Session 1

Darren Weiner is the Chief Cloud Officer of CloudButton, LLC, a Colorado-based AWS consulting firm that helps organizations with finite internal resources accelerate their cloud maturity. With over a decade of specialized AWS experience and decades of broader IT leadership, Darren combines hands-on technical expertise with strategic vision to deliver measurable outcomes in cloud security, cost optimization, disaster recovery, DevSecOps, and organizational scale.

He works closely with engineering, DevOps, and IT teams to identify critical pain points—whether infrastructure fragility, excessive cloud costs, or gaps in cloud security—and drives outcome-driven solutions. Darren’s approach emphasizes incremental improvements, knowledge transfer, and building systems that are resilient, scalable, and maintainable over time.

In addition to his role at CloudButton, Darren is a former President of the Colorado chapter of the Cloud Security Alliance, where he helped shape local cloud security practices and professional development for cloud practitioners.

Darren Weiner

Room: ACATriax

Agentic AI is taking over my job and is going to eat us all.

The recent evolution of Agentic AI is transforming the AI technology landscape once again, as we move from single-turn interactions to highly automated and complex activities that require minimal human input.

The presentation will be a live demonstration of how agentic AI is going to not only take over the world of DevSecOps and Infrastructure as code but also benefit bad actors who can and are using it to ease the burden of having to work hard to fully compromise your cloud infrastructure.

Rather than just discuss what agents can do, this talk will demonstrate, in real-time, the complex tasks and interactions that are possible, which includes observing an agent in the ""thinking"" process and responding to feedback loops.

Security Karmic Debt Just Sent Us A Bill And AI Is Here to Collect

Enterprises are racing to deploy AI, particularly autonomous, tool-using “agentic” systems, into environments where the basics of data classification, protection, identity security, and governance have been neglected for years. This talk confronts the paradox at the center of that rush: we’re handing new, faster, and more capable machines the very data we failed to safeguard with slower, simpler technology. The bill for that security karmic debt is due, and AI is here to collect, with interest.

Richard Bird will decode the distinct risk profiles of agentic AI and generative AI, and how they interplay with each other in a digital landscape surrounded by a security architecture that was built for static assets, not dynamic AI. From over-permissioned identities to publicly exposed secrets and permanently open sessions (and the exploit that will not die - SQL injection), Richard will dive into the history of security performance in the US and globally and what the widespread adoption and embrace of AI services, agents and features could mean when the rush to AI greatness meets universal lack of preparedness in today's enterprise world.

Richard Bird

Room: Bresnan

Richard Bird is the Chief Security Officer for Singulr AI, an AI security and governance solution, and a six-time C-level executive in the corporate and startup world. Internationally known for his observations on AI security, data privacy, digital consumer rights, and identity security. Richard currently focuses his attention on the operationalization of AI and how we can secure, govern and control the use of AI effectively. He is also the author of Famous With 12 People: A Career Guide on Becoming an Internationally Recognized Expert in Something Nobody Cares About, and Richard is frequently quoted on cybersecurity topics and headline news events in the media and has been featured by ISMG, The Wall Street Journal, CNBC, Bloomberg, Financial Times, Business Insider, CNN, Dark Reading, and TechRepublic.

As the Chief Information Security Officer at Swimlane, Michael Lyborg is responsible for overseeing the global information security and enterprise IT functions, ensuring the highest standards of security and compliance for our customers and partners. With over two decades of experience in cybersecurity, IT, and consulting, he contributes a wealth of knowledge and expertise to the company, coupled with a commitment to innovation and excellence.

His core competencies include FedRAMP and third-party risk management (TPRM), computer network defense, vulnerability assessments, forensic investigations, project and knowledge management, and team leadership. He has successfully led diverse and cross-functional teams across multiple regions and continents, delivering complex and high-impact projects and missions under challenging and dynamic conditions. His objective is to empower and enable Swimlane to achieve its vision of automating and streamlining security operations for organizations worldwide.

Michael Lyborg

Room: Saeman

Lessons Learned while Building, Securing, and Ensuring Privacy + Governance for the Responsible use of Autonomous Security, and IT Operations

Ultimately, what not to do, resources available to do it "right", and how to ensure that the design, architecture, and operational use supports the required outcomes for the desired use cases while optimizing costs and adhering to ISO 42001 standards.

Preparing for a 42001 Audit: Turning AI Governance into Evidence

AI adoption is outpacing governance, and regulators are catching up fast. For organizations that want to demonstrate responsibility, trustworthiness, and compliance, ISO/IEC 42001:2023 is the new benchmark. It is the first international, certifiable standard for AI management systems, designed to help companies govern AI responsibly while mitigating risks such as bias, privacy violations, security vulnerabilities, and regulatory non-compliance.

But while interest in 42001 is skyrocketing, readiness remains low. Few organizations have mapped their AI practices to a formal framework, and fewer still have the processes, evidence, and controls required to survive an audit. In many cases, companies don’t even know where to begin.

This session—“Preparing for a 42001 Audit: Turning AI Governance into Evidence”—offers a practical, business-focused roadmap to certification readiness. We will walk participants through the challenges of operationalizing AI governance, including:

Gap Identification - How to compare current AI policies and practices against ISO 42001 requirements. What to do if you don’t yet have formal AI policies or inventories.

Cross-Functional Ownership - Why audit readiness requires more than IT or legal. How to engage product, engineering, HR, and procurement in documenting AI use cases.

Evidence and Documentation - What auditors will actually look for (policies, risk assessments, monitoring records). How to turn day-to-day practices into defensible evidence without overburdening teams.

Integration with Existing Programs - Leveraging ISO 27001, ISO 37301, or NIST AI RMF to accelerate 42001 readiness. Avoiding duplicate efforts by building on what you already have.

Continuous Monitoring and Improvement - Designing metrics, KPIs, and review cycles to keep your AI governance framework alive. Preparing for surveillance audits and future regulatory expansion.

The session will be grounded in real-world lessons from privacy, compliance, and information security audits, translated into the unique challenges of AI.

Devan Brua & Pierce Cardamone

Room: Kahn

Devan Brua is a seasoned privacy and compliance leader who helps organizations build trustworthy, efficient, and innovation-driven programs for privacy and AI governance. As the owner of PrivacyWise, a boutique consultancy, she combines Big 4 training with a hands-on, operator mindset to deliver practical, business-aligned solutions that make compliance a catalyst for growth rather than a barrier.

At PrivacyWise, Devan supports organizations at every stage of maturity—whether they are building governance programs from the ground up or integrating advanced technologies into existing frameworks. Her services span privacy risk assessments, compliance program development, vendor management, data mapping, ethical AI policy design, and DPO-as-a-service. In every engagement, she bridges legal, product, and engineering perspectives, reinforcing privacy and data governance as strategic enablers instead of afterthoughts.

With over two decades of expertise, Devan excels at weaving together privacy law, operational needs, and strategic foresight. She designs governance models that adapt to rapidly evolving regulatory landscapes—including GDPR, CCPA, and emerging AI-specific mandates—while preserving organizational agility. Whether diagnosing program gaps, drafting policies, or building training and awareness initiatives, she empowers teams to adopt privacy and AI governance with confidence and clarity.

Clients describe her approach as empathetic, practical, and results-driven. She moves beyond checkbox compliance to foster cultures where ethical, secure practices become part of everyday workflows. Her frameworks are known for being scalable, intuitive, and tailored to each organization’s unique industry and growth trajectory.

Devan and her team at PrivacyWise regularly share their expertise at leading privacy and technology conferences, advocating for governance frameworks as strategic accelerators rather than burdens. Her perspective emphasizes that privacy and AI governance are not impediments to innovation, but essential differentiators in an increasingly regulated and risk-sensitive business landscape.

Page updated

Google Sites

Report abuse