Security
& Risk

November 14 – 15, 2023  |  Washington, D.C. & Digital

Agenda

Bold Starts: Monday

Nov 13
  • 1:00 pm – 5:00 pm ET Special Programs
  • 5:00 pm – 6:30 pm ET Welcome Reception

Tuesday

Nov 14
  • 8:00 am – 9:00 am ET General Breakfast
  • 9:00 am – 10:45 am ET Opening Remarks & Keynotes
  • 10:45 am – 11:35 am ET Marketplace Break
  • 11:35 am – 12:40 pm ET Breakout & Case Study Sessions
  • 12:40 pm – 1:55 pm ET Lunch
  • 1:55 pm – 3:35 pm ET Breakout & Case Study Sessions
  • 3:35 pm – 4:25 pm ET Marketplace Break
  • 4:25 am – 5:30 pm ET Keynote Sessions
  • 5:30 pm – 7:00 pm ET Reception

Wednesday

Nov 15
  • 8:00 am – 9:00 am ET General Breakfast
  • 9:00 am – 10:10 am ET Keynote Sessions
  • 10:10 am – 11:00 am ET Marketplace Break
  • 11:00 am – 12:05 pm ET Breakout & Case Study Sessions
  • 12:05 pm – 1:15 pm ET Lunch
  • 1:15 pm – 2:20 pm ET Breakout & Case Study Sessions
  • 2:20 pm – 3:10 pm ET Marketplace Break
  • 3:10 pm – 4:15 pm ET Keynote Sessions
  • 4:15 pm – 4:20 pm ET Closing Remarks

Bold Starts: Monday Nov 13

1:00 pm – 6:00 pm ET

Bold Starts: Special Programs (In-Person Only)

Join us for a range of Special Programs including Forrester Women’s Leadership Program, workshops, Learn-a-skill sessions, and other ways to connect with your peers before the main program.

1:00 pm – 3:30 pm ET

Forrester Women's Leadership Program (In-Person Only)

Join us as we discuss the many ways you can power change and growth for yourself and other women in the workplace. Network and learn from your peers on advancement strategies for women leaders and participate in conversations about how to develop meaningful relationships with women leaders in the data and analytics industry. All are welcome to join!

Panel: Avoid The “She’s Not Strategic”* Trap: Balancing Influence And Effectiveness To Lead In Cybersecurity

If you take pride in your ability to get stuff done and prefer to let your work speak for itself (because you’re uncomfortable with self-promotion), this session is for you. Paradoxically, many ambitious and talented women miss out on leadership opportunities precisely *because* they’re excellent at getting stuff done — they end up spending all their time executing effectively, or no one notices their strategic contributions among all the operational work that they do. For this session, we’ve assembled a fantastic panel of information security leaders who’ve faced this challenge. Here’s what you’ll take away from this session if you join us:

  • How to make space for contributing strategically — and how to highlight your strategic contributions (yes, this will involve some self-promotion!)
  • How to build influence and visibility with the leaders above you in the organization
  • How to help those more junior to you avoid or climb out of this trap

*Jess Iandiorio, the author of this 2020 blog post, is a former Forrester colleague who’s now the CMO at Starburst.

Speakers:
Jada Breegle, CIO, Legal Services Corporation
Mary Faulkner, VP, CSIO and VP of IT Operations, Thrivent
Sarah Nur, Associate Chief Information Officer for Cybersecurity and Treasury Chief Information Security Officer, U.S. Department of the Treasury
Stephanie Balaouras, VP, Group Director, Forrester

3:00 pm – 4:00 pm ET

Learn-A-Skill: Demystifying The Proof Of Concept (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

Proof of Concepts are a universal part of selecting and procuring a cybersecurity product and service…and one of the most misunderstood. This workshop will provide actionable advice on how to run a successful proof of concept that validates how the product and service will meet the needs of the security program while also reducing the time teams spend performing them. This session will provide detailed advice on how to:

  • Identify when it’s time to run a proof of concept.
  • Apply the right – and avoid the wrong – constraints.
  • Develop meaningful success criteria.
  • Reduce the amount of time spent on Proof of Concepts by up to 90%.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

3:45 pm – 5:00 pm ET

Workshops (In-Person Only)

Join on of our interactive, in-person sessions led by Forrester analysts, featuring hands-on exercises that equip you with the skills needed to lead change. Engage with peers from other firms to enhance your skills and collaborate on common challenges.

 

Workshop: Preparing For Your Zero Trust Transformation

In an age when cybersecurity threats are everywhere, modern networks must move beyond the static perimeter-based model. Security teams must adapt and redesign networks to improve security. Join this workshop to better understand what it takes to plan for your firm’s Zero Trust strategy. You’ll participate in interactive self-assessments and exercises to help you identify areas to focus your transformation investments. This workshop provides a live sample of Forrester’s Adopting Zero Trust Certification course.

Speakers:
David Holmes, Principal Analyst!, Forrester
Heath Mullins, Sr. Analyst, Forrester
Jenna Wohead, Director, Certification, Forrester

Workshop: Identify Security Gaps with The Forrester Information Security Maturity Model (FISMM)

All attendees are encouraged to bring their own laptop to complete the FISMM.

The Forrester Information Security Maturity Model (FISMM) provides a framework that describes all the required functions and components of a comprehensive security program. It also offers a method for evaluating the maturity of each component (spread across the same four domains of oversight, people, process, and technology) of the framework on a consistent and prescriptive scale. In this session, you’ll be able to:

  • Learn the basics of the condensed 30-question FISMM.
  • Complete the FISMM online for your organizations.
  • Understand next steps to review your results, identify strengths and opportunities in your security program, and shape your cybersecurity strategy, operations, and roadmap.

Speakers:
Peter Cerrato, Principal Consultant, Forrester
Ron Woerner, Senior Consultant, Forrester

4:00 pm – 5:00 pm ET

Learn-A-Skill: How To Build A Leading Detection And Response Engineering Practice (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

The SOC has reached the same tipping point that software development faced many years ago: It’s dealing with too much data (big data and log management), struggling to innovate and update monolithic software (detections and incident response processes), and lacking ownership beyond initial deployment (content management). Once the software world reached this point, it pivoted from building monolithic software based on a waterfall methodology to deploying microservices and agile. Security operations teams must make this same pivot to stay ahead of evolving threats through detection and response engineering. Join this session to start to structure a detection and response engineering practice. Learn how to: 

  • Make the transition to agile in the SOC. 
  • Leverage the detection and response development lifecycle (DR-DLC). 
  • Build a process to train your team to write detection as code. 

Speakers:
Allie Mellen, Principal Analyst, Forrester

5:00 pm – 6:30 pm ET

Welcome Reception (In-Person Only)

Join us for refreshments and light appetizers. All registered attendees are welcome.

Tuesday Nov 14

8:00 am – 9:00 am ET

General Breakfast

9:00 am – 9:40 am ET

Welcome & Opening Remarks

Welcome to Forrester’s Security & Risk 2023. This session will set the tone for the next two days of bold vision and actionable insight from Forrester.

Speakers:
George Colony, CEO, Forrester
Stephanie Balaouras, VP, Group Director, Forrester

9:40 am – 10:10 am ET

Keynote: The Future Of Zero Trust Is … Everywhere

Zero Trust is today’s de facto security strategy. But can we build Zero Trust into the world of tomorrow? Right now, organizations are designing Zero Trust into greenfield environments and retrofitting it into their legacy infrastructures. Optimizing Zero Trust for the dynamic, flexible requirements of the future will require that it be built into everything. In this talk, David Holmes will show how, in the future, everything will be Zero Trust by default. Attend this session to:

  • Learn how to connect the pockets of Zero Trust in organizations today.
  • Understand what needs to change for Zero Trust everywhere.

Speakers:
David Holmes, Principal Analyst!, Forrester

10:10 am – 10:40 am ET

Keynote: Too Fast, Too Furious: Managing The Speed Of Cybersecurity Regulatory Change

Navigating the barrage of new and evolving regulatory requirements makes compliance a constant uphill battle for security teams. This session will examine how security leaders are managing the latest changes and explore how they’re preparing for what’s on the horizon. Join this keynote session to learn:

  • The consequences and risks associated with falling behind on regulation updates.
  • Best practices to effectively manage and adapt to the speed of regulatory change for 2024 and beyond.

Speakers:
Stephanie Franklin-Thomas, PhD, SVP & CISO, ABM Industries
Gene Sun, Corporate VP, CISO, FedEx
Alla Valente, Senior Analyst, Forrester

10:45 am – 11:35 am ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

11:05 am – 12:05 am ET

Learn-A-Skill: Practical Zero Trust Implementation (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

Participants will get a comprehensive understanding of key Zero Trust components. Through a combination of interactive discussions, real-world case studies, and practical exercises, attendees will learn how to translate Zero Trust principles into actionable strategies within their own organizations. The workshop will run for 70 minutes and is geared toward security professionals beginning or in the middle of their Zero Trust transformation. An agenda summary has been included below:

  • Introduction to Zero Trust
  • Key components of Zero Trust
  • Applying Zero Trust

Speakers:
Paul McKay, Vice President, Research Director, Forrester
Tope Olufon, Sr Analyst, Forrester

11:35 am – 12:05 pm ET

Breakout Sessions

Trust Demands Leadership: A CISO Playbook For Competitive Advantage
Beyond The Policy: Make Cyber Insurance Work For You

Increasingly stringent requirements, exclusions, and policy premium costs may appear as a trifecta of pain — but they’re really an opportunity. Security leaders can wield cyber insurance as a tool for security and risk management investment and maturing security program practices within your organization. This panel will examine how you can:

  • Understand current common cybersecurity control requirements and anticipate future controls.
  • Extract greater value from your cyber insurance policy and the insurance partner ecosystem.

Speakers:
Jason Bredimus, VP, IT Operations & CISO, Shamrock Foods Co.
Keeley Sidow, Cyber Client Relationship Director, Woodruff Sawyer
Timothy K. Smit, Global Privacy & Cyber Risk Consulting Practice Leader, Lockton Companies
Heidi Shey, Principal Analyst, Forrester

READ MORE +READ LESS -
Seize Opportunities And Close Business Risk Blind Spots
Are You Ready To Operationalize Your Privacy Program Now?

It was Europe at first. But today, the US is at the center of a privacy tsunami. With global and local privacy requirements evolving at an unprecedented pace, only organizations that embed privacy management into their systems, processes, and innovation cycles can succeed. From the technology you need, to the team skills you require, to the cross-functional relations you must build, this session will guide you through every step you need to take to operationalize your privacy program now and set you up for success. Come to learn how to:

  • Fine-tune your team’s skills for current and upcoming privacy tasks and activities.
  • Identify technology gaps and how to fill them.
  • Determine the key actions you must take to start or progress your privacy operationalization journey.

Speakers:
Enza Iannopollo, Principal Analyst, Forrester

READ MORE +READ LESS -
Adapt To Chaos: Evolve Defense For The Trusted Enterprise
Transform Your SOC Into A Detection And Response Engineering Practice

According to Forrester’s Security Survey, 2022, the top information security challenge for organizations is the changing and evolving nature of IT threats. The role of the security operations center (SOC) is central to this effort, detecting and stopping attacks that surpassed prevention. However, many security operations teams struggle, as they’ve evolved from a necessity — responding to alerts that signal a potential attack — into a poorly structured discipline. In all but the largest organizations, the SOC is still an ad hoc team of IT professionals breaking into cyber. In this talk, we cover:

  • How to build a detection and response development lifecycle.
  • Best practices for introducing your team to detection as code.
  • How to manage the culture shift to agile principles.
  • How to build the detection engineering skill set into your team.

Speakers:
Allie Mellen, Principal Analyst, Forrester

READ MORE +READ LESS -
Catapult Products To Success With Cloud And Application Security
Overcome The Road Bumps To Successful DevSecOps

Conceptually, DevSecOps is easy to understand, but many organizations struggle to adopt this transformational approach. In this panel session, we talk about the challenges of adopting DevSecOps, hear how other organizations have been successful, and learn how to start on a DevSecOps journey. This session will help you:

  • Understand the common challenges of adopting DevSecOps.
  • Learn how to start your DevSecOps journey.

Speakers:
Scott Tingley, Director, Security Architecture & Risk, IntelyCare
Benjamin Wolf, CTO, Capital Access Platforms, Nasdaq
Janet Worthington, Senior Analyst, Forrester

READ MORE +READ LESS -
Optimize User Experience With Identity Security & Fraud Management
Evolving Your Organization To A Passwordless Future

Pa$$w0rds_$uck! and password-related attacks continue to persist across all organizations. Why is it taking so long to eliminate passwords?  The good news is that passwordless authentication technologies now make the death of passwords realistic. Explore adoption and.  The session will examine the current state of passwordless MFA, highlight key implementation considerations and identify steps you can take to accelerate your own journey away from passwords.  This session will help participants:

  • Apply a phased methodology to realizing a password-free authentication environment.
  • Align authentication initiatives with existing Zero Trust practices.

Speakers:
Geoff Cairns, Principal Analyst, Forrester

READ MORE +READ LESS -
12:10 pm – 12:40 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Code42: How Crowdstrike automated microtrainings to change behavior and prevent data loss

Join us to learn how to stop data loss by addressing employee behavior. Discover why an effective response strategy must account for risk severity, and get practical tips for implementing response controls accordingly. We’ll showcase how Code42 customer Crowdstrike used automated microtrainings to correct frequent employee mistakes, which reduced event triage for their security team, and drove data loss events down for the business.

Speakers:
Rob Juncker, CTO, Code42

KnowBe4: Putting Humanity into Your Human Risk Management Program

Security teams are beginning to appreciate the importance of building a strong human defense layer. As a result, most organizations have adopted some form of security awareness, behavior, and culture program. But there is a complication: in building these people-focused programs, security teams often forget that people are, by nature, relational beings. This session provides practical guidance for understanding, managing, and maturing your program to best foster a positive relationship and culture.

Speakers:
Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4

12:40 pm – 1:55 pm ET

Lunch & Marketplace Break (In-Person Only)

Marketplace breaks are your chance to grab lunch, connect with sponsors, and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

Attend one session:

12:45pm - 12:55pm - Mastercard: Exploring the Future of Cyber Risk Management with Mastercard

In an era of increasing interconnectedness and growing stakeholder expectations, the idea of measuring a company’s cyber risk has become exponentially more complicated. During this session, we will explore the future of cyber risk management going beyond traditional cybersecurity risk – presenting insights into the synergies, challenges, and implications for businesses.

Speakers:
Austin Starowics, Solutions Consulting Manager , Riskrecon by Mastercard

Veterans Appreciation Lunch

We invite all those who have served or are currently serving our country to join us for a special appreciation lunch.

1:55 pm – 2:25 pm ET

Breakout Sessions

Trust Demands Leadership: A CISO Playbook For Competitive Advantage
CISOs As Closers: Win Business, Close Deals

Contributing to revenue generation is always better than being a cost center, especially during a downturn. Today’s cybersecurity programs help win and retain business by aligning investment and implementing controls to meet the requirements of three key constituencies: customers, cyber insurers, and regulators. But security leaders often fail to adequately quantify — and evangelize — these contributions. This session will help security leaders drive growth and:

  • Differentiate their organization’s products or services on trust.
  • Measure security’s impact on customer acquisition activities.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

READ MORE +READ LESS -
Seize Opportunities And Close Business Risk Blind Spots
Getting Cyber Risk Quantification Off The Ground

Qualitative cyber risk management efforts are nothing more than glorified compliance and reporting activities. Security pros struggle to assess, prioritize, and communicate their risk posture because they cling to entrenched maturity models and qualitative heatmaps for decision-making. But these methods fundamentally can’t articulate a cyber risk’s impact to the business’s bottom line. It’s time to leave these practices in the past and embrace quantitative analysis to drive meaningful business decisions. This session will help you:

  • Understand the value of quantitative methods and why we need them.
  • Examine practical steps to launch your own cyber risk quantification (CRQ) effort.

Speakers:
Chris Thorpe, Senior Director, Information Security, Cox Corporate Services, Inc.
Kanitra Tyler, Supply Chain Risk Management Service Element Lead, NASA
Cody Scott, Senior Analyst, Forrester

READ MORE +READ LESS -
Adapt To Chaos: Evolve Defense For The Trusted Enterprise
Ignoring IoT Security Doesn't Make the Problem Go Away

IoT devices within the enterprise have been a top target of external attacks at businesses that have experienced breaches for years, and these attacks continue to increase. A history of poor cybersecurity standards and configurations on devices — combined with bad practices of securing communications within and exiting the enterprise — has led to this point where infrastructure and security leaders must make changes now. We’ll dive into:

  • Why IoT devices are a prime target for attacks and how to stem the tide and gain back any lost ground.
  • Why it’s critical to apply the principles of Zero Trust to all communications with your IoT infrastructure, from identifying what devices you have, to how you’ll add new ones, to controlling the flow of data between them.

Speakers:
Paddy Harrington, Senior Analyst, Forrester

READ MORE +READ LESS -
Catapult Products To Success With Cloud And Application Security
Solving The API Security Puzzle

As APIs become commonplace in application development and the number of APIs explodes, API security flaws continue to drive high-profile breaches. Security leaders are challenged to protect these modern application environments. To mature your API security program, break down the problem into components and understand the essential practices and technologies for each. This session will help you:

  • Understand API security challenges and prioritize the core components of an API security program.
  • Map your API security initiatives to the right tools, processes, and stakeholders.

Speakers:
Sandy Carielli, Principal Analyst, Forrester
Madelein van der Hout, Senior Analyst, Forrester

READ MORE +READ LESS -
Optimize User Experience With Identity Security & Fraud Management
Identity And Fraud: What’s Hot And What’s Not

Description: Identity and fraud continue to pose challenges for organizations in all industries. To address these evolving challenges, a range of technologies have emerged to help organizations deliver identity-centric security. This panel session featuring Forrester analysts will provide an engaging discussion on current technology trends in identity and provide guidance on how to manage these challenges. This session will examine:

  • Current state of emerging IAM technologies such as distributed digital identities, passwordless authentication & biometrics
  • How fraud and identity attack vectors are evolving

Speakers:
Geoff Cairns, Principal Analyst, Forrester
Andras Cser, VP, Principal Analyst, Forrester
Merritt Maxim, VP, Research Director, Forrester

READ MORE +READ LESS -
2:30 pm – 3:00 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

ThreatLocker: Do You Know What's In Your Systems?

Using actual [redacted] customer endpoint data, ThreatLocker VP of Solutions Engineering Ryan Bowman will review what we found on their systems. With this Health Report of mitigation recommendations, you’ll learn what the customer learned and how the customer reacted. Would you do the same? Ryan will share best practices for prioritizing action and strategies to harden your environment.

Speakers:
Ryan Bowman, VP of Solutions Engineering, ThreatLocker

3:05 pm – 3:35 pm ET

Breakout Sessions

Trust Demands Leadership: A CISO Playbook For Competitive Advantage
A Decade Of Hype: Secure Zero Trust's Future Amid Executive Fatigue

From its humble network beginnings in 2009 to its current status as a model recognized and mandated by governments across the globe, Zero Trust is now a modern security architecture blueprint for enterprises. But senior executives are still used to projects with defined stop and start dates, and Zero Trust is an ongoing endeavor. This session will help security leaders anticipate this pushback and explain the next phase of their Zero Trust journey. Attend this talk to learn how to:

  • Explain that deploying Zero Trust was just the starting point.
  • Anticipate and adapt to Zero Trust fatigue in the C-suite.

Speakers:
Jinan Budge, VP, Principal Analyst, Forrester

READ MORE +READ LESS -
Seize Opportunities And Close Business Risk Blind Spots
Protect The Boundaries Of Third-Party Cyber Risk

No organization is immune to cyberattacks on its ecosystem of vendors, suppliers, services providers, partners, and other entities. Whether the third party is the intended target or just a conduit to attacking a larger organization, reliance on third parties for key business capabilities is the top driver for increasing risk. But many third-party cyber programs have room for improvement. This fireside chat will focus on aligning stakeholders, strategies, and data to protect the business from third-party cyber risk. Learn how to:

  • Tackle third-party cyber risk throughout its lifecycle.
  • Establish context for what’s most important to your business.

Speakers:
Brenda Bjerke, Senior Director of Cybersecurity, Target
Amy Hawkins, Senior Manager of Cybersecurity, Target
Alla Valente, Senior Analyst, Forrester

READ MORE +READ LESS -
Adapt To Chaos: Evolve Defense For The Trusted Enterprise
Activate Proactive Security

Incident response is inevitable, and detection is required so we know when preventative measures have been bypassed. To minimize the business impact because of gaps in preventative, detective, and responsive controls, firms must pro-activate: activate proactive cultures, measurements, and tools. This session will break down components of proactive security, demystify the technologies (and alphabet soup of acronyms) that support it, and provide a guide for standing up a proactive security program for your organization. Participants will learn:

  • Which technologies support proactive security.
  • How to make the business case and build your proactive security program.

Speakers:
Erik Nost, Senior Analyst, Forrester

READ MORE +READ LESS -
Catapult Products To Success With Cloud And Application Security
Zero Trust For Cloud Workloads: It’s Possible!

Zero Trust (ZT) in the cloud is a mandate for organizations wanting to build out and sustain their cloud infrastructure and data storage. Cloud workload security (CWS, also known as CNAPP) consisting of, among other domains, Cloud Workload Protection (CWP) and Cloud Security Posture Management (CSPM) are critically important to maintain defense posture at the workload and cloud infrastructure configuration levels.

This session will help participants:

  • Build internal support and a governance framework for ZT in CWP and CSPM.
  • Define and implement key concepts of ZT in CWP and CSPM in their own cloud environments.
  • Identify the most important configuration artifacts to monitor and defend.

Speakers:
Andras Cser, VP, Principal Analyst, Forrester

READ MORE +READ LESS -
Optimize User Experience With Identity Security & Fraud Management
Decentralized Identities And The Future Of Digital Trust

A recent common theme in digital trust space in is reusability. Reusable identities have been demonstrated to reduce friction across sectors and this is made possible by using decentralized systems. Join this track to see how digital trust systems can be built to address systemic identity problems in healthcare, immigration, human rights, and privacy. The session will enable you:

  • Explore untapped opportunities and applications of digital trust technologies.
  • Tackle hurdles on the way to decentralized identity.

Speakers:
Tope Olufon, Sr Analyst, Forrester

READ MORE +READ LESS -
3:05 pm – 4:05 pm ET

Learn-A-Skill: Build An Insider Risk Management Function (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

Insiders employees, contractors, vendors, and partners are responsible for over a quarter of data breaches. Because insider risk is a human problem, involving trusted peers with knowledge of your environments, it requires a specific focus on looking for, investigating, and responding to insider incidents. Most security teams focus on external threat actors, not insiders. Insider risk management teams must work across the organization to build support. Policy and process outweigh technology to manage insider risk. In this Learn-A-Skill session, attendees will learn: 

  • How internal risks must be managed differently than external risks. 
  • How to build an insider risk management function. 
  • How to develop policies and processes for insider risk management. 
  • How to develop success metrics for the insider risk function. 

Speakers:
Joseph Blankenship, VP, Research Director, Forrester

3:35 pm – 4:25 pm ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

Attend one session:

4:10pm - 4:20pm - Brinqa: Precisely Reduce the Vulnerabilities that Matter with Brinqa

Impossible backlogs, fragmented visibility, ownership complexity, and unmotivated stakeholders frustrate both vulnerability management teams and the remediation teams asked to fix security issues. This leads to wasted time and more residual security risk on a continuous basis while still incurring development and IT costs to fix low risk vulnerabilities. Escape this lose-lose scenario with Brinqa, which helps you unify, prioritize, remediate, and report on disparate security findings with risk context from a single platform.

Speakers:
Aaron Marzullo, Sales Engineer, Brinqa

4:30 pm – 5:00 pm ET

Forrester Security And Risk Enterprise Leadership Award

Welcome to the highly anticipated Forrester Security And Risk Enterprise Leadership Award, the only assessment dedicated to recognizing excellence in security, privacy, and risk strategy, integral to building a trusted and resilient business.

In this session, we will announce the winner of this year’s award and hear how they continually build trust with customers, employees, and partners.

Speakers:
Joseph Blankenship, VP, Research Director, Forrester

5:00 pm – 5:30 pm ET

Keynote: Adapt And Adopt: Balance The Acute Risk With The Burgeoning Reward Of AI

AI entered the cybersecurity lexicon as a buzzword. Years later, it is poised to change the way the enterprise operates and has overtaken the agenda of cybersecurity leaders. AI’s massive risk and incredible opportunity are forcing security leaders and their teams into a balancing act of enterprise enablement for a new, evolving, and complex technology. In this keynote, we will do a deep dive on the risks, threats, and opportunities AI brings. Attend this session to delve into how:

  • Cybersecurity can be instrumental in securing the big bets your enterprise makes on AI.
  • You can enable the business to use AI securely.
  • AI will change the way security operates.
  • Adversaries will leverage AI.
  • You can encourage your security practitioners to question, adopt, and trust AI.

Speakers:
Allie Mellen, Principal Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester

5:30 pm – 7:00 pm ET

Evening Reception (In-Person Only)

Join us for a reception full of networking, fun, food, and refreshments.

Wednesday Nov 15

8:00 am – 9:00 am ET

General Breakfast

Government Breakfast Meetup

Connect with your fellow peers in Public Sector for a private networking breakfast.

This breakfast is not open to partners or non-government attendees.

9:05 am – 9:35 am ET

Keynote: Building A Modern Product Security Team

Modern and future fit technology organizations transform technology to support their organization’s business strategy. Those hoping to evolve from traditional to modern or future fit must adopt a technology strategy that enables adaptivity, creativity, and resilience — but they won’t get there unless the product security team embraces those principles, too. This session will discuss:

  • What it means to be future fit — and what a product security team looks like in a modern tech or future fit tech organization.
  • How to evolve your product security strategy from traditional to modern … and from modern to future fit.

Speakers:
Sandy Carielli, Principal Analyst, Forrester

9:35 am – 10:05 am ET

Guest Keynote: To Be Announced

10:10 am – 11:00 am ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

Attend one session:

10:45am - 10:55am - Recorded Future: Reducing Operational Risk with Threat Intelligence

1 in 5 organizations have experienced a significant outage in the last three years that negatively affected their reputation, revenue, and compliance adherence. Learn from Recorded Future experts how threat intelligence can be a force multiplier, enabling security teams to strengthen their defenses, enhance operational workflows through automation, and mitigate the impact of attacks such as ransomware.

Speakers:
Ellen Wilson, Manager, Product Marketing, Recorded Future

10:30 am – 11:30 am ET

Learn-A-Skill: Burnout In Cybersecurity: A Love Story. (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

Today, 52% of the workforce is experiencing some form of burnout. Preliminary studies show that cybersecurity workers are suffering burnout at a rate higher than healthcare workers. In this context, this hidden epidemic and the impact of burnout on cybersecurity teams’ mental health, as well as on their organization’s cybersecurity posture, are immense. Did you know that it is possible for employees to be highly engaged and experiencing burnout at the same time? The fact is that some of your best, most engaged rock-star employees are also burning out, and you won’t see until it’s too late. We’ll show you how to identify the different types of burnout and how to support the people who want to be their best at work without depleting themselves. Participants in this session will:

  • Rethink what burnout is and how to identify its many causes and manifestations.
  • Understand the risk of ignoring burnout and learn to work with people and managers to avoid and address it.
  • Leave with examples of next steps for preventing, identifying, and redressing burnout in their teams and divisions.

Speakers:
Jinan Budge, VP, Principal Analyst, Forrester

11:00 am – 11:30 am ET

Breakout Sessions

Trust Demands Leadership: A CISO Playbook For Competitive Advantage
Skills That Cybersecurity Programs Need In The Next Five Years

Sometimes cybersecurity talent strategies feel like a game of whack-a-mole or buzzword bingo, as security teams are forced to learn skills based on the latest and greatest acronym in the industry. CISOs need a talent strategy that factors in current skills, innovative technologies, and the time horizon available to cultivate these skills and avoid forcing practitioners to scramble through courses and certifications to fill gaps. This session will help security leaders:

  • Develop training plans and career paths that challenge — and retain — top talent.
  • Invest in the right resources for continual upskilling.

Speakers:
Jess Burn, Principal Analyst, Forrester

READ MORE +READ LESS -
Seize Opportunities And Close Business Risk Blind Spots
Map Your Way To DORA And Other Operational Resilience Requirements ​

Even though business resilience has been top of mind for organizations in recent years, operational resilience is making waves as the latest hot trend. To effectively anticipate and deliver operational resilience through a disruption from any event, organizations need new capabilities that help them adhere to standards such as the Bank of England’s operational resilience mandate and the EU’s Digital Operational Resilience Act (DORA). Come learn how to:

  • Understand the difference and overlap between business resilience and operational resilience.
  • Take practical steps toward a better operational resilience program.

Speakers:
Amy DeMartine, VP, Research Director, Forrester

READ MORE +READ LESS -
Adapt To Chaos: Evolve Defense For The Trusted Enterprise
Federal Zero Trust Adoption: Forging A Path Forward

Federal civilian agencies have long struggled to overcome security debt, and the implementation of Zero Trust is no exception. Legacy systems, convoluted budget requirements, and heavily siloed IT organizations continue to create pain points for practitioners and leaders alike. In this panel session, leaders from CISA and GSA will discuss the following key roadblocks to adoption:

  • Exposing security coverage gaps through use-case-driven posture assessments.
  • Budgeting for the future state by utilizing existing funding and the GSA schedule.

Speakers:
Sean Connelly, Senior Cybersecurity Architect & TIC Program Manager, Cybersecurity And Infrastructure Security Agency
Rosa Underwood, Senior Cybersecurity Advisor (Acting), IT Specialist Information Technology Category Federal Acquisition Services, U.S. General Services Administration
Heath Mullins, Sr. Analyst, Forrester

READ MORE +READ LESS -
Catapult Products To Success With Cloud And Application Security
Your Cloud Security Checklist Isn’t Complete Without Kubernetes

Cloud native technologies span public cloud, data centers and the edge. Your cloud providers’ documentations, attestations and audit reports are a great place to start, but a terrible place to end as they don’t go deeply into the details of Kubernetes and cloud native. In this session, we will discuss:

  • Expanding your systematic approach to control implementation to include cloud native
  • Leveraging open-source software and commercial products to generalize control objectives to Kubernetes and cloud native to their control frameworks technologies based on real-world implementations.

Speakers:
Lee Sustar, Principal Analyst, Forrester

READ MORE +READ LESS -
Optimize User Experience With Identity Security & Fraud Management
Reining In The Big And Booming Business Of Insurance Fraud

Banks get robbed because that’s where the money is.  There’s also a lot of money in insurance, such that where there’s insurance, there’s fraud.  Insurance scams are now big business, amounting to billions of losses from hard and soft fraud globally. But fraudsters don’t have to retain the upper hand. In this session, Forrester examines:

  • The macro and micro drivers of fraud and how they’ve evolved post-Covid.
  • Why it’s time to stop looking for a silver bullet.
  • Specific actions to identify, mitigate, and prevent fraud losses.

Speakers:
Ellen Carney, Principal Analyst, Forrester

READ MORE +READ LESS -
11:35 am – 12:05 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Akamai Technologies: Revisiting Defense In Depth: A New Approach

As cyberattacks increase and become more effective, the Defense in Depth security strategy is no longer realistic. In this case study, we explore a new take on an old tactic and how one company with a growing attack surface, number of products, vendors, and security gaps took defense in depth to mean a ‘depth of coverage’ against the modern attack sequence. Learn their strategy for stopping sophisticated attacks against their modern infrastructure.

Speakers:
Dan Petrillo, Director, Product Marketing, Akamai Technologies

Microsoft: AI: Defending at machine speed with Microsoft Security

Learn how Microsoft is applying AI/ML to disrupt attackers’ traditional advantages, adapt to their new techniques, and combat the growing scale of the industrialization of cybercrime. In this session, we’ll see how Microsoft XDR can automatically disrupt in-progress attacks, Security Copilot will help simplify SOC investigations, and more.

Speakers:
Omar Turner, General Manager, Northeast CSU (Customer Success Unit) Security Leader, Microsoft

12:05 pm – 1:15 pm ET

Lunch & Marketplace Break (In-Person Only)

Marketplace breaks are your chance to grab lunch, connect with sponsors, and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

Attend one session:

12:10pm - 12:20pm - ThreatLocker: Rubber Ducky Challenge

Risk of data loss and operational disruption can stem from more than the ransomware in news headlines. Join for a live hacking demonstration of a common-looking USB device and discussion on physical and digital methods of control to minimize data exfiltration.

Speakers:
Ryan Bowman, VP of Solutions Engineering, ThreatLocker

12:25pm - 12:35pm - IBM: Managing Cyber Risk through AI for Complex Ecosystems

Organizations face significant challenges to demonstrate a return on investment and to establish a cyber risk-driven business. IBM’s Active Governance Services (AGS) addresses organizational challenges through a technology agnostic engine that integrates key cyber and broader organizational key data points to define, quantify, manage, and report on cyber risks. We will share leading practices and a case study in applying a cyber risk-based approach to prioritize investment and manage the business.

Speakers:
Evelyn Anderson, IBM Distinguished Engineer, IBM

12:55pm - 1:05pm - Code42: A simpler, stronger approach to IP protection (really!)

Addressing data loss and insider threat with traditional tools takes more time than security has to give. You need strong detection, effective response, powerful integrations, ease of use, and no disruption to users. Too much to ask? Not at all. Seeing is believing so join us for a 10-minute demo.

Speakers:
Rob Juncker, CTO, Code42

1:15 pm – 1:45 pm ET

Breakout Sessions

Trust Demands Leadership: A CISO Playbook For Competitive Advantage
Look Overseas For What’s Next In US Cybersecurity Regulation

In recent years, authorities overseas have stepped up their game and innovated when it comes to cybersecurity regulation. Legislative and regulatory activity indicates the same will happen here, using European regulations as inspiration for US requirements. Staying up to speed on what happens in Europe on the regulatory front will better prepare security leaders and their programs to drive the investment and change management necessary to protect and grow revenue via compliance. This session will help you:

  • Understand what elements of European regulations may find their way into US legislation.
  • Learn from European security programs’ compliance and change management challenges.

Speakers:
Madelein van der Hout, Senior Analyst, Forrester

READ MORE +READ LESS -
Seize Opportunities And Close Business Risk Blind Spots
A Modern DLP Approach Works For Everything From Zero Trust To GenAI

Data loss prevention (DLP) features and capabilities are included in many security offerings, and DLP still exists as a standalone product. But it is also an approach that does not necessarily require the use of DLP technologies to achieve the outcome of enforcing DLP policies. Whether you are contemplating replacing your traditional DLP solution or deploying DLP capabilities for the first time, you are navigating a new technology landscape. In this session:

  • Learn how a modern approach to DLP aligns with a Zero Trust approach.
  • Examine considerations for your DLP roadmap for concerns like generative AI and insider threats.

Speakers:
Heidi Shey, Principal Analyst, Forrester

READ MORE +READ LESS -
Adapt To Chaos: Evolve Defense For The Trusted Enterprise
Expose Risky Insiders With Threat Intelligence

External attacks grab headlines and the attention of security teams. Insider incidents, however, are responsible for roughly one-quarter of data breaches while garnering much less attention. Insiders — including users, vendors, consultants, and partners — represent risk to every organization. Threat intelligence helps organizations identify risks, enhancing their ability to guard against and detect insider incidents. Attend this track to learn:

  • How insiders pose real risk to the trusted organization.
  • How threat intelligence fits into your insider risk management program.

Speakers:
Joseph Blankenship, VP, Research Director, Forrester
Brian Wrozek, Principal Analyst, Forrester

READ MORE +READ LESS -
Catapult Products To Success With Cloud And Application Security
Extra! Extra! Software Bill of Materials (SBOMs) are here!

The U.S. government has been raising awareness on the criticality of securing software supply chains and the role that software bills of material (SBOMs) play. The FDA requires SBOMs for Medical Devices and other Federal Agencies have the backing of the White House to request one from suppliers. But SBOMs are not just for governments, enterprises are also realizing the benefits of understanding what is in the software they download, build, buy, and operate.

In this fire side chat, hear from Allan Friedman, leading the charge on SBOM adoption at CISA, on where governments and industries are successfully using SBOMs, how your agency or organization can get started and what is in store for SBOMs.  This discussion will include:

  • Common challenges for Federal Agencies and organizations looking to leverage SBOMs for better visibility into their software supply chain.
  • What are simple steps agencies and organizations can take to get started on their SBOM journey. What are the pathways to success.
  • What governments around the world are thinking about SBOMs. And, what the future holds for SBOMs.

Speakers:
Janet Worthington, Senior Analyst, Forrester

READ MORE +READ LESS -
Optimize User Experience With Identity Security & Fraud Management
It’s Not Just Payments: Managing Policy Abuses And Fraud Scams

Today’s organizations face fraud on many fronts. While traditional, payment-related fraud (e.g., card present and card not present) generates headlines in the media, firms are now getting bombarded by new fraud types. These new fraud types include 1) identity theft (fraudsters signing up on behalf of their victims), 2) coupon fraud, and 3) policy abuse (such as violating product return policies or reselling policies). Participants in this session will learn how to:

  • Discover the types of emerging policy abuses and scam types.
  • Define defensible and differentiated policies for tackling policy abuses and scams.
  • Create a technical approach for managing policy abuses and scams across multiple channels.

Speakers:
Andras Cser, VP, Principal Analyst, Forrester

READ MORE +READ LESS -
1:50 pm – 2:20 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Zscaler: Unleash the Full Power of Secure Digital Transformation

Every age is accompanied by new, special demands for the decision-makers who steer the fortunes of companies. In recent years, business success has become intrinsically linked to IT infrastructure and seamless and secure connectivity is the key to unlock innovation and accelerate business outcomes. To reach this state, enterprises are transforming their networks and security to a zero trust architecture, thereby reducing risk, eliminating cost and complexity and increasing agility. Join this session to hear Jay Chaudhry and John McClure to learn: How zero trust architecture secures users, workloads, IoT/OT devices, and your business partners by addressing critical security shortcomings of legacy network architecture How to reduce network complexity without exposing your organization to new risks The key steps in a phased secure digital transformation journey as well as proven advice to drive the mindset and cultural change required

Speakers:
Dhawal Sharma, SVP, Product Management, Zscaler
John McClure, Chief Information Security Officer VP, Enterprise Infrastructure & Cloud, Sinclair, Inc.

2:20 pm – 3:10 pm ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

3:15 pm – 3:45 pm ET

Keynote: Digital Identity And Fraud In The Age Of AI

The age of AI is upon us, with the potential to upend and transform many existing markets. Identity and fraud are not immune to AI’s effects, whether it is AI-generated deepfakes launching social engineering attacks to evaluating real-time access data to identify anomalous identity activity. Managing identity and fraud in the age of AI will require a new mindset and strategy to ensure that the business remains protected while maintaining trust and seamless digital experiences for customers, employees, and partners. In this session, Merritt will review how:

  • AI is influencing identity and fraud.
  • Organizations should prepare to evolve their IAM programs to operate efficiently in the age of AI.

Speakers:
Mary Faulkner, VP, CSIO and VP of IT Operations, Thrivent
Upendra Mardikar, CISO, TIAA
Sarah Nur, Associate Chief Information Officer for Cybersecurity and Treasury Chief Information Security Officer, U.S. Department of the Treasury
Merritt Maxim, VP, Research Director, Forrester

3:45 pm – 4:15 pm ET

Keynote: AI Ethics And Compliance: Risk Hell, Settle For Purgatory, Or Enter Paradise

From Europe to the US and AP, the regulatory machine is spinning. Everybody agrees on the need to regulate AI, no one knows how to do it, and you are in charge of ensuring risks are under control. It will be a perilous and uncertain journey, but the opportunity to shape a trusted and ethical approach to AI is yours and the time is now. This session will: 

  • Explore the upcoming principles and regulations that will define AI risk practices of the future. 
  • Illustrate emerging best practices for building and executing AI governance frameworks. 
  • Give you guidance on what to do next. 

Speakers:
Enza Iannopollo, Principal Analyst, Forrester

Bold Starts: Monday

Nov 13
  • 1:00 pm – 5:00 pm ET Special Programs
  • 5:00 pm – 6:00 pm ET ELE Welcome Reception

Tuesday

Nov 14
  • 8:00 am – 9:00 am ET ELE Only: Breakfast Session
  • 9:00 am – 10:45 am ET General Keynotes
  • 10:45 am – 11:35 am ET Marketplace Break
  • 11:35 am – 12:40 pm ET General Breakouts and Case Studies
  • 12:40 pm – 1:55 pm ET Exclusive ELE Lunch Keynote
  • 1:55 pm – 3:35 pm ET General Breakouts and Case Studies
  • 3:35 pm – 4:25 pm ET Marketplace Break
  • 4:25 pm – 5:35 pm ET General Keynotes
  • 5:30 pm – 7:00 pm ET ELE Reception

Wednesday

Nov 15
  • 8:00 am – 9:00 am ET General Breakfast
  • 9:00 am – 10:10 am ET General Keynotes
  • 10:10 am – 11:00 am ET Marketplace Break
  • 11:00 am – 12:05 pm ET General Breakouts and Case Studies
  • 12:05 pm – 1:15 pm ET Exclusive ELE Lunch Keynote
  • 1:15 pm – 2:20 pm ET General Breakouts and Case Studies
  • 2:20 pm – 3:10 pm ET Marketplace Break
  • 3:10 pm – 4:15 pm ET General Keynotes
  • 4:15 pm – 4:20 pm ET Closing Remarks

Bold Starts: Monday Nov 13

1:00 pm – 3:30 pm ET

Forrester Women's Leadership Program (In-Person Only)

Join us as we discuss the many ways you can power change and growth for yourself and other women in the workplace. Network and learn from your peers on advancement strategies for women leaders and participate in conversations about how to develop meaningful relationships with women leaders in the data and analytics industry. All are welcome to join!

Panel: Avoid The “She’s Not Strategic”* Trap: Balancing Influence And Effectiveness To Lead In Cybersecurity

If you take pride in your ability to get stuff done and prefer to let your work speak for itself (because you’re uncomfortable with self-promotion), this session is for you. Paradoxically, many ambitious and talented women miss out on leadership opportunities precisely *because* they’re excellent at getting stuff done — they end up spending all their time executing effectively, or no one notices their strategic contributions among all the operational work that they do. For this session, we’ve assembled a fantastic panel of information security leaders who’ve faced this challenge. Here’s what you’ll take away from this session if you join us:

  • How to make space for contributing strategically — and how to highlight your strategic contributions (yes, this will involve some self-promotion!)
  • How to build influence and visibility with the leaders above you in the organization
  • How to help those more junior to you avoid or climb out of this trap

*Jess Iandiorio, the author of this 2020 blog post, is a former Forrester colleague who’s now the CMO at Starburst.

Speakers:
Jada Breegle, CIO, Legal Services Corporation
Mary Faulkner, VP, CSIO and VP of IT Operations, Thrivent
Sarah Nur, Associate Chief Information Officer for Cybersecurity and Treasury Chief Information Security Officer, U.S. Department of the Treasury
Stephanie Balaouras, VP, Group Director, Forrester

3:00 pm – 4:00 pm ET

Learn-A-Skill: Demystifying The Proof Of Concept (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

Proof of Concepts are a universal part of selecting and procuring a cybersecurity product and service…and one of the most misunderstood. This workshop will provide actionable advice on how to run a successful proof of concept that validates how the product and service will meet the needs of the security program while also reducing the time teams spend performing them. This session will provide detailed advice on how to:

  • Identify when it’s time to run a proof of concept.
  • Apply the right – and avoid the wrong – constraints.
  • Develop meaningful success criteria.
  • Reduce the amount of time spent on Proof of Concepts by up to 90%.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

3:45 pm – 5:00 pm ET

Workshops (In-Person Only)

Join on of our interactive, in-person sessions led by Forrester analysts, featuring hands-on exercises that equip you with the skills needed to lead change. Engage with peers from other firms to enhance your skills and collaborate on common challenges.

 

Workshop: Preparing For Your Zero Trust Transformation

In an age when cybersecurity threats are everywhere, modern networks must move beyond the static perimeter-based model. Security teams must adapt and redesign networks to improve security. Join this workshop to better understand what it takes to plan for your firm’s Zero Trust strategy. You’ll participate in interactive self-assessments and exercises to help you identify areas to focus your transformation investments. This workshop provides a live sample of Forrester’s Adopting Zero Trust Certification course.

Speakers:
David Holmes, Principal Analyst!, Forrester
Heath Mullins, Sr. Analyst, Forrester
Jenna Wohead, Director, Certification, Forrester

Workshop: Identify Security Gaps with The Forrester Information Security Maturity Model (FISMM)

All attendees are encouraged to bring their own laptop to complete the FISMM.

The Forrester Information Security Maturity Model (FISMM) provides a framework that describes all the required functions and components of a comprehensive security program. It also offers a method for evaluating the maturity of each component (spread across the same four domains of oversight, people, process, and technology) of the framework on a consistent and prescriptive scale. In this session, you’ll be able to:

  • Learn the basics of the condensed 30-question FISMM.
  • Complete the FISMM online for your organizations.
  • Understand next steps to review your results, identify strengths and opportunities in your security program, and shape your cybersecurity strategy, operations, and roadmap.

Speakers:
Peter Cerrato, Principal Consultant, Forrester
Ron Woerner, Senior Consultant, Forrester

4:00 pm – 5:00 pm ET

Learn-A-Skill: How To Build A Leading Detection And Response Engineering Practice (In-Person Only)

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

The SOC has reached the same tipping point that software development faced many years ago: It’s dealing with too much data (big data and log management), struggling to innovate and update monolithic software (detections and incident response processes), and lacking ownership beyond initial deployment (content management). Once the software world reached this point, it pivoted from building monolithic software based on a waterfall methodology to deploying microservices and agile. Security operations teams must make this same pivot to stay ahead of evolving threats through detection and response engineering. Join this session to start to structure a detection and response engineering practice. Learn how to: 

  • Make the transition to agile in the SOC. 
  • Leverage the detection and response development lifecycle (DR-DLC). 
  • Build a process to train your team to write detection as code. 

Speakers:
Allie Mellen, Principal Analyst, Forrester

5:00 pm – 6:00 pm ET

Meet Your Peers: ELE Networking Reception 

Join us for a pre-conference reception where you can network with Forrester experts and industry peers who will be part of the ELE program throughout the event.

Speakers:
Jess Burn, Principal Analyst, Forrester

Tuesday Nov 14

8:00 am – 9:00 am ET

ELE Exclusive Networking Breakfast

Start the day with a nourishing meal, the company of your fellow ELE participants, and an overview of the day ahead.

Speakers:
Jess Burn, Principal Analyst, Forrester

9:00 am – 9:40 am ET

Welcome & Opening Remarks

Welcome to Forrester’s Security & Risk 2023. This session will set the tone for the next two days of bold vision and actionable insight from Forrester.

Speakers:
George Colony, CEO, Forrester
Stephanie Balaouras, VP, Group Director, Forrester

9:40 am – 10:10 am ET

Keynote: The Future Of Zero Trust Is … Everywhere

Zero Trust is today’s de facto security strategy. But can we build Zero Trust into the world of tomorrow? Right now, organizations are designing Zero Trust into greenfield environments and retrofitting it into their legacy infrastructures. Optimizing Zero Trust for the dynamic, flexible requirements of the future will require that it be built into everything. In this talk, David Holmes will show how, in the future, everything will be Zero Trust by default. Attend this session to:

  • Learn how to connect the pockets of Zero Trust in organizations today.
  • Understand what needs to change for Zero Trust everywhere.

Speakers:
David Holmes, Principal Analyst!, Forrester

10:10 am – 10:40 am ET

Keynote: Too Fast, Too Furious: Managing The Speed Of Cybersecurity Regulatory Change

Navigating the barrage of new and evolving regulatory requirements makes compliance a constant uphill battle for security teams. This session will examine how security leaders are managing the latest changes and explore how they’re preparing for what’s on the horizon. Join this keynote session to learn:

  • The consequences and risks associated with falling behind on regulation updates.
  • Best practices to effectively manage and adapt to the speed of regulatory change for 2024 and beyond.

Speakers:
Stephanie Franklin-Thomas, PhD, SVP & CISO, ABM Industries
Gene Sun, Corporate VP, CISO, FedEx
Alla Valente, Senior Analyst, Forrester

10:45 am – 11:35 am ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

11:35 am – 12:05 pm ET

Beyond The Policy: Make Cyber Insurance Work For You

Increasingly stringent requirements, exclusions, and policy premium costs may appear as a trifecta of pain — but they’re really an opportunity. Security leaders can wield cyber insurance as a tool for security and risk management investment and maturing security program practices within your organization. This panel will examine how you can:

  • Understand current common cybersecurity control requirements and anticipate future controls.
  • Extract greater value from your cyber insurance policy and the insurance partner ecosystem.

Speakers:
Jason Bredimus, VP, IT Operations & CISO, Shamrock Foods Co.
Keeley Sidow, Cyber Client Relationship Director, Woodruff Sawyer
Timothy K. Smit, Global Privacy & Cyber Risk Consulting Practice Leader, Lockton Companies
Heidi Shey, Principal Analyst, Forrester

12:10 pm – 12:40 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Code42: How Crowdstrike automated microtrainings to change behavior and prevent data loss

Join us to learn how to stop data loss by addressing employee behavior. Discover why an effective response strategy must account for risk severity, and get practical tips for implementing response controls accordingly. We’ll showcase how Code42 customer Crowdstrike used automated microtrainings to correct frequent employee mistakes, which reduced event triage for their security team, and drove data loss events down for the business.

Speakers:
Rob Juncker, CTO, Code42

KnowBe4: Putting Humanity into Your Human Risk Management Program

Security teams are beginning to appreciate the importance of building a strong human defense layer. As a result, most organizations have adopted some form of security awareness, behavior, and culture program. But there is a complication: in building these people-focused programs, security teams often forget that people are, by nature, relational beings. This session provides practical guidance for understanding, managing, and maturing your program to best foster a positive relationship and culture.

Speakers:
Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4

12:40 pm – 1:55 pm ET

ELE Lunch Keynote: A CISOs Guide To Building A High-Performing Security Team

Join your ELE peers to discover the essential strategies for assembling and leading a high-performing security team in today’s dynamic threat landscape. This lunch session with Jacobs Head of Security, Raj Badhwar and Forrester’s VP and Principal Analyst Jinan Budge will dive into the critical components of team building and leadership that every CISO needs to know. Learn how the team at Jacobs is tackling the business needs of today while taking the steps to build the security team of tomorrow. This session will cover: ​

  • Identifying and attracting top cybersecurity talent that might otherwise be overlooked. ​
  • How CISOs can nurture a collaborative security culture. ​
  • How security teams can foster a more inclusive environment and community for all.

Speakers:
Raj Badhwar, Vice President, Global Head of Cybersecurity , Jacobs
Jinan Budge, VP, Principal Analyst, Forrester

1:55 pm – 2:25 pm ET

CISOs As Closers: Win Business, Close Deals

Contributing to revenue generation is always better than being a cost center, especially during a downturn. Today’s cybersecurity programs help win and retain business by aligning investment and implementing controls to meet the requirements of three key constituencies: customers, cyber insurers, and regulators. But security leaders often fail to adequately quantify — and evangelize — these contributions. This session will help security leaders drive growth and:

  • Differentiate their organization’s products or services on trust.
  • Measure security’s impact on customer acquisition activities.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

2:30 pm – 3:00 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

ThreatLocker: Do You Know What's In Your Systems?

Using actual [redacted] customer endpoint data, ThreatLocker VP of Solutions Engineering Ryan Bowman will review what we found on their systems. With this Health Report of mitigation recommendations, you’ll learn what the customer learned and how the customer reacted. Would you do the same? Ryan will share best practices for prioritizing action and strategies to harden your environment.

Speakers:
Ryan Bowman, VP of Solutions Engineering, ThreatLocker

3:05 pm – 3:35 pm ET

A Decade Of Hype: Secure Zero Trust's Future Amid Executive Fatigue

From its humble network beginnings in 2009 to its current status as a model recognized and mandated by governments across the globe, Zero Trust is now a modern security architecture blueprint for enterprises. But senior executives are still used to projects with defined stop and start dates, and Zero Trust is an ongoing endeavor. This session will help security leaders anticipate this pushback and explain the next phase of their Zero Trust journey. Attend this talk to learn how to:

  • Explain that deploying Zero Trust was just the starting point.
  • Anticipate and adapt to Zero Trust fatigue in the C-suite.

Speakers:
Jinan Budge, VP, Principal Analyst, Forrester

3:35 pm – 4:25 pm ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

Attend one session:

4:10pm - 4:20pm - Brinqa: Precisely Reduce the Vulnerabilities that Matter with Brinqa

Impossible backlogs, fragmented visibility, ownership complexity, and unmotivated stakeholders frustrate both vulnerability management teams and the remediation teams asked to fix security issues. This leads to wasted time and more residual security risk on a continuous basis while still incurring development and IT costs to fix low risk vulnerabilities. Escape this lose-lose scenario with Brinqa, which helps you unify, prioritize, remediate, and report on disparate security findings with risk context from a single platform.

Speakers:
Aaron Marzullo, Sales Engineer, Brinqa

4:30 pm – 5:00 pm ET

Forrester Security And Risk Enterprise Leadership Award

Welcome to the highly anticipated Forrester Security And Risk Enterprise Leadership Award, the only assessment dedicated to recognizing excellence in security, privacy, and risk strategy, integral to building a trusted and resilient business.

In this session, we will announce the winner of this year’s award and hear how they continually build trust with customers, employees, and partners.

Speakers:
Joseph Blankenship, VP, Research Director, Forrester

5:00 pm – 5:30 pm ET

Keynote: Adapt And Adopt: Balance The Acute Risk With The Burgeoning Reward Of AI

AI entered the cybersecurity lexicon as a buzzword. Years later, it is poised to change the way the enterprise operates and has overtaken the agenda of cybersecurity leaders. AI’s massive risk and incredible opportunity are forcing security leaders and their teams into a balancing act of enterprise enablement for a new, evolving, and complex technology. In this keynote, we will do a deep dive on the risks, threats, and opportunities AI brings. Attend this session to delve into how:

  • Cybersecurity can be instrumental in securing the big bets your enterprise makes on AI.
  • You can enable the business to use AI securely.
  • AI will change the way security operates.
  • Adversaries will leverage AI.
  • You can encourage your security practitioners to question, adopt, and trust AI.

Speakers:
Allie Mellen, Principal Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester

5:30 pm – 7:00 pm ET

ELE Exclusive Reception: Meet and Greet Security & Risk Keynotes

Enjoy this opportunity to further engage with peers met during the ELE program.

Wednesday Nov 15

9:05 am – 9:35 am ET

Keynote: Building A Modern Product Security Team

Modern and future fit technology organizations transform technology to support their organization’s business strategy. Those hoping to evolve from traditional to modern or future fit must adopt a technology strategy that enables adaptivity, creativity, and resilience — but they won’t get there unless the product security team embraces those principles, too. This session will discuss:

  • What it means to be future fit — and what a product security team looks like in a modern tech or future fit tech organization.
  • How to evolve your product security strategy from traditional to modern … and from modern to future fit.

Speakers:
Sandy Carielli, Principal Analyst, Forrester

9:35 am – 10:05 am ET

Guest Keynote: To Be Announced

10:10 am – 11:00 am ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

Attend one session:

10:45am - 10:55am - Recorded Future: Reducing Operational Risk with Threat Intelligence

1 in 5 organizations have experienced a significant outage in the last three years that negatively affected their reputation, revenue, and compliance adherence. Learn from Recorded Future experts how threat intelligence can be a force multiplier, enabling security teams to strengthen their defenses, enhance operational workflows through automation, and mitigate the impact of attacks such as ransomware.

Speakers:
Ellen Wilson, Manager, Product Marketing, Recorded Future

11:00 am – 11:30 am ET

Skills That Cybersecurity Programs Need In The Next Five Years

Sometimes cybersecurity talent strategies feel like a game of whack-a-mole or buzzword bingo, as security teams are forced to learn skills based on the latest and greatest acronym in the industry. CISOs need a talent strategy that factors in current skills, innovative technologies, and the time horizon available to cultivate these skills and avoid forcing practitioners to scramble through courses and certifications to fill gaps. This session will help security leaders:

  • Develop training plans and career paths that challenge — and retain — top talent.
  • Invest in the right resources for continual upskilling.

Speakers:
Jess Burn, Principal Analyst, Forrester

11:35 am – 12:05 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Akamai Technologies: Revisiting Defense In Depth: A New Approach

As cyberattacks increase and become more effective, the Defense in Depth security strategy is no longer realistic. In this case study, we explore a new take on an old tactic and how one company with a growing attack surface, number of products, vendors, and security gaps took defense in depth to mean a ‘depth of coverage’ against the modern attack sequence. Learn their strategy for stopping sophisticated attacks against their modern infrastructure.

Speakers:
Dan Petrillo, Director, Product Marketing, Akamai Technologies

Microsoft: AI: Defending at machine speed with Microsoft Security

Learn how Microsoft is applying AI/ML to disrupt attackers’ traditional advantages, adapt to their new techniques, and combat the growing scale of the industrialization of cybercrime. In this session, we’ll see how Microsoft XDR can automatically disrupt in-progress attacks, Security Copilot will help simplify SOC investigations, and more.

Speakers:
Omar Turner, General Manager, Northeast CSU (Customer Success Unit) Security Leader, Microsoft

12:05 pm – 1:15 pm ET

ELE Lunch Keynote: A Q&A With The Security & Risk Enterprise Leadership Award Winner

Hear the “behind the scenes” story of the Forrester Security & Risk Enterprise Leadership Award Winner and ask your questions about the journey that led to the award and the winner’s perspective on the road ahead.  

Speakers:
David Levine, VP, Executive Partner, Forrester

1:15 pm – 1:45 pm ET

Look Overseas For What’s Next In US Cybersecurity Regulation

In recent years, authorities overseas have stepped up their game and innovated when it comes to cybersecurity regulation. Legislative and regulatory activity indicates the same will happen here, using European regulations as inspiration for US requirements. Staying up to speed on what happens in Europe on the regulatory front will better prepare security leaders and their programs to drive the investment and change management necessary to protect and grow revenue via compliance. This session will help you:

  • Understand what elements of European regulations may find their way into US legislation.
  • Learn from European security programs’ compliance and change management challenges.

Speakers:
Madelein van der Hout, Senior Analyst, Forrester

1:50 pm – 2:20 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Zscaler: Unleash the Full Power of Secure Digital Transformation

Every age is accompanied by new, special demands for the decision-makers who steer the fortunes of companies. In recent years, business success has become intrinsically linked to IT infrastructure and seamless and secure connectivity is the key to unlock innovation and accelerate business outcomes. To reach this state, enterprises are transforming their networks and security to a zero trust architecture, thereby reducing risk, eliminating cost and complexity and increasing agility. Join this session to hear Jay Chaudhry and John McClure to learn: How zero trust architecture secures users, workloads, IoT/OT devices, and your business partners by addressing critical security shortcomings of legacy network architecture How to reduce network complexity without exposing your organization to new risks The key steps in a phased secure digital transformation journey as well as proven advice to drive the mindset and cultural change required

Speakers:
Dhawal Sharma, SVP, Product Management, Zscaler
John McClure, Chief Information Security Officer VP, Enterprise Infrastructure & Cloud, Sinclair, Inc.

2:20 pm – 3:10 pm ET

Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

3:15 pm – 3:45 pm ET

Keynote: Digital Identity And Fraud In The Age Of AI

The age of AI is upon us, with the potential to upend and transform many existing markets. Identity and fraud are not immune to AI’s effects, whether it is AI-generated deepfakes launching social engineering attacks to evaluating real-time access data to identify anomalous identity activity. Managing identity and fraud in the age of AI will require a new mindset and strategy to ensure that the business remains protected while maintaining trust and seamless digital experiences for customers, employees, and partners. In this session, Merritt will review how:

  • AI is influencing identity and fraud.
  • Organizations should prepare to evolve their IAM programs to operate efficiently in the age of AI.

Speakers:
Mary Faulkner, VP, CSIO and VP of IT Operations, Thrivent
Upendra Mardikar, CISO, TIAA
Sarah Nur, Associate Chief Information Officer for Cybersecurity and Treasury Chief Information Security Officer, U.S. Department of the Treasury
Merritt Maxim, VP, Research Director, Forrester

3:45 pm – 4:15 pm ET

Keynote: AI Ethics And Compliance: Risk Hell, Settle For Purgatory, Or Enter Paradise

From Europe to the US and AP, the regulatory machine is spinning. Everybody agrees on the need to regulate AI, no one knows how to do it, and you are in charge of ensuring risks are under control. It will be a perilous and uncertain journey, but the opportunity to shape a trusted and ethical approach to AI is yours and the time is now. This session will: 

  • Explore the upcoming principles and regulations that will define AI risk practices of the future. 
  • Illustrate emerging best practices for building and executing AI governance frameworks. 
  • Give you guidance on what to do next. 

Speakers:
Enza Iannopollo, Principal Analyst, Forrester

Tuesday

Nov 14
  • 9:00 am – 5:30 pm ET AI-focused Sessions

Wednesday

Nov 15
  • 9:00 am – 4:20 pm ET AI-focused Sessions

Tuesday Nov 14

5:00 pm – 5:30 pm ET

Keynote: Adapt And Adopt: Balance The Acute Risk With The Burgeoning Reward Of AI

AI entered the cybersecurity lexicon as a buzzword. Years later, it is poised to change the way the enterprise operates and has overtaken the agenda of cybersecurity leaders. AI’s massive risk and incredible opportunity are forcing security leaders and their teams into a balancing act of enterprise enablement for a new, evolving, and complex technology. In this keynote, we will do a deep dive on the risks, threats, and opportunities AI brings. Attend this session to delve into how:

  • Cybersecurity can be instrumental in securing the big bets your enterprise makes on AI.
  • You can enable the business to use AI securely.
  • AI will change the way security operates.
  • Adversaries will leverage AI.
  • You can encourage your security practitioners to question, adopt, and trust AI.

Speakers:
Allie Mellen, Principal Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester

Wednesday Nov 15

1:15 pm – 1:45 pm ET

Breakout: A Modern DLP Approach Works For Everything From Zero Trust To GenAI

Data loss prevention (DLP) features and capabilities are included in many security offerings, and DLP still exists as a standalone product. But it is also an approach that does not necessarily require the use of DLP technologies to achieve the outcome of enforcing DLP policies. Whether you are contemplating replacing your traditional DLP solution or deploying DLP capabilities for the first time, you are navigating a new technology landscape. In this session:

  • Learn how a modern approach to DLP aligns with a Zero Trust approach.
  • Examine considerations for your DLP roadmap for concerns like generative AI and insider threats.

Speakers:
Heidi Shey, Principal Analyst, Forrester

3:15 pm – 3:45 pm ET

Keynote: Digital Identity And Fraud In The Age Of AI

The age of AI is upon us, with the potential to upend and transform many existing markets. Identity and fraud are not immune to AI’s effects, whether it is AI-generated deepfakes launching social engineering attacks to evaluating real-time access data to identify anomalous identity activity. Managing identity and fraud in the age of AI will require a new mindset and strategy to ensure that the business remains protected while maintaining trust and seamless digital experiences for customers, employees, and partners. In this session, Merritt will review how:

  • AI is influencing identity and fraud.
  • Organizations should prepare to evolve their IAM programs to operate efficiently in the age of AI.

Speakers:
Mary Faulkner, VP, CSIO and VP of IT Operations, Thrivent
Upendra Mardikar, CISO, TIAA
Sarah Nur, Associate Chief Information Officer for Cybersecurity and Treasury Chief Information Security Officer, U.S. Department of the Treasury
Merritt Maxim, VP, Research Director, Forrester

3:45 pm – 4:15 pm ET

Keynote: AI Ethics And Compliance: Risk Hell, Settle For Purgatory, Or Enter Paradise

From Europe to the US and AP, the regulatory machine is spinning. Everybody agrees on the need to regulate AI, no one knows how to do it, and you are in charge of ensuring risks are under control. It will be a perilous and uncertain journey, but the opportunity to shape a trusted and ethical approach to AI is yours and the time is now. This session will: 

  • Explore the upcoming principles and regulations that will define AI risk practices of the future. 
  • Illustrate emerging best practices for building and executing AI governance frameworks. 
  • Give you guidance on what to do next. 

Speakers:
Enza Iannopollo, Principal Analyst, Forrester

Digital Content

Nov 14
  • 9:00 am – 6:00 pm ET Digital-Only Sessions

Digital Content Nov 14

9:00 am – 6:00 pm ET

Embracing Diversity As Your Key For Growth: A Few Practical Steps!

Diversity, Equity and Inclusion (“DEI”) are key concepts at the forefront of many corporations’ agendas today. The need for a more inclusive workspace is not new, but corporations are now recognizing trends in the correlation between a diverse/inclusive workspace and greater staff retention and productivity. This session provides an easy-to-follow pathway that helps get any company past the initial step (of what is often viewed unfavorably as ‘requisite diversity training’) and around the most common traps that stop companies from maintaining best practices.

  • How to ‘jump right in’ and identify specific areas for program enhancement. Don’t get lost in the too-big picture!
  • Learn the three key components of the employee lifecycle for DEI incorporation.
  • Discover how a stronger DEI program can lead to team and company maturity.
  • Recognize the most common traps: where attempts to be inclusive go wrong with most corporations.
  • Act upon two things you can do to improve immediately/today.
Digital

Speakers:
Jade Johnson, Owner, JadeInclusion

Build A Better Listening Strategy To Inspire And Enable Your Employees

Gone are the days when leaders stood in front of their followers and told them what matters. Modern leaders engage their teams to learn from them, and with them, what matters in business and for customers. But that can only happen with a more purposeful listening strategy. In this session, attendees will learn:   

  • What listening is and why it plays the largest role in an organization’s approach to employee input.  
  • How listening is a productive, rather than merely reactive, tool for improving the business.  
  • Why successful leaders will be known as much for what they learned as what they said.  
Digital

Speakers:
David Johnson, Principal Analyst, Forrester

Earning Excellence: How Managers Can Inspire And Enable Sustained Excellence

Energy and engagement are finite resources that are essential to achieving business results. One of the challenges that organizations and leaders face is that these resources have been depleted for many of their employees due to a lack of strategies to refresh and sustain that energy. In this session, we will:

  • Define “tired rock stars” — high-engagement contributors who are at risk of burning out.
  • Guide leaders to see the tired rock stars in their ranks (including, possibly, themselves) and understand them more clearly.
  • Share how leaders can sustainably earn excellence from their talent.
Digital

Speakers:
Jonathan Roberts, Senior Analyst, Forrester

How Primary Drivers Behind Accessibility Statements are Shifting to Attracting and Retaining Talent

Compliance and avoiding lawsuits are no longer the primary driver behind enterprise accessibility statements. This panel will discuss the shift of firms citing that “attracting and retaining talent” as the top driver behind their accessibility commitments. During this session, we will discuss:

  • The myths of providing accommodations, and how to manage an increasing number of requests from employees
  • How companies are personalizing their employee value proposition at scale
  • Why a “one size fits all” approach no longer works and how having a strong, accessible culture can be the difference between a productive employee base vs. an unsatisfied one.
Digital

Speakers:
Sarah Bernard, Co-Founder and Chief Operating Officer, Inclusively
Charlotte Dales, Co-Founder and CEO, Inclusively
Gina Bhawalkar, Principal Analyst, Forrester

Resilience, Growth Mindset And Self-Care: A Leadership Journey

A personal & professional journey that has seen this Product Leader succeed across multiple industries, geographies and at the intersection of technological & business disruption. In this fireside chat, Ash Mukherjee will discuss with Monica Carlesso how she has grown as leader by embracing curiosity and displayed grit to open to be constantly out of the comfort zone, yet has learnt how self-care is key to leadership and a sustainable growth. Modern leadership is about embracing change and dichotomies, both as strategic business levers but also to lead compassionately through massive societal changes and Monica will share her story with Ash.

During this session, we will discuss:

• A product leader’s journey across different industries and geographies, exploring challenges and implications

• How to overcome the bumps of a growth journey with curiosity, grit and self-care.

Digital

Speakers:
Monica Carlesso, Head of Product Identity & Authentication , Lloyds Banking Group
Ash Mukherjee, Solution Partner, Forrester

Security & Risk · November 14 – 15, 2023 · Washington, D.C. & Digital