Gartner Security & Risk Management Summit 2023 Recap

I attended The Gartner Security & Risk Management Summit 2023 in National Harbor a few weeks ago, along with nearly 5000 other security professionals and risk management leaders across the cybersecurity ecosystem.

It was informative, the energy was great, the sessions provided actionable insights, and AI was everywhere. 

Highlights included:

Day 1

The event started with an insightful opening keynote focused on debunking myths surrounding cybersecurity’s full value. The keynote highlighted the importance of adopting a minimum effective mindset and challenging misconceptions to deliver successful cybersecurity outcomes. Other sessions delved into the impact of CIO and CEO priorities on security leaders and the outlook for security operations in 2023.

The day’s key takeaways included the need for organizations to adapt to the evolving landscape of security operations and the challenges of maintaining an effective internal security operation center. 

Day 2

Day 2 was highlighted by a session on how to get people to care about security and risk, the importance of managing open-source supply chain risks in software development, and cost optimization techniques for security leaders facing economic headwinds.

The day’s key takeaways emphasized the need for organizations to prioritize cybersecurity costs and risk management, benchmark IT security spending, and make proactive decisions to improve security. 

Day 3

Day 3 highlights included how baby boomers Gen X, Y, and Z think about cybersecurity and providing proactive strategies for managing generational issues in the workforce, the need to manage AI trust, risk, and security, emphasizing the importance of collaboration between AI and security teams.

The day’s key takeaways included analyzing the nature of relationships with third parties and the importance of implementing mitigations if controls are insufficient. 

While I couldn’t attend every session, the ones I heard were informative, as Gartner Analysts highlighted the industry’s key challenges and made some predictions as to where things are headed.

It also wouldn’t be a Gartner conference without a new acronym as well! (I’m looking at you, ATMD!)

Some Key Takeaways for Me

AI Took Center Stage

The number of sessions centered around AI was amazing. There were at least ten that I tried to attend, and all were very well attended. From vendors showcasing their products or Gartner Analysts educating the market, there was no denying the buzz and interest around AI solutions.

Walking the Solutions Showcase floor highlighted how every vendor is trying to insert themselves into the Generative AI conversation, even if they do nothing more than a form of machine learning or adding a type of large language model (like ChatGPT)  to their tech stack. 

As an authoritative voice, the more Gartner can educate the industry on AI and what vendors actually do, the better. (Plug: If you’re a Gartner customer, check out the numerous write-ups on MixMode.)

Gartner analyst Mark Horvath’s session, “Don’t Let Your AI Control You: Manage AI Trust, Risk, and Security,” covered how AI could be compromised. It also introduced another acronym, AI TRiSM (AI trust, risk, and security management), that ensures AI model governance, trustworthiness, fairness, reliability, robustness, efficacy, and data protection.

The fact is that AI can definitely help detect advanced attacks and identify threats across the threat landscape. The more CISOs and enterprise organizations are educated on AI, the better. It will allow them to understand the limitations and the benefits of how it can help shape their organization, as not all AI is created equal.

Interesting Predictions

Gartner analyst Oscar Isaka kicked off his session with a great quote:

“Life is divided into three terms —that which was, which is, and which will be. Let us learn from the past to profit by the present, and from the present, to live better in the future.”

—William Wordsworth

This highlights the need for the industry to learn from the past to usher in a new era of cybersecurity. 

One of the key predictions is that by 2027, 50% of chief information security officers (CISOs) will adopt human-centric design practices in their cybersecurity programs to minimize operational friction and maximize control adoption. This approach focuses on designing security controls around individuals rather than technology or threats. It recognizes that employees play a crucial role in cybersecurity and aims to reduce the likelihood of risky behavior.

Additionally, the predictions emphasize the need for organizations to address the changing role of the CISO and the increasing visibility of cybersecurity on corporate boards. By 2025, nearly half of cybersecurity leaders are expected to change jobs due to work-related stressors, and by 2026, 70% of boards will include a member with cybersecurity expertise. Gartner advises CISOs to establish closer relationships with boards, promote cybersecurity as a business partner, and improve trust and support.

By embracing human-centric design, implementing zero-trust programs, leveraging privacy as a competitive advantage, and addressing the changing role of the CISO, organizations can better prepare themselves for the cybersecurity challenges that lie ahead.

SIEM will Not Die

Gartner VP Analyst Pete Shoard’s session, The Future of SIEM and the Evolution of Threat Detection, Investigation, and Response, began with another great quote:

“By this point, SIEM has died so many times, it is beginning to appear immortal.”

He spoke about how challengers like XDR have tried to take SIEM down and failed because, despite its shortcomings, organizations have made significant investments in their SIEM.

He also echoed what I’ve been saying since my MDR days: It does not matter what it is called. Organizations want to be protected and be able to detect threats, investigate those threats, and effectively respond to them.

One of his key takeaways was that SIEM platforms are, by definition, open. Customization and the associated development features are their core strength. 

While SIEMS have evolved, their fundamental flaws remain: The platform’s need for continual adjustment, endless data stores, and a tendency to create an overwhelming number of false positives is still not the best solution for detecting today’s sophisticated attacks.

(Check out our new eBook on Why SIEMs Alone Are Ineffective At Detecting Advanced Attacks.)  

Cloud Security Presents New Challenges

Cloud is still on top of everyone’s mind. Gartner analysts Patrick Hevesi and Charlie Winckless introduced “The Cloud Strategy Cookbook,” a comprehensive guide that provides organizations with the necessary ingredients to develop a successful cloud strategy.

They discussed some of the cookbook’s insights, including step-by-step instructions to help organizations align stakeholders, make informed decisions, and drive successful cloud implementations.

Security is a critical aspect of any cloud strategy, and the cookbook emphasizes the importance of aligning the cloud strategy with existing security strategies. It highlights the shared responsibility between organizations and cloud providers and emphasizes the need to secure data in cloud environments appropriately.

Cloud cybersecurity requires organizations to adapt their security practices to the unique characteristics and challenges of cloud computing, including shared responsibility models and dynamic scalability.

In Conclusion: 

Unfortunately, I could not attend many great sessions, and I’m still working through some of the content online. Kudos to Gartner for putting on a great conference!

If you’d like to learn more about The Effectiveness of Using AI in Cybersecurity, check out this blog, or reach out. We’d love to educate you on AI and MixMode!

Other MixMode Articles You Might Like

Understanding and Implementing Biden’s National Cybersecurity Strategy

Forbes Technology Council: Why Large Language Models (LLMs) Alone Won’t Save Cybersecurity

eBook: The Inefficiencies of Legacy Tools – Why SIEMs Alone Are Ineffective At Detecting Advanced Attacks

Unleashing the Power of Self-Supervised AI: Insights from 451 Research Report on MixMode’s Dynamic Threat Detection and Response

Verizon’s Annual Data Breach Incident Report (DBIR) Shines Spotlight on Ransomware Trends & Insider Threats

Aligning an Organization’s Attack Surface to Detection Surface is Key to Adversary Defense in Today’s Cloud Era