From Risk Data to Business Decisions: Enabling Autonomous Cyber Risk Programs – Evelyn Anderson – RSAC26 #5
Enterprises are generating more security data than ever before, but translating that information into meaningful decisions remains a challenge. As organizations adopt AI across their operations, security programs must evolve to deliver continuous insight into risk and performance.
In this fireside chat, Matt Alderman, CPO of CyberSaint, and Evelyn Anderson, CTO for Cyber Strategy and Risk at IBM, explore how autonomous security programs are reshaping cyber governance. They’ll discuss how AI-driven automation, real-time telemetry, and integrated risk intelligence enable organizations to continuously measure cyber risk, prioritize remediation, and provide executives with actionable insights that connect security operations to business outcomes.
For more information about CyberSaint , please visit: https://securityweekly.com/cybersaintrsac.
- - Introduction to AI-Driven Cyber Risk Programs
- - AI Adoption vs Security & Data Challenges
- - Why Asset & Data Inventory Still Fails
- - The Problem with Manual GRC & Spreadsheets
- - Moving Beyond Workflow Automation
- - Aligning Cybersecurity with Business Strategy
- - Regulatory Complexity & Global Compliance
- - Active Governance Framework Explained
- - From Governance to Automated Risk Management
- - Automating Security Assessments with AI
- - Generative AI for GRC & Compliance
- - Solving Assessment Challenges with AI
- - Next Step: Regulatory Knowledge Corpus
- - Mapping Global Regulations & Controls
- - Building a Unified Control Framework
- - Continuous Control Monitoring with APIs
- - Scaling GRC with Real-Time Data
- - Data Enrichment & Security Intelligence
- - Connecting Threats to Business Risk
- - Improving Risk-Based Decision Making
- - Autonomous Security Programs Explained
Evelyn Anderson has over 28 years of experience in IT Security. Evelyn is an IBM Distinguished Engineer, which is an executive technical role within IBM. Evelyn has served across IBM’s organization as the global leader for Identity & Access Management, Security, Regulatory, Risk Management, Physical Security, System Currency and Infrastructure Protection where she led the design of a global framework to standardize delivery, automate controls and reduce security risks for IBM and its Clients.
From Cyber Risk to Business Impact: A Conversation with IBM and CyberSaint – Mark Hughes, Fabio Campos – RSAC26 #5
Cybersecurity teams are generating more data than ever—but turning that data into meaningful, business-aligned decisions remains a challenge. As organizations face increasing pressure from boards, regulators, and evolving threats, the need for a more continuous and intelligent approach to cyber risk management has never been greater.
In this conversation, Jerry Layden, CEO of CyberSaint, Fabio Campos, Global Managing Partner, IBM Cyber Strategy & Risk, and Mark Hughes, Global Managing Partner, Cybersecurity Services at IBM, explore how organizations are rethinking cyber risk through automation, real-time data, and AI-driven insights. Together, they discuss the shift from static assessments to continuous risk visibility, how security and business leaders can better align on priorities, and what it takes to operationalize cyber risk in ways that drive measurable outcomes.
For more information about CyberSaint , please visit: https://securityweekly.com/cybersaintrsac.
Read the interview summary from SC Media here: From cyber risk to business impact: A conversation with IBM and CyberSaint
- - Introduction to Cyber Risk & Data Challenges
- - Why Security Data Is Hard to Use
- - Breaking Down Security Data Silos
- - Disconnect Between Security, Risk & Business
- - Turning Security Data into Risk Decisions
- - AI in Cybersecurity: Hype vs Reality
- - Governance First: Securing AI Adoption
- - AI, Automation & Business Process Change
- - Driving Cultural Change in Security Teams
- - Reimagining Security with AI & Automation
- - From Assessment to Continuous Risk Management
- - Continuous Control Monitoring Explained
- - Real-Time Risk Visibility & Decision Making
- - Why Executives Care About Cyber Risk Now
- - The Rise of Risk-Based Security Programs
- - Autonomous Security Programs & AI Agents
- - Governance & Guardrails for AI Security
- - Moving Beyond Spreadsheets to Automation
- - From Static Security to Real-Time Decisions
Mark Hughes leads IBM’s global cybersecurity team of over 5,000 experts in helping organizations transform security into a business enabler and establish cyber resiliency. His role spans the sales and services delivery of threat detection and response, data security, cloud security, IAM, infrastructure, risk management, and ecosystem partnerships.
As an IBM Global Cybersecurity Senior Executive, Fabio holds the main responsibility over the Global Cyber Strategy, Risk & Resilience practice: Leading and providing sounding board direction, management and oversight to the Global Portfolio Organization Strategy Definition & Execution, including Offering Management, Growth & Profitability, Technical Solutions, Skills & Talent, and Portfolio Delivery domain knowledge capabilities on Global Organizational Change Programs.
Building the Cyber Risk Intelligence Layer: From AI Models to Actionable Security – Srinivas Tummalapenta – RSAC26 #5
Security teams are overwhelmed with data but still struggle to answer a fundamental question: what actually matters?
In this fireside chat, CyberSaint's Padraic O’Reilly and IBM's Srinivas Tummalapenta explore how cybersecurity is evolving from fragmented data collection to a unified cyber risk intelligence layer. They break down how layered AI architectures, combining NLP, GNNs, and LLMs, enable organizations to normalize massive volumes of security data and transform it into real-time, actionable insight.
The conversation dives into what it takes to connect telemetry, controls, and threat intelligence into a system that continuously prioritizes risk, supports decision-making, and aligns cybersecurity with business outcomes.
For more information about CyberSaint , please visit: https://securityweekly.com/cybersaintrsac.
- - Introduction to Cyber Risk Intelligence Layer
- - Shift from Point-in-Time to Continuous Risk
- - Rapid Innovation with AI & 7-Week Sprint
- - Where Security Architecture Breaks Down
- - AI Consumption Models & Shared Responsibility
- - Combining AI Techniques: Agents, NLP, GNNs, LLMs
- - From Static Risk Assessments to Real-Time Insights
- - Building a Layered AI Security Architecture
- - Breaking Down Silos with Interoperability
- - Normalizing Security Data Across Systems
- - Using Data Efficiently for Risk & Compliance
- - Mapping Telemetry, Controls & Risk Exposure
- - Managing Global Regulations & AI Policies
- - Risk Quantification & Business Context
- - Inside the Cyber Risk Intelligence Layer
- - Beyond SIEM & GRC: A New Security Model
- - Outcome-Driven Security vs Tool Sprawl
- - How Security Operations Will Change
- - Autonomous vs Human-in-the-Loop Security
- - Continuous Monitoring & Autonomous Controls
Srinivas is a technical leader and a subject matter expert in Information Security. Srini has degrees in Technology and Business Administration, and has a cumulative experience of 20+ years. As an IBM Distinguished Engineer he is a key technical leader for IBM XForce Protection Platform, Security Services. A believer in secure by design concepts, he has incorporated automation to enable security technologies and services at cloud speed delivered through IBM Cloud Security Services. He works with a team at IBM Security Services to design, deliver, and scale security solutions throughout the client base.
Srini has 5 patents and has various filings in areas of security analytics, threat monitoring and response, and blockchain disclosures under review.
