April 13, 2026
Strategic
1:00 pm - 3:00 pm
Executive Cyber Exercise: Defending Trust in Retail and Hospitality
In this hands-on executive simulation, you will step into a crisis management role and navigate a high-velocity incident against a leading retail and hospitality brand. Make rapid decisions, coordinate across functions, and see how each move shapes outcomes for customers, operations, and reputation.
Facilitated by: Daniel Kin...
Tactical
1:00 pm - 5:00 pm
TLP RED: OSINT Workshop
Learn how to collect, analyze, and apply open-source data for cybersecurity, threat assessments, and investigations in this fast-paced, hands-on crash course with RH-ISAC OSINT practitioners. You'll see how OSINT fits into today’s threat landscape, collect and analyze public data, then practice with real scenarios to identify ...
Networking Event
4:30 pm - 5:00 pm
First-Time Attendee Kick-Off Reception
Welcome to the 2026 RH-ISAC Cybersecurity Summit! We're so glad you're joining us in Austin, Texas. If this is your first time attending the Summit, we welcome you to come early for the Welcome Reception to mix and mingle with some of the RH-ISAC's Summit Working Group, Board of Directors, speakers, and other long-time attendees...
Networking Event
5:00 pm - 7:00 pm
Welcome Reception
Welcome to the 2026 RH-ISAC Cybersecurity Summit! Say hello to old friends, meet new peers, and help kick off the 2026 conference at the Hyatt Regency Austin's Marker 10 Bar Side Patio, overlooking downtown Austin and the Colorado River.
Open to all RH-ISAC Summit attendees. No additional registration is required....
Networking Event
7:00 pm - 10:00 pm
Private | CISO Dinner
The RH-ISAC CISO Dinner is an invite-only event for select CISOs and special guests of the 2025 RH-ISAC Summit.
NOTE: This event requires you to pre-register during the Summit registration process on Eventbrite.
Eligibility: This training is open to retail and hospitality CISOs, deputy CISOs, and strategic leaders only....
April 14, 2026
Networking Event
6:00 am - 7:00 am
Early Risers Yoga
Ease into the day with a beginner-friendly yoga session focused on gentle movement, stretching, and accessible poses. No prior yoga experience needed.
NOTE: This event requires you to pre-register during the Summit registration process on Eventbrite. ...
Networking Event
7:30 am - 8:30 am
Birds of a Feather Breakfast
Come one, come all! Grab your breakfast and find a group to sit with based on a topic of interest. This casual forum allows for free-flowing discussion with fellow practitioners and peers. We'll have tables assigned with discussion leaders to facilitate conversation on topics from Working Groups and Security Collaboration effort...
Keynote
8:45 am - 9:30 am
Opening Remarks & Keynote: Inside Target’s Cyber Strategy: What Works, What’s Evolving, What’s Next
Welcome to the RH-ISAC Summit! We’re thrilled to kick-off the conference with a keynote from Jodie Kautt, CISO at Target.
Cyber threats are evolving at unprecedented speed, fueled by AI‑driven automation and increasingly aggressive adversaries. This session explores how adopting a “never waste a good crisis” mindset�...
Networking Event
9:30 am - 10:15 am
Connection Kickoff – An Interactive Ice Breaker
Building professional connections doesn’t have to feel forced! Since we’re gearing up for two full days together, use this session to kickstart meaningful conversations and build new relationships in a dynamic, interactive environment. Designed to break the ice and spark engaging discussion, this activity encourages particip...
Operational
10:45 am - 11:30 am
How UNC6448 Bypasses Enterprise-Grade Defenses
This presentation will dive into the deployment of Self-Drive by the financially motivated threat group UNC6448. Drawing from our own observations and Mandiant's analysis, we will explore the attack life cycle, malware capabilities, and how an Incident Response team can hunt, respond, and create detections. The key takeaways wil...
Operational
10:45 am - 11:30 am
Beyond SIEM: From Concept to Reality – Architecting Security with Data Pipelines and AI Agents
In 2024, we challenged the SIEM-centric model, highlighting its escalating costs and operational complexity. This year, we take that vision forward—showing how the idea has evolved into a practical, scalable architecture for modern security operations. By placing a flexible data pipeline at the core, organizations can unify an...
Strategic
10:45 am - 11:30 am
The Collective Shield: Our Journey to a Partner-Focused Security Program
For years, we've honed our security awareness program by focusing on our most valuable asset: our employees. We've learned what works, what doesn't, and how to make complex security concepts stick. Now, we're taking those hard-won lessons and applying them to a new mission: empowering our 1.2 million accommodation partn...
Operational
10:45 am - 11:30 am
The State of Cyber Threat Intelligence in 2026
This panel discussion will focus on providing attendees with an overview of the current state of CTI in 2026 and beyond with an emphasis on addressing topics focused on concerns and opportunities within this domain including the following items:
Top threat concerns from early 2026 into 2027:
Examples of successfully l...
Sponsored By: Palo Alto Networks
Tactical
11:45 am - 12:15 pm
Right-Click to Collective Defense: Making MISP Part of the Analyst Workflow
Threat hunts and investigations often start in the browser from blog posts, malware reports, threat actor write-ups and security tool alerting. However, the workflow usually breaks the moment an analyst needs to check whether an indicator has already been shared or quickly push new findings back to the community. While MISP is p...
Operational
11:45 am - 12:15 pm
Evolving Incident Response Techniques to Meet the AI Adversary
AI is changing the way that we work - in both productive, positive ways and in risky, negative ways. Our adversaries have been training for these moments of disruption, and now have a new set of LOTL techniques available to them based on the LLM tools deployed on our systems. Hunting, disrupting and responding to these new e...
Operational
11:45 am - 12:15 pm
Unpacking AI’s Double-Edged Impact: Protecting APIs, Preventing Fraud, and Preserving Digital Trust
AI has super-charged both innovation and abuse, transforming industries unevenly. Akamai’s latest State of the Internet: Fraud & Abuse report reveals a 300% surge in AI-driven automated traffic, with commerce alone seeing over 25 billion bot requests in just two months. While some bots enhance digital experiences, others s...
Sponsored By: Akamai
Operational
2:15 pm - 2:45 pm
From Hypothesis to Impact: Building a Culture of Threat Hunting
As Security Operations Centers (SOC) mature, the role of the analyst must evolve. Traditional alert triage and rule-based detection can’t keep pace with adversaries who exploit legitimate tools and blend into normal operations. Mature SOCs recognize that automation and technical controls should handle the routine freeing ana...
Operational
2:15 pm - 2:45 pm
CTI-CMM Introduction and Panel Discussion
An introduction to the CTI-CMM will be presented. After a panel of members who have experience implementing the CTI-CMM will give their accounts before opening the discussion to questions from audience. ...
Tactical
3:15 pm - 4:00 pm
RM/ TPRM Choose Your Own Adventure
Fictitious scenario where we’re forced to make tough decisions every step of the way. Each decision that we make will take us down a unique path and offer us a different scenario. With many possible outcomes, we’ll observe how each decision we make, no matter how small, can have a large impact every step of the way.
...
Operational
3:15 pm - 4:00 pm
IR and Analyst Team Performance: Neuroscience-Based Stress Management for Cyber Crises
Cybersecurity incident response environments expose teams to sustained psychological stress that can impact performance and long-term workforce stability. This presentation presents clinical interventions that integrate neurobiological stress recovery directly into incident response operations. The framework combines validated a...
Tactical
3:15 pm - 4:00 pm
CTI Briefing 101: Effectively Communicating Cyber Intelligence
Lee Clark, the CTI Production Manager for the RH-ISAC intelligence team, will provide an introduction to strategies and tools for effectively delivering briefing presentations on CTI subjects in an actionable way. Structured as an interactive workshop, Lee’s training will focus on process, structure, focus, and content triag...
Networking Event
5:15 pm - 6:15 pm
Happy Hour
Celebrate the first day of the RH-ISAC Summit while enjoying light snacks and drinks! This event is open to all RH-ISAC attendees and does not require pre-registration.
Networking Event
6:15 pm - 7:30 pm
Queso Tasting
Stop by for a curated queso tasting showcasing three unique varieties, each with its own flavor profile and kick. A staffed tasting station will guide you through the selections as you sample, mingle, and connect with peers. This casual, come-and-go experience is the perfect way to recharge and network.
NOTE: This event requi...
Sponsored By: MokN
Networking Event
6:15 pm - 7:30 pm
Whiskey Tasting
SOLD OUT!
Settle in for a guided flight that explores mash bills, cask finishes, and regional styles. An Austin-based spirits educator will lead you through tasting techniques, aroma cues, and food pairings while you compare notes with fellow attendees. Ages 21+ with valid ID.
NOTE: This event requires you to pre-register ...
Sponsored By: XM Cyber
April 15, 2026
Keynote
9:00 am - 9:45 am
Welcome to the Party, Pal: What Die Hard Teaches Us About the Value of a Disruptive Cyber Deception Program
This retailer’s cyber deception practitioner’s keynote argues that a behaviorally based cyber deception operations program can enhance small or large retail and hospitality organizations’ enterprise defense and threat intelligence. The 1988 classic Die Hard teaches us that even one defender with no shoes can disrupt...
Operational
10:30 am - 11:15 am
From Potential to Performance: An Apprenticeship Approach to Closing the Skills’ Gap
This presentation explains the strategic rationale behind cybersecurity apprenticeships and explores how these programs help bridge the skills gap in cybersecurity. Leaders will gain insight into the business case, including cost-effectiveness, long-term benefits, and workforce development. Beyond the strategic benefits, we'll�...
Strategic
10:30 am - 11:15 am
The Evolving Retail AI and Tech Policy and Risk Landscape: Implications for Cyber and Tech Teams
This session will provide an update on current cyber and AI policy and regulatory developments, and what they mean for RH-ISAC members’ compliance and risk management activities. The session will also consider emerging policy and governance issues that are likely to arise from the adoption of agentic commerce and associated cy...
Operational
10:30 am - 11:15 am
From Data Sprawl to Data Control: The AI Advantage for CISOs
In today’s enterprise, data lives everywhere — across clouds, applications, and teams. Innovation demands speed, but security demands control. To lead securely, CISOs need more than policies and firewalls. They need real-time visibility, actionable intelligence, and AI that powers business growth.
Join seasoned CISOs, Ash...
Sponsored By: Cyera
Operational
11:45 am - 12:15 pm
Email Security Beyond The Gateway – Defending Against Modern Email Threats Through People, Process, and Layered Controls
Despite advanced filters and authentication protocols, attackers continue to exploit human trust through phishing, Business email compromise, and emerging AI threats. This session explores how organizations can move beyond basic configurations to build a layered defense that blends technology, process and culture. Attendees ...
Operational
11:45 am - 12:15 pm
Echoes of Trusting Trust: Detecting and Defending Against AI Deception In The Modern Enterprise
My research investigates the emergence and escalation of deceptive alignment in artificial intelligence — a phenomenon in which systems appear compliant with human commands while secretly optimizing conflicting objectives.
Just as Ken Thompson’s “Trusting Trust” paradox revealed how malicious intent could propagate...
Tactical
11:45 am - 12:15 pm
$8,000/Month Guaranteed! — The 164-Domain Scam That Never Hired Anyone
Over the two-year, Target's Cyber Threat Intelligence (CTI) team tracked a sophisticated scam campaign by a threat actor dubbed “Monti.” Monti registered over 164 domains impersonating Target to execute crypto-based remote job scams. Using phishing, smishing, and paid ads on Facebook, Instagram, and TikTok, Monti imperson...
Operational
2:30 pm - 3:15 pm
TLP: Red – Scattered Lapsus$ Hunters Incident Discussion
In this closed-door session, members of the Salesforce security team will provide a candid, high-fidelity post-mortem of the recent campaigns orchestrated by the Scattered Lapsus$ Hunters collective. Moving beyond public advisories, this discussion will dive into the specific TTPs (Tactics, Techniques, and Procedures) used to ta...
Operational
2:30 pm - 3:15 pm
Taming the Invisible, Sharpie-Wielding Toddlers within your Network
In the realm of industrial cybersecurity, manufacturing networks face escalating threats akin to the unbridled chaos of a toddler armed with a Sharpie marker—curious, unpredictable, and capable of inflicting widespread, irreversible damage if left unchecked. This paper draws a novel analogy between the containment strategies ...
Operational
2:30 pm - 3:15 pm
Phish-Back: How to Turn Attackers’ Tactics to Your Advantage
What if the solution to credential theft was to play the same game as the attackers? After managing a major spear-phishing crisis, we developed a defense strategy called Phish-Back, designed to proactively recover stolen credentials before they can be used in attacks or disclosed on the dark web.
By using the attackers' own...
Sponsored By: MokN
Keynote
3:30 pm - 4:15 pm
Fireside Chat with Dr. Bilyana Lilly: Lessons from a Career in the Crosshairs of Cyber Conflict
Join us for an intimate conversation with Dr. Bilyana Lilly as she recounts a career spent at the intersection of Oxford-level scholarship and high-stakes intelligence. From chairing the Warsaw Security Forum to advising some of the world's most critical security boards, Dr. Lilly has seen the cyber threat from every angle.
Thi...
Networking Event
4:20 pm - 5:00 pm
Closing Reception & Prize Drawing
Are you feeling lucky? Did you visit the vendor booths and enter for a chance to win some fun prizes? Help us wrap up the Summit and celebrate another great event at the closing reception – with prizes drawn by our illustrious emcee, Luke Vander Linden....
Networking Event
6:00 pm - 9:00 pm
Celebration Dinner & Awards Ceremony
Join fellow RH-ISAC members for an evening of food, drinks, and the RH-ISAC member awards ceremony! We're taking over Austin Garden at Inn Cahoots to celebrate with live music, a hosted bar, chef-curated bites, plus indoor and outdoor spaces with lounge seating. Don't miss this closing event!
NOTE: This event requires you to ...