Monthly Meetings
Monthly chapter meetings feature cybersecurity industry experts presenting on current topics. Meetings are held in a hybrid format with both Zoom and in-person attendance options at the Mercer Island Community & Event Center.
2026
10 meetings
As organizations increasingly adopt reusable AI components such as agents, prompts, and skills to accelerate productivity, they also introduce new supply chain risks into enterprise environments. This presentation examines how shared AI components—often reused without formal validation—can enable prompt injection, data exfiltration, privilege escalation, and credential harvesting attacks through hidden or malicious instructions embedded in seemingly legitimate tools. Attendees will learn how reuse reshapes the traditional threat model, why responsibility for incidents remains with the adopting team, and what practical steps can be taken to evaluate and safely adopt AI-driven tooling in modern development and content workflows.
About the speaker
Mike Ray is a Principal Security Manager at Microsoft, specializing in AI security, supply chain risk management, and secure development practices. He focuses on helping organizations understand and mitigate the emerging threats posed by reusable AI components in enterprise environments.
About the speaker
Data Protection and Cybersecurity attorney with regulatory enforcement background and technical computer knowledge. Co-hosts The Cyber Risk Management Podcast.
Breaches, data leaks, misconfigurations, increasingly strict laws and regulations have become common enough for IR Teams to require notification strategies. You may be proficient at investigating forensic details, reading packet captures, and analyzing memory dumps but do you have the skills and preparation to write customer notifications of a breach? Can you help translate the details of an incident to your legal team to author the public notice on your website of a personal data leak? If you are part of a Security Incident Response team and want to get ahead of the curve for your media cycle, join us in reviewing the Incident Responders' Guide to Notifications.
About the speaker
JR has a rich history of building security departments and security programs for some of the largest and highly regulated cloud service providers and online services in the industry. In addition to implementing defensive fortifications, he and his teams have a proven track record of crisis management for significant security and privacy related breaches. JR currently leads Product and Application Security at Rocket.