I am a CISO in the Boston area. If you are like me, you get numerous event invitations per week. What CISO events do you attend to gather the most insight? Which have you found to be a waste of time?

929 views4 Comments

Sort by:

CISO in Energy and Utilities10 months ago

I find the Gartner Security and Risk Summit one of the best of the year. Evanta also has numerous events by CISOs for CISOs. Outside of those, I scrutinize the topic and who is speaking to get maximum value.

CISO in Energy and Utilitiesa year ago

So, since I'm in the EMEA region, I can give you a general approach, but it really depends on what you want to get out of these events. I particularly enjoy events that facilitate networking opportunities with peers, as valuable insights are often shared unofficially in those settings. When seeking to expand my knowledge in a specific area, such as TPRM, I prioritize events that provide relevant content. Before registering for an event, I make sure to review feedback from previous attendees to ensure its suitability. Or just asking my peers about them.

CISO in Softwarea year ago

When they are a "networking dinner" event with just one vendor, they are a very expensive waste of time.

VP of IT in Bankinga year ago

I receive a lot of invitations but I only go to a few. From the ones I have recently assisted, Gartner Security and Risk Management Summit is the best one for insights and updated information. For networking and new vendors, the best event is RSA.

Content you might like

Do you roll out special initiatives, training or events for cybersecurity awareness month?

Yes, every year!24%

Yes, most years64%

No, but we might start next year9%

No2%

View Results

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

How do you monitor and restrict the types of visitor behavior information and PII 3rd-parties can discern, record, or extract via scripts and applications on your website?

We don't use any 3rd-party scripts15%

We can't monitor or restrict 3rd-party script behavior on our website31%

We trust vendors based on initial reviews22%

We test scripts periodically19%

We use Web Privacy Management, WebAppSec, or PriSec Software8%

We outsource website privacy and app security monitoring services2%

Other (please describe)

View Results

When it comes to running phishing simulation campaigns. What is the best practice on how often they should be run and at what cadence should phishing simulation emails be sent out? Some organizations only run a campaign once per quarter sending out a simulated phishing email about once per week while other organizations run continuous campaigns sending out phishing simulations about once every 2 weeks. What are other organizations doing and what is the best practice?

I am a CISO in the Boston area. If you are like me, you get numerous event invitations per week. What CISO events do you attend to gather the most insight? Which have you found to be a waste of time?

Sort by:

Content you might like

Do you roll out special initiatives, training or events for cybersecurity awareness month?

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

How do you monitor and restrict the types of visitor behavior information and PII 3rd-parties can discern, record, or extract via scripts and applications on your website?

What is the best work travel advice you’ve ever been given?

What sets us apart?

Take Your Insights On-the-Go