Blue Team Con 2026

10:30am CDT

Beyond the SIEM: Critical Governance and Architecture Decisions for Modern SOCs

Saturday September 12, 2026 10:30am - 11:30am CDT

Modern Security Operations Centers (SOCs) have evolved from basic technical hubs into essential engines for risk management. Success requires a disciplined alignment of governance, architecture, and talent to ensure every action remains resilient and defensible. This session presents a structured methodology to balance high-level technical capability with fiscal responsibility and regulatory mandates. By evaluating SOC evolution through the lens of financial and legal risk, organizations can build a function that is both highly effective and accountable to the board of directors.

We begin by discussing why governance must precede tooling to avoid embedding technical debt into the center’s foundation. This involves identifying critical assets, defining precise operational scope, and mapping risks driven by regulatory frameworks and customer contracts. Once these boundaries are set, we explore how to design a technical backbone that eliminates unnecessary complexity. We will evaluate a tiered log strategy where a security data lake handles high-volume telemetry while the primary analytics engine is reserved for real-time, high-fidelity alerting. This strategic approach prevents cost escalation while providing the depth required for advanced automated workflows.

We also address workforce modeling, demonstrating how technology choices dictate staffing requirements. By examining the mathematical rule of five, we evaluate the requirements for sustainable 24/7 coverage while preventing analyst burnout. The session concludes by reviewing how these elements create a living function that leverages automated triage and standardized playbooks to reduce manual effort by 60–80%. Attendees will learn to formalize critical escalation paths and measure performance through a trinity of operational, contractual, and compliance metrics, ultimately validating defenses through structured training to maintain a proactive, intelligence-driven posture.

Speakers

Bart Stump, "Stumper"

Managing Principal, Coalfire

Bart Stump is a Managing Principal on the Threat Discovery Services team at Coalfire with over 19 years of experience. He specializes in identifying defensive gaps through threat hunting, cyber threat intelligence, and security tool gap analysis to implement robust defensive measures. For... Read More →

Jeremy Croghan

Director, Coalfire

Jeremy Croghan is a seasoned cybersecurity leader and Director of Business Resiliency at Coalfire with over 20 years of experience, including U.S. Marine Corps service. He specializes in aligning the complex regulatory requirements of any industry with organizational policies to ensure... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company Coalfire
Audience Intermediate
Subject Governance / Risk / Compliance
global Y

10:30am CDT

Building the Human Firewall: Why Security Awareness Must Precede the Workplace

Saturday September 12, 2026 10:30am - 11:30am CDT

Swissôtel Chicago

Cybersecurity conversations often begin inside corporate boardrooms and Security Operations Centers but by then, the foundation for risk is already set. In a world where digital native generations are entering the workforce, the strongest "human firewall" must be established long before an employee receives their first corporate login.
This session reframes cybersecurity education as a foundational life skill rather than a purely technical discipline. By shifting the focus from corporate compliance to early digital awareness, organizations can significantly reduce their long-term enterprise risk. We will explore how early exposure to core concepts like digital hygiene, social engineering, and the psychology of trust can create a culture of security that naturally extends into professional environments.
Drawing on practical insights from incident response and governance, risk, and compliance (GRC) frameworks, this talk will demonstrate the direct correlation between proactive digital literacy and a resilient defensive posture. Attendees will leave with a new perspective on training strategies that move beyond "checking the box" and toward a more intuitive, security-first mindset. This session is ideal for security leaders, educators, and anyone interested in the intersection of human behavior and defensive strategy.

Speakers

Nousheen Begum

Cybersecurity Leader | GRC & AI Security | CISSP | VP, WiCyS Wisconsin | Board Member, ISACA Milwaukee & ISC2 Wisconsin, WiCyS Wisconsin

Nousheen Begum is a seasoned cybersecurity professional with over 10 years of experience in Security Operations (SOC), Incident Response, and GRC. She holds an M.S. in Cybersecurity from the University of Illinois Springfield and is a CISSP and CEH certified professional. Currently... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company WiCyS Wisconsin
Audience Intermediate
Subject Governance / Risk / Compliance
global Y

10:30am CDT

Game of Cones: Why Your Crisis Plan Shouldnt Melt Under Pressure

Saturday September 12, 2026 10:30am - 11:30am CDT

Swissôtel Chicago

Your incident response playbook is sitting on a server. The server just got encrypted. Now what?

Most organizations invest heavily in plans they never actually test: polished documentation, detailed runbooks, maybe a shiny new SIEM. Then a real crisis hits. Ransomware. A breach notification deadline. A regulator on line one and a journalist on line two. And everyone discovers, at the worst possible moment, that having a plan and having a practiced plan are two very different things.

This session draws on 18+ years of crisis management consulting across financial services, healthcare, and critical infrastructure — and a parallel career as a court-qualified expert witness in cybersecurity matters — to make one foundational argument: you cannot exercise your way to readiness during a crisis. You have to earn it before one arrives.

We'll start by untangling two exercise types that organizations routinely conflate. Technical Tabletop Exercises are built for your engineers and incident responders: deep, system-specific scenarios that evolve with each inject, stress-testing malware analysis, containment decisions, forensic timelines, and recovery procedures. Crisis Management Exercises are built for the people making the ransom pay/no-pay call at 2 a.m., fielding questions from the board, and deciding what to tell regulators before the mandatory notification window closes. Both matter. They serve different audiences, surface different gaps, and fail in different ways when neglected.

From there, we get practical. Using concrete inject examples drawn from real engagements, we'll examine what a realistic inject sequence actually looks like, how scenarios should evolve under pressure, and how to design exercises that surface real gaps rather than validate comfortable assumptions. We'll walk through common failure patterns: the outdated playbook nobody printed, the escalation path that dead-ends at a person who left the company, the executive team that spent the first 45 minutes of a simulated breach trying to figure out who was supposed to be talking to legal.

We'll also cover the human dimension that most exercise frameworks undercount: trust. You cannot know whether the person next to you will stay calm under real pressure until you've watched them handle simulated pressure. Exercises make your colleagues' behavior predictable. That predictability: knowing who steps up, who freezes, who asks the right questions, is what separates a coordinated response from organized chaos.

Attendees will leave with a practical framework for designing and running exercises that actually move the needle, a clear model for separating leadership-track and technical-track scenarios, and concrete guidance on building post-exercise debrief processes that drive iteration rather than just generating a report nobody reads.

One durable truth ties it all together: the calmest person in the room on the worst day of the organization's life didn't get there by accident. They practiced.

So should you.

Speakers

Richard Suls

US Lead, Advisory Consulting, Reversec

Richard Suls is US Lead for Security Advisory Consulting at Reversec Consulting, where he designs and delivers crisis management exercises and technical tabletops for major financial institutions, healthcare organizations, and critical infrastructure operators. He brings 18+ years... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company Reversec
Audience Intermediate
Subject Governance / Risk / Compliance
global Y

10:30am CDT

Models and More: using data to inform decision making

Saturday September 12, 2026 10:30am - 11:30am CDT

Swissôtel Chicago

Organizations of all types are working to use data to make better decisions. This includes risk management decisions, such as whether to avoid, mitigate, accept, or transfer a particular risk. But what types of data work best? How do correlation and causation impact your risk analysis? Learn from a cyber insurance pro how they balance the speed of modeling and analytics with the deep experience of domain experts to choose what risks to accept. You will walk away with an understanding of how to effectively use different data sources to support risk management in your organization.

Speakers

Amanda Draeger

Principal Cyber Risk Engineer, Liberty Mutual Insurance

Amanda is a Principal Cyber Risk Engineer at Liberty Mutual Insurance. She is an Army vet, has way too many credentials, and likes yarn.

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company Liberty Mutual Insurance
Audience Early Career
Subject Governance / Risk / Compliance
global Y

10:30am CDT

Superposition, not Superstition

Saturday September 12, 2026 10:30am - 11:30am CDT

Swissôtel Chicago

SUPERPOSITION WITHOUT SUPERSTITION
Why the foreseeable state of quantum computing is not a nightmare for security practitioners

In this illuminating talk, we’ll cut through the quantum hype to reveal why security professionals can approach quantum computing with informed confidence rather than panic.

While headlines scream about the imminent apocalypse of our cryptographic systems, reality paints a dramatically different picture. This presentation delivers a refreshingly sober analysis of quantum computing’s actual security implications, replacing fear with facts.

Key Insights:
Reality Check on Timelines
The horizon for practical cryptographically relevant quantum computers stretches far beyond sensationalist coverage, likely years or even decades before systems capable of breaking RSA or ECC at a meaningful scale materialize. Even then, these systems will initially be massive research facilities accessible primarily to nation-states, not everyday threat actors.

“Unless you’re a high-priority target for these select few actors with nation-state resources, should quantum computing really keep you up at night?”

Technical Hurdles That Won’t Disappear Overnight
We’ll dissect the substantial challenges quantum computing still faces, comparable to nuclear fusion energy, where “breakthrough announcements” often represent minimal progress in the greater journey. Error correction requirements, qubit coherence limitations, and scaling challenges aren’t merely engineering problems but fundamental physics puzzles requiring revolutionary solutions.

The Quantum Security Advantage
Discover how quantum technologies themselves offer robust security benefits through innovations like Quantum Key Distribution (QKD). Learn how the security community’s decades of preparation have yielded practical post-quantum cryptographic standards and hybrid approaches that organizations can implement today as part of sensible transition strategies.

Practical Preparation
Walk away with actionable insights on how to approach quantum-resistant security planning without overinvesting or underestimating. Learn which threats are real, which are exaggerated, and how to communicate quantum risks accurately to stakeholders and executives.

Join us for a reality-based assessment that replaces quantum superstition with quantum understanding, providing security practitioners with a practical perspective on this fascinating technological frontier.

This session is ideal for CISOs, security architects, and security practitioners who need to separate quantum computing fact from fiction.

Speakers

Johnny Xmas

Global Head of Offensive Security, Fortune 150 Food & Bev Manufacturer

Johnny Xmas, a prominent figure in the Information Security community since 2002, is a board member of both Chicago's famous BurbSec community, as well as its BSides312 conference. He's most notably recognized for his pivotal role in exposing the American TSA Master Key leaks (2014-2018... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company Fortune 150 Food & Bev Manufacturer
Audience Intermediate
Subject Governance / Risk / Compliance
global Y

Blue Team Con 2026

From $0.00

Tickets

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Bart Stump, "Stumper"

Jeremy Croghan

10:30am CDT

Nousheen Begum

10:30am CDT

Richard Suls

10:30am CDT

Amanda Draeger

10:30am CDT

Johnny Xmas

Get help with the event

Choose your checkout method

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Bart Stump, "Stumper"

Jeremy Croghan

10:30am CDT

Nousheen Begum

10:30am CDT

Richard Suls

10:30am CDT

Amanda Draeger

10:30am CDT

Johnny Xmas

Get help with the event