Event Overview
The surge in sophisticated cyber threats requires security leaders to stay ahead with advanced defenses that protect critical data and systems.
The 2025 Seattle Data Security Summit brings together leading experts across information security, data engineering, privacy, and compliance to equip attendees with the strategies and tools needed to tackle today’s most pressing cybersecurity challenges. This year’s summit will focus on securing machine identities, mitigating risks in AI-generated code, and strengthening cloud security within resilient data architectures. Other discussions will cover managing expanding attack surfaces, leveraging behavioral analytics to reduce insider threats, and building proactive defenses against ransomware and AI-driven attacks.
Washington State’s comprehensive data privacy laws, including the My Health My Data Act and the Washington Privacy Act (WPA), are raising the bar for data protection and compliance. Organizations must navigate stricter regulations, enhanced consumer data rights, and serious penalties for non-compliance. A dedicated session will break down these laws, examine lessons from high-profile breaches, and offer strategies for aligning with frameworks like HIPAA and GDPR.
The summit will also highlight innovations in AI-powered security, data decoupling for privacy, and key takeaways from recent cyber incidents. Attendees will gain practical strategies for strengthening security postures, adapting to regulatory shifts, and securing sensitive data in an increasingly complex threat environment.
View our ISMG Event Experience video to see what your peers are saying about their participation.Â
Venue
Meydenbauer Center
11100 NE 6th Street, Bellevue WA 98004
Highlight Topics
- Securing Machine Learning Models
- Detecting AI-Generated Threats
- Managing Non-Human Identities
- Â AI-Enhanced Data SecurityÂ
Chuck Markarian
CISO, PAACAR
Eric Sanchez
CISO, Orrick
Courtney Hans
VP, Cyber Services, AmTrust Financial Services Inc.
Lana DeMaria
Head of Data Governance, Alaska Airlines
Ginger Armbruster
Chief Privacy Officer and IT Division Director, City of Seattle ,Washington
Brian Shea
Business Information Security Officer, Senior Director of Security, Salesforce
Aravind Swaminathan
Partner. Global Co-Chair Cybersecurity and Data Privacy, Orrick
Enzhou Wang
Chief Data Officer, City of Tacoma
Lana DeMaria
Head of Data Governance and Privacy, Alaska Airlines
Billy Martin
Chief Technology and Security Officer, Vigor, LLC
Ralph Johnson
State Chief Information Security Officer, Washington Technology Solutions
Ivan Avilla
Director of Cyber Incident Response, GoDaddy
Speakers
Thought Leaders on Stage Leading Deep-Dive Discussions
ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in cybersecurity passionate about the latest tools and technology to defend against threats.
Agenda
Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.
Ralph Johnson
CISO, CyberEdBoard Member, Washington Technology Solutions (WaTech)
The CISO's Critical Role in Nurturing Data Security
This session provides practical insights into the strategies, frameworks, and technologies essential for building resilient data security programs.
In today’s environment, CISOs must address emerging challenges, such as securing vast amounts of data generated by IoT devices and ensuring compliance with regional data sovereignty laws. For example, the rise in ransomware attacks targeting healthcare and financial sectors highlights the urgent need for real-time threat detection and robust incident response strategies.
Â
This session equips CISOs with actionable approaches to tackle these pressing issues while safeguarding organizational assets.
Â
Our Keynote Panelists Will Discuss:
- Orchestrating Comprehensive Data Protection Measures: Implement robust approaches like end-to-end encryption and role-based access control to maintain the confidentiality and integrity of critical information assets.
- Crafting and Implementing Incident Response and Data Loss Prevention (DLP) Strategies: Utilize advanced threat intelligence and behavior analytics to proactively thwart data breaches and unauthorized disclosures.
- Evaluating and Integrating Emerging Technologies: Leverage innovations such as AI-powered security analytics and blockchain-based data protection to enhance defenses and stay at the forefront of data security advancements.
Â
Ralph Johnson, CISO, CyberEdBoard Member, Washington Technology Solutions (WaTech)
Billy Martin
Chief Technology and Security Officer, Vigor LLC
Courtney Hans
VP, Cyber Services, Amtrust Financial Services Inc.
Managing the Expanding Attack Surface in a Hyper-Connected World
Attack Surface Management (ASM) has become a critical tool for maintaining visibility over this expanding digital ecosystem. Recent high-profile breaches—like the April 2024 Sisense breach, where attackers exploited compromised GitLab credentials to infiltrate cloud storage—underscore the importance of managing the attack surface to prevent exploitation.
Â
This session will focus on how CISOs can implement ASM strategies to secure digital assets, drawing on recent case studies like the Sisense incident and the SolarWinds breach. We’ll cover how attackers identified and exploited weak points in external-facing assets and how ASM tools can help preempt similar threats.
Â
We Will Discuss:
Â
- Comprehensive Asset Discovery: How ASM tools provide continuous mapping of external-facing assets, including cloud services and shadow IT, to prevent blind spots, as illustrated in the Sisense and SolarWinds breaches.
- Real-Time Vulnerability Detection: Learn from recent incidents how misconfigurations and unpatched vulnerabilities became entry points for attackers, and how ASM can detect these issues in real-time.
- Risk Prioritization and Response Automation: Using machine learning to identify the most critical vulnerabilities and reduce response times, based on insights from breaches where faster detection could have minimized damage.
- Integration with SIEM and SOAR: Explore how ASM tools can seamlessly integrate with broader security systems to enhance real-time threat detection, drawing on lessons learned from recent breaches.
Â
Billy Martin, Chief Technology and Security Officer, Vigor LLC
Courtney Hans, VP, Cyber Services, AmTrust Financial Services Inc.Â
Chuck Markarian
CISO, CyberEdBoard Member, PACCAR
Enzhou Wang
Chief Data Officer, City of Tacoma
Building a Resilient Data Security Strategy
CISOs face the challenge of securing information across diverse environments while meeting stringent compliance requirements and maintaining operational continuity.
Â
This session will explore how to construct a robust data security framework using advanced detection capabilities, adaptive access controls, and scalable defenses for cloud-native, hybrid, and legacy systems. Attendees will gain insights into the latest innovations in threat detection, data protection, and compliance strategies that reinforce organizational resilience against insider and external risks.
Â
Key Takeaways:
- Layered Defenses for Complex Systems: Designing multi-faceted protection strategies that secure the data lifecycle across distributed infrastructures.
- AI-Powered Anomaly Detection: Applying advanced algorithms to identify unusual activity, prevent breaches, and mitigate evolving threats.
- Next-Generation Access Controls: Enforcing least-privilege policies with dynamic authentication tailored to hybrid and cloud-native environments.
- Proactive Compliance Strategies: Meeting evolving mandates like GDPR and HIPAA while building trust with stakeholders and customers.
Â
Chuck Markarian, CISO, CyberEdBoard Member, PACCAR
Enzhou Wang, Chief Data Officer, City of Tacoma
Lana DeMaria
Head of Data Governance and Privacy, Alaska Airlines
Aravind Swaminathan
Partner, CyberEdBoard Member, Orrick, Herrington & Sutcliffe LLP
Sarah Carrier
Privacy Program Manager, Seattle Information Technology Department
Data Privacy and Decoupling: Ensuring Compliance and Data Integrity
Decoupling data—separating sensitive data from less critical information—has emerged as a vital approach to maintaining data privacy while meeting the challenges of modern business operations. This session will focus on how CISOs can implement data decoupling and adjust their data architecture to protect sensitive information, ensure compliance with privacy regulations, and reduce the risk of data breaches.
Â
Attendees will gain insights into best practices for safeguarding data while maintaining the flexibility to scale operations and adapt to changing regulatory requirements. The session will also explore real-world case studies where organizations have successfully decoupled data, ensuring data privacy and minimizing exposure.
Â
Key Discussion Points:
- Decoupling Data for Privacy: Strategies to separate sensitive data for improved security and regulatory compliance.
- Adapting to New Privacy Regulations: How businesses can adjust data architecture to stay compliant with global data privacy laws.
- Minimizing Data Breach Risks: Best practices for protecting sensitive information and reducing data breach impacts.
- Case Studies on Data Decoupling: Real-world examples of how companies have implemented data decoupling to protect data privacy.
Â
Lana DeMaria, Head of Data Governance and Privacy, Alaska
Airlines
Aravind Swaminathan, Partner, CyberEdBoard Member, Orrick,
Herrington& Sutcliffe LLP
Sarah Carrier, Privacy Program Manager, Seattle Information
Technology Department
Augie D'Agostino
CISO, UW Medicine
William Lidster
CISO, AAA Washington
Sacha Faust
CISO, Grammarly
Agentic AI and the Future of Autonomy in Security
Agentic AI introduces autonomous systems capable of executing complex tasks, making decisions, and collaborating with other AI agents—all without human intervention. These systems go beyond prediction and content generation, offering organizations the ability to automate workflows, improve efficiency, and adapt to dynamic challenges with unprecedented agility.
Â
While the potential benefits of agentic AI are vast, its rise also introduces new risks. As autonomous agents take on critical roles across industries, questions around security, accountability, and ethical governance come to the forefront. How can organizations ensure these systems operate safely within established parameters? What vulnerabilities might emerge as agentic AI becomes a target for exploitation? This session will examine the dual impact of agentic AI on business innovation and security resilience, offering practical insights for leveraging its power while safeguarding against misuse.
Â
Key Takeaways:
- Understand how agentic AI differs from previous waves of AI and its implications for business operations and security.
- Explore strategies for securely integrating autonomous agents into critical workflows.
- Identify emerging vulnerabilities posed by agentic AI and how to mitigate them effectively.
- Discuss ethical and regulatory considerations essential for the responsible deployment of agentic AI.
Â
Augie D’Agostino, CISO, UW Medicine
William Lidster, CISO, AAA WashingtonÂ
Sacha Faust, CISO, Grammarly
Alexander Vitruk
CyberEdBoard Member, Senior Associate Attorney, BakerHostetler
Ginger Armbruster
Chief Privacy Officer and IT Division Director, City of Seattle
Mastering Washington's Data Privacy Framework
These laws grant consumers enhanced control over their data, mandate stricter requirements for data processing and disclosure, and impose substantial penalties for non-compliance. Recent breaches, such as T-Mobile’s series of cyberattacks that compromised millions of customer records, highlight the devastating consequences of insufficient security measures. These incidents underscore the urgent need for organizations to fortify their defenses against evolving external threats and internal vulnerabilities while adhering to complex regulatory demands.
Â
This session offers a practical roadmap for navigating Washington’s privacy regulations, covering compliance with the My Health My Data Act, Washington Privacy Act (WPA), and aligning with frameworks like HIPAA and GDPR. Real-world case studies highlight vulnerabilities in encryption, data handling, and incident response, providing lessons for breach prevention and mitigation. We will explore how AI can enhance compliance, threat detection, and mitigate risks like algorithmic bias. A focus on Zero Trust frameworks will guide implementing encryption, MFA, and role-based access controls to strengthen security. Finally, actionable strategies for CISOs will provide tools for risk assessments, audits, and building robust incident response protocols to protect against regulatory, financial, and reputational risks.
Â
Key Takeaways:
- Gain a clear understanding of Washington’s privacy laws, including their operational impact and how they intersect with broader federal and international mandates.
- Learn how to prevent catastrophic breaches by studying the failures and vulnerabilities exposed in real-world cases, including T-Mobile’s high-profile incidents.
- Discover how to leverage AI tools for real-time threat detection and compliance automation while embedding Zero Trust architectures to enhance overall security resilience.
Alexander Vitruk, CyberEdBoard Member, Senior Associate
Attorney, BakerHostetler
Ginger Armbruster, Chief Privacy Officer and IT Division
Director, City of SeattleÂ
Varsha Agarwal
CyberEdBoard Member, Head of Information Security, Prosper Marketplace
Cybersecurity Summit Dallas: Data Security
Uncovering Insider Threats with Behavioral Analytics
Behavioral analytics offers a powerful tool for identifying subtle activity changes that could indicate malicious actions or unintentional risks before they evolve into serious breaches.This session will dive into advanced methods for applying behavioral analytics to insider threat detection, including leveraging machine learning, anomaly detection algorithms, and seamless integration with existing security tools.
Â
Through real-world examples, CISOs will explore how this technology can uncover suspicious access patterns and unusual data transfers, delivering proactive defenses against insider threats.
Â
Key Technical Takeaways:
- Machine Learning for Behavioral Insights: How to train models that pinpoint deviations in user activity across diverse systems.
- Real-Time Detection: Implementing anomaly detection techniques to identify irregularities as they occur.
- Integration with SIEM and SOAR: Using behavioral data to enhance automation and incident response workflows.
- Case Studies: Technical analysis of successful behavioral analytics implementations, emphasizing reduced false positives and operational gains.
Â
Â
Varsha Agarwal, CyberEdBoard Member, Head of Information
Security, Prosper Marketplace
CyberEdBoard
United States Secret Service
Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats
This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.
Â
What You Will Gain From This Experience:
Â
- Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks.
- Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems.
- Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.
CyberEdBoad & The U.S. Secret Service
Eric Sanchez
CISO, CyberEdBoard Member, Orrick, Herrington & Sutcliffe LLP
George Williams
CIO, Washington Liquor and Cannabis Board
Building Intelligent Data Infrastructure: Unlocking Cross-Industry Potential
From healthcare to financial services, companies must rethink their data management strategies to drive efficiency, security, and innovation. A modern data infrastructure can transform raw data into a powerful resource, optimizing performance and enabling smarter decision-making while safeguarding sensitive information. Whether you’re looking to modernize your data strategy or protect critical assets, this session offers practical insights to help you build a data infrastructure designed to meet the challenges and opportunities ahead.
This session will explore the components of a resilient, secure, and scalable data infrastructure, highlighting how intelligent systems can deliver actionable insights, automate workflows, and meet the growing needs of diverse sectors.
Â
Key Topics Include:Â
Â
- Leveraging AI for Efficiency: How intelligent systems can streamline operations and generate insights that lead to better business outcomes.
- Enhancing Security: Approaches for embedding strong security measures directly into your data infrastructure to protect against emerging threats.
- Scalability for the Future: Developing a flexible and adaptable infrastructure capable of evolving with your business needs and handling increasingly complex workloads.
Â
Eric Sanchez, CISO, CyberEdBoard Member, Orrick, Herrington & Sutcliffe
LLP
George Williams, CIO, Washington Liquor and Cannabis BoardÂ
Don’t miss your chance to attend this dynamic impactful event
#ISMGSummit
@ISMG_News
Past Summit Sponsors
CPE Credits
ISMG Summits offer Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.
The Summit Experience
Future Events
March 12, 2025
ISMG Presents X-Force Cyber Range Threat Simulation Immersive Experience with IBM & AWS
April 10, 2025
Financial Services Summit: Unlock the Power of Your Unstructured Data with Box
Future Events
March 12, 2025
ISMG Presents X-Force Cyber Range Threat Simulation Immersive Experience with IBM & AWS
April 10, 2025
Financial Services Summit: Unlock the Power of Your Unstructured Data with Box
Katie Jenkins
EVP & CISO , Liberty Mutual Insurance
Threat Intelligence and the Dark Web
In this session, a banking security leader and an FBI agent detail:
- What the dark web is – and is not;
- How to gain useful and complete information and apply it;
- The pros and cons of going solo vs. hiring a service.
