CSO Cybersecurity Awards & Conference Agenda and Event Schedule
All times listed on the agenda are Central Time.
Monday, May 11
Check in to the conference and pick up your badge.
Choose a topic and join a small-group, interactive conversation to listen, learn, and share experiences with fellow security leaders.
The session will feature two 30-minute rounds of discussion, each hosted by a sponsor subject-matter expert, focused on today’s most pressing security challenges. Round 1 will take place from 2:00-2:30 PM, followed by a 15-minute break for attendees to rotate to a new table and discussion. Round 2 will run from 2:45-3:15 PM.
Seating is first come, first served – arrive early to select your topic and secure a seat.
Discussion Topics:
– You Didn’t Hire That AI Agent — hosted by Valence Security
– The Exposure Gap: What AI Threats Reveal About the Limits of Traditional VM — hosted by Zafran Security
– Compliance Without the Drag: Secure Data for Faster Innovation — hosted by Perforce Software
– If AI Is Doing the Work — Why Are Analysts Still Overwhelmed?— hosted by AiStrike
AI adoption is outpacing most organizations’ ability to govern it. What started as experimentation is quickly becoming embedded in core workflows, customer experiences, and security operations. This roundtable brings together security leaders to discuss how to enable AI safely without becoming a bottleneck. We’ll focus on where adoption is creating real risk, how architecture decisions are shaping long-term exposure, and what practical controls are actually working today.
What We’ll Focus On
– Where AI is moving fastest inside the enterprise, and where risk is quietly accumulating
– The architectural and control decisions that matter most early, before things sprawl
– How to manage internal misuse and external AI-driven threats without slowing innovation
Pre-registration is required.
Join us for a lively welcome reception designed to spark meaningful connections with fellow industry leaders. Enjoy great company, curated food and drinks, and an energetic atmosphere to kick off the 2026 CSO Cybersecurity Awards & Conference.
Tuesday, May 12
Check in to the conference and pick up your badge.
Start your morning right with a networking breakfast. Connect with industry leaders, share insights, and fuel up for a day of innovation and success.
The father of the AI virtual assistant, the technology that became Siri and Alexa, has a message for security leaders: the AI threats reshaping your attack surface aren’t coming, they’re already here. Kevin Surace, holder of 95 worldwide patents and one of CNBC’s Innovators of the Decade, delivers a no-platitudes keynote on what generative AI actually means for identity verification, enterprise risk, where defenders have a genuine edge, and what the security leaders who get this right are doing differently right now.
We are entering an era where AI is rapidly becoming embedded in the systems we need to trust the most; healthcare, finance, and critical infrastructure. Yet the foundations of that trust are deeply misunderstood. This talk challenges the assumption that compliant, well-built AI systems are inherently secure, revealing instead a growing gap between perceived safety and real-world risk.
Drawing on emerging attack data and a real-world healthcare case study, this talk will explore how AI systems can be compliant and exposed. In one case, a globally deployed, fully certified AI clinical assistant processing over two million patient interactions per week was compromised through hidden inputs and downstream system vulnerabilities, exposing sensitive data and infrastructure at scale.
We will examine why traditional security controls and compliance frameworks fail to address these threats, and how organizations are operating under an illusion of control mistaking governance, policies, and checklists for actual protection.
Ultimately, this talk reframes AI trust: not as a property of how systems are built, but how they are defended in operation. Because in the age of AI, trust without security is not trust at all – it’s exposure.
Grab a coffee or iced beverage, enjoy the fresh air, connect with award-winning CISOs and sponsoring partners and take a photo with keynote speaker Kevin Surace.
Dig into the details of a selection of CSO Award-winning projects. Visit the presentations that match your interests, ask questions, and network with small groups of peers. This self-directed experience means you can focus your time on projects that are most relevant for you.
Learn from a new set of award-winning projects.
– Detect emerging risk behaviors in autonomous AI
– Build a data-centric and intent-aware security model
– Establish the CISO as the orchestrator of scalable AI and business growth enabler
AI-assisted development has quietly flipped the risk equation. Developers are shipping more code than ever, AI systems readily reuse insecure patterns, and dashboards remain green even as high-impact vulnerabilities accumulate in the background. Veracode’s 2026 State of Software Security (SoSS) data shows that most enterprises now carry persistent security debt, with critical and high-risk flaws accumulating faster than teams can realistically remediate.
The State of Software Security report highlights five key themes shaping the future of software security:
– The intensifying security debt crisis
– The surge in high-risk vulnerabilities
– Persistent struggles in remediation
– Ongoing challenges from third-party code
– The double-edged impact of AI
Join this session to learn what fundamental changes are required in an AI-enabled SDLC.
Join us for an engaging lunch where you can connect with newfound contacts! Take a seat and savor your meal while networking with peers. Don’t miss the opportunity to meet our sponsors and discover how their innovative solutions can benefit you.
Artificial intelligence is redefining the cyber battlefield—accelerating attacker speed, expanding scale, and raising the bar for sophistication—while challenging defenders to keep up. Join us to unpack where AI delivers meaningful defensive advantage and automation, and where it introduces new systemic, operational, and governance risks. The discussion will look at how AI-driven capabilities are reshaping threat models, compressing decision cycles, and shifting risk ownership across the enterprise.
Uber charted a new path to Human Risk Management upon recognizing that check-box awareness couldn’t reduce risk effectively. Their CSO Award-winning “Beyond the Checkbox” program—led by Jason Harper, Head of Security Diligence, Analytics, Vendor Risk, and Awareness; and Yinka Badmus, Head of Security, Global Risk & Compliance—represents category-defining innovation executed at scale. Working closely with Hoxhunt, Uber co-developed unique capabilities for behavioral signal-based nudges and timely micro-trainings. Learn how they executed their vision of a behavior-first security stack.
The announcement of Anthropic’s Claude Mythos and the launch of Project Glasswing mark an inflection point in cybersecurity that CISOs cannot afford to watch from the sidelines. Mythos represents a model capable of autonomously identifying zero-day vulnerabilities overnight, fundamentally shifting the balance between offense and defense. Anthropic itself is withholding a public release until safeguards can be developed, all while warning that competing models with comparable capabilities may be only months away. In this session, CSO Hall of Fame inductees and leaders from the Cloud Security Alliance will examine the reality of this moment: the unprecedented offensive risks Mythos-class AI introduces, the defensive opportunities Project Glasswing represents, and what security leaders must do right now to prepare their organizations, teams, and boards for a threat landscape that has permanently changed.
Grab a coffee or iced beverage, enjoy the fresh air, and connect with award-winning CISOs and sponsoring partners.
As networks dissolve and users, machines, and workloads operate everywhere, identity has become the primary control plane. Join us to explore what it actually means to operate in an identity-first security model and where most organizations are falling short. We will debate governance, non-human identities, and whether identity programs are scaling securely or creating new failure points for the enterprise.
Persistent talent shortages are forcing security leaders to rethink how programs are designed, staffed, and sustained. This session explores how ongoing skills gaps are reshaping security architecture decisions, particularly the tradeoffs between best-of-breed tool sprawl and more simplified, integrated platforms. We’ll discuss how to build security programs that remain resilient, manageable, and effective with constrained human capital—focusing on automation, architectural consistency, and operational clarity. Rather than revisiting a generic best-of-breed versus all in one debate, the conversation will center on how CISOs can make these models work in practice, aligning tooling, processes, and team capabilities to real-world workforce constraints.
Join us for networking, camaraderie, delicious food and refreshing beverages. Connect with fellow industry leaders in a lively atmosphere.
Wednesday, May 13
Check in to the conference and pick up your badge.
Start your morning right with a networking breakfast. Connect with industry leaders, share insights, and fuel up for a day of innovation and success.
As cyber conflict intensifies, the boundaries between government action and private-sector responsibility are rapidly evolving. Drawing on recent reporting about the U.S. government’s growing reliance on private companies in cyber operations, we will examine what it means for enterprises to operate in an era where cyber activity is increasingly intertwined with national security objectives. We’ll explore the strategic, legal, and ethical implications of private-sector participation in cyber conflict, the heightened risk of retaliation against civilian infrastructure, and the expanding expectations placed on corporations and their security leaders. Designed for CISOs navigating this shifting landscape, the session focuses on governance, risk ownership, and how to prepare organizations for a future in which cyber defense, deterrence, and public–private collaboration are more closely connected than ever.
As organizations implement AI-based systems, traditional security models—such as firewalls, VPNs, and standard IAM—are no longer sufficient to manage the complex risks of the modern data landscape. This presentation posits an AI Security architecture that shifts from a peripheral security approach to a data-centric model. Furthermore, it explores the convergence of AI and Quantum computing, emphasizing the need for crypto-agility and Post-Quantum Cryptography (PQC) readiness to defend against “harvest now, decrypt later” tactics. With an executive operating model that includes cross-functional governance and risk-based prioritization, enterprises can achieve “unified data awareness,” supporting secure AI adoption while maintaining compliance and business control.
Accumulated technical and security debt – not the broader issue of IT debt – now represents a larger risk than underfunding security tools. We will discuss how complexity, legacy architectures, and poor integration quietly undermine security outcomes despite rising budgets. The session will focus on how leaders identify, quantify, and strategically pay down security debt without stalling the business.
Grab a coffee or iced beverage, enjoy the fresh air, and connect with award-winning CISOs and sponsoring partners.
Dig into the details of a selection of CSO Award-winning projects. Visit the presentations that match your interests, ask questions, and network with small groups of peers. This self-directed experience means you can focus your time on projects that are most relevant for you.
Get a behind-the-scenes look at how the CSO Award applications are evaluated and what truly differentiates standout security projects. We will pull back the curtain on the judging criteria and common strengths seen in winning projects, as well as pitfalls to avoid. Designed for current and future applicants, the discussion will help you better understand how impactful initiatives are assessed. We’ll have an interactive Q&A, giving you the opportunity to ask judges about submissions, storytelling, and how to strengthen their entries.
In this candid panel discussion, leading security experts share how their roles are evolving in response to emerging threats, shifting customer expectations, and the accelerating pace of digital and security modernization.
Join us for an engaging lunch where you can connect with newfound contacts! Take a seat and savor your meal while networking with peers. Don’t miss the opportunity to meet our sponsors and discover how their innovative solutions can benefit you.
2:00 – 2:05pm
Welcome and Opening Remarks
2:05 – 2:35pm
Leading the C-Suite to Security Excellence
Here’s the truth: CISOs will be judged on their business fluency as much as technical acumen. Expectations of the CISO role are evolving to see the role as a business executive, not just a technical leader. We’ll discuss how risk is communicated to boards, how tradeoffs are framed, how credibility is built outside of security teams, and what “good” looks like when security decisions directly shape business outcomes.
2:35 – 3:00pm
Security Leadership Roundtables: The Evolving CISO Role
Following the panel, you’ll have a chance to discuss the topics among yourself in small-group discussions of CISOs. These peer-to-peer conversations will focus on security leadership in practice. Topics may include effective interaction with the board of directors, translating cyber risk into business impact, and navigating heightened expectations from executive leadership. Other areas to explore include how the CISO role and day-to-day responsibilities have changed in response to regulatory pressure, emerging threats, and increased organizational visibility. Designed to encourage open dialogue and shared perspective, this session will offer a valuable opportunity to learn from peers taking on the same leadership challenges.
3:00 – 3:30pm
Journeys to Leadership Excellence
Join us for an inspiring session where we explore three unique pathways that have led visionary CISOs into the prestigious CSO Hall of Fame. Hear firsthand accounts from industry leaders who have navigated different career trajectories—whether through groundbreaking innovation, transformative digital leadership, or strategic business alignment. Learn how each journey shaped their approach to technology, leadership, and organizational impact, and gain insights on how you can chart your own course to influence the future of security and business. This session offers valuable lessons and practical takeaways for aspiring and current CISOs looking to leave a lasting legacy.
Raise a glass to toast the 2026 honorees.
Celebrate security excellence at this elegant dinner and award ceremony. The 2026 CSO Awards presentation will honor the winning organizations for their use of innovative security to deliver business value, followed by the induction of our newest members into the CSO Hall of Fame.
Celebrate the newest class of honorees with sweet treats and plenty of photo ops as we close out the CSO Cybersecurity Awards & Conference.
