This invitation-only, Chatham House Rule working session will focus on practical operational, legislative and policy outcomes that enhance national security while supporting enterprise resilience at scale.
Executive networking and arrival for the North Central cohort.
Opening introduction and setting the stage for the day's policy dialogues.
In today’s high-stakes threat environment, cybersecurity leaders are increasingly responsible for translating complex risks into clear, actionable decisions for senior leadership.
Rear Admiral (Ret.) John Kirby brings a unique perspective shaped by decades at the highest levels of government, including service as a senior spokesperson and strategic advisor at the White House, Department of Defense, and Department of State. Drawing on this experience, he will share insights on risk management, strategic communication, and decision-making under pressure.
His national security background offers a powerful lens for CISOs navigating uncertainty, aligning with leadership, and shaping enterprise security strategy. This keynote will challenge attendees to think beyond technical solutions and embrace their role as strategic advisors in an increasingly complex threat landscape.
Opus 4.6, XBOW, Raptor, AIxCC, Mythos, and GPT-5.5 have fundamentally redefined the pace of cyber operations. Adversaries can now discover vulnerabilities, chain exploits, and operationalize attacks in minutes—exposing the limits of security, governance, and regulatory models built for a slower era.
This session brings together senior security leaders to establish ground truth around what is actually changing in the post-AI threat landscape, where existing operating models are becoming unfit for purpose, and how leading organizations are adapting. The discussion will explore emerging approaches to controls, workforce design, governance, and board communication in an era where attackers can iterate faster than defenders can identify, authorize, validate, and respond.
Informal dialogue and refreshment break.
For decades, the CVE system has served as the foundation for identifying and managing vulnerabilities across the global cybersecurity ecosystem. Today, it is under mounting strain from exponential growth in volume, increasing demands for speed and accuracy, rising dependency complexity, and fragmentation across stakeholders.
This session examines the current state of the ecosystem across its stakeholders—researchers, vendors, and consumers—and how existing incentive structures are shaping behavior, often in misaligned ways. Participants will work to better understand the incentives (and disincentives) for timely, accurate reporting, and identify the safeguards needed to encourage behavior that serves the integrity and effectiveness of the broader ecosystem.
The Cyberspace Solarium Commission issued its landmark report in March 2020, outlining 83 recommendations for Congressional and Executive action. Together, these defined a a clear architecture for how the public and private sectors should interact to protect national interests, support business resilience, and enable CISOs to operate effectively.
This discussion examines the overall architecture—where implementation falls short, where gaps and misalignment persist, and what must change to meet current and emerging threat realities. Participants will define the actions required to support and advance the essential elements of this architecture—and modernize it for today’s threat realities.
Summary of key takeaways and next steps for continued engagement.
Director, Institute of Politics | University of Chicago