While we put together the program for 2024, have a look at the tracks that helped kick-start conversations around priorities and initiatives most important to attendees in 2023.
Agenda
While we put together the program for 2024, have a look at the tracks that helped kick-start conversations around priorities and initiatives most important to attendees in 2023.
Leading in a fragmented, interdependent world
Today’s cybersecurity leaders are faced with a fragmented, interdependent world where they have less control over the decisions around cyber risk than ever before. The sessions in this track gave attendees practical guidance on how to successfully manage security teams and distributed business stakeholders, through the evolving threat landscape. The sessions looked at trends in value creation, distributed risk decision making, leadership and effectiveness, and offer practical advice on how to create a security-driven conscious culture in a distributed environment.
Reframing a new direction for your security programs and managing risks of applications and data
Are you interested in all things related to infrastructure security like zero-trust identity, API security and other top trends in security risk management, including the latest concepts in data and applications security? Or are you wondering how you can exploit automation to help standardize and accelerate your security operations capabilities to help keep pace with a constantly expanding attack surface and a business that’s wanting to move even faster? These sessions provided attendees the tactical, operational and strategic insight need to help plan and execute a new direction for their security program.
Continuously monitoring and adjusting to ensure stability
Cybersecurity leaders struggle to mature their cyber and IT risk management practices beyond conducting risk assessments. Partially because of new challenges from privacy compliance to physical security; partially because of a lack of agility in program management as well as limited in process automations. This track offered attendees topical sessions, as well as content, for different levels in risk management maturity.
Building digital trust across every interaction and channel
Identity is a critical foundation for the security of the systems that support our rapidly expanding virtual world. This program ensured that attendees gained the tools and insights needed to support effective identity and fraud initiatives enabling organizational success. Improve governance and strengthen privileged access management (PAM) practices to prevent breaches. Understand how to apply IAM to systems and devices, in support of secure applications and systems. Leverage customer identity and access management (CIAM) to prevent fraud and protect privacy.
Building nimble and resilient security teams
Committing to diversity, equity and inclusion (DEI) is more than just the right thing to do. It’s been proven that diverse teams and organizations are more successful; they outperform organizations that aren’t as diverse, and they’re more profitable. This spotlight track helped attendees embed greater diversity, equity and inclusion in their leadership and organization.
Anticipate and transform for product success
Enterprises are transforming to digital organizations and will work from any location at any time, embracing agility in ways they never have before. Because of this, security product leaders must transform their product offerings to be relevant in this new world and culture. Success requires rethinking some of the tried-and-true product strategies and anticipating new buyer needs that they do not communicate well today. This track focused on changes in security markets and helped security product leaders simplify and reframe their current product offerings to succeed in these evolving markets.
Tuesday, 28 March, 2023 / 10:45 AM - 11:15 AM AEDT
Tom Scholtz, Distinguished VP Analyst, Gartner
CISOs are losing control as business leaders embrace digitalization, implying a shift in risk landscapes and risk appetites. Based on new primary research, this presentation will share the strategies and practices that CISOs are adopting in reaction to these seismic shifts.
Tuesday, 28 March, 2023 / 10:45 AM - 12:15 PM AEDT
Mary Mesaglio, Managing Vice President, Gartner
Why does transformation feel so hard? In part, it's because we are more rigorous about project goals and completion that we are about culture change and adaptation. Leaders underestimate four predictable psychological hotspots that cause transformations to stall, and if addressed, can accelerate change.
Tuesday, 28 March, 2023 / 12:15 PM - 12:45 PM AEDT
William Candrick, Director Analyst, Gartner
Is security awareness a lost cause? Over 90% of cybersecurity functions have an awareness program; yet 69% of employees admit to intentionally bypassing cybersecurity guidance and 82% of breaches involve the human element. Learn how emerging capabilities get past the hype to deliver actual human behavior change.
Tuesday, 28 March, 2023 / 12:15 PM - 12:45 PM AEDT
Leigh McMullen, Distinguished VP Analyst, Gartner
In this updated session you will learn to recognize and counter more than a dozen forms of resistance that CISOs commonly face along with techniques to handle more advanced political situations such as malevolent actors, as well as the essential tools of persuasion. All of this wrapped in a fun and entertaining exploration of the wisdom of one of Japan's greatest swordsmen.
Tuesday, 28 March, 2023 / 02:15 PM - 02:45 PM AEDT
Mary Mesaglio, Managing Vice President, Gartner
Between geopolitical tensions, the pandemic, social justice concerns and climate urgency, it seems like we are never out of crisis mode. If this is the new normal, how should leaders lead? This session covers tactics to motivate and protect teams who are at the brink in terms of fatigue and anxiety and covers what actions you must get right no matter what.
Tuesday, 28 March, 2023 / 04:00 PM - 04:30 PM AEDT
Marty Resnick, VP Analyst, Gartner
There is a lot of hype around the nascent and fragmented metaverse. Cybersecurity leaders need to understand what the Metaverse is and how best to assess the risks and opportunities it offers to their organizations.
Tuesday, 28 March, 2023 / 04:00 PM - 04:30 PM AEDT
Tom Scholtz, Distinguished VP Analyst, Gartner
CISOs are key enablers of digital business and are accountable for helping the enterprise balance the associated risks and benefits. This leadership vision will help CISOs in their planning for 2023-2024 and in presentations to leadership, peers and teams.
Wednesday, 29 March, 2023 / 09:00 AM - 09:45 AM AEDT
Mary Mesaglio, Managing Vice President, Gartner
It might not always feel this way, but being a CISO is a little like being a Hollywood celebrity. In fact, CISOs have a compelling story to tell about why people, from executives to frontline employees, should care about risk and security. This session delves into how to tell a great cyber story, including why it’s hard and why it matters right now.
Wednesday, 29 March, 2023 / 10:30 AM - 11:00 AM AEDT
Richard Addiscott, Sr Director Analyst, Gartner
The human element is the most prominent contributor to data breaches. Legacy approaches delivering curriculum-based, awareness-centric programs are no longer effective. CIOs and CISOs must look beyond merely raising 'security awareness' and embed a contextually-appropriate security culture in their organization. Join this session to learn how to build and deliver an effective security behavior and culture change program.
Wednesday, 29 March, 2023 / 12:00 PM - 12:30 PM AEDT
Marty Resnick, VP Analyst, Gartner
The uniqueness and the stakes, as well of attack vectors, of architected humans must have a CISO to be more than technical.
Wednesday, 29 March, 2023 / 12:00 PM - 12:30 PM AEDT
Niall Prendeville, Sr Executive Partner, Domains, Gartner
Jonathan Dean, Defence CISO, Department of Defense
Join this interview session to hear Jonathan Dean share insights into security and risk management leadership as he offers reflections on how security executives can be most effective.
Wednesday, 29 March, 2023 / 02:00 PM - 02:30 PM AEDT
Deepti Gopal, Director Analyst, Gartner
This session is going to cover three scenarios of bad strategic planning. The goal of the session is for you to see how things can go wrong but most importantly how can you bring it back. An action-packed session of stories that will make you want to take a closer look at what you are doing, so you don't repeat the same.
Wednesday, 29 March, 2023 / 02:00 PM - 02:30 PM AEDT
Richard Addiscott, Sr Director Analyst, Gartner
CISOs often use technical security controls when they need to respond to emerging threats or digital capabilities the business wants to use. However, research tells us that the majority of data breaches still involve the human element and employees are aware of their behavior. Join this session where you'll hear how to maximize the adoption, effectiveness and return on investment of your security controls, by taking a more human-centric approach when designing and implementing controls.
Wednesday, 29 March, 2023 / 02:30 PM - 03:30 PM AEDT
Sherry Dakin, Senior Account Executive, LE/GE, GTS, Gartner
Mardi Paterson, Executive Partner, Domains, Gartner
Beth Schumaecker, Managing Vice President, Gartner
How can security and risk management leaders keep pace with the future of digital as threats continue to evolve? Join this invite-only session to dive deeper into the top predictions prepared by our cybersecurity experts that will have the biggest impact on you and your team. You'll understand what the implications are and what actions need to be taken so that you can secure a successful cybersecurity program built for the digital era.
Wednesday, 29 March, 2023 / 03:45 PM - 04:15 PM AEDT
Christopher Mixter, VP Analyst, Gartner
As "citizen development" moves into the mainstream (50% of employees now acquire, adapt or create technology for work), traditional awareness programs focused on 'what not to do' fail in the face of the workforce's "need to do." High-performing cybersecurity functions are pivoting from mere awareness training to building competencies in the broader workforce so that all employees can independently make cyber-risk-informed decisions.
Wednesday, 29 March, 2023 / 03:45 PM - 04:30 PM AEDT
Deepti Gopal, Director Analyst, Gartner
A roundtable session where attendees will discuss their thought process on finding talent in the cybersecurity industry competencies they look for in new candidates today. The challenges that a cybersecurity leader faces in identifying talent has only grown over the past ten years. We will discuss some sure shot tactics to fill those gaps. Come to this session to learn and share your expertise with a community of cybersecurity leaders.
Wednesday, 29 March, 2023 / 04:30 PM - 05:15 PM AEDT
Marty Resnick, VP Analyst, Gartner
It’s difficult for security leaders to make choices without understanding the evolving landscape of transformational change. This tapestry of trends story enables security leaders to contribute to enterprise strategy and prepare the organization for brave new worlds.
Tuesday, 28 March, 2023 / 09:00 AM - 10:00 AM AEDT
Richard Addiscott, Sr Director Analyst, Gartner
Lisa Neubauer, Sr Director Analyst, Gartner
Every year, Gartner produces impactful predictions across all practices. This presentation will compile the top predictions prepared by our cybersecurity experts. Security and risk management leaders should monitor these trends to be successful in the digital era, especially as most recognize that global change could potentially be one crisis away.
Tuesday, 28 March, 2023 / 10:45 AM - 11:15 AM AEDT
Craig Lawson, VP Analyst, Gartner
Users, devices, applications and data are everywhere and so are networks. As organizations rapidly expand their footprint and support a hybrid workforce, how does network security evolve to keep up? Security and risk management leaders must understand the current trends in network security and make business-aligned, risk-focused decisions on where best to use network security today.
Tuesday, 28 March, 2023 / 10:45 AM - 11:15 AM AEDT
Greg Harris, Sr Director Analyst, Gartner
Application security continues to evolve, with DevSecOps and API security coming into maturity. However, organizations must also look to secure their software supply chain and cloud-native deployments effectively. This session will explore this evolving landscape and provide organizations with the insights they need to consider for 2023 and beyond.
Tuesday, 28 March, 2023 / 02:15 PM - 02:45 PM AEDT
Patrick Hevesi, VP Analyst, Gartner
Come learn the future of cyber warfare and how to realize your cybersecurity mesh. This session will focus on how future technologies will play into building your security defense in depth architecture to get ahead of the most advanced attacks. We will look at how AI, augmented reality and blockchain can factor into your cybersecurity mesh architecture of the future.
Tuesday, 28 March, 2023 / 02:15 PM - 02:45 PM AEDT
Eric Grenier, Director Analyst, Gartner
Increasingly we see employees asking their organizations for device choices. Combined with supply chain constraints and a hybrid work model, this has many organizations scrambling to support a "bring your own" (BYO) environment while also maintaining the same security controls that they have implemented for their corporate-owned devices. In this session, we will cover what is needed to deploy and secure a BYO environment.
Tuesday, 28 March, 2023 / 04:00 PM - 04:30 PM AEDT
Greg Harris, Sr Director Analyst, Gartner
Application security has historically been considered a roadblock to software development. Security and risk management professionals can take advantage of the shift to DevOps to improve this reputation. In this session, we will discuss how conducting application security testing early and often in the development pipeline can reduce the perceived impact of security.
Wednesday, 29 March, 2023 / 10:30 AM - 11:00 AM AEDT
Dale Koeppen, Sr Director Analyst, Gartner
Zero trust remains a popular security strategy — both with clients and in marketing around products. This session will cover how to actually implement some zero trust technical initiatives as well as the possible challenges. It will cover technical approaches, pragmatic advice and give a sound basis for starting or continuing a zero trust architecture journey.
Wednesday, 29 March, 2023 / 12:00 PM - 12:45 PM AEDT
Eric Grenier, Director Analyst, Gartner
Vendor consolidation has become a trend in all areas of IT. In this roundtable clients can participate in a discussion on whether or not vendor consolidation makes sense in terms of an organization's security stack. The discussion will center on the pros and cons to consolidation, as well as best practices and considerations.
Wednesday, 29 March, 2023 / 02:00 PM - 02:30 PM AEDT
Thomas Lintemuth, VP Analyst, Gartner
SASE and zero trust are common terms in the IT and security worlds. SASE works in conjunction with zero trust, such that they are not mutually exclusive but rather one builds on the other. This session will show how you can deploy SASE to support your zero-trust initiative.
Wednesday, 29 March, 2023 / 03:45 PM - 04:15 PM AEDT
Patrick Hevesi, VP Analyst, Gartner
This session will discuss the evolution of Office 365 into Microsoft 365 and the security, identity and compliance features that all organizations must implement. We will discuss third-party options as well as the built-in native Microsoft features along with strengths and weaknesses of each.
Wednesday, 29 March, 2023 / 03:45 PM - 04:15 PM AEDT
Greg Harris, Sr Director Analyst, Gartner
Organizations continue to adopt agile development methodologies and DevOps practices. Security and risk management professionals must ensure that application security testing is a priority. In this session, we will discuss how application security testing with IDE plugins and SAST tools can improve code quality while giving security teams valuable insight into the application development pipeline.
Wednesday, 29 March, 2023 / 03:45 PM - 04:15 PM AEDT
Craig Lawson, VP Analyst, Gartner
This session will introduce clients to how using data/evidence can be used to make measurable and provable improvements to any security operations program.
Tuesday, 28 March, 2023 / 10:45 AM - 11:15 AM AEDT
Wam Voster, VP Analyst, Gartner
CPS are becoming more prevalent in organizations across the board, whether as a result of OT/IT convergence or the deployment of new connect assets. What security implications do they have? What best practices are emerging? What does the future portend?
Tuesday, 28 March, 2023 / 10:45 AM - 11:15 AM AEDT
Bernard Woo, VP Analyst, Gartner
Privacy has been the biggest catalyst for change in data governance over the past five years. This session will dive into the top trends, the coolest technologies and separate hype from substance. Come and get a sneak peek into the future of privacy and what you should watch out for in coming 12 months.
Tuesday, 28 March, 2023 / 10:45 AM - 11:30 AM AEDT
Paul Furtado, VP Analyst, Gartner
Attendees can ask Gartner experts about the recent changes in ransomware and best practices in addressing this everchanging threat.
Tuesday, 28 March, 2023 / 12:15 PM - 12:45 PM AEDT
Richard Addiscott, Sr Director Analyst, Gartner
“Top trends” highlight shifts in the security ecosystem that aren't widely recognized, but are likely to have potential for disruption. This session will describe the significant trends in risk management and how organizations are taking advantage of these trends. Key issues include technological improvements in the security capability landscape; trends in creating a high-performing security organization; and long-term trends that will influence security strategy.
Tuesday, 28 March, 2023 / 12:15 PM - 12:45 PM AEDT
Paul Furtado, VP Analyst, Gartner
Ransomware attacks have been morphing. Techniques used by the bad actors are changing. During this presentation, we will provide insight into the new tactics being used by the bad actors not only to access your environment, but what they are doing with your data once exfiltrated. We will also provide current data on the financial impact of a ransomware attack.
Tuesday, 28 March, 2023 / 12:15 PM - 12:45 PM AEDT
Christopher Mixter, VP Analyst, Gartner
CISOs seeking to explain and advocate for cybersecurity investment must use outcome-driven metrics. Gartner has defined 16 protection-level outcomes that create a foundation for effective collaboration with Boards of Directors, CIOs and CFOs. These metrics serve as value levers to manage business-led cybersecurity investments. The goal is to achieve a desired level of cybersecurity readiness that aligns with the organization’s willingness to pay for it.
Tuesday, 28 March, 2023 / 12:15 PM - 01:00 PM AEDT
Luke Ellery, VP Analyst, Gartner
Security and risk leaders struggle to effectively assess third-party (including IT vendor) security and risk, leading to unknown risks or security breaches. This roundtable provides you with the opportunity to participate in a facilitated discussion with your peers regarding the most effective assessment practices used today.
Tuesday, 28 March, 2023 / 02:15 PM - 02:45 PM AEDT
Dale Koeppen, Sr Director Analyst, Gartner
Zero trust is moving away from excessive marketing hype. Many organizations have set zero trust as a strategy for their organizations, but are looking at the reality of implementing zero trust at scale for their organization. This session highlights three key predications for zero trust and what you can do to prepare for the future.
Tuesday, 28 March, 2023 / 02:15 PM - 02:45 PM AEDT
Luke Ellery, VP Analyst, Gartner
CISOs loose enough sleep twitching in the night over their internal cybersecurity defences, let alone the third-parties beyond their control.
This session will advise CICOs how to establish effective third-party controls for their organization and then review the tools and solutions that organizations are using to assess, address and monitor third party risk to avoid delirium and reduce risk exposure.
Tuesday, 28 March, 2023 / 02:15 PM - 03:00 PM AEDT
Wam Voster, VP Analyst, Gartner
Access to expert incident responders is critical to reducing the incident window, impact and severity of security incidents. Security and risk management leaders should understand the value, issues and types of incident response retainers to improve incident response capabilities.
Tuesday, 28 March, 2023 / 04:00 PM - 04:30 PM AEDT
Leigh McMullen, Distinguished VP Analyst, Gartner
Organizations horde data, sometimes under the auspices of data monetization or customer intimacy. Is the value of the data you collect when you make a customer give you PII just to use the toaster oven they bought worth the massive increase in risks such hording behaviors cause? We need to start thinking about data as "toxic waste" — because that's not just a metaphor.
Wednesday, 29 March, 2023 / 10:30 AM - 11:00 AM AEDT
Bernard Woo, VP Analyst, Gartner
Society is digitalizing at unprecedented speed, and the nature of our interactions has changed fundamentally. What does this mean for privacy and corporate ethics? This session helps to understand why privacy is contextual, how overzealous data harvesting may harm your organization's performance, why sometimes less is more, and the areas to challenge your colleagues on to make life generally easier.
Wednesday, 29 March, 2023 / 10:30 AM - 11:00 AM AEDT
Wam Voster, VP Analyst, Gartner
The market for security products for operational technology and other cyber-physical systems (CPS) is evolving rapidly. New vendors enter the scene, and mergers and acquisitions are abundant. How can security and risk management leaders evaluate and compare CPS protection platforms to select the product that best fits their situation?
Wednesday, 29 March, 2023 / 10:30 AM - 11:15 AM AEDT
Thomas Lintemuth, VP Analyst, Gartner
Zero trust requires three key items. In this session, we will discuss what these items are and how you can determine where your organization rates for these key requirements. Bring your questions about zero trust and leave with jargon-free answers.
Wednesday, 29 March, 2023 / 10:30 AM - 12:00 PM AEDT
Paul Furtado, VP Analyst, Gartner
Choose your investment in ransomware readiness carefully. The executive-level trade-off for poor investment results in a terrible position to negotiate with the criminals, business cost to downtime will be greater, and lack of defensibility with key stakeholders like customers, shareholders and regulators.
Wednesday, 29 March, 2023 / 12:00 PM - 12:30 PM AEDT
Lisa Neubauer, Sr Director Analyst, Gartner
With Board of Directors recognizing cybersecurity as an increasing business risk each year, having a formal cybersecurity risk program is more important than ever before. But, it is often overlooked as a core program component.
Attend this breakout session to learn the main principles of a cybersecurity risk management framework and how you can get started.
Wednesday, 29 March, 2023 / 02:00 PM - 02:30 PM AEDT
Wam Voster, VP Analyst, Gartner
Many CISOs assume they ‘own’ the problem related to security. Even if the CISO knows better, the rest of the organization operates under this assumption. As a result, CISOs work extreme hours and experience burnout. When comparing CISOs as experts in securing digital assets with fire brigades securing physical assets, we find some hidden parallels but also a key difference. What do firefighters do better than CISOs?
Wednesday, 29 March, 2023 / 02:00 PM - 02:30 PM AEDT
Paul Furtado, VP Analyst, Gartner
People with access to your data and systems pose one of the largest risks to your organization. During this presentation we will discuss the best practices for developing a robust insider risk program and show you some pitfalls to avoid.
Wednesday, 29 March, 2023 / 02:00 PM - 03:30 PM AEDT
Bernard Woo, VP Analyst, Gartner
Incident response is not just for CISOs. Understanding how you deal with data is one thing, but how to coordinate a response when things go wrong? It's a matter for the whole organization. How to understand the sensitivity and potential impact of your actions? Be a board member for one workshop and use a given scenario to get comfortable with what the board requests in case risk becomes reality.
Wednesday, 29 March, 2023 / 03:45 PM - 04:15 PM AEDT
Leigh McMullen, Distinguished VP Analyst, Gartner
CISOs need to do focus on sales every day. Getting your board, stakeholders, allies in IT and even your own people with your agenda, is much easier if we employ the right tools. In this session, we'll take a hands on approach as we work a common case and learn the best way to position our agenda.
Tuesday, 28 March, 2023 / 10:45 AM - 11:15 AM AEDT
Abhyuday Data, Director Analyst, Gartner
Digital identity requirements and importance are growing as organizations migrate their infrastructure and apps to the cloud. Enterprises anticipate innovations to enable continuous, dynamic and intelligent IAM controls while bracing for emerging decentralized identity impact and potential Web3 business model disruption. This session discusses key trends and the IAM outlook in the coming years.
Tuesday, 28 March, 2023 / 02:15 PM - 03:00 PM AEDT
Abhyuday Data, Director Analyst, Gartner
Access management (AM) tools are the key to ubiquitous application access, enabling any user to access any application, anytime, anywhere. Gartner has identified a five-step approach to create a modern, efficient AM strategy that serves the needs of all user segments. This session gives you an opportunity to ask questions about that approach and for your broader AM strategy.
Wednesday, 29 March, 2023 / 12:00 PM - 12:30 PM AEDT
Abhyuday Data, Director Analyst, Gartner
Through a selection of relevant Gartner insights and complementary methodologies, we will provide insight into the latest updates in the privileged access management market.