Date & Time:
Tuesday, April 14, 2026
08:30 - 17:00
Venue:
SECOND
849 6th Avenue
New York, NY 10001
A Different Kind of Security Event
The Infosec Anti-Summit challenges the status quo by creating a space for CISOs and security leaders to engage, collaborate, and share real-world experience.
Through a series of hands-on workshops, tabletop exercises, mock scenarios, and peer-led discussions, the Anti-Summit encourages maximum exchange of ideas in a setting built for trust, candor, and community.
This is not about watching from the sidelines, it is about being part of the conversation. It's not about people on stage talking at the audience, it's about getting people around the table talking with each other.
Identify the challenges. Understand how others are solving them. Develop a strategy to safeguard.
Welcome to the Anti-Summit.
What to Expect at the
Anti-Summit
CISO-Led Agenda
Step into the action with a collaborative TTX simulation designed to test response, resilience, and teamwork. Continue your day with hands-on sessions built around real-world challenges, led by peers who’ve been in the hot seat.
The Cyber Arcade
A live, interactive space where emerging founders, security innovators, and practitioners collide. Test-drive new ideas, swap feedback, and see what’s next without the sales pitch.
Connection Over Convention
Honest, peer-drive discussions about what’s working and what’s not in today’s security landscape. From hallway chats to post-session conversations, it’s all about the people at the InfoSec Anti-Summit.
Agenda
Registration & Breakfast
08:30 - 09:30
Opening Remarks
09:30 - 09:40
Tabletop Exercise
09:40 - 10:40
Ghost in the Machine: AI Threat Response
This interactive tabletop exercise challenges participants to respond to a sophisticated, multi-vector incident that targets their AI infrastructure through unexpected attack surfaces. Your customers look to you to lead in times of disruption and crisis. This exercise will challenge traditional thinking and disrupt the approach to incident and crisis management.
Workshops (Choose Your Own Adventure)
10:50 - 11:20
Workshop #1: Securing What You Can’t See: Maintaining Control in a World of Non-Human Workloads
This hands-on workshop puts security leaders face to face with five real-world scenarios spanning on-
premises, cloud, multi-cloud, SaaS, and agentic AI environments. Groups will work together to identify
policy gaps, draft plain-English controls, and surface the decisions their organizations can no longer
afford to defer. Modern enterprises run on automated workloads, service accounts, AI agents, and machine-to-machine connections that far outnumber their human users. Learn how to identify, govern, and audit what these non-human identities can access or what they are doing.
Workshop #2: Your Mission Quest: Map, Discover, and Secure the AI Ecosystem.
Teams progress through a series of “quests” to identify SaaS sprawl, AI tool usage, and agent interactions. Then, they’ll connect findings to real security risks and prioritize what matters most.
Anti-Roundtable
11:35 - 12:20
When the Network Becomes the Security Model: Rethinking How Teams Control the Edge
Legacy security architectures were built for a world where traffic flowed through predictable paths. AI workloads, shadow SaaS, and distributed teams are rapidly breaking those assumptions. In this roundtable, we'll work through real uses such as discovering when controls are blind to a category of AI-generated data movement. Where are the gaps most organizations aren't measuring? And what does a realistic modernization path look like, given the budget, staffing, and political constraints most CISOs are navigating right now? Come ready to work through the problem with your peers.
CISO-Led Workshops (Choose Your Own Adventure)
12:30 - 13:00
Workshop #1: Speaking the Language of Finance
By: Kristen Beneduce, CISO
Heatmaps and maturity scores don't secure budgets, fiscal reality does. If you're still reporting "High/Medium/Low" risks, you're speaking a dialect the board doesn't trade in. This workshop ditches the color charts in favor of math. Drawing on frameworks like FAIR, loss expectancy modeling, and valuation, we'll work through the numbers that translate security risk into business investment. Walk away ready to turn vulnerabilities into a defensible business case — and present security for what it is: a capital allocation decision.
Workshop #2: To Compliance Automation… and Beyond!
By: Justin Pagano, Senior Director, GRC Engineering & Emre Ugurlu, Head of Security GRC
Spreadsheets and audit checklists don't reduce risk, engineering does. If your GRC programs are still built on manual evidence collection and point-in-time assessments, you're operating with tools the speed of modern business has long outpaced. This workshop ditches the checkbox mentality in favor of code. Drawing on GRC Engineering principles — automation-first thinking, continuous control monitoring, and developer-native workflows — we'll reimagine the compliance and risk processes you hate most and sketch a real strategy for transforming them. Walk away with a working vocabulary for GRC Engineering and a concrete vision for bringing it to life at your organization.
Lunch
13:00 - 14:00
Anti-Roundtable
14:05 - 14:50
Escaping the Past for the Agentic GRC Era
Traditional GRC breaks down under pressure... So let's put it under pressure. Participants will move through hands-on challenges that mirror real life challenges that they need to pass to free a team mate from "Audit Hell". By working physically, collaboratively, and under time constraints, this session shows how AI agents can transform slow, manual compliance into fast, data-driven decision-making. Come ready to move, build, and escape outdated GRC thinking.
Workshops (Choose Your Own Adventure)
15:00 - 15:30
Workshop #1: Who Actually Did This? Identity Attribution in Production Environments
Participants will break into small groups to discuss real-world scenarios drawn from production environments they operate daily - AWS, GCP, Azure, GitHub, Okta, and beyond. Each scenario is designed to surface the moments where identity attribution breaks down during investigations: the activity that's hardest to trace back to an identity, the context that's missing when an alert fires, and the data security teams wish they had from the first minute of an investigation. The session will close with a rapid-fire readout by each group about challenges uncovered, unique requirements, and lessons learned.
Workshop #2: Is Your Brand Protected In The Era of The Agentic Internet?
Bad bots now make up 37% of all internet traffic. AI bot activity has surged 300% in the past year. Adversaries are no longer just human, they are coordinated, autonomous agent networks impersonating your brand, targeting your executives, and harvesting your customers' credentials at machine speed. This workshop challenges CISOs to honestly assess whether their threat intelligence and digital risk protection capabilities can detect, prioritize, and dismantle these attacks, before people get hurt.
CISO-Led Workshops (Choose Your Own Adventure)
15:45 - 16:15
Workshop #1: What’s the Cost of a SQL Injection, $10?
By: Nate Vanderheyden, CISO, Morgan Stanley
Cyber risk quantification is often perceived as academic, science-fiction, or unattainable. This interactive workshop cuts through the mythology and focuses on practical solutions that are achievable today. Leveraging relatable scenarios, participants will work through how the various dimensions of likelihood, exposure, and impact, can be expressed more consistently using data organizations already have. We'll explore why traditional scoring systems and heatmaps fall short, where quantification adds real decision value, how "good enough" models can materially improve prioritization and executive conversations. Attendees will leave with practical mental models they can apply immediately without the need for a perfect or fully mature quant program.
Workshop #2: NO PLAYBOOK, NO PROBLEM: Building a Security Program When Culture Beats Compliance
By: Christina Morillo, CISO, New York Giants
The most dangerous moment in a security program isn't a breach. It's when the checklist is clean, and nothing is actually secure.
In fast-moving, culture-first environments, the gap between documented compliance and operational reality quietly widens until something breaks. Traditional playbooks assume organizational readiness that doesn't exist, executive buy-in, good-faith partnership, and teams that see security as an asset rather than a tax.
This workshop skips the theory and gets into the real work. We'll diagnose the cultural patterns that derail technically sound programs, map the dynamics that standard frameworks can't touch, and pressure-test real scenarios together. You will leave with a practical framework for building trust and translating security into language that drives action in messy, high-pressure environments where culture always wins.
Cyber Arcade & Happy Hour
16:20 - 17:30
After-Summit Dinner
17:30 - 21:00
Time to unwind and enjoy some great company after a successful day. No more work related discussions, just good food and good people. Perfect.
Step into the Cyber Arcade - a casual, come-and-go space where you can explore tools and self-test-drive the latest products that actually solve problems. Play with it. Break it. Start again. And just like any normal arcade, there will be tickets and prizes up for grabs!
In association with:
Voices Of The Anti-Summit
Kristen Beneduce
Davin Darnt
Justin Pagano
Nate Vanderheyden
Peter Rosario
Harry Halikias
Dan Gorecki
Jeremy Schumacher
Jake Bernardes
Phil Beyer
Christina Morillo
Emre Ugurlu
Mark Aklian
Dr. Omar Sangurima
Larry Whiteside Jr.
Matthew Webster
Natalie Kacik
Kunal Agarwal
Nir Greenberg
