ISACA Conference North America, which took place in May in Las Vegas, Nevada, USA, and virtually, provided attendees with the latest expert guidance on how artificial intelligence and other emerging technologies are shaking up the digital trust landscape.
Below are five takeaways from the conference. Learn more about upcoming 2026 ISACA events, including GRC Conference in August and ISACA Conference Europe in October.
Wanted: Emerging Tech Leaders
The impacts of evolving technologies such as artificial intelligence, quantum computing and the Internet of Things on digital trust disciplines such as cybersecurity, risk and audit are profound, yet many organizations lack the leadership to effectively harness them.
In his session, “Emerging Tech Leadership in a Rapidly Changing AI World,” ISACA Evangelist and Past ISACA Board Chair Rob Clyde challenged attendees to become the emerging technology leaders their companies urgently need.
“Look for the vacuum in your company and fill it,” Clyde said. “Don’t wait for someone to tell you to do something.”
AI, in particular, is the most disruptive technology since the arrival of the internet, said Clyde, while noting we’re only in the very early stages of AI reshaping the enterprise landscape.
“We’re at the beginning of what will be an incredible, exponential curve,” Clyde said.
Clyde offered a few starting points for how professionals can position themselves as emerging tech leaders.
- Learn about how emerging technologies are being used in your industry and at your organization.
- Ensure your organization has a way to try and test new solutions.
- Find new ways to personally experience new technologies.
Quantum is Coming
Keynote speakers Shelly Palmer and Theresa Payton both touched on the profound anticipated impact of quantum computing, while highlighting that quantum computers are accelerators for specific problems, not universal upgrades that will replace classical computers.
Payton urged attendees to prepare for post-quantum realities today by taking inventory of your dependencies before adversaries do.
Palmer, meanwhile, attempted to rein in some of the quantum hype with a set of quantum “red flags to avoid,” which included the suggestion to stick with standardized post-quantum cryptography (PQC) algorithms instead of exotic quantum key distribution hardware, which he said often has limited benefit and standardization. Palmer also suggested planning for late-decade deployment and incremental progress, not immediate transformative applications of quantum computing.
As it pertains to the broader emerging technology landscape, Palmer urged professionals to never lose sight of the imperative of maintaining trust with stakeholders.
“Trust is the only currency,” Palmer said.
The Tricky Path to Privacy in Public
When it comes to generative AI usage in public spaces, who is watching and what are they capturing? That was among the questions posed by session presenter Onur Korucu, who detailed emerging capabilities in areas such as facial recognition, gait analysis, emotion detection and behavior profiling – and the related concerns.
Although AI is already widely used in public spaces, liability for the harms it may cause remains murky, and in many regions, there isn’t adequate protection against these harms or even a way to opt out. Additionally, adversarial attacks can trick AI into misclassifying objects or individuals.
Among Korucu’s main takeaways:
- AI deployed in public spaces should be treated as public infrastructure, not just technology.
- Human rights impact assessments should precede deployment.
- Meaningful governance requires purpose limitation so data is only used for intended outcomes.
Diving into the Dark Web
A session on “Dark Web & Cybersecurity” presented by Jim West and Adrian Cheek explored how to safely access the dark web, key threats and why someone might want to access it for legitimate purposes.
Health records are some of the most valuable content on the dark web, worth more than login credentials.
The session detailed an Operations Security (OPSEC) checklist for how to stay safe when operating on the dark web:
- Use a privacy-focused operating system (OS) like Tails or Whonix for anonymity.
- Install a no-logs VPN to encrypt your traffic and hide your IP.
- Set up the Tor browser securely and adjust privacy settings.
- Follow strict OPSEC rules to keep identities separate.
- Run anti-malware tools to detect and block threats.
- Create a backup plan to handle breaches and delete data securely.
Knowledge is Power
It wouldn’t be an ISACA conference without plenty of conversation around how credentialing can position professionals to thrive in the evolving technology landscape and advance their careers.
That started with pre-conference workshops on exam preparation for the Advanced in Artificial Intelligence Audit (AAIA) and Advanced in Artificial Intelligence Risk (AAIR) certifications, part of a growing array of AI-focused credentials and courses ISACA recently has put forward.
Also newer to the ISACA credentialing ecosystem is the CMMC program, as ISACA in April fully took on responsibilities as the CMMC Assessor & Instructor Certification Organization (CAICO) for the US DoW’s CMMC program.
Todd Gagnon, CAICO director, was joined in a CMMC-focused conference session by Chris Dimitriadis, ISACA’s global chief strategy officer, and Ron Lear, vice president of CMMI global strategies, where they shared a breakdown of the tiered CMMC model, the different CMMC certifications professionals can obtain, the road to full implementation by 2028, and the connection points between CMMC and CMMI.
There are more than 200,000 companies in the Defense Industrial Base (DIB) that are subject to CMMC, but Dimitriadis noted that CMMC’s value extends well beyond the DIB for organizations looking to adopt a state-of-the-art security framework.