Conference Updates

National Harbor, Md., June 5, 2023

Gartner Security & Risk Management Summit 2023 National Harbor: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the Gartner opening keynote presentation on debunking the myths that obscure cybersecurity’s full value, the impact of CIO and CEO priorities for security leaders, and the outlook for security operations. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Opening Keynote: Debunking the Myths that Obscure Cybersecurity's Full Value

Presented by Leigh McMullen, Distinguished VP Analyst, Gartner and Henrique Teixeira, Senior Director Analyst, Gartner

Cybersecurity can generate massive value for the enterprise, but only if cybersecurity professionals have the courage to challenge misconceptions and move beyond obsolete principles and practices. In the Opening Keynote, Leigh McMullen, Distinguished VP Analyst at Gartner and Henrique Teixeira, Senior Director Analyst at Gartner, discussed the decisions and practical steps cybersecurity leaders must take to deliver the success they deserve.

Key Takeaways

  • “To get the maximum impact, cybersecurity needs to take on a minimum effective mindset across business engagement, technology, and talent. Minimum effective is a deliberate, ROI-driven approach to leading cybersecurity into the future.”

  • “A minimum effective mindset refers to the input, not the outcome.”

  • “We in cybersecurity put maximum effort into everything we do, and that is sometimes killing us. Seventy-three percent of CISOs experienced burnout in the past 12 months, and if the boss is experiencing it, you know the department is feeling it.”

  • Myth #1: More data equals better protection. “Instead of just more data, savvy cybersecurity shops pursue the least amount of information needed to help draw a straight line between the enterprise’s funding of cybersecurity and the amount of vulnerability that funding addresses.”

  • Myth #2: More technology equals better protection. “This is based on another pervasive myth: the idea that just around the corner, some technology is coming to save us. This mindset causes us to buy and acquire solutions before we are quite sure how or whether there will truly be additive value.”  

  • Myth #3: More cybersecurity pros equals better protection. “There is simply no way to scale our services to match the pace of the enterprise just by hiring more cybersecurity pros.”

  • Myth #4: More controls equals better protection. “Employees report a huge amount of friction involved with secure behavior. Controls that are circumvented are worse than no controls at all.”

    More information is available in the Gartner press release, “Gartner Identifies Four Myths Obscuring Cybersecurity’s Full Value.” 

It’s not too late to join the conference!

A Security View of the 2023 CIO and CEO Agenda

Presented by Katell Thielemann, Distinguished VP Analyst, Gartner

Every year, Gartner collects data from thousands of CIOs and CEOs on what matters most to them. In this session, Katell Thielemann, Distinguished VP Analyst at Gartner, shared what is most important to CIOs and CEOs and the implications for security and risk leaders.

Key Takeaways

  • “Boards are willing to increase risks but want results. CEOs want ‘digital dividends’ and tangible growth from digital investments, while CIOs need to deliver outcomes by prioritizing the right digital initiatives.”

  • “Digitization has accelerated enterprise demand for information security expertise, requiring CISOs to adopt a more rigorous approach to prioritizing security resources for their enterprise’s most urgent needs.”

  • “With a seemingly unending list of projects, CISOs must ensure their teams are working on those that offer the greatest business impact.”

  • “Technology deployments will continue to outpace your ability to secure them.”

  • “Risk reduction efforts are perceived as providing value, but senior leaders are doubling down on digital investments and want measurable results.”

  • “Security decisions cannot be made in isolation by the security team.”

  • “Security and risk management leaders must decentralize accountability and expand their focus to improving cyber judgment across the enterprise to help decision makers make informed risk decisions without their direct involvement.”

Outlook for Security Operations, 2023

Presented by Eric Ahlm, Sr Director Analyst, Gartner

Now is the time to make good choices, to not have all there is to have, but to have what organizations need to get the type of security operations performance they want. In this session, Eric Ahlm, Sr Director Analyst at Gartner, discussed the biggest drivers for security operations in 2023. 

Key Takeaways

  • “The security operations industry has exhibited patterns of change to reduce risk and enhance operational delivery, and these changes are spread across every vertical and maturity type.”

  • Many organizations have security operation centers (SOC) in place, however, many do not perform the way organizations would like them to. 

  • “The complexity of making a modern SOC perform with an internal team of less than twelve members has become unobtainable.”

  • There are challenges that come with an all-internal SOC:

    • Hiring/retention/training 

    • Allocation to growth

    • Overly reactive/tactical 

    • Specialized talent is hard to justify

    • Overall poor performance 

  • “The velocity of new attacks, the complexity of detection and the rate at which this all must happen to avoid an incident is overwhelming. This has driven organizations to seek more service providers to help make their SOC perform.” 

  • “Operations-wide automation is too far out of reach for most. Everyday automation solves the problems that matter, where they happen.” 

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit

Media Contacts

It's not too late to join the conference

Latest Releases