Spring Cyber Solutions Fest 2026: Exposure Management Track

Thu, May 7, 2026
10:00AM - 3:20PM EDT
English
Jonathan Risto
Solutions Forum

Thank You To Our Sponsors

The SANS Spring Cyber Solutions Fest 2026 Exposure Management Track explores how modern security teams can proactively identify, quantify, and reduce cyber risk across dynamic attack surfaces. As organizations expand into hybrid, multi-cloud, and SaaS-driven environments, traditional vulnerability management is no longer enough. This track brings together experts who are redefining exposure management with continuous visibility, threat-informed prioritization, and streamlined operational workflows that align security outcomes with business impact.

Through case studies, analyst insights, and emerging technology demonstrations, attendees will learn how leading enterprises are maturing their exposure programs—from automated asset discovery and contextual scoring to attack path modeling, ASM, and risk-based remediation. Participants will walk away with actionable strategies for building a unified exposure management approach that reduces noise, accelerates response, and strengthens resilience against modern threat actors.

Who Should Attend

Security leaders and practitioners responsible for vulnerability management, attack surface management, or exposure reduction.
SOC, SecOps, and threat intel teams seeking unified, risk-based prioritization across complex environments.
CISOs and security strategists looking to modernize programs with continuous visibility and measurable exposure-reduction outcomes.

Full Spring Cyber Solutions Fest Track List:

Emerging Technology | May 5
Cloud Security | May 6
Detection and Response | May 6
Exposure Management | May 7
Insider Threat, Malware and Ransomware | May 7

Schedule

Showing 12 of 12

Filter by:

Select day:

Welcome and Opening Remarks

10:00AM - 10:15AM EDT

Virtual

Presented by

Jonathan Risto

Technical Director, Cyber Posture Management Program at Government of Canada

Using AI Agent Teams to Operationalize Exposure Remediation

Now that modern scanning tools are regularly surfacing thousands of exposures, it's actually the coordination required to fix them that has become the biggest bottleneck in risk reduction. In this technical session, Seemplicity Co-Founder and CPO Ravid Circus and Director of Innovation Omer Tal move past the AI hype to demonstrate how agentic AI teams can operationalize the "last mile" of security. Attendees will learn how to: Automated Triage and Aggregation: Use AI agent teams to move beyond static rules, deduplicating and aggregating findings to shrink massive backlogs—such as cutting 250,000 findings down to 3,000 actionable tasks. AI-Driven Remediation Guidance: Deploy agents that provide technical context and specific remediation steps, giving fixers the exact "how-to" and "why" they need to resolve exposures faster in tools like Jira and ServiceNow. Conversational Security Insights: Leverage AI to answer plain-spoken questions about risk, investigate high-risk findings breaching SLAs, and translate complex data into actionable leadership briefs. This session is a technical demonstration of how to transform security from a labor-intensive cost center into a high-velocity engine for measurable risk reduction.

*Sponsored by Seemplicity

10:15AM - 10:55AM EDT

Virtual

Presented by

Ravid Circus

Co-Founder and CTO at Seemplicity

Omer Tal

Director of Innovation, CTO Office at Seemplicity

Demystifying Exposure Management: how invisible combinations of risk leave you exposed

This session delivers a practical blueprint for building an effective Exposure Management program that helps security teams focus on what truly matters. Attendees will learn how to unify visibility across existing security tools to see their environment the way attackers do, as a connected attack surface. Through a real-world breach case study, we’ll demonstrate how attack path analysis exposes hidden relationships between assets, identities, and misconfigurations, revealing the small set of weaknesses that enable major breaches. You’ll walk away with actionable techniques to identify toxic risk combinations, prioritize remediation based on true business impact, isolate critical choke points, and proactively neutralize multiple attack paths by fixing the few controls that matter most.

*Sponsored by Tenable

10:55AM - 11:25AM EDT

Virtual

Presented by

Cameron Killian

Security Engineer at Tenable

Faster to Action: Building CTI Workflows that Accelerate Exposure Mitigation

A lot of CTI teams spend more time collecting intelligence than actioning it. Between monitoring OSINT sources, triaging CVEs, and enriching findings, the operational overhead of intelligence work often delays mitigating exposures. When a new zero-day drops or a critical misconfiguration surfaces, speed matters, and slow workflows result in extended risk windows. This session breaks down how to build CTI workflows tailored to faster action with exposure management. We will cover: Why effective Exposure Management strategy requires CTI plus Vulnerability Management to feed the right information to CTI workflows How intelligence requirements anchor exposure management and keep collection efforts focused Practical approaches to automating OSINT collection, filtering, and enrichment so your team can reallocate their time to analysis The balance between automation and analyst involvement, including where human verification is still needed CTI operations automation and workflow design that connect intelligence directly to remediation, mitigation actions, and risk reduction I will demonstrate a realistic scenario showing how automated OSINT workflows, vulnerability filtering by tech stack, and AI-assisted CTI operations reduce the time from collection to action. Attendees will leave with best practices for CTI workflows that are faster, more automated, and directly tied to exposure detection and mitigation.

*Sponsored by Feedly

11:25AM - 11:55AM EDT

Virtual

Presented by

Josh Darby MacLellan

Staff Threat Intelligence Advisor at Feedly

Break

11:55AM - 12:10PM EDT

Virtual

FortiRecon Threat Exposure Management: From Unknown to Under Control.

The session will explore FortiRecon Threat Exposure Management by Fortinet that focuses on transforming an organization’s attack surface from unknown risks to controlled visibility. As cyber threats increasingly exploit exposed digital assets, misconfigurations, and leaked credentials, traditional security approaches often fail to provide a complete picture of external exposure.

The session highlights how FortiRecon enables continuous discovery of internet-facing and network assets, monitors the deep and dark web for compromised data, and prioritizes risks based on real-world attacker perspectives. By integrating threat intelligence with exposure management, organizations can proactively identify vulnerabilities before adversaries exploit them.

The session will also outline how FortiRecon aligns with Continuous Threat Exposure Management (CTEM) framework, helping security teams shift from reactive defence to proactive risk reduction.

*Sponsored by Fortinet

12:10PM - 12:40PM EDT

Virtual

Presented by

Kapil Gupta

VP, Security Solutions at Fortinet

Context is King: Rethinking Risk Prioritization in Exposure Management with AI-Assisted Decisions

Traditional vulnerability and exposure management programs focus on where risk exists, including asset counts, severity ratings, and exploitability. While these signals are important, they only tell part of the story. To reduce meaningful risk, organizations must also understand why a vulnerability matters by evaluating the context of the asset it affects. For example, two devices with the same known-exploited vulnerability can represent very different levels of risk: a facility’s desktop with no sensitive data versus an executive laptop with confidential information and external connectivity. While technically identical, their real-world impact is not. This challenge becomes even more complex when data attributes are missing or incomplete. Outdated CMDB systems, missing data fields, or incorrectly tagged assets make it harder not only to accurately assess risk severity but also to identify the right owner responsible for remediation. In this session, we will walk through how a context-driven exposure management approach that incorporates AI Agents for Attribute correlation and deduplication brings together asset inventory, risk findings, and business context to produce more accurate and actionable prioritization. In this session, you will learn how to: Combine asset, vulnerability, and business context data into a single view of exposure Identify and resolve duplicate findings across multiple security tools Address missing ownership and asset context that delay remediation Build risk prioritization models that reflect real-world impact Improve remediation focus by working from complete and consistent data.

*Sponsored by Brinqa

12:40PM - 01:10PM EDT

Virtual

Presented by

James Walta

Vice President of Customer Success at Brinqa

After Mythos: Why the Gap Between Finding and Fixing Is the Real Vulnerability

Anthropic's Mythos Preview found thousands of critical vulnerabilities across every major operating system and browser — writing working exploits on the first attempt 83% of the time. The security community responded with emergency briefings and urgent calls to action. But the real crisis isn't AI-powered discovery. It's that over 99% of what Mythos found remains unpatched, exposing a systemic failure in how organizations move from finding a vulnerability to actually fixing it. In this session, we'll walk through what breaks in a vulnerability management program when the volume of weaponizable findings doubles or triples — and why the traditional operating rhythm of 30-day patching cycles, manual triage, and scanner-dependent workflows can't survive the shift. Using a live demo, we'll show a different approach: inferring exposure from the software packages running in your environment instead of waiting on scanner vendors to write new detection signatures, automating risk-based triage that accounts for real environment constraints, and closing the full remediation loop with AI-reasoned action plans, constraint-aware routing, and scanner-verified closure. Attendees will walk away with two things they can apply immediately: a framework for auditing where their program loses time between discovery and remediation, and a concrete look at what "security by exception" — where automation handles the routine 95% and humans focus on the hard 5% — looks like in practice.

*Sponsored by Cogent

01:10PM - 01:40PM EDT

Virtual

Presented by

Vineet Edupuganti

CEO at Cogent

Break

01:40PM - 02:00PM EDT

Virtual

From VM to Agentic Exposure Management: Why the Old Playbook Isn't Working

Attack surfaces are expanding faster than traditional VM workflows can track. AI-driven threats are changing how attackers operate. And even a well-implemented CTEM program relies on too much manual intervention to scale. This session covers the evolution of vulnerability management from VM through RBVM to CTEM, where each approach breaks down in practice, and why agentic exposure management is the logical next step for teams that need to actually close the gap. Domnick Eger, a Sales Engineer and cybersecurity practitioner at Zafran, brings the practitioner perspective on what that transition looks like to keep pace in a world where the window between exposure and exploitation keeps getting shorter.

*Sponsored by Zafran

02:00PM - 02:30PM EDT

Virtual

Presented by

Domnick Eger

Sales Engineer at Zafran

Panel Discussion

Details coming soon

02:30PM - 03:15PM EDT

Virtual

Panelists

Ravid Circus

Co-Founder and CTO at Seemplicity

Closing Remarks

03:15PM - 03:20PM EDT

Virtual

Presented by

Jonathan Risto

Technical Director, Cyber Posture Management Program at Government of Canada

Meet Your Speaker

Jonathan Risto

Technical Director, Cyber Posture Management Program at Government of Canada

With more than 25 years of experience across security, infrastructure, and program leadership, Jonathan brings practical real-world insight to vulnerability management leadership and training.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Spring Cyber Solutions Fest 2026: Exposure Management Track

Share

Thank You To Our Sponsors

Who Should Attend

Full Spring Cyber Solutions Fest Track List: