The CISO Chapter North America

This session explores how to effectively quantify and prioritise cybersecurity risks to empower system owners in making informed, data-driven decisions. Attendees will learn practical methods to translate technical vulnerabilities into measurable business impact, enabling smarter resource allocation and continuous security improvement.

Key Takeaways:

1. Understand frameworks and metrics for quantifying cyber risk and linking it to business outcomes.

2. Learn how to empower system owners with actionable risk insights to prioritise mitigation efforts effectively.

Hosted by Wiz, this workshop explores how enterprises can regain control and visibility across sprawling multi-cloud environments. As cloud adoption accelerates, blind spots increase—creating challenges for security, compliance, and performance. Wiz will demonstrate a modern framework for achieving unified visibility, contextual risk understanding, and prioritised remediation across all cloud assets, empowering teams to move faster and more securely.

Key Takeaways:

• Complete Cloud Visibility: How Wiz helps organisations uncover every asset, configuration, and identity across multi-cloud environments
• Contextual Risk Understanding: Why visibility alone isn’t enough—discover how to correlate misconfigurations, vulnerabilities, and exposures for real risk insight
• Secure at the Speed of Cloud: Best practices for implementing scalable, automated visibility that enhances security without slowing innovation.

Agentic AI—autonomous agents that can plan, reason, and act on behalf of humans—are quickly becoming vital to business operations. As their use and numbers scales, so do the risks. These non-human identities need to be treated as first-class-citizens—meaning that they are verified, authenticated, authorized, and governed with the same rigor as human users. Attempting to manage AI agents without a modern identity foundation can result in over-permissioning, undetected hijacking, and other security blind spots. This roundtable will explore how organizations can safely and strategically enable AI agents through identity-first security.

Discussion Questions:

• Given the anticipated proliferation of AI agents within organizations, how prepared are your current IAM systems and processes to provision, manage the lifecycle, and govern thousands of non-human identities operating autonomously or on behalf of users?

• How can we ensure that AI agents are granted only the minimum privileges necessary and that sensitive actions require explicit human oversight and approval, validated through secure, out-of-band methods, without creating excessive operational friction?

• What specific capabilities do we need to implement or enhance within our digital identity infrastructure to detect, monitor, and audit AI agent activity effectively, and how will this help us differentiate between legitimate agent behavior and malicious use or security incidents?

• Considering that AI agents blur the lines between automation and human-driven interactions, how does prioritizing a robust, agent-aware digital identity strategy become foundational not just for security, but for enabling scalable, compliant, and trustworthy AI adoption across the business?

Cryptography secures every identity, transaction, and connection — yet most organizations can’t see all the keys, certificates, and algorithms they rely on. This hidden gap is a growing target for threat actors, especially with AI-driven attacks and post-quantum disruption on the horizon. Learn how to discover and prioritize vulnerabilities, automate cryptographic inventory, and make cryptographic risk a measurable part of your security strategy.

Key takeaways: Cryptography secures every identity, transaction, and connection, but most organizations lack visibility into all the keys, certificates, and algorithms they depend on.

• In this session, you'll learn how to:

• Discover and prioritize cryptographic vulnerabilities

• Automate cryptographic inventory and management

• Make cryptographic risk a measurable part of your overall security strategy

Attendees will learn why clean room architecture is necessary to perform proper forensic investigation during a cyberattack. The workshop will cover preparing and initiating a clean room, how to use it to understand a cyber attacker’s tactics and techniques, and why it helps when developing a mitigation plan for an incident. Specific clean room design strategies, use cases, and actionable next steps will be shared throughout this workshop. The importance of vaulted backup copies to feed a clean room will also be highlighted.

Key Takeaways:

• The purpose of a clean room during the investigation phase of cyber incident response.
• Why building and testing a clean room is a key component of a cyber resilience strategy and a hallmark of the most cyber-mature organizations.
• What a digital jump bag is and how it is used to deploy the minimum viable response capability inside a clean room.
• Best practices for clean room architecture, including network isolation, environmental prerequisites, and recommended forensic capabilities.
• The role that data protection software and vaulted backups play in feeding data to a clean room.
• How clean room speeds cyber response, reduces RTO, and lessens the risk of re-infection during the mitigation phase of an incident.

Discover Hyperproof: An Overview of Hyperproof’s AI-Powered Platform

Join Hyperproof’s demo session where we’ll explore how the platform empowers your team to streamline compliance operations, mitigate risks, and build trust with customers and stakeholders, with AI embedded across every workflow. This engaging session will dive into key product areas like Hyperproof’s controls module, risk module, and reporting, showcasing how Hyperproof AI provides a continuous, proactive assurance GRC engine built on intelligence and tailored to your business needs. Attendees will gain a comprehensive understanding of how the Hyperproof platform can increase compliance productivity, improve stakeholder visibility, and reduce time spent on manual processes like evidence collection and audit prep.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.

Workshop: Strengthening Identity & Access Management (IAM) in the Age of Zero Trust

As identity becomes the new security perimeter, robust IAM strategies are critical to protecting enterprise data and enabling secure digital transformation.
Join this interactive session to explore how leading CISOs are modernizing access controls, implementing adaptive authentication, and aligning IAM programs with Zero Trust frameworks.

Key takeaways:

• Building a unified identity strategy across hybrid environments

• Managing privileged access at scale

• Integrating IAM with automation and threat detection tools

• Lessons learned from real-world implementations

Whether you’re refining an existing IAM roadmap or starting fresh, this session will provide actionable insights to strengthen your organization’s identity security posture.

• Moving Beyond the traditional "Castle and Moat", organizations now use cloud services, SaaS applications, and have employees working from anywhere on any device. This means the attack surface is now everywhere.
• A Vendor-Neutral, technology first approach: vendor bias can significantly hinder a cybersecurity program. When a single vendor's solutions are adopted across the board, it can lead to vendor lock-in, limited flexibility, and a lack of best-of-breed solutions.
• Measuring & Maturing the program: To build a sustainable cybersecurity program, you can't just buy a product and call it a day. The program needs to be a continuous process of improvement.

With regulations tightening and data volumes growing, privacy is a moving target. This session covers the strategies and tools CISOs need to ensure sensitive data remains protected while meeting evolving compliance obligations.

Key Takeaways:

• Learn how to operationalise privacy across hybrid and multi-cloud environments.

• Gain insights into emerging regulatory trends and their security implications.

Surprisingly, the majority of breach-reasons today are NOT vulnerability-related, but rather caused by misconfiguration, application interfaces, supply chain or credential related security gaps.

Exposure Management is here to allow a strategy and process for addressing the reduction of risk over the entire attack surface.

This session will present a simple, pragmatic approach to implementing an Exposure Management strategy with minimal incremental investment while focusing on automation and validation.

This workshop explores how organisations can move beyond theoretical resilience frameworks to achieve measurable, outcome-driven cyber resilience. Participants will learn how to align resilience strategy with business objectives, quantify the value of resilience investments, and embed adaptability across people, processes, and technology. Through real-world examples and peer discussion, attendees will uncover practical methods to demonstrate tangible ROI from resilience initiatives.

Key Takeaways:

• Translating Strategy into Value: How to link cyber resilience efforts directly to business performance and risk reduction metrics.
• Measuring Resilience ROI: Practical approaches to quantify the financial and operational impact of resilience investments.
• Building Sustainable Resilience: Best practices for fostering a culture of adaptability that strengthens resilience across the enterprise.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.

Discover innovative solutions in action. Our partners will showcase their latest tools, technologies, and strategies designed to address real-world challenges and unlock new opportunities. This is your chance to see the possibilities first-hand, ask questions, and explore how these solutions could drive results for your organisation.