Recap: 2025 NY Metro Joint Cyber Security Conference

YOUTUBE | ARCHIVEPERMALINK

Date: October 30,2025

Venue: BMCC, NYC
Webcast: ISOC.LIVE

Section 1 – Opening & Keynote

01 – Opening Remarks

Speaker: Steven Nuñez (BMCC)

  • Welcomed attendees; first time the conference is hosted at BMCC.
  • Highlighted BMCC’s non-degree cyber/IT training + apprenticeship tracks.
  • Programs include cybersecurity, networking, cloud, data, software, AI (new 2026).
  • Partnerships: CompTIA, ISC², AWS, Cisco, Palo Alto.
  • Emphasized workforce development + student participation.
  • Message: “Start here, work anywhere.”

02 – Keynote: Overcoming Fear and Failure

Speaker: Richard Greenberg

  • Focused on mindset, resilience, leadership — not tech.
  • Fear of failure = main blocker to innovation in cybersecurity.
  • Shared shift from architecture to cybersecurity; risk leads to growth.
  • Leadership = ethics, speaking truth, mentoring others, embracing mistakes.
  • Quote: “Those who fail most, succeed most.”

Section 2 – Threats, Defense & Hybrid Security

03 – Threat Informed Defense (TID)

Speaker: Doug José Santos (Fortinet)

  • Traditional defense = reactive; TID = proactive, adversary-focused.
  • Use MITRE ATT&CK to map attacker techniques to real defenses.
  • Build MITRE heat maps from internal telemetry — not generic threat feeds.
  • Prioritize detection + purple team based on actual adversary behaviors.
  • Demo: AI-driven SOAR investigating crypto-mining incident.

04 – Breaching Both Worlds (Cyber + Physical)

Speaker: Herbert “Trey” Decker III

  • Cyber + physical teams don’t communicate — attackers exploit both.
  • Example: terminated employee leaves Raspberry Pi + active badge access.
  • Issues: ghost accounts, HR not informing IT, unlocked server rooms.
  • Fixes: badge automation, HR/SOC alerts, joint tabletop drills.
  • Quote: “What you do at home is convenience. At work, it’s security.”

Section 3 – Leadership, Culture & Human Risk

05 – Fighting the Dark Triad (Toxic Leadership)

Speaker: Matthew Webster (Cyvergence)

  • Described toxic traits in leadership: narcissism, Machiavellianism, psychopathy.
  • CISO reality: burnout, blame, fear of speaking truth.
  • Shared personal story of being undermined by CIO.
  • Survival tactics: document everything, set boundaries, build allies, plan exit.
  • Quote: “You can’t protect the company if your leadership is destroying the team.”

Section 4 – AI in Cybersecurity: Risk, Abuse & Defense

06 – RAGe Against the Machine

Speaker: Brennan Lodge (FBI Cyber)

  • Focus on RAG (Retrieval-Augmented Generation) + AI use in cyber operations.
  • AI threats: phishing, malware generation, voice deepfakes, influence ops.
  • RAG risks: prompt injection, data poisoning, leaking internal docs.
  • FBI only uses AI in Isolated, non-classified environments.
  • Key point: AI must be governed like any privileged insider.

07 – When Your AI Tool Becomes the Breach

Speaker: Thomas Ryan (Asymmetric Response)

  • Main issue: AI isn’t the breach — humans make it the breach.
  • Employees feed company data into ChatGPT, Gemini, etc.
  • AI plugins with full access leak payroll, legal docs, internal repos.
  • Shadow AI = biggest risk; unapproved tools with no logging.
  • Fix: AI governance, access control, prompt logging, safe enterprise AI.

09 – Securing AI Innovation (Proactive Defense)

Speaker: Brice Daniels (Mandiant / Google Cloud)

  • Defined AI systems: LLMs → Agents → Autonomous pipelines.
  • Attack surfaces: prompt injection, memory scraping, tool misuse, RAG hacks.
  • AI can bypass traditional controls (API auth, firewalls) by design.
  • Recommendations:
    • Build AI threat models
    • Control tool execution; isolate agent environments
    • Add AI to red teaming + SOC simulations

Section 5 – Community & Workforce

08 – The Cyber Breakfast Club

Speaker: Mike Charobee (with Marc Drapcho, Safetica)

  • Community initiative for mentorship, early-career professionals, networking.
  • Encouraged students to show up, build projects, meet people, use AI wisely.
  • Drapcho introduced Safetica – insider threat + data loss prevention.
  • Message: community + soft skills = as critical as certifications.

10 – Closing Remarks

Speaker: Steven Nuñez (BMCC)

  • Thanked speakers, organizers, sponsors, BMCC staff and students.
  • Reinforced need to sustain industry–education partnerships.
  • Encouraged LinkedIn connections + ongoing collaboration.
  • “This should not be a one-day event — this is the start of a pipeline.”