Conference Updates

National Harbor, Md., June 6, 2023

Gartner Security & Risk Management Summit 2023 National Harbor: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 from the conference, we are highlighting how to get people to care about security and risk, how to manage open source supply chain risks in software development, and how security leaders facing economic headwinds can optimize costs. Be sure to check this page throughout the day for updates.

Key Announcements

How to Get People to Care About Security and Risk

Presented by Mary Mesaglio, Managing Vice President, Gartner

CISOs have a compelling story to tell about why people, from executives to frontline employees, should care about risk and security. In this session, Mary Mesaglio, Managing Vice President at Gartner, explored how to tell a great cyber story, including why it’s hard and why it matters right now.

Key Takeaways

  • “If you want someone to take ownership of something, don’t just make it easy; make it meaningful. Why should they do something and why is it important or meaningful to them?”

  • “If you’re concerned about secure user behavior, evaluate security through a psychological lens, rather than a technology or a business lens.”

  • “Explaining rational arguments for security doesn’t lead to secure behavior. Tap into real emotive messages to overcome that effect and increase their sense of ownership.”

  • “When employees see cybersecurity as their responsibility, their behavior becomes more secure.”

  • “Ensure employees feel psychologically safe admitting a mistake. Fear and shame don’t help a person change behavior, but make them feel exposed and vulnerable, which more likely has a paralytic effect.”

  • “Laziness is built deep into our nature. The bigger the gap between the level of convenience people experience in their private and professional lives, the worse your life as CISO will be.”

  • “Traditional security awareness training programs don’t work. If you want people to behave in a security conscious way, remove the friction employees experience from controls.”

It’s not too late to join the conference!

Managing Open Source Supply Chains Risks in Software Development

Presented by Dale Gardner, Sr Director Analyst, Gartner

Controlling open-source software is the easiest and most impactful thing you can do to improve application security outcomes. In this session, Dale Gardner, Sr Director Analyst at Gartner, discussed the benefits and risks brought about by open-source software.

Key Takeaways

  • “Establishing better control over open-source software is the easiest and most impactful thing to do to improve overall application security results.”

  • “There are a number of risk factors brought about by open source software, including open vulnerabilities, active maintenance and security testing.”

  • More proactive management of open source software is needed:

    • Evaluate before use

    • Establish a trusted repository

    • Identify and eliminate problem code

    • Avoid much rework because of late discovery 

  • “Open-source tools offer a number of advantages; however, they are an incomplete source of information because they typically only focus on vulnerabilities which can lead to risk.” 

  • “Commercial tools are easy to implement and provide varied levels of fix guidance.”

  • “Evaluate tooling to enable in-depth evaluation of malware and other supply chain risks.”

Five Cost Optimization Techniques for Security Leaders Facing Economic Headwinds

Presented by William Candrick, Director Analyst, Gartner

As economic uncertainty settles in, many organizations are ill-prepared to confront the impact of rising interest rates and supply chain issues on their security functions. In this session, William Candrick, Director Analyst at Gartner, explained how leaders can create a cost optimization plan that balances the need to run the business with the need to protect the business.

Key Takeaways

  • “Companies face significant economic headwinds, which places pressure on C-suites to manage costs – which can potentially place pressure on cybersecurity leaders to optimize cybersecurity costs.”

  • “Most CISOs expect their budgets to increase in 2023, either more than or at pace with inflation. However, less than half of CISOs have a distinct security budget.”

  • “There’s a lack of visibility on how business decisions impact cybersecurity costs and risk. We need greater transparency so that business decisions and risk decisions are intertwined, rather than treated as ‘security’s problem.’”

  • “Take the opportunity to proactively optimize cybersecurity spending before you face cost pressures.”

  • “Leaders need context, so benchmark your IT security spending against that of peers within your industry.”

  • “Security will always be a choice. We can choose to spend more money to be more secure, or save some money and be less secure.”

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit

Media Contacts

It's not too late to join the conference

Latest Releases