Attendees can expect 2 1/2 immersive days of discussion and education with world leaders in Identity Management, Security, Privacy, Innovation, and Governance practices.
Overall Conference Schedule
Monday to Wednesday
Nov. 7 – 9
Main Conference Presentations and Panels
Main Conference Details
Monday Nov. 7
Introduction, Conference Keynote. “Securing our Digital Future”
Speaker: Gary Rowe, CEO and Principal Consulting Analyst, TechVision Research
This year’s conference will focus on how enterprises can best balance the opportunities and risks we are encountering as we prepare for the digital future.
The keynote presentation and the focus of Chrysalis 2022 is to support the enterprise journey and be prepared for the tremendous opportunities associated with accelerated digital engagement while managing risk. Achieving business goals while protecting digital assets across your ecosystems (enterprise, partners, customers) is critical.
This requires scale, automation, pervasive security, and an increased emphasis on user experience. The concept of the Digital Enterprise took on a new meaning over the past few years given the impact of the pandemic on work, commerce, and life; and we’ll explore how this impacts our thinking, use of technology, business models and future state architectures with a particular emphasis on security, risk, governance, innovation, and user experience. The practice of Identity and Security has significantly changed and is still evolving, with a premium that’s being placed on flexibility and adaptability.
This session will also describe the overall conference agenda and takeaways organizations should garner from Chrysalis 2022. It will also describe a modern enterprise trends and IT frameworks to consider in building your secure Digital Enterprise.
Digital Success Starts with a Strong Identity Foundation: The Future-state IAM platform
In this session, we’ll examine what the IAM capabilities are, how they fit with current and expected vendor offerings, and offer enterprise recommendations towards establishing the right future-state IAM foundation.
Identity and Access Management (IAM) is evolving from a static, structured environment to one that is more dynamic, inclusive, and flexible. This is critical in support of the Digital Enterprise. There is nothing more important than getting the core IAM foundation/platform right. In this session, we’ll examine what the IAM capabilities are, how they fit with current and expected vendor offerings, and offer enterprise recommendations towards establishing the right future-state IAM foundation.
We’ll evaluate IAM platforms provider offerings against our Future of Identity management premises and assess the challenges enterprises have in executing on an optimal future state vision. We’ll examine vendor and industry offerings and get their perspective on their future state IAM platforms. At a minimum we expect the future state IAM platform to support new objects (customers, partners, services, “things”), increased scale, increased integration, improved user experience (all users; developers, end-users, administrators, partners…), greater flexibility, and the movement of resources to the cloud. Key IAM platform vendors will participate in the discussion sharing their perspective, customer observations, roadmap, and vision of the right IAM platform future state.
Identity Governance (IGA) is Foundational
Speakers: Kevin Kampman, Principal Consulting Analyst and “short-list” IGA vendors with Jackson Shaw, Chief Strategy Officer, Clear Skye, Mike Kiser, Director Strategy/Standards, SailPoint, Paul Mezzera, VP Strategy, Saviynt
This panel session will start with an IGA level-set, describe the enterprise value proposition, the expected IGA future state and key enterprise requirements.
IGA is critical in properly managing, protecting, and building out a successful modern digital enterprise because IGA maps and enforces business policy, security controls, entitlement administration, and consistency in your IAM program. IGA and governance in general are challenged by the “human” part of the process and its interactions with the scale, volatility, complexity, and speed of the modern digital enterprise. This panel session will start with an IGA level-set, and describe the enterprise value proposition, the expected IGA future state, and key enterprise requirements.
While the IAM platform covered in the previous session is all about run-time authorization and authentication, IGA is all about how consistent policy data gets into the underlying infrastructure. IGA is about how we provision and govern access and how we define policies and ensure compliance. IGA, and governance in general, faces a major challenge; it involves people that need to define policies, approve changes and execute them. There are some great products, services, and new approaches to providing a modern IGA foundation. In this session, we’ll have the opportunity to get a fresh perspective on the strategies and future state from key IGA providers and attendees will get to provide their input on this future state.
IAM for Customers, Citizens, Partners, and Things
Speakers: TechVision Research Analyst, Andrew Cameron, Technical Fellow, General Motors, Andrew Nash, Former Managing VP of Consumer Identity at Capital One.
This session will provide a brief level set from TechVision describing the current state, key user challenges and future state expectations and then have key vendors describe their approaches, value proposition and future state plans.
Expanding on the IAM foundation discussion, IAM is a conduit for building lifetime digital customer relationships as its scope and scale expand. Extending IAM from its early support for employees to supporting customers, citizens, partners, relationships and things has both added to the capabilities of foundational IAM platforms and created a new category of IAM called Customer IAM or CIAM. This session will start brief level set from TechVision describing the current state, key user challenges, and future state expectations and then have Andrew Cameron describe how General Motors is leveraging and architecting a CIAM platform as the core element in building a common set of user experiences across all of its customer touch-points. He will discuss the importance of enabling a platform of consumer identity services that are built using industry standards and cloud-based technologies and will highlight how GM addressed some of the key challenges in determining strategies for customer identification, customer interaction, preference management, etc. Andrew Nash will then describe key building blocks and lessons learned as he architected and deployed Customer IAM at Capital One
The Disruptor: Decentralized Identity Systems and Verifiable Credentials
Speakers: Gary Rowe (Moderator), TechVision Research, Lasse Andresen, Founder/CEO, IndyKite, Pamela Dingle, Microsoft, Javed Shah, VP Product Management, 1Kosmos, Patrick Harding, Ping Identity, Milan Patel, IBM, Drummond Reed, Director of Trust Services, Avast
This panel session will describe this new approach, assess industry and vendor offerings and address the prerequisites and timing of this nascent approach.
The ultimate opportunity to scale IAM is to have individuals gain control by establishing and using their own identities and not have to “re-establish” their identity every time they want to establish a trusted connection via the Internet. A decentralized identity system adds a focus on authenticity and how a community can establish trust across the boundaries of any ecosystem. In a decentralized identity future, credentials can be shared between parties with authenticity, security, and privacy guaranteed; or at least, that’s the promise.
This panel session will describe this new approach, assess industry and vendor offerings and address the prerequisites and timing of this nascent approach. We’ll also contrast this model to one in which individuals “rent” IDs for every site they may conduct business with. We’ll look to provide insights to help enterprises better understand what this new environment is, how it benefits the enterprise and when it will be ready for “prime time”. This also sets the stage for our evening event that showcases some of the more exciting offerings in the Decentralized Identity and Verifiable Credentials area.
Identity Legends Panel
Speakers: Doug Simmons, TechVision Research, Lasse Andresen, IndyKite, Andrew Nash, Kevin Kampman, TechVision Research, Patrick Harding, Ping
This session will reflect on what we covered thus far on Day 1 and what we should cover going forward with a discussion about the past, present, and future of Identity by the “legends” of Identity Management.
This session will reflect on what we covered thus far on Day 1 and what we should cover going forward with a discussion about the past, present, and future of Identity by the “legends” of Identity Management. The “legends” are some of the top analysts, thought leaders, consultants, visionaries, and experienced practitioners in this area and will be given an extended session to share their wisdom. These leaders will discuss, debate, address your questions and provide advice to attendees. They will also reflect on what has been discussed during the day. The focus will be on how large organizations architect and develop strategies in Identity Management that support the dynamic needs of the Digital Enterprise. This will include pragmatic advice for the enterprise and the overall industry as to how we might approach lingering challenges and how we might prepare for the expected future. This session will leverage the expertise of both the legends and the audience to better frame the problems and potential solutions for enterprises and the industry. If these problems were easy to solve, we wouldn’t be debating some of the same issues we were discussing 30 years ago. Our “legends” include:
Andrew Nash: Andrew has led some of the most significant IAM programs and efforts to scale Identity systems as the Managing VP of Consumer Identity Services at Capital One, the CEO of Confyrm (acquired by Capital One), the Director of Identity Services at Google and PayPal and a board member at Open ID Foundation, Open Identity eXchange, and the Information Card Foundation.
Patrick Harding: Patrick is actively involved in the standards community and is a former board member of the Information Card Foundation, as well as the Open Identity Exchange. He is a co-inventor of the SCIM standard. From 2005 to 2018, Harding served as Ping’s original Chief Technology Officer and is currently Chief Architect driving Ping’s investments, strategy, and product roadmap.
Kevin Kampman: Over the last 24 years Kevin has established himself as one of the top analysts and consultants while leading the Identity Practice at Burton Group and Gartner. Kevin’s areas of expertise include identity management, security, risk, and privacy issues for cloud, enterprise, business-to-business and consumer-facing environments.
Lasse Andresen: Lasse has been one of the preeminent innovators, leaders, technologists and “big thinkers” in Identity over the past 20+ years. He was the co-founder and former CEO/CTO of ForgeRock and is the founder/CEO of IndyKite focused on building the identity layer for Web 3.0, with products that securely manage human, IoT, and machine identity.
Doug Simmons: Doug has supported over 1000 IAM and Security consulting engagements over the past 30 years as VP Consulting at Burton Group, VP of Identity and Security Consulting at Gartner and Principal Consulting Analyst/Managing Director of Consulting at TechVision Research. Doug has recently authored research reports on IGA, PAM, IAM Reference Architecture and Supply Chain Security.
Building and scaling the next generation IAM foundation via standards, integration, and Industry collaboration
Speakers: TechVision Research Analyst, Wade Ellery, VP of Solution Architects, Radiant Logic; Gerry Gebel, Head of Standards, Strata Identity; Pamela Dingle, Microsoft, Patrick Harding, Ping
This panel session describes the key standards, architectural elements, governance models and integration tools and approaches needed to extend/integrate existing services while transitioning the foundation for the future
We continue to emphasize the criticality of IAM and as a capability that’s so established and critical to the success of the enterprise, there’s a strong hesitancy to change what’s working. But changes are required to make it work across the digital enterprise. These changes need to be made in ways that ensure a smooth and safe transition, and this is where adhering to standards and having the right integration tools can provide the flexibility and inclusiveness required to support the modern digital enterprise. How do we leverage standards to bridge/moderate/facilitate a rapidly changing business environment?
This panel session describes the key standards, architectural elements, governance models, and integration tools and approaches needed to extend/integrate existing services while transitioning to the foundation for the future.
Identity and Zero Trust
Speakers: A TechVision Research Analyst, J Schumacher, IAM Leader, Honda
IAM and security have always been joined at the hip and will continue to be going forward.
We’ll spend a lot of time on Day 2 talking about security, risk, authorization, and authentication, but this session will focus on IAM as a necessary prerequisite for a successful and sustainable Zero Trust program. Jay Schumacher from Honda will provide a pragmatic perspective and describe how Honda views IAM in the context of its overarching Zero Trust program.
Participating Vendors Describing the Evening Event
Speakers: IndyKite, BankID, IBM, Others expected
This session will bring the vendors that are participating in our evening Decentralized Identity and Verifiable Credential event together to describe what they will be demonstrating during the evening event.
Evening Events: TechVision Reception and Spotlight on Decentralized Identity and Verifiable Credentials
TechVision invites attendees to an evening reception overlooking the bay/ocean and an adjacent showcase of vendors providing demos, use cases and information about their programs addressing verifiable credentials and decentralized Identity.
Tuesday Nov. 8
Recap of Identity Day 1, Security/Risk Agenda, Theme for Day 2
We’ll start with a quick summary and highlights of the Day 1 sessions/discussions and a transition to what we can expect on Day 2.
The Day 2 agenda is all about transforming the security capabilities to adapt to the new business requirements of the digital enterprise while maintaining the appropriate risk level. These transformed security capabilities need to be cloud-friendly, flexible, and user-friendly and provide necessary protection against not only the “bad guys” but support the emerging privacy and data protection regulations. Diana Kelley will provide her thought-provoking perspective on Technology, Security, and Risk and describe how we’ll address these key issues during the day.
Security Legends Panel
Speakers: Fred Cohen, Dan Blum, Steve Roberts, Diana Kelley, Nick Nikols
This session will take the “legends” in the Security/Risk area and have them set to tone for the agenda on Day 2.
These leaders will discuss, debate, take questions and provide advice to our attendees. They will also reflect on what has been discussed during the conference that pertains to security and risk management and what they feel should be discussed for the duration of the conference. The focus will be on how large organizations architect and develop strategies that support a “safe” Digital Enterprise as we enter the “Next Normal”.
This session will leverage the expertise of legends and the audience to better frame the problems and potential solutions for enterprises and the industry and help set the tone for the conference on Day 2. These “legends” represent some of the top analysts, thought leaders, consultants, visionaries, and practitioners that have unparalleled knowledge and experience in this area. This panel includes:
- Dan Blum: one of the world’s foremost analysts, consultants, and thought leaders in the security and identity management areas. Dan’s the author of the TechVision Security Reference Architecture, author of an acclaimed book called “Rational Cybersecurity for Business” and former Burton Group and Gartner Research Vice President. Dan will moderate this session.
- Steve Roberts the Chief Information Security Officer at Honda North America with previous technology leadership roles in the security, identity, privacy, digital transformation, and CIO leading/supporting to his current CISO role.
- Fred Cohen: widely considered to be one of the leading security/risk experts in the world. He is best known for defining the term “computer virus” in the early 80s and as the inventor of the most widely used computer virus defense techniques. Fred started the original security practice at Burton Group along with Dan Blum and has built/guided cybersecurity programs and defined security best practices for the past 30 years.
- Diana Kelley: Cybersecurity leader over many decades at Burton Group, Gartner, IBM, Microsoft (most recently Field Cybersecurity CTO), and one of the most sought-after public figures in cybersecurity.
- Nick Nikols: former Burton, Gartner, and TechVision Analyst who has designed security services led product teams, and served as a top analyst and consultant in this space over the past 30 years. Nick is currently the Vice President of Identity Services at Microfocus.
10:15 to 10:45 AM
The New Security Foundation; Start with Zero Trust
Speakers: Sorell Slaymaker and Pete Lindstrom, Principal Consulting Analysts, TechVision Research, Andrew Cameron, Technical Fellow, General Motors
This session will describe this approach and provide food for thought for CIOs, CISOs, architects and LOB leaders as they plan to secure and mitigate risk in this new world.
The speed by which change occurs in enterprises today, the sheer volume of data, the relationships to be managed, the new development models such as DevOps and the diversity of the platforms that need to be appropriately secured require a new way to think about security. This session will describe this approach and provide food for thought for CIOs, CISOs, architects and LOB leaders as they plan to secure and mitigate risk in this new world.
A key premise is that organizational silos and traditional security architectures cannot support the business effectively as enterprises adopt cloud-native platforms. To protect business assets in these environments, organizations must establish new methods, capabilities, and instrumentation. Security controls must be both agile and scalable (much like the identity services we discussed on Day 1), providing new capabilities that match this new environment. These new concepts and approaches will be described in this session. We’ll then have Andrew Cameron, a Technical Fellow and IAM/Security leader at General Motors describe their journey and priorities in Zero Trust.
Reducing Risk: Start with Privileged Users—Developing Your Privileged Access Management (PAM) Program and Strategy
Speakers: Doug Simmons, Principal Consulting Analyst, TechVision Research, Jeff Margolies, Chief Strategy Officer, Saviynt, key “short-list” PAM vendors invited to participate–CyberArk, BeyondTrust, Microsoft, Delinea, One Identity
This session will describe an approach to developing a “least privileged” security model and leveraging increasingly sophisticated PAM products and services.
Most breaches start with compromised credentials. This session will describe an approach to developing a “least privileged” security model and leveraging increasingly sophisticated PAM products and services. PAM is a specialized category of access management that provides increased protection for administrative accounts that are the most highly coveted by bad actors and can generally do the most damage. TechVision will provide a level set that describes key trends and challenges to be addressed in the PAM area and then we’ll get insights into the directions and investments being made by key vendors in this space and include guidance for enterprise security leaders.
Upgrading and Modernizing Authentication; MFA, Password-less and more
Speakers: Doug Simmons, Principal Consulting Analyst, TechVision Research, Ori Eisen, CEO, Trusona, Pam Dingle, Microsoft Additional “short-list” vendors invited to participate include Ping, ForgeRock, and Okta
This session will include a TechVision “level set” and perspectives from selected vendors as to how this landscape will and should change.
We have anticipated the demise of password-centric authentication for decades. TechVision’s position is that a passwordless future is now or at least rapidly approaching. For the reasons we have been discussing for years – device and network ubiquity, reliability, Bring Your Own Device (BYOD) initiatives coupled with the accelerating levels of fraud associated with password-based authentication…we believe the time has arrived to deploy MFA or other means of dynamically authenticating given the risk profile within your enterprise.
MFA is becoming the standard, while password-less authentication, biometrics, and other advances in authentication are being explored in support of the digital enterprise. This session will include a TechVision “level set” and perspectives from selected vendors as to how this landscape will and should change. Virtually every IAM and security vendor is claiming to be password-less or moving in that direction and we’ll explore where this is, how organizations should deploy, and what to expect next.
API and IoT Security
This session will focus on API security, key vulnerabilities and developing enterprise strategies and programs to address these risks.
Scaling the digital enterprise requires new development models built using APIs, readily-available applications, and the ability to move quickly. APIs are key conduits of an efficient and scalable digital enterprise, but also represent significant security risks. This session will focus on API/Application security, key vulnerabilities, and developing enterprise strategies and programs to address these risks. We’ll also get insights about the approaches, strategies, and expected future state from vendors in this space. These new concepts and approaches for securing and managing APIs will be described in this session.
Pragmatic Security and the Evolving Role of AI/ML/Analytics
Speakers: TechVision Research Principal Consulting Analysts, Invited vendors include Microsoft, ForgeRock, SailPoint, Ping, AWS
In this session we will discuss the trends in using Analytics (AI, ML) to manage application delivery, quality, security, and performance in a dynamic DevSecOps / cloud native environment while maintaining a solid user experience.
When we talk about achieving true Zero Trust/Zero Friction security, it is often premised on insights garnered from massive amounts of available data and signals and the ability to make decisions quickly. Virtually every major IAM and security vendor is investing in this space and we’ll describe what it means, the approaches, and how enterprises can best take advantage of AI/ML and expected current results and future trends. Monitoring user behavior, service deployment and failure, error detection, and data access at a real-time scale requires a different strategy than a traditional IT environment and security approaches. It also creates challenges concerning privacy.
Privacy Legends Panel
Speakers: Jill Phillips, Sari Ratican, Ann Cavoukian
Privacy needs to be considered early in the planning cycle (much like security), not after the fact and we have a team of privacy “legends” to discuss how enterprises should be approaching privacy.
As we scale, secure, and manage our next-generation Digital Enterprise we must consider privacy and increasingly complex sets of regulatory controls in our architecture, design, and deployment. Privacy needs to be considered early in the planning cycle (much like security), not after the fact and we have a team of privacy “legends” to discuss how enterprises should be approaching privacy. This includes discussions about key privacy and data protection regulations, Privacy by Design, and developing a “living” privacy program that continues to adapt to new regulations and employee, partner, and customer privacy expectations. We are fortunate to have Jill Phillips, former privacy leader/Chief Privacy Officer (CPO) at General Motors, Dell, Chevron, Ford, and TechVision contributor; Sari Ratican, the long-tenured CPO from Amgen, now a practicing attorney focusing on privacy and Ann Cavoukian, the creator of the concept of Privacy by Design.
Conversations Continue in the Hospitality Suites
Attendees, speakers, and other experts continue the conversations at several hospitality suites hosted by select vendors. Early hospitality suite vendors include Clear Skye and Radiant Logic.
Wednesday Nov. 9
Recap of Days 1, 2/Day 3 Agenda
Speakers: Gary Rowe, Doug Simmons
We’ll start with a quick summary and highlights of the Day 1 and Day 2 sessions/discussions and a transition to what we can expect on Day 3.
The Day 3 agenda is all about leaving attendees with recommendations, tools, and input towards your short-and-long-term planning processes…both tactically and strategically. As organizations accelerate digital programs and we become integrated Digital Enterprises we’ll leave you with recommendations, templates, and tools and summarize this from an Identity, Security, Privacy, Innovation, and Governance perspective.
Changing our Vantage Point; The evolving Decentralized Model/Web3
Speaker: Gary Zimmerman
In this session, Gary Zimmerman describes how technologies such as cloud and edge computing, open-source, API exposure and microservices, Web3, AI/ ML, and service platforms are being leveraged by digital enterprises to increase decision-making and execution capabilities.
A digital enterprise maintains its market advantage through two simple (but not easy) capabilities; decision velocity, and execution speed. In this session, Gary Zimmerman describes how technologies such as cloud and edge computing, open-source, API exposure and microservices, Web3, AI/ ML, and service platforms are being leveraged by digital enterprises to increase decision-making and execution capabilities. He’ll then describe the implications of these technologies on identity, security, and privacy.
Getting Identity Right; Tools, Recommendations and Take Aways
Speakers: Doug Simmons, Gary Rowe, Kevin Kampman and others joining
This session will frame everything associated with IAM including conference content, discussions and questions raised during Chrysalis 2022 and look to net out a set of observations and recommendations for attendees.
We’ll then describe tools, reference architecture models, typical enterprise requirements, and vendor assessments /observations /expectations in the context of our expected IAM future state to support your journey going forward and prepare you to execute when you are back in the office.
Getting Security/Risk Right; Tools, Recommendations and TakeAways
Speakers: Dan Blum, with additional perspectives from Pete Lindstrom, Sorell Slaymaker, and Diana Kelley as needed
This session will frame everything associated with Security/Risk including conference content, discussions and questions raised during Chrysalis 2022 and look to net out a set of observations and recommendations for attendees.
We’ll then describe tools, our reference architecture models, typical enterprise requirements, vendor assessments/observations/expectations in the context of our expected security/risk future state to support your journey going forward and prepare you to execute when you are back in the office. Dan Blum will run through his widely acclaimed multi-cloud Security Reference Architecture that can be used to organize, prioritize, and better plan your security program.
Getting Privacy and Compliance Right; Strategies, Recommendations and Next Steps
Speaker: Jill Phillips
Jill will round out our privacy coverage by framing privacy and data protection in the current regulatory environment
Jill Phillips, as the former Chief Privacy Officer at General Motors, Chevron, Ford, and Dell has been building privacy programs in many cases from scratch for the past 30+ years. She will round out our privacy coverage by framing privacy and data protection in the current regulatory environment and describe how to approach balancing business goals, regulatory controls, and privacy principles as we deal with increased volatility, public distrust, disruption, supply chain shortages, and conflicting goals.
Closing Discussion; Final Observations, Recommendations, Recap of Key Discoveries and Attendee Questions
Speakers: Gary Rowe, Doug Simmons, Dan Blum, Diana Kelley, Gary Zimmerman, Sorell Slaymaker and other invited guests
Key speakers and TechVision Analysts will provide closing thoughts and address lingering questions as we close out the conference. A bag lunch will be provided mid-day as we close the conference.
Registration Is Now Open!
Don't miss this exclusive opportunity to personally interact with some of the best and brightest in Identity and Security.