Gartner Security & Risk Management Summit 2022 National Harbor: Day 3 Highlights – Gartner | Region & Cash

National Harbor, Maryland, June 9, 2022

We bring you news and highlights from the Gartner Security & Risk Management Summit taking place this week in National Harbor, Maryland. Below is a collection of key announcements and takeaways from the conference. Read the highlights of Day 1 and Day 2 here.

On day three of the conference, we will discuss the multi-generational security workforce, the privacy landscape and best practices for planning security strategies.


Important Announcements

The multi-generational workforce in security

Presented by Lisa Pierce, VP, Consulting, Gartner


Security personnel span many generations: Baby Boomers, Gen Xers, Millennials and Gen Zers. In this session, Lisa Pierce, VP, Advisory, at Gartner, explained how to create an IT and security culture that leverages strengths and addresses weaknesses to uncover opportunities and overcome threats.


The central theses

  • “Generational issues are in the foreground for all managers. The two most important generational issues are an aging workforce and the integration of new generations – these are just as important as finding solutions to enhance talent and finding new employees.”
  • “For the first time in modern history, we have more generations in the workforce than ever before, and managing this multi-generational workforce brings with it a new set of challenges.”
  • Gartner recommends using four methods to ensure generational harmony and resilience.
  • “Security officers should use that MAINTENANCE method – Ccommunicate transparently, Aactively listening Rrelationship first, EEmpathetic engagement – when working with employees, particularly when seeking behavioral change.”
  • Create fair and personal development plans: “This ensures the safety team can work more effectively in a collaborative environment, sharing responsibility for results and building camaraderie and morale.”
  • Create reverse mentoring programs: “Each generation contributes to the professional growth of the other. This helps bridge the generation gap, effectively integrate a multi-generational workforce, and better utilize the skills of each generation.”
  • Set reasonable expectations for new hires and hire all generations: “Write job descriptions with what is really needed for that position at the time. Keep in mind that key motivators may vary by generation.”
  • “Most cybersecurity professionals believe that a combination of mentorship, targeted career planning, and technical education can help them get ahead.”


Outlook for data protection, 2022-2023

Presented by Bernard Woo, Senior Director Analyst, Gartner


Security personnel span many generations: Baby Boomers, Gen Xers, Millennials and Gen Zers. In this session, Lisa Pierce, VP, Advisory, at Gartner, explained how to create an IT and security culture that leverages strengths and addresses weaknesses to uncover opportunities and overcome threats.


The central theses

  • “The landscape of data protection regulations is becoming more and more complicated, and in the face of this pressure, companies cannot afford to simply track compliance with checklists. They need to evolve and become efficient and effective.”
  • “With an average budget of $2.2 million, the privacy bureau probably won’t be able to afford much, so privacy officers need to be selective and bring other lines of business on board.”
  • “Identify the key people driving your privacy program, then identify the top priorities for those stakeholders over the next two to three years and see if you can find a skill or skills that align with those initiatives.”
  • “Like a timer or some kind of fitness tracker, Privacy Controls are data-centric tools that provide insights and control at the data level, such as B. Automated data discovery and mapping tools.”
  • “Sometimes called privacy platforms, Privacy Management Tools and intended to be the central repository for your compliance-related documentation. These tools can assist in conducting risk assessments, documenting records of processing activities, or generating reports on the privacy program.”
  • Privacy user experience consists of a set of functions that present and manage notices and policy statements, record customer consent and preferences, and process submitted data subject rights requests.”


Best practices for security strategy planning

Presented by Tom Scholtz, Distinguished VP Analyst, Gartner


Consistent, practical strategic planning is essential for security and risk management leaders to establish and support the credibility of their security programs. In this session, Tom Scholtz, Distinguished VP Analyst at Gartner, shares best practices for planning security strategies and communicating the strategy with stakeholders.


The central theses

  • “A working security program is the key to finding that elusive balance between protection and productivity.”
  • “Organizations often struggle to implement a continuously improving information security program that effectively deals with increasing volatility in business, technology, and threat environments. This exposes the company to an unsustainable risk of security incidents.”
  • “A prerequisite for gaining business endorsement for the security program is a clear vision that reflects the business, technology and environmental drivers unique to the company.”
  • “When communicating with the executive, create a one-page document that highlights the key components of the security strategy: the mission statement, the risks taken, and the plan to address them.”
  • “Adequate decision rights, adaptive governance, rapid risk assessment, dynamic planning, adaptive controls, and an agile operating model are key factors that make a security program agile.”
  • “Your strategy must be crystal clear in three elements: where are we, where are we going and how are we going to get there?”


Thank you for attending the Gartner Security & Risk Management Summit 2022 National Harbor. We hope to see you again next year!


Leave a Comment