Anti-Summit: New York — The CISO Society

Date & Time:
Wednesday, March 19
09:30 - 17:00

Venue:
SECOND
849 6th Ave
New York, NY

Agenda

Registration & Breakfast

09:30 - 10:20

Opening Remarks

10:20 - 10:25

Tabletop Exercise

10:25 - 11:25

Omni-channel threat response: A Tabletop Exercise for Business Resilience
Organizations are global engines with many disparate systems and critical moving parts. The threat landscape is vast and the attack surface is growing in complexity. Your customers look to you, to lead in times of disruption and crisis. This exercise will challenge traditional thinking and disrupt the approach to incident and crisis management.

11:30 - 12:00

Workshops

Session #1: Building Cultures for Mental Wellbeing and Resilience
In this interactive workshop, participants will explore approaches for building cybersecurity team cultures that prioritize mental wellbeing to prevent burnout. Drawing from organizational psychology and industry best practices, we'll examine the factors - both expected and unexpected- that impact mental health in security operations. Participants will develop practical strategies for cultivating team cultures that proactively prioritize mental wellbeing rather than waiting to react to mental health crises and burnout.

Session #2: How do I protect my ‘dataverse’?
Aiding the business through discovery and security of it’s data is a continuous challenge. Data is the fastest growing enterprise attack surface, and is projected to surpass 181 Zettabytes in 2025. This discussions will focus on identifying what data you have, where it's stored, who, or what, can access it, and which data risks exist - providing the strategies to secure it, without overwhelming your team with alerts and manual remediations.

Session #3: How do we create cross-team collaboration to reduce SaaS security risk?
You just discovered that your business is leveraging critical SaaS applications like NetSuite and Salesforce—but security has no governance over them. Business teams have adopted these tools outside of IT oversight, integrating third-party applications and sharing sensitive data with external partners—all without security monitoring. How do you regain control without disrupting business operations?Join Valence Security for an interactive, scenario-based workshop on bridging the gap between security, IT, and business teams. We’ll explore the operational challenges of distributed SaaS administration and showcase how real customers leverage Valence to foster collaboration and streamline risk remediation. Learn how to gain visibility, operationalize security findings, and empower business teams to take an active role in securing SaaS—without slowing them down.

Networking Lunch

12:00 - 12:55

Roundtable Exercise

13:00 - 14:00

Why is GRC Stuck in the Year 2000?!
In the year 2000, the world didn’t implode from Y2K, the GameCube hit the shelves (Metroid Prime—if you know, you know), American Beauty swept the awards, and Brangelina became official. Meanwhile, GRC existed… and, while it has evolved on paper, many organizations still run it like it’s the early 2000s—reliant on spreadsheets, checkbox compliance, and frameworks that don’t reflect today’s cloud, SaaS, or integrated tech stacks.

So why has GRC struggled to modernize? In this session, we’ll explore the legacy mindsets, regulatory inertia, and the persistent disconnect between security teams and business leadership that have kept GRC stuck in the past. More importantly, we’ll discuss what needs to change:

How can practitioners push for a more dynamic, risk-driven approach?
What role do automation, AI, and real-time assurance play in modernizing GRC?
How do we shift compliance from a bottleneck to an enabler of real security (and not just sales)?

Bring your thoughts, challenges, and hot takes—we’re not just talking about the problem, we’re working toward real solutions.

Workshops

14:05 - 14:35

Session #1: Let’s explore the convergence of the CISO and CIO
Traditionally, security has fallen under IT, with the CISO reporting to the CIO. However, we’re now seeing a growing trend of CISOs becoming CIOs and taking over IT. This session will delve into various aspects of this topic, including the reasons behind this shift, the circumstances in which it occurs, and how CISOs can determine if this is the right career move for them. We’ll also explore the benefits and challenges of this convergence, strategies for approaching the transition, and key factors that contribute to a CISO’s success in a CIO role.

Session #2: Can AI-Driven Security Operations Be the Key to Measurable Success?
In this interactive, no-fluff session, you’ll collaborate with other cybersecurity leaders to explore how AI can bridge the gap between overburdened teams and cost-efficient, optimized security operations. You’ll dive into real-world use cases, decision-making frameworks, and performance-driven insights. By the end, you’ll leave with actionable strategies to reduce manual workload, improve detection and response times, and drive better security outcomes—without the need for large teams or enterprise-level budgets. This session is about cutting through the hype and making AI work for your security needs today.

Session #3: How to help AppSec have better relationships with engineering teams
Effective software security requires application security teams to collaborate and understand platform engineering and development teams. Karl Mattson and Darren Meyer from Endor Labs will lead this interactive workshop through a series of scenarios which illustrate the often painful relationship that can result from misaligned goals and perspective. We'll look at this relationship from all angles. We'll set new boundaries. We'll establish new patterns that break old habits. It's time to start the healing process.

Roundtable Exercise

14:40 - 15:40

What are the most significant challenges we're facing with non-human identities, and how can we make this a strategic priority?
Non-Human Identities (NHIs) are growing exponentially faster than human identities as organizations create ever more API keys, access tokens, traditional service accounts, and vaulted secrets. Do you know how many times people in your organization have clicked “authorize” to let an app access your systems and data? Do you know how your suppliers are using the access you’ve granted to deliver their promised value? As AI agents increasingly leverage NHIs to interact with your data, is this trend a passing fad, or is NHI here to stay—powering AI and shaping the future of your organization?

15:40 - 15:50

Refreshment Break

Workshops

15:55 - 16:25

Session #1: Buying Down Risk Through Strategic Technology Investments
Today’s CISOs are increasingly called upon to communicate in terms of business risk, bridging the gap between cybersecurity and executive decision-making.But what if you could extend that clarity to your technology purchasing decisions as well? Let’s explore a fresh perspective that empowers you to achieve exactly that.

Session #2: So, You Want to Be a Security Advisor? What You Need to Know Before You Start
Many professionals in the information security space consider taking on advisory roles for startups and growing companies seeking guidance. But what does it really take to be an effective advisor? This session will explore key considerations, potential challenges, and best practices for those looking to step into an advisory role. From understanding expectations to building strong partnerships, we’ll discuss what you need to know to make informed decisions and provide real value as a trusted security advisor.

16:30 - 17:00

Anti-Keynote

16:30 - 17:00

Meet Magdelene. She is YOUR Responsibility
She’s in her 60s widowed with no next of kin or family… vibrant and still full of life, she wanted to find love again so she joined an online dating platform seeking companionship. She met someone kind and caring. Over time, he gained her trust with poetry and discussions about their future. Then he asked for money. First a little, then more. Over six months, Magdalene had sent him $7,000.

And then—he vanished.