he next evolution of QSC, where the brightest minds in cybersecurity unite to chart the future of cyber risk management.
De-risk Your Business
Join us at ROCon Americas, the premier cybersecurity event where top security leaders and practitioners come to get cutting-edge strategies, insights, and discover new solutions that proactively manage and reduce cyber risk.
ROCon, The Risk Operations Conference, delivers thought-provoking keynotes, high-impact sessions, and hands-on workshops on threat detection, cloud security, automation, and risk-driven security strategies. You will discover how to streamline security operations, reduce noise, maximize ROI, and strengthen business resilience, and align security initiatives with your leadership. Don’t miss this opportunity to shape the future of modern cybersecurity and de-risk your organization.
Keynote Speakers
Sumedh Thakar
President and CEO
About
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
Kip Boyle
Cyber Resilience Thought Leader, Cyber Risk Management Podcast Host
About
Kip Boyle has 24 years of experience serving in cybersecurity and IT risk management roles for organizations in the insurance, financial services, technology, military, and logistics industries.Over his entire career, Kip has helped executives change their cyber risks from business blockers to business enablers. As Chief Information Security Officer at PEMCO Insurance, he transformed a frustrating, cumbersome cybersecurity program into one that both protected customers’ information and enabled the business to grow at a faster pace. As Chief Security Officer of PEMCO Technologies, a debit and credit card transaction processor, and PEMCO Corporation, an IT services provider to financial institutions, Kip successfully led the companies through their first ever SAS70 type II certifications, removing a serious sales objection to the continued growth of those companies. At Expeditors International, he led a cross-functional IT governance team that significantly reduced the number of critical events and failures created by much-needed system and technology changes. While at Stanford Research Institute (SRI) Consulting, Kip led a team of six in a comprehensive security review and smartcard/encryption upgrade of the Windows-based FedLine, an instant-settlement funds transfer application for more than 12,000 U.S. financial institutions. For the USAF F-22 Advanced Tactical Fighter program, Kip successfully transformed the network security governance model from one of rigid centralized decision-making to one of delegated decision making by the prime contractors: Lockheed-Martin, Boeing, and Pratt & Whitney.Kip earned a Masters of Science in Management from Troy State University. He earned a Bachelor of Science in Computer Information Systems from the University of Tampa. He has also received a graduate certificate in Executive Leadership from the Albers Business School at Seattle University.Kip earned his Certified Information Systems Security Professional (CISSP) and Certified Information Systems Manager (CISM) credentials in 1997 and 2003, respectively. He has taught information security courses to hundreds of students all over the world.Fire Doesn't Innovate. Kip Boyle compares fire safety to cybersecurity, emphasizing that cyber threats constantly evolve unlike static risks. He argues organizations must abandon outdated approaches, manage cyber as dynamic risk, and embrace AI-powered resilience (being “hard to hack and fast to fix”) for proactive defense in today’s volatile digital landscape.
Richard Seiersen
Chief Risk Technical Officer
About
As the Chief Risk Technology Officer at Qualys, Richard helps customers and the broader security community measure, communicate, and eliminate risk. With over 10 years of experience as a CISO, he's led and supported security strategy, operations, and governance across critical infrastructure and cloud-native organizations. Richard has published two books, 'How To Measure Anything In Cybersecurity Risk' and 'The Metrics Manifesto: Confronting Security With Data.' Each provides practical and innovative approaches to quantifying and reducing security risk. His first book is the main curriculum at the US Dept of Defense (DoD) CISO program at Carnegie Mellon University and numerous other institutions of higher education.
Featured Speakers
Corey Amsler
Director, Risk Management
Furey DiDomenico
Principal Security Architect
Ralph Loura
Chairman of the Board
Joe Moore
Cybersecurity Architect
Joshua McDonald
Lead Security Policy Architect (Qualys)
Alex Reid
Managing Principal, DivisionHex
Neel Sata
Co-Founder and General Manager (Cybersecurity)
Tom Scheffler
Cyber Security Manager
Lance Seelbach
Global Cybersecurity Lead, Americas and Global Lead Cybersecurity AI/Automation
Johnny Shaieb
Global Delivery Manager and Chief Architect, Exposure Management Services
Nathan Shock
Global Director Vulnerability Management Services
Mohammed Siraj
VP Enterprise Information Security
Scott Stransky
Head of Cyber Risk Intelligence Center
Ali Zaher
Cybersecurity Vulnerability Manager
Saeed Abbasi
Sr Manager, Product Management for Security Research
Brad Bell
CIO
Spencer Brown
Product Manager
Chris Catanzaro
VP Global Channels & Alliances
Mayuresh Ektare
Vice President, Product Management, ETM
April Lenhard
Principal Product Manager
Shawn O'Brien
Senior Vice President, Sales
Abhishek Singh
VP, Product Management TotalCloud Container, CDR, and SaaSDR
Asma Zubair
Director, Product Management, AppSec, API & Web App Security
Corey Amsler
Director, Risk Management
Furey DiDomenico
Principal Security Architect
Ralph Loura
Chairman of the Board
Joe Moore
Cybersecurity Architect
Joshua McDonald
Lead Security Policy Architect (Qualys)
Alex Reid
Managing Principal, DivisionHex
Neel Sata
Co-Founder and General Manager (Cybersecurity)
Tom Scheffler
Cyber Security Manager
Lance Seelbach
Global Cybersecurity Lead, Americas and Global Lead Cybersecurity AI/Automation
Johnny Shaieb
Global Delivery Manager and Chief Architect, Exposure Management Services
Nathan Shock
Global Director Vulnerability Management Services
Mohammed Siraj
VP Enterprise Information Security
Scott Stransky
Head of Cyber Risk Intelligence Center
Ali Zaher
Cybersecurity Vulnerability Manager
Saeed Abbasi
Sr Manager, Product Management for Security Research
Brad Bell
CIO
Spencer Brown
Product Manager
Chris Catanzaro
VP Global Channels & Alliances
Mayuresh Ektare
Vice President, Product Management, ETM
April Lenhard
Principal Product Manager
Shawn O'Brien
Senior Vice President, Sales
Abhishek Singh
VP, Product Management TotalCloud Container, CDR, and SaaSDR
Asma Zubair
Director, Product Management, AppSec, API & Web App Security
Corey Amsler
Director, Risk Management
About
Antonio Anderson
Vice President, Information Security & IT
About
Antonio Anderson is a seasoned technology executive with over two decades of experience driving enterprise-wide IT and cybersecurity strategies. As a strategic VP, Information Security & IT, he has successfully led digital transformation initiatives, accelerated cloud adoption, and integrated AI/ML solutions to deliver measurable business outcomes. Antonioholds advanced degrees in Law and Computer Science, and is a trusted advisor in aligning technology investments with business goals while ensuring strong governance and regulatory compliance. His leadership has enabled organizations to achieve operational efficiency, reduce cyber risk, and unlock new revenue streams through security assurance.
A recognized expert in cybersecurity, risk management, and data privacy, Antonio holds the CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), and CDPSE (Certified Data Privacy Solutions Engineer) certifications. His expertise spans SOX, HIPAA, GDPR, PCI-DSS, and NIST frameworks, making him a sought-after thought leader for organizations navigating complex compliance landscapes. Known for building high-performance teams and fostering cultures of innovation and accountability, Antonio brings both strategic vision and hands-on expertise to every engagement.
Terry Barber
Sr. Manager, Cybersecurity Engineering
About
Terry hails from Santa Cruz California originally and began his career in Information Technology at Mighty Net, Inc. (founding company for Creditreport.com) as CTO – Director of Systems and Security while attending California State University Northridge. There he was responsible for all Infrastructure, networking, and security. In 2007, Terry took a Director of IT position at Protocol and left the company as Director of US IT Operations when they were acquired by Expert Global Solutions.
At EGS he ventured back into Information Security role full-time and worked alongside his CISO as the two man team responsible for achieving PCI compliance across the Enterprise. In 2015 he transitioned to American Express Global Business Travel as an Information Security Manager. Today his responsibilities include Cyber Security Metrics, Managing the Vulnerability management platforms including Qualys and several other Information Security platforms at GBT.
Tom Berquist
Former CFO, Cloud Software Group, Board Member
About
With nearly 20 years of executive experience running enterprise software companies, Tom Berquist announced his retirement in September 2025 as CFO of Cloud Software Group, an entity resulting from the merger of Citrix Systems and TIBCO Software in September 2022. Before the merger, Tom served as CFO of TIBCO Software for seven years. Tom’s professional journey includes serving as the CFO of Alludo (formerly Corel) and Actian (formerly Ingres), as well as being the CEO of Saba Software (acquired by Cornerstone OnDemand) and Alludo.
Tom spent a decade on Wall Street, acting as a managing director of Software Equity Research at various institutions such as Citigroup (formerly Salomon Smith Barney), Goldman Sachs, and Piper Sandler. His purview encompassed major enterprise software companies like Microsoft and Oracle, rapidly expanding cloud software entities like Salesforce and Concur, and security software companies like Symantec, McAfee, and Checkpoint Software. Tom spent the early part of his career at Deloitte Consulting as a management consultant developing software strategy plans for Fortune 500 customers including Honeywell, Liberty Mutual, and US Bancorp. Before Deloitte Consulting, Tom developed enterprise software for Wells Fargo and Fortis. Tom has previously served on the board of directors of Alludo, Saba Software, and Serus Corporation (acquired by E2open). Tom holds a BA in accounting and an MBA in management and marketing from the University of St. Thomas, Saint Paul, Minnesota.
Furey DiDomenico
Principal Security Architect
About
Brendan Hall
Senior Vice President
About
Brendan Hall is a Senior Vice President and one of the leaders of the cyber insurance and consulting practice at Alliant Insurance Services. In his role, Brendan focuses on business development, strategy and execution for the cyber vertical, which includes counseling clients on their insurability and designing advisory solutions to improve cyber resilience.Brendan also works closely with private equity clients helping them deploy tailored cross-portfolio cyber risk mitigation solutions, as well as transactional cyber diligence.
Prior to his current position, Brendan was a Senior Vice President at Stroz Friedberg, an Aon Company where he was a leading producer for the firm’s cyber security practice which provided data breach incident response services, security advisory, technical testing, threat intelligence, investigations and cyber insurance to their clients.
Brendan regularly contributes to trade publications and is often invited to lend his expertise on industry panel discussions and podcasts.
Brendan received his Bachelor of Arts in Economics from Hobart College where he also played four years of collegiate basketball.
He is an avid triathlete and distance runner having completed two Ironman triathlons and five marathons. Brendan resides in Long Island City, NY with his wife and two daughters.
Doug Hubbard
Owner
About
Douglas Hubbard is the inventor of the Applied Information Economics (AIE) method and founder of Hubbard Decision Research (HDR). He is the author of How to Measure Anything: Finding the Value of Intangibles in Business, The Failure of Risk Management: Why It’s Broken and How to Fix It, Pulse: The New Science of Harnessing Internet Buzz to Track Threats and Opportunities, How to Measure Anything in Cybersecurity Risk, 2e, and his latest book How to Measure Anything in Project Management. He has sold over 200,000 copies of his books in eight different languages. Three of his books have been required reading for the Society of Actuaries exam prep. In addition to his books, Mr. Hubbard has been published in several periodicals including Nature, The IBM Journal of Research and Development, OR/MS Today, Analytics, CIO, Information Week, and Architecture Boston.
Mr. Hubbard’s career has focused on the application of AIE to solve current business issues facing today’s corporations. Mr. Hubbardhas completed over 200 risk/return analyses of large, critical projects, investments and other management decisions in the last 25 years. AIE is the practical application of several fields of quantitative analysis including Bayesian analysis, Monte Carlo simulations, and many others. Mr. Hubbard’s consulting experience totals over 36 years and spans many industries including insurance, financial services, pharmaceutical, healthcare, utilities, energy, federal and state government, entertainment media, military logistics, and manufacturing. His AIE methodology, has received critical praise from The Gartner Group, The Giga Information Group, and Forrester Research. He is a popular speaker at valuation, risk, metrics and decision analysis conferences all over the world.
Ralph Loura
Chairman of the Board
About
Joe Moore
Cybersecurity Architect
About
Tony Martin-Vegue
Technology Risk Consultant
About
Tony Martin-Vegue is a cybersecurity and technology risk expert with over 25 years of experience helping Fortune 500 companies and high-growth organizations build and scale quantitative risk programs. A hands-on practitioner as well as a leader, Tony has performed more than a thousand quantitative risk assessments across cyber, fraud, operations, and enterprise domains.
He is the author of the upcoming book From Heatmaps to Histograms: A Practical Guide to Cyber Risk Quantification (Apress, 2026) and writes the newsletter Heatmaps to Histograms: Field Notes, where he shares practical, creative approaches to risk and decision-making. Tony is a frequent speaker at FAIRcon, SIRAcon, RSA, Security BSides, and ISACA events, and has been published in outlets including the ISACA Journal and Risk.net.
Tony advises companies on starting or improving their cyber risk quantification programs, helping leaders choose the right CRQ platform, avoid common pitfalls, and translate analysis into decisions that matter. He is known for making complex concepts accessible, blending deep technical knowledge with relatable storytelling and a people-first approach.
Based on an island in the San Francisco Bay, Tony enjoys time with his family, travel, cooking (especially bread and Mexican food), and open-water swimming, including ten swims from Alcatraz to San Francisco.
Joshua McDonald
Lead Security Policy Architect (Qualys)
About
Charity Otwell
Chairman of the Board
About
Charity Otwell is the Director of the CIS Critical Security Controls for CIS. She has nearly 20 years of experience in the financial services industry and has built and led various programs such as Business Continuity, Disaster Recovery, Technology Governance, and Enterprise Architecture in a highly regulated environment. Before coming to CIS, Otwell was a GRC champion and practitioner with a focus on risk assessment, process optimization, process engineering, and best practice adoption for a top-50 bank within the United States. She also helped manage the relationship with federal regulators and the management of federal regulatory exams. She completed undergraduate and graduate studies in Birmingham, Alabama, and holds multiple industry certifications.
Jim Reavis
CEO
About
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com. Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame.
Alex Reid
Managing Principal, DivisionHex
About
Neel Sata
Co-Founder and General Manager (Cybersecurity)
About
Tom Scheffler
Cyber Security Manager
About
Lance Seelbach
Global Cybersecurity Lead, Americas and Global Lead Cybersecurity AI/Automation
About
Johnny Shaieb
Global Delivery Manager and Chief Architect, Exposure Management Services
About
Nathan Shock
Global Director Vulnerability Management Services
About
Mohammed Siraj
VP Enterprise Information Security
About
Christy Slude
Manager of Vulnerability Management
About
Christy Sluder is a Manager of Vulnerability Management at HCA Healthcare with over 25 years of experience in both hospital settings and the corporate healthcare industry. She has led transformative collaboration initiatives across technical silos and divisions at a Fortune 100 company, pioneering programs that drive innovation and strengthen enterprise-wide security posture. With deep expertise in every phase of the vulnerability management lifecycle, Christy has successfully guided multiple teams through complex security challenges with precision and purpose. She earned her Bachelor of Applied Science in Computer Science from Western Governors University and remains a passionate advocate for continuous learning and cross-functional teamwork. Outside of work, Christy enjoys camping, hiking, and getting lost in a good book. She's also an avid board game enthusiast—especially when it comes to Trivial Pursuit—and loves attending concerts across all genres of music.
Scott Stransky
Head of Cyber Risk Intelligence Center
About
Mark Verbeck
Former CFO at Coupa, Blade Networks, and Cyara
About
Mark Verbeck is a seasoned Chief Financial Officer and strategic advisor with over 20 years of experience scaling high-growth technology companies. He has served as CFO for Blade Network Technologies, Coupa Software, Saba, and Cyara, where he led financial strategy, operational transformation, and successful exits to both private equity and corporate acquirers.In his leadership roles, Mark has consistently emphasized the importance of robust cybersecurity practices—not only to mitigate risk, but also to enhance enterprise value and acquisition readiness. His experience spans IPO preparation, M&A execution, and building finance teams that deliver actionable insights.Mark holds a business degree from the University of St. Thomas and is a graduate of the Stanford Executive Program at the Stanford Graduate School of Business.
Ali Zaher
Cybersecurity Vulnerability Manager
About
Saeed Abbasi
Sr Manager, Product Management for Security Research
About
Shailesh Athalye
Sr. Vice President, Product Management
About
As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.
Dilip Bachwani
CTO & EVP, Cloud Platform
About
As the Chief Technology Officer and Senior Vice President of the Qualys Cloud Platform, Dilip is responsible for leading global product development, data and platform engineering, DevOps, site reliability engineering, cloud operations and customer support across Qualys’ broad security product portfolio. Dilip joined Qualys in 2016 to drive Qualys’ own internal digital transformation efforts and has been instrumental in helping scale the technology and organization in support of the company’s accelerated product growth and transformation into a unified security platform. Prior to joining Qualys, Dilip served in multiple engineering leadership roles at various mid-sized and large organizations to build and deliver complex, scalable, distributed enterprise SaaS products and big data cloud platforms. Dilip has a bachelor’s degree in electronics engineering from the University of Mumbai and a master’s degree in computer science from Ball State University.
Brad Bell
CIO
About
Spencer Brown
Product Manager
About
Chris Catanzaro
VP Global Channels & Alliances
About
Shrikant Dhanawade
Director, Product Management
About
Shrikant Dhanawade is Director of Product Management, responsible for Cloud Security products in Qualys. He has more than a decade working experience in Cloud Automation, Cloud Security, DevSecOps with a demonstrated history of working in the Cybersecurity Products and information technology industry. Previously, Shrikant worked for various Cloud Security initiatives with Xoriant and Accenture. Shrikant holds a Bachelor of Engineering Degree in Computers from Mumbai University and Executive Program in Global Business Management from IIM Calcutta.
Mayuresh Ektare
Vice President, Product Management, ETM
About
Lavish Jhamb
Sr. Product Manager, Compliance solutions
About
Lavish Jhamb is Sr. Product Manager, Compliance solutions at Qualys, focused on building security solutions such as ‘Custom Assessment and Response’ and ‘File Integrity Monitoring’ and helping customers assess and improve their security and compliance posture. He has over 7 years of experience working on security solutions, regulatory standards, and cyber security frameworks, with thorough understanding of operating systems. Lavish holds a bachelor’s degree in computer engineering from the Kurukshetra University Institute of Engineering and Technology and a Post Graduate Diploma in IT Infrastructure, Systems and Security from CDAC Pune.
Anu Kapil
Sr. Product Manager
About
I am the Sr Product Manager for Compliance Solutions here at Qualys. I have been with Qualys for over 7 years working in engineering and product role. As a product manager for Qualys, my primary focus is on helping organizations meet there security and compliance needs leveraging Qualys Policy compliance and cloud platform.
Himanshu Kathpal
VP, Product Management, Platform and Technologies
About
Himanshu Kathpal is VP, Product Management, Platform and Technologies at Qualys. He has over 13 years of experience in cybersecurity and product management, with a specialization in vulnerability management, remediation, and next-generation endpoint security. Himanshu is passionate about developing security solutions that align with the company’s cybersecurity product strategy to meet customer needs, reduce the attack surface, and strengthen the organization’s security posture. He holds a master’s degree in engineering from D.Y.Patil University, Pune, as well as an MBA in International Business Management from NMIMS, Mumbai.
Alex Kreilein
VP Product Security & Public Sector Solutions
About
Alex Kreilein is Vice President of Product Security at Qualys. He leads efforts to deliver secure, resilient, and trustworthy products by focusing on portfolio risk management, vulnerability management, automation, and developer enablement. Previously, Alex led security, reliability, and performance programs for mission-critical workloads at Microsoft Azure. Alex has been the CISO of a cloud-native critical infrastructure company, a leader with the Department of Homeland Security, and a multi-time entrepreneur. He holds graduate degrees from CU Boulder and the U.S. Naval War College.
April Lenhard
Principal Product Manager
About
Eran Livne
Senior Director, Endpoint Remediation
About
Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti’s enterprise security and endpoint security and management solutions. Eran holds a bachelor’s degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.
Karun Malik
VP, Strategic Alliances and Channel Development
About
Karun leads Qualys’ worldwide strategic alliances and channel partnerships with MSSP’s, VAS partners, consultants and resellers. A computer engineer with a passion for cybersecurity, he has been at Qualys since 2013, supporting and helping grow its business with channel partners globally. Today, Qualys powers security and compliance solutions for the majority of MSSP’s in Gartner’s Magic Quadrant for Managed Security Services.
He has been a cybersecurity and cloud advocate since his early days at HCL Technologies, one of the large global systems integrators, where he ultimately led cybersecurity pre-sales and business development for North America . Karun’s experience includes advising CIO’s and CISO’s of large fortune 500 organizations on adapting cybersecurity programs for the digital and hyperconnected age. He has a bachelor’s degree in computer engineering from the University of Pune and a post-graduate Management degree in Business Administration (M.B.A.) from Amity University, India.
Abhinav Mishra
Director, Product Management
About
Abhinav Mishra is Product Management Director at Qualys, where he drives strategic initiatives to advance the company’s container security offerings. With a strong focus on risk-based operations and go-to-market alignment, he works across product, engineering, and field teams to deliver impactful security outcomes for global enterprises. He brings over a decade of experience spanning product leadership, software engineering, and GTM strategy. Prior to Qualys, Abhinav led container security at Uptycs, a CNAPP vendor, and spearheaded Kubernetes multi-tenancy and developer self-service initiatives at Rafay. He began his career at VMware, where he spent five years as a software engineer focused on cloud networking and security. Abhinav holds a bachelor’s degree in computer engineering from Columbia University and an MBA from the Kellogg School of Management
May Mitchell
CMO
About
May Mitchell is the Chief Marketing Officer (CMO) at Qualys, where she spearheads global marketing strategy, drives business growth and pipeline contribution collaborating closely with Sales and Partners to implement scalable programs that accelerates customer acquisition, retention, and expansion. With a proven track record in aligning marketing initiatives to corporate objectives, May plays a pivotal role in strengthening Qualys’ market position as an industry leader in cybersecurity and risk management.
May brings over 25 years of experience in cybersecurity marketing, specializing in go-to-market strategies that deliver measurable impact. Her career includes 15 years in executive leadership, with three terms as CMO, at companies like HUMAN Security, Ontinue, iboss, Cylance, Symantec, Forcepoint, and McAfee, where she consistently drove innovation and growth.
May has been honored as one of CRN’s Power 100 Women of the Channel for 13 consecutive years, named among the Top 50 Women in Cybersecurity by CyberScoop, and received the prestigious OnCon Top 50 Marketer Award for three consecutive years.
She holds a bachelor’s degree in computer science from California State University and has completed engineering management programs at Santa Clara University.
Kunal Modasiya
Sr. Vice President, Product Management
About
Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.
Shawn O'Brien
Senior Vice President, Sales
About
Russ Sanderlin
Director, SME, VMDR
About
Russ Sanderlin is a U.S. Marine Corps veteran and cybersecurity professional specializing in vulnerability management and risk reduction. As a Director and Subject Matter Expert for Qualys VMDR, he helps organizations strategically mature their vulnerability management programs, moving beyond traditional scanning to risk-based approaches. With a CISSP certification and consulting experience across finance, manufacturing, insurance, and travel, he brings cross-industry insights to help customers strengthen their cybersecurity programs.
Abhishek Singh
VP, Product Management TotalCloud Container, CDR, and SaaSDR
About
Jonathan Trull
CISO & SVP Customer Solutions Strategy
About
Jonathan Trull is a longtime security practitioner and CISO & SVP Security Solution Architecture with over 18 years of experience in the cybersecurity industry and is currently the Senior Vice President of Customer Solutions Architecture and Engineering at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. While at Microsoft, Jonathan led the Microsoft Detection and Response Team (DART) whose mission was to respond to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks and included the investigation of and response to the NOBELIUM threat actor campaign which leveraged the SolarWinds supply chain. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA. Jonathan is a veteran of the U.S. Navy finishing his career as a Lieutenant Commander supporting the Information Warfare Domain.
Asma Zubair
Director, Product Management, AppSec, API & Web App Security
About
Agenda
Training Sessions
Conference Sessions
Training is free for all customers. Sign up today as space is limited.
7:30 AM – 5:00 PM
7:30 AM – 8:30 AM
9:00 AM – 12:00 PM
Explore the major use cases across different Qualys applications such as VMDR, CSAM, Eliminate, and Policy Audit. Understand how different modules on the platform work together and how best to use them to measure, communicate, and reduce cyber risk.
Difficulty: Beginner to Intermediate
Recommended for: New User, Evaluator, Decision makers, Partners, Practitioners, CISOs
Products Covered: VMDR, CSAM, TruRisk Eliminate, Policy Audit
9:00 AM – 12:00 PM
Go beyond the basics with advanced scanning techniques for VMDR and Policy Audit. This session covers best practices for configuring scans, verifying scan coverage, optimizing performance, and troubleshooting common issues to ensure accuracy and efficiency.
Difficulty: Intermediate to Advanced
Recommended for: Practitioners, Risk Managers
Products Covered: VMDR Scanning, Policy Audit Scanning
9:00 AM – 12:00 PM
Learn how to measure, manage, and communicate risk in your web applications and APIs. This session covers key concepts in application security, including best practices for using Qualys TotalAppSec to protect modern web environments.
Difficulty: Intermediate
Recommended for: Practitioners, Evaluators, App Sec Engineers, Web App Developers
Products Covered: TotalAppSec
12:00 PM – 1:00 PM
12:00 PM – 5:00 PM
Come get your Conference swag here.
1:00 PM – 4:00 PM
Learn how to reduce organizational risk with increased efficiency by adopting TruRisk. This class includes TruRisk adoption, a deep dive into how TruRisk scores are calculated, asset tagging and criticality, and how you can unify your risk surface management with Qualys Enterprise TruRisk Management (ETM).
Difficulty: Intermediate to Advanced
Recommended for: Practitioners, Risk Managers, CISOs
Products Covered: VMDR, CSAM, ETM
1:00 PM – 4:00 PM
Learn how to empower your cloud security team to measure, communicate, and reduce risks across your multi-cloud and container environments through a unified approach.
Difficulty: Intermediate
Recommended for: Practitioners, Evaluators, Cloud Security Engineers, DevSecOps
Products Covered: TotalCloud
1:00 PM – 4:00 PM
This training course provides a focused understanding of Policy Audit using the Qualys Enterprise TruRisk™ Platform. Participants will learn how to assess and enforce compliance across their IT environment by leveraging the controls, configuring audit policies, running scans, generating meaningful reports, and remediating identified issues. The course is designed to help organizations simplify compliance and “Stay always audit ready."
Difficulty: Intermediate
Recommended for: Practitioners, Evaluators, Compliance Managers
Products Covered: Policy Audit, CAR
Training is free for all customers. Sign up today as space is limited.
7:30 AM – 6:00 PM
7:30 AM – 8:30 AM
9:00 AM – 12:00 PM
Risk Remediation isn’t just about patching. Explore and understand all options you can use to reduce risk effectively via patching, mitigation, and asset isolation.
Difficulty: Beginner to Intermediate
Recommended for: All levels, Risk Managers, Evaluators, Partners, Practitioners, CISOs
Products Covered: TruRisk Eliminate, CAR, Mitigate, Isolate, ETM
9:00 AM – 12:00 PM
Learn how to reduce organizational risk with increased efficiency by adopting TruRisk. This class includes TruRisk adoption, a deep dive into how TruRisk scores are calculated, asset tagging and criticality, and how you can unify your risk surface management with Qualys Enterprise TruRisk Management (ETM).
Difficulty: Intermediate to Advanced
Recommended for: Practitioners, Risk Managers, CISOs
Products Covered: VMDR, CSAM, ETM
9:00 AM – 12:00 PM
This technical session will guide you through using Qualys APIs to automate tasks, streamline configurations, and improve your risk posture using the Enterprise TruRisk Platform. Learn to implement best practices in your subscription using Qualys APIs.
Difficulty: Advanced
Recommended for: Practitioners, Partners
Products Covered: VMDR, Policy Audit, CSAM, Tagging
10:00 AM – 4:00 PM
Exclusive event for Qualys Partners, attendance subject to approval.
12:00 PM – 1:00 PM
12:00 PM – 7:00 PM
Come get your Conference swag here.
1:00 PM – 4:00 PM
Explore the major use cases across different Qualys applications such as VMDR, CSAM, Eliminate, and Policy Audit. Understand how different modules on the platform work together and how best to use them to measure, communicate, and reduce cyber risk.
Difficulty: Beginner to Intermediate
Recommended for: New User, Evaluator, Decision makers, Partners, Practitioners, CISOs
Products Covered: VMDR, CSAM, TruRisk Eliminate, Policy Audit
1:00 PM – 4:00 PM
Learn how to search your vulnerability findings with precision using advanced QQL, and visualize actionable risk-based insights using Unified Dashboards.
Difficulty: Intermediate to Advanced
Recommended for: Practitioners, Risk Managers
Products Covered: CSAM, VMDR, ETM
1:00 PM – 4:00 PM
Join Qualys subject matter experts for an interactive training designed around your feedback. This advanced session will explore real-world use cases and common troubleshooting scenarios suggested directly by customers and seen in the field by our SMEs.
5:30 PM – 7:00 PM
7:15 AM – 8:45 AM
7:30 AM – 5:00 PM
7:30 AM – 5:00 PM
Come get your Conference swag here.
8:45 AM – 8:55 AM
Shawn OBrien
SVP Global Sales, Qualys
8:55 AM – 9:25 AM
Kip Boyle
Cyber Resilience Thought Leader, Cyber Risk Management Podcast Host, Cyber Risk Opportunities
Kip Boyle compares fire safety to cybersecurity, emphasizing that cyber threats constantly evolve unlike static risks. He argues organizations must abandon outdated approaches, manage cyber as dynamic risk, and embrace AI-powered resilience (being “hard to hack and fast to fix”) for proactive defense in today’s volatile digital landscape.
9:25 AM – 10:15 AM
Sumedh Thakar
President & CEO, Qualys
10:15 AM – 10:45 AM
10:45 AM – 11:30 AM
Shailesh Athalye
Senior Vice President, Product Management, Qualys
11:30 AM – 12:00 PM
Jonathan Trull
CISO & SVP Customer Solutions Strategy, Qualys
Tom Berquist
Former CEO, Cloud Software Group, Board Member, Qualys
Jim Reavis
CEO, Cloud Security Alliance
Mark Verbeck
Former CFO at Coupa, Blade Networks, and Cyara
CISOs are under increasing pressure to demonstrate that cybersecurity is not just a cost center, but a strategic enabler of business resilience and growth. Yet too often, security leaders struggle to connect with their CFOs and other executives in terms that resonate. This session offers a practical playbook for aligning cybersecurity strategy with financial priorities. Attendees will learn how to translate technical risk into business value, frame security investments in terms of ROI and cost avoidance and communicate with metrics that matter to the boardroom. Through proven approaches and real-world examples, participants will gain the tools to build stronger partnerships with CFOs, secure executive buy-in, and position cybersecurity as a driver of organizational success.
12:00 PM – 1:30 PM
1:30 PM – 2:00 PM
Technical Track
Mayuresh Ektare
Vice President, Product Management, Enterprise TruRisk Management, Qualys
As cyber threats become increasingly sophisticated and regulatory pressures intensify, security leaders face growing pressure not only to detect vulnerabilities but also to actively manage and communicate risk in real-time.The Risk Operations Center (ROC) is emerging as the strategic nerve center for proactive, data-driven risk reduction. However, operationalizing the ROC at scale means going beyond dashboards and alerts; it requires an intelligent, automated approach that unifies security signals, business context, and response workflows. In this session, we'll explore how Qualys ETM, powered by Agentic Al, enables organizations to shift from reactive security postures to continuous, measurable risk mitigation. Attendees will learn how Agentic Al autonomously correlates threat intelligence, asset criticality, and exploitability data to cut through the noise and spotlight the risks that truly matter.
Whether you're a CISO defining your strategic roadmap or a security leader optimizing existing processes, this session will deliver actionable insights on how to:
- Transform vulnerability data into prioritized, business-aligned risk signals- Automate triage and remediation at scale with context-aware playbooks- Build a unified risk narrative for executives and boards
Business Track
Richard Seiersen
Chief Risk Officer, Qualys
Douglas Hubbard
Founder, Hubbard Decision Research
Tony Martin-Vegue
Technology Risk Consultant, Author, 95 Risk Advisory
Security leaders must translate cyber risk into business terms—financial impact, strategic priorities, and governance metrics. In this moderated session, Richard Seiersen, joined by cyber risk experts Tony Martin-Vegue and Doug Hubbard, will explore how to shift from attack-surface metrics to a risk-surface perspective that business leaders can act on. The discussion will highlight practical frameworks and quantification models that connect vulnerabilities and threats to measurable business outcomes. Panelists will share real-world examples of how organizations are redefining cyber risk in ways that inform decisions, strengthen governance, and elevate cybersecurity as a business enabler. Attendees will leave with actionable strategies to close the communication gap between security and leadership and ensure cyber risk is managed as a core business priority.
2:00 PM – 2:30 PM
Technical Track
Eran Livne
Sr. Director, Endpoint Remediation, Qualys
Lavish Jhamb
Manager, Product Management - TruRisk Eliminate, Qualys
Tom Scheffler
Security Manager, Cintas
Security finds the risks. IT gets stuck fixing them. The result? Security teams are buried in findings, IT teams are drowning in tickets, and progress on reducing exposure is too slow.Qualys Eliminate closes that gap. It connects detection to action with automated, prioritized remediation—so Security can assign the right fixes to IT, with the proper context, at the right time.
The payoff:
• Clear, streamlined handoffs from Security to IT.
• Fixing what matters first instead of chasing endless lists.
• Automated workflows that cut exposure windows and keep both teams in sync.
Because spotting risks doesn't make you safer, eliminating them does.
Business Track
Richard Seiersen
Chief Risk Officer, Qualys
Brendan Hall
Sr. Vice President, Alliant
Scott Stransky
Head of Cyber Risk Intelligence Center, Marsh McLennan
2:30 PM – 3:00 PM
Technical Track
Kunal Modasiya
Senior Vice President, Product Management, Qualys
Christy Sluder
Manager, HCA Healthcare
Vulnerability management is evolving. It's no longer just about finding and patching flaws, but about understanding and reducing risk across your entire attack surface. With VMDR and Cyber Security Asset Management, you've already laid the groundwork, giving teams visibility, control, and scalable prioritization across complex environments. The Qualys Risk Operations Center (ROC) means moving past whack-a-mole scans and into strategic exposure management, driven by business impact and financial relevance. Leveraging prompt-driven Cyber Risk Agents, Qualys helps security teams navigate, analyze, and act on exposure data with context, speed, and accountability, transforming fragmented data into clear action.
In this session, you'll see how you can elevate your current VMDR and Cybersecurity Asset Management deployment and build an effective ROC to orchestrate unified risk insights and drive real-time, coordinated response at scale. We'll also explore how Al supercharges this journey, helping your teams work faster, smarter, and with greater impact.
Business Track
Brad Bell
Chief Information Officer, Qualys
Tom Berquist
Former CEO, Cloud Software Group, Board Member, Qualys
Ralph Loura
Chairman of the Board, SustainableIT
3:00 PM – 3:30 PM
3:30 PM – 4:00 PM
Technical Track
Kunal Modasiya
Senior Vice President, Product Management, Qualys
Shrikant Dhanawade
Director, Product Management, Cloud Security, Qualys
Terry Barber
Sr. CyberSecurity Manager, American Express Global Business Travel
Cloud environments drive innovation, agility, and growth; however, every advance brings new security challenges, ranging from misconfigurations and API exposures to the pitfalls of the shared responsibility model. As enterprises rapidly migrate workloads and modern apps to the cloud, the complexity of managing risk and compliance increases, and traditional siloed security strategies can't keep pace. Competitors may claim CNAPP coverage, but without deep application security integration and true code-to-cloud visibility, critical risks remain hidden.
This session explores blind spots in multi-cloud and app security, exposes today's fragmented defenses, and shows how Qualys helps DevSecOps, CloudSecOps, and security leaders stop attack paths early—at the code and app layer—before they become costly incidents.
Key Takeaways — What You'll Learn:
• How the Qualys Risk Operations Center for Cloud prioritizes vulnerabilities, misconfigurations, exposures, and exploitability to surface truly critical risks across cloud and app layers.
• Why Attack Path analysis illuminates hidden lateral movement and privilege escalation routes—and how to disrupt them at the source.
• How code-to-cloud tracing and DevSecOps integrations ensure app and cloud security controls align with modern CI/CD pipelines, fixing risks in-code.
• How FlexScan and Application Security deliver continuous discovery and protection for multi-cloud, web apps, and APls with unified visibility.
• How QFlow automation streamlines remediation and compliance processes to reduce tool sprawl and operational friction.
Stop guessing. Start securing. Gain a precise roadmap to cloud and app-native maturity, built on the pillars of visibility, automation, and intelligence that protect and power your digital future.
Business Track
Tony Martin-Vegue
Technology Risk Consultant, Author, 95 Risk Advisory
Artificial intelligence promises faster, richer insights for cyber risk quantification, but it also brings hallucinations, biases, and overconfidence. This talk explores where AI truly adds value in transforming gut-feel estimates into usable data, and where human judgment and validation remain essential. Attendees will leave with practical strategies to integrate AI into their risk workflows without losing rigor or credibility.
4:00 PM – 4:30 PM
Technical Track
Abhishek Singh
VP, Product Management, Qualys
Abhinav Mishra
Director, Product Management - TotalCloud, Kubernetes & Container Security, Qualys
Antonio Anderson
Vice President, Information Security & IT, Somos, Inc.
Containers have become the backbone of modern applications, but with them comes a new challenge: risk that never sleeps. SOCs are flooded with alerts, ROCs are overwhelmed by vulnerabilities, and security teams face a losing battle as baselines constantly regress due to new workloads and findings. Attackers are moving faster while security budgets aren't keeping pace.
In this session, we'll explore how to bring risk operations thinking to containers — shifting from endless detection and fire drills to dollar-optimized, risk-appropriate action. You'll see how Qualys TruRisk quantifies and prioritizes vulnerabilities using 25+ threat feeds, toxic combination analysis, and business criticality. We'll demonstrate how to prevent regressions with controls at build, deployment, and runtime, and how code-to-cloud remediation paths map risks back to the code and resources that introduced them—enabling teams to fix issues earlier and address them at the source.
Finally, we'll cover how container-native detection and response, full Kubernetes visibility, and Cybersecurity Asset Management-powered software catalog intelligence eliminate blind spots — even in serverless and standalone workloads.
Business Track
Alex Kreilein
VP, Product Security & Public Sector Solutions, Qualys
Charity Otwell
Critical Security Controls, Center for Internet Security
Alex Reid
Offering Leader, DivisionHex, Coalfire
Mohammed Siraj
Vice President, MUFG
Security burnout is no longer a side effect of the job – it’s a crisis. The relentless fire drills of compliance audits, urgent findings, and “check-the-box” mandates keep leaders stuck in tactical mode instead of building resilient programs. But we also know the way out: automation, continuous monitoring, and risk-based prioritization. It’s time to focus on the important enablers that bring predictability to our work, empowering us to take on priorities we never seem to prioritize.
In this candid session, Alex Kreilein, VP of Product Security & Public Sector Solutions at Qualys, will challenge the status quo of security program management. Learn how to transform compliance into confidence, audits into sustainable readiness, and security investments into measurable resilience. Walk away with a new perspective on how to protect your teams from burnout while positioning your organization to lead with trust, efficiency, and operational strength.
4:30 PM – 4:35 PM
Technical Track
May Mitchell
CMO, Qualys
Business Track
Shawn OBrien
SVP Global Sales, Qualys
5:15 PM – 6:30 PM
Courtney Burr
Senior Security Solutions Architect, Qualys
Jatinder Pal Singh
Director Product Security Risk and Compliance, informatica
This is a capture the flag competition, putting your knowledge of the Qualys Platform to the test. With prizes to be won, do you have what it takes to be a Qualys Risk Buster? Join the Qualys Risk Buster Contest and Lead the Charge in Cyber Defense!
7:15 AM – 8:45 AM
7:30 AM – 3:00 PM
7:30 AM – 1:00 PM
Come get your Conference swag here.
8:45 AM – 9:15 AM
Richard Seiersen
Chief Risk Officer, Qualys
“Both strategy and execution at their core involve making choices under uncertainty, competition, and constraints.” – Roger Martin
Hindsight is always 20/20 after major cyber incidents. But what if you could peer into the future—imperfectly, incompletely, yet meaningfully? To do so, you must stretch your risk management mindset like a seasoned yogi. Embrace uncertainty without confusing it with unknowability. From this foundation, you can discern the realm of plausible loss scenarios and, critically, translate that understanding into measurable, actionable steps. This is the practice of Risk Yoga: flexing strategic insight into practical risk-driven action.
9:15 AM – 9:30 AM
Shawn OBrien
SVP Global Sales, Qualys
9:30 AM – 10:00 AM
Dilip Bachwani
CTO and EVP, Cloud Platform, Qualys
Jim Reavis
CEO, Cloud Security Alliance
Generative and agentic AI are redefining how enterprises innovate and defend against threats. In this fireside chat, Qualys CTO, Dilip Bachwani and Jim Reavis, CEO of the Cloud Security Alliance, will explore how autonomous AI agents can drive efficiency, reduce cyber risk, and reshape compliance strategies. They’ll discuss securing AI models and supply chains, community collaboration on responsible AI practices, and CSA’s global initiatives, such as AI safety frameworks and certification programs. Attendees will gain insights into balancing innovation with governance to accelerate AI adoption responsibly.
10:00 AM – 10:30 AM
Chris Catanzaro
Vice President, Global Channels & Alliances, Qualys
Furey DiDomenico
Principal Security Architect, GuidePoint Security
Neel Sata
Co-Founder and GM, Cyber, ImagineX Digital
Lance Seelbach
Director, Cybersecurity Americas, DXC Technology, LLC
Johnny Shaieb
Exposure Managrement, Global Delivery Manager and Chief Architect, IBM
Nathan Shock
Global Director Security Operations, Kudelski Security
10:30 AM – 11:00 AM
11:00 AM – 11:30 AM
Saeed Abbasi
Sr. Manager, Product Management for Security Research, Qualys
Organizations today are trapped in a perpetual game of "risk whack-a-mole," chasing thousands of raw vulnerability counts without a clear, strategic priority. This session deconstructs the modern threat landscape to reveal a reality starkly different from what traditional metrics suggest. We will expose how the common reliance on conventional approaches is not just irrelevant but dangerously misleading, as it causes security teams to overlook weaponized vulnerabilities that are actively fueling massive ransomware campaigns.
This keynote delves into the modern attacker's playbook. It exposes the industrialized nature of modern attacks, where an efficient ecosystem iterates on known weaknesses in automated campaigns rather than relying on novel innovation. Furthermore, we will reframe ransomware not as an encryption problem but as a data breach crisis characterized by multi-faceted extortion schemes that now include weaponizing regulatory compliance. This session moves beyond theory to expose the attacker's real playbook, sharing a framework that translates real risk telemetry into quantifiable business risk.
11:30 AM – 12:00 PM
Anu Kapil
Sr. Manager, Product - Compliance Solutions, Qualys
Joshua McDonald
Senior Policy Compliance Architect, Comerica
12:00 PM – 12:30 PM
Himanshu Kathpal
VP, Product Management, Platform and Technologies, Qualys
Corey Amsler
Director - Risk Management: EVM, GE Vernova
Firewalls stop packets, not privilege abuse. With attackers bypassing perimeters and diving straight into Active Directory and Entra ID, it's time to make identity posture the new risk surface. In this session, discover a fresh way to strengthen your Risk Operations Center against today’s identity-driven threats. Key Takeaways Why identity is the new attack surface and how it's being exploited Learn how to unify visibility across cloud, hybrid, and on-prem identities See how to map identity risks to real-world threats through deep correlation across assets, misconfigurations, and vulnerabilities. Walk away with actionable steps to enforce least-privilege, reduce access risk, and boost compliance.
12:30 PM – 1:30 PM
1:30 PM – 2:00 PM
Technical Track
Asma Zubair
Director, Product Management, AppSec, API & Web App Security, Qualys
Joe Moore
Cybersecurity Architect, Siemens
The application attack surface is rapidly expanding with the adoption of generative and agentic Al. Traditional security testing tools often miss AI-driven components, leaving blind spots that attackers can quickly exploit.
In this session, you'll learn how to assess and manage application risk holistically. We'll explore how Al and LLM usage impacts an application's risk profile, how to test modern apps holistically, prioritize risks effectively, streamline remediation across development and security teams, and continuously monitor for real-world exploitability, turning visibility into actionable security at scale.
Key Takeaways
• Discover your attack surface: Identify known, unknown, and forgotten applications and APls, their interconnections, and embedded AI/LLM usage.
• Strengthen application security posture: Manage risks across traditional and AI-powered components in one integrated program.
• Protect sensitive data: Detect data exposure risks and assess exploitability with comprehensive testing.
• Accelerate secure releases: Streamline workflows to balance security and speed to market.
• Build resilience and trust: Reduce breach risk, improve security maturity, and increase customer confidence.
Business Track
Lavish Jhamb
Manager, Product Management - TruRisk Eliminate, Qualys
PCI DSS 4.0 mandates File Integrity Monitoring (FIM) and File Access Monitoring (FAM) across all critical systems to detect unauthorized changes. This session demonstrates how Qualys FIM ensures complete coverage of PCI 4.0 requirements by closing compliance gaps. You’ll also discover what’s new in PCI 4.0 for FIM and which reports to present to auditors for a successful assessment.
2:00 PM – 2:30 PM
Technical Track
April Lenhard
Principal Product Manager, Qualys
With threat intelligence, timing is everything; yet, most companies don't know how their risk identification times truly compare with those of their peers for proactive risk-related remediation. With Qualys' Enterprise TruRisk Management, organizations can finally benchmark median time to detect (MTTD) and median time to remediate (MTTR) across peer groups, segmented by industry. These insights extend beyond vanity metrics, providing critical context that reveals whether your team is lagging, leading, or in line with the competition. By transforming raw performance data into actionable intelligence, leaders can prioritize investments and drive measurable improvements. Today's session will reveal how benchmarking elevates threat intel from isolated metrics to a powerful tool for resilience and risk reduction.
Business Track
Russ Sanderlin
Director, SME, VMDR, Qualys
Jon Blevins
Cybersecurity Director, ASR - Threat & Exposure Management, Syniverse
Vulnerability management is more than a compliance requirement. It is the foundation for a strategic and effective risk program. In this session, we will show you how to gain confidence in your current VMDR practices, maximize their impact, and build the foundation for the next level of risk maturity with Qualys Enterprise TruRisk Management. Learn how to strengthen your program today while preparing for proactive, continuous risk reduction in the future.
2:30 PM – 3:00 PM
Technical Track
Kunal Modasiya
Senior Vice President, Product Management, Qualys
Asma Zubair
Director, Product Management, AppSec, API & Web App Security, Qualys
As organizations rapidly integrate generative into products and workflows, security and governance challenges are becoming critical. This session will guide you through how to identify, assess, and mitigate AI-specific risks so you can adopt these technologies with confidence. We will discuss: Key Takeaways· Discovery and inventory of your AI attack surface — including LLMs, AI workloads, MCP servers· Threats and vulnerability assessments unique to AI pipelines and agentic behaviors· AI risk assessment and monitoring to stay ahead of evolving threats· Cross-team collaboration — aligning data science, security, and application stakeholders for stronger defense Whether you’re launching your first AI initiative or scaling enterprise deployments, this session provides a clear blueprint for building trust, resilience, and security into your AI journey. Cloud Connectors bridge Qualys & multi-cloud environments, extending visibility to cloud assets while automatically tracking active VMs and removing inactive ones to maintain an accurate inventory
Business Track
Spencer Brown
Principal Product Manager, Cloud Agent, Qualys
Ali Zaher
Cyber Security Vulnerability Manager, SLB
3:00 PM – 3:05 PM
Shawn OBrien
SVP Global Sales, Qualys
3:00 PM – 3:30 PM
Conference Highlights
Explore and secure the digital journey.
Dive into the profound impact of the digital journey and explore how to build in security automation from the data center to the cloud. Industry experts and Qualys leaders discuss automation strategies, preview product roadmaps, listen to your challenges, and answer your questions.
Get inspired
Engage with Qualys’ customer-facing teams and your peers around best practices and user case studies for applying security automation to real-world challenges.
Sharpen your expertise
One day of free training covers forward-looking strategies, best practices to improve effectiveness and productivity, and core and expanded product features to up-level your security program.
Who Should Attend
CIOs, CSOs and CTOs; directors and managers of network, security and cloud; developers and DevSecOps practitioners; Qualys partners and consultants; or any forward-thinking security professionals.
Register NowJW Marriott Houston by the Galleria
Houston, Texas, USA
The Risk Operations Conference will be held at the JW Marriott Houston by the Galleria.
5150 Westheimer Road,
Houston, TX 77056
JW Marriott - Houston, Texas | USA
Conference Pricing
Attendance at ROCon is complimentary. This includes access to all general sessions, breakfast*, lunch and breaks. Travel and hotel accommodations are not included with ROCon or pre-conference training.
*continental breakfast on Monday & Tuesday; buffet breakfast on Wednesday & Thursday
Book Your Hotel Now
FAQs
Qualys is committed to providing a safe and healthy experience for all ROCon participants
As part of our efforts to make ROCon Americas a successful and productive event, Qualys is committed to providing a safe, professional and welcoming environment for all participants. To that end, we require everyone to follow our Code of Conduct.
Code of ConductIf you have any questions, please read our FAQs.
If you still have questions, please call us at +1 (650) 801 6100 or email us at [email protected]
Frequently Asked Questions