IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
Web Conference
Most organizations today have a vast array of privileged non-human accounts in use – with some research enumerating that for each human identity, there are an average of 92 NHIs. Provisioning and entitlements of NHIs is complex, as we see excessive permissions and secret mismanagement of these accounts commonplace. Agentic AI and Robot Process Automation (RPA) accounts further complicate the situation by expanding the use cases for NHIs. With many high-profile breaches in the past year stemming from NHI attacks and the use of NHIs continuing to exponentially grow – whether in your cloud environment or from the adoption of AI agents – CISOs and security leaders must review the architectural design, identity lifecycle and governance, and controls necessary to meet the specific requirements of these often poorly managed but highly privileged accounts.
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
Webinar
A Hiring-Process Penetration Test is an end-to-end, red-teaming service that stress-tests recruiters, tooling, and SOPs with the same tradecraft adversaries use. Live-fire simulations expose policy gaps, social-engineering weak points and technical bypasses across applicant tracking, identity verification and onboarding.
Matthew Toussain is the Founder and CIO of Open Security, an information security consulting firm specializing in holistic security services. Matt served as the senior cyber tactics development lead for the U.S. Air Force and worked as a security analyst for Black Hills Information Security and CounterHack Challenges. As a certified SANS instructor Matthew regularly delivers educational seminars to security practitioners around the world.
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty Jake Williams cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
As AI adoption accelerates, organizations are under growing pressure to implement effective governance aligned with emerging regulations and practical frameworks. In this webinar, IANS Faculty Justin Leapline demystifies leading AI governance frameworks and helps you understand how to apply them to real-world use cases. The session focuses primarily on actionable, current resources like the CSA AI Controls Matrix, NIST AI Risk Management Framework and ISO 42001, offering a comparative look at their strengths, overlaps and limitations. Whether you're building your AI governance program from the ground up or refining an existing one, this session equips you with the knowledge and next steps to move forward confidently.
Justin has over twenty years of experience in system administration, software development,and information security. His core skills include regulatory and contractual compliance,program management, payment card standards, and general governance and privacy practicesand frameworks.
He founded episki, a cloud-based governance tool geared toward helping mid-marketorganizations manage their security programs. Justin also performs fractional CISO andsecurity consulting services for various clients in multiple industries, including areasinvolving GRC, DevSecOps, Privacy, and other matters.
Before his current roles, Justin consulted with Fortune 1000 companies in informationsystems, audit, governance, and cybersecurity. He has led the governance and securitypractices for leading eCommerce and large financial services companies. Additionally,Justin has spoken at conferences concerning risk management, the payment card industry(PCI), security leadership, and general information security practices.
Hilton Richardson Dallas
AI is putting legacy data governance processes under a microscope. In response, a number of key frameworks are emerging to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance, regardless of which framework you choose, and provides a rundown of some of the most prominent AI governance frameworks.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
Cybersecurity career growth requires the ability to bridge the gap between cyber risks and business priorities. Today’s most effective security professionals have the skills to translate technical challenges into clear, compelling narratives their business peers understand and support. Join IANS Faculty Wolfgang Goerlich and Nicole Dove in a discussion that explores the technical and business skills that elevate individual careers and strengthen the broader security function. Participants will gain insights into the core competencies that drive advancement—for you and your organization.
Nicole is an award-winning information security leader with 18 years of experience driving results across cybersecurity, audit, global operations and relationship management functions. As Head of Security for Riot Games, she leads a team of BISOs focused on developing and deploying cybersecurity strategies that align with business priorities. Nicole uses a practical, balanced approach to maturing risk and security programs, leveraging her experience from investment banking, media, offshoring, audit and management consulting to enable innovation, manage risk, drive operational efficiencies and improve client experience.
Chicago Marriott Downtown Magnificent Mile
According to Verizon’s 2024 Data Breach Investigations Report, ransomware remains the top threat across 92% of industries, with roughly one-third of all breaches involving ransomware or some other extortion technique. In this symposium, we’ll use digital forensics and incident response reports from real-world incidents to walk through the tactics, techniques and procedures of top ransomware gangs and share lessons learned to help you avoid the same fate.
Cyber Resilience has become THE hot topic at the IANS CISO Roundtables we've hosted this year. As security supply chains become more complex and inter-dependencies grow, modernizing your resilience capabilities is essential. Clients are turning to Tabletops in order to test and measure their effectiveness here, but how do you know if you're doing it right and getting value?
The Westin Charlotte
This one-day event is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Engage with IANS Faculty members and network with peers who are tackling similar challenges.
In this webinar, IANS Faculty Steve Martano and Senior Research Director Nick Kakolowski will unpack the findings of the IANS and Artico 2025 CISO Compensation and Budget Survey to provide a deep dive on how security budgets are changing and what you can do about.
Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. He leads strategic partnerships and initiatives including Artico’s annual CISO compensation & budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.
Quantum computing may still be in its infancy, but cryptography is designed to protect against future threats, not just current ones. ‘Store now, decrypt later’ strategies add to the urgency to act. In other words, the time to begin the post-quantum cryptography (PQC) migration is right now. Still, there is a lot of hype in the post-quantum cryptography space and there are always opportunists looking to profit off the hype and fear as it grows. In this symposium, IANS Faculty Adrian Sanabria takes an unbiased look at the current state of PQC with actionable recommendations to help you move your PQC strategy forward.
Adrian is the Principal Researcher at The Defenders Initiative, a firm he founded to feature and support decades of cybersecurity research. His foundation spans technical, GRC, and leadership roles with a background as a practitioner, incident responder, penetration tester, and PCI QSA.
As an industry analyst, studying market trends, working with founders and investors brought a deep understanding of the business side of cybersecurity. After Adrian’s own startup was acquired, he spent seven years helping startups grow, market, and sell to their clients. Leaving the startup space, Adrian is once again focused on helping practitioners solve fundamental challenges, with or without the help of industry vendors.
New York Marriott Marquis
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our virtual roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
Hyatt Regency Santa Clara
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our in-person roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
TBD
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.
In the past ten years, many organizations have found themselves with deployments in a number of leading cloud service provider (CSP) environments. In the early years of multicloud, most security teams struggled to determine the right controls and practices to effectively protect their organizations. While this is sometimes still the case today, we’ve learned a lot about what works and what doesn’t in multicloud security architecture, policy and operations.
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
Wyndham Atlanta Buckhead Hotel & Conference Center
Omni Boston Hotel at the Seaport
Convene
Marriott Marquis Times Square
The Westin Dallas Stonebriar
Raddison Blu Aqua Hotel