top of page

[Gartner SRM Summit 2025] Opening Keynote

Jun 9-11, 2025 | National Harbor, MD


  • Speakers

    • Leigh McMullen (Gartner Distinguished VP Analyst)

    • Katell Thielemann (Gartner Distinguished VP Analyst)


  • Opening Keynote Topic

    • Harness the Hype : Turning Disruption into Cybersecurity Opportunity


Leigh McMullen & Katell Thielemann at Gartner Security & Risk Management Summit 2025
Leigh McMullen & Katell Thielemann at Gartner Security & Risk Management Summit 2025

In today’s era of rapid change and uncertainty, CISOs and security leaders must find new ways to manage cybersecurity. As of 2025, we face unprecedented global shifts that themselves can create instability and unintended consequences for our industry. To turn that disruption into an advantage, the opening keynote offered three guiding principles.



  • Mission Aligned - Align cybersecurity efforts with organizational goals through transparency. We must adopt both Protection-Level Agreements PLA and Outcome-Driven Metrics ODM. A PLA sets a formal agreement on budget needed to achieve the desired level of protection. An ODM measures security outcomes that directly tie to business goals rather than relying on traditional KPIs or SLAs. In uncertain times, using both PLA and ODM together lets organizations evaluate security investments by balancing cost and benefit and strengthen their overall protection. For example rather than calculating only the ROI of a ransomware prevention tool we should analyse its true impact on security posture and operations data to achieve a transparent cost-benefit trade-off and improve cybersecurity resilience.



  • Innovation Ready - Embrace the role of artificial intelligence and develop AI skills. Experiment with AI security tools and protect investments in AI. Although AI often attracts hype we cannot ignore its potential. Cybersecurity teams must begin finding real value in generative AI and AI agents. Successful use cases in the past two years include code analysis threat hunting and modelling user and system behaviour automated vulnerability fixes and policy chatbots. During the summit many sessions benchmarked AI application models suited for each organization’s security needs. We should consider productivity security employee satisfaction and financial impact together. Rather than banning shadow AI tools outright we need flexible policies that identify track and jointly evaluate unapproved AI tools so that employees use only those that meet business requirements and risk criteria. Cybersecurity must both protect AI investments and defend against AI driven threats.



  • Change Agile - Discuss change management strategies to prevent burnout on security teams. Create certainty empower staff and use AI to automate repetitive tasks. In 2025 every field faces unprecedented change that can cause change fatigue and burnout among cybersecurity professionals. Burnout directly increases the risk of security breaches. Unexpected change brings uncertainty that leads to burnout or turnover intentions. Frequent change also makes it hard for employees to feel ownership over their work. And repetitive tasks themselves are a major source of fatigue. Security leaders must anticipate potential sources of resistance and maintain trust through transparent regular communication. They should grant tactical autonomy so team members feel empowered and connected to the organization’s mission. Rather than enforce a top-down culture we should crowdsource change ideas in an open environment and encourage honest feedback on the impact of change. We should also deploy AI proactively to relieve staff from mundane tasks.



Summary

The keynote emphasized that the wave of hype driven by AI geopolitical tensions and technological innovation is not merely a threat but a strategic opportunity. CISOs and security leaders must balance excessive expectations and fears manage security investments with clear justification strengthen stakeholder trust and enhance strategic leadership. The core message is “In the midst of disruption choose direction and use technology and risk as tools.”

Hype is not optional it is our environment and only those who turn it into opportunity will be true security leadersTechnology is not simply a problem solver our attitude and expectations toward technology unlock the solutionSecurity is no longer a cost center but a business asset that designs resilience and trust


Author - Paul Kwon, CEO | PAGO Networks

bottom of page