Inside the Minds of Chicago’s Cybersecurity Leaders: 18 Expert Takeaways

At our recent Sagetap CISO & Cybersecurity Leadership Dinner in Chicago, the room was filled with sharp perspectives, bold claims, and practical strategies, from the emerging security challenges introduced by AI adoption, to proven strategies for managing machine identity sprawl, to new solutions coming to market that actually make a difference. AI’s expanding role in threat detection — especially in the SOC — was a particularly active topic of discussion.

The night began with opening remarks from Erik Hart, CISO at Cushman & Wakefield, who shared how his team has used Sagetap to discover and adopt best-in-class vendors — including one most recently that now powers their enterprise AI platform. Here’s what surfaced during a night of real conversations among those who live and breathe cybersecurity.

Want to keep learning? Sagetap helps you discover relevant, high-quality vendors based on your specific needs — with insights grounded in real feedback from verified enterprise buyers. Sign up now to make faster, smarter software decisions backed by firsthand experience.
‍

‍

How CISOs Are Responding to AI-Driven Threats

• Deploy behavior-based detection in the SOC: Security teams are increasingly layering machine learning into their SOCs to flag unusual activity. When behavior drifts from normal patterns, automated alerts or blocks can be triggered. CISOs expressed strong interest in vendor tools that apply AI effectively within SOC workflows to enable real-time response.
• Establish formal governance for internal AI use: Several companies have formed cross-functional AI oversight committees to assess risk, enforce compliance, and set clear boundaries around how AI is used in both internal tools and external products.
• Apply dynamic controls to manage insider threats: From role-based access revocation to proactive encryption policies, many CISOs are building lightweight, automated protections around high-risk users, especially during offboarding.
• Focus on foundational controls, even as AI threats evolve: While CISOs discussed AI-enabled detection and SOC automation, several emphasized that effective security still starts with basic processes, user education, and enabling teams to make informed decisions.

How Security Leaders Can Manage Machine Identity Sprawl

• Maintain a continuous process for discovering and tracking machine identities: From embedded credentials in GitHub to unmanaged service accounts, some leaders said they’re still uncovering hidden identities they didn’t know existed.
• Accept that 100% visibility isn’t realistic: Even top-performing teams admitted they fall short of full coverage. One leader shared, “I’ve never gotten past 95% — and that took years.”
• Prioritize protection of crown-jewel systems: Given limited resources, many organizations are doubling down on high-value assets first rather than chasing every low-risk credential or container.
• Build a culture that supports continuous discovery: The companies making the most progress treat machine identity management as an ongoing process (rather than a one-time inventory) with strong internal ownership and risk-informed decision-making.

Top Security Vendors Featured at the Chicago Dinner

The following vendors sponsored the Chicago CISO & Cybersecurity Leadership Dinner and were also part of the night’s conversation. Each offers a solution that addresses challenges directly raised by attendees.

Strengthen user-focused security with autonomous risk reduction: Amplifier Security helps teams proactively flag risky user behavior and reduce exposure before it escalates. This kind of early detection fits into broader efforts to minimize human error and strengthen the security culture across the business.

Close the gap on identity blind spots: Cerby secures unmanaged and disconnected apps that traditional IAM systems often miss. In a room full of CISOs grappling with machine identity sprawl, tools that improve visibility and ownership across non-human identities stood out.

Speed up container security with instant remediation: Root identifies and remediates container vulnerabilities in minutes — a critical capability as teams struggle with zombie workloads and misconfigured images that often go unnoticed in sprawling cloud environments.

‍

Other Vendors Chicago CISOs Are Talking About in 2025

In addition to the sponsors, several other vendors were brought up organically during the evening as standout solutions worth watching. Many of them reflect a growing shift toward AI-powered detection, automation, and response — whether in the SOC, in the cloud, or at the user layer.

• Power internal AI initiatives with no-code orchestration: Unframe helps large enterprises build and automate AI workflows without engineering support. One attendee found Unframe on Sagetap and is now partnering with the company on a multi-year initiative.
• Detect deepfake voice fraud during live calls: Pindrop uses AI to analyze and detect synthetic voices in real time, flagging potential deepfakes during sensitive calls. One dinner guest described how it integrates with platforms like Teams to assign a risk score based on voice analysis — an increasingly relevant defense as impersonation attacks grow more convincing.
• Tailor security awareness to real user behavior: Hoxhunt reimagines security training by customizing simulations based on observed risk signals. Instead of relying on generic phishing tests, it targets actual vulnerabilities in behavior and response patterns.
• Accelerate threat response with built-in guidance: ShieldX Security helps security teams move from detection to action by embedding AI that suggests next steps after identifying threats. Chicago security leaders appreciated how the platform simplifies decision-making and speeds up triage, especially for teams dealing with alert fatigue or limited staffing.
• Reduce executive exposure online: VanishID helps eliminate executives’ personal data from public sources — a growing necessity as attackers increasingly leverage OSINT to target high-level personnel through social engineering and impersonation tactics.
• Enhance cloud workload visibility at runtime: Upwind Security received multiple shoutouts for delivering real-time, runtime-level cloud visibility. Leaders described it as a more agile and affordable alternative to incumbent solutions, especially in post-acquisition market conditions.

How Cushman & Wakefield Uses Sagetap

CISO Erik Hart shared with the group how Sagetap has become a key part of Cushman & Wakefield’s vendor discovery workflow — helping his team move faster and more efficiently than through traditional channels.

Rather than relying solely on cold outreach or long vendor review cycles, Hart uses Sagetap to post specific problems and match with relevant solutions. One recent example:

“I met them on Wednesday, Friday I introduced them to my deputy CISO, Tuesday they met with our offshore team, and we were doing a POC with them pretty much the following week.”

That kind of speed has led to real outcomes. Over the past year, Cushman & Wakefield has adopted four vendors through Sagetap — some solving immediate security challenges, and others driving broader business impact.

“When I introduced [a Sagetap vendor] to our head of innovation, they loved it so much it’s now our AI platform. We’ve done multi-year deals with them — and it started on Sagetap.”

For Hart, the real value lies in how Sagetap creates room for genuine exploration without pressure.

“You can have authentic conversations with [vendors], and if it’s not a fit, you go on your way. There’s no email follow-up.”

Bottom Line

The most valuable security insights often come from peer conversation. At our Chicago dinner, leaders opened up about what’s working, what’s breaking, and where the future of enterprise security is headed — including how AI is beginning to reshape core SOC practices and drive more dynamic, real-time defense strategies.

Want access to this kind of real-world intelligence year-round? Join Sagetap and discover how technology leaders are navigating the vendor landscape with speed, clarity, and peer-backed confidence.