Getting Catfished by AI: Why Your CEO Might Not Be Who You Think They Are

Over the past couple of years, AI, including Agentic AI, Generative AI and automation is starting to change how cybercriminals think about the social engineering attack vector.
Deepfakes that sound like your CEO. Synthetic emails crafted by GenAI that have perfect spelling and grammar and are targeted to an organization and industry using the proper vernacular. Automated attacks that learn and adapt faster than your team can respond.
However, it's crucial we remember that the same tools that are weaponizing human vulnerability are also your most powerful defense. The question isn't whether AI agents will change cybersecurity. It's whether organizations and leaders can implement the change.
In this session, we'll move past the hype and into the practical reality. You'll see how attackers are actually using Agentic AI and synthetic media today, understand where your users are most vulnerable, and learn what it takes to build a human-centered defense strategy that leverages AI as your partner, not your enemy.

Learning Objectives:
You'll leave this session knowing:
- How AI agents are reshaping social engineering—and what that means for your organization
- Where deepfakes and synthetic media fit into today's attack landscape
- How to build a defense strategy that puts human resilience first, with AI amplifying your capabilities

Call to Action:
Don't wait for the next breach to start preparing. Join this conversation and walk away with a plan for utilizing AI in your security strategy while keeping your people aware and secured.

Digital Doppelgängers: The Dual Faces of Deepfake Technology

More and more in society, deepfake technology leverages artificial intelligence to create convincing fake audio and video clips and is evolving rapidly. These technologies not only pose significant threats to personal and organizational cybersecurity programs but also present unique challenges and opportunities in the realms of IT and cybersecurity. This presentation delves into the complexities of deepfakes, offering insights into their creation and detection. With a focus on informing IT professionals, cybersecurity practitioners, CIOs, and CISOs, we will explore the latest tools and techniques used to generate and identify deepfakes while providing practical guidance on mitigating associated risks.

Learning Objectives

- Learn about the potential risks and threats posed by deepfakes to both individuals and organizations.
- Discover the latest tools and techniques to detect deepfakes, including AI-driven technologies.
- Develop strategies and best practices for IT and cybersecurity teams to mitigate the risks associated with deepfakes.

AI: The Double-Edged Sword of Cybersecurity and Social Engineering

Artificial intelligence (AI) revolutionizes multiple industries, providing unprecedented automation, analytics, and decision-making capabilities. However, the rapid advancements in AI technology have also led to the emergence of sophisticated social engineering attacks, posing significant challenges to individuals, businesses, and governments.

Explore the impact of AI on social engineering, highlighting the potential benefits, dangers, and strategies for defending against these new-age threats.

Ransomware, Ransom-war and Ran-some-where

We've all heard about ransomware and its impact on organizations as they suffer an attack almost every two seconds. How can one of these cybercriminal organizations operate, what are their business models, and what is the level of experience needed to work for them? Last year, the Conti ransomware group was a victim of their own style of operations when their playbook, chat sessions, and other critical information ended up on the dark web.

Come and learn about the tactics, techniques, and procedures used by various cybercriminal groups, including one that provides a ransomware service. Understand their modus operandi and learn from them how to defend against their styles of attacks.

Learning Objectives:
Understand the operations of cybercriminal groups
See how their attacks can be used to help you defend your organization
Learn from their mistakes to ensure your organization can effectively defend against a ransomware attack

How Hackers Hack and Why They Do It

Cybercriminals use a wide range of tools, techniques and technology to attack organizations to gain access. Everything from social engineering, to attacking internet facing endpoints, their main goal is to access the organization and steal the data. If they can sell off the information or even better, encrypt the victims data and extort them for large amounts of money. It's important we understand how they do it, why they do it and what can be done to reduce the risk or opportunity for them to be successful. With the recent Conti data leak and from other cybercriminal groups, we can learn to understand and know our enemy to help us protect and defend our organizations and reduce the risk of an attack.

Learning Objectives:
- Understand the various technological methods cybercriminals use to attack organizations
- Learn the ways we can help protect ourselves and the organization
-See how cybercriminals use social engineering to get users to open the front door for them

Cybersecurity & You

If you discovered a rash of home burglaries in your neighborhood, you'd find out how they're getting in, what is being stolen, and work to secure your home. In cybersecurity, criminals are always trying to steal your personal information, passwords, and money.
Phishing and social engineering attacks cost organizations billions of dollars each year, and the attacks are getting worse. As these attacks intensify and become more refined, technology struggles to keep up, and users will continue to fall prey. To effectively defend against this, you have to understand how the attacks work, including the psychological triggers and tricks the attackers are using. This session will explore the different techniques that social engineers and scam artists use to make users more likely to do their bidding by clicking links and opening attachments.

Learning Objectives:
- Understand the continuous emerging threats threatening organizations
- Learn why people fall victim to the social engineering attacks like phishing
- Recognize and understand security culture as the next evolution to security awareness

The focus audience are non-technical people. It can be geared for technically minded as a refresher, but the purpose is to educate and bring additional awareness to users learning more about cybersecurity.

From Command Line to Center Stage: Hack Your Way to Confident Speaking

Does the thought of public speaking make you sweat more than a server room in July? You’re not alone! Whether you're a first-time speaker or looking to level up your confidence, this hands-on workshop will help you ditch the nerves and own the stage. Led by a seasoned speaker with 400+ presentations under their belt and training from world-class Toastmasters, this session is your chance to turn stage fright into stage might. And yes—everyone will speak! Get ready to build confidence, engage your audience, and deliver a three-minute talk like a pro. Are you in?"

Public speaking is a skill that can elevate your career, expand your influence, and help you deliver impactful messages with clarity and confidence. Whether you're stepping onto the stage for the first time or looking to refine your delivery, this interactive workshop will equip you with the tools to present with poise and purpose.

Led by a seasoned speaker with 20 years of experience, over 400 presentations delivered in the past five years, and training from world-class Toastmasters, this session is designed to help you conquer stage fright, structure your thoughts effectively, and engage your audience with confidence. Drawing from a deep background in cybersecurity and professional speaking, this hands-on experience will push you out of your comfort zone—in the best way possible.

By the end of the session, everyone will take the stage, delivering a short three-minute presentation while receiving constructive feedback in a supportive environment. You’ll walk away with practical techniques to control nerves, project authority, and own the room. If you’re ready to amplify your voice and master the art of public speaking, this workshop is for you!

Weathering the Storm: AI Threats and How to Fortify Your Organization

Let's be honest, AI has become the cybersecurity industry's favorite buzzword. Agentic AI. Deepfakes. Synthetic media. Generative attacks. But what matters most is that most organizations aren't worried about the buzzwords and flashy stuff. They're worried about whether their users will fall for a deepfaked executive voice asking for a wire transfer. Whether their systems can detect synthetic emails that sound like a trusted vendor. Whether their defenses can keep pace with attacks that learn and adapt in real time.
This isn't a talk about the future of AI in cybersecurity. It's about what's happening right now and what you actually need to do about it.
We'll move past the hype and into the practical reality. You'll see real examples of how attackers are using AI and synthetic media today, understand exactly where your organization is vulnerable, and leave with a gameplan to integrate AI into your defense strategy while keeping your users, your actual front line of defense aware, protected and secured at the center.
The question isn't whether AI will change cybersecurity. It's whether you'll lead that change or play catch-up.

Learning Objectives:
- What AI threats are actually hitting organizations today
- Where your teams are most vulnerable to deepfakes and synthetic media attacks
- How to build a defense strategy that puts human judgment first, with AI amplifying your capabilities
- Practical first steps your organization can take immediately, regardless of size or budget

Call to Action:
Don't wait for a breach to start preparing. Walk away from this session with a clear action plan for your organization, one that's grounded in reality, not hype.

The Awareness-Action Gap: How Organizations Build Real Human Risk Management

For years, cybersecurity has been locked in a civil war between two camps: technology professionals convinced the next blinky box is the answer, and behaviorists insisting that better awareness training will solve the problem. Yet 74% of CISOs now identify human error as their number one risk, not technology vulnerabilities.
Traditional security awareness training creates an Awareness-Action Gap, which is the chasm between what users know and what they actually do when under pressure. The problem isn't that people are broken. It's that the industry has been solving a human problem with a technology mindset and checkbox compliance.
This presentation introduces a strategic change in the security awareness and training camp, it's Human Risk Management (HRM). This is a risk management program and framework that treats users as organizational assets rather than liabilities. McQuiggan will present the DEEP framework (Defend, Educate, Empower, Protect), demonstrating how to close the gap through personalization, impact, and building trust across the organization.
Attendees will discover the business case for HRM, understand why compliance-based training isn the foundation, and leave with actionable steps to transform human risk into a competitive advantage for the business to reduce risk and data breaches.

Learning Objectives:
- Why traditional security awareness training fails and the concept of the Awareness-Action Gap
- How the DEEP framework transforms human risk from liability to strategic advantage
- Practical first steps to shift organizational culture from awareness to resilience

Call to Action:
Start engineering resilience. Discover how Human Risk Management becomes your organization's strongest defensive layer.

Why Awareness Programs Stall and Human Risk Management Does Not

Most organizations invest heavily in tools, platforms, and dashboards, yet social engineering continues to succeed at scale. The problem is not a lack of technology. The problem is how people make decisions under pressure, speed, and trust.
Looking at the familiar narrative inspired by Joseph Campbell’s The Hero with a Thousand Faces, Consider this: instead of treating employees as the weakest link or a risk, position them as active defenders on a shared journey. Attendees will explore how organizations move from denial and checkbox training toward mature human risk management grounded in behavior, context, and leadership support.
Using real-world examples from phishing, business email compromise, and executive impersonation, the session breaks down where security awareness programs and fear-based messaging fails. Instead shifting paths to what changes behavior. What metrics matter. What leaders must do differently. How security teams partner with HR, communications, and operations to build habits that disrupt the social engineering attack vector.
By aligning culture, leadership, and human-centered security practices, leaders can take a new approach to reducing social engineering attacks.. Attendees leave with a clear framework to assess where their organization sits today and how to move forward without adding friction or blame.

Learning Objectives
- Identify the behavioral failure points attackers exploit during social engineering campaigns.
- Explain how human risk management differs from traditional security awareness training.
- Apply a practical journey-based framework to assess and improve security culture maturity.