IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
New York Marriott Marquis
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty Jake Williams cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
Webinar
Making the shift from hands-on execution to shaping Infosec strategy requires a change in focus and mindset. Join Gary McAlum, Former CISO at AIG, and Summer Fowler, CISO at Torc Robotics, for this 60-minute discussion on taking your cyber leadership to the next level. Gary and Summer will share how they have helped leaders make the leap from being a technically driven professional to a business partner and how the IANS Leadership Development Program can help leaders develop the tools and mindset to thrive at the executive table. We will explore the critical skills of Business Acumen and Executive Presence to position yourself as a trusted business risk executive and prepare for future responsibilities.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
Gary recently retired from AIG as their Chief Information Security Officer where he led the global cybersecurity risk management program while working closely the Executive Leadership Team to drive information security strategy for the company. In addition to his IANS Faculty work, Gary currently provides CISO advisory support to HiddenLayer, a cybersecurity company that specializes in security for artificial intelligence and machine learning systems. Prior to AIG, Gary served as Senior Vice President at USAA and was their first Chief Security Officer where he was responsible for building out a holistic security program spanning Information Security, Fraud Operations, Privacy, Business Continuation, Physical Security, and Corporate Investigations. Gary spent a short time with Deloitte in their federal practice after a 25-year career as an Air Force officer where he served in a variety of leadership and staff positions within the information technology career field including: telecommunications, satellite communications, deployed network operations, and cybersecurity. Most notably, Gary was on the front line of cyberspace operations for the Department of Defense where he supported the establishment and evolution of the Joint Task Force Global Network Operations, the organization that was the focal point for the operation and security of DoD information systems and networks, and pre-cursor to establishment of the US Cyber Command.
Web Conference
The exponential growth of AI agents and MCP connectors will pose increasing challenges for cybersecurity teams as their dynamic nature can undermine past investments in security controls. Join IANS Faculty Aaron Turner for a look into how innovative cybersecurity teams are working with their AI counterparts to embrace the potential of AI while still managing risks through compensating controls.
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
Hyatt Regency Santa Clara
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our in-person roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
Hyatt Regency Minneapolis
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.
A good implementation plan can mean the difference between a successful tool/service purchase and shelfware. In this webinar, IANS Faculty offer key guidance, including: Involving the right people and earmarking the right resources Setting achievable project milestones, and knowing when implementation is over and usage/optimization begins Configuring the right metrics to ensure you gain value immediately and over time
George is currently chief security officer at Bedrock Security, an organization specializing in AI-driven data protection. Before that, he was head of trust and interim CISO at MongoDB and Sumo Logic's chief security officer & SVP of IT. George possesses more than 20 years of leadership experience in the domains of cybersecurity, compliance and cloud operations. He has actively participated at the forefront of secure architecture, privacy and DevSecOps since co-founding the VMware Center for Policy & Compliance.
A recognized authority in the industry, George is a frequent keynote speaker at significant security forums, including RSA, Black Hat and TEDx. He actively provides advisory services to various cybersecurity startups and enterprise technology companies, assisting in the development of product and go-to-market strategies. Additionally, George serves on several advisory boards and is a co-founder of XFoundation, a nonprofit organization dedicated to raising awareness about fentanyl poisoning.
Nicole is an award-winning information security leader with 18 years of experience driving results across cybersecurity, audit, global operations and relationship management functions. As Head of Security for Riot Games, she leads a team of BISOs focused on developing and deploying cybersecurity strategies that align with business priorities. Nicole uses a practical, balanced approach to maturing risk and security programs, leveraging her experience from investment banking, media, offshoring, audit and management consulting to enable innovation, manage risk, drive operational efficiencies and improve client experience.
In the past ten years, many organizations have found themselves with deployments in a number of leading cloud service provider (CSP) environments. In the early years of multicloud, most security teams struggled to determine the right controls and practices to effectively protect their organizations. While this is sometimes still the case today, we’ve learned a lot about what works and what doesn’t in multicloud security architecture, policy and operations.
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
Wyndham Atlanta Buckhead Hotel & Conference Center
This one-day event is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Engage with IANS Faculty members and network with peers who are tackling similar challenges.
Your CEO wants AI agents. Your board is asking about GenAI strategy. Meanwhile, only very few organizations have fully implemented Zero Trust, and a vast majority of AI pilots never reach production. What if you could solve both challenges at once? Join IANS Faculty Josh Woodruff for a practical webinar that transforms the AI gold rush into your Zero Trust breakthrough.
Josh Woodruff is the Founder and CEO of Massive Scale Consulting, partnering with organizations to embrace AI, adopt Zero Trust security, and leverage cloud strategies for secure digital transformation. Josh also co-leads the Cloud Security Alliance Zero Trust Working Group. He has over 25 years of executive leadership in cybersecurity and technology strategy across innovative startups, technology giants, and global enterprises in biotech, aerospace, finance, manufacturing, and critical infrastructure. His background as both CIO and CISO enables him to align advanced technical solutions with strategic business outcomes.
Business teams are racing to use M365 Copilot, putting pressure on security teams to identify potential risks and put guardrails in place to address those risks.
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
Omni Boston Hotel at the Seaport
As infosec teams grapple with tightened resourcing, balancing the skillsets of your employees, maximizing existing staff and positioning leaders to empower their teams is becoming even more critical as scope expansion outpaces resource allocation. Pulling insights from the IANS and Artico 2025 CISO Compensation and Budget and Infosec Staff Compensation and Career Surveys, IANS Faculty Steve Martano and Senior Research Director will offer guidance on how to organize and optimize your infosec team, position security as an indispensable business partner.
Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. He leads strategic partnerships and initiatives including Artico’s annual CISO compensation & budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.
Convene
Coming Soon!
AI is putting legacy data governance processes under a microscope. In response, a variety of frameworks have emerged to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance
Marriott Marquis Times Square
Traditional approaches to TPRM are falling short, with most organizations still heavily relying on vendor questionnaires. However, vendors are more dynamic than a static assessment allows, making the current approach more of a check-the-box exercise for teams than an actionable roadmap for threat mitigation. To effectively manage third-party risk on a larger scale, it's important to adopt a layered approach that thoughtfully integrates automation and AI while relying on tangible evidence. In this symposium, IANS Faculty George Gerchow provides strategies to help move away from point-in-time, one-size-fits-all assessments to a place where risk is continuously visible, measurable and actionable.
The University of Massachusetts Club
Security architecture teams often face burnout from juggling too much engineering work or being pulled into non-architectural tasks. Misalignment with enterprise architects and challenges in demonstrating value to the organization further compound the problem. During this highly interactive event, IANS Faculty Wolfgang Goerlich will share his experience and expertise and facilitate peer-to-peer discussions that provide you actionable insights to elevate your architecture program to improve maturity, demonstrate value, and drive high-quality results
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
The Westin Dallas Stonebriar
Raddison Blu Aqua Hotel