Insider Risk Summit News

Featured

- Cybersecurity awards to recognize organizations and individuals using Insider Risk Management technology in innovative ways to protect IP, trade secrets and sensitive data

- Award entries open through December, 2021


MINNEAPOLIS — Sept. 15, 2021 – Today, the Insider Risk Summit team announced a call for entries for the first annual Insider Risk Excellence Awards. The cybersecurity awards recognize organizations and individuals who have implemented Insider Risk Management (IRM) solutions in innovative ways. They are protecting their IP and sensitive company data while supporting modern workforces to collaborate and elevate productivity without heavy-handed security measures hindering operations and legitimate work.

The Insider Risk Excellence Awards are open for submission and the call for award entries closes in December 2021. The award winners will be announced the week of Feb. 7, 2022. 

 

As cloud-based collaboration tools continue to rise in popularity within the enterprise, so have insider data theft and  leaks, which contribute to losses up to 20% of revenue annually. Research further highlights the breadth of the insider risk challenge – on average, organizations can attribute 13 data exposure events per day to each of their users. It’s no surprise when looking ahead that 59% of security leaders expect insider risks to increase in the next two years.

Organizations and security leaders who are acting in progressive ways to protect their source code, product plans, personnel and customer information are eligible for the Insider Risk Excellence Awards in the following categories:
 

  • Accelerator Award – for the organization driving notable decreases in insider risk, which could be reflected in improved insider risk detection and response time, fewer data exposure events per user, time to deploy an IRM solution or similar measures of success. 
  • Collaborator Award – for the organization that has best fostered a dynamic collaboration culture while protecting its valuable data.
  • Game-Changer Award – for the organization that has revolutionized its insider risk management program.
  • Insider Risk Practitioner of the Year – for an  individual who has cultivated a powerful insider risk management program for his or her organization.
  • Insider Risk CISO of the Year – for a security leader who has taken a progressive approach to insider risk management, leading his or her security team to new heights.

     

Submission details are here.


The Insider Risk Excellence Awards are being selected by a judging committee made up of security industry leaders from technology providers, advisory firms and channel organizations. The awards judges include:

  • John Boles, principal, cybersecurity, PwC 
  • Wendy Overton, director of cyber strategy and insider risk leader, Optiv 
  • Joe Payne, president and CEO, Code42 and chairman, Insider Risk Summit 

 

About The Insider Risk Summit

The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to  learn, interact and share best practices in the IRM space. More than just one moment in time – the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to www.insiderrisksummit.com or follow along on Twitter.

Summit Updates

Our special Spotlight Series continues with cybersecurity experts and Insider Risk leaders that are presenting at the upcoming 2021 Insider Risk Summit this September.

In this interview we spoke with Ted Keitzman, Product Marketing Manager II at Duo Security about his session “Leveraging Access Anomalies to Bolster Policy”.
 

What are the biggest takeaways you hope attendees walk away with following your session? 
 

Ted Keitzman - Data science and machine learning are terms employed all over the security industry. Sometimes it feels like they’re just tacked on to make things sound high tech. In this talk, I want folks to walk away feeling slightly more comfortable with the basics of data science in detection. I also want them to understand the benefits, and maybe more importantly, the limits of data science as well.

 

What do you think is the biggest misconception about Insider Risk?

I feel like most people are going to answer the same here, but the biggest misconception is that it’s productivity spying, or that risk software will be repurposed to monitor how many breaks a worker takes, or how fast they type. This is never the goal of a technology that is looking to address insider risk, it’s also (typically) never the goal of security analysts either. Security professionals are looking for real risk and malicious behavior, not counting up hourly efficiency.

 

What do you think is most exciting about the security industry today?

I think the IAM space is going through some fascinating changes. There are new authentication technologies gaining prevalence – like passwordless, but also continuous trusted access. Identity and access, rather than the network, have taken center stage in the security world and I think it will make for some very interesting developments in the next five years.

 

What area in security or business gets a lot of attention (funding, at a board level, etc.) but doesn't really have a meaningful impact on security posture or business outcomes?
 

This is not meant to be rude, but I’d say compliance gets an inordinate amount of focus. I get it, compliance *is* probably the most important driver for many of our customers. However, all compliance standards face the problem that a car does – as soon as you drive it off the lot, it begins depreciating in value. Risk and threats are more fluid and responsive than hard rules can sometimes cover. 

That being said, it is good when compliance dictates low hanging fruit controls like MFA. MFA is an evergreen control that should still be more widely adopted than it currently is!

 

What was your proudest moment as a security professional? Or, what was your most challenging moment? 

I haven’t worked as a practitioner, but on the vendor side, my proudest moments come when a customer implements our platform and feels the need to reach out and tell us how easy it was to get set up and running. Security shouldn’t be a blocker, and making it easy is key to make it successful.

Which 3 people, living or dead, would you invite to a dinner party? 

  1. Richard Feynman
  2. Joan of Arc
  3. Abraham Lincoln

 

Join us at the Insider Risk Summit

To hear Ted’s talk and earn CPEs; register now for free to join us and the rest of the Insider Risk Summit™ team at Insider Risk Summit 2021.

The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit.com or follow along on Twitter.
 

Our Spotlight Series continues as we move into September and we showcase additional cybersecurity experts and Insider Risk leaders presenting at 2021 Insider Risk Summit.
 

In this interview we spoke with Raman Kalyan, Director Product Marketing, Security at Microsoft about his session “Don’t delay in detecting and mitigating hidden insider risks!”. This interview has been lightly edited for clarity.
 

What are the biggest takeaways you hope attendees walk away with following your session? 

  • A SOC alone can’t address insider risks – you need to collaborate across other stakeholders in HR and Legal to create a program to address these risks effectively
  • Privacy must be a key consideration – be transparent and balance employee privacy while addressing the risk
  • Follow the data – given the millions of signals that are coming in every day, it’s important to leverage intelligence and machine learning to scale correlations and identify the risks, as human driven processes can’t keep up and aren’t always that accurate.
  • Don’t try and boil the ocean – focus on specific risks and get started
  • Leverage tech that purpose built for insider risks vs using an existing technology like DLP which is very transactional in nature and trying to address insider risks
     

What do you think is the biggest misconception about Insider Risk?

We know from our own experience that it’s hard to maintain trust without the right visibility, processes and control. However, the effort required to identify these risks and violations is not trivial. Think about the number of people accessing resources and communicating with each other, as well as the natural cycle of people entering and leaving the company. How do you quickly determine what is an intentional risk vs. an unintentional one at scale? And how do you achieve this level of visibility, while aligning to the cultural, legal and privacy requirements in which you operate? For example, truly malicious insiders do things such as intentionally stealing your intellectual property, turning off security controls or harassing others at work. But there are many more situations in which an insider might not even know they are causing a risk to the organization or violating your policies, like when they’re excited about something new they’re working on and send files or photos to tell others about it.

Ultimately, it’s important to see the activities and communications that occurred in the context of intent, in order to take the right course of action. The only way to do this efficiently and at scale is by leveraging intelligence and machine learning, as human driven processes can’t keep up and aren’t always that accurate. Furthermore, a holistic solution to this problem requires effective collaboration across security, HR and legal, as well as a balanced approach across privacy and risk management.

 

What do you think is most exciting about the security industry today?

All of the new technology that is coming that will allow us to reduce the risk and create a safer place for everyone on the planet.

 

What was your proudest moment as a security professional? Or, what was your most challenging moment? 

Being part of the team at Microsoft that brought Insider Risk Management to life from just an idea to a solution that is being leveraged by organizations worldwide to address insider risks at scale.

 

What is your motto in life? 

My life philosophy revolves around the fact that time is a resource which is truly mine to maximize. To this end I focus my life priorities in the following order:

  • Health – being both physically and mentally healthy
  • Family – being present with my family
  • Experiences – creating the memories with my family and friends that will last a lifetime
  • Career – be involved in initiatives that allow me to learn, grow and make an impact

 

Join us at the Insider Risk Summit

To hear Raman’s talk and earn CPEs; register now for free to join us and the rest of the Insider Risk Summit™ team at Insider Risk Summit 2021.

The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit.com or follow along on Twitter.

 

Our Spotlight Series continues with cybersecurity experts and Insider Risk leaders that are presenting at the upcoming 2021 Insider Risk Summit this September.

 

In this interview we connected with Derek Brink, VP & Research Fellow covering topics in Cybersecurity, Risk, IT GRC at Aberdeen Strategy and Research about his session “Understanding Your Insider Risk, and the Value of Your Intellectual Property”.
 

What are the biggest takeaways you hope attendees walk away with following your session? 

Derek Brink - There are two things that everyone involved in the security industry needs to start doing a better job at: 

  • Speaking correctly about risk, as risk is properly defined; and 
  • Quantifying risk, which doesn’t have to be “precise” – it just has to be useful, for making better-informed business decisions. 
     

What do you think is the biggest misconception about Insider Risk?

For the audience at the Insider Risk Summit, this may go without saying – but in the spirit of “speaking properly about risk,” it’s probably important to underscore the difference between insider threat and insider risk:

 

  • Insider threat refers to a specific type of actor (i.e., an authorized user) and their motives with respect to compromising your valuable data (i.e., malicious intent).
  • Insider risk refers to the likelihood and business impact of data loss or exposure, as a result of legitimate insider access – most often from simply carrying out their day-to-day activities (i.e., not with malicious intent).

 

What do you think is most exciting about the security industry today?

For me, the security industry has always been exciting, because it’s combination of time-tested principles on the one hand (e.g., confidentiality, integrity, availability, least privilege, and so on) – against the constantly, rapidly evolving context of disruptive technologies, and transformative business models on the other. 
 

There’s an old saying about the difference between having say 10 years of experience, and having 1 year of experience 10 times – and in the security industry, it’s definitely a dynamic and ever-changing experience!
 

What area in security or business gets a lot of attention (funding, at a board level, etc.) but doesn't really have a meaningful impact on security posture or business outcomes?

My sense is that this question is phrased to evoke a specific technology solution category – as in, “everyone’s spending big money on XXX, but it’s really not having a meaningful impact.” But rather than try to answer that, I’d like to highlight the more fundamental question: 

 

  • How are we making the connection between the security-related investments that are being made (people, processes, and technologies) ...
  • … and the ultimate value or business outcomes that these investments create?
     

Our problem is that as an industry, we are still striving to get better at making the connection between activities and outcomes. 
 

Personally, I’m not a big fan of asking for “$X, to improve our security posture from point A to point B on some qualitative or pseudo-quantitative scale.” Why? Because it’s not the strategic goal of the business to be at “point B” … because how do I know if going from point A to point B is worth the incremental cost … I could go on and on.
 

The reason we make these investments is to help the organization manage its security-related risks to an acceptable level. So again, it comes back to speaking properly about risk, and about quantifying risk – both before, and after, an incremental investment.

 

What was your proudest moment as a security professional? Or, what was your most challenging moment? 

As an analyst, my deepest admiration and respect goes to the security professionals who have the subject-matter expertise and hands-on skillsets to address the technical and operational aspects of security. I defer to them for the inspiring examples of pride, and challenge, in the profession! 

 

What’s the most important lesson you’ve learned in your career? 

Start simple, and add complexity if needed. 

More often than not, it’s not needed – because the “80/20 Rule” kicks in: 20% of the inputs drive 80% of the outputs. So learn to identify and focus on the “critical few,” rather than try to develop the “perfect” response.  

 

Join us at the Insider Risk Summit

To hear Derek’s talk and earn CPEs; register now for free to join us and the rest of the Insider Risk Summit™ team at Insider Risk Summit 2021.
 

The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit.com or follow along on Twitter.
 

We’re excited to continue our special Spotlight Series with cybersecurity experts and Insider Risk leaders that are presenting at the upcoming 2021 Insider Risk Summit this September.

In this interview we spoke with presenter Elsine Van Os, CEO at Signpost Six about her session “Departing employees opening the door to insider threats.”

What are the biggest takeaways you hope attendees walk away with following your session? 

Elsine Van Os - I hope it will become clear for the attendees, if it wasn’t already, that the risks from departing employees is a growing concern amidst an ongoing and growing war for talent and understand the ways in which these risks can materialise. This is not just through data theft but also sabotage or acts of violence. Insider risk management practices should incorporate tailored and long term employee retention schemes, measures across the whole employee life cycle, and the execution of strong offboarding procedures. One measure is easier to implement than others but even the simplest measures are often overlooked.

 

What do you think is the biggest misconception about Insider Risk?

I think it is changing but I still hear companies stating they are already doing ‘insider risk’. When peeling off the onion layers, it is hardly ever the case. Certainly many companies already do many things in the (cyber) security domain but insider risk really is a specific subject and profession that warrants additional action items from what companies are normally used to. I also don’t think insider risk should sit within the cyber realm. It’s a profession in its own right and incorporates all departments.

 

What do you think is most exciting about the security industry today?

Well I would revert back to insider risk here. It is most exciting that the subject is really becoming a profession now. This summit is an example of that. There are more and more vacancies coming up for insider risk managers and analysts. Companies really start to value this profession. It’s up to us now to help deliver these professionals and something Signpost Six focuses on with our training programmes.

 

What area in security or business gets a lot of attention (funding, at a board level, etc.) but doesn't really have a meaningful impact on security posture or business outcomes?

With security we have to be careful not to focus on detection and response only but dare to invest in preventative measures as well using more positive incentives. This means for security and other departments like HR to be joined at the hip.

 

What was your proudest moment as a security professional? Or, what was your most challenging moment? 

My proudest moment was also my most challenging moment. It is about overcoming challenges after all, which will make you grow. I’ve been actively seeking challenges throughout my career and can mention quite a few. Working in high threat environments like Afghanistan and Iraq was particularly challenging but my proudest moment was a totally different one. It was the production of the Snowden documentary. To produce a documentary on such a difficult subject, highly contested on all angles, getting highly informed and willing speakers and turning this into a meaningful product which now airs in many countries is something that’s taken an immense amount of time and hard work but was incredibly rewarding. 

 

What is your favorite podcast and why? 

The parcast podcast on ‘cults’ but also on espionage, con artists etc. It’s very well put together, has great depth and reviews a subject from many different angles. I particularly liked cults for this as it’s historic, societal, psychological, criminological, legal and more.

 

Join us at the Insider Risk Summit to hear Elsine’s talk and earn CPEs; register now for free to join us and the rest of the Insider Risk Summit™ team at Insider Risk Summit 2021.

The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit.com or follow along on Twitter.

We’re excited for this special Spotlight Series with cybersecurity experts and Insider Risk leaders that are presenting at the upcoming 2021 Insider Risk Summit this September.

 

In the first of many open and candid conversations with industry leaders, we sat down with speaker Andrew Hollister Deputy CISO and VP with LogRhythm who believes in “Paying it Forward” as a cornerstone to his approach in life and with the cybersecurity community.

 

We also explore Andrew’s session, “Security and the C-Suite: Evaluating the Influence of Security Leaders” planned for the Summit.   
 

What are the biggest takeaways you hope attendees walk away following your session? 

Andrew:
I hope attendees gain a better understanding of the importance of cyber security as a business risk that should be discussed and managed like any other business risk. In order for cyber risk to be successfully managed, it is critical that cyber security leaders are in direct communication with the CEO and board. Also, that we’re all in the same business -   trying to secure our organization’s assets from both external and internal threats - so let’s collaborate wherever possible to achieve success.

 

What do you think is the biggest misconception about Insider Risk?

I think this is all about intent. An insider may create risk because they don’t have the tools to do their job, or don’t know how to use those tools in the correct way, or they may knowingly bypass controls, in order to get the job done. This creates Insider Risk, but there is no malicious intent – on the contrary they are trying to do their job. This illustrates the importance of understanding behavior and that technology solutions alone can’t solve everything – you need to understand your business workflows, what the workflows are and interact with potentially very disparate departments in order to understand those things.

 

What do you think is most exciting about the security industry today?

The most exciting thing I see are the seeds of more collaboration and partnership between industry, cyber security vendors, as well as government. If we are to defeat the risks that every organization faces, we are better positioned to do that together. Information sharing, collaboration and cooperation will be critical as we seek to defeat the cyber security challenges ahead. 

 

What area in security or business gets a lot of attention but doesn't really have as much meaningful impact on security posture or business outcomes?

I’d have to say anything that gets attention when the basics of cyber security are not in place cannot have a meaningful impact on business outcomes. Do the basics first, then explore interesting or cutting-edge technology approaches. Without a solid foundation those things are doomed to fail before they get started.

 

What was your proudest moment as a security professional? Or, what was your most challenging moment? 

Being a security professional brings challenges all the time, and that’s probably the attraction of it for many practitioners – finding solutions to the most difficult challenges. It’s often making the call of how to manage a particular risk which brings the most challenging moments – i.e. must this risk be directly resolved immediately, is a compensating control sufficient, and if so, for what period of time is it sufficient.

 

What’s the most important lesson you’ve learned in your career? 

The most important lesson I’ve learned is to “pay things forward”. Helping others to be successful, freely offering time, expertise, or other assistance both creates a great team atmosphere and positions you for success when the day comes that you need to call on your colleagues for support - and come it certainly will!

 

Join us at the Insider Risk Summit

To hear Andrew’s talk and earn CPEs; register now for free to join us and the rest of the Insider Risk Summit™ team at Insider Risk Summit 2021.

The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit.com or follow along on Twitter.

MINNEAPOLIS--(BUSINESS WIRE)--Today, the Insider Risk Summit team announced the next wave of cybersecurity experts and industry advisors to the speaker lineup for the annual Insider Risk Summit 2021. New speakers to the roster include leaders from Accenture, Aberdeen, Deloitte, IDC and PwC. Joining the sponsorship list includes Carahsoft, CrowdStrike, CyberArk, Microsoft, Palo Alto Networks and Splunk.
 

Register here for the fully virtual, free-to-attend event.
 

The Insider Risk Summit is the industry’s leading conference on Insider Risk Management (IRM). IRM is a new data security movement for mitigating any data exposure event that jeopardizes the financial, reputational or operational well-being of a company, its employees, customers and partners.
 

Insider Risk Summit Featured Speakers
Some of the event’s additional featured sessions and speakers announced today include:

Advisory Panel: The Intersection of Insider Risk Management & Enterprise Risk Management –
How real-world challenges are influencing insider programs”

In an almost unprecedented joining of industry advisory and insider risk experts, John Boles with PwC, Henry Chan of Accenture Security and Michael Gelles with Deloitte, join Christina Richmond, the Program VP, Security Services from IDC to dive deep into the trenches in their session.
 

CISO Panel on Addressing Insider Risk
In this insightful CISO roundtable conversation from three distinct industries – security, technology and consulting, cybersecurity leader Rick Howard from The CyberWire moderates a candid and in-depth conversation with leading CISOs, Jeff Peal from SullivanCotter, Mike Johnson from Fastly and Jadee Hanson of Code42. They will discuss the latest headlines, the security implications of hybrid work, the great resignation, real insider experiences and solutions to the insider risk problem.
 

The Summit also features sessions by insider risk experts:
 

-Derek Brink, Vice President and Research Fellow, Aberdeen
‘Understanding Your Insider Risk, and the Value of Your Intellectual Property’

-Tim Briggs, Director Incident Response, CrowdStrike
‘Getting Started: Your Insider Risk Management Program’

-Samantha Humphries, Head of Security Strategy, EMEA, Exabeam
‘Building an Insider Threat Program from Scratch’

-Ananth Appathurai, SVP, Strategic Partnerships & Ecosystem
‘Customer-centric Insider Risk Management - It Takes an Ecosystem’

-Talhah Mir, Principal Program Manager, Microsoft
‘Don’t Delay in Detecting and Mitigating Hidden Insider Risks’

-Wendy Overton, Director of Cyber Strategy, Optiv
‘Moving from Insider Threat to Insider Risk: Shifting Focus in a Changing World’

-Matt Tarr, Solutions Architect, CyberArk
‘Automating Threat Response to Privileged Identities’

Additional speaker announcements will be made in the lead-up to the conference on the Insider Risk Summit event page.
 

Register Now and Earn CPE Credits
Insider Risk Summit attendees will have opportunities to network, take in product demos, host 1:1 meetings or attend educational sessions and discussions. Security practitioners attending the Summit are eligible to earn 20+ CPE credits.

This year again, the event expects to draw security professionals from across the globe world, including:

  • C-suite executives focused on information security, security, risk and compliance (CISO, CSO, CRO, CCO).
  • Security architects rethinking the security stack in the context of Zero Trust and SASE.
  • Insider Risk, insider threat or insider trust functional leaders.
  • Incident responders and security analysts.
  • HR and legal professionals involved in internal investigations and IP litigations.

To register and learn more about the Insider Risk Summit, visit insiderrisksummit.com.
 

About The Insider Risk Summit
The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time – the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to www.insiderrisksummit.com or follow along on Twitter.

August 3, 2021

Last month the Insider Risk Summit™ team announced the return of the Insider Risk Summit on Sept. 14-15. Today, the hosts of the summit – Code42, Exabeam, LogRhythm, Optiv, Securonix, Signpost Six and SumoLogic – are announcing the event’s headlining keynote speaker, Chris Krebs.

Krebs is a luminary in the infosec community who most recently served as the first director of the federal Cybersecurity and Infrastructure Security Agency (CISA), where he was famously fired via tweet for being too good at his job. Today, Krebs serves as a founding partner of the Krebs Stamos Group. In his keynote, he will discuss the challenges of securing sensitive intellectual property while enabling collaboration and prioritizing and scoping risk.
 

The Insider Risk Summit will bring together a community of security leaders and practitioners to address the escalating severity and impact of IP theft and data leaks at the hands of malicious, negligent and careless employees and users. Managing insider risk is a challenge made even more urgent in today’s highly-collaborative, cloud-enabled, borderless work environment where data is digital and on the move every day. During the two-day virtual event, attendees will explore new strategies for detecting and mitigating insider threats to data, holistically shifting organizational thinking about insider risk, and building a security-aware culture without standing in the way of employee productivity.
 

“The simple truth is that over 60% of employees admit that they took data from their last job specifically to help them in their current job. With millions of workers – equating to about 40% of employees – planning to switch jobs as we emerge from the pandemic, we expect corporate data to be acutely at risk during the coming months,” said Joe Payne, Code42 president and CEO. “The Insider Risk Summit is the best venue for the security community to hone their skills and networks to prepare for addressing the growing insider risk problem. We are thrilled that Chris Krebs will be sharing his unique insights with us during the Insider Risk Summit.”

 

Insider Risk Summit Featured Speakers

In addition to Krebs, the line-up of speakers for the Insider Risk Summit includes top tier cybersecurity and Insider Risk Management experts from consulting and research organizations as well as leading security and technology companies. The speakers will outline key takeaways from lessons learned during the past year as well as how to establish long-term, proactive strategies for managing Insider Risk. The Insider Risk Summit also will host insider risk practitioners who will share case studies on how they detect, investigate and respond to insider risk incidents. Some of the event’s featured speakers include:
 

  • Dr. Chase Cunningham, chief strategy officer for Ericom Software and retired Navy Chief Cryptologist, an influencer and evangelist for Zero Trust security models.
  • Paul Furtado, senior director analyst for Gartner®, who is responsible for providing insights into cybersecurity as it pertains to the midsize CIO.
  • John Kindervag, group fellow and senior vice president of cybersecurity strategy at ON2IT Cybersecurity, known as the creator of Zero Trust.
  • Joe Payne, president and CEO of Code42, an executive leader of high-growth security and technology companies with a passion for identifying and solving emerging market needs, and co-author of the book Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can’t Ignore.
  • Elsine van Os, founder and CEO of Signpost Six, a thought leader on insider risk with an educational and professional background in psychology and intelligence, and security.
     

Additional speaker announcements will be made in the lead-up to the conference.
 

Register Now

Insider Risk Summit attendees will have opportunities for networking, taking in product demos, hosting 1:1 meetings or attending educational sessions and discussions. This year again, the event expects to draw over 2,000 security professionals, including:
 

  • C-suite executives focused on Information security, security, risk and compliance (CISO, CSO, CRO, CCO)
  • Security architects rethinking the security stack in the context of Zero Trust and SASE
  • Insider Risk, insider threat or insider trust functional leaders
  • Incident responders and security analysts
  • HR and legal professionals involved in internal investigations and IP litigations
     

To register and learn more about the Insider Risk Summit, visit insiderrisksummit.com.
 

Earn CPE Credits

The Insider Risk Summit is an annual event held every September during Insider Threat Awareness month. Security practitioners attending the summit are eligible to earn CPE credits.
 

About the Insider Risk Community

Bringing together global practitioners, thought leaders and industry experts, the annual Insider Risk Summit provides a forum for CISOs, security practitioners, business leaders and industry experts to meet, learn, interact and share best practices in the Insider Risk Management (IRM) space.

The Insider Risk Summit is more than just one moment in time – it is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges.
 

Now Streaming: Code42 Live

This spring, Code42 launched Code42 Live – a series of live community discussion events to help solve the problem of insider risk. Recent guests have included Samantha Humphries and Chris Tillett from Exabeam, Elsine Van Os from Signpost Six, an Insider Risk Summit 2021 speaker, and Edward Amoroso from TAG Cyber.

To learn more and join the discussion, tune in for the next Code42 Live on August 10 for a conversation with Deloitte on what a mature Insider Risk Management program looks like.

August 3, 2021

Today, the Insider Risk Summit™ team announced the return of its annual cybersecurity event on Sept. 14-15. This year, Chris Krebs will headline as the keynote speaker on Sept. 14. Register now for the fully virtual, free-to-attend industry event that brings together security leaders and practitioners as well as leading security solution providers and industry analysts focused on preventing, detecting, investigating and responding to insider risk. The Insider Risk Summit is the industry's leading conference on Insider Risk Management (IRM). IRM is a new data security movement for mitigating any data exposure event – security, compliance or competitive in nature – that jeopardizes the financial, reputational or operational well-being of a company, its employees, customers and partners.
 

Krebs, a highly-respected cybersecurity authority who served as the first director of the federal Cybersecurity and Infrastructure Security Agency (CISA), will discuss the challenges of securing sensitive intellectual property while enabling collaboration and prioritizing and scoping risk during his keynote remarks. Today, Krebs serves as the founding partner of the Krebs Stamos Group.
 

Through the powerful networks of its hosts – Code42, Duo Security at Cisco, Exabeam, LogRhythm, Optiv, Securonix, Signpost Six and SumoLogic – this year's Insider Risk Summit brings together a community of security leaders and practitioners to discuss problems and solutions related to the escalating risk of insiders to company data.
 

This summit will focus on all aspects of insider risk including IP theft, intentional data leaks and non-malicious exfiltration actions. Managing insider risk is a challenge made even more urgent in today's highly-collaborative, cloud-enabled, borderless work environment where data is digital and on the move every day. During the event, attendees will explore new strategies for detecting and mitigating insider threats to data, holistically shifting organizational thinking about insider risk, and building a security-aware culture without standing in the way of employee productivity.
 

"The simple truth is that over 60% of employees admit that they took data from their last job specifically to help them in their current job. With millions of workers – equating to about 40% of employees – planning to switch jobs as we emerge from the pandemic, we expect corporate data to be acutely at risk during the coming months," said Joe Payne, Code42 president and CEO. "The Insider Risk Summit is the best venue for the security community to hone their skills and networks to prepare for addressing the growing insider risk problem. We are thrilled that Chris Krebs will be sharing his unique insights with us during the Insider Risk Summit."
 

Insider Risk Summit Featured Speakers
In addition to Krebs, the line-up of speakers for the Insider Risk Summit includes top-tier cybersecurity and IRM experts from consulting and research organizations as well as leading security and technology companies. The speakers will outline key takeaways from lessons learned during the past year as well as how to establish long-term, proactive strategies for managing insider risk. The Insider Risk Summit also will host insider risk practitioners who will share case studies on how they detect, investigate and respond to insider risk incidents. Some of the event's featured speakers include:
 

  • Dr. Chase Cunningham, chief strategy officer for Ericom Software and retired Navy Chief Cryptologist, an influencer and evangelist for Zero Trust security models.
  • Paul Furtado, senior director analyst for Gartner®, who is responsible for providing insights into cybersecurity as it pertains to the midsize CIO.
  • John Kindervag, group fellow and senior vice president of cybersecurity strategy at ON2IT Cybersecurity, known as the creator of Zero Trust.
  • Joe Payne, president and CEO of Code42, an executive leader of high-growth security and technology companies with a passion for identifying and solving emerging market needs, and co-author of the book Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can't Ignore.
  • Elsine van Os, founder and CEO of Signpost Six, a thought leader on insider risk with an educational and professional background in psychology and intelligence, and security.
     

Additional speaker announcements will be made in the lead-up to the conference.
 

Register Now
Insider Risk Summit attendees will have opportunities for networking, taking in product demos, hosting 1:1 meetings or attending educational sessions and discussions. This year again, the event expects to draw over 2,000 security professionals, including:
 

  • C-suite executives focused on Information security, security, risk and compliance (CISO, CSO, CRO, CCO).
  • Security architects rethinking the security stack in the context of Zero Trust and SASE.
  • Insider Risk, insider threat or insider trust functional leaders.
  • Incident responders and security analysts.
  • HR and legal professionals involved in internal investigations and IP litigations.
     

To register and learn more about the Insider Risk Summit, visit insiderrisksummit.com.
 

Earn CPE Credits
Security practitioners attending the summit are eligible to earn CPE credits. More details about the CPE program will be published on the Insider Risk Summit website.
 

About The Insider Risk Summit
The Insider Risk Summit, the industry's leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time – the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to www.insiderrisksummit.com or follow along on Twitter.

In 2020, Code42 – along with 10 co-sponsors, including Crowdstrike, Exabeam, Okta, Splunk and Sumo Logic – hosted the first annual Insider Risk Summit. It was a first of its kind, industry conference that honed in on really defining Insider Risk and bringing awareness to the scope of the problem. The conference also addressed the impact of Insider Risk on businesses as they managed fully-remote workforces reliant on cloud collaboration tools to maintain productivity in the wake of COVID-19. 

Today, Code42 is proud to share that the Insider Risk Summit is back. So, mark your calendars for September 14-15, 2021. This year, the event is focused on helping security teams rethink the way they build security resilience in the face of an evolving, collaborative workforce – for the next normal. It’s about taking everything we’ve learned from the past year and establishing long-term, proactive strategies for managing Insider RiskThe two-day virtual event will also explore new strategies for detecting and mitigating insider threats to data, shifting organizational thinking about insider risk holistically, and building a security aware culture.
 

The post-pandemic era brings with it challenges that no one working today has experienced. The rules of engagement are only being written now. Digital transformation, pushed to its limit in early 2020, is being put to the sustainability test as we redefine and evolve our understanding of the modern, borderless workplace. Yes, it’s remote, hybrid, collaborative and innovative, but it also must remain safe, secure and resilient. 

 

As security leaders and practitioners, we are faced with an opportunity to rethink risk and build resilience from the inside out. Join the conversation. Exchange ideas. Learn from pioneers and thought leaders who are as passionate about protecting their workplace as they are about enabling their workforce. 
 

This year’s Insider Risk Summit will feature content designed for senior business and security leaders, practitioners, and the security community. Attendees will earn CPE credits and hear from security leaders on the forefront of balancing innovation, collaboration, and security.  
 

About the Insider Risk Community

Bringing together global practitioners, thought leaders and industry experts, the annual Insider Risk Summit provides a forum for CISOs, security practitioners, business leaders and industry experts to meet, learn, interact and share best practices in the insider risk management space. 
 

The Insider Risk Summit is more than just one moment in time – it is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges.

Now streaming: Code42 Live

This spring, Code42 launched Code42 Live – a series of live community discussion events to help solve the problem of Insider Risk. Recent guests have included Greg Martin from Sumo Logic, Elsine Van Os from Signpost Six, an Insider Risk Summit 2020 speaker, and Edward Amoroso from Tag Cyber. 
 

To learn more and join the discussion, tune in for the next Code42 Live on June 22 for a conversation with Exabeam on insider risk event prioritization.