Security
& Risk

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

Proof of Concepts are a universal part of selecting and procuring a cybersecurity product and service…and one of the most misunderstood. This workshop will provide actionable advice on how to run a successful proof of concept that validates how the product and service will meet the needs of the security program while also reducing the time teams spend performing them. This session will provide detailed advice on how to:

• Identify when it’s time to run a proof of concept.
• Apply the right – and avoid the wrong – constraints.
• Develop meaningful success criteria.
• Reduce the amount of time spent on Proof of Concepts by up to 90%.

New in 2023, we have programmed several interactive sessions led by Forrester analysts. Each hour-long session features hands-on exercises that will equip you with the skills needed to lead change within your organization. ​No additional payment is required to attend. Sessions are first come, first served.

The SOC has reached the same tipping point that software development faced many years ago: It’s dealing with too much data (big data and log management), struggling to innovate and update monolithic software (detections and incident response processes), and lacking ownership beyond initial deployment (content management). Once the software world reached this point, it pivoted from building monolithic software based on a waterfall methodology to deploying microservices and agile. Security operations teams must make this same pivot to stay ahead of evolving threats through detection and response engineering. Join this session to start to structure a detection and response engineering practice. Learn how to: 

• Make the transition to agile in the SOC. 
• Leverage the detection and response development lifecycle (DR-DLC). 
• Build a process to train your team to write detection as code. 

Join us for a pre-conference reception where you can network with Forrester experts and industry peers who will be part of the ELE program throughout the event.

Start the day with a nourishing meal, the company of your fellow ELE participants, and an overview of the day ahead.

Welcome to Forrester’s Security & Risk 2023. This session will set the tone for the next two days of bold vision and actionable insight from Forrester.

Zero Trust is today’s de facto security strategy. But can we build Zero Trust into the world of tomorrow? Right now, organizations are designing Zero Trust into greenfield environments and retrofitting it into their legacy infrastructures. Optimizing Zero Trust for the dynamic, flexible requirements of the future will require that it be built into everything. In this talk, David Holmes will show how, in the future, everything will be Zero Trust by default. Attend this session to:

• Learn how to connect the pockets of Zero Trust in organizations today.
• Understand what needs to change for Zero Trust everywhere.

Navigating the barrage of new and evolving regulatory requirements makes compliance a constant uphill battle for security teams. This session will examine how security leaders are managing the latest changes and explore how they’re preparing for what’s on the horizon. Join this keynote session to learn:

• The consequences and risks associated with falling behind on regulation updates.
• Best practices to effectively manage and adapt to the speed of regulatory change for 2024 and beyond.

Increasingly stringent requirements, exclusions, and policy premium costs may appear as a trifecta of pain — but they’re really an opportunity. Security leaders can wield cyber insurance as a tool for security and risk management investment and maturing security program practices within your organization. This panel will examine how you can:

• Understand current common cybersecurity control requirements and anticipate future controls.
• Extract greater value from your cyber insurance policy and the insurance partner ecosystem.

Join your ELE peers to discover the essential strategies for assembling and leading a high-performing security team in today’s dynamic threat landscape. This lunch session with Jacobs Head of Security, Raj Badhwar and Forrester’s VP and Principal Analyst Jinan Budge will dive into the critical components of team building and leadership that every CISO needs to know. Learn how the team at Jacobs is tackling the business needs of today while taking the steps to build the security team of tomorrow. This session will cover: ​

• Identifying and attracting top cybersecurity talent that might otherwise be overlooked. ​
• How CISOs can nurture a collaborative security culture. ​
• How security teams can foster a more inclusive environment and community for all.

Contributing to revenue generation is always better than being a cost center, especially during a downturn. Today’s cybersecurity programs help win and retain business by aligning investment and implementing controls to meet the requirements of three key constituencies: customers, cyber insurers, and regulators. But security leaders often fail to adequately quantify — and evangelize — these contributions. This session will help security leaders drive growth and:

• Differentiate their organization’s products or services on trust.
• Measure security’s impact on customer acquisition activities.

From its humble network beginnings in 2009 to its current status as a model recognized and mandated by governments across the globe, Zero Trust is now a modern security architecture blueprint for enterprises. But senior executives are still used to projects with defined stop and start dates, and Zero Trust is an ongoing endeavor. This session will help security leaders anticipate this pushback and explain the next phase of their Zero Trust journey. Attend this talk to learn how to:

• Explain that deploying Zero Trust was just the starting point.
• Anticipate and adapt to Zero Trust fatigue in the C-suite.

Welcome to the highly anticipated Forrester Security And Risk Enterprise Leadership Award, the only assessment dedicated to recognizing excellence in security, privacy, and risk strategy, integral to building a trusted and resilient business.

In this session, we will announce the winner of this year’s award and hear how they continually build trust with customers, employees, and partners.

AI entered the cybersecurity lexicon as a buzzword. Years later, it is poised to change the way the enterprise operates and has overtaken the agenda of cybersecurity leaders. AI’s massive risk and incredible opportunity are forcing security leaders and their teams into a balancing act of enterprise enablement for a new, evolving, and complex technology. In this keynote, we will do a deep dive on the risks, threats, and opportunities AI brings. Attend this session to delve into how:

• Cybersecurity can be instrumental in securing the big bets your enterprise makes on AI.
• You can enable the business to use AI securely.
• AI will change the way security operates.
• Adversaries will leverage AI.
• You can encourage your security practitioners to question, adopt, and trust AI.

Enjoy this opportunity to further engage with peers met during the ELE program.

Modern and future fit technology organizations transform technology to support their organization’s business strategy. Those hoping to evolve from traditional to modern or future fit must adopt a technology strategy that enables adaptivity, creativity, and resilience — but they won’t get there unless the product security team embraces those principles, too. This session will discuss:

• What it means to be future fit — and what a product security team looks like in a modern tech or future fit tech organization.
• How to evolve your product security strategy from traditional to modern … and from modern to future fit.

In 2022, The White House Executive Order 14028 and Office of Management and Budget (OMB) memo OMB M-22-09 mandated that federal agencies adopt Zero Trust by 2024. Since then, federal agencies have rushed to learn about and implement Zero Trust architecture across their environments. Chris DeRusha, Federal Chief Information Security Officer and Deputy National Cyber Director will share why the federal government chose Zero Trust as its chosen security model, what it learned from the executive order, and how the implementation is going. Government and private sector security leaders should attend this session to learn:

• Why the US federal government chose Zero Trust as its de-facto security strategy.
• What government security leaders have learned so far, including pushback, obstacles, and wins.
• How organizations doing business with the federal government are also impacted.
• How to track progress in your own Zero Trust journey.

Sometimes cybersecurity talent strategies feel like a game of whack-a-mole or buzzword bingo, as security teams are forced to learn skills based on the latest and greatest acronym in the industry. CISOs need a talent strategy that factors in current skills, innovative technologies, and the time horizon available to cultivate these skills and avoid forcing practitioners to scramble through courses and certifications to fill gaps. This session will help security leaders:

• Develop training plans and career paths that challenge — and retain — top talent.
• Invest in the right resources for continual upskilling.

Hear the “behind the scenes” story of the Forrester Security & Risk Enterprise Leadership Award Winner and ask your questions about the journey that led to the award and the winner’s perspective on the road ahead.  

In recent years, authorities overseas have stepped up their game and innovated when it comes to cybersecurity regulation. Legislative and regulatory activity indicates the same will happen here, using European regulations as inspiration for US requirements. Staying up to speed on what happens in Europe on the regulatory front will better prepare security leaders and their programs to drive the investment and change management necessary to protect and grow revenue via compliance. This session will help you:

• Understand what elements of European regulations may find their way into US legislation.
• Learn from European security programs’ compliance and change management challenges.

Marketplace breaks are your chance to connect with sponsors and catch up with colleagues on the show floor.

Check out our Sponsor Spotlights to learn more about the next great solution for your team. See below for the list of spotlights during this time.

The age of AI is upon us, with the potential to upend and transform many existing markets. Identity and fraud are not immune to AI’s effects, whether it is AI-generated deepfakes launching social engineering attacks to evaluating real-time access data to identify anomalous identity activity. Managing identity and fraud in the age of AI will require a new mindset and strategy to ensure that the business remains protected while maintaining trust and seamless digital experiences for customers, employees, and partners. In this session, Merritt will review how:

• AI is influencing identity and fraud.
• Organizations should prepare to evolve their IAM programs to operate efficiently in the age of AI.

From Europe to the US and AP, the regulatory machine is spinning. Everybody agrees on the need to regulate AI, no one knows how to do it, and you are in charge of ensuring risks are under control. It will be a perilous and uncertain journey, but the opportunity to shape a trusted and ethical approach to AI is yours and the time is now. This session will: 

• Explore the upcoming principles and regulations that will define AI risk practices of the future. 

• Illustrate emerging best practices for building and executing AI governance frameworks. 
• Give you guidance on what to do next. 

AI entered the cybersecurity lexicon as a buzzword. Years later, it is poised to change the way the enterprise operates and has overtaken the agenda of cybersecurity leaders. AI’s massive risk and incredible opportunity are forcing security leaders and their teams into a balancing act of enterprise enablement for a new, evolving, and complex technology. In this keynote, we will do a deep dive on the risks, threats, and opportunities AI brings. Attend this session to delve into how:

• Cybersecurity can be instrumental in securing the big bets your enterprise makes on AI.
• You can enable the business to use AI securely.
• AI will change the way security operates.
• Adversaries will leverage AI.
• You can encourage your security practitioners to question, adopt, and trust AI.

Data loss prevention (DLP) features and capabilities are included in many security offerings, and DLP still exists as a standalone product. But it is also an approach that does not necessarily require the use of DLP technologies to achieve the outcome of enforcing DLP policies. Whether you are contemplating replacing your traditional DLP solution or deploying DLP capabilities for the first time, you are navigating a new technology landscape. In this session:

• Learn how a modern approach to DLP aligns with a Zero Trust approach.
• Examine considerations for your DLP roadmap for concerns like generative AI and insider threats.

The age of AI is upon us, with the potential to upend and transform many existing markets. Identity and fraud are not immune to AI’s effects, whether it is AI-generated deepfakes launching social engineering attacks to evaluating real-time access data to identify anomalous identity activity. Managing identity and fraud in the age of AI will require a new mindset and strategy to ensure that the business remains protected while maintaining trust and seamless digital experiences for customers, employees, and partners. In this session, Merritt will review how:

• AI is influencing identity and fraud.
• Organizations should prepare to evolve their IAM programs to operate efficiently in the age of AI.

From Europe to the US and AP, the regulatory machine is spinning. Everybody agrees on the need to regulate AI, no one knows how to do it, and you are in charge of ensuring risks are under control. It will be a perilous and uncertain journey, but the opportunity to shape a trusted and ethical approach to AI is yours and the time is now. This session will: 

• Explore the upcoming principles and regulations that will define AI risk practices of the future. 

• Illustrate emerging best practices for building and executing AI governance frameworks. 
• Give you guidance on what to do next. 

Diversity, Equity and Inclusion (“DEI”) are key concepts at the forefront of many corporations’ agendas today. The need for a more inclusive workspace is not new, but corporations are now recognizing trends in the correlation between a diverse/inclusive workspace and greater staff retention and productivity. This session provides an easy-to-follow pathway that helps get any company past the initial step (of what is often viewed unfavorably as ‘requisite diversity training’) and around the most common traps that stop companies from maintaining best practices.

• How to ‘jump right in’ and identify specific areas for program enhancement. Don’t get lost in the too-big picture!
• Learn the three key components of the employee lifecycle for DEI incorporation.
• Discover how a stronger DEI program can lead to team and company maturity.
• Recognize the most common traps: where attempts to be inclusive go wrong with most corporations.
• Act upon two things you can do to improve immediately/today.

Gone are the days when leaders stood in front of their followers and told them what matters. Modern leaders engage their teams to learn from them, and with them, what matters in business and for customers. But that can only happen with a more purposeful listening strategy. In this session, attendees will learn:   

• What listening is and why it plays the largest role in an organization’s approach to employee input.  
• How listening is a productive, rather than merely reactive, tool for improving the business.  
• Why successful leaders will be known as much for what they learned as what they said.  

Energy and engagement are finite resources that are essential to achieving business results. One of the challenges that organizations and leaders face is that these resources have been depleted for many of their employees due to a lack of strategies to refresh and sustain that energy. In this session, we will:

• Define “tired rock stars” — high-engagement contributors who are at risk of burning out.
• Guide leaders to see the tired rock stars in their ranks (including, possibly, themselves) and understand them more clearly.
• Share how leaders can sustainably earn excellence from their talent.

Compliance and avoiding lawsuits are no longer the primary driver behind enterprise accessibility statements. This panel will discuss the shift of firms citing that “attracting and retaining talent” as the top driver behind their accessibility commitments. During this session, we will discuss:

• The myths of providing accommodations, and how to manage an increasing number of requests from employees
• How companies are personalizing their employee value proposition at scale
• Why a “one size fits all” approach no longer works and how having a strong, accessible culture can be the difference between a productive employee base vs. an unsatisfied one.

A personal & professional journey that has seen this Product Leader succeed across multiple industries, geographies and at the intersection of technological & business disruption. In this fireside chat, Ash Mukherjee will discuss with Monica Carlesso how she has grown as leader by embracing curiosity and displayed grit to open to be constantly out of the comfort zone, yet has learnt how self-care is key to leadership and a sustainable growth. Modern leadership is about embracing change and dichotomies, both as strategic business levers but also to lead compassionately through massive societal changes and Monica will share her story with Ash.

During this session, we will discuss:

• A product leader’s journey across different industries and geographies, exploring challenges and implications

• How to overcome the bumps of a growth journey with curiosity, grit and self-care.