Close
Blog February 3, 2026

Odyssey 2026 Recap: Building Continuous Supply Chain Resilience in an Era of Persistent Threats

SecurityScorecard’s third annual Odyssey customer conference brought together nearly 300 CISOs, security operations leaders, and third-party risk management professionals in Miami on January 26-27. Despite East Coast snowstorms that grounded flights and forced last-minute rerouting, our customers from around the globe made the trip. Thank you! 

The commitment reflected what makes SecurityScorecard’s Odyssey valuable to security leaders: direct access to experts tracking active threats, candid discussions with peers managing complex vendor portfolios, and clarity on where both the supply chain threat landscape and the market are headed. As vendor ecosystems expand and nation-state actors increasingly target suppliers as entry points to downstream organizations, security teams need more than compliance frameworks. They need forums where they can test their approaches against current conditions and learn from practitioners solving similar problems.

That’s exactly what Odyssey delivered.

Keynote Speakers

FC (FreakyClown): The Human Element of Security

FC, also known as FreakyClown, opened the conference with insights from over 25 years of breaking into banks, government buildings, and Fortune 500 companies, all with permission. The world-renowned ethical hacker and co-founder of Cygenta joined virtually after travel disruptions, delivering real-world stories and live demonstrations that exposed how physical and cyber vulnerabilities often come down to the human element. 

Chris Krebs on Nation-State Supply Chain Threats

Former CISA Director Chris Krebs followed up Thursday with a direct assessment of escalating nation-state and supply chain cyber threats. His message emphasized the need for tighter public-private coordination and a more proactive, front-line defense posture across organizations as supply chain attacks continue to increase in sophistication and scale.

 

Some of the Many Highlights

National Security Panel: Former Government Leaders on Digital Resilience

A national security panel brought together former senior government leaders and cyber policy experts for candid insights on digital resilience. The panel included Ray Mabus, Former U.S. Secretary of the Navy; Bryan Ware, Former Cybersecurity Defense Lead, U.S. Government; John Katko, Former U.S. Representative; Rob Knake, Principal at Orkestrel; and Michael Centrella, Head of Public Policy at SecurityScorecard and Former U.S. Secret Service. The discussion addressed how supply chain vulnerabilities intersect with national security concerns and what effective coordination between sectors requires in practice.

Google’s Kat Fitzgerald: Moving Beyond Static Risk Scores

Kat Fitzgerald from Google delivered one of the conference’s most referenced sessions on why security risk is about real-world capability, not just scores or checkbox compliance. She made the case that strong third-party risk management means using scorecards as a starting point, then applying human judgment and continuous monitoring to confirm vendors truly have the people and capability to deliver on their security commitments over time.

Breakout Sessions Focused on Operational Challenges

The conference agenda reflected issues security teams are navigating now. Sessions included:

  • Beyond the Perimeter: LapDogs Orb Network Research with Actionable IntelligenceResearch findings on adversary infrastructure and network activity
  • The (Nation) State of Cyber Security – Analysis of nation-state threat activity and geopolitical cyber risk
  • The Future of TPRM is Here – Emerging approaches to third-party risk management programs
  • From Context to Control: Mastering Supply Chain Vulnerabilities with Threat Intelligence – Applying threat intelligence to supply chain security decisions
  • The Shift from Compliance to True Risk Monitoring – Moving beyond checkbox compliance to continuous risk assessment
  • Strengthening Third-Party Compliance with AI and Automation – Using automation to scale third-party oversight programs
  • The Predictive Edge: How AI Identifies, Prioritizes, and Prevents Risk Gaps – Machine learning applications for risk prioritization
  • MAX – Risky Business: The Art of Measuring What Actually Matters – SecurityScorecard’s managed detection and response service
  • The New Battlefield: How Cyber Threats Are Rewriting the Rules of Engagement – Evolution of attack patterns and defensive strategies
  • Workshop: Scaling Your TPRM Program – Practical frameworks for growing third-party risk programs

 

A Very Special Thank You To Our Esteemed Speakers

  • Damian Apone, Global Director GRC, Genuine Parts Company
  • Frank Aiello, CISO, Maximus
  • Mea Clift, Senior Advisor Cyber Risk Engineering, Liberty Mutual Insurance
  • Mark Dunkerley, CISO & VP IT, Coca-Cola Bottlers Sales and Services
  • Eric Elliott, Senior Manager, SCM Supplier Cybersecurity, Nissan Motor Corporation
  • Luke Fardell, Cyber Security Specialist, Tokio Marine Kiln
  • FC (FreakyClown), Ethical Hacker, Author & CISO, Cygenta
  • Kat Fitzgerald, Staff Security Engineer, Google
  • Craig Guiliano, Senior VP, Head of Threat Intelligence and Policyholder Services, Chubb
  • Koty Henry, Cybersecurity Policy Advisor, NAIC
  • Liz Hohe, Principal Architect – IT, United Airlines
  • Ikenna Iloabuchi, Cybersecurity Leader – TPRM, Truist
  • John Katko, Former U.S. Representative
  • Peter Keenan, CISO, Lazard
  • Rob Knake, Principal, Orkestrel
  • Chris Krebs, Former Director, CISA
  • Robert Knoblauch, Former CISO, Element Fleet Management
  • Ray Mabus, Former U.S. Secretary of the Navy
  • Matthew Moog, Principal, Risk Managed Services, EY
  • Hitesh Patel, Global IT Risk, RBC
  • Claudia Piccirilli, Senior Director, Global FINEX Data Science & Analytics, WTW
  • Dan Seltzer, Senior Director, Information Security GRC, Select Medical
  • Lee Stauss, VP Cyber Risk Engineering, Sompo International
  • Allan Vogel, Cyber Security Consulting Leader, Aon
  • Bryan Ware, Founder & Former Cybersecurity Defense Lead, U.S. Government
  • Matthew Webb, AVP Cyber Risk Management, HCA Healthcare
  • Dominick Zangaro, Senior Loss Control Specialist, Great American Insurance Group

And a Special Thank You to Our SecurityScorecard Subject Matter Experts

  • Aleksandr Yampolskiy, Co-Founder and CEO
  • Sam Kassoumeh, Co-Founder
  • Adam Bixler, Chief Product Officer
  • Peter Jantzen, Chief Revenue Officer
  • Steve Cobb, CISO
  • Anna Balotsky, Intelligence Consultant
  • Amar Chahal, General Manager, Assessments
  • Michael Centrella, Head of Public Policy
  • Ann Fucigna, Principal Product Manager
  • Anne Griffin, Founder & Principal AI Product Consultant
  • Corian Kennedy, Threat Insights & Attribution
  • Hassan Mahmoud, Technical Account Manager
  • Dr. Alex Schwarm, Head of Data Science and AI
  • Aaron Wright, VP, Solutions

Exclusive First Look. SecurityScorecard’s Vision for Real-Time Supply Chain Defense

One of the most anticipated moments at Odyssey was SecurityScorecard’s roadmap presentation. Our team shared what’s being built to address a problem customers know intimately: 90% of companies rely on software and services from roughly 150 third-party providers. When that many organizations depend on the same platforms, a single breach doesn’t stay isolated. Shared dependencies become shared failures.

The roadmap tackles that reality head-on. Attendees got an exclusive preview of upcoming capabilities designed to deliver what our CEO emphasized throughout the conference: automation, context, and speed. Not more tools. Not more reports. But threat-informed TPRM that connects real-world threat intelligence with continuous monitoring and smart automation so security teams can focus where it actually matters

The response was immediate. Multiple CISOs approached the team afterward to discuss early access and integration planning. Several asked pointed questions about timing, deployment models, and how the new capabilities would integrate with existing security operations. The roadmap validated what the conference had reinforced: security teams need solutions that move at the speed of supply chain threats, not at the pace of annual assessment cycles.

While full details will be announced at the RSA Conference in April, Odyssey attendees walked away with a clear picture of where SecurityScorecard is headed. The shift from periodic vendor reviews to continuous supply chain security operations is here.

Beyond the Sessions: Where the Real Work Happened

Odyssey balanced intensive technical sessions with environments designed for the conversations that don’t happen in conference rooms. The Havana Nights Welcome Reception and Vintage Vegas-themed casino night allowed  CISOs to compare notes on board reporting and for customers to give partners unfiltered feedback on what’s working and what’s noise. It gave room for security leaders from different industries to discover they were solving identical problems with different vocabularies.

The Solutions Showcase reflected that same collaborative spirit. Partners including AWS, EY, Carahsoft, Supply Wisdom, GRIP, Cytactic, and Crowe engaged customers on shared challenges rather than product pitches. The conversations focused on the reality many organizations face: managing complex supply chain environments with limited resources while threat actors move faster and boards ask harder questions.

The Shift Is Happening Now

Odyssey 2026 confirmed what many security leaders already suspected. The move from annual vendor assessments to continuous monitoring is here. Boards are asking more sophisticated questions about supplier risk. Cyber insurance carriers are requiring evidence of ongoing vendor oversight, not periodic reviews. The gap between compliance frameworks and operational reality keeps widening.

Attendees left with practical frameworks they can apply immediately, connections with peers facing similar challenges, and clarity on how SecurityScorecard is evolving to support continuous supply chain security operations. The momentum from Odyssey continues well beyond Miami and we are already looking forward to meeting with all our customers again in 2027.

For more information on how SecurityScorecard helps organizations move from periodic vendor assessments to continuous supply chain security operations, with the automation, context, and speed that modern threats demand, visit securityscorecard.com.