Michael Rogers
Michael Rogers is a Managing Director of Technical Advisory Services at MOXFIVE where he provides strategic advisory services and solutions to large enterprises during and after impactful incidents.
Tampa, Florida, United States
Actions
Michael Rogers is the Managing Director of Technical Advisory and Resilience at MOXFIVE, where he leads teams that help organizations prepare for, respond to, and recover from complex cybersecurity incidents. With experience across finance, manufacturing, healthcare, and critical infrastructure, Michael has guided hundreds of companies through high-pressure crises involving ransomware, insider threats, and nation-state intrusions.
He is also the President of the ISC2 Tampa Bay Chapter and serves on the board for BSides Tampa, where he helps foster community growth and technical leadership in the cybersecurity field. Known for his pragmatic approach and ability to bridge technical and executive teams, Michael focuses on building resilience through leadership readiness, incident response strategy, and operational recovery excellence.
Area of Expertise
Topics
Leading Through Crisis: The Executive Framework for High-Stakes Security Leadership
In a major cyber incident—APT intrusion, insider sabotage, ransomware, or executive-targeted fraud—there’s one thing every CISO realizes fast: technical response is only half the battle. The real challenge is leading people, managing pressure, and making decisions that ripple from the war room to the boardroom.
This talk shares hard-won insights from hundreds of real-world cyber incidents, where I’ve worked alongside some of the best—and unfortunately, some of the worst—leaders in the industry. These events span finance, healthcare, SaaS, critical infrastructure, and more. In each case, it wasn’t just tools or timelines that defined the outcome—it was leadership.
At the core of this talk is the Crisis Command Framework: five high-impact behaviors that successful CISOs and security leaders apply in the heat of crisis:
Stabilize – Set the tone, regulate urgency, and create psychological safety
Prioritize – Cut through noise and sequence actions with clarity
Translate – Bridge technical realities to business, legal, and reputational risks
Own – Make confident decisions amid incomplete data
Restore – Lead post-incident recovery of trust, morale, and momentum
This isn’t theory. These are actionable, field-proven checkpoints you can use today to evaluate your incident readiness, shape team behavior, and elevate how you lead in critical moments. Attendees will receive a Crisis Leadership Cue Card—a tactical tool to anchor decision-making and communication during live incidents.
Contain, Recover, Survive: A Frontline View of Pre-Ransomware Tactics and Forensics
Ransomware is often the final act. Long before encryption begins, threat groups like Scattered Spider are already inside, abusing identities, exploiting tools, disabling defenses, and staging their attack. This session shares real-world containment and recovery lessons from pre-ransomware intrusions based on direct, hands-on response experience.
We will cover tactical containment such as revoking sessions, resetting Kerberos, disabling SSO and SSH, isolating ESXi from Active Directory, and securing backup infrastructure. Cloud containment will include removing Azure root-level roles, restricting PowerShell, and shutting down persistence like self-service password resets.
All insights will be mapped to MITRE ATT&CK so attendees can align behaviors with actionable strategies. We will also share critical hardening steps to reduce dwell time, limit business interruption, and avoid crisis-mode improvisation.
Engagement timelines and lessons learned from coordinated responses with external teams including the FBI will be highlighted. Attendees will leave with containment playbook recommendations, recovery sequencing strategies, and techniques to improve response precision under pressure.
Whether on the blue team, leading incident response, or advising executives, this session will help you build the muscle memory to contain faster and recover smarter before the ransom note ever appears.
Beyond the Ransom: Navigating Unforeseen Expenses in the Wake of Ransomware Attacks
Explore the untold financial impact of ransomware incidents in this illuminating session. Beyond the ransom demand lies a web of hidden costs, from immediate incident response and operational disruption to legal battles and reputation damage. Join us to uncover these unexpected expenses and gain practical insights for effectively managing them. Whether you're an IT professional, a business leader, or simply concerned about cybersecurity's financial aftermath, this talk equips you with actionable strategies to safeguard your organization's financial stability in the wake of ransomware attacks.
Crisis Command: How Security Leaders Steer Through the Cyber Storm
Description:
In a major cyber incident—whether it’s a nation-state intrusion, insider sabotage, ransomware outbreak, or executive-targeted fraud—technical containment is only half the battle. The true challenge is leading people, aligning decisions, and navigating the storm of uncertainty, pressure, and competing priorities.
Drawing from experience in hundreds of high-impact incidents across finance, healthcare, SaaS, and critical infrastructure, this talk introduces the Crisis Command Framework—five leadership behaviors that separate successful incident leaders from the rest:
Stabilize – Control the tempo and create psychological safety.
Prioritize – Filter noise and sequence actions with clarity.
Translate – Bridge technical realities to business, legal, and reputational impact.
Own – Make confident calls amid incomplete data.
Restore – Rebuild trust, morale, and operational momentum post-incident.
Through anonymized real-world examples, attendees will see how leadership—not just tooling—determines the trajectory of a crisis. They’ll leave with a Crisis Leadership Cue Card and actionable steps to elevate their readiness, lead decisively under pressure, and earn executive trust when it matters most.
Key Takeaways:
Learn a repeatable framework to lead effectively in high-pressure incidents.
Apply leadership behaviors to both technical and business decision-making.
Integrate leadership readiness into tabletop exercises and IR playbooks.
BSides St. Pete 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top