Echelon’s 2026 Speaker Series features interactive presentations from seasoned cybersecurity professionals. Designed for InfoSec chapters, internal teams, and local events, each talk delivers real-world insights on today’s top threats. Explore the sessions below to learn more about each presentation and request a speaker.
- Josh Fleming, Senior Cybersecurity Manager, Risk Advisory + GRC
- Steve Dyson, Director of Risk Advisory
AI is already transforming SaaS, from automation and analytics to diagnostics and decision-making. But with rapid adoption comes increasing pressure to govern AI responsibly. In this session, Echelon Risk + Cyber’s AI governance experts, Josh Fleming and Steve Dyson, provide a practical framework for balancing innovation with trust, security, and compliance.
Learn how leading organizations are operationalizing AI governance to safeguard sensitive data, maintain customer confidence, and stay ahead of regulatory shifts—without losing momentum.
- Identify key risks tied to AI integration, especially around data privacy and compliance
- Apply governance frameworks like ISO 42001 and NIST AI RMF to real-world scenarios
- Align security, compliance, and product innovation to scale AI responsibly
- Josh Fleming, Senior Cybersecurity Manager, Risk Advisory + GRC
- Steve Dyson, Director of Risk Advisory
Moderated by: Alyson Pisarcik, Cybersecurity Manager
The HIPAA Security Rule is on the verge of its most significant update in over a decade—bringing long-overdue modernization to how healthcare organizations manage cybersecurity and compliance. While these proposed updates aim to strengthen patient data protections, they also introduce new challenges around readiness, resourcing, and operational disruption.
In this expert panel, Alyson Pisarcik moderates a conversation with Josh Fleming and Steve Dyson, who will break down the proposed changes and share practical strategies to help healthcare providers, payers, and partners navigate the shift effectively—without overextending their teams or budgets.
- Understand what’s changing under the proposed HIPAA Security Rule and who is impacted
- Explore real-world strategies for implementing updates without disrupting operations
- Learn how to align evolving security requirements with budget and resource constraints
- Gain insights on when to start preparing and how to phase your response
- Understand new expectations for contingency planning and disaster recovery
- Discover ways to strengthen third-party oversight to meet updated compliance demands
- Ben D’Attilio, Cybersecurity Consultant
- Devin Jones, Principal Cybersecurity Consultant
- Steve Snider, Senior Cybersecurity Manager
Moderated by: Matt Donato, Partner at Echelon
As cyber threats grow more sophisticated, organizations need more than traditional testing to stay secure. In this expert-led roundtable, Echelon’s Offensive Security team explores how combining red and purple teaming can significantly strengthen your cyber defenses.
Through real-world examples and collaborative strategies, you’ll learn how offensive testing uncovers blind spots, sharpens detection and response, and accelerates the maturity of your security program—no matter your starting point.
- Red vs. Purple Teaming: When and how to use each approach and why they’re stronger together
- Real-World Scenarios: Examples that expose blind spots and demonstrate the value of collaborative testing
- Sharpening Detection & Response: How working with offensive teams can improve internal capabilities
- Building a Stronger Program: Tips for organizations at any stage of developing or maturing their offensive security program
- Dan Desko, CEO and Managing Partner at Echelon
- Josh Fleming, Senior Cybersecurity Consultant, Risk Advisory + GRC
An effective incident response (IR) strategy can make the difference between swift recovery and lasting damage. In this hands-on session, Echelon Risk + Cyber’s CEO Dan Desko and Josh Fleming, Senior Manager of Risk Advisory Services, share proven methods for building and strengthening your organization’s IR capabilities.
From crafting tailored response plans to designing realistic tabletop exercises, attendees will walk away with practical tools and strategies to elevate their IR posture and prepare their teams for real-world cybersecurity events.
- Learn IR best practices to improve organizational preparedness
- Develop customized, actionable incident response plans
- Build effective playbooks for common and emerging cyber threats
- Enhance team readiness through engaging and realistic tabletop exercises
- Paul Interval, Partner, and Director of vCISO Services
- Shir Butbul, GRC Manager and vCISO Advisory
As organizations increasingly depend on external vendors, managing third-party risk has become a critical component of a mature cybersecurity program. In this session, Paul Interval and Shir Butbul provide a practical deep dive into Third-Party Risk Management (TPRM), guided by CIS Control 15.
Through real-world case studies and expert insights, attendees will learn how to build a risk-based TPRM strategy, evaluate vendor relationships more effectively, and implement the right tools and processes to maintain compliance and reduce exposure.
- Understand the impact of third-party risk and the role of CIS Control 15 in managing it
- Learn practical strategies for vendor due diligence, risk assessments, and contract protections
- Explore tools and services that support scalable, compliant TPRM programs
- Blake Washer, SIEM Engineer at Echelon
Is your current SIEM slowing you down? For teams struggling with high costs, slow queries, or clunky integrations, it might be time to rethink your approach. In this session, Echelon’s SIEM Engineer Blake Washer breaks down what “Next-Gen SIEM” really means—cutting through the buzzwords to help you evaluate whether it’s time to move on from legacy platforms.
Designed for security engineers, IT leads, and technology directors, this session explores how platforms like CrowdStrike can accelerate insights, integrate more effectively with EDR, and deliver better ROI with less operational drag.
- Define what “Next-Gen SIEM” really means, beyond the buzzwords
- Identify where legacy tools fall short in areas like cost, complexity, and speed
- Understand how CrowdStrike’s built-in data and architecture enable faster response
- Learn how Echelon delivers fast, effective SIEM implementation strategies
- Paul Matvey, Senior Cybersecurity Manager, Defensive Security
- Steve Dyson, Director of Risk Advisory
- Mitchel Sykes, Cybersecurity Consultant, Defensive Security
As cloud adoption accelerates, so do the complexities of securing these environments. From misconfigurations to identity access issues, organizations are grappling with limited visibility, specialized threats, and evolving compliance pressures. In this session, Echelon Risk + Cyber’s Defensive Security leaders—Paul Matvey, Steve Dyson, and Mitchel Sykes—break down why cloud security assessments are a vital tool in identifying and addressing these gaps.
Attendees will gain insight into the most pressing risks facing cloud environments today, the structure and value of a thorough cloud security assessment, and how to build a clear roadmap to improve security posture while meeting industry standards.
- Identify the most common and dangerous risks specific to cloud environments
- Understand the assessment process and how it strengthens cloud defenses
- Gain awareness of the current threat landscape and the vulnerabilities it exploits
- Learn how to transform assessment results into actionable, compliant security strategies
- Josh Fleming, Senior Cybersecurity Manager, Risk Advisory + GRC
- Steve Dyson, Director of Risk Advisory
AI is no longer a future initiative. It’s already embedded in products across automation, analytics, diagnostics, and operational intelligence. But as adoption accelerates, so do the risks. From data privacy concerns to regulatory pressure, SaaS companies face a critical challenge: how to govern AI responsibly without stalling momentum.
Echelon Risk + Cyber’s AI governance leaders, Josh Fleming and Steve Dyson, will break down how smart companies embrace AI while protecting client data, preserving trust, and staying ahead of evolving compliance expectations.
- Understand the emerging risks tied to AI adoption and how they impact sensitive client data
- Learn how to operationalize AI governance using industry frameworks like ISO 42001 and NIST AI RMF
- Discover how to align security, compliance, and innovation to move faster with AI
- Kelsey Cunningham, Cybersecurity Manager, CMMC Register Practitioner
- Dan Desko, Founder, CEO & Managing Partner
The DoD’s final rule is live (11/10) and the CMMC 2.0 clock is ticking. Over the next three years, primes and subs will phase into certification, many in Level 2 with real evidence requirements for NIST 800-171.
This talk cuts through the noise. In 30 minutes, we’ll demystify who’s in scope, what Level 1 vs. Level 2 really demand, and how to build a lean, defensible roadmap—prioritizing controls that reduce risk and accelerate audit readiness. You’ll leave with a step-by-step plan, a readiness checklist, and practical advice for avoiding the most common (and costly) missteps.
- Scope with confidence: Determine if CMMC applies and whether Level 1 or Level 2 is required based on contract language and data flows (CUI/FAR 52.204-21).
- Know the timeline: Explain the phased rollout and how it impacts current and upcoming awards.
- Start smart: Map current controls to NIST 800-171 and identify quick wins vs. long-lead items.
- Build the plan: Outline a practical 90-day path to readiness—SSP/POA&M development, evidence collection, policy hardening, and vendor management.
- Avoid pitfalls: Recognize common audit failures (scope creep, weak evidence, unmanaged third parties) and how to prevent them.
Primary Contact: Marissa Salzone, Director of Marketing
Email: [email protected]