Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Veam: CISO Panel: Cyber Resilience & Security Budget Realities

Veeam
07/06/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Thank you everybody for joining this afternoon, we have an awesome panel today of industry leading CISOs. We're going to talk about some best practices, we're going to tell some war stories, I promise you this will be very interesting, engaging content that you're not going to hear too many other places. So with that, let's start with some introductions here to our panel members. I'll do a quick intro to myself, Bill Siegel, CEO and co-founder of CoWare by Veeam. John, what should we go next? John Staniforth, I'm a former CISO of Royal Mail, been a CISO for about 20 years. Thank you John. Gil. Yeah, CISO of Veeam, I've been here five years and before that I was in financial services for about six years, US government before that. Thank you Gil. Kevin. Hey, good morning everybody. I'm Kevin Gowan, I'm the CISO at Synovus Financial. We're a large regional bank in the Southeastern US. And Colin. Yeah, Lee. You can call me Lee. So I'm the CISO for Catholic Education Western Australia, so all the way from Perth, WA. I've been there 16 years, so a long time. Wow. All right gentlemen, let's dive right into it. One of the areas that we constantly see tension in is the ability to get the tools you need to secure your environment and whether or not those tools fall within your allocable budget in a given period of time. And so, listen, everyone has smart teams, right? Your teams know what you need to do your job safely, how to secure your environment. And when one of those tools that the team thinks that they need isn't available to them, it's plain as day, right? So how do you handle situations where you're not able to get the exact thing that you want and you know that your team wants and you're pretty sure your organization needs, but you've got to make that decision. And also you've got to communicate that decision to your team who might be frustrated. Lee, let's start with you. Yeah. Well, being education and not-for-profit, we talk about finances, we're very, very restricted, I guess, in a term of I can't generate more money. The only way we get more money is more students and there's no way to increase that in a short time frame. So I can use the example of we've rolled into Veeam Data Cloud to protect our Office 365 infrastructure. So it's over 90,000 users, over a petabyte of data. It's a big field, but to get there, whether it was Veeam or when we went out to market to have a look what was there, it's an expensive cost, right? So immediately cost is going to be one of the barriers for us to go through. Our organization, Catholic Education, we're there to deliver quality Catholic education to our students. We're not there to deliver IT. So when we take that to the board, we really have to have the conversation around why we would need this over hiring another teacher or getting some teacher assistants in there. So they're the barriers that we have to face. We have those conversations with the board and with our community and then with my team, depending what the answer is, to really show that what's important. So for this, in this example, obviously protecting our sensitive and student data is very important to the board. It aligns to their strategy. So that's how we got through. But what we did to soften that blow was ensure we hired someone to come in and do a bit of efficiency work on our Microsoft Azure platform. And with some cost savings, we went and said, look, we need some money. I don't need it all. I've been able to save a little bit. So how about we can work through this way? Thank you, Lee. Kevin, maybe follow up from your perspective on the U.S. side dealing with a heavily regulated industry as well. Yeah. I have a bit of an advantage in that being in financial services, highly regulated. So there's always a focus on regulatory requirements. And you can leverage that to a degree. The challenge is if you're only doing things as defined by regulators, you're missing the bigger picture of what you're trying to do within your security program. So there's a little bit of that balance of the must-do and the really things we should do. Probably the biggest focus for us when we're having those discussions with the rest of the executive team in the boardroom is from a risk management perspective, because ultimately it's a business discussion when you're contending for funds. So why are we doing this? What does this mean in terms of risk to the business? What does it mean in terms of business impact? And we also try to make sure that's a continuity. So we're talking about things over time and in roadmaps and how we prioritize things and how we're managing risk, as opposed to just a random, I need money for this, and I need money for this, and I need money for this. Because then you drive yourself to feeling like a cost. So it's trying to bring some business context to it. I think if I could just jump in here, there's some commonality between smaller underfunded organizations and large financial services organizations that have resources to do more. But it really all begins with understanding what your needs are and doing that introspective assessment of your controls so that you can prioritize really what you need. And in a world where everything's a priority and nothing is, so DRMM, NIST Cybersecurity Framework, assessing your gaps will really go a long way into determining where you need to spend your money, but also help you to justify where to make those investments. And I think that's probably one of the last things I would say. We obviously, you know, the title of this session is our Cyber Resilience, so a little bit of personal resilience. It's okay to go and maybe you don't get the funding you need the first time, you need to have that personal resilience with you and your team to say, great, what do we need to do? So is it go do the DRMM, have a look to say, hey, now I can better articulate why and why this is the most important thing. I'm going to ask a follow-up question to John. As you can see here, John was the former CISO of Royal Mail. When a CISO is looking at a new job, right, and I've seen this a lot with the customers that we work with. We get a great relationship with the company and the CISO and they end up moving on to another company. And there is a, what I would imagine, and I'm curious to hear your perspective on this, a deep need to underwrite a prospective new company that you're going to work for's ability to fund the security budget. But as a job applicant, essentially, how do you approach that with potentially limited leverage to get information about the resources you're going to need to be successful or are you going to walk into a situation where you're essentially set up for failure? How do you approach that, John? Because I've done this with quite a few companies, I suppose I've developed my own method which is really understand why that company wants to now focus on cyber. So in Royal Mail, it was a 500-year-old company. They were trying to move into sort of the digital world from sort of physical movement of parcels where literally somebody put a parcel into a postbox in Scotland and it would turn up in London and nobody actually knew how because it was just sorted through. So for that organization, it was finding out what's the journey you're trying to undertake, why do you care now about cyber, and how important is it on your scale? I think then it's a case of quite often the board or the non-execs are sort of also focused on big companies or even private equity companies are focused on we need to protect our revenue, but they don't actually understand the difference between that concept of I don't want any cyber incidents and then reality of how much money that might cost them and how much time. So that goes back to that sort of the risk management. So if ransomware is your thing and you've identified the 20 or 30 key controls you need for ransomware, you may only be able to deploy some of them a piece at a time over several years. You've got to manage that situation with the exec team and go, even if you gave me $50 million today, I couldn't spend it in a year. It takes time to put in a platform, your backups, you've got to identify your key applications. So I tend to use what's the business need for compliance, what's it need to operate and what's it need to make its revenue. And if you take those three and use the horrible word crown jewels, then where those three sort of circles intersect on a Venn diagram is where you start. And how far do you go in terms of, let's say you hear all the right things, we're going to make this big investment. At the end of the day, your employment contract probably isn't going to list those things out and no schedule at the end. So how far do you go to try and get those assurances? 20 years ago, I was grateful to get a security job. I think many of us were. We were like, hey, we've given a job. I'm a bit more picky now. So after I've had a job offer, I'll quite often have another conversation with the hiring managers before I actually make a final decision. So I'll try and find out about the culture, attitude, et cetera. So I've got a bit more picky as I got older and more experienced, but not all of us get that chance. And sometimes that's where you see sort of CISOs hop into a company and within six months Yeah. And Bill, you made a great point in your keynote about the culture of security in a company. And I think when you're going through a selection process or an interview process, you can really gauge what that security culture is by just talking to the right people. And that, I think, goes a long way in assuring that you might be stepping into a role that you could actually get some stuff done. You can get a sense pretty quickly of whether it's taken seriously at all levels of the company, right? Or is it that's an operational thing. You go take care of that. Make sure there are no incidents. Make sure nothing happens. The level of discussion, the quality of the discussions, and the access you have to the rest of the executive team and to the board, right? Are they asking you questions independently? Is there actual meaningful dialogue? Is it treated as an actual risk to the enterprise? Or is it just viewed as an operational thing that you guys do whatever you do? And sometimes part of your role coming in is you might have had the hiring manager and a couple of others talk to you in that way. But part of your job is to help sell it and explain it to others. So with my teams, your first point is it's quite often explained to the security and technology teams. You know, the CFO came to be an accountant. They didn't come to be a security person. They had a marketing came to sell things and do marketing. So our job is to educate them. And that's a learning curve in itself, I think. All right. Next topic here is dealing with transparency and communicating both tactical and strategic shifts in your investments and or your security strategy and how and when to communicate those things broadly to the IT organization. I'm going to tell a quick fun war story today to tell you about the absolute wrong way to do it in a micro instance, which is I, I'm not going to name the company's name, but it was big. It was global. They had tens of thousands of endpoints. They got hit with ransomware. Every single computer was encrypted and they needed to decrypt every single computer. Now, when you run a decryption process, a box pops up on the screen and it's pretty clear what's going on inside that box. They were like, we don't want our users to know if they happen to be looking at the screen, what's happening. Can you obfuscate it or in some way change the UI of the dialogue box while it's running? And I literally, on the phone call, looked at them and I said, you must think your own employees are idiots. They don't already know what's going on here. So absolute wrong way to do it. So let's talk a little bit about how we communicate and how we deal with transparency. Gil, why don't we start with you? Yeah. I mean, big secret. The way to be transparent is to be transparent, right? It's a bit of a different situation here at Veeam. We are a resilience company. The culture of security here is incredible. We've got top down support from the CEO, the COO, the board, everyone gets it. But it wasn't always that way. So my approach to transparency is bringing our user community and our contractors and whoever accesses our IT systems along for the ride. And we do that through training, awareness, education. When there's an incident, we share what we can. There's some privileged communications that you can't share. But the idea is to make sure that they're along for the ride, they understand the value of what it is we're doing, especially when we're changing the controls environment, right? We've all worked at places where things change in terms of the way you access systems or MFA gets quickly introduced, but you're not told why. So I think the best practice there is to bring those users along for the ride, explain to them what the threat is, how it's changing, how our controls have to change to match it, and make them part of the solution. Lee, what's your perspective here? Yeah. I like the terms, the transparency, but radical transparency. So we're a little bit unique. Like all organizations, I have the board and I have executive that we present to. We quite often, so at least once a quarter, we'll go through the roadmap with them, make sure we're on track. We do a three-year security roadmap. Obviously, year one, the year that you're currently in, is pretty good. Year three is made up and will always change, but that's how it is. But we do like to say, hey, these are the things we're thinking of as we move forward. What I also do is, once a quarter, present that back to our IT managers at our schools. So as Catholic Education, I have 162 schools. About 50 of those have permanent IT managers that look after those sites. So while they don't directly report to me, they all use our system and the system we provide them, they have the access that we give them. They deserve to be along that journey, that transparency. We want to show them the same roadmaps, and when they change, we want to explain to them why. Obviously, AI, AI is everywhere, but when we shifted a few things around to say, hey, we really need to focus on data security, posture management right now, because we want to be able to enable AI, we need to do it safely on our data. So by doing that, we said, hey, these things now that we said we're going to do in quarter two, 2025 or now, we're going to push that back a quarter because we're going to really focus on how do we implement the CSBM and how do we work with you to ensure it's safe. So I guess for me, I'm looking in two directions to make sure we're bringing our wider team, so not just the IT team, but those IT managers along, as well as the board. So trying to be as transparent both ways as I can. John? Yeah, I'm fully involved with both. I think a lot of people see cyber and information securities like a black art. And so basically, if you're not transparent with people, it really upsets them. So just saying, wear a seatbelt on your car with no explanation of actually it could save your life, it could save your children, it can actually help you, that explanation I think goes a long way. So I was in one organisation, I used to pay 50 pounds as I travel around the world to anyone who challenged the security policy, so we could actually get that interaction. Felly, gallwn gael y cysylltiad hwnnw, ymdrechion creadigol a helpu pobl i ddeall pam. Weithiau, fe wnaethon ni newid y ymdrechion, oherwydd roedd yn gweithio, roedd yn ffordd ddiddorol roeddwn i wedi ei ysgrifennu, neu nad oedd y cyfrifiadur yn dod ymlaen'n iawn. Kevin, a ydych chi'n ddod o hyd i'r sefydliad cyferol a yw'n hawd iawn neu'n anodd i weithredu'r tasg hon? Mae'n hawdd iawn yn y cyfnod bywyd ynghylch, ond mae'n ddiweddar i fod yn anodd os ydych chi'n ymddangos y bydd angen i ni wneud hyn oherwydd. Rwy'n credu y peth mwy bwysig, ac mae'r cwmni i gyd wedi ei ymddangos, yw bod angen i bobl rhoi cynllun o ran wnaeth hyn ddiddorol yn eu cyfnodau. Mae'n hawdd iawn i siarad yn ein cyfnodau, neu'n cyfnodau'r rheoliwr. Rwy'n ei wneud oherwydd maen nhw'n dweud hynny, ac rwy'n credu y bydd y sefydliad yma ar ôl i'r holl bethau hyn, ac rhaid i ni ddeall eu hunain ar gyfer ein hunain, mae'n rhaid i'n aelodau'n deall eu hunain er mwyn eu rhoi'r un sylwad hwnnw. Ac rwy'n credu dyna sut rydych chi'n cymryd, yn effeithiol, y cyfnodau busnes i'r bobl rydych chi'n cefnogi. Rwy'n yma i'w helpu. Dydw i ddim yn y Deyrnas Unedig. Dydw i ddim yn y tîm ymgyrchu'r wybodaeth. Rydyn ni'n ceisio gallu'r hyn rydych chi'n ei wneud, a dyma pam mae'r hyn rydyn ni'n siarad am ei wneud, mae'n helpu i chi wneud hynny. Ac rwy'n credu bod hynny'n agor llawer o'r dŵr hynny, ond mae'n cymryd amser. Dyna'r cyfrifiad. Ac rwy'n credu sylwadau targedu. Felly, rwy'n ceisio dysgu defnyddwyr sylwadau targedu am ymgyrchu. Pam maen nhw'n meddwl? Ac rwy'n credu bod rhai o'r ddysgwyr diwylliannol yn ymgyrchu a phethau wedi bod, yn erbyn pob sylwad i bob person. Ie, felly, un enghraifft da i'n ddiwylliannol yw, rydych chi'n gwybod, mewn addysg, mae codiadau QR wedi cael eu gweld fel y dŵr mwyaf hyfforddiol erioed am y 10 mlynedd diwethaf. Wel, ar hyn o bryd, yn enwedig y flwyddyn hwn, Cwishing, felly gweithio gyda codiadau QR, mae addysg yn y dŵr mwyaf hyfforddiol. Rydyn ni'n gweld hynny drwy ymlaen i bob le. Felly, mae angen i chi fynd yn ôl a dweud, na fyddwch chi'n rhaid i chi fod yn gwybod o hynny, ond mae angen i chi hefyd dysgu'ch myfyrwyr nawr, oherwydd rydych chi wedi treulio 10 mlynedd yn dweud iddynt, hei, edrychwch ar yr holl codiadau QR, sganiwch popeth, mae'n dda. Felly, mae'r cyfathrebu ar y ffordd i lawr i gael y myfyrwyr i wneud y peth iawn i'r myfyrwyr hefyd. Mae codiadau QR yn cael rhywbeth amdano, iawn? Mae'n ddiddorol i'r enghraifft. Nid yw'n gysylltiad, mae'n codiadau QR, felly mae'n rhaid iddyn nhw fod yn ddiogel, iawn? Iawn, gallwn fynd i'r sleid nesaf yma. Mewn gwirionedd, os ydych chi'n mynd yn ôl un ar y Q&A. Felly, rydyn ni'n mynd i siarad ychydig am ymgyrchu newid. Ac mae hyn yn ffordd gwych i'w dylunio gyda pam. Rydw i wedi'i gysylltu â llawer o sefydliadau gwahanol sy'n ymwneud â rhoi MFA. Felly, mae hwn yn trafnidiaeth gwirioneddol o drafnidiaeth gyda'r dynion dda lle rydyn ni'n ymwneud â'r arian cyntaf. Ac yna, mae'r un o'r gofynnydd yna, mae hyn yn ymwneud â'r hyn rydyn ni'n ei ysgrifennu fel ychydig o arian cyntaf. Rydyn ni'n ymdrechu nad oes gennym unrhyw beth amdanyn nhw a byddwn ni ddim yn mynd i'w gafael. Ac rydyn ni'n gwybod beth maen nhw'n mynd i'w ddweud nesaf, sy'n ymgyrchu beth maen nhw'n mynd i'w wneud os nad ydyn nhw'n mynd i'w gafael. Ac roedd hwn wedi cael ddewis addas a rydyn ni wedi'i rhoi mewn gwirionedd yma, sy'n ymwneud â'r arian cyntaf sy'n mynd trwy e-bwriadau unigol y CEO a gafodd yr un lle roedd y CEO yn dweud, dewis y MFA hyfforddiol hwn o'r cwmpwter fy hun, mae'n mynd i'w gafael. Ac roedd hynny'n ymwneud â rhan fawr o'r cenedlaeth ymgyrchu. Felly mae Steve Jobs yn dweud, ysgrifennwch gyda pam. Wel, dyma pam. Felly pan ydych chi'n ceisio cyfathrebu gweithredu newid, yn enwedig gweithredu newid sy'n mynd i'r afael â'r busnes, ond mae'n rhaid i ni fod yn dda gyda'r afael â hyn. Rydyn ni'n gwneud penderfyniad gwybod bod y cyfathredu y mae'n rhaid i chi fynd i'w gafael, 30 eiliad arall, yn werth y rhwydwaith a'r risg dramatig rydyn ni'n mynd i'w gwneud trwy gweithredu beth bynnag yw'r cyfathredu cymdeithasol. Ond, yn amlwg, mewn sefydliadau fawr, allwch chi ddod â phobl i mewn i ddweud, dwi'n gwybod bod hyn yn anodd, ond byddwch chi'n mynd i'w gwneud. Felly, sut wnaethoch chi wneud hyn yn gyffredinol, yn enwedig o fewn sefydliadau fawr? Lee, dechreuwch gyda chi. Ie, yn ôl i'r ffordd rydyn ni'n gweithio gyda'r ysgolion sy'n rheoli cyfathredu, mae'n ffordd da iawn i roi'r adroddiad, i gael y prosifau i roi'r adroddiad i chi. Felly, byddwn ni'n defnyddio MFA fel enghraifft. Rydyn ni'n cael 14,000 o ddysgwyr yno. Nid yw'n ffordd i mi gysylltu â nhw i gyd, ac os oeddwn i'n ei wneud, nid ydyn nhw'n mynd i ddysgu fy enw. Felly, y ffordd rydyn ni'n ei wneud â'r ysgolion yno oedd ymgyrchu'r principiaid yn gyntaf. Rydw i'n cael y bobl sy'n lefel mawr, rydw i'n cael y bobl IT, ac yna rhoi i bawb y dyddiadau y bydd eu sefydliad yn cael eu trafod drosodd, ac yna sefydlu'r ysgolion ychydig lle, os oedd ganddyn nhw ddynion IT, gallant gael y ysgolion, hei, dyna beth rydyn ni'n mynd i'w wneud, neu gallwn ei wneud. Rhai o'r pethau rydyn ni hefyd wedi'u paratoi yw ceisio deall sut y bydd y myfyrwyr yn defnyddio, sut y byddai'n effeithio iddyn nhw, mewn gwirionedd, yn y ystafell. Oherwydd, effeithio iddyn nhw mewn amser ymyrraeth eu hunain neu yma yw wahanol. Felly, rydyn ni wedi ymgyrchu pethau, beth yw'r pethau T0 sy'n mynd i'w gofyn am MFA bob tro. Mewn gwirionedd, nid ydyn nhw'n mynd i'w defnyddio yn ystafell. Wel, dyna'n iawn. Felly, mae'r MFA arbennig, bydd hynny'n iawn. Byddant yn cael eu dyddiadau 15 dyddiadau cyn i'r hoffi. Dyna'n dda i fynd. Gwybod hynny, beth yw'r nesaf? Rydyn ni'n dod i'r union a dweud, hei, rydyn ni'n mynd i wneud hyn. Mae'n ddefnyddio'r myfyrwyr eu hunain, yn ddefnyddio'r myfyrwyr. A oes gennych unrhyw ddiddordeb? Ac maen nhw'n dweud, nid, rydyn ni'n meddwl ei fod yn dda. Felly, rydyn ni'n gofio'r bas hwnnw hefyd. Felly, cyn i ni fynd i'r gymuned i ddweud, dyma beth rydyn ni'n ei wneud a pam, rydyn ni'n gwneud yn siŵr bod pawb sy'n mynd i'w ddefnyddio gael y mae'r unig wybodaeth ysgrifenniad cyllid yn mynd drwodd, os oedd yn union neu'r hyn sydd ar gael eu hunain ar y ysgol. Ie, mae'r hyn yn ffurios iawn i mi. Rwy'n credu, yn y byd rydyn ni'n byw heddiw, mae'n anhygoel i fi y byddwn, rwy'n golygu, mae hwn yn gysylltiad diweddar, iawn, felly mae hyn wedi digwydd ddim yn aml yn ôl gyda'r CEO yn ceisio, rydych chi'n gwybod, yn ymwneud ag eich tîm eu hunain, y controlau, a'u cael mewn broblemau. Rwy'n meddwl ei fod yn anhygoel bod unrhyw un yn dal i gael yr ystod gyda'r ffordd rydyn ni wedi'i adroddi ar y cyfnodau hyn dros amser. Mae'r hyn yn thretau bywydol i'r cymdeithasau, ac nid oedd cyfnodau CIO yn dod i'w swyddau oherwydd eu bod yn ddym. Iawn, maen nhw'n bobl ddiddorol iawn, maen nhw'n CIO cymdeithas. Mae'n rhaid iddyn nhw ddeall hyn, maen nhw'n ei wneud. Rwy'n meddwl, weithiau mae gennych ychydig o ddiddorol a hyrwyddo sy'n cynnwys y math hwn o beth i ddigwydd, ond mae'n rhaid i chi gael siaradwyr ddiddorol gyda nhw, a dim ond, efallai, ysgrifennu i'r ffyrdd yn y tîm McLaren Jacket yma. Dydyn ni ddim yn rhoi breiciau ar y McLaren i wneud ei ddigwyddau'n hir. Rydyn ni'n rhoi breiciau ar y McLaren i wneud ei ddigwyddau'n hir. Felly dyna pam mae'n rhaid i ni rannu'r adroddiad gyda'r CIO. Mae'n rhaid iddyn nhw ddeall bod llawer o bethau ddiddorol sy'n gallu digwydd os nad ydyn ni'n cymdeithas ar y ddiddorol a'r hyrwyddo sy'n rhaid i ni fod yn cymdeithas. A gallai ymdrechion i'r cymdeithas a efallai i eraill. Ie, mae'n adroddiad ac rydw i'n mynd i ddysgu hyn ychydig. Oherwydd dydw i ddim yn dweud i chi pa mor ffyrdd rydych chi'n mynd allan ar gyfer sgopi'n gyffredin ar ddigwydd ac mae'r CIO yn dweud Bil, Bil, a allwch chi dod i mewn am fewn munud dwi eisiau siarad â chi ac maen nhw'n dweud gwrando, gallant ddod i mewn yn fy e-bwriad rydych chi'n gwybod mae'n iawn ond rydych chi'n dweud oh, dwi'n gwybod fel felly, yn dweud i nhw yw hyn edrychwch efallai ydych chi'n siarad rwy'n siŵr yw'r holl ar gyfer ond y cynnwys o'ch cyfrifiad personol mae'n potensial mynd i fod yn y papur ie, New York Times dwi'n dweud eisiau sicrhau Kevin saying you need to do this right it's here's why this is a risk to your organization here's why it's a risk to our whole industry here's the kind of things people are doing here's you know here's where your program is here's some thoughts on what you ought to be doing that's that supports it but also gives the message this is not just one person's opinion on why this is a risk I think also the sort of the training and readiness for an event right if you're not doing training and readiness on handling an event then you're really behind the curve you've got to bring in the non-technical people so that they can understand what their role is going to be whether that's legal your media folks you know your finance team just folks that you wouldn't ordinarily bring into it an IT outage those people need to understand exactly what's going to happen on the worst day of their life when there's a breach at their company and helping them understand their role in that process I think could also help them understand a little bit more about the threat and remind them that they don't ever want to be in a real incident like for real yeah John it's a tricky balance between trying to scare people into action versus injecting that right amount of paranoia that you hope just sticks for a little while to just to give them some perspective and change their behavior right yeah so pick up on actually how I address that one is I have a one pager for each executive officer and in training back to targeted I have a one to one conversation with each one way before the incidents and that's normally when they start to ask the yeah but could this really happen or what does that mean because when execs are in the same room they don't actually want to give up ground in front of each other because bluntly they're all their senior and they're all sort of fighting for their territory their budget etc so you start having those one to ones and I said brief them yeah you're chief marketing you own the clients you own all client comms during the cyber crisis I can't do that for you yep what are two very big clients maybe US government I'll jump on the call for but other than that I'm not owning that as a CSO and that starts to really help that accountability and they start to get real and then give them some live examples I had 100,000 people in a company and just said to the head of HR how are you going to pay them if the HR system goes down forget whether it's a cyber incident it might just be a an outage massive SAP platform how are you going to pay everyone she didn't know so we got there the CFO together and said well we'll rerun the payroll via the bank but those conversations start to make it feel more realistic I think yep yeah there's a there's a you know the threat actors use it which is the emotion of shame which is a very powerful emotion and we can use the sort of specter of that like listen you put in your company for executives in these sorts of cyber extortion incidents with a recent uptick in swatting against the executives and their family you're potentially putting yourself and your family at risk by doing this like don't let this this thing that I'm trying to do be the reason that your wife gets a bouquet of funeral flowers from the threat actor which we've seen before right it's going to terrify her and your children and they're going to be like dad how'd you put us in this situation right don't let that happen all right let's talk a little bit about we've got about 15-18 minutes left here bridging the gap between technical understanding of what is going to occur during an incident and the non-technical executive understanding of what is going to occur right classic situation we talked about this yesterday you know non-technical business executive that looked at a PowerPoint presentation or something along the way and said RTO 15 minutes so that means the maximum any bad time can be is 15 minutes and I can take a coffee break and we'll be back up and running by then which we all know is not reality these things are extremely nuanced they're extremely complex so Kevin starting with you how have you found over your career to be a constructive way to bridge that gap so that the first time it's realized isn't during an incident yeah yeah it's certainly education awareness and a thing to John's comments right you've got to you've got to help them understand what that moment is actually like not what's on paper not what you saw on someone's website right it's here's the reality so we do frequent exercises but more than just the high level you know check a few boxes so you can say you did an exercise to actually get people immersed in it and with our board as well so we did a ransomware exercise both with our executive team so they could understand the internal impacts and some of the the things you talked about right the HR person understanding payroll system is down yeah right what does that mean for you the salespeople what does it mean when you can't get to your customer relationship management platform all those things and also for the board try to help them understand both the reality of what an event's going to be like in terms of scope and impact and time and also what their role is and what their role isn't right yeah you know we're not going to be asking you to make the decisions you're not going to be being called every five minutes you're so you need to understand your critical role and what it is and you need to understand there's some things you're going to hear about because management's made decisions but there's just a lot of investment in time in helping people understand what the actual event is going to be like and to get feedback on it and we learned a lot of things every time we do tabletops we get and exercises we get feedback we find things we need to change things we might not have understood the business impact so that's the biggest piece and we put a real focus on that yeah I think the war gaming is you know it's really important for for companies that can pull those off and bringing in that broader team as part of that that exercise and making it as real for them as possible and you discover all kinds of interesting things when people are under stress even in a simulated environment suddenly your CEO and your CFO realize that oh my god we're not making the right investment here maybe it's time to relook at the way we're funding this program but I think I think the initial the initial idea here the thing that works best in my experience is bringing those folks along for the ride like I said before giving them access and insight into the deliberations that are going to happen on a real on a real weekend when the you-know-what hits the fan and bringing in folks with outside expertise who've been through this with a lot of clients folks like your organization and others to to challenge you more right it's really easy to do your own exercises your own exercises and satisfy yourself, and you haven't really put the bar in the right and satisfy yourself and you haven't really put place. Bringing in someone else to help you learn, understand, critique what you've done, I think is a really critical piece. Yeah. And then they'll come. And if you have someone that's professional facilitating a tabletop, they can design these injects to bring up a specific conversation that you really want to have. And if you do it yourself in a scripted way, it's very difficult sometimes to confront those issues that really need to be confronted. Yeah, absolutely. I can tell you the worst tabletops, and I've sat in on them, I won't facilitate them, but I've sat in on them, are the ones that are so heavily scripted and spoon-fed that it is literally like watching, you know, like, bing, bing, bing, bing, bing, bing, bing, bing, bing. It's a waste of time. 45 minutes later, everyone pats themselves on the back and leaves, and we'll do it again next year. And it's like, you guys have just given yourself this horrible false sense of security. You have practiced nothing. The best ones, like Gil mentioned, you're designing injects not only to raise a certain point that you know is an issue, but it is designed to create a conversation between members of the organization that aren't naturally going to interact with each other on their day-to-day, but will have to during an incident. And the most rewarding thing that I see during incidents is you see people further down the food chain often connect. And they're like, oh, we've never met before. And they work together on an incident, they have fun, they talk about an issue, and now you're like, those two are going to work together well. They're going to talk about the issue ad hoc, outside of meetings and plan things, and they're going to take initiative on their own. And if you do that across the organization, you've created this fabric that is now going to come together and work way better during an incident than if you hadn't brought them together to create those natural relationships. Lee, any perspective on this before we jump in? Yeah, we talk about tabletops a lot. What we've found recently is a few of our executive members have changed. We actually had an external person come in and redo our BCP planning. And that was really interesting because the executives and the people they brought in for each vertical, I guess, for everyone to understand what really is important and what their expected time for either downtime, or if we lose this, what does it mean? And you know, we're education. A school can teach without internet for a certain amount of time. But really to get them to understand what is important has really helped us launch those conversations and that thought process. Because you had a lot of people in there that were new people that had just assumed everything's IT. We use IT to access this, so it must be an IT problem. Well, no, no, this is you. But then to take that into a tabletop now where they're not coming in completely blind, they now understand their role a little bit more. Like I said, it wasn't set up to do that particularly, but once I started to see the conversations happening in that BCP, I was like, man, this is going to make our tabletop exercises much more enriched because their thinking is in the right space. Yeah. All right, John, let's talk a little bit about your first-hand experience. We can go to the next slide, the last slide here. So John had an incredible experience. I'm sure if you'd use the word incredible. But for us on the outside looking in, it was quite a remarkable incident to have a first-hand view on. What I'm curious about early on is the first day zero to day two, day three, when you're just getting your arms around impact, which can be one of the hardest things to do, especially in a large organization. You obviously can't move forward until you know what's happened and how to deal with it. Give us a sense of what that was like during the incident that you went through, and maybe give the audience a sense if they don't know what that incident was as well. Yeah. So quick background. Royal Mail, you may have heard of if you've watched the TV. Oldest postal organization in the world. Part of our business that looks after sorting parcels to send internationally runs lots and lots of sorting equipment. So I think in feet it's nearly a million square foot environment with about three miles of pulleys and conveyor belts that do parcel sorting to multiple countries. Six hundred and thirty thousand parcels a day leave the UK, and basically there's on average two or three days of storage because obviously you want everything moving all the time. We went down for only six weeks. So on the first day, a lot of it was, what's the actual problem? The ransomware, the business just saw machinery stop working. So they ran their IT function, their engineering function, thinking it's just another sort of machinery fault. They dialed in. The guy, it was early in the morning, saw his AD server looking like files were being encrypted, locked it down. So he thought, got in his car and started driving to work. It was about an hour's drive in. Meanwhile, while he's driving in, the local machines wake up and start spitting out a ransomware note on the local printers, and one of the members of staff photographs it and puts it on Twitter. In parallel with this, I get a phone call saying from one of my colleagues what is going on, and I've just been on conference calls since early in the morning, so I'm in between calls. Haven't you read your email? And basically somebody had reused one of our crisis management emails from some industrial action to basically try and call a meeting, and it was a subsidiary part of the organization, not the call. So that sort of kicked off. So four phone calls later, I get the phone number of the site director. I have 1,500 sites, so of course I don't know everybody in the company. So COO worked down the chain, get the phone number of the guy on site and saying what's going on. That's when the Twitter thing happened. Because we're regulated, it's a private company, but regulated by the government, we had MPs, the privacy regulator, various others, clients all ringing up asking what was going on. And of course you've got your data privacy person saying, well, is there any client data involved, any customer data involved? And so you're in this journey of discovery. And to your point, by the time you've tried to pull out a network diagram, figured out if IT have ever maintained a network diagram, because we all know that stuff's really fun to maintain, it's too late. So literally I was just saying to technology, just cut off those sites. So every site that was international had an OT network. Some of them had a corporate network. We didn't know where the bridging was. So basically it was just shut them down. To your point about getting other functions involved, we'd already, unfortunately, had some sort of data breach warnings and some other crisis management things in the past. So legal compliance, privacy were all on the phone. I just said, start finding out, is anyone contacting us for the contact centers, our social media accounts? At that point we'd had no direct inbound contact apart from the notes. So that's sort of the framework. So total chaos. So total chaos. Yeah, I spent two days actually in the same meeting room set off. It was in London. I used to live about 300 miles north. So two days of closed, lived in this meeting room for two days without leaving it, got food delivered, and on the second night got an Uber down to the local site, which was at Heathrow Airport. And I think I lived there for about seven weeks before I got home. So somebody went and bought me clothes and various other things going on. Carbs work though. So one of the lessons learned is my team ramped up to 200 people. I tend to have a wicked sense of humor. So lots of chocolate, lots of pizza, lots of carbs, and just using that to sort of give people sort of a sugar boost at certain points in the day. Well, this is a good question, actually. I want to stop you on that. How did, you know, one of the things we talk about is your labor quickly becomes your scarcest resource. How did you, you know, obviously this is going to be a big long-held incident. You know that, right? How did you approach not just destroying your teams physically so that they could persist through what is going to be a week's long effort? Yeah, so luckily back to your very early question, I had already prioritized response over anything else, over other controls, because I had such a big program to address. So I called out my retainer company to our normal sort of retainer response. We had lots of outsourcing, so I was able to leverage not just the security but also IT outsourcing to start with. And with my own team, I'll be honest, I run pretty much 48 hours no sleep. A couple of my managers did the same, and everyone else I put on to 12-hour shifts, and then this happened on a Thursday. By the Monday, I went back to sort of normal shifts, so about eight hours at a time. I ramped to 200 people in about three days. I had to put in physical people on the doors to search everyone's bags. There were 2,000 people in the site. The site director's saying, what do I do with these people? They can't sort parcels. We had the wider business, 100,000 people, plus everyone from the board through. So probably 70% of my time was on comms, which was my biggest surprise as a CISO. So I was working 18-hour days with 70% of my time just on managing the comms across everybody, consistent messaging. Then you've got the people that want to find out the what and the why from the executive team down, and the reality is our most important thing was moving parcels. So back to the business mission, what was important was shifting parcels because both the storage, but also that was our service. The CFO had already had previous discussions, and he'd said if there was ever an incident, we'd true up later with our customers, so we'd still take parcels in. Individual consumers would pay at the counter like normal, but big businesses would just shove the parcels in if we had outages, and then we'd true up afterwards. So we'd had some of those sort of discussions that you mentioned. Yeah, it's good of you to have those relationships. That's not what Colonial Pipeline did, by the way. No, you're right. Little tricks that I've pre-did, and this is lessons learned over 20 years, is I pre-agree with the CFO and legal that I can sign contracts as long as they're not multi-year, and I can avoid the normal PO process because I don't know what it's like in the States, but most companies I've worked in, the PO process is horrific and can take days if not weeks or months. All spend went to one cost center, so even hiring warehouses, trucks, extra. Since, don't forget, we had to ramp the business side, which I wasn't involved in, so I have my business colleagues, to your point, own. Well, if you need 2,000 extra people to start sorting parcels manually, then that's up to you. The most well-prepared organizations for something that you had to suffer through are the ones that do what you did. They pre-position assets, capabilities. They've got relationships with outside counsel because trying to struggle through a contract with an outside law firm in the midst of an incident is just going to be nearly impossible. Having retainer IR firms, like you mentioned. Having someone like Coveware ready to negotiate on your behalf. All that stuff you can do before you have an incident, and it'll pay off huge dividends in the middle of a stressful night. Exactly, and back to money. A lot of that stuff isn't necessarily high cost, so paying for a retainer, doing some of those things, might be cheaper than buying a new DEDR, and at least you're saying, well, I can respond to the fire if we're lucky to have it in the new circumstances. Exactly. Lee, you've been through some incidents as well. Curious about your perspective. Yeah, so I guess for me, some highlighted points. When we've had a data breach, we found that we really had a weakness when we ran tabletops. We ran tabletops, the executive team knew what they were doing, the HR team, everyone in the office. I said we have about 14,000 teachers. The office is really only 400 people, so those 400 people were pretty clear on what to do, but that's not where the incident is. When the incident is at a school, the principal who is effectively acting as the CEO of that site, they're the face to the parents, and the parents are our customers. They're the ones that bring their kids there. Now, without them being in our tabletops, without having to organize that, we realized that there's a big gap there. There are expectations for updates. In the issue that we had, we were pretty lucky. We were able to find it, and within the first four hours, everything was locked down, and we were able to find out what it was and start the investigation, but a true investigation takes time, and they were expecting updates. Oh, have you got an update today? Can we close this? Can we tell the parents it's all done, see you later? No, and yes, we've told them that this is the potential data that has been lost. Okay, cool, but can we close it now? No, because we've still got to do that. That was a really large gap where we thought we had everything covered. You look at a tabletop, and you get the people in the room. We had the right people, but we didn't understand the right people in our organization from that view, so we've changed that now, and that's how we're trying to move forward that way. Yeah, it's a good perspective also of why good advice is important because you have to put your resources towards things that actually can help, and one of the things I've heard lawyers and crisis comms and myself personally is you are going to get outrage as the response to any communication you get. Capital One informed like half a billion people in 48 hours. Outrage. Change Health took them months. Outrage. Same response, so it doesn't matter, right? So you might as well, like, don't worry about it. You can't win that one. Put those resources towards what you can win, which is a key customer, or doing something to scale your recovery side. We have just like one or two minutes left. Any questions we can answer? No, so basically, we stretched the negotiation for about three weeks as part of our strategy, and then basically, once we were comfortable, we had the files we cared about, we understood what they would release publicly, and we went through that process. We had lots of decision trees about paying or not paying. We decided not to pay. Yes? How long did it take you to become normal again? So parcels for the customers was back up in six weeks. yn ôl y tu hwnnw yn ddwy flynedd, ond nid o ran y gweithgaredd byth, roedd y cyhoeddiad cyhoeddus yn cymryd y rhan fwyaf o flynyddoedd. Ffraint, dyma Monica Mistreta o'r ddinas Meges, gyda'r cyhoeddus. Fy cwestiwn yw, a oes gennych chi ddim yn ysgrifennu unrhyw beth am awdurdodau, awdurdodau trwyddiol? Nid ydych chi'n eu rhannu? Oherwydd roeddech chi'n ysgrifennu unrhyw beth am rhannu rhywun o ffyrdd i'ch cyfrifiadau? Dyna'r hyn rydych chi'n ei ysgrifennu. Ond nid ydych chi'n ysgrifennu awdurdodau. A ydyn nhw'n bwysig? Rwy'n credu bod awdurdodau'n bwysig. Mae gennym ddefnyddiad cyntaf, ddefnyddiad cyntaf, ddefnyddiad cyntaf. a'r swydd hwnnw yw rhoi cyfrifiadau i sefydliadau cyfrifiadau cyntaf ac maen nhw'n adroddi'n ddiwylliannol Ond hefyd, rydyn ni'n rhoi y rhaglen cyntaf neu elementau'r rhaglen. Rwy'n ei wneud yn y chwarth chwarth y flwyddyn diwethaf ac roeddwn i'n rhoi adroddiadau'n ddiwylliannol i'r bwrd hefyd. Felly mae cyfrifiadau cyntaf. Ac yna mae ein rheolwyr yn dod i mewn Mae cyfrifiadau cyntaf yn ei trinio gydag unawr mewn barn annweithiol a gwneud peth yn rhaid i nhw d backgrounds Cerddoriaeth unwaith i unwaith cael eu dyddi whol o sut Ac mae ail rhaid i mi droi rhai gyntaf bod gael fy mini gwrth imi yn faesiad ag eich tebyg Diolch yn fawr. Rydym ni'n deall rydym ni'n gwneud ymgyrchau cyflawni Mae'n ymddygiadol mae'r teamau IT yn ddim yn dda iawn gyda'r actorau felly, sut gwneithon ni gael cyflawni cyflawni cyffredin sy'n ymddiogol oherwydd yr hyn y dywedodd chi fel un go iawn, dyna'r hyn rydyn ni'n cael gyda'n rhan, rydym ni'n gwneud rhan o'r llyfrgell a'r atgofion a dywedodd chi bod hynny'n rhywbeth y gallwch ei wneud, felly, gallaf gwneud hyn I think, you know if you've got the resources any of the big four firms or any cybersecurity firm will gladly take your money to help facilitate, design and run a tabletop exercise I've also seen near peers in certain industries provide that service to each other just as a matter of courtesy so there are a lot of interesting ways to get to that point but as Bill mentioned the idea of having an outsider there injecting interesting injects into the conversation it's invaluable and it leads to all kinds of good conclusions in my experience I would add the content is out there it's not so proprietary that you can't find it from your peers the other thing I would add is break it down into smaller chunks you don't have to do a full day exercise full day exercises are super disruptive people have day jobs do an exercise for an hour and a half or two hours on a very small specific area and do that every quarter that does two things not only can you focus on it a little more the burden of creating the content is lower because maybe five or six slides but more importantly I think you develop a we're going to do this regularly everybody gets in the rhythm of we need to practice this and then you organically come up with ideas of things to practice and it's not a whole like wow who's going to prepare it this year because the reality is it's not that much it's not that big of a burden to actually prepare for it. We'll be up here available for any follow up questions we want to release everybody to the rest of the calendar thank you so much to the panelists today thank you so much for participating

TL;DR

  • Security budget justification requires framing investments as business risk management with clear roadmaps, not just technical needs—use frameworks like DORA and NIST CSF to prioritize gaps and demonstrate strategic thinking to boards
  • Incident response success depends heavily on pre-positioning: establish retainer agreements with IR firms and counsel, pre-negotiate emergency procurement authority, and conduct regular targeted tabletop exercises with non-technical executives
  • Executive communication during incidents consumes the majority of CISO time—prepare one-on-one briefings with each executive before crises occur and ensure site-level leaders understand their communication responsibilities
  • Recovery timelines are measured in months to years, not days—Royal Mail restored operations in six weeks but full IT recovery took two years, emphasizing the need for realistic expectations and business continuity planning
  • Public communication timing during breaches generates outrage regardless of speed, so focus resources on recovery capabilities and key customer relationships rather than trying to win the PR battle

Securing Budget and Resources in Constrained Environments

The panel opens with a candid discussion about the universal challenge of securing adequate security budgets across different organizational contexts. Lee from Catholic Education Western Australia describes the unique constraints of not-for-profit education, where security investments must compete directly with hiring teachers and classroom resources. The panelists emphasize the importance of conducting thorough control assessments using frameworks like DORA and NIST CSF to prioritize spending and justify investments to boards. Kevin from Synovus Financial highlights how regulatory requirements in financial services provide leverage, but warns against relying solely on compliance-driven security. The discussion reveals a common thread: successful CISOs frame security investments as business risk management rather than technical necessities, using roadmaps and continuity planning to demonstrate strategic thinking rather than appearing as a cost center.

Executive Communication and Incident Response Preparation

A significant portion of the discussion focuses on the critical importance of executive communication and incident preparedness. John Staniforth shares lessons from the Royal Mail ransomware incident, revealing that 70% of his time during the crisis was spent on communications management across 100,000 employees and stakeholders. The panel stresses the value of one-on-one conversations with executives before incidents occur, providing each with a personalized one-pager outlining their specific role during a breach. Kevin emphasizes bringing non-technical stakeholders—legal, media relations, finance—into tabletop exercises so they understand their responsibilities during the worst-case scenario. Lee identifies a critical gap discovered during a data breach: while headquarters staff were well-prepared, school principals acting as site CEOs lacked incident response training, creating communication breakdowns with parents. The panelists advocate for breaking tabletop exercises into smaller, quarterly sessions focused on specific scenarios rather than disruptive full-day events, making preparation more sustainable and building organizational muscle memory.

Pre-Positioning for Crisis and Recovery Realities

The panel provides practical guidance on pre-positioning capabilities before incidents occur. John describes pre-negotiating with the CFO and legal team to bypass normal procurement processes during emergencies, consolidating all incident-related spending to a single cost center to enable rapid response. He emphasizes the value of retainer agreements with incident response firms, outside counsel, and negotiation specialists like Coveware, noting these preparations are often less expensive than new security tools while providing immediate crisis capability. The discussion addresses the reality of recovery timelines, with John noting that while Royal Mail restored parcel operations in six weeks, full IT restoration took two years. Bill Siegel reinforces that communication timing during breaches generates outrage regardless of speed—whether disclosure happens in 48 hours or months—so organizations should focus resources on recovery and key customer relationships rather than trying to win the public relations battle. The panel concludes by addressing regulatory reporting, with multiple CISOs describing regular engagement with regulators and law enforcement as part of their standard operating procedures.

Chapters

0:00 - Panel Introductions
1:18 - Budget Constraints and Tool Justification
5:54 - Evaluating Security Culture When Changing Jobs
9:08 - Executive Communication Strategies
23:00 - Incident Response Training and Preparedness
38:28 - Royal Mail Ransomware Incident Lessons
41:05 - Data Breach Response and Site-Level Gaps
43:32 - Recovery Timelines and Regulatory Reporting
45:47 - Tabletop Exercise Best Practices

Key Quotes

3:26 "Our organization, Catholic Education, we're there to deliver quality Catholic education to our students. We're not there to deliver IT. So when we take that to the board, we really have to have the conversation around why we would need this over hiring another teacher or getting some teacher assistants in there."
8:01 "Even if you gave me $50 million today, I couldn't spend it in a year. It takes time to put in a platform, your backups, you've got to identify your key applications."
22:52 "It's here's why this is a risk to your organization, here's why it's a risk to our whole industry, here's the kind of things people are doing, here's where your program is, here's some thoughts on what you ought to be doing. That supports it but also gives the message this is not just one person's opinion on why this is a risk."
38:43 "Probably 70% of my time was on comms, which was my biggest surprise as a CISO. So I was working 18-hour days with 70% of my time just on managing the comms across everybody, consistent messaging."
39:37 "Little tricks that I've pre-did, and this is lessons learned over 20 years, is I pre-agree with the CFO and legal that I can sign contracts as long as they're not multi-year, and I can avoid the normal PO process because I don't know what it's like in the States, but most companies I've worked in, the PO process is horrific and can take days if not weeks or months."
43:52 "How long did it take you to become normal again? So parcels for the customers was back up in six weeks. IT was back up in about two years, but not from the activity side, the public disclosure took the best part of two years."

FAQ

How should CISOs justify security investments when budgets are constrained?

Frame security investments as business risk management rather than technical requirements. Conduct thorough control assessments using frameworks like DORA or NIST CSF to identify and prioritize gaps, then present investments as part of a strategic roadmap that addresses business objectives, compliance needs, and revenue protection. Demonstrate how you're managing risk over time rather than making random funding requests.

What should organizations do to prepare for incident response before a crisis occurs?

Establish retainer agreements with incident response firms, outside counsel, and negotiation specialists. Pre-negotiate emergency procurement authority with CFO and legal to bypass normal PO processes. Conduct regular, focused tabletop exercises (quarterly, 1-2 hours each) that include non-technical stakeholders like legal, media relations, and finance. Prepare one-page role summaries for each executive outlining their specific responsibilities during a breach.

How long does recovery from a major cyber incident typically take?

Recovery timelines vary significantly by scope and organizational complexity. Royal Mail restored parcel operations in six weeks but required two years for full IT restoration. The panel emphasizes setting realistic expectations with leadership—even well-resourced organizations cannot deploy all controls immediately, and recovery is measured in months to years, not days or weeks.


Categories:
  • » Data Protection » Backup & Recovery
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Security Operations
  • Executive Briefing
  • Best Practices
  • Data Protection
  • Compliance & Governance
  • Security Budget Justification
  • Incident Response Planning
  • Executive Communication
  • Ransomware Recovery
  • Tabletop Exercises
  • CISO Leadership
  • Crisis Management
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Veam: CISO Panel: Cyber Resilience & Security Budget Realities

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version