Security leaders don’t get a clean start. They inherit complexity. Years of growth, quick decisions, and shifting priorities leave behind app sprawl, IAM gaps, vendor risk, and limited visibility into what actually matters. Now add shadow AI and a threat landscape that is moving faster than most teams can track.

The problem isn’t a lack of data. It’s knowing where to act.

In this session, Jessica Stinson reframes security leadership using an attacker’s methodology: Recon. Exploit. Persist. Not as a one-time exercise, but as an ongoing way to understand the environment, focus effort, and drive meaningful progress.

We also look at how AI is shaping this cycle in practical terms: where it is accelerating attacker capability, where it is introducing new blind spots, and where it is simply adding noise.

Think like an attacker to cut through noise and act on what actually reduces risk.

What you’ll take away:

1. How to prioritize investments tied to mission-critical services
2. Where AI is materially changing risk, and where it is not
3. A simple way to prioritize using attacker logic and “5s and 20s” thinking
4. How to reduce accumulated security debt without adding more noise
5. How to test resiliency assumptions against real-world disruption
6. How to align remediation to business continuity outcomes

Who should attend:

CISOs, Deputy CISOs, VPs of Security, Heads of Security Architecture, Security Engineering Leaders, and Risk & Threat Leaders