Security Weekly
Full episode and show notes

From Risk Data to Business Decisions: Enabling Autonomous Cyber Risk Programs – Evelyn Anderson – RSAC26 #5

Enterprises are generating more security data than ever before, but translating that information into meaningful decisions remains a challenge. As organizations adopt AI across their operations, security programs must evolve to deliver continuous insight into risk and performance. In this fireside chat, Matt Alderman, CPO of CyberSaint, and Evelyn Anderson, CTO for Cyber Strategy and Risk at IBM, explore how autonomous security programs are reshaping cyber governance. They’ll discuss how AI-driven automation, real-time telemetry, and integrated risk intelligence enable organizations to continuously measure cyber risk, prioritize remediation, and provide executives with actionable insights t...

This episode is sponsored by
Full Segment Notes

Enterprises are generating more security data than ever before, but translating that information into meaningful decisions remains a challenge. As organizations adopt AI across their operations, security programs must evolve to deliver continuous insight into risk and performance.

In this fireside chat, Matt Alderman, CPO of CyberSaint, and Evelyn Anderson, CTO for Cyber Strategy and Risk at IBM, explore how autonomous security programs are reshaping cyber governance. They’ll discuss how AI-driven automation, real-time telemetry, and integrated risk intelligence enable organizations to continuously measure cyber risk, prioritize remediation, and provide executives with actionable insights that connect security operations to business outcomes.

For more information about CyberSaint , please visit: https://securityweekly.com/cybersaintrsac.

Key Moments
  • 0:00 - Introduction to AI-Driven Cyber Risk Programs
  • 01:12 - AI Adoption vs Security & Data Challenges
  • 02:17 - Why Asset & Data Inventory Still Fails
  • 03:31 - The Problem with Manual GRC & Spreadsheets
  • 04:01 - Moving Beyond Workflow Automation
  • 04:42 - Aligning Cybersecurity with Business Strategy
  • 05:26 - Regulatory Complexity & Global Compliance
  • 06:07 - Active Governance Framework Explained
  • 07:18 - From Governance to Automated Risk Management
  • 08:09 - Automating Security Assessments with AI
  • 09:19 - Generative AI for GRC & Compliance
  • 10:15 - Solving Assessment Challenges with AI
  • 10:47 - Next Step: Regulatory Knowledge Corpus
  • 11:26 - Mapping Global Regulations & Controls
  • 13:34 - Building a Unified Control Framework
  • 14:29 - Continuous Control Monitoring with APIs
  • 15:24 - Scaling GRC with Real-Time Data
  • 16:33 - Data Enrichment & Security Intelligence
  • 17:38 - Connecting Threats to Business Risk
  • 18:31 - Improving Risk-Based Decision Making
  • 19:23 - Autonomous Security Programs Explained
Guest
Distinguished Engineer and CTO of Cyber Strategy and Risk at IBM

Evelyn Anderson has over 28 years of experience in IT Security. Evelyn is an IBM Distinguished Engineer, which is an executive technical role within IBM. Evelyn has served across IBM’s organization as the global leader for Identity & Access Management, Security, Regulatory, Risk Management, Physical Security, System Currency and Infrastructure Protection where she led the design of a global framework to standardize delivery, automate controls and reduce security risks for IBM and its Clients.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

You can skip this ad in 5 seconds