April 8, 2026
8 AM - 5 PM
Monona Terrace | 1 John Nolen Dr, Madison, WI 53703
We invite security professionals, leaders, and practitioners to take a purposeful step back and reassess the foundations of cybersecurity in an increasingly complex threat landscape. Over the past decade, cyber threats, technologies, and defenses have evolved rapidly—but many of the most impactful breaches still trace back to familiar root causes. This year's Deep608 will reflect on the last ten years of cybersecurity, examining what has truly changed, what has remained surprisingly consistent, and how lessons from the past can better inform today’s security strategies.
Through expert-led discussions and practical insights, the symposium will emphasize the importance of revisiting core cybersecurity principles and hygiene. Topics will include fundamentals such as asset visibility, patching, identity management, and user awareness—areas that are often overlooked as organizations chase the latest tools and trends. By returning “back to back to basics,” attendees will gain a clearer understanding of how strengthening foundational practices can significantly improve resilience, reduce risk, and prepare organizations for the threats ahead.
Josh Yost | Vice President - Technical Product Engineering, Palo Alto Networks
Standard automation has hit a plateau. While traditional SOAR reduced some manual toil, it often traded one type of "busy work" for another: playbook maintenance. To get back to the basics of effective defense, we need automation that understands intent, not just instructions. This presentation dives into the architecture of Agentic Automation within the Cortex ecosystem. We’ll demonstrate how Agentix functions as a digital force multiplier, handling the investigative heavy lifting so analysts can focus on high-context decision-making. Learn how to simplify your operations by automating the sophisticated, not just the mundane.
Nick Krueger | Security Solutions Architect, AE Business Solutions
After 15 years on the customer side of security, I’ve learned that effectiveness often looks very different in practice than it does on paper. This talk focuses on the fundamental practices that consistently work in real environments, and why returning to basics still matters.
Kevin Jacque | Strategic Channel Solution Engineer, CyberArk
The shift to 47 day TLS certificate validity is redefining operational expectations for every organization, changing certificate management from a nice to have to a must have. This presentation highlights why manual processes can no longer keep pace, how shortened lifecycles increase outage and compliance risks, and what leading teams are doing to prepare. It introduces a practical maturity model and automation playbook designed to restore visibility, accountability, and resilience. Ultimately, the session equips organizations to transition from reactive firefighting to proactive, scalable certificate automation.
Zac Wolter | Senior Solutions Engineer, AE Business Solutions
As automation begins influencing firewall rule cleanup and optimization, many environments remain dependent on undocumented intent and tribal knowledge. This breakout explores how structured policy design and disciplined rule modeling determine whether automation strengthens security — or scales architectural blind spots.
Josh Havlik & Michelle Sprague | Senior Information Security Engineer & Information Security Engineer, CapSpecialty
Too often security gets launched at people like a trebuchet of rules; we chose a different path. Security only works when people feel safe engaging with it. This talk shows how approachability and empathy turn everyday interactions into trust. We will explain how we are using fun, rewards, and a cool head to reduce anxiety and build lasting habits. We will share how these principles became the core of our program and why that shift changed outcomes across the company.
John Urbanek | Senior Director of Solution Architecture & Engineering, AE Business Solutions
A follow up to DEEP608v9 "Not Your Daddy's DNS" highlighting how DNS is being used in new ways. DNS now plays a critical role in TLS 1.3 Encrypted Client Hello (ECH) with Type 64 SVCB and Type 65 HTTPS records. Wait, what is ECH? Let's find out. We'll also revisit DNS over HTTPS (DoH) and a few other topics.
Phil Henrickson| Senior Data Scientist Service Delivery, AE Business Solutions
Session description TBD
Andrew Goodman | Director of Product Marketing, Proofpoint
AI is now executing 80-90% of email threats. These campaigns are no longer “spray-and-pray.” They’re precision operations with automated reconnaissance and tailored narratives delivered faster, cheaper, and at massive scale. This session cuts through the “AI vs. AI” noise to give security buyers a practical roadmap for protecting M365. Attendees will leave with a clear threat model for AI-driven email campaigns targeting M365 and a concise understanding of the must-have defenses needed to stop the next wave of AI-powered email attacks.
Information to come.
Enjoy lunch in the main hall while networking with your peers. Be sure to walk through the sponsor exhibits if you have the time. If you are gluten free, please find a Monona Terrace wait staff member to assist you.
Robert Chuvala | Security Solutions Architect, AE Business Solutions
In 2015 we were worried about phishing, ransomware, Active Directory abuse, exposed RDP, and alert fatigue. In 2026… we’re worried about phishing, ransomware, Active Directory abuse, exposed management planes, and alert fatigue.
Jestin Moe | Security Solutions Architect, AE Business Solutions
Over the last decade, we’ve been told that “zero trust” and “segmentation everywhere” will fix all our problem when in reality, many organizations still live on flat networks, half baked segmentation projects, and security policies nobody wants to touch. This session goes back to basics on segmentation where we can clearly define boundaries, reduce blast radius, and keep the design boring in the best way possible. We’ll walk through how to segment your environment with identity at the core, instead of relying on traditional static controls.
Griffin Cass | Information Security Architect, UW Credit Union
Here's an uncomfortable question: if a zero-day dropped right now, could you query your inventory and know every affected asset within the hour? If you hesitated, this talk is for you. We're living in an era of non-human identity sprawl, agentic workflows with broad permissions, and copilots indexing data you haven't classified yet. The tools are moving faster than our foundations, and we can't keep stacking advanced capabilities on top of asset inventories held together by institutional knowledge and a spreadsheet from 2019. This session walks through why the CIS 18 Controls are numbered the way they are (hint: it's a dependency chain, not a buffet), dives into the controls where most orgs are quietly struggling, and lands on the part leadership actually wants to hear: how to measure maturity with simple math, crosswalk one framework to many, and start the whole thing for the low price of zero dollars.
Jonathan Lampe| Group Manager, Milwaukee Tool
Vibe-coding with AI assistants has changed the development landscape. LLMs now propose architectures, generate implementations, and even help debug and extend applications. The result is dramatically increased development velocity — and a fundamentally different security landscape.
This talk walks through real observations from building and securing multiple LLM-generated applications. We’ll examine how traditional risks reappear in new forms: implicit trust boundaries, over-permissive defaults, and deferred security controls hidden behind TODO comments. We’ll then explore risks unique to AI-integrated systems, including prompt injection, plausibility-over-truth behavior, multi-LLM authority confusion, and security assumptions expressed only in natural language.
However, AI-driven development does not simply increase risk — it changes how security must be applied. We’ll demonstrate how traditional controls such as threat modeling, RBAC, SAST, and software composition analysis still matter, but must be paired with new practices: scoped LLM roles, prompt-aware testing, and using the model itself to identify and validate security weaknesses.
Attendees will leave with a practical framework for securing applications where the developer is no longer the sole author — and where the fastest path to secure software may involve collaborating with the same AI that created it.
Rob Rodriguez | Senior Director of Engineering, Firemon
What do radio jamming, signal interception, and direction finding have to do with modern cybersecurity? More than you think. Drawing from a decade in Marine Corps signals intelligence and electronic warfare, Rob connects battlefield concepts like signal dominance and spectrum control to today’s security challenges. The tools have changed. The fundamentals have not.
Patrick Ruffino | Infrastructure Solutions Architect, AE Business Solutions
This session positions data protection for identity platforms as the primary focus of your recovery strategy, not an afterthought. Learn how to build resilient backup and recovery for your identity stores, minimize recovery time during breaches or outages, and integrate automated testing so you can prove — not just hope — that you can bring your identity platform back online under pressure.
