A SecurityWeek Event


An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by


2021 Diamond Sponsors


2021 Platinum Sponsors


2021 Gold Sponsors


Silver Sponsors


2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone


Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

VP, Security Engineering

Caleb Sima

Caleb Sima


Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI

Fredrick Lee

Fredrick ‘Flee’ Lee

Chief Security Officer

Shaila Shankar

Shaila Shankar

SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe


Aanchal Gupta

Aanchal Gupta

VP, Azure Security

Lena Smart

Lena Smart


Sounil Yu

Sounil Yu


Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert




September 24-26, 2019


1 Miramontes Point Rd, Half Moon Bay, CA 94019


+ 1 (650) 712-7000

Enabling The Security Protections We Pay For

01/28/2015 0

Study after study has shown that organizations are talking about security. Board directors want to know what is being done and senior executives are getting serious about security projects. Congress is holding hearings and proposing bills, the president has unveiled a series of proposals. But what’s the point of all this investing in cybersecurity technology if the organization is just going to leave it sitting on the shelf?

This isn’t a facetious question but a fairly widespread scenario, according to a joint report by Trustwave and Osterman Research. The “Security on the Shelf” report found that many companies are not using software they bought, or not taking advantage of all the protective features offered. Of the 172 IT professionals at small-to-midsized businesses and enterprises surveyed in the report, 28 percent said their organizations were not getting the full value from their security software investments. 

In the average organization, “only” 4.8 percent of security-related software was not being used at all, and 23.5 percent was working, but could be better, the report found. One company claimed 60 percent of its security software was shelfware.

In an earlier conversation about CSO wishlists, Rick Howard, CSO of Palo Alto Networks, noted that many security initiatives go awry because the tools aren’t set up correctly. “We spend gazillions of dollars to buy the latest and greatest, and yet fail to squeeze as much efficiency out of it as possible,” Howard said.

Examples of underutilized technologies include firewalls that are installed but not configured with the up-to-date settings, database monitoring tools and SIEM platforms logging alerts no one has time to look at, and data leak prevention software with no rules defining what data to block, Trustwave said.

 Almost all businesses have shelfware that is never used, and the problem isn’t just relegated to security software The problem is not specific to security. Nearly 96 percent of organization said at least some of the software they’ve purchased was shelfware, according to joint research by Flexera Software and IDC late last year. A little less than 40 percent said about a fifth of more of their enterprise software spending is wasted on shelfware in the same study. “It’s very easy for shelfware to accumulate when organizations don’t proactively implement best practices and technology to track, manage and optimize their software estates,” Amy Konary, a research vice-president for software licensing and provisioning at IDC, said at the time of the report’s release. 

The report also looked at hard numbers. Organizations spent $115 per user in 2014, which is significantly more than the $80 per user spent in 2013. But of the $115 per user spent on security software in 2014, $33 wasn’t used at all, or underutilized. In an organization with just 500 users, that’s more than $16,000 in security-related software partially or completely wasted, Trustwave said. The figures vary slightly by company size, as smaller companies are spending as much as $157 per user, compared to larger companies spending $73 per user. It’s disconcerting that despite increased spending, organizations aren’t necessarily getting more security than previous years.

If organizations are spending—and wasting—significant amount of dollars on security, it doesn’t make sense why so much of it is being wasted. The reasons all boiled down to IT resources and time, the Trustwave report found. About 35 percent of respondents said IT staff had no time or was too busy to implement the software properly. The second most common reason, at 33 percent, was the lack of manpower. 

“Many of us fall a bit short on that last hurdle,” Howard said, noting the actual detailed configuration of the device is left to later because there are other things that need to be done right away. “The problem is that later hardly ever comes.”

Other reasons included IT not understanding the technology well enough. The IT staff understood the security problems—it was the technology that required extra expertise.

One way to address the shelfware problem is to consider cloud services and managed services providers, the report suggested. Organizations in the survey said they 19 percent of its security infrastructure was cloud based or managed services in 2014, and expect that figure to change to 28 percent in 2015. Switching to cloud and managed services would give organizations with needed security expertise while reducing the time and resource constraints on internal IT teams. 

About 51 percent of the respondents said they expected cloud and managed services would have “some positive impact,” “significant impact,” or “huge impact” on the amount of unused and underutilized security software in their organization.

“I would like to have all of the security controls that I have installed in the past couple of years to be configured to run the way that I thought they would be configured when I purchased them in the first place,” Howard said.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe for Event News