National CISO & Security Leaders Forum 2025

In today’s environment, success isn’t about predicting the next threat – It’s about being ready for when it arrives. Cybersecurity executives are now tasked with making faster, sharper decisions as both technology and adversary tactics evolve at unprecedented speed. Survival demands a new kind of leadership—one that blends rapid technological adoption with equally agile cultural transformation.

This panel brings together leading CISOs and cybersecurity executives to discuss how they are navigating the dual pressures of innovation and resilience. Attendees will hear firsthand how top leaders are balancing emerging technologies like AI, Zero Trust, and automation with the human and organizational shifts needed to defend against tomorrow’s threats.

Topics will include:

• Leading security strategies that keep pace with technological disruption.
• Creating a culture that can adapt as fast as the threat landscape evolves
• Balancing innovation with acceptable levels of business risk
• Preparing teams and infrastructures for the unknown: resilience as a core competency
• Redefining the CISO role for an era of perpetual transformation

In the past 12 months, 87% of F1000 businesses were affected by significant cyber incidents as a result of a third-party. And yet, most rely on ‘snapshot in time’ questionnaires. While necessary, snapshots are insufficient by themselves, and must be augmented with continuous monitoring in support of ongoing security operations. This requires a different approach, that includes external threat detection capabilities by using AI across Public Data.

• The Public Data opportunity: collect, process, alert across multiple languages / modalities
• Real-time external threat detection on a rapidly evolving threat landscape
• The most advanced AI techniques for automating the collection, processing, delivery, and initial analysis of millions of public data sources

Presented by: Dataminr

In an era of mounting digital threats and regulatory pressures, effective risk management is more critical—and more complex—than ever. Yet for many organizations, risk frameworks become bloated, theoretical, and disconnected from daily decision-making.

This executive session cuts through the noise, offering cybersecurity leaders a practical, actionable blueprint for building and sustaining a risk management program that drives real resilience. Attendees will learn how to simplify risk identification, prioritize threats based on business impact, and implement mitigation strategies that are both scalable and operationally feasible.

Key takeaways include:

• Translating risk management from theory into clear, repeatable processes
• Identifying and assessing risks in fast-moving, complex environments
• Communicating risk in business terms executives and boards can act on
• Building a dynamic, adaptable risk management framework that grows with your organization
• Using risk insights to drive better security investments and strategic decisions

AI isn’t coming for cybersecurity—it’s already here, and it’s bringing both friends and enemies. As attackers arm themselves with AI tools, cybersecurity leaders must evolve faster than ever—or risk being outpaced by smarter, faster threats.

In this lively session, we’ll explore how senior security executives can harness AI’s power for defense while staying one step ahead of AI-fueled attacks. Expect candid advice, real-world war stories, and a few laughs as we tackle the serious business of surviving (and thriving) in the AI era.

Key takeaways include:

• How hackers are using AI—and how to beat them at their own game
• Building smarter, faster, slightly paranoid security architectures
• Why your 5-year security strategy now needs to change every 6 months
• Training your team (and your board) to think like AI-age defenders
• Laughing in the face of chaos—because if you’re not evolving, you’re toast

Circle back with your Peers on the content so far while grabbing a coffee or tea and a snack

The role of the CISO and cybersecurity leader is undergoing a seismic shift in the face of new technologies—none more transformative than Agentic AI. While AI promises to revolutionize cybersecurity with enhanced threat detection and automation, it also brings new risks, including the potential for autonomous, AI-driven attacks. For CISOs, this evolving landscape presents both incredible opportunity and significant threat.

In this session, senior cybersecurity leaders will examine the rapidly evolving role of the CISO and the dual nature of Agentic AI in the cybersecurity ecosystem. From harnessing AI’s capabilities for proactive defense to mitigating the emerging risks it creates, we’ll explore the challenges CISOs face and the strategies they must adopt to stay ahead.

Key discussion points include:

• The Evolution of the CISO: How the CISO’s role is shifting from a traditional IT protector to a strategic business leader in the age of AI
• Harnessing the Power of Agentic AI: How AI can automate security tasks, improve threat intelligence, and bolster defenses
• Facing the Double-Edged Sword: The growing risks of autonomous AI systems, including adversarial AI, and how to defend against them
• Rewriting the Playbook: How CISOs can balance AI innovation with maintaining security control and governance
• Future-Proofing

Presented by: Varonis

Zero Trust is no longer a buzzword; it’s a critical security framework for modern enterprises. But how do you know when your organization has truly achieved Zero Trust maturity? For CISOs, measuring progress, identifying gaps, and ensuring continuous improvement are crucial steps in the journey towards robust, zero-trust security.

In this session, senior cybersecurity leaders will explore practical methods for evaluating and tracking the maturity of Zero Trust implementations. We will discuss key performance indicators (KPIs), benchmarks, and tools to assess the effectiveness of your Zero Trust framework, and how to align your security strategy with your organization’s evolving needs.

Key discussion points include:

• Defining Zero Trust Maturity: Key stages of Zero Trust implementation and how to assess your organization’s progress
• Critical KPIs and Metrics: What to measure to evaluate Zero Trust maturity and the security impact at each stage
• Aligning Zero Trust with Business Objectives: Ensuring that your Zero Trust strategy supports organizational goals while enhancing security
• Continuous Improvement: How to evolve your Zero Trust model to keep pace with emerging threats and technologies
• Real-World Case Studies: Insights from CISOs who have successfully implemented Zero Trust at scale, and lessons learned along the way
• Zero Trust is a journey, not a destination. Join us to learn how to measure your maturity and accelerate your organization’s path to real-world security resilience

Imagine your CFO joins a video call with what looks like the company’s divisional president—followed by the CEO, live on camera, confirming a major wire transfer. Except…none of them were real. Welcome to the new frontier of deepfake-driven cybercrime.

In this eye-opening session, senior cybersecurity leaders will dissect real-world deepfake attacks targeting multinational corporations, highlighting how visual deception is rapidly evolving beyond email scams. We’ll explore critical lessons in securing executive communications, the role of “safe words” and trust protocols, and the cultural complexities that arise when operating across global teams with different risk perceptions and communication norms.

Discussion points include:

• How deepfake technology is weaponizing trust at the executive level.
• Why traditional identity verification methods are no longer enough.
• How to educate and partner with innovative startups to build new defenses.
• The challenge of deploying consistent cybersecurity behaviors across multi-national, multicultural teams.
• Actionable strategies for hardening executive communications—including when and how to introduce “safe word” protocols.

In an era where seeing is no longer believing, cybersecurity leaders must rethink how trust is established, verified, and protected—before deepfake deception becomes the next multimillion-dollar breach.

Join an intimate group of industry peers to experience a simulated cyber-attack, taking on a leadership role in a fictional company during a ransomware negotiation. Engage in a dynamic agenda with a realistic storyline inspired by recent high-profile breaches, confronting challenges and making critical decisions along the way.

Topics discussed:

Security Assurance, Identity and Access Management, Social Engineering, Threat Detection, Cyber Incident Response, Ransomware, Governance and Reporting Regulation in USA.

Guided by Commvault Security expert, attendees will navigate the ransomware journey and leave this session with an actionable toolkit and recommendations to evaluate their own company’s disaster recovery plan.

Our goal is for attendees to experience a realistic simulation of a complex cyber-attack scenario, enabling them to navigate demands and determine the next steps to protect their company’s data and restore business operations

Presented by: Commvault

Open seating, Buffet-style lunch. Serving food for all tastes, Palates, and preferences. Vegan, vegetarian, halal options available

Cybersecurity isn’t just a tech problem—it’s a people problem. And without a company-wide security culture, even the best tools and policies will fail. In a world where a single click can trigger a crisis, every employee, vendor, and executive must understand they are part of the security equation.

This high-impact session challenges senior cybersecurity leaders to rethink how they drive behavior change across their organizations. Learn how to embed cybersecurity into daily habits, leadership mindsets, and company values—not just annual trainings. Discover how to transform security from “someone else’s job” into a core part of how your business operates and succeeds.

Key takeaways include:

• Why traditional awareness programs are broken—and what actually works
• Strategies to make cybersecurity ownership part of every role, from intern to CEO
• Leveraging internal influencers and business units to drive culture change faster
• Communicating the “why” behind security in a way that sticks
• Building a culture where secure behavior is the default, not the exception

If you think a strong firewall is enough, think again. Culture is your true first line of defense—and the time to build it is now.

The modern enterprise is powered by data—and attacked because of it. As organizations accelerate their use of Analytics, Business Intelligence, AI, Cloud, and Edge Infrastructure, cybersecurity leaders face a new reality: securing static systems is no longer enough. You must secure dynamic, distributed, and data-driven ecosystems.

This session brings together senior cybersecurity executives to discuss the challenges and strategies for safeguarding the next generation of enterprise technologies. We will explore how to protect data across its entire lifecycle—from collection and analysis to storage and AI-driven decision-making—while ensuring compliance, resilience, and innovation at scale.

Key discussion topics:

• Defending the Cloud and Edge: Securing complex, decentralized infrastructure from core to edge.
• Protecting AI and BI Pipelines: Ensuring integrity and trust in machine-driven insights.
• Data Governance and Management: Building security into data flows, not just data stores.
• Visibility Across Ecosystems: Gaining real-time insight without slowing down innovation.
• Futureproofing Security Architectures: Preparing for the convergence of AI, analytics, and distributed infrastructure threats.

In a world where data is the crown jewel, cybersecurity must be the armored vault, the security camera, and the trusted advisor—all at once. Are you ready?

The advances in AI are resulting in a transformation of the threat landscape. Adversaries are leveraging AI to exploit novel vulnerabilities and generate polymorphic malware variants. Cyber defense needs a paradigm shift from traditional reactive approaches of detection to preemptive approaches.

Join us in this engaging session to learn more about:

• How are adversaries exploiting AI for offensive campaigns?
• Why are traditional reactive approaches not sufficient?
• What is preemptive security, and what are the strategies to achieve it?

Presented by: Acalvio

You know the risks. You see the threats. But getting the Board of Directors and business leaders to truly understand—and act—is a different battle entirely. In a world where cybersecurity is now a business issue, not just a technical one, how you communicate risk can make or break your strategy.

This fast-paced, executive session will arm cybersecurity leaders with proven strategies for translating technical complexity into business urgency. Learn how to frame cyber risk in terms leadership cares about—revenue protection, operational resilience, brand trust—and shift conversations from technical warnings to strategic opportunities.

Key takeaways include:

• Breaking out of “tech speak” and telling a risk story that resonates
• Delivering metrics and visuals that influence decision-making
• Understanding board dynamics: What they prioritize and what they ignore
• Moving from fear-based appeals to business-aligned action plans
• Building trust and credibility to secure long-term security investments

Circle back with your Peers on the content so far while grabbing a coffee and a snack

In an era where cyber threats are more pervasive and sophisticated than ever, cybersecurity cannot be siloed within IT departments. For security to be truly effective, it must be ingrained at every level of the organization. Cybersecurity standards like NIST, ISO 27001, and industry-specific frameworks offer not only compliance guidance but also serve as powerful tools to foster a culture of awareness throughout your enterprise.

This session will dive into how cybersecurity leaders can use these standards to ensure that security is everyone’s responsibility, from the C-suite to frontline employees. Explore how to translate complex frameworks into actionable, relatable steps that empower every team member to contribute to a more secure organization.

Today’s CISOs and cybersecurity leaders are navigating an unrelenting storm—rising threats, escalating regulatory demands, resource constraints, and relentless board pressure. The result? Leadership fatigue, decision overload, and strategic tunnel vision at exactly the moment when clarity is most critical and team unity is needed.

This candid, executive-level session confronts the mental and operational toll cybersecurity leadership takes and offers real-world strategies for restoring focus, resilience, and effectiveness. Senior cybersecurity leaders will explore how to recalibrate decision-making under pressure, design teams and processes that reduce personal bottlenecks, and maintain a long-term strategic view despite the constant noise of daily crises.

Topics include:

• Recognizing the early warning signs of leadership burnout and decision fatigue
• Reengineering your operating model to distribute cognitive load and increase resilience
• Building personal and organizational systems that enable clear thinking under fire
• Maintaining strategic leadership amid short-term firefighting
• Redefining CISO success beyond survival—toward sustainable influence and impact

If you’re leading at the edge, this session will equip you to step back, refocus, and lead smarter for the long game.

As cybersecurity evolves from a technical function to a core business risk discipline, more organizations are rethinking the traditional CIO-CISO reporting structure. In this candid discussion, seasoned security leaders who report outside of IT — including to CFOs, CEOs, and boards — will unpack how this shift changes everything: visibility, influence, funding, and risk framing. The panel will explore the real-world pros and cons of reporting beyond IT, how it redefines the CISO’s role, and what organizational maturity is required to make it work.

Key Discussion Questions & Talking Points:

Strategic Impact

• How does reporting to the CFO or CEO reshape the CISO’s ability to position cybersecurity as a business enabler rather than a technical function?
• What influence does this shift have on cybersecurity’s role in enterprise risk management?

Funding & Resource Allocation

• Does reporting to finance improve conversations around cybersecurity funding and ROI?
• How can CISOs build a compelling business case for investment when security outcomes are preventative and often intangible?

Communication & Influence

• What new communication skills or business fluency must CISOs develop when moving outside of IT?
• How can CISOs better translate cyber risk into financial and operational terms that resonate with the C-suite?

Conflict of Interest with IT

• Does separating the CISO from the CIO help reduce conflicts of interest in areas like project timelines, performance, and user experience?
• How can CISOs maintain healthy collaboration with IT when they’re no longer in the same reporting line?

Organizational Readiness

• What kind of organizational structure, leadership support, and culture are needed to successfully reposition the CISO role?
• When shouldn’t a CISO report outside of IT — and what signs suggest the organization isn’t ready?

Career & Role Evolution

• How has this shift changed the panelists’ career trajectories or the perception of the CISO within the business?
• Does reporting outside IT create opportunities for broader responsibilities, such as enterprise risk or data governance?

Artificial Intelligence and Quantum Computing are not just disruptive forces—they are redefining the very foundation of product security. AI is accelerating the speed of both innovation and cyberattacks, while quantum computing threatens to break today’s cryptographic defenses entirely.

In this forward-looking session, senior cybersecurity executives will explore how these technologies are impacting product design, development, and security at the deepest levels. We’ll discuss the urgent need to rethink security architectures, prepare for post-quantum threats, and leverage AI responsibly to defend the next generation of products.

Too often, cybersecurity teams operate in isolation from broader business goals — resulting in misaligned priorities, friction with stakeholders, and under-leveraged resources. This session focuses on how senior security leaders can recalibrate their operations to deliver measurable value to the business. Learn how to translate security risks into business risks, communicate in the language of the boardroom, and embed cyber strategy into enterprise planning. Attendees will hear real-world approaches for risk-informed decision-making, aligning security metrics with KPIs, and building trust across departments. The goal: evolve from being a reactive cost center to a strategic enabler of innovation, resilience, and growth.

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Data Security Posture Management (DSPM) is transforming how organizations understand, monitor, and protect sensitive data across complex hybrid and cloud environments. This session will explore how DSPM enables continuous visibility into data flows, identifies risk exposure, and prioritizes remediation based on context and business impact. Attendees will gain insights into practical strategies for implementing DSPM to strengthen data governance, reduce risk, and support compliance efforts.

Despite widespread deployment of sanctioned generative AI tools, enterprises are facing an unprecedented surge in data exposure through unsanctioned AI use — with a 30x increase in sensitive data leaked via shadow AI in just a year. This session confronts the hard truth: security leaders aren’t any closer to reining in the risk. Attendees will explore the limits of traditional data loss prevention, why shadow AI persists even in regulated environments, and how modern governance frameworks must evolve. Experts will unpack new paradigms in visibility, policy enforcement, and AI-specific security controls that go beyond outdated assumptions. CISOs and senior leaders will leave with actionable strategies to shift from passive monitoring to proactive containment — before governance debt becomes a breach.

As technology continues to evolve at an unprecedented pace, cybersecurity teams face the mounting challenge of securing increasingly complex software ecosystems. From cloud-native applications to microservices and DevSecOps, the tools and strategies that worked yesterday may not be enough to protect tomorrow’s applications.

In this session, senior cybersecurity leaders will explore strategies for keeping software security aligned with rapid technological advancements. We’ll discuss how to adapt security measures to modern development practices, mitigate risks from emerging technologies, and ensure that your software security strategy evolves in lockstep with your organization’s needs.