April 7, 2025
Workshop
1:00 pm - 5:00 pm
TLP RED: Leveraging Open Source Intelligence (OSINT) for Real-World Threats – Advanced OSINT Training and Workshop
Join RH-ISAC's celebrated OSINT experts in an advanced open source intelligence collections and analysis crash course. The OSINT workshop is designed to equip RH-ISAC members with the skills and knowledge necessary to effectively gather, analyze, and utilize open-source intelligence (OSINT) for various applications, including cy...
Networking Event
4:30 pm - 5:00 pm
First-Time Attendee Kick-Off Reception
Welcome to the 2025 RH-ISAC Cyber Intelligence Summit! We're glad you're joining us in St. Louis! As a first-time attendee, come early for the Welcome Reception to mix and mingle with some of the RH-ISAC's Summit Working Group, Board of Directors, Speakers, and other long-time attendees and friends of the RH-ISAC. Meet some fell...
Networking Event
5:00 pm - 7:00 pm
Welcome Reception
Welcome to the 2025 RH-ISAC Cyber Intelligence Summit! Say hello to old friends, meet new peers, and help kick off the 2025 conference on the top of the Hyatt Regency St. Louis at the Arch!
Open to all RH-ISAC Summit attendees. No additional registration is required....
Networking Event
7:00 pm - 10:00 pm
Private | CISO Dinner
The RH-ISAC CISO Dinner is an invite-only event for select CISOs and special guests of the 2025 RH-ISAC Summit.
April 8, 2025
Keynote
8:45 am - 9:45 am
Opening Remarks & Keynote: Leading with Expertise: CISOs as Champions of Resilience
Welcome to the RH-ISAC Summit! We're thrilled to kick-off the conference with a panel that seeks to celebrate the expertise of CISOs while underscoring the importance of humility and teamwork in building a resilient cybersecurity posture. Panelists will share personal stories and insights to inspire peers and aspiring leaders.
...
Networking Event
9:45 am - 10:15 am
Kickstart Conversations – An Interactive Ice Breaker
Networking doesn’t have to be awkward! We’re gearing up for two full days together, so use this session to kickstart meaningful conversations and build new connections in this interactive session featuring ‘Get to Know You Bingo’. Designed to break the ice and spark engaging discussions, this activity encourages particip...
Strategic
10:45 am - 11:30 am
Leaner & Meaner: Driving Efficiency with a Smaller Team
This panel of restaurant cybersecurity leaders will discuss strategies major restaurant brands use to build lean programs and teams. Participants will explore how to build resilient, disciplined, and efficient organizations under budget constraints and explore streamlining architecture, technology selection, and robust capabilit...
Tactical
10:45 am - 11:30 am
Honey, I Shrunk the Threats: Automating IOC Workflows
A long-term goal for Kontoor’s Cyber Defense team has been to automate rote, mundane tasks performed manually to give us more time to do the meat of incident response and threat hunting. We are proud to share our most current success to-date for automation with the RH-ISAC Community.
This presentation will show the journe...
Operational
10:45 am - 11:30 am
ATO and Beyond: Top 10 Digital Commerce Account Risks & How to Mitigate Them
Everyone knows now that hackers don't break in, they log in. Identity and authentication have gone from being security solutions, to a source of security problems. While the problem is clear most don't know how this happens and what to do about it. This talk explores the most common and painful risks, attack tactics, tools like ...
Sponsored By: IANS Research
Operational
10:45 am - 11:30 am
How Security Researchers Help REI Avoid Breaches
In the first quarter of 2023, 16 cyber breaches affected 170,000 retail victims. According to this year’s Hacker-Powered Security Report, retail organizations have seen a 42% rise in verified vulnerabilities, a significant leap compared to the broader industry's increase of 12%.
This fireside chat between HackerOne and REI wi...
Sponsored By: HackerOne
Private Session
11:45 am - 2:45 pm
Closed-Door CISO Meeting
*SESSION BEGINS AT 11:45 A.M.* Lunch will be provided.
PRIVATE SESSION: Open to CISOs Only.
This extended breakout session covers a series of discussion topics selected by the RH-ISAC's CISO Task Force. We'll dive into key challenges and priorities faced by our CISO community. A list of discussion topics will be coming s...
Brown Bag Lunch
11:45 am - 12:45 pm
LUNCH: Brown Bag Featured Discussions
Grab a sack lunch and find a group to sit with based on a topic of interest. This casual forum allows for free-flowing discussion with fellow practitioners and peers. We’ll have tables assigned with discussion leaders to facilitate conversation on topics from Working Groups and Security Collaboration Efforts such as:
Frau...
Sponsored By: Zscaler
Operational
1:00 pm - 1:30 pm
Countering the Threat of DPRK Insider Threats
Recently CISA issued a report on DPRK attempting to infiltrate operatives into United States businesses as contractors. These contractors were specifically targeting remote positions and then multiple individuals within APT units would have access to corporate environments. Some highly sophisticated and some not sophisticated te...
Operational
1:00 pm - 1:30 pm
Built-In Exploits: Uncovering the Extent of the Unmanaged xTended Internet of Things
With billions of smart devices in use today, there are now 10 times as many xTended Internet of Things (xIoT) devices in the world than all traditional endpoints combined. Most of these devices – including IoT and OT cyber-physical systems – remain unknown, unmonitored, and unmanaged without basic security hygiene. This crea...
Sponsored By: Phosphorus
Tactical
1:00 pm - 1:30 pm
So You’ve Been Named by the FTC…
The FTC recently called out Best Buy as a most abused brand amongst a few others. The presentation will highlight the action Best Buy has taken to reduce brand abuse from both a CTI and business operations perspective. We’ll cover our intelligence processes and techniques for collecting, analyzing and taking action on brand ab...
Private Session
1:00 pm - 2:45 pm
Closed-Door CISO Meeting (Cont.)
PRIVATE SESSION: Open to CISOs Only.
This extended breakout session covers a series of discussion topics selected by the RH-ISAC's CISO Task Force. We'll dive into key challenges and priorities faced by our CISO community. A list of discussion topics will be coming soon....
Operational
2:00 pm - 2:30 pm
Considerations for Securing Gen AI on Corporate Environments
As organizations increasingly integrate Generative AI (Gen AI) into their operations, ensuring the security of these technologies can be challenging. Daniel and Diego will explore the considerations Casey's had to think about when implementing and securing a corporate Gen AI solution.
Attendees will gain insights into best ...
Operational
2:00 pm - 2:30 pm
The Ever-Evolving Adversary: Insider Threats, Hactivism and eCrime
Adversaries are increasingly bypassing legacy detection methods, resulting in a 55% rise in interactive intrusions. They're mastering cross-domain attacks – targeting endpoints, identities, and cloud environments – while groups like SCATTERED SPIDER refine their techniques to exploit the cloud.
To effectively stop and d...
Sponsored By: CrowdStrike
Private Session
2:00 pm - 2:45 pm
Closed-Door CISO Meeting (Cont.)
PRIVATE SESSION: Open to CISOs Only.
This extended breakout session covers a series of discussion topics selected by the RH-ISAC's CISO Task Force. We'll dive into key challenges and priorities faced by our CISO community. A list of discussion topics will be coming soon....
Tactical
2:00 pm - 2:30 pm
Advancing MISP for Better Intelligence: Updates, Enhancements, and Community Impact
Over the past year, the RH-ISAC has made significant strides in advancing the usage of MISP for cyber threat intelligence sharing. This session will cover key developments, including upgrading to the latest MISP 2.5 release, enhancements to our enrichment and vetting process, and the introduction of member-vetted indicator tags ...
Operational
3:00 pm - 3:45 pm
Unleashing Security Data Power
CISOs need to harness all their security data to quantify risk, articulate efficacy of controls and demonstrate strategic needs for the Board to approve. The problem is that application and database logs, asset and vulnerability data, security telemetry and user identity information are spread over many legacy technologies that ...
Sponsored By: Security Risk Advisors
Tactical
3:00 pm - 3:45 pm
TLP RED: A Famous Chollima Event at an Anonymous Member’s Organization
This TLP:RED session is presented by a practitioner from an RH-ISAC member organization who experienced an event attributed to Famous Chollima (AKA UNC5267, Nickel Tapestry, ), a North Korean state-backed threat actor. This threat actor conducts operations to illicitly obtain freelance or full-time IT positions to earn a salary ...
Strategic
3:00 pm - 3:45 pm
Harness the Power of NRF’s Fraud Taxonomy
The NRF Retail Fraud Taxonomy is a knowledge base of retail fraud and abuse techniques derived from real-world observations, aimed at enhancing the community's ability to define, understand, prepare for, mitigate, and detect fraud. The Taxonomy provides coverage of fraud behaviors, mitigations, and detections from a wide range o...
Tactical
3:00 pm - 3:45 pm
Advancing MISP – Office Hours
Questions about MISP? Sit down with RH-ISAC's Principal Threat Researcher, JJ Josing, for an informal discussion or a deep-dive in the weeds. This office hours-style session is your time to connect with our resident expert on MISP.
Operational
3:00 pm - 3:45 pm
Building Resilient Teams: Best Practices for Security Awareness, Effective Content, and Phishing Simulations
This discussion explores best practices for creating and implementing effective security awareness training. Experts will discuss developing engaging and relevant content, including exploring the role of AI in personalized training. The panel will also address measuring program effectiveness and identifying key takeaways for...
Keynote
4:15 pm - 5:15 pm
How I Would Hack You: Live!
This live demo is one of Tobac’s most sought-after events. We picked a member, someone with a social media presence and a sense of humor, and she will hack them LIVE. Of course, with zero real-world consequences or harm to their social identity or your organization’s cyber security. As she hacks them, Tobac explains, step by...
Networking Event
5:15 pm - 6:15 pm
Happy Hour
Celebrate the first day of the RH-ISAC Summit while enjoying light snacks and drinks!
Networking Event
6:15 pm - 7:30 pm
Wine Tasting
Unwind after the first day of the RH-ISAC Summit during the Wine Tasting Networking Event, designed to bring together great minds over exceptional wines. This gathering is the perfect setting to expand your network while exploring a curated selection of fine wines. Guided by local expert sommeliers, you’ll discover unique vari...
Sponsored By: IONIX
Networking Event
6:15 pm - 7:30 pm
Whiskey Tasting
Help close out the first day of the Summit with some whiskey and great conversation at the RH-ISAC’s inaugural Whiskey Tasting Networking Event. This gathering offers a perfect blend of professional connections and curated whiskey selections. Whether you're a seasoned connoisseur or just whiskey-curious, a local expert guide w...
Sponsored By: Varonis
April 9, 2025
Networking Event
7:30 am - 8:15 am
Leveraging Conversations to Build Stronger Relationships: Leadership & Learning Breakfast
Join Joyce Brocaglia, Chief Executive Officer of Executive Women’s Forum, and Linda Dolceamore, Chief Leadership Development Officer of Executive Women’s Forum, for an interactive breakfast session that will elevate your ability to deepen connections and increase trust in relationships through the neuroscience of conversatio...
Keynote
8:45 am - 9:45 am
Opening Remarks & Keynote: Staying Ahead: Proactive Cyber Strategies for a Secure Future
In an era where cyber threats evolve faster than ever, organizations must shift from reactive defense to proactive strategy. This keynote will explore the critical steps retail and hospitality businesses can take to anticipate and mitigate threats before they strike. Discover how to harness threat intelligence, implement predict...
Tactical
10:00 am - 10:45 am
CTI Writing 101 – Part 1
Lee Clark, the CTI Production Manager for the RH-ISAC, will provide an introduction to strategies and tools for effectively reporting on CTI subjects in an actionable way. Structured as an interactive workshop, Lee’s training will focus on process, structure, focus, and content triage for analysts looking to build or refresh t...
Operational
10:00 am - 10:45 am
DIGITAL DECEPTION: Deepfakes – The New Face of Cybercrime (2.0)
Generative AI technology is evolving at an alarming rate, and one of the biggest advancements comes in the form of Deepfakes. Deepfakes, while fun and entertaining, are also transforming the cybercrime ecosystem – enabling fraud, disinformation, and social engineering attacks. This presentation explores the intersection of cyb...
Operational
10:00 am - 10:45 am
The ROI of Security Investments: Protecting Global Hospitality Infrastructure at Wyndham Hotels & Resorts
In the fast-paced retail and hospitality industry, customer trust and operational uptime are vital. Discover how Wyndham Hotels & Resorts leverages automated security validation to tackle modern security challenges. Join Jay Mar-Tang, Pentera’s Field CISO, to learn how to prove ROI by reducing critical exposure, cutting co...
Sponsored By: Pentera
Strategic
10:00 am - 10:45 am
A Day in the Life of a BISO
This session delves into the crucial role of the Business Information Security Officer (BISO) in today's organizations. We'll explore the unique responsibilities of a BISO, focusing on how they bridge the gap between business objectives and cybersecurity requirements. Effective communication and collaboration will be highlighted...
Strategic
11:15 am - 11:45 am
Cyber Risk Quantification: Putting a Price Tag on the Apocalypse
Ever wondered what it costs when the digital world goes up in flames? This presentation dives into Cyber Risk Quantification, where we turn guessing into numbers, chaos into charts, and ask the ultimate question: just how much should we panic? Borrowing a page from the actuaries who quantify everything from car crashes to hurric...
Operational
11:15 am - 11:45 am
Threat Intelligence – The Final Puzzle For an Effective Cyber-Program
We are a small team who implemented threat intelligence into our daily cyber security operations. The objective for this presentation is to reinforce the idea that threat intelligence is the final enabler in any cyber security program, not just those with fully staffed Threat Intel Operators. From tactical indicator collection, ...
Operational
11:15 am - 11:45 am
Hunting Fake Online Shops
The HUMAN Threat Intelligence and Research team, Satori, has discovered a sophisticated network of websites that advertise themselves as online shops of various commodities, such as clothes, gaming miniatures or books. While the sites seem to be integrated with a third party payment system and able to take payment, the product l...
Sponsored By: HUMAN Security
Tactical
11:15 am - 11:45 am
CTI Writing 101 – Part 2
Lee Clark, the CTI Production Manager for the RH-ISAC intelligence team, will provide an introduction to strategies and tools for effectively reporting on CTI subjects in an actionable way. Structured as an interactive workshop, Lee’s training will focus on process, structure, focus, and content triage for analysts looking to ...
Keynote
12:15 pm - 1:00 pm
Home Depot’s Soc Transformation Story
This session explores key strategies for a SOC transformation and examines two key aspects of Home Depot’s journey – people and processes. CISO Chris Lanzilotta and Cybersecurity Director Joe Minieri take the stage to share strategies for maximizing impact with the resources you have, talent considerations for internal mobil...
Tactical
1:15 pm - 2:00 pm
From Intelligence to Action: CTI-Driven Red Teaming
Attendees of the talk “From Intelligence to Action: CTI-Driven Red Teaming” can expect to gain a comprehensive understanding of how Cyber Threat Intelligence (CTI) can be effectively integrated into red teaming activities. They will learn the basics of CTI, including its components like Indicators of Compromise (IOCs) and Ta...
Operational
1:15 pm - 2:00 pm
Constructing Supply Chain Intelligence Programs
This presentation will focus on the ongoing challenges to securing supply chains amid disruptions such as geopolitical upheaval, transportation disruptions, environmental challenges, societal shifts, and cyber threats. It will discuss how to develop an intelligence program that proactively identifies and monitors these uncertain...
Sponsored By: ZeroFox
Strategic
1:15 pm - 2:00 pm
ATO for Online Travel Agencies
Since 2023, the hospitality industry has experienced a surge in social engineering campaigns targeting online travel agencies (OTAs) and customer relationship management (CRM) platforms. These attacks range from account takeovers and customer fraud to the deployment of info-stealers, often utilizing fraudulent domains that mimic...
Operational
2:15 pm - 2:45 pm
Securing the Retail and Hospitality Industries in the Age of Connected Experiences
The retail and hospitality sectors face a unique set of cyber threats due to their reliance on interconnected systems, the collection of vast amounts of customer data, and the increasing use of technology to enhance customer experiences. This presentation will delve into the specific vulnerabilities and attack vectors targeting ...
Sponsored By: Google Cloud Security
Strategic
2:15 pm - 2:45 pm
Las Vegas CISO Group – High-Trust Collaboration Since 2014
In early 2014, the Las Vegas CISO group was formed by CISOs of three major organizations in Las Vegas. They individually spread the word and started forming quarterly in-person meetings with local cyber and IT leaders. The group has consistently met on a quarterly basis ever since, retaining its pure independence, with strict ru...
Tactical
2:15 pm - 2:45 pm
Threat Informed Defense is as Easy as 1, 2, 3
The presentation will start with a brief overview of what is and is not threat informed defense (TID). Then it will break down the 3 dimensions of TID - CTI, Defensive Measures, and Test & Evaluation - and how to discreetly measure if your team is doing those dimensions, and to what level. I will then introduce a model, call...
Keynote
3:15 pm - 4:15 pm
Your Date with Destiny: Preparing for Your Finest Hour
What if your greatest challenge was actually preparing you for your greatest triumph? Join Captain Christopher Behnam, the pilot who masterfully landed a United Airlines 777 after a catastrophic engine failure over the Pacific, as he shares his harrowing experience and the lessons learned. This powerful keynote delves into the c...
Networking Event
4:15 pm - 5:15 pm
Closing Reception & Prize Drawing
Are you feeling lucky? Did you visit the vendor booths and enter for a chance to win some fun prizes? Help us wrap up the Summit and celebrate another great event at the closing reception - with prizes drawn by our illustrious emcee, Luke Vander Linden....
Networking Event
6:00 pm - 10:00 pm
Member Meeting & Awards Celebration
Join your RH-ISAC retail and hospitality cybersecurity peers for an evening of celebration. We’re taking over the St. Louis Cardinals’ Ballpark Village Premium Sports bar, Bally Sports Live! This event, sponsored by Google, showcases the milestones we’ve achieved together and honors the 2025 Peer Choice Awards winners. ...
