ATLSECCON 2025

As cyber threats evolve and regulatory landscapes tighten (GDPR, NIS2, DORA, CMMC, CPCSC, and more), organizations are challenged to move beyond traditional security perimeters. While the industry has mastered visibility into infrastructure, applications, and even OT environments, have we truly unlocked the full potential of cyber defence? More specifically, how can we align security strategies with business processes, data flows, and evolving operational resilience requirements?

This session explores the art of the possible in cyber defence—rethinking our approach to visibility, control, and governance in the context of digital transformation. Can we move beyond system, network, and application logs to gain deeper insights into how data is classified, accessed, and protected across an enterprise? How do we operationalize consent management, data governance, and security controls in a way that enhances—not hinders—business agility?

Key Takeaways:

• Reframing cyber defence to address regulatory, privacy, and operational resilience challenges
• The role of data classification, consent management, and governance in a modern security strategy
• How to move from reactive security controls to proactive, enterprise-wide security integration
• Practical considerations for embedding security into digital transformation efforts

What do bedbugs and ransomware attacks have in common? Two things: they both sneak their way in, and they both need to be dealt with in a thought-out and methodical manner.

Fortunately, proper planning and remaining calm can go a long way to a successful recovery. In this session, we will draw parallels while covering the initial identification of the problem, the steps taken to quarantine and mitigate the spread, and the eventual remediation and recovery process.

By drawing similarities between data resiliency and a real-world bed bug infestation, we aim to provide a unique perspective on the importance of preparedness, quick response, and thorough recovery in both physical and digital environments. Attendees will gain insights into practical strategies for managing unexpected threats and ensuring resilience in the face of adversity.

In the process of an employee awareness training campaign, employees undergo various stages, marking their journey from initial awareness to completion. Recognizing employee journey stages is pivotal in cultivating a security-first culture that acknowledges human behaviour. Each stage represents a step in the employee's progression, starting with becoming aware of the training, deciding to participate, and finally completing the program.

However, a gap exists in evaluating the success of such awareness training campaigns. Traditional metrics like completion rates tend to focus on the final stages, overlooking earlier stages that are crucial in understanding and enhancing user engagement to sign up for training willingly, and not by force!

To bridge this gap, there’s a need for redefining success criteria for awareness campaigns. A comprehensive evaluation should consider each employee's decision-making journey stages and employ diverse metrics tailored to assess the success of each stage. 

In this presentation learn about different stages of the employee journey stages, engagement strategies & diverse metrics to assess the success of the training campaign. 

By embracing this refined assessment methodology, organizations can delve deeper into employees' learning journeys. This approach aids in accurately evaluating the success of awareness training campaigns by identifying the stages at which employees disengage. Consequently, this allows planners to pinpoint gaps, plan effectively, and make informed decisions to enhance training campaigns. Ultimately, this ensures that employee awareness training campaigns engage employees collaboratively around their needs.

This session explores why many cybersecurity professionals are often overlooked for the Chief Information Security Officer (CISO) role despite their technical expertise and certifications. Drawing on C-Suite and board-level insights, this presentation highlights the essential executive soft skills, business acumen, and strategic vision needed to transition from technical expert to organizational leader. Attendees will better understand what executive leaders seek in their next security executive, equipping them with the insights to make this critical career leap.