The CISO Chapter North America

This session explores how to effectively quantify and prioritise cybersecurity risks to empower system owners in making informed, data-driven decisions. Attendees will learn practical methods to translate technical vulnerabilities into measurable business impact, enabling smarter resource allocation and continuous security improvement.

Key Takeaways:

1. Understand frameworks and metrics for quantifying cyber risk and linking it to business outcomes.

2. Learn how to empower system owners with actionable risk insights to prioritise mitigation efforts effectively.

Attendees will learn why clean room architecture is necessary to perform proper forensic investigation during a cyberattack. The workshop will cover preparing and initiating a clean room, how to use it to understand a cyber attacker’s tactics and techniques, and why it helps when developing a mitigation plan for an incident. Specific clean room design strategies, use cases, and actionable next steps will be shared throughout this workshop. The importance of vaulted backup copies to feed a clean room will also be highlighted.

Key Takeaways:

• The purpose of a clean room during the investigation phase of cyber incident response.
• Why building and testing a clean room is a key component of a cyber resilience strategy and a hallmark of the most cyber-mature organizations.
• What a digital jump bag is and how it is used to deploy the minimum viable response capability inside a clean room.
• Best practices for clean room architecture, including network isolation, environmental prerequisites, and recommended forensic capabilities.
• The role that data protection software and vaulted backups play in feeding data to a clean room.
• How clean room speeds cyber response, reduces RTO, and lessens the risk of re-infection during the mitigation phase of an incident.

Technology can only go so far—people remain a critical line of defence. This session looks at how to embed security-first thinking across your organisation, designing training that is engaging, role-specific, and aligned to real-world threats.

Key Takeaways:

• Discover proven methods for shifting employee behaviour from compliance to active risk reduction.

• Learn how to measure and improve the effectiveness of security awareness programmes.

Agentic AI—autonomous agents that can plan, reason, and act on behalf of humans—are quickly becoming vital to business operations. As their use and numbers scales, so do the risks. These non-human identities need to be treated as first-class-citizens—meaning that they are verified, authenticated, authorized, and governed with the same rigor as human users. Attempting to manage AI agents without a modern identity foundation can result in over-permissioning, undetected hijacking, and other security blind spots. This roundtable will explore how organizations can safely and strategically enable AI agents through identity-first security.

Discussion Questions:

• Given the anticipated proliferation of AI agents within organizations, how prepared are your current IAM systems and processes to provision, manage the lifecycle, and govern thousands of non-human identities operating autonomously or on behalf of users?

• How can we ensure that AI agents are granted only the minimum privileges necessary and that sensitive actions require explicit human oversight and approval, validated through secure, out-of-band methods, without creating excessive operational friction?

• What specific capabilities do we need to implement or enhance within our digital identity infrastructure to detect, monitor, and audit AI agent activity effectively, and how will this help us differentiate between legitimate agent behavior and malicious use or security incidents?

• Considering that AI agents blur the lines between automation and human-driven interactions, how does prioritizing a robust, agent-aware digital identity strategy become foundational not just for security, but for enabling scalable, compliant, and trustworthy AI adoption across the business?

Step away from passive listening and into active problem-solving. In this highly interactive session, you’ll work alongside your peers to explore some of the most pressing challenges and exciting opportunities facing your role today. Share experiences, exchange fresh perspectives, and leave with practical ideas you can take back to your organisation.

Discover Hyperproof: An Overview of Hyperproof’s AI-Powered Platform

Join Hyperproof’s demo session where we’ll explore how the platform empowers your team to streamline compliance operations, mitigate risks, and build trust with customers and stakeholders, with AI embedded across every workflow. This engaging session will dive into key product areas like Hyperproof’s controls module, risk module, and reporting, showcasing how Hyperproof AI provides a continuous, proactive assurance GRC engine built on intelligence and tailored to your business needs. Attendees will gain a comprehensive understanding of how the Hyperproof platform can increase compliance productivity, improve stakeholder visibility, and reduce time spent on manual processes like evidence collection and audit prep.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.

Static threat feeds are no longer enough. This session focuses on blending advanced threat intelligence with predictive analytics to anticipate and neutralise threats before they strike.

Key Takeaways:

• Learn how to integrate predictive capabilities into your threat intelligence programme.

• Identify use cases where AI-enhanced threat modelling drives measurable risk reduction.

• Moving Beyond the traditional "Castle and Moat", organizations now use cloud services, SaaS applications, and have employees working from anywhere on any device. This means the attack surface is now everywhere.
• A Vendor-Neutral, technology first approach: vendor bias can significantly hinder a cybersecurity program. When a single vendor's solutions are adopted across the board, it can lead to vendor lock-in, limited flexibility, and a lack of best-of-breed solutions.
• Measuring & Maturing the program: To build a sustainable cybersecurity program, you can't just buy a product and call it a day. The program needs to be a continuous process of improvement.

With regulations tightening and data volumes growing, privacy is a moving target. This session covers the strategies and tools CISOs need to ensure sensitive data remains protected while meeting evolving compliance obligations.

Key Takeaways:

• Learn how to operationalise privacy across hybrid and multi-cloud environments.

• Gain insights into emerging regulatory trends and their security implications.

Surprisingly, the majority of breach-reasons today are NOT vulnerability-related, but rather caused by misconfiguration, application interfaces, supply chain or credential related security gaps.

Exposure Management is here to allow a strategy and process for addressing the reduction of risk over the entire attack surface.

This session will present a simple, pragmatic approach to implementing an Exposure Management strategy with minimal incremental investment while focusing on automation and validation.

Step away from passive listening and into active problem-solving. In this highly interactive session, you’ll work alongside your peers to explore some of the most pressing challenges and exciting opportunities facing your role today. Share experiences, exchange fresh perspectives, and leave with practical ideas you can take back to your organisation.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.