Feb 10-11, 2026 - TheLink Columbia, Maryland

Defend The Railroad Collaborative

2026 Agenda

Day 1
Day 2
TAC LOGO (1)
Cylus
Amtrak-logo
DTR_American-Short-Line-1
aarW
CS_Logos_2020_InlineWhite
65c7a3074ffc10e174acbef7_guidepoint
ftnt-federal-logo-white
Cyware_Logo_512X100_Cyware_Logo_512X100_BlackTxt-1
armis-logo-png
DTR26_SpeakersSponsors
BVI.PA_BIG.D-9d953cc6
Recorded_Future_Logo-white
Claroty Logo
DATAMINR logo
COPT Defense

Join two days of collaborating on Railway Cyber Security. Engaging keynote sessions, expert panels, tabletops, and roundtable discussions will advance railway cyber resilience.

Day 1

Registration and Light Breakfast

7:30 - 8:30

Welcome & Opening Remarks

8:30 - 8:45

Katie Savage

Secretary / State Chief Information Officer, Maryland Department of Information Technology

Assessing and Mitigating Risk for Critical Infrastructure: A DoW Perspective

8:45 – 9:25 AM

Mr. John J. Garstka

Director, Cyber Warfare, OUSW Acquisition & Sustainment
U.S. Department of War

Keynote: Cybersecurity Hygiene

9:30 – 10:10 AM

Keisha Braden

Cybersecurity Surface Inspector
Transportation Security Administration Department of Homeland Security

Networking Break

10:15 – 10:45 AM

Panel: Regulatory/Legislative Environment

10:45 - 11:30 AM

Carolyn Hayward-Williams

Director – Office of Railroad Systems and Technology, Office of Safety, Federal Railroad Administration, U.S. Department of Transportation

Janet St. John

Director, Cybersecurity, Association of American Railroads

Keisha Braden

Cybersecurity Surface Inspector
Transportation Security Administration Department of Homeland Security

Brian LaGore

Assistant Vice President – Information Technology
Paducah and Louisville Railway

Gary Eppinger

Vice President, Technology and Chief Information Security Officer
CSX Transportation

Breakout Session

Roundtable: Secure by Design: Governing Workforce GenAI and Agentic AI Development

11:30 PM - 12:15 PM

Breakout Session

Roundtable: The Dual Edge of AI in Rail Cybersecurity: Unlocking the Future for Attackers and Defenders

11:30 PM - 12:15 PM

Breakout Session

Roundtable: Beyond Air-Gap: Transitioning Rail Infrastructure to an Identity-Centric Zero Trust Architecture

11:30 PM - 12:15 PM

Lunch

12:15 – 1:15 PM

Fireside Chat with Cylus and Amtrak

1:15 – 2:00 PM

Miki Shifman

CTO
Cylus

Justin Smith

Acting Senior Director Enterprise Cybersecurity
Amtrak

FRA’s Approach to Protecting Modern and Legacy Safety‑Critical Rail Systems

2:00 – 2:30 PM

Jennifer Gallagher

Cybersecurity and Risk Analysis, Railroad Systems and Technology
Federal Railroad Administration, U.S. Department of Transportation

Networking Break

2:30 – 3:00 PM

Securing Hybrid Identities: Stopping Breaches Where Adversaries Log In

3:00 - 3:30 PM

Karan Sondhi

CTO Global Public Sector, CrowdStrike

International Rail Cybersecurity Standard – IEC 63452

3:30 – 4:00 PM

Melissa Firstenberg

Sr Mgr Fleet Cybersecurity
Amtrak

Town Hall: Audience Q&A with Day 1 Speakers

4:00 – 4:30 PM

Networking Happy Hour Sponsored by Cylus

4:30 - 5:30 PM

Day 2

Registration and Light Breakfast

7:30 - 8:30

Keynote: Operational Awareness: Making Security Part of the Job

8:30 - 9:10 AM

Tariq Habib

Chief Information Security Officer
State of NY Metropolitan Transportation Authority

Risk Reducing Solutions For Rail

9:15 - 9:55 AM

Arun Seelagan

Senior Data Scientist
Cybersecurity and Infrastructure Security Agency (CISA)

Critical Business Engagement

10:00– 10:30 AM

Olivia Phillips

BISO
Amtrak

 

Networking Break

10:30 – 10:45 AM

Hack vs. Track: Hollywood Rail Hacks in Reality Check

10:45– 11:15 AM

Yaniv Mallet

Product Manager
Cylus

Breakout Session

Roundtable: Game Day Disruption

11:15 AM – 12:00 PM

AI Tethering for Rail Security: Building Trust in Critical Infrastructure

11:15 AM – 12:00 PM

Jen Blum

Founder and Principal Consultant
JenAI Group

Breakout Session

Mind the Gap: Securing the Silent Infrastructure That Powers the Journey

11:15 AM – 12:00 PM

Secure the Line: A Unified Maturity Model for Rail Resilience

12:00 – 12:30 PM

Patrick Gillespie

OT Practice Director
Guidepoint Security

Kam Chumley-Soltani

Managing Director OT Security, Armis

Lunch

12:30 – 1:30 PM

Cyber Threats to US Critical Infrastructure: Industrial Control Systems

1:30 - 2:00 PM

Aubrey Wetzelberg

Intelligence Analyst
Federal Bureau of Investigation

Approaches to Detecting Threats in OT Environments

2:00 - 2:30 PM

Josh Russell

Principal Security Architect
CSX

Networking Break

2:30 - 2:45 PM

Strategic Rail Collaboration Needed: Getting Public-Private Cooperation on Track

2:45 - 3:15 PM

Annie Fixler

Director and Senior Fellow, Center on Cyber and Technology Innovation
Foundation for Defense of Democracies

Jiwon Ma

Senior Policy Analyst
Foundation for Defense of Democracies

Town Hall: Audience Q&A with Day 2 Speakers

3:15 - 3:45 PM

Join us on Board. Get Your Pass.

Register Today 

Social

Youtube X-twitter Instagram Linkedin

Sign up to Receive our Newsletter:

TheLink

7000 Columbia Gateway, Suite 150
Columbia, MD 21046
+1 443 626 4450

Home

Get Your Pass

Agenda

Become A Sponsor

Travel & Hotels

Contact TAC - Collaborative Host

TAC Home

About CrowdStrike's Tabletop Exercise

Secure by Design: Governing Workforce GenAI and Agentic AI Development

As federal transportation agencies adopt generative AI to enhance workforce productivity and mission outcomes, security and governance must be built in from day one. From employee use of GenAI tools to the development of agentic AI applications, organizations face new risks around data protection, access, and operational trust. This roundtable will explore how agencies like Amtrak and the FRA are approaching GenAI adoption secure by design—balancing innovation with governance, visibility, and control. Participants will discuss practical considerations for enabling AI safely while maintaining compliance, resilience, and trust across the transportation mission.

About Cylus' Roudtable

The Dual Edge of AI in Rail Cybersecurity: Unlocking the Future for Attackers and Defenders

AI is starting to play a bigger role in rail cybersecurity, from monitoring and detection to supporting response decisions. In some cases, it helps teams see issues sooner and reduce noise. In others, it introduces new risks, including new ways for attackers to automate activity and avoid detection. This roundtable is a practical discussion about how AI is actually being used in rail environments today. We’ll discuss where it makes sense, where it doesn’t, and how operators can put guardrails in place so AI supports human judgment in systems where safety and reliability come first.

About Guidepoint & Armis Tabletop Exercise

Beyond Air-Gap: Transitioning Rail Infrastructure to an Identity-Centric Zero Trust Architecture

For decades, the primary defense for rail signaling, command, and control systems was "security by isolation." However, the acceleration of digital transformation—driven by the need for predictive maintenance, remote asset management, and high-speed connectivity; has rendered the traditional air-gap a relic of the past. As rail networks converge with IT and IoT, the industry faces a critical inflection point: the perimeter is no longer a physical or logical boundary, but the identity of the users and devices accessing the fabric. This roundtable will explore the practical transition from legacy "implicit trust" models to an Identity-Centric Zero Trust Architecture (ZTA).
Participants will engage in a collaborative dialogue on:
The shift from Layer 3 (Network) to Layer 4/5 (Application) connectivity to limit lateral movement. Managing "Machine Identities" in distributed rail environments where traditional MFA is physically or operationally difficult.
Balancing high-security access with the mission-critical need for rapid, remote maintenance during service disruptions.

About Bureau Veritas Tabletop Exercise

Game Day Disruption

To help organizations prepare for the reality of these interdependent threats, Bureau Veritas Cybersecurity is leading live cyber crisis simulations at the upcoming Defend the Railroad event in Maryland.
This immersive experience takes participants out of their comfort zones and places them directly into a high-pressure scenario: A multi-faceted cyberattack strikes multiple railway vendors at the height of the FIFA 2026 World Cup – now what?

Participants will:
- Step into real-world roles such as railway operations, communications, legal, CISO, and IT response
- Navigate evolving incidents based on realistic threat scenarios
- Collaborate under pressure to assess risk, manage communications, and make tough calls
- Gain a hands-on understanding of how operational and cybersecurity decisions must work in tandem

Whether you’re a security leader, IT practitioner, or operational stakeholder, this simulation is a must-attend opportunity to test your readiness and sharpen your response playbook.

About Claroty's Roudtable

Mind the Gap: Securing the Silent Infrastructure That Powers the Journey

While the industry focuses on the "brain" of the train, it often overlooks the "body"—the massive industrial infrastructure of power substations, building management systems, and maintenance depots. This session explores the cybersecurity of the extended rail enterprise, where traditional IT security tools fail and specialized signaling tools don't reach. We will analyze the risks in the "silent" assets—such as traction power SCADA and station life-safety systems—and discuss how a unified Cyber-Physical Systems (CPS) approach can provide the visibility needed to prevent a "minor" infrastructure glitch from becoming a major network-wide service disruption.

We use cookies to ensure the best browsing experience possible

Accept