When:    December 17 | 2025      Attend

This CPE webinar will explore real-world challenges in implementing the NIST Cybersecurity Framework 2.0 (CSF 2.0), examining their consequences and providing actionable strategies to strengthen cybersecurity resilience. Our panel will unpack the complexities of NIST 2.0, highlighting common pitfalls—from misaligned risk assessments and inadequate governance to weak supply chain risk management and inconsistent framework adoption.

Attendees will gain practical insights to overcome these challenges, enhance their security posture, and align with NIST 2.0’s updated guidance for a more resilient future. Topics include:

• Key updates and enhancements in the NIST Cybersecurity Framework 2.0 and their implications for organizational security.
• Common implementation failures, including gaps in risk management, compliance, and governance.
• The impact of these failures on cybersecurity resilience, illustrated through real-world case studies.
• Actionable strategies to mitigate risks and improve alignment with NIST 2.0 standards

Moderator

Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Programme which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.

Panel

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium and the founder of Security Weekly, a security podcast network (acquired by CyberRisk Alliance in 2020). Paul's previous roles have been spent “in the trenches” coding in Python, testing security products, and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management.  

Dirk Schrader is a seasoned expert in cyber resilience and information security processes, Dirk is Global VP of Security Research at New Net Technologies, now part of Netwrix, the leading provider of SecureOps™. A 25-year veteran in IT security with certifications as CISSP (ISC²) and CISM (ISACA), he works to advance cyber resilience as a modern approach to tackling cyber threats. Dirk has worked on cybersecurity projects around the globe, starting in technical and support roles at the beginning of his career and then moving into sales, marketing and product management positions at both large multinational corporations and small startups. He has published numerous articles about the need to address change and vulnerability management to achieve cyber resilience.

Josh Bressers is vice president of security at Anchore where he guides security feature development for the company’s commercial and open source solutions. He serves on the Open Source Security Foundation technical advisory council, is a co-lead of the OpenSSF SBOM Everywhere project, and is a co-founder of the Global Security Database project at the Cloud Security Alliance.