Jack Freund

Head of Technology Risk at Acrisure

Dr. Jack Freund is a recognized expert in cyber risk quantification and governance. He is the co-author of the award-winning book Measuring and Managing Information Risk: A FAIR Approach, which was inducted into the Cybersecurity Canon. He has held executive roles at several cyber risk startups and began his career in technology and risk at Fortune 100 firms. Jack holds a PhD in Information Systems, multiple industry certifications and has been named a Fellow of the IAPP, FAIR Institute and ISSA. Jack serves on the board of the ISSA Education Foundation and is a Senior Member of IEEE and ACM.

Session: Balancing the Scales of Cyber Risk in the Age of AI

Artificial intelligence is rewriting the rules of cybersecurity. It makes our analysis faster and sharper by processing vast data sets and revealing trends that were once invisible. At the same time, it gives attackers new tools to adapt, evade, and strike with precision. This keynote explores how risk leaders can find balance between these forces. Drawing from real world insights and data driven approaches, Dr. Jack Freund will highlight how AI is shaping risk governance, board communication, and decision making. Attendees will leave with strategies to harness AI as an enabler while preparing for the new risks it creates. Artificial intelligence is transforming cybersecurity risk, making it both easier to analyze and harder to contain.

In this keynote, Dr. Jack Freund explores how AI is reshaping governance, board reporting, and the threat landscape itself. Learn how to strike the right balance between leveraging AI for clarity and preparing for the complex risks it creates.

Malcolm Harkins

Chief Security and Trust Officer, HiddenLayer

Malcolm Harkins is Chief Security and Trust Officer at HiddenLayer. Harkins has more than two decades of experience in information security leadership roles at top technology companies, including Intel, Cylance, and others. He’s written multiple books on risk management, information security, and IT and earned awards from the RSA Conference, ISC2, Computerworld, and the Security Advisor Alliance. Harkins has testified before the Federal Trade Commission and U.S. Senate Committee on Commerce, Science, and Transportation. Harkins is a Fellow with the Institute for Critical Infrastructure Technology, a non-partisan think tank providing cybersecurity expertise to the House of Representatives, Senate, and various federal agencies. He holds a bachelor’s degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis. Harkins also previously taught at UCLA’s Anderson School of Management and Susquehanna University.

Session: Economic Impact of Securing AI

As artificial intelligence (AI) becomes an increasingly integral part of global infrastructure, commerce, defense, and daily life, the imperative to secure these systems is no longer a technical concern alone—it is an economic necessity. This not to miss presentation explores the intersection of cybersecurity and AI through the lens of

economic strategy, risk modeling, and incentive alignment, presenting a holistic framework for understanding and addressing the financial realities of securing AI.

In this keynote, Malcolm will examine the existing controls in use in organizations and how those controls do not protect AI models from attacks. He will discuss financial materiality and material risk to help refine how to think about the incentives for companies to invest in AI security when the threats are diffused and the benefits of prevention may be difficult to quantify. He will walk through how to construct an economic impact analysis for securing AI including how to evaluate various control options on total costs as well as sufficiency of control. He will also share recent trends in cyber security insurance, and the lack of coverage benefits for AI models. Attendees will leave with a deeper understanding of how economic impact and total cost models can inform the design of secure AI systems and influence corporate decision-making.

Jennifer Chan

Assistant Chief, California Justice Information Services (CJIS), Department of Justice (DOJ)

Jennifer Chan is the Assistant Chief for the California Justice Information Services (CJIS) at the Department of Justice (DOJ). With over 20 years of private and public sector experience, Jennifer is responsible for ensuring seamless enterprise-wide IT operations, leading key initiatives, and managing organizational change while delivering quality results and implementing transformation and continuous improvement projects. 

Since joining the state in 2010, Jennifer has served in executive leadership positions across multiple state agencies while also participating on industry Advisory Boards. Prior to the state, she served as an IT consultant in the private sector specializing in project management, Independent Project Oversight Consulting (IPOC), Independent Verification and Validation (IV&V), and modernization efforts. Her private and public sector experience working on the state’s largest IT projects and overseeing large, complex IT contracts represents a combined total project/contract portfolio of over $8B. 

Jennifer is a dedicated and strong supporter of developing the state’s future IT leaders and partners closely with the California Department of Technology for their IT leadership academies as a mentor, coach, and instructor. She possesses a Master of Business Administration from the California State University, Sacramento, as well as a Bachelor of Arts in English and a minor in Psychology from the University of California, Davis. 

Veronica Gilliard

Chief/CIO California Department of Justice

Veronica is a 34-year veteran of the State of California with more than three decades of technology management experience. She began her state career in 1988 as a key data operator and advanced through the ranks to become a Chief Information Officer for the California Department of Justice.

Veronica has played a pivotal role in several of California’s major technology initiatives, including the relocation of the Los Angeles City applications into the State Data Center. In 2022, she was honored by GovTech Magazine as one of the Top 25 Doers, Dreamers, and Drivers for her leadership and innovation in public sector technology. At the California Department of Technology, Veronica led key modernization efforts to enhance the state’s data center platform and fostered a customer centric service culture across the technology landscape. She brings extensive expertise in data center operations and remains deeply committed to driving innovation and advancing modernization through emerging technologies.

Veronica is also active in her community, volunteering her time to educate students about the wide range of career opportunities in information technology. She is deeply passionate about mentoring and guiding individuals on how to prepare for and apply for careers within state government.

Molly Greek

CIO, University of California, Office of the President

Molly Greek is the CIO for University of California, Office of the President and leads systemwide Technology for the University. This includes 200+ applications and systemwide services which include UCPath (HR and Payroll for the entire UC) and Apply UC (undergraduate admissions for UC). Molly formerly worked at UC Davis Health, Hewlett Packard, and EDFUND (student loan guarantor). Molly was also a lecturer at CSU, Sacramento for six years and UC Davis extension. Molly has an MBA from Golden Gate University and a Bachelor of Science from UC Davis.

Carmen Marsh

CIO, Zeektek

Prior to joining Zeektek, Carmen Marsh was CEO and Managing Partner of Inteligenca Inc. and lead a team that consulted executives and businesses on cyber risk management, audit & compliance, security governance, security program development, regulatory and standards compliance, security education and training and change management for large technical implementations. Marsh has worked with many enterprise level customers including Sony Incorporated, Stanford Research International, Meridian Systems/ Trimble, USC, and CEA.

Marsh founded the 100 Women in 100 Days Cybersecurity Career Accelerator program to develop security experts for companies like Intel, IBM, Centene, PCCI and others and is a member of GCTC-SC3 Cybersecurity and Privacy Advisory Committee at National Institute of Standards and Technology as well as the President at United Cybersecurity Alliance. She is also a founder of the “Cybersecurity Women of the Year Awards”, “Ally of the Year Awards”, Sacramento Valley Cyber Salons and the CapitolSEC Election Security pitch events.

Trinh Ngo (Moderator)

Director, IT Controls and Resiliency Assurance, Blue Shield of California

Trinh Ngo is a seasoned technology and cybersecurity leader with over 35 years of experience in governance, risk, compliance, and audit. She currently serves as Director of IT Controls and Resiliency Assurance at Blue Shield of California, where she drives enterprise-wide security, compliance, and business continuity strategies.

Trinh is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Business Continuity Professional (CBCP). She also serves on the board of ISACA Sacramento and is passionate about mentoring the next generation of cybersecurity professionals.

Trinh has founded multiple startups ranging from technology consulting to micro-distilleries. Because of her entrepreneurial experiences, she combines deep technical expertise with a practical, business-focused approach, helping organizations build resilient security programs that align with regulatory requirements and industry best practices.

Jonathan Chan

Head of Global IT & Security, Episource

Jonathan Chan is a results-oriented cybersecurity executive with deep experience leading security initiatives that protect critical data and infrastructure across the healthcare and financial technology sectors. With a career marked by successful transformations of enterprise security posture, he has consistently delivered measurable outcomes—reducing risk exposure, improving system uptime, ensuring data integrity, and supporting organizational growth. Known for aligning IT and cybersecurity with business strategy, Jonathan brings a strategic mindset to complex challenges, championing the use of innovative technologies to strengthen defenses while optimizing operations.

A trusted leader and collaborator, he builds high-performing teams and fosters a culture of accountability, continuous improvement, and stakeholder engagement. Career highlights include achieving a 99.99% platform availability SLA, driving secure digital transformation, and leading the implementation of comprehensive security frameworks in compliance-heavy environments. Areas of expertise span cybersecurity strategy and execution, risk management, privacy and compliance, identity and access management, incident response, and emerging technology integration.

Yashwini Kamdar

Consultant and Leadership Coach

Yashwini (Yash) is a multifaceted consultant and leadership coach with expertise across educational consulting, business strategy, telecommunications, cybersecurity, and career development. Known for her ability to seamlessly bridge the gap between technical and business language, Yash excels at facilitating collaboration across diverse teams and driving meaningful results. With strong technical and interpersonal skills, Yash brings a motivational and accountable approach to every engagement—helping clients overcome challenges, navigate complexity, and thrive in both personal and professional growth.

She is an accredited ISACA CISM Cybersecurity Trainer and has led consultation efforts in business critical recovery projects across industries. In education, Yash supports college admissions, career counseling, skill assessments, and personality development for students and professionals alike.

Tolgay Kizilelma, PhD

Associate Professor at Dominican University of California

Dr. Kizilelma is a business-driven IT/Cybersecurity GRC leader with three decades of experience covering Education, Healthcare, Research, Government, and Private sectors. He is the founding Director of the business focused Masters in Cybersecurity program and teaches online Cybersecurity GRC courses as an Associate Professor of Cybersecurity in the Barowsky School of Business at Dominican University of California. He also teaches Data Analytics courses for Saint Mary’s College of California for their MSBA graduate program as an adjunct faculty.

Dr. Kizilelma also served as the Chief Information Security Officer for multiple University of California campuses, and as the Information Security Officer for the top Sutter Health hospitals in the Bay Area. He has more than 50 industry certifications, is an accredited ISACA trainer for all the major certifications, has a B.S. degree in Computer Engineering, an MBA, and a Ph.D. focusing on Information Security, patient safety and quality management systems.

He also volunteers for various non-profit organizations as a board member focusing on education, awareness, training, and community outreach efforts. He is the president of FBI Sacramento Citizens Academy Alumni Association and ISACA Sacramento Chapter.

His contribution to the cybersecurity community was recognized with the 2022 C100 Award – Top 100 CISOs by CISOs Connect.

Yesenia Ortiz (Moderator)

Cybersecurity Manager at Ernst & Young

Yesenia is a Cybersecurity Consultant Manager at Ernst & Young US LLP. She began her career at EY as an IT auditor, leading complex, multi-disciplinary teams across global markets to ensure the integrity and compliance of financial and quarterly filings for high-profile clients. Building on this foundation, she has spent the past 7 years

helping government clients in California strengthen their cybersecurity posture to better serve Californians.

She leads cross-functional teams to strengthen clients’ cyber resilience through penetration testing, policy development, compliance with key frameworks, and facilitating tabletop exercises. Separately, she develops and delivers impactful cyber awareness programs and speaker sessions that cultivate a culture of security

accountability across all levels of the workforce.

Beyond her client work, Yesenia leads EY’s Ripples Program in the Sacramento region, mobilizing EY professionals to create positive social impact through skills-based volunteering. She also serves as the OneInTech Director for ISACA Sacramento, dedicated to supporting women pursuing careers in technology and cybersecurity.

Michael Piacente

Managing Partner, Hitch Partners

Michael Piacente is the Co-founder and Managing Partner of Hitch Partners, a premier global executive search firm. With two decades of expertise, he and his team specialize in placing top-tier talent in information security, IT, and business technology roles, including CISOs, CIOs, technology executives, and Board members. Michael also serves as a board advisor for security startups and is engaged with several nonprofit organizations. His unique background in early cloud adoption, SaaS operations, and specialized executive search focus provides a distinct perspective. Michael is based in the San Francisco Bay Area.

Adam German (Moderator)

CISO, California Health and Human Services Agency

Adam German is a distinguished cybersecurity executive. He is the California Health and Human Services Agency (CalHHS)'s chief information security officer (CISO), the state’s largest and most complex agency. In this capacity, he oversees the cybersecurity posture of 19 departments and offices, protecting sensitive data and systems serving over 40 million Californians across various health and human services.

Before joining CalHHS, Adam served as CISO at the California State Controller’s Office, safeguarding the financial systems of the world’s fifth-largest economy and ensuring compliance, fiscal transparency, and operational integrity at the highest levels of state government.

Adam is also a passionate educator and mentor, regularly instructing ISACA certification courses, participating in cybersecurity workforce development efforts, and speaking at national and regional forums on topics ranging from governance and compliance to public sector innovation and cybersecurity resilience.

Jake Margolis

CISO, The Metropolitan Water District of Southern California

Jake Margolis is the Chief Information Security Officer for the Metropolitan Water District of Southern California (MWD). MWD provides water to over 19 million people in Southern California through 26 member agencies. While serving at Metropolitan, he has overseen the implementation of foundational zero trust network access programs and the creation of MWD's cybersecurity operations center. Jake was recognized as one of Cyber Defense Media's top CISOs for 2024. Prior to joining Metropolitan Water District, he served as the CISO for the County of Orange in California. In his capacity as the County of Orange CISO he has oversaw the development and implementation of multiple countywide cybersecurity initiatives that lead the County to receive an award from the National Association of Counties for its Cybersecurity Program in 2018. During his military service Jake was the Information Assurance Manager for the California National Guard and California Military Department and served in Command and Primary Staff capacities as a US Army Officer.

Leda Muller

CISO, Residential and Dining Enterprises at Stanford University

Leda Muller is a seasoned information technology and cybersecurity leader with over 25 years of hands‑on experience and has successfully designed and overseen enterprise‑wide protection of information assets, technology platforms, and critical business processes. Leda’s hallmark is her ability to engage and empower end users—building cross‑functional security steering teams that make “everyone’s job” truly everyone’s job.

She currently serves as the Chief Information Security and Privacy Officer (CISPO) for Stanford University’s Residential and Dining Enterprises (R&DE), where she leads information security, privacy and digital accessibility efforts across a complex and dynamic campus environment.

She is certified as a CISM, PCIP, and ITIL. Driven by her shared passions for people, technology, and security, Leda founded Pocket Security, a nonprofit to equip nonprofits everywhere with the knowledge and tools they need to thrive securely.

Vitaliy Panych

CISO, State of California

Vitaliy Panych joined the Office of Information Security as the Deputy Chief Information Security Officer (CISO), effective beginning of 2019, and then taking over as the State CISO in the acting capacity shortly thereafter. In this role he has been focused on enabling the continuous maturity of Statewide Risk Governance, Security Operations, and Incident Response within the Executive branch in California.

Panych has more than 20 years of public and private sector experience, including security leadership roles within three of the largest California Agencies, including the largest Correctional organization in the world. Under the leadership of Panych, he has established highly functional information security teams to build cyber security defenses and operational capabilities from the ground up. This includes building new security operations practices for multiple agencies and supporting all facets of risk management for large scale multi-billion business operations in support of missions covering Law Enforcement, Public Safety, Medical, Educational, Financial benefit/collection, and Industrial complex. Panych’s education includes a bachelor’s degree from California State University, Sacramento, and possession of multitude of industry security professional certifications.

Patrick Wilson

CISO, Adventist Health

Patrick Wilson’s mission is to “Reduce Fear in an Anxious World.” With 30+ years in technology, he serves as CISO at Adventist Health, leading cybersecurity and third-party risk strategy. He holds a Master’s in Organizational Leadership and has led in both public and private sectors, including 19 years at Contra Costa County Health. Married 25 years, father of two, and a licensed pilot, Patrick also mentors and builds legacy within and beyond cybersecurity.