IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
Webinar
Looking ahead to 2026, we anticipate a year marked by continued ambiguity and change, where resource-constrained defenders battle well-enabled and resourced adversaries leveraging AI for their attacks. Concurrently, the CISO role continues to evolve, shifting from a technical guardian to a strategic business partner focused on influence, communication and value creation to navigate increasing risk, regulations and economic pressures on security budgets. In this webinar, IANS Faculty Aaron Turner and Steven John call out the areas they believe will be most impactful to CISOs and their teams in 2026. Hear an overview of the trends and recommendations of actionable steps to work into your roadmap.
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
Steven is an accomplished Global Senior Executive and Board Member with more than 30 years of success, and a diverse background spanning healthcare, software, agriculture, retail, wholesale, distribution, chemical manufacturing, and ecommerce companies ranging from startup to well-established to turnaround. Steven is an invaluable asset to a company employing new technologies to transform and grow, engaging data assets to build competitive advantage, mitigating future-looking risks like disruptive business models and cyber-attacks, working with private equity and activist investors to refresh and retool, developing emerging technologies and services that increase value for the customer and elevates the company’s market position.
Throughout his Executive career, Steven has held business or IT positions with Workday, Agriliance, HB Fuller, First Health, CIGNA, and Transora, and Aramark. He also teaches an IT leadership forum in NYC for Fortune 500 companies. A seasoned Board Member, Steven has held positions with RAPID, Gemini Ventures, and DEMO CIO Council. Additionally, he is a Founding Member of the Agricultural CIO Forum and the CIO Executive Council. Proving his thought leadership, he was selected by Computerworld Magazine as one of the Premier 100 IT Leaders; CIO Executive Council as Leader of the Year; InformationWeek as a Relentless Innovator; Hewlett-Packard as a Member of their Big Data Customer Advisory Council; and inducted into the CIO Hall of Fame in 2018.
Web Conference
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.
Specific agentic AI threat models have been developed to address the unique risks and challenges that exist due to the autonomy, continuous learning and interaction of agentic AI systems. In this virtual symposium, delve into how to threat model agentic AI applications, the differences between industry-leading threat models/frameworks and how to apply them to your environment.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
The AWS and Azure cloud outages this past fall, and predictions by some that we will likely see another hyperscaler outage in 2026 at least of the order of magnitude of these last ones, have many organizations considering their cloud resiliency strategy. For most orgs, using more than one cloud environment is common, but given the impact of the recent outages, some may be wondering if doubling-down on their multicloud strategy is the way to ensure continuity.
Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally, Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.
Whether concerned with the increased risks of data exfiltration via AI or the growing infiltration of imposter North Korean remote workers, organizations are looking for ways to enhance protection of insider threat risks. This symposium provides specific, actionable recommendations whether you’re just standing up a program or looking to mature and modernize it. We’ll share strategies to improve your monitoring within Legacy Applications, M365, Azure, AWS and GCP environments, and recommend processes for cross-functional collaboration to identify key applications and data, establish baselines for day-to-day activity, detect anomalies and respond to risks.
For most organizations, using more than one cloud environment is common for a variety of reasons. In the past, many security teams felt like they were stretched thin trying to cover multiple cloud environments, but today we’ve learned a lot about what works and what doesn’t in multicloud security architecture, policy and operations. With huge growth in both commercial and open source security tools and services that can accommodate multiple leading clouds, and better DevOps and cloud engineering practices in place within pipelines and operations teams, there’s lots of design patterns and best practices that enterprise teams can embrace. In light of recent outages with some of the larger providers, resilience and continuity is also top of mind for cloud deployments, as well.
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
The Model Context Protocol (MCP), an open standard defining how AI assistants connect to external data sources and tools, is becoming vital infrastructure for generative and agentic AI applications. As organizations rapidly adopt these capabilities while managing risks, this symposium helps security leaders understand MCP's architecture, why vendors are quickly developing MCP servers, and the security risks of connecting AI systems to enterprise resources. We also explore how AI Security Posture Management (AI-SPM) tools are evolving to address these challenges and provide practical frameworks for managing MCP-enabled AI deployments.
George is currently chief security officer at Bedrock Security, an organization specializing in AI-driven data protection. Before that, he was head of trust and interim CISO at MongoDB and Sumo Logic's chief security officer & SVP of IT. George possesses more than 20 years of leadership experience in the domains of cybersecurity, compliance and cloud operations. He has actively participated at the forefront of secure architecture, privacy and DevSecOps since co-founding the VMware Center for Policy & Compliance.
A recognized authority in the industry, George is a frequent keynote speaker at significant security forums, including RSA, Black Hat and TEDx. He actively provides advisory services to various cybersecurity startups and enterprise technology companies, assisting in the development of product and go-to-market strategies. Additionally, George serves on several advisory boards and is a co-founder of XFoundation, a nonprofit organization dedicated to raising awareness about fentanyl poisoning.