Top 3 ISC2 Security Congress 2025 Sessions for CISOs: AI Governance, Data Protection & Security at Scale
top of page
Search

Top 3 ISC2 Security Congress 2025 Sessions for CISOs: AI Governance, Data Protection & Security at Scale

As we move fully into October and stare down the last two months of the year, we’re heading into one of the most important cybersecurity conferences of 2025 — ISC2 Security Congress.


AI everywhere. Promises of “instant posture improvement.” Platforms that “reimagine” everything.


But for the people actually responsible for protecting data and enabling the business, you don’t need inspiration — you need control. You need sessions that go past hype and tackle the real operational questions: How do we scale securely? How do we make smarter investments? How do we build AI governance strong enough to protect the data that feeds it?


So we pulled together three sessions that cut through the noise. Each gets to the heart of what matters most for CISOs and security leaders this year: scale, agility, and governance.


ree

Opening Keynote: From Artisanal to Industrial – Delivering Security at Scale for Business and Technology Agility


Phil Venables, Strategic Security Advisor, Google


Security at scale is a problem, and few people articulate that tension between agility and control like Phil Venables. This keynote sets the tone for the week, diving into what it takes to move from handcrafted, reactive defenses to truly industrialized security — the kind that scales with the business instead of slowing it down.


Venables’ perspective is clear and pragmatic: maturing a security program isn’t just about improving control effectiveness — it’s about scaling it. Effectiveness without scale can’t be sustained.


From our perspective, that starts at the data layer. Scalable security must be built into the data itself: portable, persistent, and governed wherever it travels. Protection that depends on infrastructure or location can’t keep pace with how modern organizations operate.


For CISOs, the takeaway is clear: scale isn’t just a technical challenge — it’s an architectural one. The organizations that master it will treat data protection not as an afterthought but as a foundation for agility.


Key takeaways for CISOs and security teams:


  • Build scalable security architecture that aligns with business agility.

  • Integrate AI, automation, and cloud controls as part of resilience.

  • Treat security as a system design challenge, not a tooling challenge.


Strategic Cyber Investments in the AI Age: Harnessing Organizational Agility, Architecture, Posture, and Risk Management


Shenny Sheth, SVP & Chief Digital Innovation Officer, University of Houston


Budgets are tightening, threats are multiplying, and AI risk management is redefining what “strategic” means in cybersecurity. In this session, Shenny Sheth explores how leaders can turn that tension into forward momentum — leveraging agility, architecture, and posture as levers for smarter investment.


Sheth’s approach is both technical and tactical: cybersecurity can’t sit apart from business transformation anymore — it is business transformation. By grounding investments in the organization’s real risk appetite, architecture maturity, and readiness for change, CISOs can move beyond reactive spend and build programs that deliver measurable business value.


From our perspective, this marks the next phase of maturity. True agility depends on visibility — knowing not just where your data lives, but how it’s protected, classified, and shared as AI reshapes workflows. Smart cyber investments start with that foundation: governance and control that persist wherever information moves.


For CISOs, the takeaway is strategic clarity. The future isn’t about spending more; it’s about investing where protection, posture, and agility converge — at the data layer, where risk and resilience meet.


Key takeaways for CISOs and security teams:

  • Connect cyber strategy to enterprise agility and measurable ROI.

  • Use visibility and classification as the foundation for smart investments.

  • Align architecture maturity with AI governance and business growth.



The Great Leak: Safeguarding Data and Thriving in the Age of Generative AI


Timothy Rohrbaugh, Founder, RadicalNotion.AI


AI is rewriting the playbook, and not always for the better. Timothy Rohrbaugh calls this moment “The Great Leak”, and he’s right. As enterprises rush to operationalize GenAI, they’re also exposing sensitive data at unprecedented scale — often without realizing it.


This session gets to the question every security leader is now asking: how do you innovate without handing over your IP, PII, or privileged data to third-party models? Rohrbaugh offers a pragmatic roadmap, from deploying private AI infrastructure to evaluating open-weight models and implementing hybrid governance strategies that align innovation with control.


The framing is spot on: it’s not about blocking AI; it’s about governing it. Protecting data isn’t a constraint on innovation — it’s the precondition for it.


From our perspective, that means shifting the focus from perimeter to persistence. The real challenge isn’t training AI securely — it’s ensuring that sensitive data stays protected before, during, and after it interacts with any model. Data-layer controls that travel with information are what turn policy into an enforceable reality.


The teams that win in the AI era will be the ones that make governance inseparable from innovation — embedding protection into the data itself, not just the tools around it.


Key takeaways for CISOs and security teams:

  • Understand generative AI security risks and exposure points.

  • Evaluate private and hybrid AI infrastructure for compliance.

  • Implement enforceable data protection that persists across workflows.


We’re Excited to Join the Conversation


Confidencial is proud to sponsor ISC2 Security Congress 2025 — and we’re ready to have these conversations where they matter most: on the exhibit floor, at networking events, and in the hallways between sessions.


These aren’t abstract debates for us. They’re the same challenges our customers face every day — scaling security, governing AI responsibly, and protecting the data that drives it all.


If you’ll be in Nashville, we’d love to connect. Let’s talk about how the next era of cybersecurity starts and scales at the data layer.



Frequently Asked Questions


What is ISC2 Security Congress 2025?

ISC2 Security Congress is a premier global cybersecurity conference that brings together CISOs, practitioners, and thought leaders to discuss topics like AI governance, data protection, and scalable security.


Why should CISOs attend ISC2 Security Congress 2025?

It’s one of the few conferences focused on real-world impact — from AI risk management and cyber resilience to governance and architecture that scales with the business.


How does Confidencial fit into the conversation?

Confidencial helps organizations enforce data governance and protection across AI and cloud environments — enabling security that scales at the data layer.



 
 
 
bottom of page