ASIS GSX 2024 was packed with big ideas and even bigger conversations about the future of security. From the merging of physical and cyber defenses to the tools needed to stay ahead of the curve, this year’s event didn’t disappoint. As always, the devil is in the details, and we’ve distilled some key takeaways — with a twist.
Here’s what’s on the minds of security leaders, and how we’re tackling those challenges head-on.
1. Converged Security: The Dynamic Duo
Gone are the days when you could treat cyber and physical security like two awkward coworkers avoiding eye contact. At GSX, the message was loud and clear: cyber and physical security are more than just roommates; they’re practically inseparable. With technology sprawling across the enterprise, teams are finding that attacks can come from anywhere — whether that’s a breach in your network or a weak spot in your physical infrastructure.
For security leaders, this means one thing: you need to get your teams talking. Breaking down silos and ensuring cyber and physical teams are aligned is critical. And no, that doesn’t mean more meetings — it means building security frameworks where both sides are empowered to act fast and in sync. The surface area of risk is growing, and the days of handling one domain at a time are long gone. Ready or not, convergence is here, and it’s not waiting for us to catch up.
2. Tabletop Exercises: Time for an Upgrade
One theme we heard over and over at GSX is that traditional tabletop exercises are starting to feel like relics from the past. Teams are tired of pouring time, energy, and resources into lengthy scenarios that don’t deliver the actionable insights they need. The appetite for alternatives to costly and static tabletop exercises is growing fast, and it’s easy to see why.
Here’s where Microsimulations come into play. Instead of dedicating a a few hours (or more) to run through a fixed scenario, microsimulations provide the opportunity to engage teams with rapid, dynamic scenarios that reflect real-world challenges. These shorter, more focused sessions allow security teams to stress-test their responses without the logistical headaches. The best part? They’re adaptable. As threats shift, so can the simulations, ensuring your team is always practicing relevant and up-to-date situations.
Teams are already starting to embrace this shift, recognizing that it’s not about doing away with tabletops entirely, but evolving them to meet the speed and complexity of modern threats. Who said learning can’t be both quick AND impactful?
3. Simplifying Response in a World That’s Anything but Simple
Let’s face it, complexity is a security leader’s worst enemy. The bigger and more complex the organization, the harder it is to ensure that everyone knows their role during an incident. One of the most talked-about issues at GSX was the need to simplify incident response — to make sure everyone in the organization knows what to do and when to do it, without creating chaos.
Enter Playbooks. No, not the kind used on the football field, though we like to think of them as just as strategic. The idea here is to build clear, actionable, and tailored Playbooks that break down incident response into digestible, easy-to-follow steps. These aren’t generic, one-size-fits-all solutions; they’re crafted to reflect the specific needs of each organization, ensuring that roles and responsibilities are crystal clear. Whether it’s a ransomware attack or a physical security breach, the playbook guides teams through the process so everyone knows their part.
The magic happens when these Playbooks are integrated into day-to-day operations. Instead of waiting for a crisis to hit, teams can use them to drill regularly, building muscle memory for when it really matters. Complexity may be the new norm, but that doesn’t mean your response has to be. Simplification is key, and Playbooks are helping make it happen.
4. Hurricane Helene: From Talk to Category 4 Reality
Climate change isn’t just melting ice caps and rising sea levels — it’s actively reshaping the threats security teams face. At GSX, climate risks were a key talking point well before the rapid escalation of Hurricane Helene. This storm started as a blip on the radar but intensified into a major threat faster than anyone could have predicted. It’s the perfect example of how climate change is fueling more extreme and unpredictable weather patterns, and security teams are feeling the impact.
For security leaders, the takeaway is clear: climate risks aren’t someone else’s problem. As weather events like Hurricane Helene become more frequent and severe, the role of security must adapt. Critical infrastructure is at risk, and the window of time to respond to these escalating events is shrinking. From safeguarding physical assets to ensuring continuity in the face of environmental disruptions, climate change is now front and center of the security conversation.
The unpredictable nature of these events demands scenario planning and forward-thinking strategies, and that’s where integrating climate risks into your overall security framework becomes essential. We’ve moved well beyond “prepare for the worst” — now it’s about preparing for the unexpected.
5. Geopolitical Wildcards: Simulating for the Unthinkable
Amid a backdrop of a growing number of serious geopolitical tensions and conflicts, it was obvious that these risks are far too unpredictable to rely on a reactive approach. Instead of waiting for the consequences to unfold, scenario thinking with simulations offers a proactive way to get ahead of potential crises. These tools help you model out “what if” scenarios and be ready when disruptions hit, rather than scrambling after the fact.
Microsimulations can help you explore how different geopolitical situations — including military conflicts or large-scale cyberattacks — could impact your organization, third parties, or customers. Simulating these scenarios allows board and executive teams, security leaders, cross-functional teams, third-parties, and other stakeholders to test their response strategies and develop the right connectivity, capability, and context to make good decisions in crisis. In a time where a it’s nearly impossible to read the tea leaves; it’s about being ready for whatever geopolitical shifts come your way.
6. AI and Cyberattacks: The Double-Edged Sword
AI was front and center at GSX, particularly in discussions around cyberattacks. While AI offers incredible advancements in security technology, it’s also empowering attackers with new tools and tactics that are harder to defend against. From AI-powered phishing schemes to autonomous malware that learns and adapts, the threat landscape is evolving at a pace that traditional security measures struggle to keep up with.
For CISOs, this duality presents both an opportunity and a challenge. On the one hand, AI can enhance security by automating threat detection and response, but on the other, it forces teams to rethink their defense strategies. Staying ahead of AI-driven cyber threats means embracing AI as part of your security toolkit, while constantly monitoring how attackers are using the same technology to exploit vulnerabilities. The message from GSX was clear: AI is here to stay, and it’s reshaping the way we think about both security and risk.
GSX: Converged Security in a World of Uncertainty
If there’s one thing GSX drove home this year, it’s that we’re all operating in a world of uncertainty and crisis. From cyberattacks to climate risks, the pressure is on. But the energy around converged security — where cyber and physical defenses work hand-in-hand — was unmistakable. The buzz was fueled by the recognition that we need new, integrated solutions to stay ahead of the threats closing in on all sides.
The old ways aren’t cutting it anymore. Whether it’s ditching outdated tabletops or crafting more resilient responses to complex, rapidly escalating risks, security leaders are ready to embrace the innovations that will help them navigate this new reality. The message from GSX was clear: in a world where crisis is the new normal, it’s time to evolve — and everyone’s on board for the challenge.
So, ready to rethink your security playbook? The tools are here — it’s just a matter of putting them to work.
Author
Paula Fontana
CMO
iluminr
