January 2026 Chapter Meeting
Join us on-site in New York City or on Long Island, or virtually, for our January 2026 Chapter Meeting on January 27, 2026 featuring presentations on:
• CTEM. Just Another Buzzword or a Fundamental Shift? by Tim Luck from
Maple Networks, and;
• Cybersecurity and AI Incident & Crisis Preparedness and Management by Frank Roppelt, Cybersecurity & AI Risk Expert
The registration link can be found below. Members can get their promo codes by logging into the Chapter website and going to their “My Page”. Sponsor promo codes have been previously distributed. Non-members and the public are invited to attend and can register for a nominal fee or join the Chapter. Our annual membership is $40 for professionals and $15 for students. Meeting fees are waived for members. This event will qualify for two Continuing Professional Education (CPE) credits.
Membership in the Chapter is open to all cybersecurity professionals and students. If you are not already a member, please visit our membership page for more information.
Agenda:
5:00 pm – 6:00 pm In-Person Registration, Networking and Event Setup
6:10 pm – 7:00 pm CTEM. Just Another Buzzword or a Fundamental Shift? by Tim Luck, Business Development Director, Maple Networks – Onsite in New York City
7:10 pm – 8:00 pm Cybersecurity and AI Incident & Crisis Preparedness and Management by Frank Roppelt, Cybersecurity & AI Risk Expert – Onsite in New York City
⚠️ Registrations for New York City: Due to building security requirements, we will be closing ticket sales to our New York City site at 12:00 pm one day before the event.
ℹ️ Registrations for Long Island and Virtual: We will be closing ticket sales to our Long Island site and Virtual admission at 3:00 pm on the day of the event.
Topic Summary: CTEM. Just Another Buzzword or a Fundamental Shift?
Buzzwords have always come and gone in the Information Security and Cyber Security space, and previously new “defining” ways of working have been left behind. Following a CTEM program – as defined by Gartner – is the latest in the line of new methods. Where does this fit into existing risk management program, what changes does it require and what learnings can we take from it?
Speaker Bio: Tim Luck, Business Development Director
Tim is an experienced professional who has worked in cyber security for 15+ years in the UK and the US, currently working at Maple who specialize in Data, Security and EDR/MDR. Tim has a broad background, working across IT, OT, Red Teaming, IoT, has supported Maritime, Aviation and Automotive projects, and has established and opened a US office, creating a new arm of the business.
Tim has spoken at various events, including US Chamber of Commerce, FBI, BAR Council, plus specialized events covering FinTech, Law, Insurance, Maritime, Aviation and more.
Topic Summary: Cybersecurity and AI Incident & Crisis Preparedness and Management
As cybersecurity threats accelerate and AI introduces powerful new capabilities—and risks—organizations now face a growing wave of hybrid cyber and AI incidents that can disrupt operations, damage trust, and trigger regulatory scrutiny. This one-hour session delivers a practical, real-world blueprint for preparing for, responding to, and managing from both cybersecurity and AI-driven incidents with speed, clarity, and control. Attendees will learn how traditional cyber-attacks and AI system failures differ, where they intersect, and how to manage both through an integrated incident management lifecycle. A dedicated focus on technical and cross-functional tabletop exercises shows how to test readiness across IT, Security, Legal, Risk, Compliance, Privacy, Insurance, and Regulatory Affairs before a real crisis occurs. Designed for cybersecurity, AI, risk, and technology leaders, this session provides actionable insights to strengthen incident execution, communication, and enterprise-wide collaboration when it matters most.
Speaker: Frank Roppelt, Cybersecurity & AI Risk Expert
Frank Roppelt is a highly accomplished cybersecurity and technology risk executive with over 25 years of experience in financial services and critical infrastructure. He is recognized for designing, operationalizing, and leading enterprise-wide cybersecurity, incident and crisis management, AI, technology risk, and third-party risk management programs that meet regulatory expectations and align with business strategy.
Frank has led technology risk and cybersecurity leadership functions for organizations such as Flagstar Bank, Charles Schwab, TD Ameritrade, BNY Mellon, and Bank of Tokyo Mitsubishi. His expertise spans building risk governance frameworks, embedding cyber and privacy by design, managing regulatory interactions, and implementing metrics-driven programs that deliver executive-level insights into enterprise risk exposure.
He is known for building world-class cyber and risk teams from the ground up, instilling a culture of accountability, innovation, and cross-functional partnership. His leadership style blends vision with execution, enabling teams to scale in response to complex business and regulatory demands. Across his career, Frank has managed both small and large teams of professionals across functions, including security engineering, operations, risk management, vulnerability management, Identity and Access Management, architecture, and incident response.
Frank has extensive experience conducting cybersecurity due diligence and risk integration for M&A initiatives, including the post-merger integration of TD Ameritrade into Charles Schwab. He has led assessments of infrastructure, applications, systems, and endpoint environments, identifying inherited and residual risks, and presenting mitigation strategies to boards and executive committees.
In third-party risk management, Frank has rebuilt global Third-Party Risk Management programs using risk-based methodologies aligned to NIST and ISO, and leveraging models such as Shared Assessments. His approach integrates threat intelligence, continuous monitoring, tiering strategies, and executive governance to assess and manage third-party cyber risk. He has modernized workflows, automated due diligence processes, and enhanced vendor accountability, all while supporting regulatory examination readiness.
Frank has conducted multiple readiness and maturity assessments for cybersecurity, technology risk, and third-party risk programs, using the NIST Cybersecurity Framework (CSF). His assessments provide insight into control effectiveness, policy maturity, and alignment with enterprise risk appetite. These evaluations have supported strategic planning, regulatory audit preparation, and ongoing program evolution.
He works closely with vulnerability management and threat intelligence teams to understand risks across the internal environment and third-party ecosystem. Frank ensures cyber threats and vulnerabilities are contextualized and prioritized, using threat modeling and control mapping to develop proactive risk mitigation strategies. He has a deep understanding of how to apply external threat data to business-specific operations, assets, and partnerships.
Frank has also led the development of enterprise-wide incident and crisis management programs, serving as Incident Commander during ransomware, breach, and outage scenarios. He has built escalation playbooks, simulation exercises, and cross-functional coordination plans in collaboration with Legal, HR, Communications, and Compliance. His programs improve organizational readiness, reduce response time, and ensure leadership alignment during critical events.
As a seasoned communicator, Frank delivers executive reporting to board committees and senior leadership, translating technical risks into business language and aligning them with strategic priorities. He chairs Technology Risk Committees, leads governance forums, and provides risk insights that drive informed decision-making.
Frank holds numerous industry certifications: CCISO, CISSP, CCSP, CISA, CISM, CDPSE, CRISC, and is an active member of FBI InfraGard, supporting critical infrastructure protection. His passion lies in enabling secure-by-design environments, aligning cybersecurity with enterprise objectives, and driving continuous improvement in risk maturity.