Cyber Resilience Awareness Day Virtual Summit 2025

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Introducing this year’s theme — “Resilient by Design” — drawing parallels to the “Secure by Design” movement, and emphasizing the need to build resilience directly into architectures, operations, and cultures. This message will underscore the importance of shared understanding, open frameworks, and real-world implementation examples, encouraging participants to use the day as a catalyst for action.

Featuring:
Francesco Chiarni, CEO & Chief Researcher, High Value Target (https://www.linkedin.com/in/chiarini/)
Patrick Lechner, Co-Founder & Head of Services, High Value Target (https://www.linkedin.com/in/patrick-lechner-resilience/)
Mehdi Azaouioui, CEO & Founder, Limber Security (https://www.linkedin.com/in/mehdi-azaouioui-51a4431b/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Presenting the Recovery Maturity Model for Recovery from a Severe Operational Outage, a structured self‑assessment framework developed by the financial industry to measure and advance organizations’ preparedness for extreme cyber disruption.

Featuring:
Carlos Recalde, President & CEO, Sheltered Harbor LLC (https://www.linkedin.com/in/crecalde/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

This presentation explores how “Resilient by Design” principles can be integrated into high-risk AI systems as defined by the EU AI Act. It connects legal due diligence obligations with practical implementation strategies rooted in resilience engineering and privacy by design.

Gain actionable insights using NIST SP 800-160 and MITRE Cyber Resilience Engineering frameworks, offering a roadmap for building AI systems capable of withstanding adverse conditions while safeguarding fundamental rights. Learn to operationalize resilience, align with regulatory requirements, and integrate cybersecurity and privacy by design into AI system development.

Featuring:
Dr. Joanna Kulesza, Assistant Professor of International Law and Director, Lodz Cyber Hub, University of Lodz (https://www.linkedin.com/in/kuleszajoanna/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

This expert panel will explore the critical shift from reactive cybersecurity postures to proactive cyber resilience engineered by design. Featuring leading voices from policy, architecture, implementation, and incident response, this session will bridge theory and practice on how resilience can and must be built into systems from the start — not added as an afterthought.

Featuring:
Jimmy Sanders, Information Security Leader President, ISSA International (https://www.linkedin.com/in/jimmy-s-cissp-crisc-cism/)
Ron Ross, Chief Executive Officer, RONROSSECURE, LLC (https://www.linkedin.com/in/ronrossecure/)
Mark Winstead, Principal Systems Security Engineer, Ex-MITRE (https://www.linkedin.com/in/markwinstead/)
Patrick Lechner, Co-Founder and Head of Services, High Value Target (https://www.linkedin.com/in/patrick-lechner-resilience/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Building a strong cyber resilience strategy can be a complicated and lengthy process, and not all organizations have the same requirements. In this session, we highlight where organizations are focusing to build and then constantly improve on the building blocks of:

- Securing systems, especially the backup environment, aligning to zero trust principles and hardening against attacks
- Enhancing the ability to detect threat actor activity, such as using near real time information to protect high value storage systems which are not often well monitored due to their closed nature
- Technologies to protect systems and data to better enable timely recovery of operations from minimal, moderate and severe attacks.

Featuring:
Jim Shook, Director, Cybersecurity & Compliance Practice Cyber Resilience, Dell Technologies (https://www.linkedin.com/in/jamesshook/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Combining FAIR and Threat-Informed Defense to Evaluate Real-World Threat Exposure

Cybersecurity risk assessments frequently depend on qualitative scoring of controls based on standards like ISO 27001, NIST CSF 2.0, or CIS Controls. While these standards help establish good structure of a cybersecurity program, they fall short in addressing how real-world adversaries operate. They don’t guide prioritization based on actual attack techniques or measure the real effectiveness of defenses. We propose a threat-informed risk assessment framework that integrates threat-informed defense methods to link adversary behavior to mitigation coverage and directly inform the Loss Event Frequency input of the FAIR model.

Featuring:
Mehdi, Azaouioui, CEO & Founder, Limbersecurity (https://www.linkedin.com/in/mehdi-azaouioui-51a4431b/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Cyber defenders need a clear understanding of how security controls and capabilities align with their threat identification efforts, risk assessments, and security control programs. To support this, MITRE CTID has developed an open-source repository of mappings connecting security controls and capabilities to adversarial behaviors as described in MITRE ATT&CK. These mappings provide a foundation for a threat-informed approach by meeting the following objectives:

- Application of threat-informed analysis and decision-making to security control program design and implementation.
- Connect the design and implementation of controls to the adversary behaviors they mitigate.
- Improve management and board reporting with respect to control investment and threat protection.

Featuring:
Tiffany Bergeron, Chief Architect, Mappings Program - Center for Threat-Informed Defense, MITRE (https://www.linkedin.com/in/tiffany-bergeron/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Major cyber incidents expose gaps in critical asset protection, raising the question: how can MITRE ATT&CK help strengthen cyber resilience?

This presentation explores how MITRE ATT&CK reveals lessons learned from real-world incidents - starting from Groups, through TTPs and Mitigations, to the intersection with cyber resilience via the MITRE Cyber Resiliency Engineering Framework (CREF). It demonstrates how ATT&CK with the CREF Navigator can help organizations shift from reactive threat tracking to proactive, resilience-oriented planning. By analyzing cyber incidents and IT disruptions, we underscore how MITRE ATT&CK can serve not only as a threat-tracking tool but also as a valuable reference for strengthening cyber resilience against both evolving adversaries and technological disruptions.

Featuring:
Lorenzo Vacca, Cybersecurity Manager, RSM Italy (https://www.linkedin.com/in/lorenzo-vacca/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Users fundamentally face risks that vary among different ICT sectors, constantly evolve, and require reasonable allocations of resources and actions.

As cybersecurity incidents and related losses continue to increase, multiple private and public sector activities and actions have emerged as different understandings of what is reasonable. In legal terms "reasonable cybersecurity" is the duty of care that an organization owes its customers. However, what is reasonable remains largely undefined and no global compilation exists of its use for cybersecurity purposes.

Featuring:
Curtis Dukes, EVP & GM Security Best Practices, Center for Internet Security (CIS) (https://www.linkedin.com/in/curtis-dukes-aa9966129/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Resilience in security ensures an organization's ability to anticipate, detect, withstand, recover, and adapt to cyber threats. To counter the ever-evolving cyber threat landscape, organizations rely on cybersecurity tools to prevent, detect, and respond to cyberattacks.

This presentation will compare these tools to the NIST 800-160 and MITRE ATT&CK models, highlighting any remaining gaps and challenges. This research employs a systematic literature review and case study approach to examine the present state of cybersecurity tools and their applicability. This research adopts the Resilience Engineering Theory to review and evaluate the resilience of cybersecurity tools.

Featuring:
Oluwatomisin Giwamogorewa, Cybersecurity Doctoral Candidate, Marymount University (https://www.linkedin.com/in/ogiwamogorewa/)
Oluwatobi Babatunde, Cybersecurity Doctoral Candidate, Marymount University (https://www.linkedin.com/in/oluwatobi-babatunde)
Ricky Katsuya, Cybersecurity Doctoral Candidate, Marymount University (www.linkedin.com/in/ricky-katsuya-51071421)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

With resilience, our aim is to “remain viable amidst adversity.” We prevent what we can, presuming a certain number of incidents will occur, forcing us to detect and recover. We know relying solely on technical controls is no longer sufficient. Malicious actors are increasingly focused on social engineering. We also know that one-third of incidents begin outside of our enterprise. We must focus on a collaboration of people, process, technology, and the organization across the entire cyber life cycle inside and outside of our enterprise.

This session will walk through the underlying principles to guide your journey while discussing the role of the Business Impact Analysis (BIA), the Operational Resilience Framework (ORF), and the Cyber Resilience Capability Maturity Model (CR-CMM) as tools to achieve your resilience objectives.

Featuring:
Alex Sharpe, Principle, Sharpe, LLC (https://www.linkedin.com/in/alex-sharpe-3rd/)
Mark Orsi, CEO, GRF (https://www.linkedin.com/in/markorsi/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

This session explores building cyber resilience using the NIST Cybersecurity Framework 2.0's Identify, Protect, Detect, Respond, and Recover approach to minimize operational impact from cyber incidents.

Discover how real-world attacks compromise backups, resulting in lengthy and uncertain recovery periods that may compel organizations to revert to outdated manual processes. The key focus: Leveraging AI to rapidly identify clean data, detect threats early, and enable quick recovery with minimal operational disruption.

Featuring:
Jim McGann, CMO, Index Engines (https://www.linkedin.com/in/mcgann/)

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/

The presentation will showcase NIST resources and best practices for incorporating cybersecurity workforce management into broader enterprise risk management and executive leadership discussions. The presentation will take the recently published NICE Framework Cyber Resiliency Competency Area as a working example and will highlight processes laid out in draft Special Publication 1308 (Cybersecurity, Enterprise Risk Management, and Workforce Management Quick Start Guide).

Featuring:
Michael Prebil, Cybersecurity Workforce Analyst, NIST (https://www.linkedin.com/in/mike-prebil-450627133/)