Security & Risk
Summit

December 9 – 11, 2024  |  Baltimore & Digital

Agenda

Session type
Select
Session topics
Select

There are no results for this filter set. Try refining to see more options.

Bold Starts: Monday

Dec 9
  • 2:00 pm – 4:30 pm ET Forrester Women's Leadership Program (Pre-Registration Required)
  • 4:45 pm – 6:00 pm ET Level-Up Workshop: Build Your Zero Trust Roadmap (Pre-Registration Required)
  • 4:45 pm – 6:00 pm ET Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools (Pre-Registration Required)
  • 6:00 pm – 7:00 pm ET Welcome Reception
  • 6:00 pm – 7:00 pm ET Executive Leadership Exchange (Invite-Only): Networking Reception: Meet Your Peers

Tuesday

Dec 10
  • 8:00 am – 9:00 am ET General Breakfast
  • 8:15 am – 9:00 am ET Networking Breakfast: Avoid Being Accidentally Offensive (Guys' Guide To Being An Ally)
  • 8:15 am – 9:00 am ET Executive Leadership Exchange (Invite-Only): Networking Breakfast
  • 9:00 am – 9:30 am ET Welcome & Opening Remarks
  • 9:30 am – 9:40 am ET Host Remarks
  • 9:40 am – 10:10 am ET Keynote: Data Security Reborn: Pioneering Strategies For AI And Post-Quantum
  • 10:15 am – 11:05 am ET Marketplace Coffee Break & Networking (In-Person Only)
  • 10:25 am – 11:40 am ET Level-Up Workshop: Measure Your IAM Maturity (Pre-Registration Required)
  • 10:30 am – 11:00 am ET Analyst-Led Roundtables (Registration Required)
  • 11:05 am – 11:35 am ET Breakout Sessions
  • 11:45 am – 12:15 pm ET Case Study Sessions (In-Person Only)
  • 12:15 pm – 1:45 pm ET Lunch & Marketplace (In-Person Only)
  • 12:15 pm – 1:25 pm ET Lunch & Learn Session (In-Person Only)
  • 12:15 pm – 1:45 pm ET Executive Leadership Exchange (Invite-Only): Networking Lunch: Attracting And Retaining Talent In The Age Of Burnout
  • 12:15 pm – 1:45 pm ET Analyst Relations Exchange Luncheon (Invite-Only)
  • 12:25 pm – 1:25 pm ET Government Lunch Panel: Navigating The Federal Zero Trust Data Security Guide
  • 1:45 pm – 2:30 pm ET Breakout Sessions + Ask An Expert
  • 2:40 pm – 3:10 pm ET Case Study Sessions (In-Person Only)
  • 3:20 pm – 3:50 pm ET Breakout Sessions
  • 3:20 pm – 4:35 pm ET Level-Up Workshop: Thwarting Social Engineering: A Balancing Act (Pre-Registration Required)
  • 3:50 pm – 4:35 pm ET Marketplace Coffee Break & Networking (In-Person Only)
  • 4:00 pm – 4:30 pm ET Analyst-Led Roundtables (Registration Required)
  • 4:35 pm – 5:05 pm ET Keynote: Security & Risk Enterprise Leadership Award
  • 5:05 pm – 5:35 pm ET Keynote: The Continuous Risk Revolution Is Here. Down With The Three Lines Of Defense!
  • 5:35 pm – 5:40 pm ET Closing Remarks
  • 5:40 pm – 6:40 pm ET General Reception
  • 7:30 pm – 9:30 pm ET Executive Leadership Exchange (Invite-Only): Dinner at the Capital Grille

Wednesday

Dec 11
  • 8:00 am – 9:00 am ET General Breakfast
  • 8:15 am – 9:00 am ET Veteran’s Breakfast
  • 9:00 am – 9:10 am ET Welcome Back
  • 9:10 am – 9:40 am ET Keynote: Mastering the Human Element
  • 9:40 am – 10:10 am ET Keynote: From Fragile To Agile: Reimagining Software Supply Chain Security
  • 10:15 am – 11:05 am ET Marketplace Coffee Break & Networking (In-Person Only)
  • 10:25 am – 11:40 am ET Level-Up Workshop: Transform Your Collaboration Efforts To Protect OT Environments (Pre-Registration Required)
  • 10:20 am – 10:50 am ET Analyst-Led Roundtables (Registration Required)
  • 11:05 am – 11:35 am ET Breakout Sessions
  • 11:40 am – 12:10 pm ET Case Study Sessions (In-Person Only)
  • 12:10 pm – 1:25 pm ET Lunch & Marketplace (In-Person Only)
  • 12:10 pm – 1:25 pm ET Security & Risk Summit Certification: Wrap-Up Lunch (Invite-Only)
  • 12:10 pm – 2:10 pm ET Level-Up Workshop: Take Tactical Steps To Adopt Proactive Security (Pre-Registration Required)
  • 12:20 pm – 1:15 pm ET Executive Leadership Exchange (Invite-Only): Lessons and Perspectives from an Industry-Leading CISO
  • 1:25 pm – 2:10 pm ET Breakout Sessions + Ask An Expert
  • 2:20 pm – 2:50 pm ET Keynote: Predictions 2025
  • 2:50 pm – 3:00 pm ET Closing Remarks

Bold Starts: Monday Dec 9

2:00 pm – 4:30 pm ET

Forrester Women's Leadership Program (Pre-Registration Required)

To Propel Your Career In Security & Risk, Choose Your Advisers And Nuggets Of Advice Wisely 

The torrent of well-meaning advice from colleagues, mentors, training sessions, and events is enough to give anyone a headache. So, we all need techniques to distinguish the transformative insights from the mere noise. This is crucial in our fast-evolving field of security & risk. Whether it’s about navigating workplace dynamics, mastering new technology, or developing cutting-edge strategies, the quality of advice you heed can significantly influence your trajectory. In this multipart collaborative session, together we will: 

  • Select the best advisers for your situation: You don’t need a single mentor — you need different advisers for different situations. 
  • Separate good advice from bad: Our panel will share the best pieces of career advice they’ve received, of course. And they’ll also expand on the “value” of bad advice — because sometimes, not following it (or doing the opposite!) can be your best decision. 
  • Navigate together: Learn from each other as attendees contribute their own best and worst pieces of advice. 

The Forrester Women’s Leadership Program will:

  • Build community.
  • Inspire change.
  • Drive advancement.
  • Foster allyship and individual empowerment.
  • Facilitate meaningful connections.

Speakers:
Laura Koetzle, VP, Group Director, Forrester
Amy DeMartine, VP, Research Director, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
Tameika Turner, Senior Cybersecurity Program Manager, NNSA
Faye Dixon-Harris, Managing Director, Federal Home Loan Bank
Judith Conklin, CIO, Library of Congress

2:00 PM | Arrival, Coffee, Networking
2:10 PM | Opening Remarks

Speakers:
Amy DeMartine, VP, Research Director, Forrester
Jinan Budge, VP, Principal Analyst, Forrester

2:20 PM | Roundtable Discussions

Speakers:
Laura Koetzle, VP, Group Director, Forrester

2:50 PM | Panel: Here’s How To Select The Best Career Advice To Follow

When you’re at a career crossroads, you’ll receive lots of conflicting advice, and it can be very difficult to separate the gems from the duds.  And this problem is compounded for women, because well-meaning advisors often make assumptions about how they’d like to balance work and family.  For this session, we’ve assembled a fantasticpanel of senior Security & Risk leaders to share the best (and worst!) career advice they’ve received, and how they approach giving career advice. Here’s what you’ll take away from this session if you join us:  

  • How to choose the right people to get career advice from 
  • How to frame your career challenge so that you get the most useful answers from your advisors 
  • How to tell good advice (for you!) from bad 

Speakers:
Laura Koetzle, VP, Group Director, Forrester

3:30 PM | Break
3:40 PM | Community Roundtables
4:10 PM | Share back with the group
4:25 PM | Program Wrap-Up

Speakers:
Amy DeMartine, VP, Research Director, Forrester

4:30 PM | Close
4:45 pm – 6:00 pm ET

Level-Up Workshop: Build Your Zero Trust Roadmap (Pre-Registration Required)

This workshop will help attendees build a comprehensive roadmap to implement a Zero Trust strategy. Attendees will:  

  • Define clear objectives and prioritize business initiatives, ensuring alignment with organizational goals and security needs. 
  • Conduct current-state assessments to evaluate existing posture and identify gaps, as well as prioritize critical initiatives. 
  • Create a practical roadmap that balances robust security with operational efficiency, fostering collaboration and breaking down organizational silos for a unified approach to Zero Trust implementation. 

Speakers:
Peter Cerrato, Principal Consultant, Forrester
Tope Olufon, Sr Analyst, Forrester
Carlos Rivera, Senior Analyst, Forrester
Ron Woerner, Senior Consultant, Forrester

4:45 pm – 6:00 pm ET

Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools (Pre-Registration Required)

This workshop, part of Forrester’s Summit-exclusive Certification program, will cut through the hype to focus on AI tools and use cases that will improve your security operations and build resilience. By participating in this hands-on workshop, begin completing the requirements for the Forrester Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools. The program is designed for attendees to: 

  • Gain deeper knowledge of what generative AI is and how you can use it effectively in your organization today.
  • Harness the potential of AI for the future.
  • Understand how to enable your team to gain efficiencies with AI.

To earn a certification credential with Forrester, attendees must fulfill the following completion requirements:  

  • Attend the Security & Risk Summit Certification Workshop: How To Leverage AI In Security Tools on December 9, 4:45–6:00 pm EST.
  • Attend two keynote sessions.
  • Attend three breakout sessions.
  • Attend one analyst-led AI roundtable discussion on December 11, 10:20—10:50 am EST 
  • Attend the wrap-up lunch on December 11, 12:20—1:15 pm EST.
  • Complete the certification reflection workbook.

Speakers:
Allie Mellen, Principal Analyst, Forrester
Amanda Lipson, Research Associate, Forrester
Jenna Wohead, Director, Product Management, Forrester

6:00 pm – 7:00 pm ET

Welcome Reception

Join us for refreshments and light appetizers. All registered attendees are welcome.

6:00 pm – 7:00 pm ET

Executive Leadership Exchange (Invite-Only): Networking Reception: Meet Your Peers

Join us for a pre-conference reception where you can network with Forrester experts and industry peers who will be part of the ELE program throughout the event.

Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester

Tuesday Dec 10

8:00 am – 9:00 am ET

General Breakfast

8:15 am – 9:00 am ET

Networking Breakfast: Avoid Being Accidentally Offensive (Guys' Guide To Being An Ally)

Talk to most guys in cybersecurity and they’ll tell you they are all for diversity, equity, and inclusion. Even with this sentiment, our industry still lacks diversity. This session will confront the “accidental toxicity” problem that lurks in cybersecurity and offer tangible advice on fixing it and making the industry an inviting environment for all people, voices, and perspectives.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester
Laura Koetzle, VP, Group Director, Forrester

8:15 am – 9:00 am ET

Executive Leadership Exchange (Invite-Only): Networking Breakfast

Start the day with a nourishing meal, the company of your fellow ELE participants, and an overview of the day ahead.

Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester

9:00 am – 9:30 am ET

Welcome & Opening Remarks

Speakers:
George Colony, CEO, Forrester

9:30 am – 9:40 am ET

Host Remarks

Speakers:
Joseph Blankenship, VP, Research Director, Forrester
Amy DeMartine, VP, Research Director, Forrester

9:40 am – 10:10 am ET

Keynote: Data Security Reborn: Pioneering Strategies For AI And Post-Quantum

Data security today is overhyped and nebulous. A deliberate approach to data security is elusive for many organizations. Forces like AI and post-quantum threats up the ante, while the journey to improve Zero Trust maturity requires advancing core data security capabilities and controls. Reimagine and advance your data security program:

  • Reconceptualize the scope of what constitutes sensitive data today.
  • Bring clarity to the data risks that require mitigating controls.
  • Define data-centric security capabilities and controls.

Speakers:
Heidi Shey, Principal Analyst, Forrester

10:15 am – 11:05 am ET

Marketplace Coffee Break & Networking (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

10:20 am – 10:30 am - OneTrust Spotlight: Data-Driven Third Party Resilience: Risk-Aware Decision-Making In Third-Party Management Session

Amidst growing regulatory pressure, a rapidly evolving threat landscape, and a global uptick in third-party risk and disruption, resiliency has never been more top of mind for boards, CISOs and third-party risk practitioners. Learn how to leverage best-in-class third-party risk data to augment and scale your program, and move risk-aware decision-making to the center of your third-party risk management processes.

Speakers:
Andrew Dorminey, Solutions Engineer, OneTrust

10:35 am – 10:45 am - Onspring: TPRM — Everything You Need To Know To Protect Your Organization

Third parties inherently create risk — especially when you consider that many of your vendors are unlikely to follow the strict security you have meticulously designed for your organization. To add to this, the average organization has 182 vendors connected to their systems each week, and 60% of organizations feel underprepared to perform due diligence on their vendors. Even more concerning, 57% of businesses aren’t confident that their vendor management policies would prevent a data breach.

Speakers:
Bobby Hinsdale, Sr. Sales Engineer, Onspring

10:50 am – 11:00 am - Axonius: Minimize Your Attack Surface Exposure With Axonius

As your organization grows, the sprawl of technology assets across devices, identities, applications, and infrastructure is inevitable. With a growing attack surface comes an ever-expanding exposure gap that needs continuous assessment and protection. Join us for a live demo to see how Axonius helps you find and fix meaningful threat exposure from all angles with a holistic approach to asset intelligence across your entire IT footprint.

Speakers:
Brian Freedman, Technical Channel Leader, Axonius

10:25 am – 11:40 am ET

Level-Up Workshop: Measure Your IAM Maturity (Pre-Registration Required)

In today’s digital world, identity-centric security is crucial. An effective identity and access management (IAM) program plays an instrumental role, not only in defending against increasingly sophisticated cyberthreats but also in enhancing user experience and improving business agility. This interactive workshop will provide security leaders with: 

  • Insights to key elements of a modern IAM program. 
  • An executive-level IAM program maturity assessment. 
  • Best practices for developing a business-driven IAM program. 

Speakers:
Geoff Cairns, Principal Analyst, Forrester

10:30 am – 11:00 am ET

Analyst-Led Roundtables (Registration Required)

Expertly curated by our analysts, these 30-minute roundtables foster vibrant discussions among peers on trending topics. Held during breaks, they offer a prime opportunity for networking and knowledge sharing. Registration required.

Attend one session:

New Requirements, New Challenges

How can government orgs take advantage of updated frameworks like NIST CSF 2.0 and CMMC 2.0 to better mitigate security risk? 

Speakers:
Cody Scott, Senior Analyst, Forrester
Carlos Rivera, Senior Analyst, Forrester

Who Is Watching OT?

This discussion will center around how to monitor security alerts from the OT environment.

Speakers:
Brian Wrozek, Principal Analyst, Forrester

Compliance

Speakers:
Alla Valente, Senior Analyst, Forrester
Paul McKay, Vice President, Principal Analyst, Forrester

11:05 am – 11:35 am ET

Breakout Sessions

Leadership & Strategy
The Art Of Forecasting For CISOs

CISOs have earned a permanent spot in the C-suite. Now it’s time to prove that they should stay there by showing how they contribute as a profit center, not a cost center. This session will help CISOs understand one of the most important expectations of every C-level executive: the ability to forecast what’s coming next. This session will:

  • Explain how every C-level leader forecasts about their business … except CISOs.
  • Highlight how strong metrics leads to better forecasting.
  • Showcase how to convert business goals like growth in revenue, headcount, and market share as built-in components of forecasting for cybersecurity.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

Risk & Compliance
Put Technology Resilience In The Center Of Your Business Circus

Trust is one of the most valuable assets you can have in your business. Outages, breaches, data leaks, and other technology incidents erode the trust your customers, partners, and employees put into the systems that power your business. Technology resilience depends on preventing and responding to these crises, but building trust requires more than just returning systems to operation. It means upleveling your communication, practicing your response to crisis, and protecting data even when it is lost. In this session you will:   

  • Learn how to establish foundational principles for modern technology resilience.
  • Understand how you can help your organization embrace new tactics and techniques to bolster resilience.

Speakers:
Brent Ellis, Senior Analyst, Forrester

Prevention Detection & Response
Build Resilience With Zero Trust: Think Like A Threat Actor

Threat actors are a good source of learning about our environments and how they can be attacked. They are also remarkably good at information gathering, following DRY (“don’t repeat yourself”) principles, and maintaining lean operations. This singularity of focus and creative application of technology demonstrated by attackers can be applied to organizations wishing to elevate their security with Zero Trust design principles and identity and visibility-driven analytics. Senior Analyst Tope Olufon will show how thinking like a threat actor can drive your security strategy. Attendees will learn how to:

  • Apply reconnaissance techniques to understand their own environment.
  • Employ or repurpose generic/existing tools to enhance visibility.
  • Jump-start Zero Trust, reduce complexity, and use automation to build resilience.

Speakers:
Tope Olufon, Sr Analyst, Forrester

Identity & Fraud
Generative AI In Fraud Management

This session will look at trends of generative AI’s use in fraud management. We will explore the viability of genAI in rule- and machine learning-based model development and management, case routing, case investigation, and reporting. The presentation will also cover risks and best practices of adopting genAI in fraud management. Learn about:

  • How fraudsters are using AI to launch attacks.
  • Key use cases of genAI in fraud management, anti-money laundering, and know-your-customer.
  • Implementation best practices for genAI in fraud.

Speakers:
Andras Cser, VP, Principal Analyst, Forrester

Cloud & Application Security
Cloud Market Trends That Will Disrupt Your Security Program

Technology leaders are prioritizing cloud security and increasing their cloud security spend, but that doesn’t mean that cloud security professionals can rest easy. New cloud-based AI offerings, sovereignty regulations and directives, and the increasing pressure of maximizing cloud investments while minimizing carbon footprint all threaten the delicate stasis of securing cloud environments. In this session, you will learn:

  • What to expect with cloud-based AI black box models and how to harden for your cloud environment.
  • How to address the new sovereignty regulations coming from the EU.
  • Different methods to optimize your cloud spend and meet sustainability requirements.

Speakers:
Tracy Woo, Principal Analyst, Forrester

11:45 am – 12:15 pm ET

Case Study Sessions (In-Person Only)

Hear real-world case studies showcasing the value of partnering with the right security and risk provider.

 

Attend one session:

Bitsight: Schneider Electric Case Study: Securing OT, Protecting Critical Infrastructure, And Reducing Our Customers’ Risk

In an era of rising cyber threats, Schneider Electric leads the charge to secure operational technology and protect vital infrastructure. This presentation uncovers the powerful strategies behind Schneider’s Installed Base Program, a proactive solution that identifies and fixes risks in internet-exposed OT devices before they become liabilities. Partnering with Bitsight for deeper visibility and teaming up with DHS-CISA, Schneider is setting a new bar for OT security. Join this discussion to see how Schneider is not only protecting customer operations but reshaping the future of infrastructure resilience.

Speakers:
Jake Olcott, Vice President of Government Affairs, Bitsight
Patrick Ford, Chief Information Security Officer for Americas Region, Schneider Electric

Coalfire: Navigating Privacy In The Age Of AI: Compliance Challenges In Highly Regulated Environments

This panel discussion delves into the critical privacy challenges arising from the integration of AI within highly regulated information systems. We examine the complexities of maintaining data privacy and security while leveraging AI’s capabilities in environments that must adhere to stringent federal regulations such as FedRAMP, CMMC, and other FISMA frameworks. The panelists will explore the potential privacy risks associated with AI implementation, including data breaches, unauthorized access, and algorithmic bias. Additionally, the discussion will address the need for robust privacy-preserving AI techniques and strategies to ensure compliance with these stringent regulatory frameworks. The panel aims to provide insights and recommendations for organizations navigating the intersection of AI innovation and regulatory compliance in highly sensitive information environments.

Speakers:
Jim Masella, VP Compliance Advisory, Coalfire
Ricky Patrick, VP Global Security Compliance, Equifax
Michael G. Gruden, Counsel, Crowell & Moring LLP

ProcessUnity: Best Practices For Threat And Vulnerability Response And Emergency Assessments

It’s not getting any easier. Every time we turn around, there seems to be another attack or threat that demands our attention. While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful, and distracting. It doesn’t have to be that way.

Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We’ll outline what’s required to prepare in advance so you’re ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we’ll cover the necessary steps and considerations for an effective response plan.

Session attendees will learn:

• How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss.

• How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability.

• How quick-assess campaigns can automatically scope, distribute, and score responses.

Speakers:
Scott West, Vice President, ProcessUnity

ThreatLocker: Ransomware Tales

Beyond the alarming headlines and increasing financial consequences, the prevalence of malicious or weaponized software lurks as an everyday risk. Join ThreatLocker VP Solutions Engineering Ryan Bowman for a deep look at the evolution of ransomware. We’ll explore the real stories of rogue code, the impact of an attack, and how you can protect your organization today.

Speakers:
Ryan Bowman, VP Solutions Engineering, ThreatLocker

12:15 pm – 1:45 pm ET

Lunch & Marketplace (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

12:50 pm – 1:00 pm - ThreatLocker: Rubber Ducky Challenge

Risk of data loss and operational disruption can stem from more than the ransomware in news headlines. Witness a live hacking demonstration of a common-looking USB device and learn about physical and digital methods of control to minimize data exfiltration.

Speakers:
Ryan Bowman, VP Solutions Engineering, ThreatLocker

1:05 pm – 1:15 pm - Forrester: Align To Accelerate With Forrester Decisions  

As a security & risk leader, you’re expected to solve problems, make decisions, and take action to deliver results in record time, day in and day out. These superpowers come from having a great partner by your side for research and continuous guidance. Come hear how Forrester Decisions helps you tackle your initiatives, deliver outcomes, and prove business value in record time.

Speakers:
Jeff Lash, VP, Global Product Management, Forrester

12:15 pm – 1:25 pm ET

Lunch & Learn Session (In-Person Only)

This session will have limited capacity and is first come, first served. Lunch will be provided.

Safe Security: Unifying Cyber Risk With GenAI Insights

Join us for an interactive session where industry experts and customers will discuss how genAI is reshaping the way organizations manage cyber risks across various domains. Learn directly from customer experiences on how AI-driven insights have helped consolidate risks from security operations, GRC, and TPRM, leading to faster decision-making and improved resource allocation. This session is perfect for those looking to engage with real-world success stories and best practices.

Speakers:
Nick Sanna, President, Safe Security

12:15 pm – 1:45 pm ET

Executive Leadership Exchange (Invite-Only): Networking Lunch: Attracting And Retaining Talent In The Age Of Burnout

Sit down for lunch and a fireside chat hosted by Jess Burn to discuss best practices and lessons learned for hiring, developing, and retaining cybersecurity talent amidst a skills and staffing shortage that threatens to burn out practitioners and managers alike.

Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester

12:15 pm – 1:45 pm ET

Analyst Relations Exchange Luncheon (Invite-Only)

Come together with fellow practitioners in analyst relations (AR) for a meet-and-greet luncheon dedicated to your role. Take a break from the crowd to meet your peers, exchange ideas, and share AR best practices. Forrester will briefly highlight some of the ways we serve AR professionals and take questions from you. 

Speakers:
Trish Mirel, Global Director, Analyst Relations Council, Forrester
Chris Andrews, VP Product Management, Forrester

12:25 pm – 1:25 pm ET

Government Lunch Panel: Navigating The Federal Zero Trust Data Security Guide

Advancing in the data pillar of Zero Trust is crucial in an agency’s journey to improving Zero Trust maturity. However, the data domain demands new practices and the engagement of new stakeholders as Zero Trust requires changes to how we think about data security and data management. Join us for this panel to learn:

  • Key insights from the development of the Federal Zero Trust Data Security Guide, a resource to support federal practitioners.
  • Anticipated challenges and considerations for how to best use and apply this guide today.
  • What to expect next from this guide in future iterations.

Speakers:
Heidi Shey, Principal Analyst, Forrester
Gouri Das, Principal Consultant, Forrester
Steven Hernandez, Federal Co-Chair (United States) & Chief Information Security Officer Council, United States Department of Education
Jason Snyder, CIO - Secretary of EOTSS and CCIO, Office of Technology Services and Security, Commonwealth of MA
Anne Klieve, Management Analyst, Office of Enterprise Integration, United States Department of Veterans Affairs

1:45 pm – 2:30 pm ET

Breakout Sessions + Ask An Expert

Leadership & Strategy
Security Organizational Structures Beyond The Three Lines Of Defense

The three lines of defense model has been widely adopted across industries, shaping how organizations approach risk management, compliance, and corporate governance. Security leaders have typically viewed it as the gold standard for security org model design, but it comes with many flaws, complexity, and cost. Security leaders scraping the three lines of defense model need to consider an alternative. In this session, we will explore:

  • How the three lines model has influenced security organizational structures.
  • The limitations that the three lines model introduces for security orgs.
  • Effective strategies for rethinking security organization structures in a post-“three lines of defense” world.

Speakers:
Madelein van der Hout, Senior Analyst, Forrester
Paul McKay, Vice President, Principal Analyst, Forrester

Risk & Compliance
Ditch Your Risk Heat Map: Get Actionable With CRQ

Your single biggest cyber risk is not knowing how much risk you’re exposed to. Cyber risk quantification (CRQ) gives security and risk pros a more accurate, defensible way to assess, communicate, and prioritize the risks that matter most, yet most organizations rely on qualitative methods like risk heat maps and 5×5 ratings that have proven to be useless. It’s time to ditch the subjective heat maps and use CRQ to make risk management easier. Join this session to:

  • Understand the value of quantitative risk assessment methods.
  • Build the business case for adopting CRQ.
  • Plan for your first successful CRQ pilot.

Speakers:
Cody Scott, Senior Analyst, Forrester

Prevention Detection & Response
Transform Your Security Data Management Strategy

The worlds of SecOps and SIEM have fundamentally changed after a series of vendor mergers and acquisitions. What was already complicated by excessive cost, resource constraints, and required expertise has become even more complex and is changing how data storage and management for security operations must be done. Technology choices range from data pipeline management tools to security data lakes, in addition to analytics and automation technologies. Principal Analyst Allie Mellen will discuss data management strategies for SecOps and building a successful data management strategy. Attendees will:

  • Learn data management strategies for SecOps in a hybrid, multicloud world.
  • Gain understanding of the tools needed for better data management.
  • Discover how to evaluate security data management options and make the best architectural decision.

Speakers:
Allie Mellen, Principal Analyst, Forrester

Identity & Fraud
Biometric Frontiers: Unlocking The Future Of Engagement

Biometrics holds the keys to a range of engagement models of the future. But that future comes with a lot of baggage, including profound geographical fragmentation from a cultural, regulatory, and implementation perspective, as well as unnerving reports of deepfakes. This keynote compares and contrasts regional approaches to biometrics; explores the good, bad, and ugly of face, voice, and fingerprint biometrics; and examines the security, risk, and privacy challenges and the benefits of their implementation. Join us to:

  • Learn proven best practices on how to bolster adoption.
  • Prepare to defend against deepfakes.
  • Prevent legal, regulatory, and audit failures.

Speakers:
Enza Iannopollo, Principal Analyst, Forrester
Andras Cser, VP, Principal Analyst, Forrester

Cloud & Application Security
Case Study: Reimagine Your Product Security Program

CISOs need to stop looking at product security as a siloed part of the security organization. Modern product security programs prioritize customer trust as a fundamental goal as well as securing the product itself. Join us for a presentation and fireside chat with members of Schneider Electric’s product security team. In this session, attendees will hear about:

  • The characteristics of an effective product security program.
  • How to integrate product security with the rest of the cybersecurity organization and the benefits of doing so.
  • How to increase the maturity of the product security function.

Speakers:
Sandy Carielli, Principal Analyst, Forrester
Mansur Abilkasimov, Deputy CISO & CPSO, Schneider Electric

2:40 pm – 3:10 pm ET

Case Study Sessions (In-Person Only)

Hear real-world case studies showcasing the value of partnering with the right security and risk provider.

Attend one session:

Illumio: Stop The Inevitable Breach With Illumio’s Segmentation Solution

No security prevention architecture will ever be 100% effective. Eventually, even the best-planned barrier will be breached, either from the outside or internally. An “assume breach” mindset needs to exist in parallel with efforts to prevent breaches, and the architecture needs to contain breaches. Zero Trust needs to plan for the unexpected. Learn how Illumio’s industry-leading Zero Trust segmentation solution prevents the inevitable breach from becoming a disaster.

Speakers:
Gary Barlet, Principal Solutions Architect, Public Sector, Illumio

Rocket Software: Fortify Your Mainframe: Real-World Success Stories For Effective Vulnerability Management

The integrity of mainframe data and software is critical in fundamentally securing your business. Understanding mainframe vulnerability management is core to successfully surviving mainframe risks and meeting regulatory requirements. In this session, you will learn how organizations have built strong vulnerability management programs for optimal mainframe risk management. The principal audience for this presentation is individuals responsible for the management, analysis, and disposition of cyber vulnerabilities affecting an organization’s cyber resilience. This includes executives responsible for establishing policies and priorities for vulnerability management; managers and planners responsible for converting executive decisions into plans; and the operations staff that implements the plan and participates in vulnerability disposition.

Speakers:
Cynthia Overby, Director Security, Customer Solutions Engineering, Rocket Software
Ray Overby, Technical Director, Rocket Software
Sandy Campbell, Senior Solutions Architect: Mainframe Solutions, CDW

Safe Security: Redefining Third-Party Cyber Risk Management With GenAI

As cyberthreats evolve, organizations struggle with fragmented views of risks across domains. This session explores how genAI transforms cyber risk management by consolidating data from siloed functions such as GRC, security operations, and TPRM into a unified view. By automating risk assessments and providing real-time insights, genAI enables proactive risk management, enhancing decision-making. Attendees will learn strategies for streamlining cyber risk management efforts, making this session ideal for CISOs and risk managers seeking to manage cyber risk at the speed of the business.

Speakers:
Saket Modi, Co-Founder & CEO, Safe Security
Omar Khawaja, Field CISO, Databricks

3:20 pm – 3:50 pm ET

Breakout Sessions

Leadership & Strategy
Build An Optimal Alliance With Your CIO

Each day, IT and security teams and execs face major risks together. Unfortunately, they are often working against each other, sometimes with outward hostility, yet they have a multitude of benefits to reap from a unified security vision and from working together to enable the business:

  •  Explore the root causes of these tensions.
  • Build humanity in interactions with tech execs and teams.
  • Learn how to operationalize the collaboration required to build trust.

Speakers:
Jinan Budge, VP, Principal Analyst, Forrester

Risk & Compliance
A Fun (Yes, Really) Crash Course In AI Regs And Frameworks

AI and generative AI are revolutionizing business in every department. But without adequate risk management, things will go awry more quickly than you think. Fear not, for brand-new regulations such as the EU AI Act and specific standards are emerging to help companies take care of the risks. Join this session to learn about the AI risk management frameworks and standards that your peers are using and to deep-dive into the new AI rules, including the EU AI Act, to which US and international companies must comply due to their extra-territorial scope. In this session, you will learn about:

  • The AI risk frameworks and standards that global companies are adopting.
  • The new regulatory requirements of the EU AI Act and to what extent they apply to you.
  • Best practices from your peers about their AI compliance and AI risk management efforts.

Speakers:
Enza Iannopollo, Principal Analyst, Forrester

Prevention Detection & Response
Next-Level Your Zero Trust Initiative

Organizations adopting Zero Trust are now well into their journey, moving past the basic foundational steps and maturing their implementations, but getting to that “next level” of Zero Trust requires even more. This panel discussion, moderated by Forrester Senior Analyst Carlos Rivera, will explore the insights, challenges, and recommendations for maturing Zero Trust by those who have lived it. Attendees will:

  • Gain an understanding of common challenges faced with Zero Trust adoption.
  • Understand the value of developing outcome-based use cases.
  • Learn best practices to mature Zero Trust initiatives from people who are doing it.

Speakers:
Carlos Rivera, Senior Analyst, Forrester
Eric Poulin, Sr. Director - Cyber Security Technology Strategy & Management, GE Aerospace
Brandy Sanchez, Director of the Zero Trust Initiative, DHS
Lou Eichenbaum, Zero Trust Program Manager, Department of Interior

Identity & Fraud
Welcome To The Machine Age: Machine Identity Management Comes Alive

Amidst the rise of cloud, DevOps, internet of things, and generative AI, organizations are contending with an explosion of machine identities (aka nonhuman identities). As organizations increasingly rely on machines for their operational processes, ensuring that these entities are securely authenticated, authorized, and monitored becomes paramount. Session attendees will learn:

  • The unique risks and challenges that machine identities present.
  • How to establish a unified identity and access management strategy that accounts for machine identities.
  • The technologies to apply for automation and resiliency.

Speakers:
Geoff Cairns, Principal Analyst, Forrester

Cloud & Application Security
Secure Software At Speed With DevSecOps

Enterprises are eager to adopt DevSecOps but encounter challenges including securing executive buy-in, unifying siloed teams, selecting the appropriate technology, and understanding the necessary processes to facilitate the transition. In this talk, we will explore a DevSecOps maturity model designed to help leaders navigate these challenges and articulate a vision that encourages buy-in and investment. Session attendees will learn:

  • The crawl, walk, run maturity model for DevSecOps.
  • How to create a culture where security and development share responsibility and work collaboratively together.
  • The processes and technologies to implement as you mature in your DevSecOps journey.

Speakers:
Janet Worthington, Senior Analyst, Forrester

3:20 pm – 4:35 pm ET

Level-Up Workshop: Thwarting Social Engineering: A Balancing Act (Pre-Registration Required)

Attackers prey on your workforce’s better angels – the desire to be helpful and efficient. This opens them up to social engineering attacks like phishing, SMShing, and business email compromise (BEC). Thwarting social engineering attacks means striking the right balance between effective technology, skilled security practitioners, and a human-centric approach to building an empowered security culture across the workforce. This interactive workshop will help security leaders and practitioners: 

  • Understand security practitioner and workforce needs and motivations. 
  • Explore strategies for optimizing the synergy between technology and people to protect data and IP. 
  • Create people and technology “balance sheets” for specific social engineering scenarios. 

Speakers:
Jess Burn, Principal Analyst, Forrester

3:50 pm – 4:35 pm ET

Marketplace Coffee Break & Networking (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

3:55 pm – 4:05 pm - Recorded Future: Ransomware's Ripple Effect: The Looming Supply Chain Threat

Despite billions invested in security tools, organizations are still vulnerable to increasingly sophisticated and efficient threat actors. Ransomware remains a pervasive threat, with a 68% year-over-year increase in breaches involving a third-party, mostly due to vulnerabilities exploited in ransomware and extortion attacks (Verizon DBIR 2024). To secure the modern supply chain, organizations need to embrace a more proactive approach to vendor monitoring. This talk explores the trends in ransomware attacks, their impact on supply chain security, and the strategies needed to mitigate these risks.

Speakers:
Lizzie Myers, Product Marketing Specialist, Recorded Future

4:10 pm – 4:20 pm - ExtraHop: Evolve Your Ransomware Defense: Why EDR Needs NDR

Attendees will gain a deep understanding of how modern ransomware attacks unfold and the critical roles that Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) play in defending against these threats. They’ll learn how integrating these tools can provide comprehensive visibility, enabling faster detection and mitigation of attacks across the entire network. Additionally, the session will showcase practical, real-world applications of these strategies to stop ransomware in its tracks.

Speakers:
Ariel Smirnov, Technical Marketing Manager,, ExtraHop

4:25 pm – 4:35 pm - ServiceNow: Effective Cyber Risk Management Outcomes from ServiceNow

In this presentation, we’ll explore how Cyber Risk Management from ServiceNow drives effective outcomes through a unified platform and shared data model. Discover how collaborative solutions enhance visibility, response, and risk reduction. We will showcase real-world examples, including an executive dashboard and integration of key products, demonstrating the tangible value customers have achieved. Join us to learn how a cohesive approach to cyber risk management can transform your organization’s resilience and decision-making.

Speakers:
Ben Prime, Sr Advisory Solution Architect, ServiceNow

4:00 pm – 4:30 pm ET

Analyst-Led Roundtables (Registration Required)

Expertly curated by our analysts, these 30-minute roundtables foster vibrant discussions among peers on trending topics. Held during breaks, they offer a prime opportunity for networking and knowledge sharing. Registration required.

Attend one session:

FI Services Roundtable

Ransomware continues to plague organizations large and small because of aggressive threat actors and challenges with how to implement a comprehensive defense. In this roundtable, we will discuss – and perhaps debate! – the most critical steps your organization must take to defend more effectively against ransomware.

Speakers:
Andras Cser, VP, Principal Analyst, Forrester
Tracy Woo, Principal Analyst, Forrester

How To Survive A ransomware Attack

Ransomware continues to plague organizations large and small because of aggressive threat actors and challenges with how to implement a comprehensive defense. In this roundtable, we will discuss – and perhaps debate! – the most critical steps your organization must take to defend more effectively against ransomware.

Speakers:
Allie Mellen, Principal Analyst, Forrester

Climate on Record: Tools To Manage Sustainability Data, Climate Risk and Reporting

Identifying the right sustainability data management platforms and services to navigate sustainability reporting.

Speakers:
Abhijit Sunil, Senior Analyst, Forrester

4:35 pm – 5:05 pm ET

Keynote: Security & Risk Enterprise Leadership Award

Welcome to the highly anticipated Forrester Security & Risk Enterprise Leadership Award, the only assessment dedicated to recognizing excellence in security, privacy, and risk strategy, integral to building a trusted and resilient business.

In this session, we will hear from this year’s award winner on how they continually build trust with customers, employees, and partners.

Speakers:
Stephanie Balaouras, VP, Group Director, Forrester
Mansur Abilkasimov, Deputy CISO & CPSO, Schneider Electric

5:05 pm – 5:35 pm ET

Keynote: The Continuous Risk Revolution Is Here. Down With The Three Lines Of Defense!

The “three lines of defense” model is no longer fit for purpose. Organizations struggle to retrofit this two-decades-old compliance model to meet modern risk management needs. Not only does this not work, it creates false assurances. Instead, leaders need better processes to break out of their silos and align risk decisions with business goals. Stop managing risk via artificial lines and level up your organization with continuous risk management. This Keynote will:

  • Highlight common pitfalls when relying on three lines of defense as a risk management strategy.
  • Introduce Forrester’s new continuous risk management model.
  • Chart a path to start using continuous risk management today.

Speakers:
Alla Valente, Senior Analyst, Forrester
Cody Scott, Senior Analyst, Forrester

5:35 pm – 5:40 pm ET

Closing Remarks

5:40 pm – 6:40 pm ET

General Reception

7:30 pm – 9:30 pm ET

Executive Leadership Exchange (Invite-Only): Dinner at the Capital Grille

Join us at The Capital Grille for an evening of exceptional dining, engaging conversation, and valuable networking opportunities. Transportation will be provided for your convenience. We’re excited to see you there!

Speakers:
Jess Burn, Principal Analyst, Forrester
Jinan Budge, VP, Principal Analyst, Forrester
David Levine, VP, Executive Partner, Forrester

Wednesday Dec 11

8:00 am – 9:00 am ET

General Breakfast

8:15 am – 9:00 am ET

Veteran’s Breakfast

We invite all those who have served or are currently serving our country to join us for a special appreciation breakfast.

Speakers:
Carlos Rivera, Senior Analyst, Forrester
Drew Jaehnig, Public Sector Capture Manager, Forrester

9:00 am – 9:10 am ET

Welcome Back

Speakers:
Joseph Blankenship, VP, Research Director, Forrester
Amy DeMartine, VP, Research Director, Forrester

9:10 am – 9:40 am ET

Keynote: Mastering the Human Element

Ask almost anyone in security, and they’ll tell you that the missing silver bullet to solve anything relating to human element breaches is security awareness and training. They also say (without any proof) that training improves the outcomes of these breaches. Not the rebels and innovators! They long ago recognized the various downfalls of compliance-driven, one-size-fits-all, often perfunctory training. And they have chosen to play bigger. Cue human risk management: the evidence-based art and science of positively influencing cybersecurity behavior and instilling a security culture. Join us for this keynote to examine the fundamental mindset, process, and technology shift that is occurring and how you too can, and should, lead this movement. 

  • Challenge traditional security training and awareness: Recognize the limitations of conventional security awareness programs and the need for a more tailored approach to addressing human element breaches. 
  • Embrace human risk management: Embrace the evidence-based practice of human risk management to positively influence cybersecurity behavior and foster a strong security culture within your organization. 
  • Lead the change: Be a part of the fundamental shift in mindset, process, and technology to spearhead the movement toward effective human risk management in cybersecurity. 

Speakers:
Jinan Budge, VP, Principal Analyst, Forrester

9:40 am – 10:10 am ET

Keynote: From Fragile To Agile: Reimagining Software Supply Chain Security

The fragility of software is all too evident in worldwide outages, targeted attacks on customers, and needless breaches due to vendor vulnerabilities and missteps. To stop the onslaught, US and international governments are pushing for better transparency, resiliency, and security. But this won’t be enough; security leaders must adopt a systematic approach that treats software as an interconnected supply chain, ensuring robust security at every link. This keynote is a must-attend event to:

  • Learn the crucial roles and responsibilities of software supply chain: chooser, producer, and operator.
  • Grasp the vital steps and processes of a secure software supply chain.
  • Gain real-world perspective from peers who are actively implementing a software supply chain program.

Speakers:
Janet Worthington, Senior Analyst, Forrester
Rosa Underwood, Senior Cybersecurity Advisor (Acting), IT Specialist, U.S. General Services Administration
Cassie Crossley, Vice President, Supply Chain Security in the Global Cybersecurity & Product Security Office, Schneider Electric
Dr. Allan Friedman, Senior Advisor and Strategist , Cybersecurity and Infrastructure Security Agency

10:15 am – 11:05 am ET

Marketplace Coffee Break & Networking (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Attend one session:

10:20 am – 10:30 am - Incode: Connecting businesses with high-quality, low-risk customers

Speakers:
Shannon Monk, Enterprise Identity Consultant, Incode

10:35 am – 10:45 am - Archer: Evolv for Compliance

Archer Evolv for Compliance is a programmatic approach that connects incoming regulatory intelligence to control implementations utilizing AI and integrated compliance and audit capabilities. Through patented AI, Archer Evolv for Compliance enables regulatory horizon scanning and monitoring of relevant regulatory sources creating a streamlined feed of intelligence to drive regulatory change. The result is a consolidated view of obligations and an integrated approach to compliance and audit. In this demonstration, we will take you through the process of profiling your business, extracting obligations from regulatory sources and enabling you to stay ahead of regulatory change using the power of AI.

Speakers:
Themistocles Chronis, Principal Consultant, Archer

10:50 am – 11:00 am - Safe Security: GenAI for Unified Risk Management
In this product demo, we will showcase how GenAI can revolutionize cyber risk management through four key areas: know, understand, and communicate risk; operational prioritization and treatment; strategic prioritization and treatment; and TPRM. Attendees will experience firsthand how AI consolidates these critical areas into a unified platform, helping businesses better understand and manage their risk posture in real time, making it easier to prioritize and mitigate risks effectively.

Speakers:
Ram Vemula, Product Management - Head of Partnerships, Safe Security
Resha Chheda, VP, Product Marketing, Safe Security

10:25 am – 11:40 am ET

Level-Up Workshop: Transform Your Collaboration Efforts To Protect OT Environments (Pre-Registration Required)

CISOs are being tasked with implementing cybersecurity strategies to protect OT environments from cyberattacks. Despite this directive, initiatives to improve cybersecurity controls in OT environments are lagging. Workshop participants will learn:  

  • Why traditional cybersecurity processes and technologies fail in OT. 
  • How to customize cybersecurity initiatives to fit the unique characteristics of OT. 
  • Ways to collaborate more effectively with a new set of OT stakeholders and coworkers. 

Speakers:
Brian Wrozek, Principal Analyst, Forrester

10:20 am – 10:50 am ET

Analyst-Led Roundtables (Registration Required)

Expertly curated by our analysts, these 30-minute roundtables foster vibrant discussions among peers on trending topics. Held during breaks, they offer a prime opportunity for networking and knowledge sharing. Registration required.

Attend one session:

Healthcare

Speakers:
Alla Valente, Senior Analyst, Forrester
Paddy Harrington, Senior Analyst, Forrester

ZTE

Speakers:
Andre Kindness, Principal Analyst, Forrester

Security Organizational Structures Beyond The Three Lines Of Defense

Speakers:
Paul McKay, Vice President, Principal Analyst, Forrester
Madelein van der Hout, Senior Analyst, Forrester

Forrester Summit Certification: AI Roundtables

All attendees participating in the Forrester Summit Certification Program will have exclusive access to analyst-led roundtables focused on AI. You can learn more about the Summit Certification Program here.

Speakers:
Allie Mellen, Principal Analyst, Forrester
Andras Cser, VP, Principal Analyst, Forrester
Heidi Shey, Principal Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester

11:05 am – 11:35 am ET

Breakout Sessions

Leadership & Strategy
The Future Of The CISO: Six Archetypes, Revisited

For decades, current and future CISOs sought opportunities based on their personal network, industry experience, mentorship, and, in some cases, pure luck. There’s nothing wrong with this, but our research has uncovered that there’s an added dimension to job opportunities for CISOs to consider in order to maximize their personal and professional success: their past, present, and future archetypes. Join this session to learn:

  • The six types of CISOs and the skills, behaviors, and experiences that define them.
  • A methodology to understand the archetype desired based on details of open positions.
  • How to use the methodology to ensure that your career progresses with opportunities that fulfill your personal and professional goals and ambitions.

Speakers:
Jess Burn, Principal Analyst, Forrester

Risk & Compliance
A CISO’s Life Preserver For SEC Disclosure Requirements

New SEC requirements issued in 2023 made cybersecurity an important part of investor data, with spots reserved for it on 10-Ks and 8-Ks. Unfortunately, plenty of ambiguity still exists on what information should be included, the definition of materiality, and what best practices organizations will follow to provide investors with the right amount of detail. We conducted an analysis of disclosures related to items 1.05 and 106 and will provide a detailed analysis based on over a year’s worth of content for publicly traded companies attempting to comply with the rules. Join this session to:

  • Examine how companies are dealing with the ambiguous nature of materiality and its definition in context of cybersecurity.
  • Learn the common approaches to cybersecurity governance for publicly traded companies.
  • Discover the common security controls and frameworks used by companies based on investor materials.

Speakers:
Jeff Pollard, VP, Principal Analyst, Forrester

Prevention Detection & Response
Protect Data With Data Security And Insider Risk Collaboration

Insiders have privileged access to sensitive data and systems, and accidental or malicious data misuse by insiders is a risk to organizations. Data security is the first layer of protection against accidental data loss and data theft. Insider risk management focuses on reducing the risk of accidental and malicious insider incidents. While the functions have differences, they must collaborate to defend data. Principal Analyst Heidi Shey and VP, Research Director Joseph Blankenship will discuss how these functions can work together for a successful data protection strategy. Attendees will learn:

  • How data security and insider risk management differ and how they overlap.
  • Best practices for protecting sensitive data from insider incidents.
  • Recommendations for data security/insider risk management collaboration.

Speakers:
Heidi Shey, Principal Analyst, Forrester
Joseph Blankenship, VP, Research Director, Forrester

Identity & Fraud
AI Agents: Lots Of Hype, Lots Of Risk

Forrester predicts that AI agents will expand over the next couple years. While enterprise use cases dominate today, AI agents will expand and proliferate to consumer use cases and, eventually, consumer-owned AI agents. What does this mean from an identity and fraud perspective? Join this session to learn about:

  • The five categories of AI agents.
  • The fraud risks that each AI agent category may bring.
  • How to prepare for a future of AI agents.

Speakers:
Stephanie Liu, Senior Analyst, Forrester

Cloud & Application Security
“The Not-So-Premature Burial”: Rethinking Application Threat Modeling

Application threat modeling gets a bad rap thanks to its misuse as an audit checkbox and unrealistic expectations that a model will find every eventuality. Confusion is abundant about which of the various threat modeling frameworks to use. If you take a fresh look, however, you will see that threat modeling adds another layer of defense and saves dev and security teams time later. It doesn’t require a heavy, overengineered 300-line spreadsheet. In this session, attendees will:

  • Dispel common application threat modeling myths.
  • Understand how to build a business case for application threat modeling.
  • Learn how to discard the old approaches to threat modeling and embrace a new paradigm that meets business, development, and security needs.

Speakers:
Sandy Carielli, Principal Analyst, Forrester

11:40 am – 12:10 pm ET

Case Study Sessions (In-Person Only)

Hear real world case studies showcasing the value of partnering with the right security and risk provider.

 

Attend one session:

Archer: Harnessing the Power of AI for Compliance

Is your risk management program working for you or are you working for it?

Sumitomo Mitsui Banking (SMBC) used data analytics to take their control assurance activities to a whole new level. This QnA session will be a study of how SMBC not only revolutionized their approach to data analytics but also bridged the gap across the company’s siloed risk activities to build a cohesive, global integrated views of their control environment.

Speakers:
Steve Schlarman, Senior Director, Marketing Strategy, Archer
Gemma Cook, Executive Director, SMBC

ExtraHop: Unleashing The Power of the Network with NAV, A Case Study for the Art of the Possible

Join former Forrester Senior Analyst Heath Mullins and Supro Ghose, former CISO of Eagle Bank, as they discuss how ExtraHop transformed Eagle Bank’s network threat detection capabilities from a morass of false positives to an example of operational excellence.

Speakers:
Supro Ghose, CISO, Graphene Security
Heath Mullins, Chief Evangelist, ExtraHop

Hoxhunt: Security Culture Eats Human Risk for Breakfast: AES’ award-winning culture change journey with Hoxhunt

Building a good security culture is critical for addressing the human element in cybersecurity. In this engaging session, Noora Ahmed Moshe, Vice President of Strategy and Operations at Hoxhunt, and David Badanes, Director of Cybersecurity Program and Partnerships at AES Corporation, explore how AES successfully transformed its approach to cybersecurity through culture change. Discover how AES tackled key challenges in human risk management, implemented continuous training, and fostered psychological safety to encourage secure behaviors across its workforce of over 12,000 employees, contractors, and partners. Learn why positive reinforcement, individualized training, and leadership alignment were crucial in building resilience against threats—and how these efforts earned AES industry recognition. Join us for actionable insights and proven strategies to empower your people to become your organization’s greatest cybersecurity asset.

Speakers:
Noora Ahmed-Moshe, VP of Strategy and Operations, Hoxhunt
David Badanes, Director of Cybersecurity Program and Partnerships at AES, AES Corporation

12:10 pm – 1:25 pm ET

Lunch & Marketplace (In-Person Only)

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

12:10 pm – 1:25 pm ET

Security & Risk Summit Certification: Wrap-Up Lunch (Invite-Only)

Complete your Forrester Security & Risk Summit Certification journey by joining us for the wrap-up lunch to reflect on key learnings, exchange insights, and connect with peers and Forrester experts on leveraging AI in security operations.

Speakers:
Allie Mellen, Principal Analyst, Forrester
Amanda Lipson, Research Associate, Forrester

12:10 pm – 2:10 pm ET

Level-Up Workshop: Take Tactical Steps To Adopt Proactive Security (Pre-Registration Required)

*This session includes a lunch.

Join Senior Analyst Erik Nost for a workshop that breaks down the steps organizations can take to begin implementing more proactive security. Grounded on the three principles of proactive security (visibility, prioritization, and remediation), this workshop will provide methods to: 

  • Identify inputs and synergies for visibility, prioritization, and remediation. 
  • Guide participants in data management strategies. 
  • Discuss options for asset categorization and remediation prioritization. 
  • Learn how to work with a diverse set of vendors. 

Speakers:
Erik Nost, Senior Analyst, Forrester

12:20 pm – 1:15 pm ET

Executive Leadership Exchange (Invite-Only): Lessons and Perspectives from an Industry-Leading CISO

*This session includes a lunch.

Join us for a dive into the story behind Piedmont’s recognition as a top security leader in the industry. Discover the journey, challenges, and strategies that have set Monique Hart apart as a leading security professional and learn about her forward-looking perspective on security and risk. Come prepared with questions for a CISO recognized for groundbreaking leadership and resilience in today’s dynamic risk landscape. 

Speakers:
David Levine, VP, Executive Partner, Forrester
Monique Hart, Vice President, Information Security/ CISO, Piedmont

1:25 pm – 2:10 pm ET

Breakout Sessions + Ask An Expert

Leadership & Strategy
Choose The Optimal CISO Role For You

Forrester first defined the archetypes of CISO roles in 2021. In an earlier session, Principal Analyst Jess Burn will present our updated definitions of those archetypes. This panel session will feature CISOs who will demonstrate how the competencies of each archetype translate into their practice. Join us to learn how to:

  • Choose the CISO role that will suit you best.
  • Articulate your capabilities to show that you’re the best CISO for the job.

Speakers:
Laura Koetzle, VP, Group Director, Forrester
Daniel Ayala, Chief Trust Officer, Dotmatics
Patricia Titus, CISO, Booking Holdings (Booking.com)

Risk & Compliance
Cracking The Code: Decipher Third-Party Cyber Risk Management

Organizations globally report higher levels of enterprise risk due to their increased reliance on third parties. Combined with the volume of cyberattacks, breaches, and IT disruptions attributed to third parties, businesses recognize that they need more data to determine whether they should partner with a supplier and how to protect themselves during the relationship lifecycle. External cyber risk ratings and security posture signals are becoming an invaluable decoder ring for mitigating third-party cyber risk. Join this session to:

  • Understand the relationship between cyber risk ratings and third-party risk management.
  • Examine the limitations of cyber risk data in a third-party context.
  • Learn the key lifecycle phases and maturity levels for third-party cyber risk management.

Speakers:
Alla Valente, Senior Analyst, Forrester
Cody Scott, Senior Analyst, Forrester

Prevention Detection & Response
Enhance Mobile Security With AI And Zero Trust

Mobile devices are ubiquitous for users’ personal lives and have become equally as pervasive in their work lives. When surveyed, however, the majority of enterprises don’t employ even the basic level of security on mobile devices that they require on other endpoints such as laptops. This protection gap makes these devices vulnerable and introduces risk into the enterprise. In this session, Senior Analyst Paddy Harrington will discuss why mobile security is a critical part of a security strategy and how enterprises can use Zero Trust and AI to enhance mobile security. Attendees will learn:

  • Why mobile devices require advanced protection.
  • Recommendations for applying Zero Trust policies to mobile devices.
  • How changes in AI can better protect the enterprise through mobile device access.

Speakers:
Paddy Harrington, Senior Analyst, Forrester

Identity & Fraud
A Customer's Journey To Passwordless Authentication

Given that so many data breaches relate to authentication issues or theft, organizations are under pressure to enhance existing employee authentication methods. The hardware token or app-centric push notification methods are no longer foolproof, which is why many organizations are actively migrating from their existing multifactor authentication approaches to methods like passwordless that are phishing resistant to improve security without impeding the user experience. Join this session to hear how a well-esteemed customer migrated their entire workforce to passwordless authentication.

Speakers:
Geoff Cairns, Principal Analyst, Forrester
Joe Kaplan, Architecture and Strategy Lead for Digital Identity , Accenture

Cloud & Application Security
Decoding The API Security Market To Secure Your Applications

Organizations are investing heavily in building API-based microservices architectures and slaying monolithic architectures. Regulation- and API-related security breaches have focused attention on securing APIs, a long-neglected practice. Security leaders are being bombarded with a confusing raft of API security vendors all promising the land of milk and honey if you buy their product. In this session, attendees will:

  • Gain a capability framework to use to evaluate API security providers.
  • Learn about how the API security market will develop to future-proof your purchases.
  • Learn the eight API security practices you need to implement in your organization.

Speakers:
Madelein van der Hout, Senior Analyst, Forrester

2:20 pm – 2:50 pm ET

Keynote: Predictions 2025

Prepare for an exhilarating clash of insights as four leading Forrester analysts step into the spotlight to unveil their bold predictions for the future of cybersecurity, privacy, and risk

Each analyst will passionately defend their forecast, providing compelling evidence and engaging the audience with thought-provoking arguments. But the final verdict lies in your hands! You’ll have the opportunity to vote on which predictions you believe will shape the future.

Join us for this dynamic session, where the future is debated, and you decide which vision prevails!

Speakers:
Merritt Maxim, VP, Research Director, Forrester
Enza Iannopollo, Principal Analyst, Forrester
Paddy Harrington, Senior Analyst, Forrester
Jeff Pollard, VP, Principal Analyst, Forrester
Allie Mellen, Principal Analyst, Forrester

2:50 pm – 3:00 pm ET

Closing Remarks

Download Agenda
Please note: Your downloaded agenda will reflect the filters applied from above. To download the full agenda, please hit “clear all” at the top of this page to clear your filters.

Security & Risk Summit · December 9 – 11, 2024 · Baltimore & Digital