Date & Time:
Tuesday, March 10, 2026
08:30 - 17:00

Venue:
Gilley’s Dallas
1135 Botham Jean Blvd.
Dallas, TX 75215

A Different Kind of Security Event

The Infosec Anti-Summit challenges the status quo by creating a space for CISOs and security leaders to engage, collaborate, and share real-world experience.

Through a series of hands-on workshops, tabletop exercises, mock scenarios, and peer-led discussions, the Anti-Summit encourages maximum exchange of ideas in a setting built for trust, candor, and community.

This is not about watching from the sidelines, it is about being part of the conversation. It's not about people on stage talking at the audience, it's about getting people around the table talking with each other.

Identify the challenges. Understand how others are solving them. Develop a strategy to safeguard.

Welcome to the Anti-Summit.

What to Expect at the
Anti-Summit

CISO-Led Agenda

Step into the action with a collaborative TTX simulation designed to test response, resilience, and teamwork. Continue your day with hands-on sessions built around real-world challenges, led by peers who’ve been in the hot seat.

The Cyber Arcade

A live, interactive space where emerging founders, security innovators, and practitioners collide. Test-drive new ideas, swap feedback, and see what’s next without the sales pitch.

Connection Over Convention

Honest, peer-drive discussions about what’s working and what’s not in today’s security landscape. From hallway chats to post-session conversations, it’s all about the people at the InfoSec Anti-Summit.

Agenda

Registration & Breakfast

08:30 - 09:30

Opening Remarks

09:30 - 09:40

Tabletop Exercise

09:40 - 10:40

Ghost in the Machines: AI Threat Response
This interactive tabletop exercise challenges participants to respond to a sophisticated, multi-vector incident that targets their AI infrastructure through unexpected attack surfaces. Your customers look to you to lead in times of disruption and crisis. This exercise will challenge traditional thinking and disrupt the approach to incident and crisis management.

Workshops (Choose Your Adventure)

10:50 - 11:20

Workshop #1: Are We Ready for the Next Generation of Cloud Attacks?
As AI workloads and autonomous agents become first-class citizens in the cloud, the attack surface shifts again, toward application and agent behavior rather than static assets. This session is a candid discussion on what “cloud security readiness” really means for the workloads we’ll be running next. Cloud attacks are no longer purely “infrastructure” or “application” driven, they live in the gray zone between the two. This workshop looks at real-world cloud breaches that combine identity misuse, application logic abuse, and runtime behavior inside modern cloud environments. We’ll examine whether today’s cloud security stacks are actually built to detect these blended attacks, or if they’re optimized for a threat model that’s already outdated.

Workshop #2: Hoarders Anonymous and the Great Tool Purge
For years, the security industry has sold us a simple equation: more tools equal more coverage. But in practice, bloated stacks don't just drain budgets, but they also create blind spots. When analysts spend too much time jumping between tools and ignoring false alarms, they miss the real threats. This workshop rejects the myth that stacking more tools means stronger security. We’ll explore how leading AppSec teams are reversing course and shedding redundant point solutions in favor of intentional, integrated architectures. You won't just hear theory. You'll leave ready to audit your own stack and define what real security looks like for your team.

Anti-Roundtable

11:35 - 12:20

Endpoint-Native Security: Cutting Out the Middle Hops
Most SWGs and cloud proxies weren’t built for how people work today. Backhaul, outages, slowdowns - CISOs are tired of fighting the same problems every quarter.
This session explores an alternative: running inspection and policy enforcement directly on the endpoint. We’ll dig into what this approach actually changes - performance, privacy, DLP accuracy, and day-to-day reliability - and where it has limitations.
Come ready to challenge the model, stress-test the assumptions, and see if this holds up under real scrutiny.

CISO-Led Workshops (Choose Your Adventure)

12:30 - 13:00

Workshop #1: Making Responsibility Boringly Clear: A Cross Functional RACI That Works Under Stress
Led by: Gina Ciavarro - CISO & VP of Global Infrastructure
When something goes wrong, the last thing you want is a room full of smart people asking, “Wait, is this mine?” This workshop digs into how to build a cross-functional RACI across security, IT, product, and privacy that holds up under real incidents, not just in a slide deck. We will walk through a concrete scenario we worked through, where ownership was fuzzy and decisions were slow, and the RACI model we used to fix it. You’ll leave with practical patterns and facilitation tips for getting to clear accountability without starting a turf war.

Workshop #2: The Art of Communicating Cyber Risk to Business Leaders
Led by: Everett Bates - CISO
When you frame every security gap as a crisis, business leaders tune out. But when you translate cyber threats into the language of business impact, doors open. This workshop tackles the hard truth: most executives don't know or care what a pentest is, but they do care about compliance exposure, revenue delays, and customer trust. You'll work through realistic scenarios involving missed controls and regulatory pressures, learning to communicate what actually matters to CIOs, CFOs, and product leaders while presenting solutions that keep the business moving.

Lunch

13:00 - 14:00

Anti-Roundtable

14:05 - 14:50

What’s Actually Running Your Code? Governing Open Source AI at Scale
Open source AI moves fast. Faster than most teams can inventory, govern, or fully understand once they’re in production.

The reality for many organizations is dependency sprawl, partial visibility, and governance models that weren’t designed for how software is built today. The focus here is on how security leaders are navigating that gap in live environments, where open source and AI are already embedded and business pressure to move quicky remains high.

The discussion centers on practical questions: how teams are gaining meaningful visibility into what’s running, where governance tends to break down, and how guardrails can exist without becoming friction. Expect candid perspectives, shared lessons, and an honest look at what it takes to govern open source and AI at scale without slowing innovation.

Workshops (Choose Your Adventure)

15:00 - 15:30

Workshop #1: Escaping the Past for the Agentic GRC Era
Traditional GRC breaks down under pressure... So let's put it under pressure. Participants will move through hands-on challenges that mirror real life challenges that they need to pass to free a team mate from "Audit Hell". By working physically, collaboratively, and under time constraints, this session shows how AI agents can transform slow, manual compliance into fast, data-driven decision-making. Come ready to move, build, and escape outdated GRC thinking.

Workshop #2: Security That Thinks Like an Attacker, but at Machine Speed
Attackers don’t wait for your quarterly review of exposures, and they don’t follow your workflow. In this session, you’ll experiment with something different: autonomous security that maps attack paths, simulates attacker logic, and tells you what really needs fixing before someone malicious finds it.
We’ll explore how AI-Driven offensive discovery works, what it gets right, where it struggles, and how security teams can actually use it without drowning in noise. We’ll look at intelligent prioritization, continuous testing, and the shift from reactive patching to proactive risk elimination. Then we’ll pressure test the whole model together and see if autonomous defense actually moves the needle, or is it another promise in a crowded category?

CISO-Led Workshops (Choose Your Adventure)

15:45 - 16:15

Workshop #1: Building Governance and Controls for AI After It’s Already Running
Led by: Parrish Gunnels - CISO
Many organizations didn’t plan for generative AI. But GenAI applications are being approved nonetheless. This session begins after LLMs are already being used. Development teams are prompt engineering, pulling internal data, and generating outputs, while security is left to define governance, oversight, and guardrails retroactively. Through a real-world scenario, we will examine the questions that surface only after AI is live: What oversight is actually required? Which controls matter? How do you evaluate vastly different approaches to AI governance, DLP, identity, and “shadow AI” when none cleanly fit your environment? And what are regulators likely to care about next?
This session is a facilitated peer discussion grounded in real decisions rather than theory, creating space to compare approaches, share lessons learned, and understand how others are governing AI once innovation is already in motion.

Workshop #2: The Empathetic Hacker: Cracking the Human Layer of Cyber Leadership
Led by: Joshua Copeland - CISO, Professor, & Best-Selling Author
Cybersecurity doesn’t fail because of technology…it fails because of people.
This workshop, drawn from Joshua Copeland’s The Empathic Hacker, shows how emotional intelligence (EQ) is one of the most overlooked controls in modern security leadership. Using real incidents, neuroscience, and practical frameworks, we connect emotional failures to the technical failures they create.

Participants will learn to spot hidden human vulnerabilities, map their Emotional Kill Chain, run a Personal IR Audit to catch burnout and ego early, apply Cognitive Load Balancing under pressure, and use Empathic Threat Intelligence to read human signals as early-warning telemetry.

We will introduce Governance, Risk and Feelings (GRF), a model for building emotionally safe and high-performance cultures where trust and communication function as governance controls.

Attendees walk away with:
• A practical EQ playbook for SOCs and CISOs
• Tools to monitor emotional drift the same way you monitor system logs
• Techniques to reduce the blast radius of stress
• A blueprint for emotionally resilient teams where people drive outcomes

If you can understand packet flows, you can understand people. This workshop shows you how.