Speakers
Eric Kuehn, Principal Security Consultant at Secure Ideas; Member of the IANS Faculty - Secure Ideas
- Presenation: I Get Knocked Down - But Getting Up Isn’t Enough
"I get knocked down, but I get up again - you're never gonna keep me down." Chumbawamba had the right spirit, but most organizations have the wrong execution. The good news? You probably have a recovery plan and a resilience strategy. The bad news? Having them isn't the same as having them work.
In this talk, I'll break down why resilience and recovery fail in practice even when organizations think they've planned for both, what the difference actually looks like when things go wrong, and how to pressure-test whether your plans will hold up when Chumbawamba's optimism meets reality.
You've got a plan. Let's find out if it works.
Bio: I've spent 26 years working across enterprise operations, engineering, architecture, and security. Most of that time has been spent on identity; specifically Active Directory and everything that touches it, which turns out to be just about everything. At Bank of America I built and managed the AD infrastructure for a global enterprise: 6 million objects, 11 forests, 35 domains, and enough edge cases to fill a conference talk or two. Since 2017 I've led the consulting team at Secure Ideas, where we spend our time breaking into networks and applications professionally and helping organizations understand what that means for their actual business risk, not just a list of CVEs. On the defensive side, I focus on identity architecture, PAM, and making sure privileged access is actually privileged. On the offensive side, I lead network and web application penetration testing across all verticals. I also design and facilitate tabletop exercises for client leadership teams, walking executives and security teams through identity-based attack scenarios in a way that connects technical risk to business impact. As IANS Faculty, I advise organizations on identity security and other infosec topics. Outside of client work I teach and speak. I've authored courses on AD red teaming, network penetration testing, and CISSP preparation, and I've presented at BSides events, Palmetto Cyber Conference, Triangle InfoSeCon, and others; mostly on ways attackers abuse directory services and what defenders can do about it. I also contributed to the MITRE ATT&CK Framework. If you're dealing with an identity problem, whether that's a complex AD environment, a PAM implementation, or figuring out how badly your directory can be abused, that's the kind of work I do.
Janet Heins, Chief Information Security Officer (CISO) at ChenMed
Presentation: “Visibility isn’t Vanity, It’s Strategy!”
Bio: Janet B. Heins is Chief Information Security Officer at ChenMed, where she leads cybersecurity for a healthcare company that is reinventing preventative, VIP care for seniors. Author of Go Ahead… Ask For It! Make Your Value Undeniable, and a keynote speaker on leadership visibility, strategic influence, and career advancement. With executive leadership experience across industries at Biogen, W. L. Gore, Royal Caribbean, iHeartMedia, and Merck, she has keynoted at SecureWorld and the Transformational CISO Assembly, and serves on advisory boards at High Point University and CyberRisk Alliance.
Joshua Brant, Director - Emerging Technology & Cybersecurity Strategy | CISSP, CISM, CCSP, HCISPP, CCISO, CEH, CRISC - LRS
Presentation: “ Ever wonder what it’s really like to face a ransomware attack"?
Join us on Wednesday, April 22nd for a candid conversation with Josh Brant, Cyber Strategist at LRS. He’ll walk us through a real-life cyber incident and share the valuable lessons our customers learned along the way.
What to Expect:
- - A behind-the-scenes look at a ransomware event
- - Practical insights and takeaways
- - A chance to ask questions and engage with peers
Bio: Joshua brings over 20 years of experience to the field, with a focus on developing and implementing comprehensive security programs. His career spans both corporate and consultancy roles, providing a well-rounded perspective on the challenges facing modern organizations.
Previously serving as CISO at a global manufacturing company, he gained firsthand experience managing enterprise-wide security initiatives. This background informs his current work leading a vCISO practice and MSSP services, where he assists clients in strengthening their security postures across various industries.
His expertise covers a broad range of areas including:
- Building security programs from the ground up
- Addressing compliance, operational, strategic, and financial security risks
- Aligning security measures with business objectives
- Developing and leading high-performing security teams
In his current role, he provides strategic guidance to help organizations navigate the complex landscape of network security. His approach emphasizes practical, implementable solutions that balance protection with operational efficiency.
With experience spanning the evolution of cybersecurity over two decades, he offers insights into both the technical and managerial aspects of maintaining strong security in an increasingly connected world.