In two short weeks — September 12 and 13 — Forrester’s Security & Risk 2019 Forum takes place in Washington, D.C., and it might shock you to learn that this year’s theme is . . . hope? The truth is we think there’s a light at the end of the tunnel for security and risk pros. Now, if you want the Stephen King version of Pennywise by PowerPoint, there’s plenty of it out there elsewhere. But our research shows us things can get better, and that’s what we’ll focus on at our event. That’s not to say it’s easy; in fact, that’s the scariest part for sure. Better is possible, but it does require change and no shortcuts exist (though Zero Trust is as close to a cheat code as you will find).

I’m most excited to connect with clients face to face, learn more about what challenges they face, and see my fellow analysts present. This year, I collaborated with Chase Cunningham, Joseph Blankenship, and Amy DeMartine on two topics, respectively — reversing the self-inflicted cybersecurity staffing shortage, which J.B. will lead on September 12, and Amy’s session, “Secure What You Sell,” which will take place on September 13. Those two pieces of research were fantastic to work on throughout 2018 and 2019, and it’s exciting to unveil them in depth for our attendees.

But I’ve got a keynote as well, and when the research team discussed the event a few months ago, we decided I’d tackle the topic: “The Future Of Cybersecurity.” Now, those that work closely with me know that on a list of my strengths, you won’t find “impulse control” listed. So it isn’t surprising that my first reaction was: Challenge accepted. My second response was “What an honor!” and then at some point down the line came “Gulp, that’s a big topic.” But I’m lucky because I work with incredible people who get paid to think about this topic all day, every day . . . (and yes, we are hiring). While I’ll be alone on the stage (dun dun dun), I work with a group of colleagues that inspire me, challenge me, and enlighten me every day, and all that goes into what I’ll deliver on September 12 in “The Future Of Cybersecurity” track session.

Come to the event to get all the details, but here’s what’s been bouncing around my brain for the past few months:

  • Security and risk has to change the way it thinks about its core concepts. When the perimeter disappeared, it put all of our bedrock “security principles” on notice. If something like the perimeter can vanish, what else will change in a few years? I’ll explore this in depth in my session, which includes some new categories for practitioners to consider.
  • The proverb that a “general is always prepared to fight the last war” applies to us. It means that military leaders always use the lessons learned from a prior conflict, even when they don’t apply to the current engagement. I’m going to explore whether this mistake is happening all around us and how the changes over the next two to five years will force us to change our approach. And I promise this is the only military lingo I’ll use, so keep me honest!
  • Security and risk pros are the best positioned to help companies adapt to this future. The characteristics and behaviors common among security and risk pros will help companies overcome the challenging economic, geopolitical, cultural, and ethical headwinds they will encounter. This is a real “right time, right place” situation for security and risk pros, and we can’t afford to miss it.

Come to Security & Risk 2019 and connect with us. If you love this industry, take some time to geek out with people who will talk your ears off about any and all things security and risk. Pick our brains, share your lessons learned, and meet others facing — and overcoming — similar challenges. Come by my session on September 12 to find out how security and risk pros have the opportunity to shape the future of technology and business in ways we might have only dreamed of two years ago.