Critical Effect 2026

Nicholas (Nick) M. Andersen is the Acting Director and the Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA). In this role, he helps lead CISA’s mission to understand, manage, and reduce risk to the cyber and physical infrastructure that the American people rely on every day. He formerly served as the Executive Assistant Director for Cybersecurity.

A decorated veteran of the U.S. Marine Corps, Andersen brings discipline and strategic foresight to the CISA mission through his extensive experience and leadership. As the President and Chief Operating Officer at Invictus, Andersen oversaw cybersecurity, intelligence integration, and technology delivery for federal and commercial partners.

As the Chief Information Security Officer at Lumen Technologies Public Sector, he developed and implemented a comprehensive cybersecurity strategy, delivered secure offerings and formed strategic partnerships with public sector and private sector customers.

From 2019-2021, Andersen served both as the Principal Deputy Assistant Secretary and performed the duties of Assistant Secretary for the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response. In these roles, he directed national efforts to protect America's energy grid from cyber and physical threats, led responses to Iranian cyber threats, Puerto Rican disaster recovery, and energy crises, and spearheaded critical programs like Cyber Testing for Resilient Industrial Control Systems to mitigate supply chain vulnerabilities in energy infrastructure.

In 2019, as the Federal Cybersecurity Lead and Senior Cybersecurity Advisor to the Federal Chief Information Officer at the White House, he developed and implemented cybersecurity policies for the federal enterprise, enhancing transparency and risk management. He established the first government-wide Vulnerability Disclosure Programs and Trusted Internet Connections 3.0 policy and strengthened federal incident response capabilities and prioritized workforce strategies to address cyber talent gaps.

As the State of Vermont’s Chief Information Security Officer, he developed Vermont's cybersecurity strategy, integrating efforts across academia, critical infrastructure, and law enforcement. While there, he implemented strategic risk management and supply chain protection actions to include first in the Nation prohibition against the use of certain Chinese- and Russian- state sponsored technology firms across both State- owned and vendor- owned/operated infrastructure.

Among other distinguished positions, he has also served as Chief of the Office of Intelligence, Surveillance, and Reconnaissance Systems and Technologies/CIO for Intelligence for the U.S. Coast Guard, and CIO/Senior Cyber Risk Executive for U.S. Naval Intelligence.

Andersen earned a Master of Science degree in Cybersecurity from Brown University, a Master of Science degree in Information Security and Assurance from Western Governors University, a Bachelor of Science degree in Information Technology Management from American Military University. He also holds a Certificate in Public Policy from the Harvard Kennedy School. He was recently named a Pinnacle Awards Intelligence Executive of the Year and one of the top 10 CISOs to watch by Washington Executive Magazine.

Full profile on securityandtechnology.org →

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow at the National Security Institute and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber by Business Insider, Security Executive Finalist of the Year by SC Media, and a Tech Titan in Washington DC.

Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

Full profile on securityandtechnology.org →

Mark Bristow is the Director of the Cyber Infrastructure Protection Innovation Center (CIPIC) of MITRE where he leads a team of experts in cyber-physical systems analysis and systems security engineering working on some of the toughest national security challenges. Before MITRE Mark led incident response and hunting operations at CISA.

Full profile on securityandtechnology.org →

Sheila Casserly is a speaker at Critical Effect DC 2026.

Full profile on securityandtechnology.org →

Joshua Corman is Executive in Residence for Public Safety & Resilience at the Institute for Security and Technology (IST), where he leads a new initiative on the resilience of lifeline basic human needs: water and wastewater, emergency medical care and hospital services, food supply chains, and power.

Josh is the founder of I Am The Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.

Full profile on securityandtechnology.org →

Christopher Cruz serves as Cyber Program Manager for the Virginia Fusion Center, where he leads the development, management, and integration of cyber intelligence and incident response programs. Previously, Christopher served as Cybersecurity Program Manager for the Virginia Department of Emergency Management, where he was assigned to the Office of the Secretary of Public Safety and Homeland Security. He also spent nearly a decade in the private sector, working across multiple Fortune 500 companies on global security efforts involving insider threat, data protection, and IT risk management.

Christopher also serves as an Adjunct Professor of Cybersecurity Policy at Virginia Commonwealth University, and Co-Chair of the Cyber Security Regional Programmatic Working Group with the Metropolitan Washington Council of Governments.

Full profile on securityandtechnology.org →

Bob Kolasky is Senior Vice President for Critical Infrastructure at Exiger where he focuses on developing cutting-edge risk management solutions for critical infrastructure companies and supporting government agencies.

Mr. Kolasky also serves as a Nonresident Scholar in Technology and International Affairs Program at the Carnegie Endowment for International Peace, as a Senior Associate for the Center on Strategic and International Studies (CSIS), and a Senior Fellow at Auburn University’s McCrary Institute. He is the former Chair of the High-Level Risk Forum for the Organization of Economic Cooperation and Development (OECD).

Mr. Kolasky joined Exiger after 15 years as a senior leader in the Federal government, where he was responsible for foundational work in national security risk management and election security, to include the development of the National Critical Functions risk framework.

He was the founding Director for the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) at the Department of Homeland Security (DHS). As one of CISA’s Assistant Directors, he oversaw efforts to facilitate a strategic, cross-sector government and industry risk management approach to cyber and supply chain threats to critical infrastructure including U.S. elections systems.

Full profile on securityandtechnology.org →

After serving in the US Navy managing complex electronic systems for 10 years, Andy has spent 30+ years providing automated systems support and management for newspapers, manufacturing, material handling, and public utilities. Working with municipal water and wastewater entities, Andy has played an instrumental role in industrial control system integration, building automation, Automated Meter Infrastructure, and OT cybersecurity technologies.

Andy is the current Director of Operations Technology at Loudoun Water, serves as the Co-Chair of the Water-ISAC Cybersecurity Advisory Committee, and is a member of the Metropolitan Washington Council of Governments Water Sector Working Group.

Full profile on securityandtechnology.org →

An old-school nerd helping to protect the people who protect our country. Founder of craigslist.

Full profile on securityandtechnology.org →

Dr. Katrina Rosseini is a leading strategist in cybersecurity, quantum computing, and AI. She advises policymakers, venture capital leaders, and founders on positioning the United States in the global technology competition with national security at the core. She has briefed the nation’s largest public pension fund, participated in congressional and United Nations forums, and authored a quantum trade and implementation brief following her work with the Congressional Quantum Consortium. In response to the “Harvest Now, Decrypt Later” threat, Dr. Rosseini developed the first-generation QUEEN Framework, a quantum governance model that turns cryptographic and data longevity risk into board-level action. She is the Managing Partner of Queens GMBT, leads Critical Effect California, and serves as Chair of the Civilian Reserve. She holds a Doctor of Engineering from George Washington University and an MBA in Finance.

Full profile on securityandtechnology.org →

Lessie Skiba, CISSP, is Deputy Managing Director at the Cyber Readiness Institute (CRI), where she leads global initiatives to strengthen cybersecurity resilience for small and medium-sized businesses. She builds strategic partnerships with industry leaders and government stakeholders to secure supply chains and expand cybersecurity capacity in developing economies.

She also serves as Chief of Staff at NetRise, a software supply chain security company, where she drives internal strategy, operational alignment, and cultural transformation to enhance organizational effectiveness.

With a career spanning cybersecurity, venture capital, and high-growth startups, Lessie previously held leadership roles at Nisos and an early-stage investment firm.

Full profile on securityandtechnology.org →

Joe Slowik has over 15 years of experience across multiple cyber domains through roles in government and industry. Currently Joe directs alerting strategy for cybersecurity events at Dataminr. Previously Joe has worked in various positions at the MITRE Corporation, Huntress, DomainTools, Los Alamos National Laboratory, and the US Navy.

Full profile on securityandtechnology.org →

Jeff Welgan is the Chief Strategist and CEO of skillrex, where he leverages over two decades of leadership experience in cybersecurity, business intelligence, and workforce modernization to transform talent management into a strategic organizational advantage. Known for his ability to drive innovation across both the public and private sectors, Jeff focuses on optimizing the cyber workforce through data-driven insights and systemic management.

Prior to founding skillrex, Jeff served as Chief Learning Officer at N2K Networks, where he led the development of workforce solutions centered on job role analysis, skill baselining, and alignment with the NIST-NICE framework. His earlier career includes significant tenure at Booz Allen Hamilton, where he managed multi-million-dollar cybersecurity and threat intelligence programs, guiding teams through the intricacies of complex global cyber threat analysis.

A decorated U.S. Navy veteran, Jeff served as an Intelligence Analyst and Search & Rescue Swimmer. This background in high-stakes operational environments informs his disciplined and strategic approach to solving modern talent challenges. At skillrex, Jeff’s vision is to empower organizations to overcome the complexities of cyber talent management and turn them into measurable opportunities for success and growth.

Full profile on securityandtechnology.org →

Virginia “Ginger” Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL’s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.

Full profile on securityandtechnology.org →

Previously, she served as the Executive Director of the Cyber Project at the Harvard Kennedy School’s Belfer Center, where she ran a policy-relevant research program and managed students and nonresident fellows. She also served as the Acting Executive Director of the Belfer Center in her final semester there. Her work focused on strategic, national security issues in cyber and technology–ranging from international conflict, cooperation, and norms to domestic collaboration, diversity, privacy, and supply chain issues. She was also the first woman participant in the Elbe Group discussions on cybersecurity, having been a part of the cyber-focused dialogue in 2019 in Stockholm, Sweden and again in 2021 virtually.

She came to the Belfer Center as a 2019 graduate of the Harvard Kennedy School’s midcareer MPA program. Prior to graduate school, she was an early member of the cybersecurity threat intelligence firm Recorded Future, having established and managed their public sector team. In her role as a Senior Intelligence Analyst, she fused intelligence methodologies with cybersecurity and machine learning technologies to help public and private sector customers improve their cyber posture. She also managed a team of analysts and worked alongside the Product Management and Training teams to improve her customers' experience with the software.

Earlier, Lauren served as a civilian intelligence analyst with the National Geospatial Intelligence Agency (NGA) assigned to the Office of Counterterrorism and completed three war zone deployments. Throughout her six years at NGA, she became a subject matter expert on Activity Based Intelligence (ABI) and served as an adjunct professor of ABI at the NGA college. Prior, she led strategy and performance management for the United States Naval Research Laboratory as a Deloitte consultant. Finally, Lauren served as an intelligence officer in the United States Air Force at the beginning of her career, where she led three teams of airmen, civilians, and contractors in developing geospatial intelligence for combat targeting, warfighter support, and rescue and relief operations.

Lauren is the co-founder of the online social media movement, #ShareTheMicInCyber. She advises the #ShareTheMicInCyber Fellowship at New America, where is a fellow herself. A Gold Star Sister, Lauren supports families of the fallen and has volunteered several times as a Good Grief Camp counselor and mentor with the Tragedy Assistance Program for Survivors (TAPS). She has served as a mentor with Girl Security and with #NatSecGirlSquad, and is a fellow at the National Security Institute at George Mason University. She serves as an Executive Advisory Council Member to Tulsa Innovation Labs and is a Leadership Board Member for the Cybersecurity Collaboration Forum. She is a keynote speaker, a drummer, and has appeared on television, radio, and several podcasts and panels.

Full profile on securityandtechnology.org →