IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
Omni Boston Hotel at the Seaport
This one-day event is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Engage with IANS Faculty members and network with peers who are tackling similar challenges.
Webinar
As infosec teams grapple with tightened resourcing, balancing the skillsets of your employees, maximizing existing staff and positioning leaders to empower their teams is becoming even more critical as scope expansion outpaces resource allocation. Pulling insights from the IANS and Artico 2025 CISO Compensation and Budget and Infosec Staff Compensation and Career Surveys, IANS Faculty Steve Martano and Senior Research Director will offer guidance on how to organize and optimize your infosec team, position security as an indispensable business partner.
Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. He leads strategic partnerships and initiatives including Artico’s annual CISO compensation & budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.
The past month has seen a variety of supply chain compromises. In this emerging issue briefing, we’ll delve into the pertinent implications of those compromises for CISOs and their teams. On the third-party services side, we'll discuss the continuing fallout from recent Salesloft, Red Hat and Oracle breaches. Then we'll discuss impacts from software component supply chain issues, including npm, RubyGems and an attempted PyPi package takeover. We’ll also examine the first known (but certainly not the last) backdoor in an enterprise MCP server. Finally, we'll explore what orgs should be doing to respond to existing incidents and position themselves to be maximally resilient to future supply chain security attacks.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
Convene
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our in-person roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
Coming Soon!
AI is putting legacy data governance processes under a microscope. In response, a variety of frameworks have emerged to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance
Research highlighted in The Wall Street Journal last month showed employees fell victim to phishing at similar rates, regardless of training. Meanwhile, AI is accelerating both the volume and sophistication of phishing attempts and deepfakes. While leaders assess their Cybersecurity Awareness Month initiatives, this session will challenge your thinking around the use of traditional simulations and explore more impactful strategies. IANS Faculty and practicing CISOs Wolfgang Goerlich and George Gerchow will cut through the noise, debating what works, what doesn’t, and how to build more effective security awareness programs.
George is currently chief security officer at Bedrock Security, an organization specializing in AI-driven data protection. Before that, he was head of trust and interim CISO at MongoDB and Sumo Logic's chief security officer & SVP of IT. George possesses more than 20 years of leadership experience in the domains of cybersecurity, compliance and cloud operations. He has actively participated at the forefront of secure architecture, privacy and DevSecOps since co-founding the VMware Center for Policy & Compliance.
A recognized authority in the industry, George is a frequent keynote speaker at significant security forums, including RSA, Black Hat and TEDx. He actively provides advisory services to various cybersecurity startups and enterprise technology companies, assisting in the development of product and go-to-market strategies. Additionally, George serves on several advisory boards and is a co-founder of XFoundation, a nonprofit organization dedicated to raising awareness about fentanyl poisoning.
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
Marriott Marquis Times Square
Web Conference
Traditional approaches to TPRM are falling short, with most organizations still heavily relying on vendor questionnaires. However, vendors are more dynamic than a static assessment allows, making the current approach more of a check-the-box exercise for teams than an actionable roadmap for threat mitigation. To effectively manage third-party risk on a larger scale, it's important to adopt a layered approach that thoughtfully integrates automation and AI while relying on tangible evidence. In this symposium, IANS Faculty George Gerchow provides strategies to help move away from point-in-time, one-size-fits-all assessments to a place where risk is continuously visible, measurable and actionable.
The University of Massachusetts Club
Security architecture teams often face burnout from juggling too much engineering work or being pulled into non-architectural tasks. Misalignment with enterprise architects and challenges in demonstrating value to the organization further compound the problem. During this highly interactive event, IANS Faculty Wolfgang Goerlich will share his experience and expertise and facilitate peer-to-peer discussions that provide you actionable insights to elevate your architecture program to improve maturity, demonstrate value, and drive high-quality results
Most organizations now grapple with explosive growth in privileged non-human identities (NHIs)—from OS-scoped service accounts and SaaS tokens to RPA bots and agentic AI. Recent incidents show attackers bypassing humans entirely by abusing OAuth and app-to-app integrations to siphon data and cloud keys, underscoring how NHI compromise fuels supply-chain style breaches. This session reframes NHI security around practical lifecycle management and hard-won field lessons. We’ll cut through hype on AI agents to the real work: securing emerging protocols like MCP, tightening SaaS-to-SaaS grants, and balancing priorities between the emerging and legacy pain that still drives risk. Attendees leave with actionable architectures, governance patterns and controls that reduce NHI blast radius in imperfect, real-world conditions.
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty Jake Williams cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
The November Privacy Briefing will feature IANS Faculty members Lisa Perdelwitz and Jodi Daniels. This informal discussion will explore recent legal developments and anticipated rulings, highlighting how they influence AI strategies and surface emerging privacy risks. We will examine how infosec leaders can collaborate across teams to not only implement and operationalize privacy and data protection requirements, but also proactively manage the evolving landscape of AI-driven data challenges.
Lisa Perdelwitz brings over 20 years of global leadership and cybersecurity expertise. She is the Founder and CEO of Ligilo, a leadership consultancy, is a Board Advisor for the Cyber Resilience ISAC (CR-ISAC), and serves part-time in the Air National Guard. Lisa has led global security organizations, advised C-suite executives and boards on managing cybersecurity risk, shaped federal policies, and developed multinational cyber defense and warfare strategies. Throughout, she consistently focuses on creating competitive advantage by developing and investing in leaders who build resilient, high-performing tech teams and cultures.
Jodi Daniels is a Founder and CEO of Red Clover Advisors, a privacy consultancy, that integrates data privacy strategy and compliance into a flexible, scalable approach that simplifies complex privacy challenges. A Certified Information Privacy Professional, Jodi brings over 27 years of experience in privacy, marketing, strategy, and finance across diverse sectors, working and supporting startups to Fortune 500 companies.
Jodi Daniels is a national keynote speaker, host of the top ranked She Said Privacy/He Said Security Podcast and WSJ best-selling author of Data Reimagined: Building Trust One Byte at a Time, and also has been featured in The Economist, WSJ, Forbes, Inc. and more. Jodi holds an MBA and a BBA from Emory University’s Goizueta Business School.
The Westin Dallas Stonebriar
Raddison Blu Aqua Hotel
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
The CISO role continues to increase in visibility and influence in the business, due to a dramatic expansion in scope over the last few years. However, compensation growth for CISOs has not kept pace with the changes in both scope and impact. Macro conditions have slowed the market down and a general lack of job movement has contributed to relatively meager gains in CISO compensation through 2025 compared to prior years. In this webinar, IANS Faculty Steve Martano and Senior Research Director Nick Kakolowski will explore the findings of the IANS and Artico CISO Compensation and Budget Survey to discuss the broader CISO hiring market. While they'll focus on unpacking the data on CISO compensation and anecdotal market trends behind that data, they'll use that data as an entry point into a conversation designed to help CISOs think about their own standing in the business, providing insights and strategies to continue to enhance their brand and the brand of their program.
AI is putting legacy data governance processes under a microscope. In response, a number of key frameworks are emerging to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance, regardless of which framework you choose, and provides a rundown of some of the most prominent AI governance frameworks.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.