Security & Risk Summit

Deconstruct The Now And Next Of Cybersecurity Threats To Prepare Your Security Program

AI is reshaping the threat landscape, security budgets are constrained, and a chaotic political landscape and trade wars are resulting in isolationism. Today’s defenses struggle against tomorrow’s emerging threats, and future vulnerabilities loom. Security leaders must deal with the present and plan for the future. In this session, you will learn how to:

Act decisively to structure your security program around current and emerging threats.
Respond with pragmatism and agility to the evolving threat landscape.

Speakers:
Tope Olufon, Sr Analyst, Forrester

In Trust We Build: Balancing Risk And Realizing AI’s Potential

Just like the world of fashion, risk management must constantly reinvent itself to keep up with changing trends and dynamics. Today’s business reality is that AI is not a fad, it’s the new couture — bold, complex, and constantly evolving. To keep pace, risk pros must shed their one-size-fits-all approach in favor of a well-tailored risk management program designed for fit and function. Join this session to:

Preview the runway of factors continuing to shape risk management in a world with AI.
Learn how to tailor your approach to balance opportunity with strategic risk taking and value protection.

Speakers:
Alla Valente, Principal Analyst, Forrester

The Role Of AI In Zero Trust Architectures

Even as Zero Trust has matured, implementation, integration, and operational complexity have remained. Issues ranging from consistent policy definition and implementation to policy decision point fragmentation to real-time enforcement can stymie Zero Trust initiatives. Opportunities to use general purpose and vendor-specific AI to resolve these issues abound. Join this session to learn about:

Important gaps in Zero Trust components and protocols.
Where to use genAI and AI agents to address those gaps.

Speakers:
James Plouffe, Principal Analyst, Forrester

How AI Agents Are Fundamentally Changing Security Operations

Security operations is facing its biggest shift in a decade: the introduction of AI agents. AI agents are changing the detection and response process, and, as a first step, will reduce investigation times. That said, there’s more to what AI agents will bring to security operations than just speeding up investigation and triage. In this session, we will delve into:

Where generative AI features are showing the most value for security operations.
What emerging generative AI features are changing incident response.
How to build homegrown generative AI capabilities for your SOC.

Speakers:
Allie Mellen, Principal Analyst, Forrester

Convergence, Consolidation And Context: The Future Of Identity Security

Identity is a key target for attackers but also a prime component around which organizations build and sustain compelling customer relationships and experiences. This session will discuss the current state of identity and provide insights around how organizations can successfully defend against emerging identity threats while simultaneously optimizing user experience. Join this session to:

Understand how AI is improving identity and access management program effectiveness and efficiency.
Learn what key identity attack vectors are emerging.

Speakers:
Merritt Maxim, VP, Research Director, Forrester

A Deep Dive Into Securing The Software Supply Chain

After years of loosely coupled solutions, application security platforms have arrived. These platforms unify data, analytics, and management, offering bundled pricing and streamlined operations. Whether it’s a pre-release application security platform or a web application protection platform, security leaders must decide whether to trade their point solutions for platforms with strong cross-context and consistent user experience. Attendees will learn about:

The rise of application security platforms, including key components and likely adjacencies, buying trends, and what to look for in a platform.
When to augment an application security platform with specialized point solutions to address specific needs.

Speakers:
Sandy Carielli, VP, Principal Analyst, Forrester
Janet Worthington, Senior Analyst, Forrester

12:10 pm – 12:40 pm ET

Case Study Sessions

Join case study sessions to hear real-world stories, solutions and insights leveraging the best in today’s security, risk, and privacy solutions.

12:40 pm – 1:40 pm ET

Lunch & Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

12:40 pm – 1:40 pm ET

Executive Leadership Exchange (Invite Only): Exclusive Networking Lunch

Establish connections with like-minded peers and Forrester experts as you trade insights on your approaches to the most pressing topics for technology, data, and AI leaders.

Speakers:
David Levine, VP, Executive Partner, Forrester

1:40 pm – 2:25 pm ET

Executive Leadership Exchange (Invite Only): Mastering An Effective Executive Tabletop Exercise

In this Executive Leadership Exchange session, we’ll explore the art and science of planning and running an effective executive-focused tabletop exercise. Throughout the discussion, we’ll weave in lessons learned and tips and tricks. Attendees will learn:

The right tabletop exercise for the right audience.
Communication, delivery, and structure.
The after-action report.

Speakers:
David Levine, VP, Executive Partner, Forrester

1:40 pm – 2:25 pm ET

Breakout Sessions

The $10M Question: A Materiality Drill for Execs

Breach disclosure mandates from regulatory bodies worldwide are placing pressure on CISOs, executives, and counsel to determine materiality and report — often while the breach is not yet contained. To meet stringent disclosure timelines, cool heads and refined processes must prevail. This session will immerse participants in an interactive breach scenario, helping security leaders to:

Understand the critical inputs and roles and responsibilities required to assess materiality as defined by the regulatory requirements under which your organization operates.
Practice the nuanced, high-stakes decision-making and cross-functional coordination required for effective breach reporting and response.

Speakers:
Jess Burn, Principal Analyst, Forrester

GRC Engineering: Jailbreak Your GRC Strategy

GRC programs often feel like locked systems — rigid, slow, and resistant to change. By contrast, GRC engineering acts as a “jailbreak,” leveraging automation, AI, and real-time monitoring to transform compliance from a static checklist into a dynamic risk engine. This session explores how GRC engineering will level up and simplify your continuous control monitoring approach. Join this session to:

Discover how to apply GRC engineering principles to “unlock” scalable, adaptive GRC.
Identify immediate steps to replace manual processes with automated, evidence-based controls.

Speakers:
Cody Scott, Senior Analyst, Forrester

Establish Your Governance Framework For Zero Trust Architecture

A successful Zero Trust governance framework requires a three-pronged approach — strategic, operational, and tactical — to ensure consistent security and policy enforcement across complex environments. This session will explore how to harmonize these three layers for scalable, resilient, and adaptable governance. Attendees will learn how to:

Define strategic vision, policies, and compliance requirements that align Zero Trust with business goals, supported by standardized processes and adaptive controls.
Develop technical strategies to integrate key technologies across Zero Trust domains.

Speakers:
Carlos Rivera, Senior Analyst, Forrester

Operationalizing Threat Intelligence

From IOCs to TTPs, not all threat intelligence delivers equal value when it comes to enhancing detection capabilities. This session will unpack the operational realities of threat intelligence and explore why most detection capabilities rely on tactical feeds — despite their limited ability to anticipate future threats or detect zero-day activity. This session will help you:

Understand the limits of threat intelligence and detection tools and identify common challenges in integrating threat intelligence into detection workflows.
Gain clarity on the role of priority intelligence requirements in aligning threat intel with organizational risk priorities.

Speakers:
Jitin Shabadu, Analyst, Forrester

The Secret(s) Life of Machine Identities

As machine identities proliferate across cloud-native environments, managing their secrets — keys, tokens, and certificates — has become a critical security challenge. This session explores the hidden lifecycle of machine identities, the risks of unmanaged secrets, and best practices for securing them at scale. In this session, attendees will:

Understand the business risks of unmanaged machine identities and secrets sprawl.
Learn how to apply modern secrets management approaches that support automation, governance, and compliance.

Speakers:
Geoff Cairns, Principal Analyst, Forrester

Application Security In The Age Of AI Generated Code

As AI-powered coding solutions advance at breakneck speed, they are not only transforming the role of developers but also reshaping the security landscape. Although AI-generated code promises a revolution in software development, it also introduces a new frontier of risks. In this session, we will examine how autonomous coding solutions and application generation (AppGen) are impacting application security, explore the unique vulnerabilities introduced by AI-generated code, and discuss strategies to secure applications in this rapidly evolving ecosystem. In this session, attendees will:

Gain insights into the latest advancements in autonomous coding solutions and AppGen from an application development perspective.
Understand today and tomorrow’s security challenges posed by AI coding solutions and how to adapt security practices.

Speakers:
Janet Worthington, Senior Analyst, Forrester
Christopher Condo, Principal Analyst, Forrester

2:35 pm – 3:05 pm ET

Case Study Sessions

Join case study sessions to hear real-world stories, solutions and insights leveraging the best in today’s security, risk, and privacy solutions.

3:15 pm – 3:45 pm ET

Breakout Sessions

Design An Adaptable, Resilient, AI Ready Security Organization

Cybersecurity organizational structures are undergoing a significant evolution, as cybersecurity functions work to align with shifting business goals, AI and digital innovation, regulatory demands, and stakeholder expectations. This means rethinking how teams are structured, capabilities are developed and how security engages with both technology and business stakeholders. Join this session to ensure that your organizational structure:

Considers the significant design principles and parameters required in the midst of chaos.
Balances risk management with business agility and innovation and resilience.
Aligns to and scales with your security, trust, business and AI adoption ambitions.

Speakers:
Madelein van der Hout, Senior Analyst, Forrester

Navigate The Conflicting Regulatory Landscape

Organizations struggle with navigating the regulatory landscape, contradicting regulatory philosophies, and globally varied approaches. As the rules-based global order fragments, investing in capabilities to assess the impact of new regulation and understand its impact on your organization becomes mandatory. Join this session to understand how risk pros can:

Use regulatory technology solutions to complement GRC technologies to help navigate regulatory complexity.

Develop risk intelligence capabilities to assess regulatory changes and determine impact.

Speakers:
Paul McKay, VP, Principal Analyst, Forrester

Flex Your Privacy Toolkit To Enable AI Data Use

Assessing, mitigating, and monitoring privacy risks is critical to enable ethical data use for AI projects. From risk impact assessments (PIAs) to synthetic data and key governance processes — this session will show you how to flex your existing privacy toolkit for ethical AI data use. Attendees will learn how to:

Leverage privacy‑preserving techniques (e.g., anonymization, DPIAs, synthetic data) to mitigate privacy risks at different stages of the AI lifecycle.
Operationalize a structured, proactive privacy risk‑management approach.

Speakers:
Enza Iannopollo, VP, Principal Analyst, Forrester

Incident Response For Insider Threats

From disgruntled data exfiltration to deepfaked developers, insider threat presents a unique challenge to organizations, one that requires a different and discrete response across multiple functions. This session will detail the essential elements of insider threat response and help you:

Define an escalation path for insider incidents.
Clarify roles and responsibilities between security, legal, HR, and third parties during an insider incident.

Speakers:
Joseph Blankenship, VP, Research Director, Forrester
Jess Burn, Principal Analyst, Forrester

Using IAM To Manage And Govern Agentic AI

Agentic AI is here and brings with it identity and access management (IAM) opportunities and challenges. This session will highlight key use cases and their solutions in managing authentication and authorization between human and non-human users and AI agents, as well as between AI agents and backend data sources and apps. Join this session to learn:

How to build a repeatable and secure access policy enforcement framework for AI agents.
How to use AI agents for IAM administration and access reviews.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

Demystifying AI Red Teaming

AI red teaming is no longer optional — it is essential. As generative AI reshapes enterprise risk, security leaders must evolve their testing strategies. This session demystifies AI red teaming, blending offensive security with safety, bias, and reputational risk assessments. Learn how to structure engagements that deliver actionable insights and satisfy regulatory, stakeholder, and customer demands. Join this session to:

Understand the two dominant AI red teaming approaches, when to use each, and how to embed AI red teaming across the development lifecycle for continuous assurance.
Explore how agentic testing and multimodal threats reshape adversarial simulations.

Speakers:
Jinan Budge, VP, Research Director, Forrester

3:15 pm – 4:15 pm ET

Workshop: Leading Through Challenging And Changing Times

Each year, the pace of change seems to accelerate. As organizations evolve and security teams respond to a chaotic threat, technological, budgetary, and regulatory environment, many security leaders will need to activate and sustain the energy required to drive the change successfully. Join us in this interactive workshop to discuss:

How to get your stakeholders and teams to be excited and enthusiastic about change initiatives.
How to overcome change resistance.
Share and learn from others to improve your change leadership skills.

Speakers:
Jinan Budge, VP, Research Director, Forrester

3:45 pm – 4:35 pm ET

Marketplace Coffee Break & Networking (In-Person Only)

4:35 pm – 4:50 pm ET

Welcome Back

Speakers:
Amy DeMartine, VP, Research Director, Forrester

4:50 pm – 5:20 pm ET

Keynote: 2025 Security And Risk Enterprise Leadership Award

Welcome to the highly anticipated Forrester Security & Risk Enterprise Leadership Award, the only assessment dedicated to recognizing excellence in security, privacy, and risk strategy, integral to building a trusted and resilient business. In this session, we will hear from this year’s award winner on how they continually build trust with customers, employees, and partners.

Speakers:
Joseph Blankenship, VP, Research Director, Forrester

5:20 pm – 5:50 pm ET

Keynote: Fairy Tales In Proactive Security - From Fantasy To Framework

In a world where digital chaos and proactive defenses evolve hand in hand, security leaders must continuously anticipate threat playbooks and implement safeguards that put attackers to rest. This keynote charts the expedition of vulnerability management into proactive security programs, empowering security leaders to anticipate, adapt, and ascend resilience in an era of threats where AI is both a burden and a resource. Attendees will leave the session with:

A roadmap for their proactive security program that includes advice on what they can start doing today and what they can start preparing for.
An understanding of how proactive defenses will evolve alongside shifting threat landscapes.

Speakers:
Erik Nost, Senior Analyst, Forrester

5:50 pm – 6:00 pm ET

Closing Remarks

Speakers:
Amy DeMartine, VP, Research Director, Forrester

6:00 pm – 7:00 pm ET

Reception

Join us in the Marketplace for an opening night reception full of networking, fun, food and refreshments.

Friday Nov 7

9:00 am – 9:10 am ET

Welcome Back

Speakers:
Amy DeMartine, VP, Research Director, Forrester

9:10 am – 9:40 am ET

Keynote: From Launchpad To Liftoff - Continuous Risk Management In Flight

Most GRC programs are stuck in “risk theater.” They prioritize compliance yet struggle to partner with the business and prevent foreseeable risk events. Forrester’s Continuous Risk Management Model offers a better path forward. This keynote session will take you from launchpad to liftoff by operationalizing the model through clear process steps and real-world examples. Learn how to ignite your risk program and transform it into a proactive force to guide the business. Attendees will learn:

How to interpret the end-to-end process of continuous risk management, including key inputs, activities, outputs, and stakeholders to consider.
How to tailor the Continuous Risk Management Model to your organization by aligning it to the pursuit of value.

Speakers:
Cody Scott, Senior Analyst, Forrester

9:40 am – 10:10 am ET

Keynote: Keynote: Quantum Security - Conquering The Next Cryptographic Frontier

What if you can’t trust what you see in front of you? Quantum computing poses a growing threat to today’s cryptographic foundations, from harvest-now-decrypt-later attacks to the potential collapse of digital signatures that underpin the trust fabric of the internet. This keynote will outline the evolving quantum risk landscape and offer a path forward to assessing your risk and developing a plan for action. Attendees will learn:

Why collaboration across technology, business, risk, and security domains is essential to develop a resilient quantum migration strategy.
How to assess exposure, prioritize systems based on risk, and begin the journey toward quantum-safe security.

Speakers:
Sandy Carielli, VP, Principal Analyst, Forrester

10:15 am – 11:05 am ET

Marketplace Coffee Break & Networking (In-Person Only)

10:35 am – 11:35 am ET

Workshop: Mature And Justify Your Security Program With Forrester's Information Security Maturity Model

Security leaders have long used maturity assessments to assess their security programs and set future roadmaps and strategies. Join this workshop to learn how the maturity assessment approach is evolving and how CISOs are using cyber risk quantification to complement their approach. Attend this workshop to:

Learn how to use a maturity assessment framework to assess your security program and chart improvements.
Learn how maturity assessments can be complemented with cyber risk quantification to further hone focus on investments that address the critical risks to an organization.

Speakers:
Paul McKay, VP, Principal Analyst, Forrester
Ron Woerner, Senior Consultant, Forrester

11:05 am – 11:35 am ET

Breakout Sessions

An Old Problem In A New World: How To Talk To Boards About The Impact Of Emerging Technologies

Emerging technologies like Generative AI, post-quantum security, and agentic AI are reshaping the cybersecurity landscape — as well as the CISO’s role in the boardroom. Learn how to frame innovation as both opportunity and threat, and guide your board through the duality of emerging tech. Join this session to:

Translate emerging technologies impact into board-relevant narratives.
Align cybersecurity strategy with enterprise-wide innovation.
Empower board-level governance of AI, IoT, and beyond.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

In Trust We Build: Balancing Risk And Realizing AI’s Potential

In today’s AI-driven world, trust is essential — not optional. As organizations adopt powerful AI systems, managing risk, ensuring fairness, and embracing transparency are critical. But true success lies in building trust while pursuing innovation and growth. This session explores how trustworthy AI enables companies to balance the risks of harm with the risks of missed opportunity. In this session, attendees will:

Understand the dynamics shaping trust in AI.
Learn how successful companies approach and operationalize trustworthy AI.

Speakers:
Enza Iannopollo, VP, Principal Analyst, Forrester

CNAPP Primer

Cloud-native application protection program (CNAPP) solutions play a critical role in protecting cloud workloads at build time, ongoing configuration, and runtime. This session looks at the evolution of CNAPP areas, including IaC scanning, CSPM, CIEM, cloud workload protection. and container security. In this session, attendees will learn:

What CNAPP components end-user organizations use today and what they will use in the next 12 to 24 months.
The benefits of using cloud infrastructure native, third-party platform, or specialist CNAPP solutions.

Speakers:
Andras Cser, VP, Principal Analyst, Forrester

Build Resilience With Proactive And Offensive Security Collaboration

Effective security teams don’t wait for breaches before improving, they hunt them and level up. This session demonstrates how red teaming, threat hunting, and adversary emulation techniques can be operationalized and turned into a strategic advantage. In this session, you will learn how to:

Create testing plans tailored for your organization and use offensive security techniques to resist security stagnation.
Weaponize offensive intelligence to evolve tailored testing plans, detection logic, and policy creation.

Speakers:
Erik Nost, Senior Analyst, Forrester
Tope Olufon, Sr Analyst, Forrester

Mastering Change Management for IAM Success

IAM success depends on more than just technical execution — it requires strategic change leadership. Focused on the human dimension of IAM, this session offers practical insights to promote enterprise identity security culture through the common language of business value. In this session, attendees will learn:

How to drive identity program alignment and secure stakeholder buy-in.
How to overcome user and organizational resistance.

Speakers:
Geoff Cairns, Principal Analyst, Forrester

A Deep Dive Into Securing The Software Supply Chain

As software supply chain security becomes a critical priority for organizations worldwide, the need for actionable, detailed strategies has never been greater. From selecting trusted vendors to ensuring secure development practices and maintaining operational integrity, we will explore how to identify risks at each link in the chain and take the technical and procedural measures needed to protect software ecosystems from emerging threats. Attendees will:

Dive into the technical and operational nuances of securing the software supply chain from the different perspectives of software chooser, producer, and operator.
Learn detailed steps for implementing secure practices including case studies across the lifecycle of software procurement, development, and deployment.

Speakers:
Janet Worthington, Senior Analyst, Forrester

11:45 am – 12:15 pm ET

Case Study Sessions

Join case study sessions to hear real-world stories, solutions and insights leveraging the best in today’s security, risk, and privacy solutions.

12:15 pm – 1:15 pm ET

Lunch & Marketplace Break (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

1:00 pm – 2:00 pm ET

Workshop: Align And Clearly Communicate Your Security Strategy

An effective cybersecurity strategy is built on several foundational elements that work together to protect an organization’s data, assets, and reputation — and adopted on the ability of the security leader to align it with what matters to the business and effectively communicate it. In this interactive workshop, you will use Forrester security strategy templates to kick start your strategy refresh and:

Use Forrester’s CISO Strategic Canvas template to understand what is needed for an aligned strategy that anticipates where the business is going and how security empowers it to get there.
Use Forrester’s Security-Strategy-On-A-Page template to develop a first-draft mission statement, purpose statement, and vision statement to refine with your team and stakeholders.

Speakers:
Jess Burn, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester

1:15 pm – 2:00 pm ET

Breakout Sessions

Shift From Talk To Action: Chart Your Human Risk Management Roadmap

Forrester introduced human risk management (HRM) solutions, which help understand and improve employees’ security behavior, influence it in the right way at the right time, and use technology to adapt and protect them, fostering a positive security culture. To adopt HRM successfully, you must move beyond nomenclature to execution. Join us in this session and learn:

The mindset, strategy, and technology needed for implementing HRM.
How to build a clear HRM roadmap to drive meaningful change.

Speakers:
Jinan Budge, VP, Research Director, Forrester

From Achilles Heel To Strategic Advantage: TPRM Reimagined

Risks stemming from third parties are not just making headlines, they’re resulting in epic business disruption, revenue loss, and an odyssey of litigation. And as third-party ecosystems grow exponentially, threat actors continue to refine their craft. Yet third-party risk management (TPRM) remains a blind spot that companies continue to struggle with. Regulators are not coming to the rescue; it’s time to be your own Greek hero by reimagining TPRM. Attendees will learn how to:

Distinguish between due diligence, third-party cyber risk, and holistic TPRM programs and tools.
Mature your TPRM program with the five Ps: profile, posture, process, planning, and performance.

Chart A Path To Defining Data Sensitivity (Discovery and Classification)

Defining the data you must protect is a foundational capability, yet one of the more difficult challenges, for data security. Efforts to discover and classify sensitive data across an organization stall, fail, and repeat. Confusion and misalignment with data governance and data catalogs run rampant. The business drivers, approaches, and technologies are advancing toward a tipping point for change. Join this session to:

Discover a vision for the future state of defining data sensitivity.
Understand how to approach the organizational and technology barriers in the maturity journey.
Learn how to make the business case for sensitive data discovery and classification today.

Speakers:
Heidi Shey, Principal Analyst, Forrester

Protecting The Global Workforce In A Geopolitically Risky World

Geopolitical disruptions will impact your operations no matter how much you try to keep your company apolitical. You must ensure you have protected your business and most importantly, your workforce, no matter where they are. This session aims to provide you with:

The scope of the risks your employees are facing.
How traditional security leaves gaps in your defenses.
Processes and tools to resolve your challenges.

Speakers:
Paddy Harrington, Senior Analyst, Forrester

Deepfake Defense By Design

Deepfakes are becoming increasingly sophisticated and much harder to detect, creating new risks for organizations that could lead to increased fraud, financial losses, and data theft. As organizations move toward more digital-only interactions, aggressive deepfake defenses can create negative customer experiences for legitimate customers. This requires security leaders to understand the technological aspects behind creating deepfakes and how to defend against them in ways that do not negatively affect customer experience. Join this session to:

Learn the future and current trajectory of deepfakes.
Understand how to defend against deepfakes.

Speakers:
Merritt Maxim, VP, Research Director, Forrester
Geoff Cairns, Principal Analyst, Forrester
Andras Cser, VP, Principal Analyst, Forrester