National CISO & Security Leaders Forum 2025

As cybersecurity evolves from a technical function to a core business risk discipline, more organizations are rethinking the traditional CIO-CISO reporting structure. In this candid discussion, seasoned security leaders who report outside of IT — including to CFOs, CEOs, and boards — will unpack how this shift changes everything: visibility, influence, funding, and risk framing. The panel will explore the real-world pros and cons of reporting beyond IT, how it redefines the CISO’s role, and what organizational maturity is required to make it work.

Key Discussion Questions & Talking Points:

Strategic Impact

• How does reporting to the CFO or CEO reshape the CISO’s ability to position cybersecurity as a business enabler rather than a technical function?
• What influence does this shift have on cybersecurity’s role in enterprise risk management?

Funding & Resource Allocation

• Does reporting to finance improve conversations around cybersecurity funding and ROI?
• How can CISOs build a compelling business case for investment when security outcomes are preventative and often intangible?

Communication & Influence

• What new communication skills or business fluency must CISOs develop when moving outside of IT?
• How can CISOs better translate cyber risk into financial and operational terms that resonate with the C-suite?

Conflict of Interest with IT

• Does separating the CISO from the CIO help reduce conflicts of interest in areas like project timelines, performance, and user experience?
• How can CISOs maintain healthy collaboration with IT when they’re no longer in the same reporting line?

Organizational Readiness

• What kind of organizational structure, leadership support, and culture are needed to successfully reposition the CISO role?
• When shouldn’t a CISO report outside of IT — and what signs suggest the organization isn’t ready?

Career & Role Evolution

• How has this shift changed the panelists’ career trajectories or the perception of the CISO within the business?
• Does reporting outside IT create opportunities for broader responsibilities, such as enterprise risk or data governance?

Moderator: Mark Alba, Managing Director, Cybermindz

Panelists:

• George DeCesare, Cyber Risk Executive
• Vipul Gupta, Senior Vice President, Frost Bank
• Golan Ben-Oni, Global CIO and CISO, IDT
• Joseph Farah, Business Information Security Officer, Mr. Cooper

In the past 12 months, 87% of F1000 businesses were affected by significant cyber incidents as a result of a third-party. And yet, most rely on ‘snapshot in time’ questionnaires. While necessary, snapshots are insufficient by themselves, and must be augmented with continuous monitoring in support of ongoing security operations. This requires a different approach, that includes external threat detection capabilities by using AI across Public Data.

• The Public Data opportunity: collect, process, alert across multiple languages / modalities
• Real-time external threat detection on a rapidly evolving threat landscape
• The most advanced AI techniques for automating the collection, processing, delivery, and initial analysis of millions of public data sources

Speaker: Jack Carraway, Field CISO, Dataminr

Presented by: Dataminr

In an era of mounting digital threats and regulatory pressures, effective risk management is more critical—and more complex—than ever. Yet for many organizations, risk frameworks become bloated, theoretical, and disconnected from daily decision-making.

This executive session cuts through the noise, offering cybersecurity leaders a practical, actionable blueprint for building and sustaining a risk management program that drives real resilience. Attendees will learn how to simplify risk identification, prioritize threats based on business impact, and implement mitigation strategies that are both scalable and operationally feasible.

Key takeaways include:

• Translating risk management from theory into clear, repeatable processes
• Identifying and assessing risks in fast-moving, complex environments
• Communicating risk in business terms executives and boards can act on
• Building a dynamic, adaptable risk management framework that grows with your organization
• Using risk insights to drive better security investments and strategic decisions

Speaker: Nish Majmudar, CISO, Mathematica

This session will include an overview of how Artificial Intelligence keeps improving at all sorts of things – including how to challenge corporate ethics and compliance programs. Even while organizations may still be struggling to tame the risks of generative AI, its more powerful cousin is already coming up fast: Agentic AI.

Agentic AI, as the name implies, is an AI “agent” that can act independently of humans to achieve various goals. It can devise itis own strategies to achieve those goals and learn from previous experiences to improve its strategies. It can even collaborate with other AI agents to solve complicated tasks in a coordinated fashion.

On one hand, Agentic AI sounds great, but there are still many risks that must be considered. Risks that could potentially cause great financial damage, or worse yet the loss of human life.

Topics will include:

• How to evaluate which tasks an AI agent should do.
• How to decide which AI agents to use.
• How to make AI agents’ actions explainable
• The importance of human ethics and awareness to make artificial intelligence succeed.
• The Risk vs Reward at what cost.

Speaker: Keith Deininger, VP, Enterprise Technology, Third party managment, Truist Financial Corp

Circle back with your Peers on the content so far while grabbing a coffee or tea and a snack

Check back for updates on this session.

Presented by: Spycloud

Zero Trust is no longer a buzzword; it’s a critical security framework for modern enterprises. But how do you confidently adopt such a framework, and how do you assess your organization’s Zero Trust maturity? How can you de-mistify Zero Trust for your organization and your executives? For CISOs, measuring progress, setting clear goals, and ensuring continuous improvement are crucial steps in the journey towards robust, Zero Trust security.

In this session, senior cybersecurity leaders will explore practical methods for evaluating and tracking the maturity of Zero Trust implementations. We will discuss key performance indicators (KPIs), benchmarks, and tools to assess the effectiveness of your Zero Trust framework, and how to align your security strategy with your organization’s evolving needs.

Key discussion points include:

• Defining Zero Trust Maturity: Key stages of Zero Trust implementation and how to assess your organization’s progress
• Critical KPIs and Metrics: What to measure to evaluate Zero Trust maturity and the security impact at each stage
• Aligning Zero Trust with Business Objectives: Ensuring that your Zero Trust strategy supports organizational goals while enhancing security
• Continuous Improvement: How to evolve your Zero Trust model to keep pace with emerging threats and technologies
• Real-World Case Studies: Insights from CISOs who have successfully implemented Zero Trust at scale, and lessons learned along the way
• Zero Trust is a journey, not a destination. Join us to learn how to measure your maturity and accelerate your organization’s path to real-world security resilience

Speakers: 

• Jason Murphy, VP – Security Services & Delivery, DFIN (Donnelley Financial Solutions)
• Dannie Combs, SVP, CISO, DFIN

Join an intimate group of industry peers to experience a simulated cyber-attack, taking on a leadership role in a fictional company during a ransomware negotiation. Engage in a dynamic agenda with a realistic storyline inspired by recent high-profile breaches, confronting challenges and making critical decisions along the way.

Topics discussed:
Security Assurance, Identity and Access Management, Social Engineering, Threat Detection, Cyber Incident Response, Ransomware, Governance and Reporting Regulation in USA.

Guided by Commvault Security expert, attendees will navigate the ransomware journey and leave this session with an actionable toolkit and recommendations to evaluate their own company’s disaster recovery plan.

Our goal is for attendees to experience a realistic simulation of a complex cyber-attack scenario, enabling them to navigate demands and determine the next steps to protect their company’s data and restore business operations

Speaker: Chris Bevil, Director, Enablement, Commvault

Presented by: Commvault

Open seating, Buffet-style lunch. Serving food for all tastes, Palates, and preferences. Vegan, vegetarian, halal options available

Cybersecurity isn’t just a tech challenge—it’s a people-driven challenge. Without a company culture heavy on security, even the best tools and policies will not be enough. In a world where a single click can trigger a crisis, every employee, vendor, customer, partner and executive must understand they are part of the security equation.

This high-impact session challenges senior cybersecurity leaders to rethink how they drive behavior change across their organizations. Learn how to embed cybersecurity into daily habits, leadership mindsets and company values—not just annual trainings. Discover how to transform security from “someone else’s job” into a core part of how your business operates and succeeds.

Key takeaways include:

• Why traditional awareness programs are not enough—and what actually works
• Strategies to make cybersecurity ownership part of every role, from intern to CEO
• Leveraging internal influencers and business units to drive culture change faster
• Communicating the “why” behind security in a way that sticks
• Building a culture where secure behavior is the default, not the exception

If you think cybersecurity tools are enough, think again. Culture is your true first line of defense—and the time to build it is now.

Speaker: Darrel Raynor, Cybersecurity Director, LCRA

Traditional SOAR solutions often fall short of their promises, leaving SOC teams overwhelmed and vulnerable. Discover how AI automation goes beyond these limitations to deliver faster, smarter, and more effective security operations. Learn how next-level AI capabilities empower your team to detect, respond, and mitigate threats like never before.

Speaker: Jay Spann, Security Automation Evangelist, Swimlane

Presented by: Swimlane

The advances in AI are resulting in a transformation of the threat landscape. Adversaries are leveraging AI to exploit novel vulnerabilities and generate polymorphic malware variants. Cyber defense needs a paradigm shift from traditional reactive approaches of detection to preemptive approaches.

Join us in this engaging session to learn more about:

• How are adversaries exploiting AI for offensive campaigns?
• Why are traditional reactive approaches not sufficient?
• What is preemptive security, and what are the strategies to achieve it?

Speaker: Scott Hawk, CISO/Director, Acalvio

Presented by: Acalvio

You know the risks. You see the threats. But getting the Board of Directors and business leaders to truly understand—and act—is a different battle entirely. In a world where cybersecurity is now a business issue, not just a technical one, how you communicate risk can make or break your strategy.

This fast-paced, executive session will arm cybersecurity leaders with proven strategies for translating technical complexity into business urgency. Learn how to frame cyber risk in terms leadership cares about—revenue protection, operational resilience, brand trust—and shift conversations from technical warnings to strategic opportunities.

Key takeaways include:

• Breaking out of “tech speak” and telling a risk story that resonates
• Delivering metrics and visuals that influence decision-making
• Understanding board dynamics: What they prioritize and what they ignore
• Moving from fear-based appeals to business-aligned action plans
• Building trust and credibility to secure long-term security investments

Moderator: Mark Alba, Mark Alba, Managing Director, Cybermindz

Panelists:

• David Cass, CISO, GSR
• Lori McElroy, Associate Chief Information Security Officer,The University of Texas System
• Jon Garza, CISO, PSA BDP
• Ken Foster, CISO, Candescent

Circle back with your Peers on the content so far while grabbing a coffee and a snack

As organizations increasingly rely on SaaS applications, the risks associated with misconfigurations and emerging threats continue to rise. This session will explore how advanced SaaS security solutions provide the visibility, detection capabilities, and response tools needed to identify vulnerabilities, secure configurations, and mitigate threats in real-time. Discover tactical solutions to strengthen your SaaS security posture, protect critical data, and reduce risk in your cloud environment.

Speaker: Dan Devane, Vice President, West, AppOmni

Presented by: AppOmni

We’ll walk through three data breaches, explain some of the factors that resulted in the breaches and list some preventative measures that could have helped in reducing the likelihood of them happening. We’ll then explain why a holistic key management view that goes beyond automation and incorporates compliance and risk reduction is necessary in today’s evolving cryptographic landscape.

Speaker: Chris Ghantous, Technical Solutions Director, Entrust

Presented by: Entrust

Today’s CISOs and cybersecurity leaders are navigating an unrelenting storm—rising threats, escalating regulatory demands, resource constraints, and relentless board pressure. The result? Leadership fatigue, decision overload, and strategic tunnel vision at exactly the moment when clarity is most critical and team unity is needed.

This candid, executive-level session confronts the mental and operational toll cybersecurity leadership takes and offers real-world strategies for restoring focus, resilience, and effectiveness. Senior cybersecurity leaders will explore how to recalibrate decision-making under pressure, design teams and processes that reduce personal bottlenecks, and maintain a long-term strategic view despite the constant noise of daily crises.

Topics include:

• Recognizing the early warning signs of leadership burnout and decision fatigue
• Reengineering your operating model to distribute cognitive load and increase resilience
• Building personal and organizational systems that enable clear thinking under fire
• Maintaining strategic leadership amid short-term firefighting
• Redefining CISO success beyond survival—toward sustainable influence and impact

If you’re leading at the edge, this session will equip you to step back, refocus, and lead smarter for the long game.

Speakers:

• Mark Alba, Former Chief Product and Marketing Officer, Anomali, Managing Director, Cybermindz
• Peter Coroneos, Founder, Cybermindz

In today’s environment, success isn’t about predicting the next threat – It’s about being ready for when it arrives. Cybersecurity executives are now tasked with making faster, sharper decisions as both technology and adversary tactics evolve at unprecedented speed. Survival demands a new kind of leadership—one that blends rapid technological adoption with equally agile cultural transformation.

This panel brings together leading CISOs and cybersecurity executives to discuss how they are navigating the dual pressures of innovation and resilience. Attendees will hear firsthand how top leaders are balancing emerging technologies like AI, Zero Trust, and automation with the human and organizational shifts needed to defend against tomorrow’s threats.

Topics will include:

• Leading security strategies that keep pace with technological disruption.
• Creating a culture that can adapt as fast as the threat landscape evolves
• Balancing innovation with acceptable levels of business risk
• Preparing teams and infrastructures for the unknown: resilience as a core competency
• Redefining the CISO role for an era of perpetual transformation

Artificial Intelligence and Quantum Computing are not just disruptive forces—they are redefining the very foundation of product security. AI is accelerating the speed of both innovation and cyberattacks, while quantum computing threatens to break today’s cryptographic defenses entirely.

In this forward-looking session, senior cybersecurity executives will explore how these technologies are impacting product design, development, and security at the deepest levels. We’ll discuss the urgent need to rethink security architectures, prepare for post-quantum threats, and leverage AI responsibly to defend the next generation of products.

Speaker: Jacob Combs, CISO, Tandem Diabetes

The CISO role, created as a purely technical function 30 years ago, has evolved into a critical strategic leadership position. Today’s CISOs shape enterprise strategy, foster operational resilience, and navigate complex regulatory and personal liability risks. This session explores how CISOs are redefining leadership to protect both their organizations and their own professional standing.

Speaker: Amit Basu, VP, CIO & CISO, International Seaways

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Check back for updates on this session.

Presented by: iboss

As technology continues to evolve at an unprecedented pace, cybersecurity teams face the mounting challenge of securing increasingly complex software ecosystems. From cloud-native applications to microservices and DevSecOps, the tools and strategies that worked yesterday may not be enough to protect tomorrow’s applications.

In this session, senior cybersecurity leaders will explore strategies for keeping software security aligned with rapid technological advancements. We’ll discuss how to adapt security measures to modern development practices, mitigate risks from emerging technologies, and ensure that your software security strategy evolves in lockstep with your organization’s needs.