Craig Lawson is a Research Vice President with Gartner, focusing on network security, firewalls, web application firewalls (WAF), IPS, IDS, SIEM, log management, vulnerability management, advanced persistent threats (APT), vulnerability research, threat intelligence, managed security service providers (MSSP), managed detection and response (MDR), cloud access security brokers (CASB) and cloud security.
Craig Lawson
Craig Lawson
VP Analyst
Monday, 19 August, 2019 09:15 AM|Monday, 19 August, 2019 10:15 AM
Gartner Opening Keynote: From Managing Risk and Security to Enabling Value Creation
As complexity continues to grow and risks, threats and vulnerabilities multiply with no end in sight, how can security and risk management leaders move beyond reacting? Attendees will learn how to think differently about their role in value preservation and value creation, and how finding sweet spots in a human to machine continuum can help. This is the security and risk management leaders’ new imperative.
Monday, 19 August, 2019 10:15 AM|Monday, 19 August, 2019 11:00 AM
Guest Keynote: Security Should Be Smarter, Not Harder
Risk management is to security as dental hygiene is to preventing tooth decay and considered as sexy a topic. As in, it's not sexy at all, yet it is the proven effective way to manage, prevent, and reduce harm. No wonder it's been a struggle for large and small organizations and governments to even get a handle on security basics. It stands to reason that in the 20+ year history of professional cyber security product and service offerings that have spawned a multi-billion dollar security industry, the sexiest solutions have thrived, while the workhorse basics often fail to survive. With a young security industry still developing metrics around what practices and products can actually help prevent breaches, the world continues with a global dependence on technology that we lack the capacity as an industry to secure effectively now, and in the future. Join security industry veteran and pioneer Katie Moussouris, as she corrects some popular misconceptions about the efficacy of one of the sexiest, yet least effective on a grand scale, security trends that she herself helped ignite: bug bounties. We will go on a data-driven journey that spans labor markets, black markets, and bug markets. The arc of Internet history can bend toward sustainable security, if we correct our trajectory calculations soon.
Monday, 19 August, 2019 05:30 PM|Monday, 19 August, 2019 06:00 PM
Gartner’s Strategic Vision for Vulnerability Management
Earlier this year, Gartner published updated guidance on how to better run this foundational security process. This presentation will go over this new way of doing vulnerability more effectively. Why Gartner made some significant changes to guidance on this critical process? What does the new RBVM actually look like? How to bring this to life inside your own security programs.
Tuesday, 20 August, 2019 08:30 AM|Tuesday, 20 August, 2019 09:15 AM
Using the Mitre ATT&CK Framework on the Way to CARTA
Mitre’s ATT&CK framework, while relatively new, is gaining traction in many security operations teams around the world. This session will be part introduction to the ATT&CK framework, pros and cons, use cases for it, that might not have been heard using Gartner CARTA framework where applicable. What is this framework about? How is it applicable in security operations and how it relates to Gartner CARTA framework? What you can do with a framework like this in your security operations program?
Tuesday, 20 August, 2019 10:30 AM|Tuesday, 20 August, 2019 11:15 AM
Ask the Expert: Threat Intelligence — The Thing That Has the Thing to Do the Thing
This session will discuss the following issues on threat intelligence. Key points to be thinking about to get value from Threat Intelligence. Key use cases we see clients implementing successfully. Key technologies being adopted in modern security programs for intelligence lead initiatives. PLEASE NOTE: For end-users only. Preregistration is required.
Tuesday, 20 August, 2019 02:15 PM|Tuesday, 20 August, 2019 03:00 PM
Do the Simple Things Well in Information Security
Good information security hygiene is a must, but many organizations lose focus on getting the basics right, leading to an unjustified level of confidence in risk posture. Join us and learn: What are the key activities, capabilities and practices for organizations? What are the activities that you can delay or even skip entirely? Why doing the basics is more important than ever.
Tuesday, 20 August, 2019 03:45 PM|Tuesday, 20 August, 2019 04:30 PM
Guest Keynote: The Tragedy of Cyber Security
Many of our cyber security experiences play out like Greek tragedies. But, frankly, better tragedy than comedy. Tragedy holds lessons for us. It is a very human condition; it reminds us of the costs of inattention, the need for inspiration, and to pay close attention to people.
As CISOs and CIOs we can use the tools and reminders of tragedy to strategic effect. The keynote will consider how cyber is understood and how perceptions may be recast to place humans at the centre of cyber, touching on the missions of the ANU’s Cyber Institute.
Tuesday, 20 August, 2019 04:30 PM|Tuesday, 20 August, 2019 05:00 PM
Gartner Closing Keynote: Key Takeaways for 2019
You’ve had a busy few days attending sessions across five tracks. What we’d like to do is give you not so much a summary of what you saw but instead what you didn’t get a chance to see. In this final keynote, each Track Manager will distill the main messages from each track and highlight the main action points that you can implement in 2019 and 2020.