effectively.

12:15 – 1:00 PM Lunch

Keynote, Session Six – 1:00 to 1:45 PM | Cybersecurity and Privacy Policy: Analysis of Executive Actions and Legislation in the 47th Presidential Term and 119th Congressional Session | Jim Dempsey | Managing director of the IAPP Cybersecurity Law Center

Jim Dempsey, Managing Director, IAPP Cybersecurity Law Center, and Senior Policy Advisor, Stanford Program on Geopolitics, Technology and Governance

Cybersecurity and Privacy Policy: Analysis of Executive Actions and Legislation in the 47th Presidential Term and 119th Congressional Session.

This keynote address will analyze the evolving cybersecurity and privacy policy landscape, focusing on potential executive actions and legislative initiatives within the 47th Presidential Term and the 119th Congressional Session. By November 2025, we will have an emerging picture of cybersecurity policy in this term. This session will compare and contrast with the Biden administration, exploring what has changed and what has continued. Which unfinished initiatives are moving forward and which seem to have been abandoned? How does competition with China shape U.S. cybersecurity policy? How is the promised emphasis on offensive operations developing? What approaches are emerging from the regulatory agencies (FTC, FCC, SEC, HHS)? Are the states stepping up their enforcement actions? He will provide insights into the long-term strategic considerations necessary for navigating the complex and rapidly changing cyber and data governance environment, addressing key issues such as AI-driven cybersecurity strategies, data privacy regulations, and the intersection of geopolitics and technology. This session will review and contextualize these and other policies and legal issues.

Jim Dempsey, managing director of the IAPP Cybersecurity Law Center, lecturer in cybersecurity law at UC Berkeley Law School, senior policy advisor to the Stanford Program on Geopolitics, Technology & Governance, co-author of Cybersecurity Law Fundamentals (2d ed. 2024).

Session Seven – 1:45 to 2:30 PM – Investing in the Future of AI-Driven Security: Next-Generation Human-Centric Cybersecurity Assistant | Ali Bouhouch, CTO | The Good Data Factory

The cybersecurity landscape is at an AI inflection point, driven by the convergence of large language models (LLMs), agentic-event-driven security automation, and API-first architectures, making real-time, autonomous cybersecurity operations finally possible. This session will explore how these powerful advancements represent a multi-billion-dollar market opportunity, poised to become an inevitable industry shift as global cybersecurity spending is projected to reach $267 billion by 2027, with AI-driven security automation as a key growth area.

Ali Bouhouch, CTO of The Good Data Factory, will discuss how enterprises, grappling with critical security staffing shortages (3.5 million unfilled cybersecurity jobs globally), can strategically invest in next-generation human-centric cybersecurity assistants. He will address how these AI-driven solutions empower security teams, reduce manual burdens, and enhance threat detection and response capabilities, enabling organizations to secure their future and play “The Long Game” against evolving cyber threats, even as incumbents heavily invest to lock in their customer base.

Ali Bouhouch, CTO, The Good Data Factory: Ali Bouhouch is an accomplished technology executive with over two decades of success leading consulting, software, and data engineering teams, delivering cutting-edge solutions across e-Commerce, AdTech, Business Intelligence, and Advanced Analytics. He possesses deep expertise in leveraging Cloud, Big Data, In-Memory Processing, and Cognitive Computing to drive success in digital marketing and retail. A champion of agile methodologies, Ali is a trusted leader who builds and inspires culturally diverse and geographically distributed teams to deliver results aligned with customer expectations, managing multi-million dollar international budgets. He is also a co-author of the “B2B Solutions Using WebSphere Business Connection” IBM Redbook and was the founder and chairman of multiple professional forums like the XML/WebServices SIG at www.ebig.org. His specialties include Analytics and Data in Retail, Oil & Gas, Telecoms and Finance industries, alongside deep knowledge in Leadership & management, Enterprise Architecture, Machine Learning, Data Science and Big Data.

The Good Data Factory (thegooddatafactory.com) steps in to fill an ever-increasing skills and capability gap by serving as a strategic data science partner to clients, from startups to large corporations. They specialize in transforming raw security data into actionable intelligence through advanced analytics and machine learning, helping organizations identify hidden patterns, predict potential threats, and optimize security operations. The Good Data Factory excels in managing the complexity of data engineering to ensure data is clean, accurate, and ready for analysis. They also offer services in advanced Big Data analytics, remote AI & data analytics lab development (including specific machine learning models and algorithm development), and creative software design and development. Their comprehensive approach aims to improve threat detection, incident assessment, and recovery processes, enabling clients to effectively shape business strategies and gain a competitive advantage in today’s market. They ensure the security and confidentiality of your data throughout all services.

2:30 – 4:30 CAKE BREAK, Socializing & Panels

Attendees should select up to two out of the three following options and leverage the alternative time to visit with vendors and develop their emergency kits.

Session Eight (A) – 3:00 to 3:45 PM – Panel: The Intersection of Geopolitics and Cyber: Strategies for Mitigating Global Threats

Tolgay Kizilelma, Ph.D. is a business-driven IT/Cybersecurity GRC leader and trusted business partner with three decades of experience in education, healthcare, distribution, and government sectors. He is the founding Director of the MS in Cybersecurity program and teaches online Cybersecurity GRC courses as an Associate Professor of Cybersecurity in the Barowsky School of Business at Dominican University of California. Tolgay has also served as the CISO for multiple University of California campuses. Early in his career, he managed the U.S. IT operations for a leading national fuel systems integrator and distributor. He has more than 50 industry certifications, a B.S. degree in computer engineering, an MBA, and a Ph.D. focusing on information security. He also volunteers for various non-profit organizations as a board member, and frequently participates at cybersecurity conferences as a presenter. His contribution to the cybersecurity community was recognized with the 2022 C100 Award – Top 100 CISOs by CISOs Connect.

Tolgay Kizilelma, Ph.D., Dominican University of California

Session Eight (B) – 3:45 to 4:30 – Panel: AI vs. AI: The Evolving Landscape of AI-Driven Cyber Warfare

Stephen Bartolini is an outcome-driven technology-risk management leader and Partner at NextPeak, adept at driving business transformation through reengineering and embracing cutting-edge technologies. With over two decades of experience, including significant leadership roles as Executive Director of Cybersecurity & Technology at JPMorgan Chase & Co. (10 years) and Senior Director positions at CA Technologies (9 years), Stephen is a trusted advisor to executive leadership on cybersecurity risks and response strategies. His expertise spans building global, diverse, cross-functional teams that deliver value by understanding client needs and engineering innovative solutions within rapidly changing, highly regulated environments across Financial Services, Technology, and Telecommunications industries. Stephen holds a Bachelor of Science in Chemical Engineering from Cornell University and is a Certified Information Security Manager (CISM) and Lean Six Sigma Black Belt.

Stephen Bartolini: Cybersecurity & Technology Executive Director | Risk Management, Lean Six Sigma, AI Data Analytics

Session Eight (C) – 4:30 – 5:00 – The Wrap Up – What You Placed in Your Bag, “The Long Game, Cyber Emergency Kit.” Conference Feedback Forms and Sharing What’s In The Bag – Main Presentation Hall

Networking Pass holders can participate in the Strategic Vendors’ “Long Game” Cyber Emergency Kit activity – completion earns 5 CPE – a bag purchase may be required.

We offer our cybersecurity vendors a unique opportunity to engage directly with attendees through the ‘Long Game’ Cyber Emergency Kit. Registered members have the option to receive a branded backpack, and we’re inviting vendors to contribute items essential for long-term cyber resilience and incident response.

To highlight the concept, here are some Sponsor Specific ideas to drive thinking about what’s “in the bag.”
While all listed vendors have existing relationships with the chapter, their inclusion here represents their potential contributions for this specific event and does not imply confirmed sponsorship.

Astrix Security (astrix.security): Contribute a resource on Securing Non-Human Identities and SaaS Connectivity During Disruptions, focusing on the risks associated with API keys, service accounts, and other non-human identities, and how to maintain secure SaaS-to-SaaS connections during a crisis.
BigID (bigid.com): This resource focuses on Maintaining Data Privacy During a Large-Scale Cyber Emergency and emphasizes how BigID’s data intelligence platform enables rapid identification and protection of sensitive data in chaotic situations.
BreachRX (breachrx.com): Contribute a comprehensive Emergency Incident Response Playbook outlining critical containment, recovery, and communication steps. This would be invaluable for attendees facing extreme cyber crises.
Exiger (exiger.com): Offers a resource on Supply Chain Risk Management and Resilience Planning for Global Disruptions. Given Exiger’s expertise in supply chain risk and third-party risk management, this guide would provide critical insights into maintaining operational continuity during large-scale events.
Horizon3.ai (horizon3.ai): Provide a resource on Automated Penetration Testing for Proactive Cyber Resilience. Highlighting how their NodeZero platform continuously assesses an organization’s attack surface to identify exploitable weaknesses before adversaries do, this guide would offer actionable strategies for building robust, long-term cyber defenses and enhancing rapid incident preparedness.
Intezer (intezer.com): Provide a resource on Automating Threat Triage and Response During Security Incidents, highlighting how their AI-powered platform, leveraging code DNA analysis, can help security teams rapidly analyze alerts, understand threat context, and automate initial response actions during a crisis.
NetAlly (netally.com): Provide a guide on Ensuring Network Resilience and Rapid Troubleshooting for AI-Driven Systems. This resource would highlight how their portable analysis tools offer deep visibility into wired and wireless networks, enabling swift identification and resolution of connectivity and performance issues critical for maintaining operational stability and rapid recovery of AI-dependent cybersecurity infrastructure during a crisis.
One Identity (oneidentity.com): Offers a guide on Secure Identity and Access Management in a Crisis, detailing how their solutions can help maintain secure access controls and manage identities effectively during a cyber emergency, ensuring only authorized personnel can access critical systems for recovery.
Redblock (redblock.com): Provide a guide on AI-Driven Data Backup and Recovery for Rapid Disaster Recovery. This will show how Redblock’s system can quickly restore systems and data during a global event.
Revolution Cyber (revolutioncyber.com): Provide a Rapid Incident Response Playbook for Large-Scale Cyberattacks, critical guidance for first responders during a high-impact event.
Semperis (semperis.com): Contribute a guide on Rapid AD Recovery Strategies for Systemic Cyber Disasters, emphasizing how Semperis’ solutions enable swift restoration of AD functionality to minimize downtime.
Sepio (sepiocyber.com): Offer a resource on Gaining Comprehensive Asset Visibility and Mitigating Hardware-Based Security Risks During Critical Operations. Leveraging Sepio’s expertise in physical layer security, this guide would highlight the importance of understanding all connected devices, including rogue and unmanaged assets, and how to prevent hardware-based attacks that could compromise systems during a crisis.
StellarCyber (stellarcyber.ai): Offers a resource on Unified Security Operations for Rapid Threat Detection and Response During Systemic Disruptions, emphasizing how their Open XDR platform can provide comprehensive visibility and accelerate incident response across the entire attack surface during a crisis.
StrongDM (strongdm.com): Offers a guide on Securely Restoring Infrastructure Access During a Systemic Disruption, demonstrating how StrongDM’s solutions enable rapid and controlled access to essential systems for recovery teams.
Summit 7 (summit7.us): Offer a resource on Maintaining Compliance and Security in Microsoft 365 During a Crisis, emphasizing how organizations can ensure adherence to regulations and protect sensitive data within the Microsoft 365 environment during a systemic disruption, leveraging Summit 7’s expertise in Microsoft security and compliance.
Symmetry Systems (symmetry-systems.com): Provide a resource on Rapid Data Security Posture Assessment for Disaster Recovery, showcasing how Symmetry Systems’ platform provides critical visibility into data risks during a crisis.
The Good Data Factory (thegooddatafactory.com): Provides a resource on Using Data Analytics for Rapid Cyber Incident Assessment and Recovery, demonstrating how The Good Data Factory’s platform enables data-driven decision-making during a crisis.
Trace3 (trace3.com): Offers a resource on Building a Resilient Hybrid Cloud Infrastructure for Disaster Recovery, highlighting strategies and best practices for maintaining business continuity and rapid recovery in a hybrid cloud environment during a systemic disruption, leveraging Trace3’s expertise in multi-cloud solutions.

Our contributing organizations, such as OWASP, CSA, CISA, and ACFE San Francisco, will provide essential regulatory guidance, best practices, and educational materials.

To receive all 8 CPEs, attendees must complete their Conference Feedback Form.

ISC2 East Bay 2025 Sponsors

Platinum

Stellar Cyber (stellarcyber.ai): Offers an Open XDR platform that unifies security operations across the entire attack surface. It ingests data from existing security tools, normalizes and enriches it, then applies proprietary AI/ML to automatically detect threats. The platform correlates high-fidelity alerts into incidents, accelerating investigation and enabling automated response actions. This approach enhances security operations center (SOC) effectiveness by providing comprehensive visibility, reducing noise, and improving analyst efficiency for rapid threat mitigation.
Astrix Security (astrix.security): Provides a platform dedicated to securing non-human identities and SaaS-to-SaaS connectivity. It discovers and maps all API keys, service accounts, and other non-human identities, along with their associated permissions and connections across SaaS applications. Astrix then continuously monitors these integrations for shadow IT, excessive privileges, and anomalous activity, enabling organizations to enforce granular policies and prevent data breaches or supply chain attacks originating from vulnerable SaaS configurations.

Gold Sponsors

Summit 7 (summit7.us): Specializes in cybersecurity compliance and managed services for organizations in the federal supply chain. They provide solutions and expertise to help clients achieve and maintain compliance with stringent frameworks like CMMC, DFARS, and NIST. Summit 7 offers assessments, implements secure Microsoft 365 environments, and delivers ongoing managed security services to protect controlled unclassified information (CUI) and meet critical regulatory obligations.
Exiger (exiger.com): Delivers AI-powered supply chain and third-party risk management solutions. Its platform rapidly identifies, assesses, and mitigates risks across complex global networks, including financial, cyber, and geopolitical vulnerabilities. Exiger enables organizations to gain comprehensive visibility into their extended enterprise, helping them build resilience, ensure integrity in critical operations, and make informed decisions about their partners and suppliers.
RevolutionCyber (revolutioncyber.com): Focuses on human risk management by assessing, measuring, and actively reducing cybersecurity vulnerabilities stemming from employee behavior. They move beyond generic awareness training, providing data-driven insights and targeted interventions. RevolutionCyber’s approach helps organizations identify specific human risks and implement continuous behavioral change programs, thereby enhancing overall security posture against social engineering and insider threats.
SEPIO (sepio.systems): Provides a Hardware Access Control platform that discovers, inventories, and assesses all devices connected to an organization’s network, both managed and unmanaged. It detects rogue, manipulated, or vulnerable hardware, enabling real-time policy enforcement and blocking of unauthorized devices. Sepio enhances attack surface management and reduces hardware-borne risks.

Silver Sponsors

BigID (bigid.com): Utilizes AI to discover, classify, and manage sensitive and regulated data across diverse environments, including cloud and on-premise. It helps organizations ensure data privacy compliance, identify and remediate security risks associated with vulnerable data, and automate data governance processes. This provides comprehensive data intelligence and control for enhanced security and compliance.
BreachRX (breachrx.com): Delivers an AI-powered platform guiding organizations through the complete lifecycle of a cyber incident, from detection to recovery. It provides automated playbooks, assigns tasks, manages communications, and tracks regulatory obligations and reporting deadlines. This ensures a consistent, compliant, and efficient incident response, minimizing potential legal and financial impacts during a cyber crisis.
Horizon3.ai (horizon3.ai): Provides NodeZero, an autonomous penetration testing platform. It continuously assesses an organization’s attack surface, discovers exploitable weaknesses, and verifies vulnerabilities automatically. By emulating attacker behavior, NodeZero identifies attack pathways and provides actionable remediation steps to proactively strengthen security posture and validate defenses against evolving threats.
Illumio (illumio.com): Provides Zero Trust Segmentation to prevent the lateral movement of breaches across hybrid environments. It visualizes application dependencies, segments networks down to individual workloads, and enforces policies to contain attacks. This approach minimizes the impact of breaches by reducing the attack surface and enhancing an organization’s overall cyber resilience and security posture.
Intezer (intezer.com): Leverages AI and genetic analysis to automate Security Operations Center (SOC) tasks. Its platform triages and investigates alerts, identifies malicious code, and automates responses. Intezer helps security teams reduce alert fatigue, enhance threat detection accuracy, and accelerate incident response by focusing human analysts on critical threats.
NetAlly (netally.com): Offers portable network testing and analysis solutions for IT and cybersecurity professionals. Its tools provide deep visibility into wired and wireless networks, troubleshoot connectivity issues, and validate network performance and security. This helps ensure reliable network infrastructure and efficient issue resolution for enhanced operational stability.
One Identity (oneidentity.com): Offers comprehensive identity and access management (IAM) solutions. Its unified platform manages identities, governs access, and secures privileged accounts. Solutions include identity governance and administration (IGA), privileged access management (PAM), and access management. It helps organizations streamline identity lifecycle management, enforce least privilege, and improve compliance posture across complex IT environments.
Redblock (redblock.com): Focuses on AI-driven data backup and rapid recovery to ensure business continuity. Its solutions minimize downtime and data loss during cyberattacks, system failures, or disasters. The platform provides intelligent backup scheduling, accelerates recovery processes, and delivers resilient data protection for critical enterprise assets, enhancing organizational resilience.
Semperis (semperis.com): Specializes in protecting and recovering Active Directory (AD) from cyberattacks, ransomware, and human error. Their platform detects malicious changes, automates disaster recovery, and enables rapid restoration of AD services. This ensures the continuous operation and resilience of the enterprise identity infrastructure, which is critical during a crisis.
StrongDM (strongdm.com): Offers a unified platform for managing and auditing access to all critical infrastructure, including servers, databases, and internal applications. It connects users securely without VPNs, logs every session for comprehensive auditing, and enforces least-privilege access policies in real time. This centralizes control over technical access, enhancing security and compliance.
Symmetry Systems (symmetry-systems.com): Specializes in Data Security Posture Management (DSPM). Its platform discovers and classifies sensitive data across cloud and on-premise data stores. It continuously monitors data access, identifies misconfigurations, and detects risky behaviors or excessive permissions. This provides clear visibility into data security posture, helping to reduce exposure and ensure compliance.
The Good Data Factory (thegooddatafactory.com): Focuses on transforming raw security data into actionable intelligence. By applying advanced analytics and machine learning, organizations can identify hidden patterns, predict potential threats, and optimize security operations. Their platform aims to improve threat detection, incident assessment, and recovery processes through data-driven insights.
Trace3 (trace3.com): Provides IT solutions and consulting, specializing in cloud, security, and data intelligence. They offer strategic advisory services, implement technology solutions, and deliver managed services across various domains. Trace3 assists enterprises in adopting innovative technologies and optimizing their IT environments to enhance resilience, drive digital transformation, and address complex business challenges.

Please become an ISC2 East Bay Sponsor by donating to our Sponsorship Page.

About ISC2
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our nearly 675,000 members, candidates, and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills, and abilities at every stage of their careers. ISC2 strengthens the cybersecurity profession’s influence, diversity, and vitality through advocacy, expertise, and workforce empowerment, accelerating cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook, and LinkedIn.

ISC2 East Bay 2025 Fall Conference – The Long Game: AI-Driven Cyber Strategy in an Era of Global Disruption