Information Systems Security Association-Chicago 2026

ISSA-Chicago on Thursday February 12 from 3:00 PM - 5:00 PM:

Speaker 1: Chris Cronin, Partner, Governance & Compliance Services, HALOCK

Title of Talk: Why AI Can’t Fix Your Cyber Risk (and Might Be Making It Worse)

Description of Talk: Since the release of ChatGPT 3.5 in 2022, AI has become the default answer to almost every cybersecurity problem—including risk assessments. AI and large language models (LLM) can generate polished, confident-looking risk analyses in seconds. But LLMs are not probability engines, despite what their vendors will tell you.

In this session, Chris Cronin will demonstrate why AI is fundamentally incapable of managing cybersecurity risk on its own—and how overreliance on AI can actually increase organizational risk. Attendees will see where AI outputs break down, why “AI-generated” does not mean “defensible,” and how regulators, auditors, and courts still expect human decision-making grounded in reasonableness.

Chris Cronin, creator of the Duty of Care Risk Analysis Standards, has advised governments, courts, Fortune 100 companies, and startups on cybersecurity risk analysis and regulatory compliance. His work centers on helping organizations make risk decisions that can be explained, justified, and defended—not just automated.

Chris will provide the simple rule reasonable risk uses to decide when AI belongs in their SaaS platform—and when it does not. Attendees will leave with a clear framework for using AI as a "supporting tool" rather than a decision-maker, and a practical understanding of how DoCRA principles are shaping AI, cybersecurity, and privacy laws around the world.

Bio: Chris Cronin is a partner at HALOCK Security Labs and Reasonable Risk and is the Chair of the DoCRA Council. He is the principal author of the DoCRA Standard and CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ work as an expert witness has helped clients, regulators, and litigators evaluate the reasonableness of security controls during post-breach legal action. Chris is an active member of the Sedona Conference, a non-profit think tank for creating and publishing commentaries and guidance to the bench, bar, and the public.

=================================================

Speaker #2: Chris Carter - Business Executive, Board Chair, Cancer Survivor, GRC Strategist, vCISO | Leadership Coach, and AI & Board Advisor.

Presentation Title: Leading Through the Next Wave: Building a Resilient Security Culture Across All Levels

Abstract: Cyber risk has entered an era where operational disruption, and reputational threats converge. Leadership, not technology, has become the defining factor in organizational resilience.

In this engaging, practical and interactive session, Chris Carter draws on decades of executive leadership experience to explore how today’s security leaders must evolve beyond technical expertise to become cultural architects, strategic communicators, and trusted crisis leaders. As the role of the CISO continues to expand in 2026 and beyond, success will depend on the ability to align executives, technical teams, and frontline staff around a shared understanding of risk and responsibility.

Blending real-world (anonymized) incident experiences with timeless leadership principles from widely respected, non-technical leaders, this talk reframes cybersecurity as a human and organizational challenge rather than a purely technical one. Attendees will gain practical strategies for bridging the divide between leadership and technical teams, fostering cross-functional collaboration, and leading with clarity and empathy during high-pressure incidents.

The session concludes with a forward-looking challenge that empowers participants to take immediate, actionable steps such as establishing cross-functional security dialogues to strengthen trust, improve decision-making, and build a resilient security culture across all levels of the organization.

Key Takeaways:

How the CISO role is evolving from technical expert to enterprise leader Proven leadership principles that strengthen security culture and trust Practical ways to align executives and technical teams around shared risk ownership. How to lead calmly, clearly, and credibly during incidents and crises

Bio: With 20+ years of experience across governance, risk, compliance, finance, and executive leadership, Chris Carter ( formerly with Zurich and Optiv in particular ) specializes in aligning cybersecurity strategy with enterprise growth, resilience, and regulatory confidence. His work spans financial services, healthcare, private equity, and professional services—helping organizations mature their systems and processes through NIST-aligned frameworks and measurable business outcomes.

Certifications: QTE | CCISO | CISSP | CRISC | CDPSE | CISM | CISA | AWS | ITIL | Yellow Belt