Speaking at the IV National Cybersecurity Forum in Baku: Building Cyber Resilience Before the Clock Starts
On June 4, 2026, I will have the privilege of speaking at the IV National Cybersecurity Forum in Baku, Azerbaijan, both as a keynote speaker and as a panelist in the session focused on the impact of artificial intelligence on cybersecurity and innovative trends. The Forum will take place at the Baku Marriott Boulevard Hotel and is hosted annually by the Association of Cybersecurity Organisations of Azerbaijan, bringing together government leaders, local and international experts, private-sector practitioners, technology vendors, universities, and cybersecurity community builders.
This is not simply another cybersecurity event for me. It is a meaningful return to a region that understands the strategic importance of energy, infrastructure, national resilience, and technological sovereignty. Azerbaijan sits at a vital intersection of infrastructure, digital transformation, regional cooperation, and cyber capability building. That makes the conversation at this Forum especially important.
The official Forum agenda highlights several themes that are close to my own work as a CISO, advisor, author, and educator: the national cybersecurity ecosystem, the security of critical information infrastructure, education and human resources in cybersecurity, cyber diaspora, regional cooperation, and the impact of artificial intelligence on both offensive and defensive cyber operations. These are not abstract policy topics. They are the foundations of national resilience.
Why this forum matters now
Cybersecurity has moved far beyond the server room. Today, the systems we defend are the systems that run economies, public services, energy networks, financial institutions, transport routes, universities, and national decision-making. In my own work on CISO leadership, enterprise cyber resilience, AI security governance, and incident response, I keep returning to one reality: cybersecurity is now a national capability, not only a technical discipline.
My keynote will begin with a simple image: a pipeline crossing the region. The Baku–Tbilisi–Ceyhan pipeline was once seen primarily as an engineering achievement. Today, like almost every modern critical infrastructure system, it is also a software-defined environment. Pumps, valves, sensors, controllers, monitoring platforms, identity systems, remote access pathways, and operational dashboards all depend on code. And anything that speaks in code can be spoken to in code.
That is why critical infrastructure protection must be discussed as part of national strategy. When we talk about oil and gas networks, electricity grids, telecommunications, government systems, and national CERT capabilities, we are not merely discussing IT. We are discussing the digital nervous system of the country.
The question is no longer, “Can we be attacked?” The better question is, “When it happens, how much time will we have?”
That is the central question I will raise in Baku.
The clock has changed
For years, many organizations built their defenses around the assumption that they would have time. Time to detect. Time to escalate. Time to convene. Time to call a meeting. Time to decide. But modern attacks increasingly move faster than organizational decision-making.
In the keynote, I will discuss the collapse of the defensive clock. Attackers do not necessarily need exotic malware to cause damage. In many cases, they enter through valid credentials, trusted systems, exposed identity paths, or poorly monitored access. The breach does not always break the door down. Sometimes, the breach already has a badge.
That idea is at the heart of many of my recent articles, including Identity for the Machine Age, Zero Trust in the Real World, and Dark Web in 2026: What CISOs Need to Know. If identity is the new perimeter, then defending a nation’s digital infrastructure begins with knowing who and what is inside the environment before the alarm sounds.
The speed of modern attacks creates a difficult truth for boards, regulators, CISOs, and national cybersecurity leaders. If the organization is built only to react, it may already be too late by the time the first formal response meeting begins. Reaction alone is not resilience. Resilience must be built before the clock starts.
Build capability, not just procurement
One of the messages I will share in Baku is that nations and organizations cannot simply buy back lost time. Technology matters. Vendors matter. Commercial tools are important, and no serious security leader should pretend otherwise. But tools alone do not create resilience.
A platform that is not staffed, tuned, integrated, understood, and exercised is not a defense strategy. It is a receipt. This is why I will emphasize the difference between buying technology and building capability.
For nations that are strengthening their cybersecurity ecosystems, this distinction is critical. Sovereign cyber resilience requires a balance between trusted commercial tools, local expertise, national institutions, regional cooperation, and operational readiness. It also requires asking hard questions about where telemetry, logs, identities, and sensitive infrastructure data are processed. For critical sectors, cybersecurity architecture is also sovereignty architecture.
This connects directly with the Forum’s emphasis on the development of the cybersecurity ecosystem, critical information infrastructure security, human resources, and cyber diaspora. These are exactly the ingredients that determine whether a country merely consumes security technology or builds durable national cyber capability.
Four priorities: See, Recover, Decide, Share
In my keynote, I will frame cyber resilience around four practical priorities: See, Recover, Decide, Share.
| Priority | What it means for leaders | Why it matters |
| See | Build asset, identity, and telemetry visibility before buying more tools. | You cannot defend what you cannot see. |
| Recover | Measure recovery time, not only prevention coverage. | Critical infrastructure resilience is proven during disruption. |
| Decide | Define authority, playbooks, escalation paths, and 3 a.m. decision rights. | The best team fails if nobody knows who decides under pressure. |
| Share | Strengthen cooperation across CERTs, sectors, and regional partners. | One early warning can prevent many incidents. |
This sequence is deliberately simple because national cybersecurity does not fail only from lack of complexity. It often fails from lack of clarity. The basics are still powerful when they are operationalized: know your assets, know your identities, test your recovery, define decision rights, and share threat intelligence quickly.
The Forum’s program includes discussions on regional experience and cooperation, the national cybersecurity ecosystem, and the future of cybersecurity collaboration among countries in the region. I believe this is one of the most important aspects of the event. No country can defend alone. A mature cybersecurity ecosystem is connected, exercised, and trusted before a crisis begins.
AI changes the operating model
I am also honored to join the Forum as a panelist during the session titled “The Impact of Artificial Intelligence on Cybersecurity and Innovative Trends.” According to the official agenda, this session will examine AI’s role in cybersecurity, including offensive and defensive mechanisms, automated threat detection, behavioural analysis, and future trends in the cyber landscape.
This is a timely discussion. AI is not only another tool in the defender’s toolkit. It changes how attackers scale reconnaissance, phishing, impersonation, vulnerability discovery, and social engineering. It also changes how defenders triage alerts, detect abnormal behavior, investigate incidents, and support overstretched security teams.
But AI must be governed. In my work on Enterprise AI Security Governance and the Ozkaya AI Governance Framework, I argue that organizations should not treat AI as a magic layer placed on top of weak foundations. If identity is weak, AI accelerates risk. If telemetry is poor, AI produces confident noise. If governance is missing, AI becomes another shadow IT problem.
The opportunity is real, but so is the responsibility. For CISOs, AI governance is now part of security leadership. For national cybersecurity ecosystems, it is part of digital sovereignty.
The people advantage: cyber diaspora and national capability
One of the most powerful ideas in the Forum agenda is the focus on cyber diaspora. The official program includes a dedicated session for Cyber Diaspora representatives and local cybersecurity products. This matters deeply.
Every nation has a choice in how it sees its global technical community. It can see people abroad as a loss, or it can see them as a network. In cybersecurity, that network can become a strategic advantage. Diaspora experts can mentor young analysts, connect universities to international practice, support CERT maturity, advise startups, and help translate global lessons into local capability.
In my keynote, I will argue that people are not an afterthought. People are the foundation. You can buy tools, subscribe to feeds, and deploy platforms, but resilience depends on the people who know what to do when the dashboard turns red and the clock starts moving.
This is why I continue to write about CISO career development, boardroom influence, business risk translation, and cybersecurity leadership in 2026. The future of cybersecurity will not be won only by those with the largest budgets. It will be won by those who build people, institutions, trust, and operational muscle before the crisis.
What I hope participants take away
My goal in Baku is not to scare the room. It is to focus the room. Azerbaijan and the wider region have a significant opportunity to build cyber resilience in the right order. The challenge is urgent, but the path is practical.
For regulators, the message is to measure resilience, not only paperwork. For budget owners, the message is to see cybersecurity capability as both defense and industrial policy. For practitioners, the message is to start with actions that do not require a procurement cycle: map assets, test identity failure, create decoy accounts, run tabletop exercises, and clarify who decides when systems are under pressure.
For leaders, the message is even simpler: do not wait for the clock to start.
Event details
| Detail | Information |
| Event | IV National Cybersecurity Forum |
| Date | June 4, 2026 |
| Venue | Baku Marriott Boulevard Hotel, Baku, Azerbaijan |
| Organizer | Association of Cybersecurity Organisations of Azerbaijan |
| My role | Keynote speaker and panelist |
| Panel session | The Impact of Artificial Intelligence on Cybersecurity and Innovative Trends |
| Core themes | Cyber resilience, AI security, critical infrastructure, cyber sovereignty, CISO leadership, cyber diaspora |
I look forward to joining fellow cybersecurity leaders, public-sector representatives, industry experts, innovators, and young professionals at the IV National Cybersecurity Forum. Most importantly, I look forward to continuing the conversation about how nations can build resilience before the clock starts.
Because in cybersecurity, we cannot buy back lost time. We can only build the visibility, habits, institutions, partnerships, and people before the incident begins.
FAQ
When is the IV National Cybersecurity Forum?
The IV National Cybersecurity Forum is scheduled for June 4, 2026, at the Baku Marriott Boulevard Hotel in Baku, Azerbaijan.
What will Dr. Erdal Ozkaya speak about?
Dr. Erdal Ozkaya will speak about cyber resilience, critical infrastructure protection, AI-driven cyber risk, sovereign cyber capability, CISO leadership, regional cooperation, and the role of cyber diaspora in building national cybersecurity capacity.
Which panel will Dr. Erdal Ozkaya join?
The official agenda lists Erdal Ozkaya as a speaker in the session “The Impact of Artificial Intelligence on Cybersecurity and Innovative Trends,” which focuses on AI’s role in offensive and defensive cybersecurity, automated threat detection, behavioural analysis, and future trends.
Why is this topic important for CISOs and national cybersecurity leaders?
Modern cyberattacks move faster than traditional organizational response cycles. CISOs and national cybersecurity leaders must build resilience before an incident begins by improving visibility, recovery, decision-making, cooperation, and people development.
Suggested categories and tags
| Type | Recommendations |
| Categories | Cybersecurity Leadership, CISO, Cyber Resilience, AI Security, Events |
| Tags | IV National Cybersecurity Forum, Azerbaijan cybersecurity, Baku cybersecurity, CISO leadership, cyber resilience, AI cybersecurity, critical infrastructure security, cyber diaspora, Erdal Ozkaya |