IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
Web Conference
AI is putting legacy data governance processes under a microscope. In response, a number of key frameworks are emerging to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance, regardless of which framework you choose, and provides a rundown of some of the most prominent AI governance frameworks.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
Webinar
The past 12 months saw infosec teams manage through disruption, mature long-term initiatives and make in-roads on new efforts. IANS Faculty Dave Shackleford led sessions to support CISOs and their teams with that work. In this webinar, he’ll dive into his favorite sessions from the past year to call out the top takeaways and provide a look forward on what to do next to improve your security program in 2025.
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
According to Verizon’s 2024 Data Breach Investigations Report, ransomware remains the top threat across 92% of industries, with roughly one-third of all breaches involving ransomware or some other extortion technique. In this symposium, we’ll use digital forensics and incident response reports from real-world incidents to walk through the tactics, techniques and procedures of top ransomware gangs and share lessons learned to help you avoid the same fate.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
Security architecture teams often face burnout from juggling too much engineering work or being pulled into non-architectural tasks. Misalignment with enterprise architects and challenges in demonstrating value to the organization further compound the problem. This symposium provides actionable insights on elevating your architecture program to improve maturity and focus and enable high-quality results.
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
Many organizations began their zero trust journey focusing on identity, devices and networks. Increasingly, there is broad industry recognition that zero trust initiatives, due to their holistic nature, need to more explicitly include an emphasis on workloads and data.
Jason Garbis is Founder and Principal at Numberline Security LLC, a consulting firm helping enterprises prepare for, define, and execute on effective Zero Trust security strategies. Jason has authored two books on Zero Trust security, is co-chair of the Zero Trust Working Group at the Cloud Security Alliance, and is a frequent contributor to and speaker at industry conferences. Professionally, he has served in both hands-on and executive leadership roles in product management, engineering, marketing, and consulting at security and technology companies.
CISOs are currently under more pressure than ever to deliver results with lean teams and increasingly scrutinized budgets. CISOs’ scope continues to expand while boards and leaders are continually focused on cyber budgets and program execution. At the same time, resources are tight and orgs are still figuring out how to navigate emerging areas of digital risk – particularly AI and its corresponding data governance implications. CISOs who navigate these challenges successfully will set themselves apart by enhancing their personal brand and the reputation and success of the programs they lead.
Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. He leads strategic partnerships and initiatives including Artico’s annual CISO compensation & budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.
The CrowdStrike outage was a wake-up call – we’ve been neglecting the “availability” part of the CIA triad for too long. As security supply chains become more complex and inter-dependencies grow, modernizing your resilience capabilities is essential.
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.
When transitioning from strategy to execution, many security leaders and teams struggle to sustain progress with Zero Trust. This session tackles that head on by identifying the outcomes, objectives and evidence required to operationalize Zero Trust. Grounded in CISA’s Zero Trust Maturity Model (ZTMM) and bolstered by actionable insights from IANS Faculty, this webinar provides a clear plan for overcoming challenges, with practical guidance tailored to real-world scenarios.
As privileged accounts continue to be a prime target for credential theft and ransomware attacks, privilege access management (PAM) tools and strategies are becoming more critical. This symposium offers an in-depth exploration of three key privilege use cases, delivering recommended architectural patterns, effective controls and solutions to common design challenges.
Gunnar is the CISO at Forter, a trust platform for digital commerce. Previously, he was chief security architect at Bank of America, a visiting scientist at the Software Engineering Institute at Carnegie Mellon, and a contributing analyst at Securosis.
Business teams are racing to use M365 Copilot, putting pressure on security teams to identify potential risks and put guardrails in place to address those risks.
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
Charlotte City Club
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our in-person roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
The Whitley Atlanta Buckhead
The University of Massachusetts Club
Convene
Hyatt Regency Santa Clara
The Westin Dallas Stonebriar