IANS brings you together with your peers and experts from the IANS Faculty. IANS Faculty are industry practitioners that provide the breadth and depth of information to help you tackle your toughest problems. Walk away with new connections and practical solutions.
Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.
One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.
Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.
Hour-long interactive discussions examining hot topics in information security.
Raddison Blu Aqua Hotel
This one-day event is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Engage with IANS Faculty members and network with peers who are tackling similar challenges.
Coming Soon!
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
Shannon is the Founder and CEO of ThirdScore. This followed her role as VP, Security at Adobe, where she led Product and Software Security. Shannon is also the Founder of DevSecOps, a non-profit organization committed to uniting security with DevOps and Agile practices via experimentation and education. Shannon is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America.
Webinar
The CISO role continues to increase in visibility and influence in the business, due to a dramatic expansion in scope over the last few years. However, compensation growth for CISOs has not kept pace with the changes in both scope and impact. Macro conditions have slowed the market down and a general lack of job movement has contributed to relatively meager gains in CISO compensation through 2025 compared to prior years. In this webinar, IANS Faculty Steve Martano and Senior Research Director Nick Kakolowski will explore the findings of the IANS and Artico CISO Compensation and Budget Survey to discuss the broader CISO hiring market. While they'll focus on unpacking the data on CISO compensation and anecdotal market trends behind that data, they'll use that data as an entry point into a conversation designed to help CISOs think about their own standing in the business, providing insights and strategies to continue to enhance their brand and the brand of their program.
Steve is a partner in Artico Search’s cybersecurity practice. He is an expert in security executive recruiting and compensation focused on recruiting best-in-class CISOs and their teams across various industries. He leads strategic partnerships and initiatives including Artico’s annual CISO compensation & budget survey conducted in collaboration with IANS. Prior to Artico, Steve served in Caldwell Partner's cybersecurity practice and at Russell Reynolds associates.
What do your peers spend on security software and services and which areas are growing fastest? Benchmark your budget and allocation with IANS' Security Software and Services 2025 Benchmark Report. IANS Faculty Dave Shackleford and Guillaume Ross will discuss: Budget allocation: Where CISOs prioritize spend today, and how that may change in 2026 Unified platforms: Why organizations are moving to unified platforms, who are the most trusted vendors and how to negotiate effective contracts MSSPs: What is their role in the security stack, who should be using them and best practices for structuring MSSP relationships
Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.
With an uptick in vibe coding and AI-assisted coding practices in general, organizations are finding their teams are trying to take advantage of the speed and efficiency of AI in development, but this is often at the expense of security. LLMs lean towards functionality over security in code generation tasks. Generated code can contain vulnerabilities such as missing input validation, SQL injection, weak authentication, hardcoded credentials and outdated cryptographic algorithm use. These risks are further amplified by unvetted training data, insecure prompting patterns and a lack of standards for integrating SAST/DAST into AI-assisted development pipelines. Add to that the growing threat of prompt injection, data poisoning and model supply chain compromise, and the attack surface expands fast.
Joff is a security analyst and penetration tester at Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis and exploit research. He is also an instructor at the SANS Institute, where he primarily teaches the use of Python for information security purposes.
Web Conference
AI is putting legacy data governance processes under a microscope. In response, a number of key frameworks are emerging to provide a foundation for orgs to use as a starting point. This session dives into the strategic and tactical steps to take to improve AI governance, regardless of which framework you choose, and provides a rundown of some of the most prominent AI governance frameworks.
Summer is a three-time CISO in the autonomous vehicle industry currently at Torc Robotics, which specializes in AI software for long-haul trucking. She is also a faculty member at Carnegie Mellon University where she teaches a graduate course in cybersecurity policy and multiple courses on cybersecurity metrics and product cybersecurity for executive education programs. In addition, Summer serves on the board of directors for Brentwood Bank, a regional bank in Pittsburgh, PA. She is also an active board member for the Forte Group, an advocacy and education non-profit focused on amplifying women in technology, cybersecurity, and privacy. Summer is often requested to speak at conferences and events, and she has provided expert testimony on cybersecurity risk in the US Congress.
Prior to her role at Torc Robotics, Summer worked at Motional and Argo AI, both AI companies focused on robo-taxi technology. She also led cybersecurity risk and resilience at Carnegie Mellon University's CERT program and Johns Hopkins University's Applied Physics Lab. Summer started her career as a software engineer at Northrop Grumman Corporation after receiving her MS and BS in Computer Science from the University of Pittsburgh.
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
Looking ahead to 2026, we anticipate a year marked by continued ambiguity and change, where resource-constrained defenders battle well-enabled and resourced adversaries leveraging AI for their attacks. Concurrently, the CISO role continues to evolve, shifting from a technical guardian to a strategic business partner focused on influence, communication and value creation to navigate increasing risk, regulations and economic pressures on security budgets. In this webinar, IANS Faculty Aaron Turner and Steven John call out the areas they believe will be most impactful to CISOs and their teams in 2026. Hear an overview of the trends and recommendations of actionable steps to work into your roadmap.
Steven is an accomplished Global Senior Executive and Board Member with more than 30 years of success, and a diverse background spanning healthcare, software, agriculture, retail, wholesale, distribution, chemical manufacturing, and ecommerce companies ranging from startup to well-established to turnaround. Steven is an invaluable asset to a company employing new technologies to transform and grow, engaging data assets to build competitive advantage, mitigating future-looking risks like disruptive business models and cyber-attacks, working with private equity and activist investors to refresh and retool, developing emerging technologies and services that increase value for the customer and elevates the company’s market position.
Throughout his Executive career, Steven has held business or IT positions with Workday, Agriliance, HB Fuller, First Health, CIGNA, and Transora, and Aramark. He also teaches an IT leadership forum in NYC for Fortune 500 companies. A seasoned Board Member, Steven has held positions with RAPID, Gemini Ventures, and DEMO CIO Council. Additionally, he is a Founding Member of the Agricultural CIO Forum and the CIO Executive Council. Proving his thought leadership, he was selected by Computerworld Magazine as one of the Premier 100 IT Leaders; CIO Executive Council as Leader of the Year; InformationWeek as a Relentless Innovator; Hewlett-Packard as a Member of their Big Data Customer Advisory Council; and inducted into the CIO Hall of Fame in 2018.
Metrics continue to be a pain point in infosec—both in terms of getting a clear understanding of how the program is functioning and communicating that narrative across lines of business. At the center of this problem is the reality there is no one-size-fits-all solution. The best metrics are specific to your business context. In light of that, this session leans on fundamental best practices to help you pressure test your concepts.
Ryan is the Founder and CEO of Neuvik, a cybersecurity research and development consultancy. He has spent the better part of two decades enhancing cyber programs at the world's largest institutions — from the Department of Defense to some of the most successful private and commercial organizations. He focuses largely on providing advanced capabilities for CISO's, as well as testing for best possible security practices at board of directors' requests.
Ryan’s C-level work experience also includes developing Board level metrics to measure and manage enterprise cyber risk, developing and instructing C-Suite cyber risk management courses, and establishing functional reporting metrics for assessing cyber readiness.
Specific agentic AI threat models have been developed to address the unique risks and challenges that exist due to the autonomy, continuous learning and interaction of agentic AI systems. In this virtual symposium, delve into how to threat model agentic AI applications, the differences between industry-leading threat models/frameworks and how to apply them to your environment.
Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances or his postings about cybersecurity.