Most organizations now grapple with explosive growth in privileged non-human identities (NHIs)—from OS-scoped service accounts and SaaS tokens to RPA bots and agentic AI. Recent incidents show attackers bypassing humans entirely by abusing OAuth and app-to-app integrations to siphon data and cloud keys, underscoring how NHI compromise fuels supply-chain style breaches. This session reframes NHI security around practical lifecycle management and hard-won field lessons. We’ll cut through hype on AI agents to the real work: securing emerging protocols like MCP, tightening SaaS-to-SaaS grants, and balancing priorities between the emerging and legacy pain that still drives risk. Attendees leave with actionable architectures, governance patterns and controls that reduce NHI blast radius in imperfect, real-world conditions.

CISOs are exploring how to use AI to modernize security operations centers from agentic AI for incident response to workflow automation—but they must ensure security without amplifying risk.

The CISO role continues to increase in visibility and influence in the business, due to a dramatic expansion in scope over the last few years. However, compensation growth for CISOs has not kept pace with the changes in both scope and impact. Macro conditions have slowed the market down and a general lack of job movement has contributed to relatively meager gains in CISO compensation through 2025 compared to prior years. In this webinar, IANS Faculty Steve Martano and Senior Research Director Nick Kakolowski will explore the findings of the IANS and Artico CISO Compensation and Budget Survey to discuss the broader CISO hiring market. While they'll focus on unpacking the data on CISO compensation and anecdotal market trends behind that data, they'll use that data as an entry point into a conversation designed to help CISOs think about their own standing in the business, providing insights and strategies to continue to enhance their brand and the brand of their program.

Our research shows CISOs are consolidating tools into platforms and leaning on MSSPs, with nearly 70% using platforms and 68% relying on MSSPs.

Traditional approaches to TPRM are falling short, with most organizations still heavily relying on vendor questionnaires. However, vendors are more dynamic than a static assessment allows, making the current approach more of a check-the-box exercise for teams than an actionable roadmap for threat mitigation. To effectively manage third-party risk on a larger scale, it's important to adopt a layered approach that thoughtfully integrates automation and AI while relying on tangible evidence. In this symposium, IANS Faculty George Gerchow provides strategies to help move away from point-in-time, one-size-fits-all assessments to a place where risk is continuously visible, measurable and actionable.

How security leaders can address encryption risks, legacy systems, and regulatory pressure to better prepare for the Quantum Age.

Security leaders are navigating budget pressures in 2025 as new benchmark data shows investments in security software and services continue despite overall budget constraints.