Agenda
There are no results for this filter set. Try refining to see more options.
Bold Starts: Monday
Dec 9- 2:00 pm – 4:30 pm ET Forrester Women's Leadership Program (Pre-Registration Required)
- 4:45 pm – 6:00 pm ET Level-Up Workshop: Build Your Zero Trust Roadmap (Pre-Registration Required)
- 4:45 pm – 6:00 pm ET Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools (Pre-Registration Required)
- 6:00 pm – 7:00 pm ET Welcome Reception
- 6:00 pm – 7:00 pm ET Executive Leadership Exchange (Invite-Only): Networking Reception: Meet Your Peers
Tuesday
Dec 10- 8:00 am – 9:00 am ET General Breakfast
- 8:15 am – 9:00 am ET Networking Breakfast: Avoid Being Accidentally Offensive (Guys' Guide To Being An Ally)
- 8:15 am – 9:00 am ET Executive Leadership Exchange (Invite-Only): Networking Breakfast
- 9:00 am – 9:30 am ET Welcome & Opening Remarks
- 9:30 am – 9:40 am ET Host Remarks
- 9:40 am – 10:10 am ET Keynote: Data Security Reborn: Pioneering Strategies For AI And Post-Quantum
- 10:15 am – 11:05 am ET Marketplace Coffee Break & Networking (In-Person Only)
- 10:25 am – 11:40 am ET Level-Up Workshop: Measure Your IAM Maturity (Pre-Registration Required)
- 10:30 am – 11:00 am ET Analyst-Led Roundtables (Registration Required)
- 11:05 am – 11:35 am ET Breakout Sessions
- 11:45 am – 12:15 pm ET Case Study Sessions (In-Person Only)
- 12:15 pm – 1:45 pm ET Lunch & Marketplace (In-Person Only)
- 12:15 pm – 1:25 pm ET Lunch & Learn Session (In-Person Only)
- 12:15 pm – 1:45 pm ET Executive Leadership Exchange (Invite-Only): Networking Lunch: Attracting And Retaining Talent In The Age Of Burnout
- 12:15 pm – 1:45 pm ET Analyst Relations Exchange Luncheon (Invite-Only)
- 12:25 pm – 1:25 pm ET Government Lunch Panel: Navigating The Federal Zero Trust Data Security Guide
- 1:45 pm – 2:30 pm ET Breakout Sessions + Ask An Expert
- 2:40 pm – 3:10 pm ET Case Study Sessions (In-Person Only)
- 3:20 pm – 3:50 pm ET Breakout Sessions
- 3:20 pm – 4:35 pm ET Level-Up Workshop: Thwarting Social Engineering: A Balancing Act (Pre-Registration Required)
- 3:50 pm – 4:35 pm ET Marketplace Coffee Break & Networking (In-Person Only)
- 4:00 pm – 4:30 pm ET Analyst-Led Roundtables (Registration Required)
- 4:35 pm – 5:05 pm ET Keynote: Security & Risk Enterprise Leadership Award
- 5:05 pm – 5:35 pm ET Keynote: The Continuous Risk Revolution Is Here. Down With The Three Lines Of Defense!
- 5:35 pm – 5:40 pm ET Closing Remarks
- 5:40 pm – 6:40 pm ET General Reception
- 7:30 pm – 9:30 pm ET Executive Leadership Exchange (Invite-Only): Dinner at the Capital Grille
Wednesday
Dec 11- 8:00 am – 9:00 am ET General Breakfast
- 8:15 am – 9:00 am ET Veteran’s Breakfast
- 9:00 am – 9:10 am ET Welcome Back
- 9:10 am – 9:40 am ET Keynote: Mastering the Human Element
- 9:40 am – 10:10 am ET Keynote: From Fragile To Agile: Reimagining Software Supply Chain Security
- 10:15 am – 11:05 am ET Marketplace Coffee Break & Networking (In-Person Only)
- 10:25 am – 11:40 am ET Level-Up Workshop: Transform Your Collaboration Efforts To Protect OT Environments (Pre-Registration Required)
- 10:20 am – 10:50 am ET Analyst-Led Roundtables (Registration Required)
- 11:05 am – 11:35 am ET Breakout Sessions
- 11:40 am – 12:10 pm ET Case Study Sessions (In-Person Only)
- 12:10 pm – 1:25 pm ET Lunch & Marketplace (In-Person Only)
- 12:10 pm – 1:25 pm ET Security & Risk Summit Certification: Wrap-Up Lunch (Invite-Only)
- 12:10 pm – 2:10 pm ET Level-Up Workshop: Take Tactical Steps To Adopt Proactive Security (Pre-Registration Required)
- 12:20 pm – 1:15 pm ET Executive Leadership Exchange (Invite-Only): Lessons and Perspectives from an Industry-Leading CISO
- 1:25 pm – 2:10 pm ET Breakout Sessions + Ask An Expert
- 2:20 pm – 2:50 pm ET Keynote: Predictions 2025
- 2:50 pm – 3:00 pm ET Closing Remarks
Bold Starts: Monday Dec 9
Forrester Women's Leadership Program (Pre-Registration Required)
To Propel Your Career In Security & Risk, Choose Your Advisers And Nuggets Of Advice Wisely
The torrent of well-meaning advice from colleagues, mentors, training sessions, and events is enough to give anyone a headache. So, we all need techniques to distinguish the transformative insights from the mere noise. This is crucial in our fast-evolving field of security & risk. Whether it’s about navigating workplace dynamics, mastering new technology, or developing cutting-edge strategies, the quality of advice you heed can significantly influence your trajectory. In this multipart collaborative session, together we will:
- Select the best advisers for your situation: You don’t need a single mentor — you need different advisers for different situations.
- Separate good advice from bad: Our panel will share the best pieces of career advice they’ve received, of course. And they’ll also expand on the “value” of bad advice — because sometimes, not following it (or doing the opposite!) can be your best decision.
- Navigate together: Learn from each other as attendees contribute their own best and worst pieces of advice.
The Forrester Women’s Leadership Program will:
- Build community.
- Inspire change.
- Drive advancement.
- Foster allyship and individual empowerment.
- Facilitate meaningful connections.
Speakers:
Laura Koetzle, VP, Group Director, Forrester
Amy DeMartine, VP, Research Director, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
Tameika Turner, Senior Cybersecurity Program Manager, NNSA
Faye Dixon-Harris, Managing Director, Federal Home Loan Bank
Judith Conklin, CIO, Library of Congress
2:00 PM | Arrival, Coffee, Networking
2:10 PM | Opening Remarks
Speakers:
Amy DeMartine, VP, Research Director, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
2:20 PM | Roundtable Discussions
Speakers:
Laura Koetzle, VP, Group Director, Forrester
2:50 PM | Panel: Here’s How To Select The Best Career Advice To Follow
When you’re at a career crossroads, you’ll receive lots of conflicting advice, and it can be very difficult to separate the gems from the duds. And this problem is compounded for women, because well-meaning advisors often make assumptions about how they’d like to balance work and family. For this session, we’ve assembled a fantastic panel of senior Security & Risk leaders to share the best (and worst!) career advice they’ve received, and how they approach giving career advice. Here’s what you’ll take away from this session if you join us:
- How to choose the right people to get career advice from
- How to frame your career challenge so that you get the most useful answers from your advisors
- How to tell good advice (for you!) from bad
Speakers:
Laura Koetzle, VP, Group Director, Forrester
3:30 PM | Break
3:40 PM | Community Roundtables
4:10 PM | Share back with the group
4:25 PM | Program Wrap-Up
Speakers:
Amy DeMartine, VP, Research Director, Forrester
4:30 PM | Close
Level-Up Workshop: Build Your Zero Trust Roadmap (Pre-Registration Required)
This workshop will help attendees build a comprehensive roadmap to implement a Zero Trust strategy. Attendees will:
- Define clear objectives and prioritize business initiatives, ensuring alignment with organizational goals and security needs.
- Conduct current-state assessments to evaluate existing posture and identify gaps, as well as prioritize critical initiatives.
- Create a practical roadmap that balances robust security with operational efficiency, fostering collaboration and breaking down organizational silos for a unified approach to Zero Trust implementation.
Speakers:
Peter Cerrato, Principal Consultant, Forrester
Tope Olufon, Sr Analyst, Forrester
Carlos Rivera, Senior Analyst, Forrester
Ron Woerner, Senior Consultant, Forrester
Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools (Pre-Registration Required)
This workshop, part of Forrester’s Summit-exclusive Certification program, will cut through the hype to focus on AI tools and use cases that will improve your security operations and build resilience. By participating in this hands-on workshop, begin completing the requirements for the Forrester Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools. The program is designed for attendees to:
- Gain deeper knowledge of what generative AI is and how you can use it effectively in your organization today.
- Harness the potential of AI for the future.
- Understand how to enable your team to gain efficiencies with AI.
To earn a certification credential with Forrester, attendees must fulfill the following completion requirements:
- Attend the Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools on December 9, 4:45–6:00 pm EST.
- Attend two keynote sessions.
- Attend three breakout sessions.
- Attend one analyst-led AI roundtable discussion on December 11, 10:20—10:50 am EST.
- Attend the wrap-up lunch on December 11, 12:20—1:15 pm EST.
- Complete the certification reflection workbook.
Speakers:
Allie Mellen, Principal Analyst, Forrester
Amanda Lipson, Research Associate, Forrester
Jenna Wohead, Director, Product Management, Forrester
Welcome Reception
Join us for refreshments and light appetizers. All registered attendees are welcome.
Executive Leadership Exchange (Invite-Only): Networking Reception: Meet Your Peers
Join us for a pre-conference reception where you can network with Forrester experts and industry peers who will be part of the ELE program throughout the event.
Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester
Tuesday Dec 10
General Breakfast
Networking Breakfast: Avoid Being Accidentally Offensive (Guys' Guide To Being An Ally)
Talk to most guys in cybersecurity and they’ll tell you they are all for diversity, equity, and inclusion. Even with this sentiment, our industry still lacks diversity. This session will confront the “accidental toxicity” problem that lurks in cybersecurity and offer tangible advice on fixing it and making the industry an inviting environment for all people, voices, and perspectives.
Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester
Laura Koetzle, VP, Group Director, Forrester
Executive Leadership Exchange (Invite-Only): Networking Breakfast
Start the day with a nourishing meal, the company of your fellow ELE participants, and an overview of the day ahead.
Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester
Host Remarks
Speakers:
Joseph Blankenship, VP, Research Director, Forrester
Amy DeMartine, VP, Research Director, Forrester
Keynote: Data Security Reborn: Pioneering Strategies For AI And Post-Quantum
Data security today is overhyped and nebulous. A deliberate approach to data security is elusive for many organizations. Forces like AI and post-quantum threats up the ante, while the journey to improve Zero Trust maturity requires advancing core data security capabilities and controls. Reimagine and advance your data security program:
- Reconceptualize the scope of what constitutes sensitive data today.
- Bring clarity to the data risks that require mitigating controls.
- Define data-centric security capabilities and controls.
Speakers:
Heidi Shey, Principal Analyst, Forrester
Marketplace Coffee Break & Networking (In-Person Only)
Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.
10:20 am – 10:30 am - OneTrust Spotlight: Data-Driven Third Party Resilience: Risk-Aware Decision-Making In Third-Party Management Session
Amidst growing regulatory pressure, a rapidly evolving threat landscape, and a global uptick in third-party risk and disruption, resiliency has never been more top of mind for boards, CISOs and third-party risk practitioners. Learn how to leverage best-in-class third-party risk data to augment and scale your program, and move risk-aware decision-making to the center of your third-party risk management processes.
Speakers:
Andrew Dorminey, Solutions Engineer, OneTrust
10:35 am – 10:45 am - Onspring: TPRM — Everything You Need To Know To Protect Your Organization
Third parties inherently create risk — especially when you consider that many of your vendors are unlikely to follow the strict security you have meticulously designed for your organization. To add to this, the average organization has 182 vendors connected to their systems each week, and 60% of organizations feel underprepared to perform due diligence on their vendors. Even more concerning, 57% of businesses aren’t confident that their vendor management policies would prevent a data breach.
Speakers:
Bobby Hinsdale, Sr. Sales Engineer, Onspring
10:50 am – 11:00 am - Axonius: Minimize Your Attack Surface Exposure With Axonius
As your organization grows, the sprawl of technology assets across devices, identities, applications, and infrastructure is inevitable. With a growing attack surface comes an ever-expanding exposure gap that needs continuous assessment and protection. Join us for a live demo to see how Axonius helps you find and fix meaningful threat exposure from all angles with a holistic approach to asset intelligence across your entire IT footprint.
Speakers:
Brian Freedman, Technical Channel Leader, Axonius
Level-Up Workshop: Measure Your IAM Maturity (Pre-Registration Required)
In today’s digital world, identity-centric security is crucial. An effective identity and access management (IAM) program plays an instrumental role, not only in defending against increasingly sophisticated cyberthreats but also in enhancing user experience and improving business agility. This interactive workshop will provide security leaders with:
- Insights to key elements of a modern IAM program.
- An executive-level IAM program maturity assessment.
- Best practices for developing a business-driven IAM program.
Speakers:
Geoff Cairns, Principal Analyst, Forrester
Analyst-Led Roundtables (Registration Required)
Expertly curated by our analysts, these 30-minute roundtables foster vibrant discussions among peers on trending topics. Held during breaks, they offer a prime opportunity for networking and knowledge sharing. Registration required.
Attend one session:
New Requirements, New Challenges
How can government orgs take advantage of updated frameworks like NIST CSF 2.0 and CMMC 2.0 to better mitigate security risk?
Speakers:
Cody Scott, Senior Analyst, Forrester
Carlos Rivera, Senior Analyst, Forrester
Who Is Watching OT?
This discussion will center around how to monitor security alerts from the OT environment.
Speakers:
Brian Wrozek, Principal Analyst, Forrester
Compliance
Speakers:
Alla Valente, Senior Analyst, Forrester
Paul McKay, Vice President, Principal Analyst, Forrester
Breakout Sessions
Case Study Sessions (In-Person Only)
Hear real-world case studies showcasing the value of partnering with the right security and risk provider.
Attend one session:
Bitsight: Schneider Electric Case Study: Securing OT, Protecting Critical Infrastructure, And Reducing Our Customers’ Risk
In an era of rising cyber threats, Schneider Electric leads the charge to secure operational technology and protect vital infrastructure. This presentation uncovers the powerful strategies behind Schneider’s Installed Base Program, a proactive solution that identifies and fixes risks in internet-exposed OT devices before they become liabilities. Partnering with Bitsight for deeper visibility and teaming up with DHS-CISA, Schneider is setting a new bar for OT security. Join this discussion to see how Schneider is not only protecting customer operations but reshaping the future of infrastructure resilience.
Speakers:
Jake Olcott, Vice President of Government Affairs, Bitsight
Patrick Ford, Chief Information Security Officer for Americas Region, Schneider Electric
Coalfire: Navigating Privacy In The Age Of AI: Compliance Challenges In Highly Regulated Environments
This panel discussion delves into the critical privacy challenges arising from the integration of AI within highly regulated information systems. We examine the complexities of maintaining data privacy and security while leveraging AI’s capabilities in environments that must adhere to stringent federal regulations such as FedRAMP, CMMC, and other FISMA frameworks. The panelists will explore the potential privacy risks associated with AI implementation, including data breaches, unauthorized access, and algorithmic bias. Additionally, the discussion will address the need for robust privacy-preserving AI techniques and strategies to ensure compliance with these stringent regulatory frameworks. The panel aims to provide insights and recommendations for organizations navigating the intersection of AI innovation and regulatory compliance in highly sensitive information environments.
Speakers:
Jim Masella, VP Compliance Advisory, Coalfire
Ricky Patrick, VP Global Security Compliance, Equifax
Michael G. Gruden, Counsel, Crowell & Moring LLP
ProcessUnity: Best Practices For Threat And Vulnerability Response And Emergency Assessments
It’s not getting any easier. Every time we turn around, there seems to be another attack or threat that demands our attention. While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful, and distracting. It doesn’t have to be that way.
Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We’ll outline what’s required to prepare in advance so you’re ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we’ll cover the necessary steps and considerations for an effective response plan.
Session attendees will learn:
• How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss.
• How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability.
• How quick-assess campaigns can automatically scope, distribute, and score responses.
Speakers:
Scott West, Vice President, ProcessUnity
ThreatLocker: Ransomware Tales
Beyond the alarming headlines and increasing financial consequences, the prevalence of malicious or weaponized software lurks as an everyday risk. Join ThreatLocker VP Solutions Engineering Ryan Bowman for a deep look at the evolution of ransomware. We’ll explore the real stories of rogue code, the impact of an attack, and how you can protect your organization today.
Speakers:
Ryan Bowman, VP Solutions Engineering, ThreatLocker
Lunch & Marketplace (In-Person Only)
Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.
12:50 pm – 1:00 pm - ThreatLocker: Rubber Ducky Challenge
Risk of data loss and operational disruption can stem from more than the ransomware in news headlines. Witness a live hacking demonstration of a common-looking USB device and learn about physical and digital methods of control to minimize data exfiltration.
Speakers:
Ryan Bowman, VP Solutions Engineering, ThreatLocker
1:05 pm – 1:15 pm - Forrester: Align To Accelerate With Forrester Decisions
As a security & risk leader, you’re expected to solve problems, make decisions, and take action to deliver results in record time, day in and day out. These superpowers come from having a great partner by your side for research and continuous guidance. Come hear how Forrester Decisions helps you tackle your initiatives, deliver outcomes, and prove business value in record time.
Speakers:
Jeff Lash, VP, Global Product Management, Forrester
Lunch & Learn Session (In-Person Only)
This session will have limited capacity and is first come, first served. Lunch will be provided.
Safe Security: Unifying Cyber Risk With GenAI Insights
Join us for an interactive session where industry experts and customers will discuss how genAI is reshaping the way organizations manage cyber risks across various domains. Learn directly from customer experiences on how AI-driven insights have helped consolidate risks from security operations, GRC, and TPRM, leading to faster decision-making and improved resource allocation. This session is perfect for those looking to engage with real-world success stories and best practices.
Speakers:
Nick Sanna, President, Safe Security
Executive Leadership Exchange (Invite-Only): Networking Lunch: Attracting And Retaining Talent In The Age Of Burnout
Sit down for lunch and a fireside chat hosted by Jess Burn to discuss best practices and lessons learned for hiring, developing, and retaining cybersecurity talent amidst a skills and staffing shortage that threatens to burn out practitioners and managers alike.
Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester
Analyst Relations Exchange Luncheon (Invite-Only)
Come together with fellow practitioners in analyst relations (AR) for a meet-and-greet luncheon dedicated to your role. Take a break from the crowd to meet your peers, exchange ideas, and share AR best practices. Forrester will briefly highlight some of the ways we serve AR professionals and take questions from you.
Speakers:
Trish Mirel, Global Director, Analyst Relations Council, Forrester
Chris Andrews, VP Product Management, Forrester
Government Lunch Panel: Navigating The Federal Zero Trust Data Security Guide
Advancing in the data pillar of Zero Trust is crucial in an agency’s journey to improving Zero Trust maturity. However, the data domain demands new practices and the engagement of new stakeholders as Zero Trust requires changes to how we think about data security and data management. Join us for this panel to learn:
- Key insights from the development of the Federal Zero Trust Data Security Guide, a resource to support federal practitioners.
- Anticipated challenges and considerations for how to best use and apply this guide today.
- What to expect next from this guide in future iterations.
Speakers:
Heidi Shey, Principal Analyst, Forrester
Gouri Das, Principal Consultant, Forrester
Steven Hernandez, Federal Co-Chair (United States) & Chief Information Security Officer Council, United States Department of Education
Jason Snyder, CIO - Secretary of EOTSS and CCIO, Office of Technology Services and Security, Commonwealth of MA
Anne Klieve, Management Analyst, Office of Enterprise Integration, United States Department of Veterans Affairs
Breakout Sessions + Ask An Expert
Case Study Sessions (In-Person Only)
Hear real-world case studies showcasing the value of partnering with the right security and risk provider.
Attend one session:
Illumio: Stop The Inevitable Breach With Illumio’s Segmentation Solution
No security prevention architecture will ever be 100% effective. Eventually, even the best-planned barrier will be breached, either from the outside or internally. An “assume breach” mindset needs to exist in parallel with efforts to prevent breaches, and the architecture needs to contain breaches. Zero Trust needs to plan for the unexpected. Learn how Illumio’s industry-leading Zero Trust segmentation solution prevents the inevitable breach from becoming a disaster.
Speakers:
Gary Barlet, Principal Solutions Architect, Public Sector, Illumio
Rocket Software: Fortify Your Mainframe: Real-World Success Stories For Effective Vulnerability Management
The integrity of mainframe data and software is critical in fundamentally securing your business. Understanding mainframe vulnerability management is core to successfully surviving mainframe risks and meeting regulatory requirements. In this session, you will learn how organizations have built strong vulnerability management programs for optimal mainframe risk management. The principal audience for this presentation is individuals responsible for the management, analysis, and disposition of cyber vulnerabilities affecting an organization’s cyber resilience. This includes executives responsible for establishing policies and priorities for vulnerability management; managers and planners responsible for converting executive decisions into plans; and the operations staff that implements the plan and participates in vulnerability disposition.
Speakers:
Cynthia Overby, Director Security, Customer Solutions Engineering, Rocket Software
Ray Overby, Technical Director, Rocket Software
Sandy Campbell, Senior Solutions Architect: Mainframe Solutions, CDW
Safe Security: Redefining Third-Party Cyber Risk Management With GenAI
As cyberthreats evolve, organizations struggle with fragmented views of risks across domains. This session explores how genAI transforms cyber risk management by consolidating data from siloed functions such as GRC, security operations, and TPRM into a unified view. By automating risk assessments and providing real-time insights, genAI enables proactive risk management, enhancing decision-making. Attendees will learn strategies for streamlining cyber risk management efforts, making this session ideal for CISOs and risk managers seeking to manage cyber risk at the speed of the business.
Speakers:
Saket Modi, Co-Founder & CEO, Safe Security
Omar Khawaja, Field CISO, Databricks
Breakout Sessions
Level-Up Workshop: Thwarting Social Engineering: A Balancing Act (Pre-Registration Required)
Attackers prey on your workforce’s better angels – the desire to be helpful and efficient. This opens them up to social engineering attacks like phishing, SMShing, and business email compromise (BEC). Thwarting social engineering attacks means striking the right balance between effective technology, skilled security practitioners, and a human-centric approach to building an empowered security culture across the workforce. This interactive workshop will help security leaders and practitioners:
- Understand security practitioner and workforce needs and motivations.
- Explore strategies for optimizing the synergy between technology and people to protect data and IP.
- Create people and technology “balance sheets” for specific social engineering scenarios.
Speakers:
Jess Burn, Principal Analyst, Forrester
Marketplace Coffee Break & Networking (In-Person Only)
Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.
3:55 pm – 4:05 pm - Recorded Future: Ransomware's Ripple Effect: The Looming Supply Chain Threat
Despite billions invested in security tools, organizations are still vulnerable to increasingly sophisticated and efficient threat actors. Ransomware remains a pervasive threat, with a 68% year-over-year increase in breaches involving a third-party, mostly due to vulnerabilities exploited in ransomware and extortion attacks (Verizon DBIR 2024). To secure the modern supply chain, organizations need to embrace a more proactive approach to vendor monitoring. This talk explores the trends in ransomware attacks, their impact on supply chain security, and the strategies needed to mitigate these risks.
Speakers:
Lizzie Myers, Product Marketing Specialist, Recorded Future
4:10 pm – 4:20 pm - ExtraHop: Evolve Your Ransomware Defense: Why EDR Needs NDR
Attendees will gain a deep understanding of how modern ransomware attacks unfold and the critical roles that Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) play in defending against these threats. They’ll learn how integrating these tools can provide comprehensive visibility, enabling faster detection and mitigation of attacks across the entire network. Additionally, the session will showcase practical, real-world applications of these strategies to stop ransomware in its tracks.
Speakers:
Ariel Smirnov, Technical Marketing Manager,, ExtraHop
4:25 pm – 4:35 pm - ServiceNow: Effective Cyber Risk Management Outcomes from ServiceNow
In this presentation, we’ll explore how Cyber Risk Management from ServiceNow drives effective outcomes through a unified platform and shared data model. Discover how collaborative solutions enhance visibility, response, and risk reduction. We will showcase real-world examples, including an executive dashboard and integration of key products, demonstrating the tangible value customers have achieved. Join us to learn how a cohesive approach to cyber risk management can transform your organization’s resilience and decision-making.
Speakers:
Ben Prime, Sr Advisory Solution Architect, ServiceNow
Analyst-Led Roundtables (Registration Required)
Expertly curated by our analysts, these 30-minute roundtables foster vibrant discussions among peers on trending topics. Held during breaks, they offer a prime opportunity for networking and knowledge sharing. Registration required.
Attend one session:
FI Services Roundtable
Ransomware continues to plague organizations large and small because of aggressive threat actors and challenges with how to implement a comprehensive defense. In this roundtable, we will discuss – and perhaps debate! – the most critical steps your organization must take to defend more effectively against ransomware.
Speakers:
Andras Cser, VP, Principal Analyst, Forrester
Tracy Woo, Principal Analyst, Forrester
How To Survive A ransomware Attack
Ransomware continues to plague organizations large and small because of aggressive threat actors and challenges with how to implement a comprehensive defense. In this roundtable, we will discuss – and perhaps debate! – the most critical steps your organization must take to defend more effectively against ransomware.
Speakers:
Allie Mellen, Principal Analyst, Forrester
Climate on Record: Tools To Manage Sustainability Data, Climate Risk and Reporting
Identifying the right sustainability data management platforms and services to navigate sustainability reporting.
Speakers:
Abhijit Sunil, Senior Analyst, Forrester
Keynote: Security & Risk Enterprise Leadership Award
Welcome to the highly anticipated Forrester Security & Risk Enterprise Leadership Award, the only assessment dedicated to recognizing excellence in security, privacy, and risk strategy, integral to building a trusted and resilient business.
In this session, we will hear from this year’s award winner on how they continually build trust with customers, employees, and partners.
Speakers:
Stephanie Balaouras, VP, Group Director, Forrester
Mansur Abilkasimov, Deputy CISO & CPSO, Schneider Electric
Keynote: The Continuous Risk Revolution Is Here. Down With The Three Lines Of Defense!
The “three lines of defense” model is no longer fit for purpose. Organizations struggle to retrofit this two-decades-old compliance model to meet modern risk management needs. Not only does this not work, it creates false assurances. Instead, leaders need better processes to break out of their silos and align risk decisions with business goals. Stop managing risk via artificial lines and level up your organization with continuous risk management. This Keynote will:
- Highlight common pitfalls when relying on three lines of defense as a risk management strategy.
- Introduce Forrester’s new continuous risk management model.
- Chart a path to start using continuous risk management today.
Speakers:
Alla Valente, Senior Analyst, Forrester
Cody Scott, Senior Analyst, Forrester
Closing Remarks
General Reception
Executive Leadership Exchange (Invite-Only): Dinner at the Capital Grille
Join us at The Capital Grille for an evening of exceptional dining, engaging conversation, and valuable networking opportunities. Transportation will be provided for your convenience. We’re excited to see you there!
Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester
Wednesday Dec 11
General Breakfast
Veteran’s Breakfast
We invite all those who have served or are currently serving our country to join us for a special appreciation breakfast.
Speakers:
Carlos Rivera, Senior Analyst, Forrester
Drew Jaehnig, Public Sector Capture Manager, Forrester
Welcome Back
Speakers:
Joseph Blankenship, VP, Research Director, Forrester
Amy DeMartine, VP, Research Director, Forrester
Keynote: Mastering the Human Element
Ask almost anyone in security, and they’ll tell you that the missing silver bullet to solve anything relating to human element breaches is security awareness and training. They also say (without any proof) that training improves the outcomes of these breaches. Not the rebels and innovators! They long ago recognized the various downfalls of compliance-driven, one-size-fits-all, often perfunctory training. And they have chosen to play bigger. Cue human risk management: the evidence-based art and science of positively influencing cybersecurity behavior and instilling a security culture. Join us for this keynote to examine the fundamental mindset, process, and technology shift that is occurring and how you too can, and should, lead this movement.
- Challenge traditional security training and awareness: Recognize the limitations of conventional security awareness programs and the need for a more tailored approach to addressing human element breaches.
- Embrace human risk management: Embrace the evidence-based practice of human risk management to positively influence cybersecurity behavior and foster a strong security culture within your organization.
- Lead the change: Be a part of the fundamental shift in mindset, process, and technology to spearhead the movement toward effective human risk management in cybersecurity.
Speakers:
Jinan Budge, VP, Principal Analyst, Forrester
Keynote: From Fragile To Agile: Reimagining Software Supply Chain Security
The fragility of software is all too evident in worldwide outages, targeted attacks on customers, and needless breaches due to vendor vulnerabilities and missteps. To stop the onslaught, US and international governments are pushing for better transparency, resiliency, and security. But this won’t be enough; security leaders must adopt a systematic approach that treats software as an interconnected supply chain, ensuring robust security at every link. This keynote is a must-attend event to:
- Learn the crucial roles and responsibilities of software supply chain: chooser, producer, and operator.
- Grasp the vital steps and processes of a secure software supply chain.
- Gain real-world perspective from peers who are actively implementing a software supply chain program.
Speakers:
Janet Worthington, Senior Analyst, Forrester
Rosa Underwood, Senior Cybersecurity Advisor (Acting), IT Specialist, U.S. General Services Administration
Cassie Crossley, Vice President, Supply Chain Security in the Global Cybersecurity & Product Security Office, Schneider Electric
Dr. Allan Friedman, Senior Advisor and Strategist , Cybersecurity and Infrastructure Security Agency
Marketplace Coffee Break & Networking (In-Person Only)
Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.
Attend one session:
10:20 am – 10:30 am - Incode: Connecting businesses with high-quality, low-risk customers
Speakers:
Shannon Monk, Enterprise Identity Consultant, Incode
10:35 am – 10:45 am - Archer: Evolv for Compliance
Archer Evolv for Compliance is a programmatic approach that connects incoming regulatory intelligence to control implementations utilizing AI and integrated compliance and audit capabilities. Through patented AI, Archer Evolv for Compliance enables regulatory horizon scanning and monitoring of relevant regulatory sources creating a streamlined feed of intelligence to drive regulatory change. The result is a consolidated view of obligations and an integrated approach to compliance and audit. In this demonstration, we will take you through the process of profiling your business, extracting obligations from regulatory sources and enabling you to stay ahead of regulatory change using the power of AI.
Speakers:
Themistocles Chronis, Principal Consultant, Archer
10:50 am – 11:00 am - Safe Security: GenAI for Unified Risk Management
Speakers:
Ram Vemula, Product Management - Head of Partnerships, Safe Security
Resha Chheda, VP, Product Marketing, Safe Security
Level-Up Workshop: Transform Your Collaboration Efforts To Protect OT Environments (Pre-Registration Required)
CISOs are being tasked with implementing cybersecurity strategies to protect OT environments from cyberattacks. Despite this directive, initiatives to improve cybersecurity controls in OT environments are lagging. Workshop participants will learn:
- Why traditional cybersecurity processes and technologies fail in OT.
- How to customize cybersecurity initiatives to fit the unique characteristics of OT.
- Ways to collaborate more effectively with a new set of OT stakeholders and coworkers.
Speakers:
Brian Wrozek, Principal Analyst, Forrester
Analyst-Led Roundtables (Registration Required)
Expertly curated by our analysts, these 30-minute roundtables foster vibrant discussions among peers on trending topics. Held during breaks, they offer a prime opportunity for networking and knowledge sharing. Registration required.
Attend one session:
Healthcare
Speakers:
Alla Valente, Senior Analyst, Forrester
Paddy Harrington, Senior Analyst, Forrester
ZTE
Speakers:
Andre Kindness, Principal Analyst, Forrester
Security Organizational Structures Beyond The Three Lines Of Defense
Speakers:
Paul McKay, Vice President, Principal Analyst, Forrester
Madelein van der Hout, Senior Analyst, Forrester
Forrester Summit Certification: AI Roundtables
All attendees participating in the Forrester Summit Certification Program will have exclusive access to analyst-led roundtables focused on AI. You can learn more about the Summit Certification Program here.
Speakers:
Allie Mellen, Principal Analyst, Forrester
Andras Cser, VP, Principal Analyst, Forrester
Heidi Shey, Principal Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester
Breakout Sessions
Case Study Sessions (In-Person Only)
Hear real world case studies showcasing the value of partnering with the right security and risk provider.
Attend one session:
Archer: Harnessing the Power of AI for Compliance
Is your risk management program working for you or are you working for it?
Sumitomo Mitsui Banking (SMBC) used data analytics to take their control assurance activities to a whole new level. This QnA session will be a study of how SMBC not only revolutionized their approach to data analytics but also bridged the gap across the company’s siloed risk activities to build a cohesive, global integrated views of their control environment.
Speakers:
Steve Schlarman, Senior Director, Marketing Strategy, Archer
Gemma Cook, Executive Director, SMBC
ExtraHop: Unleashing The Power of the Network with NAV, A Case Study for the Art of the Possible
Join former Forrester Senior Analyst Heath Mullins and Supro Ghose, former CISO of Eagle Bank, as they discuss how ExtraHop transformed Eagle Bank’s network threat detection capabilities from a morass of false positives to an example of operational excellence.
Speakers:
Supro Ghose, CISO, Graphene Security
Heath Mullins, Chief Evangelist, ExtraHop
Hoxhunt: Security Culture Eats Human Risk for Breakfast: AES’ award-winning culture change journey with Hoxhunt
Building a good security culture is critical for addressing the human element in cybersecurity. In this engaging session, Noora Ahmed Moshe, Vice President of Strategy and Operations at Hoxhunt, and David Badanes, Director of Cybersecurity Program and Partnerships at AES Corporation, explore how AES successfully transformed its approach to cybersecurity through culture change. Discover how AES tackled key challenges in human risk management, implemented continuous training, and fostered psychological safety to encourage secure behaviors across its workforce of over 12,000 employees, contractors, and partners. Learn why positive reinforcement, individualized training, and leadership alignment were crucial in building resilience against threats—and how these efforts earned AES industry recognition. Join us for actionable insights and proven strategies to empower your people to become your organization’s greatest cybersecurity asset.
Speakers:
Noora Ahmed-Moshe, VP of Strategy and Operations, Hoxhunt
David Badanes, Director of Cybersecurity Program and Partnerships at AES, AES Corporation
Lunch & Marketplace (In-Person Only)
Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.
Security & Risk Summit Certification: Wrap-Up Lunch (Invite-Only)
Complete your Forrester Security & Risk Summit Certification journey by joining us for the wrap-up lunch to reflect on key learnings, exchange insights, and connect with peers and Forrester experts on leveraging AI in security operations.
Speakers:
Allie Mellen, Principal Analyst, Forrester
Amanda Lipson, Research Associate, Forrester
Level-Up Workshop: Take Tactical Steps To Adopt Proactive Security (Pre-Registration Required)
*This session includes a lunch.
Join Senior Analyst Erik Nost for a workshop that breaks down the steps organizations can take to begin implementing more proactive security. Grounded on the three principles of proactive security (visibility, prioritization, and remediation), this workshop will provide methods to:
- Identify inputs and synergies for visibility, prioritization, and remediation.
- Guide participants in data management strategies.
- Discuss options for asset categorization and remediation prioritization.
- Learn how to work with a diverse set of vendors.
Speakers:
Erik Nost, Senior Analyst, Forrester
Executive Leadership Exchange (Invite-Only): Lessons and Perspectives from an Industry-Leading CISO
*This session includes a lunch.
Join us for a dive into the story behind Piedmont’s recognition as a top security leader in the industry. Discover the journey, challenges, and strategies that have set Monique Hart apart as a leading security professional and learn about her forward-looking perspective on security and risk. Come prepared with questions for a CISO recognized for groundbreaking leadership and resilience in today’s dynamic risk landscape.
Speakers:
David Levine, VP, Executive Partner, Forrester
Monique Hart, Vice President, Information Security/ CISO, Piedmont
Breakout Sessions + Ask An Expert
Keynote: Predictions 2025
Prepare for an exhilarating clash of insights as four leading Forrester analysts step into the spotlight to unveil their bold predictions for the future of cybersecurity, privacy, and risk
Each analyst will passionately defend their forecast, providing compelling evidence and engaging the audience with thought-provoking arguments. But the final verdict lies in your hands! You’ll have the opportunity to vote on which predictions you believe will shape the future.
Join us for this dynamic session, where the future is debated, and you decide which vision prevails!
Speakers:
Merritt Maxim, VP, Research Director, Forrester
Enza Iannopollo, Principal Analyst, Forrester
Paddy Harrington, Senior Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester
Allie Mellen, Principal Analyst, Forrester
Closing Remarks
Security & Risk Summit · December 9 – 11, 2024 · Baltimore & Digital
Contact us at events@forrester.com.