July 2026 Chapter Meeting
Join us on-site in NYC, on Long Island, or virtually, for our July 2026 ANNUAL Chapter Meeting on July 29, 2026, featuring:
– Ransomware Reality: What’s Actually Working for Attackers in 2026 by Steve Thomas, Founder and CEO of HackNotice
NOTE: There is a change in the NYC venue for this month’s meeting.
NYC: 1 Penn Plaza | Suite 2124 | New York, NY 10119
OR
Long Island: Half Hollow Hills Community Library, 55 Vanderbilt Pkwy, Dix Hills, NY 11746
The registration link can be found below. Members can get their promo codes by logging into the Chapter website and going to their “My Page”. Sponsor promo codes have been previously distributed. Non-members and the public are invited to attend and can register for a nominal fee or join the Chapter. Our annual membership is $40 for professionals and $15 for students. Meeting fees are waived for members. This event will qualify for two Continuing Professional Education (CPE) credits.
Membership in the Chapter is open to all cybersecurity professionals and students. If you are not already a member, please visit our membership page for more information
Agenda:
5:00 pm – 6:00 pm In-Person Registration, Networking and Event Setup
6:00 pm – 6:10 pm Welcome and Chapter Updates
6:10 pm – 6:45 pm: Annual Chapter Elections
7:00 pm – 8:00 pm: Ransomware Reality: What’s Actually Working for Attackers in 2026, Steve Thomas, Founder and CEO of HackNotice
All times in Eastern timezone.
For those planning to attend the event onsite in New York City: Due to building security requirements, we will be closing ticket sales to our New York City site at 12:00pm one day before the event.
Topic Summary: Ransomware Reality – What’s Actually Working for Attackers in 2026
Ransomware isn’t just growing. It’s stabilizing, concentrating, and becoming more predictable.
From 2023 through mid-2026, the ransomware ecosystem has undergone a major shift. Hundreds of groups have emerged and disappeared, while a small number of durable gangs now drive a disproportionate share of attacks. At the same time, these attackers are reusing a consistent set of techniques, targeting specific industries, and refining their approach to maximize payouts.
This talk moves beyond trend analysis and focuses on what actually matters for defenders.
Using data from thousands of real-world ransomware victims and continuous monitoring of threat actor activity, this session breaks down:
• How ransomware has consolidated into a small set of dominant actors
• The most common and effective TTPs used by leading gangs in 2026
• How attacker targeting is shifting across industries and geographies
• Why ransomware behavior is becoming more predictable
Most importantly, this session connects attacker behavior directly to defensive action.
Attendees will learn how to map real-world ransomware TTPs to:
• Shared Assessments SIG and SIG Lite questions
• NIST and ISO control frameworks
• Practical mitigation and detection strategies
The result is a clear, operational approach to prioritizing third-party risk and security controls based on how attackers actually operate today.
Speaker: Steve Thomas, Founder and CEO of HackNotice
Steve Thomas is the founder and CEO of HackNotice and a threat intelligence engineer with 15+ years of experience monitoring adversaries, ransomware groups, and the cybercrime economy. In 2013, he built, bootstrapped, and sold one of the earliest threat intelligence startups. He has founded multiple security companies across identity theft and third-party risk and helped pioneer approaches to managing vendor exposure. Today, he leads HackNotice’s mission to deliver operational adversary intelligence for third-party risk by showing which third parties are under pressure, who is behind it, how they operate, and what to prioritize as the threat landscape changes daily.
