Traditional incident response restores systems but often leaves the real problem untouched. Modern IFIR must reconstruct what happened, close the identity gaps attackers exploited, and harden Tier 0 to prevent re-entry. Learn what identity-centric IR looks like and how to demand more than “we restored from backup.”

Your security stack is only effective if controls are deployed correctly, configured as intended, and still working as your environment changes. In practice, misconfigurations, underused features, and configuration drift quietly increase exposure, often without triggering alerts or showing up in dashboards.

In this session, Garrett Hamilton, CEO & Co-founder of Reach Security, will walk through how security teams can continuously validate the controls they already own, identify attacker-reachable exposures across identity, endpoint, email, and network layers, and prioritize the specific configuration changes that actually reduce real-world risk. Drawing on real customer examples, he’ll show how teams move beyond one-time assessments and reactive hardening toward ongoing assurance that controls remain aligned with their defensive strategy. 

Attendees will learn how to reduce exposure without adding more tools or headcount, gain confidence that security controls are working as intended, and provide defensible, evidence-based assurance to leadership, while cutting through noise and focusing effort where it matters most.

Human Risk Management is more than training—it’s measurable, manageable risk.

This session explores how organizations identify, quantify, and reduce human-driven security risk using data,  governance, and practical controls that align security strategy with real-world behavior.