Amy Yee
Chief Digital Transformation Officer & SVP, Ecosystem, C3SA | Host, Wired for Change
Actions
Amy Yee is a senior digital transformation and cybersecurity executive with over two decades of experience working at the intersection of technology, risk, and organizational change. She currently serves as Chief Digital Transformation Officer & SVP, Ecosystem at C3SA, where she leads transformation strategy while overseeing partnerships and client success across critical sectors.
In parallel, Amy is the creator and host of Wired for Change, a podcast and leadership platform exploring how people, systems, and culture shape successful transformation in cybersecurity, healthcare, government, and critical infrastructure. Through long-form conversations with practitioners, executives, and public-sector leaders, she focuses on the human and leadership dimensions of complex technical challenges.
Amy brings a board-level and systems-thinking perspective to cybersecurity, grounded in real-world experience navigating incidents, transformation programs, and high-stakes decision-making. She is a frequent speaker at industry conferences and an advocate for viewing cybersecurity not just as a technical function, but as a leadership and trust discipline.
Zero Trust for Critical Infrastructure: From Perimeter to Resilience
Zero Trust is often introduced as a set of controls or a maturity roadmap. In critical infrastructure environments, that framing can obscure the real question leaders must answer: what does “secure enough” look like before an incident — and resilient enough after one?
In this session, Amy Yee presents a threat-centric, outcome-driven approach to Zero Trust that contrasts the before and after states of cyber disruption in safety- and mission-critical systems. Using adversary personas to illuminate how attacks unfold across interconnected digital, physical, and operational environments, she explores why perimeter-based thinking fails — and how Zero Trust principles meaningfully change outcomes.
Rather than assuming a single path to maturity, this talk emphasizes working backwards from a desired resilience state. By clarifying what must be true after an incident — for operations, safety, and public trust — organizations can better prioritize Zero Trust decisions before one occurs.
Attendees will leave with a practical framework for evolving security posture in complex critical infrastructure environments, grounded in real threat behavior and focused on resilience, not perfection.
Target audience: Security leaders, practitioners, and board-adjacent professionals working in or supporting critical infrastructure and regulated environments.
Session format: 45–60 minutes. No special technical requirements.
The Five People You Meet in Cybersecurity: Lessons in Trust, Failure, and Leadership
Cybersecurity is often framed as a technical discipline — tools, controls, and frameworks. But anyone who has worked in this field long enough knows that the hardest moments aren’t technical at all. They’re human.
In this talk, Amy Yee draws on decades of leadership, board, and operational experience to explore “The Five People You Meet in Cybersecurity” — the individuals who quietly (and sometimes painfully) shape how we lead, how we respond under pressure, and how we build trust in moments that matter.
Through real-world stories and reflective insights, this session examines:
The person who gave you a chance
The person you failed (often without realizing it at the time)
The person who failed you
The person you worked more intentionally with
The person you didn’t know you inspired
Rather than focusing on blame or breach post-mortems, this talk invites practitioners to reflect on the human side of cyber incidents, ethical decision-making, and leadership growth. Attendees will leave with a deeper appreciation for how trust is built — and broken — in cybersecurity, and how meaning-making, resilience, and self-awareness can shape better leaders and stronger teams.
This session is for practitioners, leaders, and board-adjacent professionals who want to move beyond checklists and controls, and better understand the human impact of the work we do.
Target audience: Cybersecurity practitioners and leaders at all career stages who are interested in the human and leadership dimensions of security work.
Session format: 45–60 minutes. No special technical requirements.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top