Date & Time:
Tuesday, April 14, 2026
08:30 - 17:00
Venue:
SECOND
849 6th Avenue
New York, NY 10001
A Different Kind of Security Event
The Infosec Anti-Summit challenges the status quo by creating a space for CISOs and security leaders to engage, collaborate, and share real-world experience.
Through a series of hands-on workshops, tabletop exercises, mock scenarios, and peer-led discussions, the Anti-Summit encourages maximum exchange of ideas in a setting built for trust, candor, and community.
This is not about watching from the sidelines, it is about being part of the conversation. It's not about people on stage talking at the audience, it's about getting people around the table talking with each other.
Identify the challenges. Understand how others are solving them. Develop a strategy to safeguard.
Welcome to the Anti-Summit.
What to Expect at the
Anti-Summit
CISO-Led Agenda
Step into the action with a collaborative TTX simulation designed to test response, resilience, and teamwork. Continue your day with hands-on sessions built around real-world challenges, led by peers who’ve been in the hot seat.
The Cyber Arcade
A live, interactive space where emerging founders, security innovators, and practitioners collide. Test-drive new ideas, swap feedback, and see what’s next without the sales pitch.
Connection Over Convention
Honest, peer-drive discussions about what’s working and what’s not in today’s security landscape. From hallway chats to post-session conversations, it’s all about the people at the InfoSec Anti-Summit.
Full Agenda Coming Soon!
Registration & Breakfast
08:30 - 09:30
Opening Remarks
09:30 - 09:40
Tabletop Exercise
09:40 - 10:40
Ghost in the Machine: AI Threat Response
This interactive tabletop exercise challenges participants to respond to a sophisticated, multi-vector incident that targets their AI infrastructure through unexpected attack surfaces. Your customers look to you to lead in times of disruption and crisis. This exercise will challenge traditional thinking and disrupt the approach to incident and crisis management.
Workshops (Choose Your Own Adventure)
10:50 - 11:20
Workshop #1: Stop Chasing Alerts and Start Controlling Identities
Despite record cybersecurity investment, outcomes continue to worsen. Cloud adoption accelerates, attack surfaces expand, and defenders are left chasing alerts in environments that change faster than traditional models can handle.
The cloud reshapes everything: infrastructure is ephemeral, identities drive access, and visibility is harder to maintain. Yet many security programs remain anchored to static assets and reactive detection.
The focus here is on moving away from chasing infinite attacker behaviors and toward what defenders can control (identities and their activities) offering a candid look at how security leaders are rethinking defense in cloud-native environments.
Workshop #2: When the Threat Isn’t the Network Anymore
Risk no longer lives only inside the network. It emerges in open channels, public platforms, and fast-moving narratives that can impact people, operations, and trust before traditional controls ever see it.
The challenge isn’t data scarcity, it’s signal buried in noise. Manual monitoring and static intelligence models struggle to keep pace with threats that form and evolve in real time.
This workshop will explore how security leaders are making sense of open-source signals, detecting emerging risks earlier, and responding when threats surface outside owned infrastructure.
Anti-Roundtable
11:35 - 12:20
Workshops (Choose Your Own Adventure)
12:30 - 13:00
Workshop #1: When Boundaries Break, Securing How Applications Connect
Modern applications cross borders all day long. They talk to partners, customers, cloud services, and each other. And most of the time, no one has a clear answer to the question: “How do our apps authenticate to anything?” This workshop digs into that gap.
We’ll talk about the messy reality of service-to-service trust, what happens when secrets spread, and how to secure connections without slowing developers down. We’ll also explore what a world of strong workload identity looks like and how it changes the way teams think about risk. If you want a clearer sense of how to secure what your systems are doing behind the scenes, this is your room.
Workshop #2: SaaS Sprawl is Out of Control. Here is how CISOs are Tackling It.
Every team adopts SaaS faster than security can keep up. Access spreads, data moves in ways no one expects, and “who can see what” becomes a guessing game. This workshop gets past the buzzwords and into the real work of securing modern SaaS environments.
We’ll break down what dynamic SaaS visibility looks like, how to understand identity and data risk across dozens (or hundreds) of apps, and how to protect the business without crushing productivity. We’ll explore how to approach the problem, and then pressure-test the model together to see what holds up for fast-growing, cloud-heavy organizations.
Endpoint-Native Security: Cutting Out the Middle Hops
Most SWGs and cloud proxies weren’t built for how people work today. Backhaul, outages, slowdowns - CISOs are tired of fighting the same problems every quarter.
This session explores an alternative: running inspection and policy enforcement directly on the endpoint. We’ll dig into what this approach actually changes - performance, privacy, DLP accuracy, and day-to-day reliability - and where it has limitations.
Come ready to challenge the model, stress-test the assumptions, and see if this holds up under real scrutiny.
Lunch
13:00 - 14:00
Anti-Roundtable
14:05 - 14:50
Rethinking GRC with Actionable Data
GRC programs are often weighed down by disjointed tools and outdated workflows. Static reports and manual processes make it difficult to keep pace with today’s dynamic risk environment.
This session explores how a modern Compliance OS can bring structure and clarity to your GRC strategy. Learn how continuous monitoring, integrated applications, and real-time data can streamline audits, improve decision-making, and unlock greater value from your compliance investments.
Walk away with a clearer path to building a GRC program that works with your tech stack, not against it.
CISO-Led Workshops (Choose Your Own Adventure)
15:00 - 15:30
CISO-Led Workshops (Choose Your Own Adventure)
15:45 - 16:15
Cyber Arcade & Happy Hour
16:20 - 17:30
After-Summit Dinner
17:30 - 21:00
Time to unwind and enjoy some great company after a successful day. No more work related discussions, just good food and good people. Perfect.
Voices Of The Anti-Summit
Kristen Beneduce
Davin Darnt
Justin Pagano
Nate Vanderheyden
Peter Rosario
Harry Halikias
Dan Gorecki
Jeremy Schumacher
Phil Beyer
Christina Morillo
Mark Aklian
Matthew Webster
Natalie Kacik
Kunal Agarwal
