Boston CxO Security Forum

Quarterly Executive Briefing

Tuesday 24 February 2026

Days

Hours

Minutes

Seconds

A Private, Peer-Led Forum for Cybersecurity Leaders

The Boston CxO Security Forum convenes senior executives from across New England to examine the evolving intersection of cybersecurity, risk management, compliance, and AI. Hosted in an executive setting, the Forum brings together CISOs, CIOs, and business leaders for curated discussions, practitioner-led insights, and peer-to-peer networking. With a focus on actionable strategies and trusted collaboration, this gathering reinforces Boston’s position as a hub for innovation and executive leadership in security and risk.

Each Executive Briefing has a unique agenda, which follows our engaging format with Discussion Leaders and thoughtful “TED Talk” presentations followed by moderated conversations where the assembled executives from the Community share their best practices, experiences, lessons learned, etc.

Participants gain:

Trusted peer insight: candid discussion with leaders facing the same strategic challenges
Personal & professional growth: sharpen leadership and strategic judgment through real executive exchange
Actionable dialogue: moderated, high-impact conversations focused on what matters now
No noise, no pitches: gatherings where peers drive the agenda and learning
Stronger decision confidence: discussions that help you avoid costly missteps and evaluate solutions with clarity

Thank You to Our Partners

Next Forum Agenda

As was done in our first Greater Boston Area CxO Security Forum briefing, the February gathering will feature a tightly curated agenda built around real-world insight, peer experience, and practical guidance — not theory or sales pitches.

Planned discussions include:

Agentic AI in the Enterprise
A practitioner-focused discussion on where agentic AI is already being deployed, where it’s creating new risk, and how leading organizations are thinking about governance, controls, and accountability.

Learning from High-Profile Breaches
Candid perspectives from nationally recognized CISO peers, examining recent, well-publicized breaches — what actually happened, what was missed, and what leaders would do differently with the benefit of hindsight.

Workforce, Talent, and the Security Organization
Insight from one of the world’s largest staffing firms on how cybersecurity, risk, and compliance teams are evolving — including hiring trends, organizational design, and where leaders are struggling to find (and retain) critical skills.

New Thinking from Leading Authors
Select authors will share ideas from their latest work, offering fresh perspectives on leadership, risk, security, and the changing role of the CxO — with time reserved for discussion and audience engagement.

Legal, Regulatory, and Liability Realities
A partner from a major law firm will share insights drawn from real client cases and advisory work, covering today’s most pressing issues around regulation, security, privacy, liability, and the use of AI in business applications — with a focus on practical guidance leaders can apply immediately.

As always, each session will be succinct, moderated, and discussion-driven, building toward a cohesive set of takeaways rather than disconnected presentations.

Agenda

Our community-led gatherings ALWAYS have an amazing agenda filled with thoughtful Discussion Leaders and security, risk & compliance influencers – including nationally-recognized authors and cyber-celebrities!

Registration & Networking

2:00 PM

Welcome/Introductions

2:30 PM

From Breach to Boardroom: Legal Lessons in Cybersecurity Strategy
[Discussion Pod #1]

In this talk, our Attorney (partner) distills key lessons from high-profile cases and confidential client engagements, showing how companies have navigated ransomware demands, disclosure dilemmas, and cross-border data incidents. In today’s high-stakes cyber environment, technical defenses are only part of the story — the real test comes when legal, regulatory, and business pressures collide. In this fast-paced talk, he’ll share what works, what fails, and what every executive should know before the next crisis hits — from structuring contracts to withstand supply chain attacks, to leveraging breach response as a catalyst for lasting governance improvements.

2:45 PM

Start-Up Showcase #1

3:15 PM

Beyond the Headlines: Executive Accountability, Regulatory Pressure, and the Reality of CISO Risk
[Discussion Pod #2]

Tim Brown - Chief Information Security Officer & VP at SolarWinds is one of the most nationally recognized CISOs in the industry (perhaps in history?) He was previously the subject of the first U.S. SEC enforcement action brought personally against a sitting CISO—a case that was ultimately dropped.

In this candid, practitioner-to-practitioner discussion, Tim will go beyond public reporting to explore:

What the SEC action actually felt like from inside the role
How regulatory scrutiny is changing executive decision-making
Where CISOs should draw sharper lines between accountability, authority, and governance
Practical lessons for security leaders navigating board relationships, disclosure, and personal risk

This talk and our subsequent moderated discussion is a rare opportunity to hear directly from an executive who has lived through a defining moment for the profession—and emerged with a clear, actionable perspective.

3:20 PM

Networking & Organized Interaction Break

3:45 PM

Start-Up Showcase #2

4:10 PM

Agentic AI Meets Zero Trust: What Actually Breaks—and How to Fix It
[Discussion Pod #3]

Josh Woodruff is the Author of "Agentic AI + Zero Trust," a former CISO, and a long-time advisor in the industry. He will talk more about the years of research that went into the book.

In the rush to deploy autonomous/semi-autonomous AI, Community Members have shared their doubts that existing identity, data, and control frameworks are ready. Drawing from years of research for his book and field experience, Josh will share:

Why most agentic AI initiatives fail operationally, not technically
How Zero Trust principles must evolve for AI agents, workflows, and non-human identities
Where security teams need to rethink identity, authorization, and monitoring
What CISOs and CIOs can do now to avoid costly architectural mistakes

This session blends short-form insights with moderated group discussion, focused on immediately actionable takeaways for enterprise leaders.

4:15 PM

AI-Native Identity: Why IAM Is Being Rewritten
[Discussion Pod #4]

Barak Perelman is a industry veteran and the Founder & CEO of Opti.ai. Fresh from a well-received presentation at the Gartner IAM Summit, Barak will reprise and expand on his research gathering input from dozens of your peers around identity.

To move identity from the current hodge-podge of big vendor solutions with “2025 AI-washed” marketing to real “baked in” AI is hindered by structural issues related to governance and accountability. Barak looked in detail at this from a risk-based approach and will share actionable insights for participants they can readily apply with their teams.

4:45 PM

Reception & Networking

Refreshments, food, cocktails & discussions till 7pm

5:20 PM

Forum Discussion Leaders

(Past, Present & Future)

Tim Brown

CISO & VP, SolarWinds

Tim Brown joined SolarWinds in 2017 as vice president of security and is now the CISO for SolarWinds, overseeing internal IT security, product security, and security strategy. After the SUNBURST attack in December 2020, Tim Brown led the response and remediation efforts. Tim has spoken to thousands of customers and has been instrumental in all customer remediation support and services.

He has worked closely with the SolarWinds® CEO in designing the future state of security and their “Secure by Design” philosophy. This new philosophy on software design will not only benefit SolarWinds but the industry as a whole, and it sets a precedent for responses to future cyberattacks.

As a former Dell Fellow and CTO, Tim deeply understands the challenges and aspirations of the person responsible for driving digital innovation and change. Tim has over 25 years of experience, and his trusted advisor status has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. He’s also an avid inventor and holds 18 issued patents on security-related topics.

Josh Woodruff

Author, Agentic AI + Zero Trust: A Guide for Business Leaders
IANS Faculty | CSA Zero Trust Working Groups

Josh Woodruff is the author of Agentic AI + Zero Trust: A Guide for Business Leaders, a practical framework for safely operationalizing autonomous AI using Zero Trust principles. Drawing on nearly 30 years of experience as both a CIO and CISO, Josh translates real-world enterprise deployments into clear executive guidance on trust, governance, and risk in agentic systems.

The book—co-authored with Michelle Savage and featuring a foreword by Zero Trust pioneer John Kindervag—cuts through AI hype to explain why most AI initiatives stall in pilot mode, and what successful organizations do differently. Josh is also the Founder and CEO of Massive Scale Consulting, co-leads the Cloud Security Alliance Zero Trust Working Group, and serves as IANS Faculty, advising enterprises across regulated and high-risk industries.

Known for his ability to frame complex AI and security challenges in plain executive language, Josh focuses on helping leaders design guardrails that accelerate innovation without sacrificing control, accountability, or resilience.

Barak Perelman

CEO and Co-Founder, Opti.ai

Barak Perelman is the CEO & Co-founder of Opti, where he is focused on addressing structural challenges in identity, governance, and accountability as AI becomes embedded into enterprise systems. A seasoned cybersecurity operator and founder, Barak brings more than two decades of hands-on experience building products, leading strategy, and protecting critical infrastructure in highly complex environments.

Previously, Barak was the Co-founder and CEO of Indegy, an industrial cybersecurity company that built a comprehensive security and governance platform for industrial networks. Indegy was acquired by Tenable in 2019, where Barak went on to serve as VP OT Security, helping integrate industrial and enterprise security perspectives. Earlier in his career, he led product design at Stratoscale, where he managed large-scale cybersecurity projects.

Barak holds degrees in computer science, mathematics, and physics, as well as an MBA. He is known for his ability to connect deep technical systems thinking with executive-level governance concerns, particularly around identity, accountability, and the unintended consequences of AI-driven automation inside large enterprises.

John Kindervag

Creator of Zero Trust | Chief Evangelist - Illumio

John Kindervag is considered one of the world’s foremost cybersecurity experts. With over 25 years of experience as a practitioner and industry analyst, he is best known for creating the revolutionary Zero Trust Model of Cybersecurity. As Chief Evangelist at Illumio,

John Kindervag is responsible for accelerating awareness and adoption of Zero Trust Segmentation.

Most recently, John led cybersecurity strategy as a Senior Vice President at On2IT. He previously served as Field CTO at Palo Alto Networks and, before that, spent over eight years as a Vice President and Principal Analyst on the security and risk team at Forrester Research.

In 2021, John was named to the President’s National Security Telecommunications Advisory Committee (NSTAC) Zero Trust Sub-Committee and was a primary author of the NSATC Zero Trust report that was delivered to the President. That same year, he was also named CISO Magazine’s Cybersecurity Person of the Year.

John serves as an advisor to several organizations, including the Cloud Security Alliance and Venture Capital firm NightDragon.

Dr. Chase Cunningham

“Dr. Zero Trust” - Author, Speaker and Industry Thought-Leader

Dr. Chase Cunningham is a globally recognized cybersecurity strategist, bestselling author, and trusted advisor to both the public and private sectors. Widely known as “Dr. Zero Trust,” Chase pioneered the Zero Trust security framework during his time as a Senior Analyst at Forrester Research—an approach now adopted as a standard across government and Fortune 500 enterprises alike.

Over a 20+ year career that spans the U.S. Navy, Department of Defense, and senior industry roles, Chase has led initiatives in cryptographic systems, threat intelligence, cyber forensics, and national cyber defense strategy. He holds a PhD in Computer Science and Cybersecurity, with research centered on insider threats and advanced detection algorithms. He also maintains CISSP and CEH certifications.

An engaging keynote speaker and regular contributor to leading cybersecurity forums, Chase is the author of several acclaimed books including Cyber Warfare: Truth, Tactics, and Strategies and his latest, Buy the Breach: Hacking Failure for Market Success. In Buy the Breach, he unveils a contrarian but data-backed strategy for turning corporate cyber failures into personal financial gains—arming cyber professionals with the tools to outperform hedge funds by investing in the inevitable post-breach market rebound.

Chase is a rare voice who blends deep technical expertise with sharp financial insight. Whether briefing the Executive Branch or advising the boardroom, his mission is clear: empower defenders, demystify complexity, and challenge the status quo.

About CxO Forum

CxO Security Forum began as a response to a common frustration among senior cybersecurity leaders: the way enterprise solutions are marketed, sold, and evaluated is fundamentally broken. What started as a call for change has grown into a trusted community that puts executive practitioners at the center of the conversation.

We bring together CISOs, CIOs, and senior decision-makers who are responsible for protecting their organizations, guiding strategic risk, and navigating the evolving role of AI in security. Every forum, gathering, and conversation is designed to foster education, mentoring, and authentic peer connection.

What makes us different is our focus on relationships. Our events are intentionally small, curated, and built for real dialogue. Sponsors are carefully selected, and there are no product pitches. Participants come for thoughtful, actionable conversations that support both professional development and practical decision-making.

At CxO Security Forum, the goal is simple. Give experienced leaders a space to learn from one another, to share insight, and to build meaningful connections that last beyond the event itself.

Participation is free for qualified senior executives

Location

Orrick

222 Berkeley Street (at Boylston), 20th Floor

Registration

Registration is open only to qualified executives (excluding Sales, Marketing, and Business Development!)