IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
The University of Massachusetts Club
Security architecture teams often face burnout from juggling too much engineering work or being pulled into non-architectural tasks. Misalignment with enterprise architects and challenges in demonstrating value to the organization further compound the problem. During this highly interactive event, IANS Faculty Wolfgang Goerlich will share his experience and expertise and facilitate peer-to-peer discussions that provide you actionable insights to elevate your architecture program to improve maturity, demonstrate value, and drive high-quality results
J. Wolfgang Goerlich is a CISO in the public sector. Prior to this role, he led IT and IT security in the healthcare, financial services, and tech verticals. Wolfgang has held senior positions at several consulting firms, leading security advisory and assessment practices. He is a strong presence in the security community, contributing to the establishment and organization of multiple groups and events. Wolfgang focuses on strategy, governance, identity and access management, and resilience.
Web Conference
Most organizations now grapple with explosive growth in privileged non-human identities (NHIs)—from OS-scoped service accounts and SaaS tokens to RPA bots and agentic AI. Recent incidents show attackers bypassing humans entirely by abusing OAuth and app-to-app integrations to siphon data and cloud keys, underscoring how NHI compromise fuels supply-chain style breaches. This session reframes NHI security around practical lifecycle management and hard-won field lessons. We’ll cut through hype on AI agents to the real work: securing emerging protocols like MCP, tightening SaaS-to-SaaS grants, and balancing priorities between the emerging and legacy pain that still drives risk. Attendees leave with actionable architectures, governance patterns and controls that reduce NHI blast radius in imperfect, real-world conditions.
This one-day event is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Engage with IANS Faculty members and network with peers who are tackling similar challenges.
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty Jake Williams cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.
Webinar
The November Privacy Briefing will feature IANS Faculty members Lisa Perdelwitz and Jodi Daniels. This informal discussion will explore recent legal developments and anticipated rulings, highlighting how they influence AI strategies and surface emerging privacy risks. We will examine how infosec leaders can collaborate across teams to not only implement and operationalize privacy and data protection requirements, but also proactively manage the evolving landscape of AI-driven data challenges.
Lisa Perdelwitz brings over 20 years of global leadership and cybersecurity expertise. She is the Founder and CEO of Ligilo, a leadership consultancy, is a Board Advisor for the Cyber Resilience ISAC (CR-ISAC), and serves part-time in the Air National Guard. Lisa has led global security organizations, advised C-suite executives and boards on managing cybersecurity risk, shaped federal policies, and developed multinational cyber defense and warfare strategies. Throughout, she consistently focuses on creating competitive advantage by developing and investing in leaders who build resilient, high-performing tech teams and cultures.
Jodi Daniels is a Founder and CEO of Red Clover Advisors, a privacy consultancy, that integrates data privacy strategy and compliance into a flexible, scalable approach that simplifies complex privacy challenges. A Certified Information Privacy Professional, Jodi brings over 27 years of experience in privacy, marketing, strategy, and finance across diverse sectors, working and supporting startups to Fortune 500 companies.
Jodi Daniels is a national keynote speaker, host of the top ranked She Said Privacy/He Said Security Podcast and WSJ best-selling author of Data Reimagined: Building Trust One Byte at a Time, and also has been featured in The Economist, WSJ, Forbes, Inc. and more. Jodi holds an MBA and a BBA from Emory University’s Goizueta Business School.
The leading cause of data breaches and security issues has been compromised credentials. These are the very things we rely on for solving security and they are the area most successfully attacked. Moreover, that trend is only intensifying as adversaries increasingly leverage GenAI in their attacks; data shows that ATO attempts have increased 46% between 2023 and mid-2025, largely driven by AI-enhanced phishing and social engineering attacks. In this webinar, IANS Faculty Gunnar Peterson offers new ways to think about our most foundational control, authentication, by looking at AuthN from a threat perspective.
Gunnar is the CISO at Forter, a trust platform for digital commerce. Previously, he was chief security architect at Bank of America, a visiting scientist at the Software Engineering Institute at Carnegie Mellon, and a contributing analyst at Securosis.
The Westin Dallas Stonebriar
CISO Roundtables are the most exclusive, intimate events offered by IANS. Our in-person roundtables are curated experiences with agendas designed specifically for an organization’s CISOs and senior-most executives. In addition to strategic insights presented by IANS Faculty, facilitated conversations and networking opportunities allow you and your CISO peers to share best practices in a trusted, closed-door environment.
Raddison Blu Aqua Hotel
Coming Soon!
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
The CISO role continues to increase in visibility and influence in the business, due to a dramatic expansion in scope over the last few years. However, compensation growth for CISOs has not kept pace with the changes in both scope and impact. Macro conditions have slowed the market down and a general lack of job movement has contributed to relatively meager gains in CISO compensation through 2025 compared to prior years. In this webinar, IANS Faculty Steve Martano and Senior Research Director Nick Kakolowski will explore the findings of the IANS and Artico CISO Compensation and Budget Survey to discuss the broader CISO hiring market. While they'll focus on unpacking the data on CISO compensation and anecdotal market trends behind that data, they'll use that data as an entry point into a conversation designed to help CISOs think about their own standing in the business, providing insights and strategies to continue to enhance their brand and the brand of their program.
Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. He leads strategic partnerships and initiatives including Artico’s annual CISO compensation & budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.
What do your peers spend on security software and services and which areas are growing fastest? Benchmark your budget and allocation with IANS' Security Software and Services 2025 Benchmark Report. IANS Faculty Dave Shackleford and Guillaume Ross will discuss: Budget allocation: Where CISOs prioritize spend today, and how that may change in 2026 Unified platforms: Why organizations are moving to unified platforms, who are the most trusted vendors and how to negotiate effective contracts MSSPs: What is their role in the security stack, who should be using them and best practices for structuring MSSP relationships
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
With an uptick in vibe coding and AI-assisted coding practices in general, organizations are finding their teams are trying to take advantage of the speed and efficiency of AI in development, but this is often at the expense of security. LLMs lean towards functionality over security in code generation tasks. Generated code can contain vulnerabilities such as missing input validation, SQL injection, weak authentication, hardcoded credentials and outdated cryptographic algorithm use. These risks are further amplified by unvetted training data, insecure prompting patterns and a lack of standards for integrating SAST/DAST into AI-assisted development pipelines. Add to that the growing threat of prompt injection, data poisoning and model supply chain compromise, and the attack surface expands fast.
Joff is a security analyst and penetration tester at Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis and exploit research. He is also an instructor at the SANS Institute, where he primarily teaches the use of Python for information security purposes.
AI is putting legacy data governance processes under a microscope. In response, a number of key frameworks are emerging to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance, regardless of which framework you choose, and provides a rundown of some of the most prominent AI governance frameworks.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.