6th Annual Cybersecurity Summit

Registered for and heading to the Tribal-ISAC golf outing? Fuel-up before you go!

Come see the TribalHub team to pick up your badge and all your conference materials!

Separate registration required in order to participate! Visit tribalisac.org for more info. Hop on our shuttle for a free ride to the course!

Help yourself to bloody marys! Try your hand at the putting contest and don't forget to buy your raffle tickets!

4-person scramble format, club rentals available.

Ready to get your hands on some real cyber tools, have fun and work hand-in-hand with some of your technology and cyber peers from tribes across the nation? If so, this "by registration only" workshop is for you! Get ready as our CTF workshop leaders at World Wide Technology open up their CTF environment and resources to a curated afternoon of hands-on cyber challenges designed to help you learn, apply knowledge, and solve real world cyber challenges. This workshop includes a proctored environment, labs, and hands-on access to Red Team and Blue Team tools. Bring your own team or join a team of peers from other tribes to learn, and perhaps hoist a trophy of sorts, at the conclusion as the most effective cyber team. Pre-registration when completing your conference registration form is required to attend this session.

Register Here: https://form.jotform.com/253435303200138

This Grab and Go Lunch on behalf of WWT and Palo Alto is just what you need to fuel up and keep playing!

Stick around for this fun gathering!

Dont miss your ride back to the hotel!

If you've traveled today and arrived onsite, if you've enjoyed a day of golf with Tribal-ISAC, if you've crushed it at the CTF happening today- ALL are welcome! Cash bar and a place to see old friends and make new connections before you even pick up your badge at registration tomorrow. Join the fun- 2nd level foyer- you can't miss us!

Thank you to our sponsors for helping us start the day off right!

Come see the TribalHub team to pick up your badge and all your conference materials to get you set for the event!

Check your badge for your ticket- today only- get your free merch!

Help us kick of the 6th Annual Cybersecurity Summit

Stay with us after breakfast to hear from our morning keynote sponsored by Warren Averett Technology Group. As artificial intelligence accelerates cybercrime, employees across Tribal governments, healthcare, gaming, hospitality, and Tribal enterprises have become the primary attack target. AI-driven phishing, social engineering, and deepfake fraud now bypass technical controls by exploiting human behavior, increasing operational and compliance risk. In this keynote, former U.S. Secret Service Agent Michael Levin explains how modern cybercrime operates, why security tools alone fail to stop human-focused attacks, and where Tribal organizations face the greatest exposure today. Attendees will gain a clear insight into employee driven risk and learn how focused, culturally relevant security awareness training strengthens compliance, reduces cyber exposure, and protects Tribal operations.

The culture of any tribe or tribal enterprise is set and controlled primarily from leadership. It is a fact that the IT and cybersecurity team cannot create a "culture of security" without the support, understanding, buy-in, and practice from their leadership. This session will uncover the keys for leadership to assist their technology team in creating a truly effective culture of security.

Shadow AI poses real risks to tribal organizations and casinos—from data exposure to compliance gaps. This session covers how to discover unauthorized AI tools in your environment, assess the threats they create, and implement practical governance without stifling innovation. We'll address scenarios specific to gaming operations and tribal data sovereignty. Attendees will gain actionable steps for conducting shadow AI audits, establishing clear usage policies, and creating safe pathways for AI adoption. Walk away with a roadmap to discover and manage shadow AI while protecting your organization's data and regulatory standing.

Thanks to our sponsor for helping us re-fuel!

Third party cybersecurity assessments and testing need to be a regular and critical part of any organization's cyber preparedness strategy. Assessments should be more than vanilla exercises designed primarily to check off the annual compliance or regulatory requirement check boxes. Learn more about why you WANT an assessment that will find and document the security gaps in your existing environment, and further learn how this information can be shared and leveraged professionally with your non-technical executive team to further advance your entire cybersecurity program. Join this session to learn what makes third-party assessments more meaningful and how to engage more effectively in the future.

This session is all about removing the tech talk and sharing the foundational basics of organizational cybersecurity to any non-technical leader. Identify the essential elements that make up an organization’s cybersecurity framework, including governance, risk management, and operational controls. Participants will learn the key policies every organization should have (e.g., access control, incident response, data protection) and why these policies are critical for business continuity and compliance. Leaders should have the ability to interpret cybersecurity roles and responsibilities across the organization. This session will dive into gaining clarity on who owns what in cybersecurity—from executive oversight to IT operations—so they can effectively support and enforce security initiatives. Cybersecurity impacts organizational risk, reputation, and regulatory obligations, enabling informed decisions without needing technical expertise. Attendees will leave with practical insights on how to effectively apply cybersecurity principles to strategic decision-making.

Join this session as we hear from a tribal enterprise and their approach to vulnerability and patch management maturity. Learn about their journey and current challenges in protecting their enterprise network.

Learning Objectives:

- Create visibility of the current vulnerability landscape in your enterprise network
- Define your crown jewels
- Set your vulnerability and patch remediation standards for your crown jewels
- Monitor progress to meeting your defined standards

Eat, chat, and mingle while enjoying a delicious lunch thanks to ESET & SHI!

Every leader in a tribe or tribal enterprise plays a role in protecting the sovereignty of that tribe. Cybersecurity is a living expression of sovereignty and Tribal strength. This session dives into how cybersecurity reinforces sovereignty by actively protecting the people, systems, and cultural identity that form the foundation of tribal nations. Drawing from Madison’s Cherokee heritage and national-security background, this session reframes sovereignty as something demonstrated through competent, proactive digital defense. A cyber breach is not simply a technical issue; it threatens community trust, essential services, and the sovereign right to self govern. Madison will connect traditional principles, shared stewardship, relational accountability, and protecting the circle to modern cybersecurity governance. This collective worldview is not a challenge to overcome; it is one of the greatest strategic advantages tribal nations possess. Even with limited resources or small IT teams, tribes can leverage their cultural strengths to build shared responsibility across departments, enterprises, and community programs. Resilience is built through culturally aligned leadership that reflects the collective power of tribal nations. Effective cyber protection demonstrates sovereign capability, modern governance, and the tribe’s unwavering mission to care for its people.

Join this session to hear from leaders representing small, medium, and large tribes or tribal enterprises as they uncover the challenges and roadmap to increasing cyber maturity across organizations with different levels of resources. Everyone needs to cover cybersecurity 24x7x365, but what does that look like based upon the size of your own tribe or tribal enterprise?

Thanks to our sponsor for helping us re-fuel!

Join us for a fast‑paced, highly interactive introduction to Backdoors & Breaches, the incident‑response game created by Black Hills Information Security. This session blends critical thinking, technical learning with a fun, game‑driven approach to practicing real‑world attack scenarios. Learn as you go, think like an attacker and defender and sharpen your ability to detect, investigate and respond to attacks. This is a session you are sure to walk away with ideas you can implement and put to use for training and defenses at your own organizations. A fresh way to cover incident response. Don't miss this one!

Why is data governance critical to cybersecurity and how can resource-constrained tribes achieve even basic data governance across the organization? At a time when many tribes and tribal enterprises are still trying to get effective and fully implemented cyber, AI, and data policies in place, how can we best use our available resources to prioritize and implement what puts us most at risk? Participants will learn how governance frameworks align with compliance requirements, sovereignty considerations, and risk management strategies to protect sensitive tribal data. Gain insights into configuring DLP rules, sensitivity labels, and encryption standards to prevent unauthorized data sharing and ensure secure collaboration across cloud and on-prem environments. Discussion will cover identify and mitigate insider risks through proactive monitoring and policy enforcement. Our speaker will talk about controls into governance policies to reduce internal threats without disrupting productivity. Leave this session with enhanced ability to secure communication practices, including email encryption and compliance-driven controls. Lastly, participants will learn how to enforce encryption for sensitive communications, leverage Microsoft 365 security features, and align these practices with organizational policies to maintain confidentiality and integrity. A lot packed into this critical topic- one not to miss!

Understanding how much to budget for cybersecurity resources and services is a challenge for every leader or executive. How can you understand the proper balance of risk versus cost? How can you think strategic vs tactical? Cyber and business objectives need to be aligned when successfully budgeting. C-Suite and operations need to engage with CIO’s and CISO’s. While CISO’s need to think outside of the IT department and learn the operations and objectives. Aligning cybersecurity initiatives to strategic initiatives, you can pin your objectives to underpinning the business strategic goals. This session will provide guidance on how to be more confident in collaboratively setting and understanding your cybersecurity investment and understanding what that level of investment means to your organization.

Come meet these technology focused exhibitors! Grab a drink and enjoy engaging conversation!

Grab a drink as you make new connections and check out the products and services with nearly 50 vendors.

Join us for a special meet and greet on day one; you won't want to miss this! Thank you to our sponsor!

Thank you to our sponsors for helping us start the day off right!

Come see the TribalHub team to pick up your badge and all your conference materials to get you set for the event!

We open up the day with a welcome from TribalHub, an introduction to the Cybersecurity Summit Board Members and rapid fire answers from them on questions like; what keeps you up at night, what's the biggest thing in cyber this upcoming year and why, the best piece of advice ever received related to cyber or your career in cyber. Plus interesting stories and insightful comments. These are your peers that built this agenda- time spent listening in on this opening session will be time well spent! Sponsored on behalf of Halcyon.

Take the time to connect with more vendors you need most.

Whether you are a member, or just curious about what the ISAC does, come and discover how the Tribal-ISAC has grown and continues to strengthen cybersecurity collaboration across tribal communities. This session will highlight recent achievements, share leadership updates, and outline future priorities, while inviting participants into an interactive forum to exchange ideas. We’ll wrap up with a community‑building activity designed to keep the conversation lively and engaging.

Eat, chat, and mingle while enjoying a delicious lunch thanks to our sponsor!

More chances to connect with vendors providing cybersecurity solutions to tribes and tribal enterprises. Don't miss out!

Attendees gather as we giveaway some amazing booth prizes from the expo floor. PLUS, one lucky winner will win $1000 be sure you’ve collected your stamps and participated in the bingo run for your chance to win! Must be present to win.

Practice is essential to effective preparedness and tabletop exercises are a fantastic way to test your readiness to respond to whatever cyber threats you may face. They are also a critical tool in helping your non-technical leadership team understand the important and immediate role they need to be prepared for in the event of any serious cyber issue. In this session you will learn how you can create your own tabletop exercises designed to improve preparedness and to uncover gaps in your existing response plans.

BEC remains at or near the top of the list of vulnerability for organizations across the world. Attendees in this session will be hearing a fresh perspective where BEC is reframed as a socio‑technical challenge. Attendees will walk away learning how by analyzing human behavior, cognitive bias, and organizational culture there's an evidenced intersection with technical defenses. How can technology be designed to anticipate and mitigate these human vulnerabilities? How does evaluating advanced detection methods such as behavioral analytics, natural language processing, and identity validation tools that go beyond traditional email filtering, enabling organizations help spot subtle anomalies in communication patterns? All covered in this session. This session also covers how the design of resilient workflows that integrate automation, multi‑factor identity verification, and adaptive access controls reduce reliance on human judgment alone and therefore transforms “people problems” into opportunities for smarter system design. Further process how the translation of technical solutions into board‑level risk language demonstrates AI‑driven monitoring, Zero Trust email gateways, and CJADC2‑inspired interoperability frameworks can directly reduce financial and reputational risk; and how to manage and resolve gaps.

No matter how few resources, budget, and tools you have to work with, you are still expected to provide 24x7x365 cybersecurity. Fair or not, that is the reality for most tribes and tribal enterprises. Attend this session to learn about how the technical cyber team can deliver the most with a limited budget. Prioritize the enterprise business operations and data holding. Identify the critical IT controls supporting the priority business functions and data and translate risk into a cost-based investment strategy. Determine what your tech cyber team can deliver for greatest return on investment and the trade-off analysis. Speakers also cover the need to effectively communicate your investment strategy with leadership to set realistic expectations – talk their language of business risk in $ cost terms.

A little offense and defense discussion on AI. While opportunities continue to arise for good but it can also be used for nefarious purposes. Nowhere is this more clear than in the world of cybersecurity. Attend this session to learn about how the quickly changing AI landscape is creating both new challenges and new solutions for your organization. Reduce risk and put best practices and policies in place that support safe & productive use of AI as a tool for organization and business enablement.

Thank you to our Cocktail Hour sponsor!

Thank you to our sponsors for helping us start the day off right!

Can't get the necessary cyber funding? Executives eyes glaze over when you start talking to them about cybersecurity risks and challenges. In this session, we will uncover effective cyber metrics and KPI's that you can present in a manner that leadership will want to see, hear, and understand. We all win when cyber risks and challenges are better understood across the organization.

"Before attackers breach your network, they study you. Using nothing but publicly available sources like regulatory filings, social media profiles, job postings, and basic internet searches, a threat actor can build detailed maps of your organization, employees, and technology infrastructure. This is Open Source Intelligence (OSINT), and it’s how threat actors bring organizations to their knees, from Fortune 500 companies to tribal nations.
In this hands-on session, you’ll learn:

How attackers use OSINT to identify targets, build social engineering attacks, and plan breaches
Via, a live demonstration, how hackers use freely available tools to gather publicly exposed information about targeted organizations
The OSINT methodology - the four-phase process threat actors follow from planning to exploitation
How to conduct your own OSINT reconnaissance to understand the ease of gathering information
Practical defenses that you can implement TODAY to reduce your organization's attack surface

This session is designed for both technical and non-technical audiences. Whether you’re a CISO, tribal leader, IT professional, or department manager, you’ll leave with actionable strategies to protect your organization from OSINT-enabled attacks.



Key Takeaways: Understanding of OSINT techniques, awareness of your organization’s exposure, and a 30-60-90 day defense plan."

Threats are constantly advancing and changing. It is critical to understanding this evolving threat landscape. In this session we will identify current and emerging cyber threats and understand how these trends impact organizational security. Learn how to apply security best practices throughout the employee lifecycle and demonstrate how to implement security awareness from onboarding through role changes and offboarding. Participants will practice making security decisions in realistic, gamified simulations to reinforce critical thinking and reduce human error. Dive in to explore modern tools, practices, and techniques for maintaining security awareness in a rapidly changing threat environment.

Ever wondered whether an attacker could simply plug into an open network jack in a conference room or event center and gain access to your environment? This session explores that scenario through a guided, hands‑on walkthrough of how internal security tests are performed using open‑source tools—mirroring the approach a third‑party penetration tester would take to evaluate your network’s resilience.

Learning Objectives:

- Understand how to grab NTLM hashes with Responder
- Attempt crack hashes using hashcat to reuse credentials and impersonate a user
- Use BloodHound to find attack path available to that user and escalate privilege