- Opening Keynote brought to you by Tines
Modernizing GRC: From Checkbox to Strategic Advantage
2pm GMT/9am EST
Speaker: Matt Muller, Field CISO, Tines
Between rising regulatory demands, evolving threats, and stretched security teams, it’s no surprise that organizations are rethinking how they approach GRC. But nearly one third (30%) still rank compliance as a top-three challenge.
In this session, explore the biggest sources of friction to maturing a GRC program, areas where GRC teams have leveraged orchestration and automation to make an immediate impact, and what the path forward looks like for proactively managing risk and compliance in high-regulation environments. Transform GRC from a checkbox into a strategic advantage.
Join this session to learn:
- Practical insights into reducing friction in GRC processes without adding headcount
- Real-world examples of how teams are using workflow automation to drive efficiency and resilience
- Actionable steps to align your GRC strategy with today’s regulatory environment and threat landscape
-
Briefing the Board: Communicating Cyber Risk to Executives and Stakeholders
2.45pm GMT/9.45pm EST
The pressure is on for CISOs to present a clear, compelling case for cybersecurity to senior leadership, the c-suite and board of directors.
CISOs must assess their company's risk appetite (e.g. what level of risk is the organization willing to accept to achieve its objectives?) and tailor their communication to demonstrate how cybersecurity initiatives fall within that appetite.
During this discussion, a panel of experts will cover what metrics matter most to the board, how to frame security investments in terms of business value and best practices for demonstrating the ROI of your security program.
By joining this session, you will leave with a clear understanding of how to build trust and credibility with key stakeholders.
Join this session to learn:
-
Strategies to assess your organization’s risk appetite and align to your risk and threat profile (critical asset, sensitive data, attack surface, threat intelligence reports…)
-
How to prepare and deliver effective briefings that resonate with non-technical audiences
-
How to translate this risk profile into business terms and actionable insights
-
Best practices for calculating and communicating the ROI of your security investments
-
Afternoon Keynote brought to you by Auditboard
Audit & Compliance in the Era of AI and Emerging Technology
4pm GMT/11am EST
Speaker: Mary Krzoska, Director of Product Marketing (Risk & Platform), AuditBoard
In an era of rapidly expanding regulations and a dynamic, complex risk environment, traditional approaches to IT audit and Governance, Risk, and Compliance (GRC) are proving insufficient. Many organizations grapple with outdated technologies and reactive, ad-hoc processes, leaving them vulnerable to data breaches, privacy violations and non-compliance.
This session will explore the transformative potential of emerging technologies, including AI, automated workflows and advanced data analytics.
We will delve into practical strategies for integrating these tools to build more effective, efficient, and forward-thinking IT audit and GRC programs, enabling teams to proactively address new challenges and safeguard their organizations.
-
Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI
Brought to you by Cobalt
4.45pm GMT/11.45am EST
The race to integrate generative AI has created a dangerous blind spot, expanding the digital attack surface with entirely new vulnerabilities. This new frontier demands we understand the difference between AI Security (protecting the system) vs AI Safety (ensuring responsible behavior).
Join our panel of industry experts, including veteran pentester Gisela Hinojosa, research lead at Cobalt. Gisela will share firsthand accounts from the front lines of AI pentesting, including tactics attackers use and the defensive strategies you can deploy.
Join this session to learn:
-
The critical differences between AI Security and AI Safety, and why you should address both
-
Real-world examples of how attackers exploit LLMs, including prompt injection and sensitive data disclosure
-
?Actionable advice for building a proactive security program
-
How to Stop the Third-Party Breach Epidemic Before It Hits You
6pm GMT/1pm EST
This year has seen numerous well-known brands suffer cyber-incidents as a result of attacks emanating from compromised third-party vendors. The litany of victims include airlines, retail giants, fashion brands, tech companies and manufacturers.
In many cases, attackers have targeted third-party suppliers with social engineering techniques which have been successful in enabling them access to high-value credentials.
The spate of recent attacks has seen significant operational disruption and loss of revenue for victims.
During this discussion, a panel of experts will analyze the lessons that can be taken from recent incidents and how third-party risk management strategies must evolve to keep pace with attackers' tactics.
Join this session to learn:
-
How social engineering has been leveraged to steal credentials from third-party IT providers in 2025
-
Why current third-party risk management strategies have fallen short in preventing these incidents
-
How third-party strategies need to evolve to protect organizations from tactics deployed by groups like Scattered Spider