I had the incredible opportunity to attend the Gartner Security & Risk Management Summit 2023 in National Harbor, MD. Industry leaders, security professionals, and technology vendors gathered at the summit to discuss recent cybersecurity and IT risk management developments. After the event, I felt motivated and gained valuable insights to share with my colleagues. I am excited to incorporate these learnings into our organization’s security strategy.
The Gartner Security & Risk Management Summit
The Gartner Security & Risk Management Summit is an annual event that brings together leaders and experts in technology, security, and risk management. The summit has been taking place for over 20 years and is one of the most highly anticipated events in the industry. The summit aims to provide attendees with a comprehensive understanding of current trends, best practices, and emerging security and risk management technologies.
The summit features keynote speakers from various companies and sessions, workshops, and networking opportunities. One of the unique aspects of this event is its focus on actionable insights that attendees can use to improve their organization’s security posture.
The topics covered during the summit are designed to be relevant to professionals at all levels within their organizations. From CISOs to security analysts, there is something for everyone who attends this event.
The Importance of Attending the Summit for Professionals in the Field
Attending the Gartner Security & Risk Management Summit is crucial for professionals who want to stay ahead of emerging trends and technologies in security and risk management. By attending this event, you will learn from industry leaders about what works (and doesn’t work) when managing risk.
Additionally, attending this summit can help you stay up-to-date on regulatory changes that could impact your organization’s security posture. You’ll also have access to workshops where you’ll learn how other organizations have implemented new technologies or strategies successfully.
But perhaps most importantly, by attending this summit, you’ll have a chance to network with other professionals in your field. This could lead to valuable connections that benefit your career or future business endeavors.
Track A
Cybersecurity Leadership
Cybersecurity leaders must navigate economic uncertainty, distributed technology decisions, labor shortages, and an exponentially expanding attack surface. Learn how cybersecurity leaders can excel in their roles in the face of these mission-critical challenges.
Track B
Cyber and IT Risk Management
This track covers risks relevant to privacy, supply chains, and cybersecurity. Learn how to communicate value and correlate risk data to automate control monitoring and enable decision-making for the proper outcomes.
Track C
Infrastructure Security
Explore such concepts as practical zero-trust projects, vendor and product consolidation, cybersecurity mesh, and security infrastructure configuration management.
Track D
Application and Data Security
New technologies mean new threats and an increased attack surface, not all visible to the responsible teams. This track explores the latest developments, future roadmaps, and new approaches to traditional application and data security problems.
Track E
Cybersecurity Operations
This track helps security and risk management leaders increase business resilience through effective threat and exposure visibility, response planning, and risk prioritization for your organization.
Track F
Technical Insights for Security Practitioners
The Technical Insights track leverages Gartner for Technical Professionals research to deliver actionable, technical insights into the security best practices, methodologies, and tools your organization needs to ensure operational success. Learn how to successfully design, implement and operate security controls for the hybrid enterprise.
Track G
Cybersecurity Market Dynamics for Product Leaders
This track guides product leaders to simplify and reframe their current offerings to succeed in this evolution.
CISO Circle
The CISO Circle*
The CISO Circle curates Gartner’s best insight and guidance in highly interactive sessions, purpose-built to improve your performance against the four core components of CISO effectiveness: executive influence, future risk management, workforce architecture, and stress management. Join us to form valuable connections and accelerate your professional development. *Application required
Spotlight Track
Midsize Enterprise
This track is focused on providing pragmatic guidance and applying an adequate level of protection and risk management.
Diversity, Equity, and Inclusion
This track can guide you in incorporating diversity, equity, and inclusion into your strategy for building your cybersecurity workforce. It can also help address biases that may prevent the recruitment of a diverse range of talent in a field where resources are limited.
Favorite Sessions and Speakers
One of my favorite sessions was titled “Every Tool’s a Hammer” The speaker, Adam Savage, yes, from the Myth Busters! Adam delivered an uplifting and educational speech about his book “Every Tool’s a Hammer: Life Is What You Make It.” He offered valuable insights into his creative principles, making it an inspirational experience. Adam, who has over forty years of experience as a maker and a myth-buster, shared valuable lessons on achieving personal and professional success. His toolbox includes techniques such as distinguishing myths from reality, identifying sources of inspiration, and following through on ideas. He urges individuals to push their limits and transform their curiosities into creations.
Another session that stood out was “Shall We Play a Game? Gamifying Security Awareness” by Nandita Bery, Director, Information Security Equinix Corporation. The presentation was about how Equinix used Microsoft Office 365 tools to create different gamified learning modules and the impact those modules had on their organization. They also showed some of their most popular games and provided templates for others to create their own. Gamified learning was the presentation’s primary focus and has recently gained popularity.
Also, Deepwatch: AI: The Ultimate Weapon in the Battle for Information SecurityDavid Stoicescu, CISO, Deepwatch. The panel discussion will discuss how attackers increasingly use artificial intelligence and how you can enhance your team’s capabilities to stay ahead. You’ll also learn about the things to consider when evaluating AI-driven tools in the market and the best ways to reduce risk in your technology stack using AI.
Industry Trends and Takeaways
Throughout the summit, experts discussed a significant trend of increasing cyberattacks targeting businesses regardless of size and industry. They emphasized the importance of prioritizing security strategies and taking a proactive approach to mitigate potential risks.
Another central theme throughout the summit was using artificial intelligence and machine learning in cybersecurity. AI helps organizations detect security threats faster by using predictive analytics. It can also reduce operational costs by automating manual tasks and uncovering hidden patterns in data.
Trends:
The Cybersecurity Mesh: The Cybersecurity Mesh is an architecture that enables scalable, flexible, and dependable cybersecurity control. It establishes the security perimeter around a person’s or entity’s identity instead of being confined to a particular device or location. This approach is becoming more significant due to the growing trend towards remote work and cloud-based systems, which requires transitioning from infrastructure-based boundaries to identity-based boundaries.
Zero Trust Frameworks: The Zero Trust framework believes in not automatically trusting any user or system, even if they are within the network perimeter. As more people adopt Zero Trust frameworks, following the principle of least privilege has become more critical. This means limiting users’ access to only the permissions they need to do their job.
Cloud Security Posture Management: With the rise of multi-cloud and hybrid cloud strategies in organizations, managing identities has become more complex as the number of identities, including non-human entities such as bots, service accounts, and APIs, has increased. Therefore, a single identity security umbrella across environments has become essential. To address this, solutions must discover all existing identities and credentials and extend principles such as entitlements management, just-in-time privilege controls, and robust cloud auditing.
AI and Automation: AI and automation can improve PAM capabilities by identifying risks, enforcing consistent access controls, and simplifying auditing. However, to avoid potential risks, it is essential to have well-defined processes and controls. The utilization of AI and machine learning in cybersecurity is predicted to become more prevalent.
Behavioral Analytics and Predictive Risk Scoring: The upcoming PAM solutions will include additional security layers for privileged accounts, such as behavioral analytics to identify suspicious activity and predictive risk scoring, which uses AI and machine learning to signal possible threats.
Takeaways:
Simplicity Drives User Adoption: Gartner suggested that simplifying security is essential for getting users to adopt it. Due to the shortage of cybersecurity experts, Minimum Effective Insights must be used as indicators of security program success and Minimum Effective Toolsets to achieve desired results.
Role of Privileged Access Management (PAM) within the Cybersecurity Mesh: The Cybersecurity Mesh is a scalable, flexible, and reliable approach to cybersecurity control. It is based on a distributed architecture that has become increasingly important as more people work remotely and infrastructures move to the cloud. The focus of this approach is on identity perimeters rather than infrastructure-based perimeters. Managing privileged access is critical in reducing the risk of data breaches.
The intersection of PAM and Zero Trust frameworks: The Zero Trust approach assumes no system or user should be trusted without verification. As more organizations adopt Zero Trust frameworks, Privileged Access Management (PAM) becomes crucial in reducing potential hazards.
PAM and Cloud Security Posture Management: Managing access for non-human entities (like bots, service accounts, and APIs) is becoming increasingly important in cloud environments. As companies use multiple clouds and hybrid cloud strategies, having a single security system that covers all these environments becomes crucial.
AI and Automation’s Impact on Identity Security: Artificial intelligence (AI) and automation are growing in privileged access management (PAM). They are used to improve PAM capabilities, such as identifying potential risks, enforcing consistent access controls, and making auditing more efficient. However, some worry that these technologies can also be used for harmful purposes.
New Products and Solutions
Several innovative products and services were showcased at the event, but one solution piqued my interest was the Axonius. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies.
Impact on My Workplace and Industry
The insights and takeaways from the Gartner Security & Risk Management Summit 2023 will have a lasting impact on my workplace and the broader industry. As a Program and Engineering Manager, I am better equipped to advocate for adopting advanced security technologies and implementing a zero-trust architecture. I also plan to share the importance of fostering a resilient cybersecurity culture within our organization and educating employees about their role in maintaining a secure environment.
Conclusion
The Gartner Security & Risk Management Summit 2023 was invaluable, but my feet still hurt, the food and location were great, and the experience provided me with essential knowledge and insights to help strengthen my organization’s security posture.
The venue was great. Also, the Gaylord Resort is fantastic! National Harbor is a community in Prince George’s County, Maryland, near Washington, D.C. It’s known for its waterfront area, which features shops, restaurants, and various entertainment options. National Harbor is also home to the Gaylord National Resort & Convention Center, which often hosts significant events and conferences.
Key attractions include the Capital Wheel, a 180-foot observation wheel on the Potomac River with views of the surrounding area, and MGM National Harbor, a casino and resort. The harbor area also hosts various festivals and special events throughout the year.
I look forward to implementing these learnings and staying ahead in the ever-evolving world of cybersecurity.