2025 Dashlane Security Summit: What We Learned from 4 Industry Leaders

At Dashlane, we’re all about protecting people’s digital lives—whether that’s securing passwords and identities or managing critical data. It’s a never-ending journey. Cybersecurity is something that constantly evolves, and that’s why we need to keep learning, adapting, and challenging ourselves to stay ahead of the game.

On April 1st, we hosted our first Security Summit at Dashlane’s New York office, in-person and virtually through a YouTube livestream.

I spoke briefly at the start of the event to welcome our attendees—security professionals from many walks of life—and later on to introduce each of our 4 expert speakers.

The Security Summit was all about tackling the latest challenges in cybersecurity, with a special emphasis on understanding the emerging threats in the digital economy—from shadow AI to stealer logs to cryptocurrency theft.

The event brought together 4 industry leaders to share their insights about building proactive defense strategies.

Our first session was “Shadow AI: The Silent Threat to Credential Security,” presented by Jennifer Gold. Jennifer is the CISO at Risk Aperture and a powerhouse in the cybersecurity world. At the forefront of protecting critical infrastructure, she’s a passionate advocate for collaboration between the private and public sectors to tackle the growing threat landscape.

In her presentation, Jennifer dove into one of the most pressing threats we’re facing: How AI can be weaponized to target credential security. As the CTO of a security company, I strongly believe this isn’t something we can afford to ignore.

Jennifer also shared her philosophy on cybersecurity diligence, saying “[My dad is] going to physical therapy, and he was telling me about how when they have him do 10 reps of a particular exercise, he does 15. And I was thinking about that mindset of always doing a little bit more, those extra reps… There's a need for [cybersecurity professionals] to do all those extra reps, like my dad.”

Here are my 3 takeaways from her presentation:

Next, we heard from Ethan Johnson, Founder at Next Encrypt, who presented “Insights on Protecting Crypto Ops: Why a Couple Advanced Controls Isn’t Enough.” Ethan has a wealth of experience from his deep work in the crypto security space and shared key insights about protecting crypto operations in an increasingly complex threat landscape.

Crypto and blockchain are more out of my comfort zone, so it was interesting to learn how high the stakes are. At the end of the day, protecting crypto requires the same security fundamentals as anything else, so here are my recommendations based on Ethan’s presentation:

Robert Fernandes, the founder and CISO of Salted Hash Security, spoke next, calling his presentation “Stealer Malware Unmasked: OSINT Detection and Proactive Defense.” He addressed how to better identify and defend against stealer log threats using open-source intelligence (OSINT).

Stealer malware is a type of malicious software designed to collect and exfiltrate sensitive information from infected devices. The information stolen by stealer malware is contained in a stealer log. Racoon, Redline, Titan, Aurora, and Vidar are all popular types of stealer malware.

Stealer logs are particularly dangerous, as they may include persistent session cookies, which allow others to connect on your behalf, even bypassing MFA.

Robert shared a summary of a report from flare.io: The organization analyzed over 19 million stealer logs, finding more than 376,000 logs that contained access for business applications (Salesforce, AWS, Okta, Docusign). More than 48,000 logs contained access to Okta.com (SSO). Almost half of these logs contained access to Gmail credentials. Russian Market and VIP Telegram groups were the most common sources of corporate data.

“There’s a saying in the hacker community: ‘I didn’t hack you. I just logged in,’” Robert added.

One of his recommendations is to look into zero-trust architecture, making sure that your organization has strong device management enforcement and systematic patch management. Knowing what’s in your cyber insurance is also critical.

The final talk of the day was “We Need Fewer Heroes: Prioritizing Vulnerabilities Using Observability Data,” presented by Jean-Baptiste Aviat, Staff Engineer for Security Products at Datadog. Jean-Baptiste has been leading the charge on democratizing security with Datadog’s observability platform.

His presentation focused on how you should prioritize vulnerabilities based on the actual risk for your customers and your business. A Datadog report shows that in a sea of vulnerabilities, only 3% are actually critical.

The Common Vulnerability Scoring System (CVSS)—a way to evaluate the severity of vulnerabilities—isn’t enough and should be extended to “CVSS environmental score.” This provides more dimensions and granularity to evaluate the priority of a vulnerability and build a more accurate risk viewpoint using a system’s data.

In a world where we keep finding more vulnerabilities, we need tools and processes to make sure we invest our time and effort in the right place.

Thank you to our speakers for sharing their time and wisdom, and thank you to all our in-person and online participants. I hope you enjoyed our 2025 Security Summit. We look forward to hosting you again in the future.