From Zero Trust wins to GenAI risk strategy, here are our seven can’t-miss sessions for identity-first security leaders heading to Gartner SRM 2025.
An amazing thing about the 2025 Gartner Security & Risk Management Summit (Gartner SRM) conference is the “Spotlight Track” for Identity and Access Management (IAM). It clearly shows how IAM is now front and center in cybersecurity.
Gartner SRM offers no shortage of insights, but for security leaders focused on modern, identity-first architecture, and meeting the challenges of securing AI, some sessions deserve special attention.
With this in mind, below are seven standout sessions that I’m most excited about:
While everyone agrees zero-trust is the way to organize defenses, in reality it can be a daunting vision to realize. I liked that this talk focuses on the “quick wins”, because it’s important to show rapid results while building out the zero trust strategy.
CISOs must recognize this transition of IAM from the back office to being the cornerstone of any modern cybersecurity strategy. Managing IAM is different from conventional network defense thinking, so I’m encouraged that this talk focuses on how CISOs must leverage IAM.
Employees are starting to use Gen AI, often in defiance of stated policy. Many CISOs are grappling with this opening of the floodgates and defining a security strategy for it. I am intrigued about what the 6 risks are and how to stay on top of it.
Following the same theme, I would like to learn about the tactics that Gartner is seeing succeed across their customer base in harnessing and securely scaling Gen AI.
IAM is becoming more decentralized and complex, with stakeholders across the business playing a role. It’ll be great to hear Akif Khan provide a forward-looking perspective on how organizations are adapting, and what it means for those modernizing identity infrastructure.
Security architecture is only as effective as its connection to the business strategy. I’m curious to hear about how practitioners and decision makers can map business objectives into your access and control frameworks. This line of thought is critical for those advocating for just-in-time or risk-based access models.
Many organizations already have the tools they need but not the tuning. This session will delve into how to refine and optimize security controls to reduce exposure without increasing complexity.
For security leaders aiming to replace static entitlements with just-in-time access, reduce privilege without blocking productivity, and design architectures that support continuous change, these sessions deliver both strategy and execution guidance. Since every CISO is faced with the challenge of securing Generative AI usage within their enterprise, the GenAI sessions will provide a great starting point.
All this reflects a shift in the security conversation, from tool sprawl and reactive policies to intentional, business-aligned programs where access control plays a leading role. If you would like to have a chat while I’m there, feel free to book a meeting with me!
I hope to publish a post-summit recap of key takeaways and trends worth tracking. Stay tuned!
Want more of the latest identity-first security topics and trends delivered to your inbox? Helpful and insightful content, no fluff.