Future Tech DC 2026 General Track Sessions

Transforming Cybersecurity Audit Practices with Agility and Artificial Intelligence (AI): A Strategic and Practical Approach

Presenter: Dr. Linda Kostic (UMUC)

In an era where cyber threats evolve faster than traditional defenses can adapt, the need for a paradigm shift in cybersecurity auditing has never been more urgent. Transforming Cybersecurity Audit Practices through Agility and Artificial Intelligence (AI) presents a groundbreaking approach to modernizing audit methodologies by integrating agile principles and artificial intelligence. The application of agile concepts to audit planning, execution, and reporting, enabling continuous assurance and iterative risk assessment that reduces administrative hours. The transformative role of AI in automating control testing, anomaly detection, and predictive analytics, thereby reducing human error and increasing audit precision.

Dr. Kostic has recently published a new book: Transforming Cybersecurity Audit Practices with Agility and Artificial Intelligence (AI).

Drawing from real-world case studies, industry standards, and emerging technologies, this book provides a comprehensive roadmap for cybersecurity audit, cybersecurity, and information technology professionals seeking to enhance audit and risk management effectiveness and resilience. This book explores how conventional audit frameworks—often rigid, reactive, and siloed—can be reimagined into dynamic, proactive, and intelligent systems that align with the pace of digital transformation. It delves into the application of agile concepts to audit planning, execution, and reporting, enabling continuous assurance and iterative risk assessment that reduces administrative hours. Simultaneously, it examines the transformative role of AI in automating control testing, anomaly detection, and predictive analytics, thereby reducing human error and increasing audit precision.

No experience with Agile or AI is necessary, bring your critical and innovative thinking skills.

Learning Objectives:

• Analyze and differentiate how agile principles can be integrated into cybersecurity audit planning, execution, and reporting to support continuous assurance, iterative risk assessment, and measurable reductions in administrative effort.
• Evaluate and justify the use of artificial intelligence techniques—including automated control testing, anomaly detection, and predictive analytics—to enhance audit accuracy, efficiency, and risk identification while minimizing human error.
• Design and apply an agile, AI-enabled cybersecurity audit approach to dynamic threat environments, demonstrating alignment with governance, accountability, and professional auditing standards.

Where Privacy Meets Security: Building Trust Amid Today’s Challenges and Tomorrow’s Change

Moderator: Matthew D. Kohel (SAUL EWING LLP)

Panelists: Dr. Kyle David (Dr. David, LLC), Danny Izquierdo (Demandbase), Prabhmeet Kohli (Novamorph), and LaTonya E. Clark (Fannie Mae)

Privacy and security are no longer separate conversations. As organizations accelerate digital transformation and adopt AI enabled technologies, security decisions around identity, data access, monitoring, and automation now directly shape privacy outcomes and public trust. This panel discussion explores the critical intersection of privacy and security and why alignment between the two has become essential in the digital age.

Participants will examine the real challenges organizations face in protecting privacy today including managing data across cloud and third party environments, meeting expanding regulatory expectations, balancing visibility with data minimization, and translating privacy principles into operational reality. The discussion highlights where gaps most often appear and how they increase organizational risk.

Looking ahead, the session turns to what is next for privacy. Attendees will gain insight into how emerging technologies, evolving regulations, and shifting stakeholder expectations are reshaping privacy programs. The session offers practical guidance on what practitioners and leaders should be thinking about now to strengthen trust, enable innovation, and remain resilient as the privacy landscape continues to evolve.

Learning Objectives:

• Explore how privacy and security intersect within modern technology environments and organizational risk management practices
• Identify the most pressing privacy challenges organizations face today and understand how security decisions can either mitigate or amplify those risks.
• Prepare for what lies ahead in privacy by applying forward looking considerations to security strategy, governance, and leadership decision making.

Beyond the Checklist: A Deep Dive into Third-Party AI Risk and “Shadow AI” Governance

Moderator: Kelly Siu (Meta)

Panelists: Mike Kenney (Freddie Mac) and Thadi Murali

How can organizations manage AI risks without stifling innovation and adoption but still meet regulatory expectations and not do harm?

AI innovation and risk are about use and context, making data and privacy some of the more common risks organizations face. Organizations need to look beyond the use. Understanding how AI enters and connects to the organization are equally important. Employees must be vigilant about whether the information they input is safe, permissible, or potentially exposing proprietary data. Employees must also be aware of what AI tools are permissible and what is not.

Doing no harm and having the appropriate guardrails goes beyond the traditional risk organizations and functions. Besides Information Security, Privacy and Risk, organizations and functions such as Procurement or Vendor management, Technology intake, product management and system configurations are vitally important in managing risks.

• Shadow AI Risk: When adoption outpaces governance, Shadow AI proliferates beyond IT’s visibility, fundamentally changing how risk must be identified while amplifying data and privacy exposure.
• Third Party AI Risk: Third-party AI compounds these challenges—beyond data and privacy concerns, standard vendor due diligence struggles to assess algorithm behavior that may be opaque even to its creators.

This panel explores practical approaches for risk professionals navigating this terrain—moving from checkbox compliance to risk-aware enablement.

Learning Objectives:

• Evaluate strategies for managing AI risks—including Shadow AI and third-party AI—without hindering innovation or organizational adoption, while ensuring regulatory compliance and ethical standards.
• Discuss the importance of cross-functional collaboration in AI risk management, highlighting how teams beyond Information Security and Privacy contribute to establishing effective guardrails.
• Analyze real-world scenarios where checkbox compliance fails, and recommend risk-aware enablement strategies that support responsible AI innovation.

A Behind-the-Scenes Look at Navigating Trustworthy and Responsible AI from Leading Companies

Moderator: Alexis Appollonia Robinson (Amazon)

Panelists: Dr. Amy Soller (AI Industry SME), Mèlika D Carroll (Cohere), and Diya Wynn (AWS)

Enterprise AI does not succeed or fail at a single point in time. Trust in AI is built across its entire lifecycle from how systems are designed and trained to how they are governed, deployed, and continuously monitored. This panel brings together perspectives from across the AI ecosystem to examine what it truly takes to build and adopt AI responsibly, securely, and at scale.

Panelists will explore the technical realities of building and integrating AI systems, the governance and policy considerations shaping their use, and the responsibility to ensure AI is transparent, fair, and inclusive. The discussion highlights how decisions made early in the AI lifecycle can introduce downstream security and privacy risks, and why collaboration across technical, governance, and leadership functions is essential for enterprise adoption.

This session offers a clear view of how organizations can remain agile while embedding accountability into digital transformation. Attendees will gain practical insight into how security, audit, and risk professionals must evolve their approaches to keep pace with rapidly changing AI technologies while protecting trust and resilience.

Learning Objectives:

• Understand the AI lifecycle from design through deployment and oversight and recognize where security, privacy, and trust risks arise at each stage.
• Identify the interconnected roles, perspectives, challenges and opportunities for enterprise AI adoption, spanning technical execution, governance, and responsible use.
• Adjust risk and security practices to keep pace with the speed of AI innovation, enabling informed decision making without slowing digital transformation.

Inside the CISO Role: What Security Leaders Across Industries Are Facing and How They’re Responding

Moderator: Jesse Whaley (Corticle and Digital Cyber Forge)

Panelists: Andrew Cunje (Appian), Nat Habtesion (Lumen Technologies), Fernando Puerto Mendoza (Inter-American Development Bank), and Ruchi Shewaramani (Washington Health Benefit Exchange)

Cyber risk doesn’t look the same in healthcare, finance, or technology but today’s CISOs are all being asked the same question: How do we move faster without losing trust? This high impact panel brings together CISOs from across industries for an honest, experience driven discussion on the threats, risks, and opportunities shaping security programs right now.

Panelists will unpack how industry specific realities including regulation, data sensitivity, operational constraints, and business pressure drive different security priorities and decisions. At the same time, they’ll surface the shared challenges that cut across every sector, from securing cloud and AI deployments to managing third-party risk, responding to incidents, and communicating risk to executives and boards.

Most importantly, this session focuses on what CISOs are doing next. Attendees will hear how security leaders are prioritizing investments, adapting architectures, and strengthening resilience in the face of growing complexity and uncertainty. In a rare, behind-the-scenes view that is designed to be practical, candid, and forward looking, this session offers concrete insights that attendees can apply immediately.

Learning Objectives:

• Understand how threats, risks, and opportunities differ across industries, and how those differences shape real-world security decisions.
• Identify the common challenges CISOs face regardless of sector, including enabling innovation, managing risks, and responding to security incidents.
• Apply practical lessons from CISO decision making to improve trust, resilience, and security strategy within their own organizations.

Dr. Linda Kostic
Adjunct Cybersecurity Professor @ University of Maryland Global Campus (UMGC)

Dr. Linda C. Kostic is an innovative and accomplished technology, cybersecurity, and risk professional with over three decades of industry experience and a strong passion for education and professional development. She currently serves as an adjunct professor at the University of Maryland Global Campus (UMGC), where she teaches undergraduate and graduate courses in cybersecurity, leadership, and information assurance. Her teaching approach emphasizes practical, real-world application and integrates AI-powered tools to foster engagement and accessibility in online and hybrid classrooms.

Dr. Kostic holds a Doctorate in Information Assurance & Cybersecurity, a Master of Science in Telecommunications, and a Bachelor of Science in Accounting. She brings a unique blend of academic depth and corporate leadership, having held senior roles at Citi, T. Rowe Price, Transamerica, and E*TRADE Financial (now Morgan Stanley). Her expertise spans cybersecurity strategy, information technology and cybersecurity risk management, artificial intelligence, internal audit, threat intelligence, incident response, and governance frameworks including Cobit, NIST, and ISO 31000.

Matthew D. Kohel
Partner @ SAUL EWING LLP
IAPP, CIPM

Matt Kohel represents clients in commercial litigation, intellectual property matters, and with data privacy issues. His experience with intellectual property matters includes claims for the misappropriation of trade secrets, trademark infringement, false advertising, the sale of counterfeit goods, and cases involving a variety of patent issues. In addition, Matt counsels companies that develop and use artificial intelligence (AI) on AI governance and strategy, intellectual property, data privacy, and regulatory and compliance issues. He writes regularly and is a frequent speaker and panelist on AI, especially as related to intellectual property, data privacy, and corporate policies on the use and management of AI in the workplace. Relying on his nearly two decades of experience as a litigator, Matt drafts and negotiates agreements and licenses for businesses, with a focus on protecting intellectual property and proprietary technologies. Also, Matt helps companies develop and implement data privacy programs and is IAPP CIPM-certified.

Dr. Kyle David
Founder @ Dr. David, LLC

Dr. Kyle David is the Founder of Dr. David, LLC, where he has trained more than 7,500 professionals in privacy, AI governance, and security across 125 countries. A Presidential Management Fellow at the U.S. Department of Energy, he led privacy workforce development, built DOE’s AI literacy course, drafted its AI Impact Assessment privacy module, and helped launch EnerGPT. He holds a Ph.D., five IAPP designations, is an ISC2 Associate, and has recently passed ISACA’s Advanced in AI Security Management exam.

Danny Izquierdo
Senior Privacy Program Manager @ Demandbase

Danny Izquierdo is a strategic privacy, cybersecurity, and Governance, Risk, and Compliance (GRC) leader with more than 14 years of experience across public and private sectors. He is recognized for building and scaling privacy and GRC programs in fast-paced, cloud-centric environments—translating regulatory, audit, and security requirements into practical frameworks that embed privacy and security by design while enabling innovation.

At Demandbase, Danny manages the company’s privacy program, leads AI governance privacy reviews, and oversees privacy operations, partnering closely with Legal, Security, Product, and Engineering teams to assess AI-driven risk and support responsible data use. His background spans Big Four federal and commercial IT, cybersecurity and privacy audits, GRC technology programs, financial services compliance, Department of Defense acquisition programs, and high-growth SaaS organizations–giving him an end-to-end perspective on risk, compliance, and assurance.

LaTonya E. Clark
Advisor in the Chief Operating Office (COO) Division @ Fannie Mae

LaTonya E. Clark serves as an Advisor in the Chief Operating Office (COO) Division at Fannie Mae, where she is a strategic leader in enterprise digital transformation and organizational change. She leads initiatives advancing the adoption and responsible scaling of AI across the enterprise, enabling the COO organization to accelerate technology delivery, modernize capabilities, and drive innovation. Her work focuses on translating emerging AI technologies into enterprise-ready capabilities through strategic enablement frameworks, governance models, and adoption strategies that integrate AI into core business operations.

With deep experience leading complex, cross-functional initiatives, LaTonya is recognized for guiding organizations through large-scale transformation by aligning strategy, people, and technology. She has a strong track record of advancing enterprise change leadership, building scalable adoption frameworks, and partnering with executive stakeholders to implement technology strategies that deliver measurable business impact.

LaTonya holds both a Master of Business Administration and a Bachelor of Business Administration in International Business and Marketing from Howard University. Her expertise spans enterprise AI enablement, organizational change leadership, agile transformation, and strategic technology adoption.

Beyond her professional work, LaTonya is deeply committed to civic engagement and philanthropic service in the Washington, DC community, particularly in areas supporting the arts, women and girls, literacy, and global awareness.

She is a Life Member of Alpha Kappa Alpha Sorority, Inc., Xi Omega Chapter, and a member of Cherry Blossom (DC) Chapter of The Links, Incorporated, where she serves as a chartering member and financial secretary. She is also Governance Chair for the Board of Directors of Girls Inc. of the Washington, DC Metropolitan Area. Additional affiliations include The Junior League of Washington (Sustaining Member), Women in Technology, the International Association of Privacy Professionals, National Black MBA Association, and Smithsonian National Museum of African American History and Culture, where she is an Ambassador and Founding Member.

She has been recognized for her professional and community leadership with honors including the Howard University School of Business MBA of the Year Award, Howard University Top 40 Under 40 Emerging Business Leaders, the Pearl & Ivy Educational Foundation President’s Award, and the Deloitte Federal Practice Applause Award.

A native of Charlotte, LaTonya resides in Alexandria. She enjoys tennis, cooking, entertaining, exploring Virginia wineries, and spending time with her nephews and niece.

Prabhmeet Kohli
Founder & CEO @ Novamorph
CIPP/US, CIPM

Prabhmeet is the founder of Novamorph, a data privacy and governance advisory services company that helps organizations achieve privacy compliance and build the foundation for analytics and AI innovation.

Prior to Novamorph, she held executive positions at several financial organizations, including Capital One and Northern Trust, where she launched data and AI solutions while heading data privacy, governance, and risk management.

Prabhmeet completed her executive business analytics program at Harvard Business School and holds an MBA in marketing from John Sperling School of Business. She is a member of the HBR Advisory Council, a Certified Information Privacy Professional (CIPP/US), and a Certified Information Privacy Manager (CIPM).

Kelly Siu
Global Privacy Risk Program Manager @ Meta

Kelly Siu is a Global Privacy Risk Program Manager at Meta, focused on privacy risk enablement. With over 20 years of experience across governance, risk, audit, and compliance at Meta, Freddie Mac, and KPMG, she works on practical, scalable risk and control frameworks in an evolving regulatory landscape.

Mike Kenney
Vice President of Enterprise Operations and Technology (EO&T) Operational Risk @ Freddie Mac

As Vice President of Enterprise Operations and Technology (EO&T) Operational Risk, at Freddie Mac, Mike heads the first line of defense risk management department. His scope of responsibilities includes risk identification and assessment, Enterprise AI governance, and inclusive of third-party, cyber, information and privacy, and compliance with regulatory requirements.

Thadi Murali

Thadi Murali is a seasoned Risk Management and AI leader who guides financial and government sector organizations in leveraging risk to enable secure, responsible, and compliant innovation and AI adoption. Formerly the Director of AI Governance at Freddie Mac and also Managing Principal at leading financial consulting company Capco, he now leverages his expertise as an independent consultant, partnering with innovative startups and established institutions. Murali is a sought-after thought leader and speaker on the evolving intersection of technology risk, data and global finance.

Alexis Appollonia Robinson
Principal Program Manager @ Amazon
CISA, PMP

Alexis Appollonia Robinson is a Principal Program Manager for Amazon in the Washington, DC area and Adjunct Professor for California State, San Bernadino. For the past 15 years, she has served buyers of the cloud, retail sellers, policy makers, compliance organizations, engineering leaders, and security teams by developing and implementing security strategies, collaborating for thought leadership, solving problems, building products, and conducting cybersecurity, engineering, and financial assessments. She graduated with double Bachelors of Science degrees in Accounting and Information Systems from the Robert H. Smith School of Business at University of Maryland, College Park and an Executive Master of Business Administration (MBA) from the Quantic Program. She has worked at several companies including CGI Federal and Ernst & Young before finding her to way Amazon. She is a Certified Information Systems Auditor (CISA) and a Project Management Professional (PMP).

Dr. Amy Soller
Former DOW Senior Executive and AI Industry SME

Dr. Amy Soller is a former Department of War senior executive recognized for her contributions to AI strategy, policy, and mission integration. During her 15-year tenure at the DoW, she rose to serve as the Senior AI Lead, where she directed all AI capability development and production and led the Intelligence Community in the establishment and execution of national-level AI strategy, Following her government service, she led frontier LLM integration for the defense and intelligence enterprise at both NVIDIA and xAI. With over 30 years of experience in technical and executive leadership roles across the government and private sectors, she has overseen and managed multi-billion dollar missions for the Secretary of War and the Director of National Intelligence, supervised and mentored thousands of scientists and engineers, written U.S. national policies on wireless, technical surveillance, and counterintelligence, and stood up and co-chaired two National Intelligence Senior Steering committees in science and technology.

Prior to her government service, Dr. Soller served as a Senior AI Engineer at the MITRE Corporation, a science and technology advisor at the Institute for Defense Analyses, and an Adjunct Professor at George Mason University. She is also a small business owner, having successfully run two independent AI consulting firms over her career. She holds a B.S. in Electrical Engineering from Boston University, M.S. and Ph.D. degrees in AI from the University of Pittsburgh Intelligent Systems Program, and completed a postdoctoral fellowship in Automated Reasoning Systems. She has authored over 100 peer-reviewed publications on AI including several edited journals and books, and has served as the Chair, Steering, or Program Committee member for over 50 national and international conferences on AI, in addition to serving on numerous AI editorial boards. She currently also serves as a member of DARPA’s Information Science and Technology study group.

Mèlika D Carroll
Vice President of Global Government Affairs and Public Policy @ Cohere

Mèlika is Vice President of Global Government Affairs and Public Policy for Cohere, an enterprise AI company. Prior to joining Cohere, she built and led Sonder’s corporate affairs functions as a member of the senior leadership team that took the company public on Nasdaq. Mèlika also serves on the board of directors of Reliability First.

Earlier in her career, Mèlika established a track record in leading the public policy strategy for several Fortune 500 technology companies including Intel, Micron, HP and Salesforce. In addition to her experience in the private sector, Mèlika has worked for national elected officials in Canada and the U.S.; has guest lectured at Harvard Law School, Georgetown University and The Washington Campus; and co-founded the Global Women’s Innovation Network, www.globalwin.org .

Diya Wynn
Principal, Responsible AI, Public Policy @ Amazon Web Services (AWS)

Diya is a technology executive and thought leader at the forefront of digital transformation. With over 25 years of experience across the internet, e-commerce, social media, mobile, cloud, and now artificial intelligence, she brings technical insight and strategic vision to her work. As Principal Responsible AI Lead at Amazon Web Services (AWS), Diya champions the ethical, safe, and inclusive development of AI – empowering organizations and governments to innovate responsibly and build trust in emerging technologies.

Earlier in her career, she worked with startups to scale products toward acquisition and held key consulting roles advising on digital transformation. Today, Diya is a sought-after international speaker, published author, and guest lecturer on responsible and inclusive innovation. She serves on several non-profit boards including the National Alumnae Association of Spelman College and the advisory board for University of St. Thomas Institute for AI for the Common Good, and Jobs for the Future Center for AI, and volunteers with organizations focused on equity, education, and emerging tech talent.

Diya has been widely recognized for her leadership and impact. In 2023, she was named one of Business Insider’s Top 15 People in Enterprise AI, one of the Top 100 People in AI, and one of 100 Brilliant Women in AI Ethics™, among other industry accolades. A proud Spelman College alumna, she also studied the Management of Technology at New York University and completed executive programs in AI and Ethics at MIT Sloan and Harvard University. When she’s not shaping the future of AI, she’s shaping future leaders—starting with her two sons and extending to the many mentees she inspires to color outside the lines, defy the odds, and reimagine what’s possible.

Jesse Whaley
Co-Founder and CEO @ Corticle, Inc
Founder @ Digital Cyber Forge LLC

Jesse Whaley is Co-Founder and CEO of Corticle, Inc., an agentic AI cybersecurity platform delivering autonomous security operations and compliance automation for defense and regulated environments, and Founder of Digital Cyber Forge LLC, where he advises federal agencies, defense industrial base organizations, and technology startups on cybersecurity strategy, AI adoption, and digital transformation. Jesse brings over 20 years of experience building and leading cybersecurity programs across critical infrastructure, the Department of Defense, and the Intelligence Community. As the inaugural VP and CISO at Amtrak, he built the cybersecurity program from the ground up — scaling the team from 3 to over 100 professionals and the security budget from $1M to $80M — while briefing the Board of Directors, congressional committees, and the U.S. Cyber Safety Review Board on national-level threats. Previously, he served as Director of the Pentagon’s Cybersecurity Operations Center, where he designed and executed the Pentagon’s Cyber Defense Strategy, led the transformation of PENTCIRT into a combined operations center serving 56 agencies, and directed large-scale cyber operations against the nation’s most sophisticated adversaries. A U.S. Army veteran and former CID Special Agent and was recognized as the Capital ORBIE CISO of the Year (2024) and Pentagon Senior Civilian Employee of the Year (2017).

Andrew Cunje
Chief Information Security Officer @ Appian

Andrew Cunje joined Appian in May 2021, and brings over 18 years experience in security and compliance initiatives, including experience in the software-as-a-service (SaaS) and platform-as-a-service (PaaS) cloud industries. Previously, Andrew ran security for the Salesforce Public Sector offerings and led strategic initiatives including vaccination platform security, internationally.

Andrew holds a B.S. in Information Technology with a concentration in Information Security and Network Administration from George Mason University as well as completion of the Carnegie Mellon Executive Security Program. Interesting Fact: Andrew is an avid gamer, crypto enthusiast, philanthropist, and motorcyclist!

Nat Habtesion
Senior Vice President, Chief Security Officer @ Lumen Technologies

Natnael (Nat) Habtesion is the Senior Vice President, Chief Security Officer at Lumen Technologies where he leads a converged cybersecurity and corporate security organization. In that capacity, he leads the company’s global security strategy and operations to protect Lumen’s information assets and technologies from threats, enable business growth, and ensure compliance with relevant laws and regulations.

Before joining Lumen, Nat spent over seven years at Discover Financial Services where he served as Senior Director of Cybersecurity. He led cybersecurity risk management, crisis management, third-party information security risk management, and the business continuity program.

Prior to that, Nat served nearly 10 years at the Federal Bureau of Investigation as a senior leader driving intelligence and operational strategy, and leading high-profile initiatives. Nat also previously worked as a consultant supporting federal agencies, as well as an engineer with both Corning, and DuPont.

Nat holds a Bachelor of Science degree in Chemical Engineering from Virginia Tech, a Master of Business Administration from George Mason University, and a Chief Information Security Officer certification from Carnegie Mellon University. In his role at Lumen Technologies, Nat is committed to developing a security aware culture, business resiliency, business enablement, and ensuring the company remains at the forefront of security innovation and solutions.

Fernando Puerto Mendoza
CISO @ Inter-American Development Bank
CISA, CISM, CISSP, GCFA

Fernando Puerto Mendoza is a cybersecurity leader with over 18 years of experience in information security governance, risk management, operations, and resilience. He currently leads the Chief Information Security Office (CISO) at the Inter-American Development Bank. His career spans senior roles in global financial institutions and the United Nations, where he led cybersecurity and assurance initiatives supporting international development, peace and security, and humanitarian operations.

Fernando holds a Master of Engineering in Computer Science from Universidad de Comillas (Spain) and a Master of Arts in Terrorism, Crime, and Global Security from Staffordshire University (UK). He is an active ISACA volunteer and contributor to the cybersecurity profession.

Ruchi Shewaramani
Chief Information Security Officer @ Washington Health Benefit Exchange

Ruchi is a cybersecurity executive with over 20 years of experience in Information Technology Security, Identity and Access Management (IAM), and Governance, Risk, and Compliance (GRC) across the healthcare, education, and financial sectors. She currently serves as the Chief Information Security Officer for the Washington Health Benefit Exchange, Academics Director for the ISACA Greater Washington DC Chapter, and an Advisory Board Member for Cybersecurity Leadership at the Albers School of Business and Economics at Seattle University.

Over the past decade, Ruchi has led and transformed cybersecurity programs for multiple healthcare agencies in the District of Columbia prior to joining the Washington state exchange. She specializes in building and modernizing security programs for healthcare organizations to achieve compliance with state and federal requirements, protect sensitive customer data, and establish digital trust for the citizens they serve.

Ruchi has extensive experience designing and leading enterprise IT security and risk management programs aligned with NIST 800-53, FISMA, HIPAA, CMS MARS-E, and IRS Publication 1075. She has successfully led numerous federal security audits, including IRS and SSA reviews, as well as Third-Party Assessment Organization (3PAO) engagements for Authority to Operate (ATO) certification.

Known for her collaborative and results-driven leadership style, Ruchi excels at partnering with business leaders, technical subject matter experts, regulatory bodies, and external agencies to align cybersecurity strategy with organizational goals. She holds a master’s degree in Computer Software Engineering from Seattle University.