• Overview
  • Program
  • Sponsors

Enduring Strength

Trust. Transform. Together.

Stay at the forefront of trends and challenges facing the financial sector through our curated and enriched content.

Our thought-provoking and interactive sessions cover relevant topics including fraud, threat intelligence, resiliency, cloud and outsourcing. Build stronger relationships over three days with around 800 thought leaders, executives and members by sharing best practices.

Uniquely designed for the financial sector, the 2019 Americas Fall Summit will provide you with actionable information needed to address evolving threats, develop new strategies and meet changing regulations. 

Interested in sponsoring a speaking session or more during the Summit? Learn more here
Sessions are grouped into tracks. This year's tracks can be found here.

View the current agenda-at-a-glance.
Register Now

Members:

  • Platinum receive 10 complimentary passes
  • Gold receive five complimentary passes
  • Premier receive two complimentary passes

After all complimentary passes are utilized, additional staff may attend at a cost. 
Other membership tiers can attend at a cost.

Justify your trip

Summit Sponsorship

View Sponsor Prospectus or to learn more email sales@fsisac.com

Travel Information

Reserve Your Hotel Room

Marriott Marquis Washington D.C.
FS-ISAC has reserved rooms at a group rate of $279 USD per night (plus tax). Please make sure to reserve your room now as the block will fill quickly and price varies by room type available using the above link. You must utilize the link below to book your room within the FS-ISAC room block. Reservation requests for the FS-ISAC Fall Summit will be accepted through Friday 25 October or until the block is full. Reservations requests received after 25 October are on space, type, and price availability.

Reserve your room today. 

Airports

Ronald Reagan Washington National Airport
Distance: 4 miles
Drive Time: 15-20 minutes 

Dulles International Airport 
Distance: 27 miles 
Drive Time: 45 minutes

Call for Presentations

The Call for Presentations has closed. Submit late presentation proposals here.

Program

Sunday 17 November

4:00 PM

Registration

5:30 PM

Around the World Welcome Reception

Monday 18 November

10:15 AM

Opening Remarks

10:45 AM

Opening Keynote

Brian Krebs - Investigative Reporter

Event Toggle Arrow

BK_Headshot_v2

Brian Krebs is an independent investigative reporter who writes about cybercrime at the award-winning Web site KrebsOnSecurity.com.

Formerly with The Washington Post (1995 to 2009), Krebs is probably best known for breaking stories on high-profile data breaches, including those that hit Target, Home Depot, Michaels and Ashley Madison.

A frequent interviewee and public speaker, Krebs has been profiled by 60 Minutes, The New York Times, Poynter.org and Business Week. Krebs’s book, Spam Nation: The Inside Story of Organized Cybercrime - From Global Epidemic to Your Front Door – is now a New York Times bestseller.

In January 2015, the National Press Foundation announced it was awarding Krebs its Chairman's Citation, an award designed to "recognize individuals whose accomplishments fall outside the traditional categories of excellence." In October 2014, the Association of Certified Fraud Examiners gave Krebs the "Guardian Award," an honor given annually to a journalist "whose determination, perseverance and commitment to the truth have contributed significantly to the fight against fraud."

Krebs graduated in 1994 from George Mason University, where he earned a Bachelor of Arts in International Studies.

 

11:30 AM

Fighting BEC Cybercrime at Scale

Mr. Crane Hassold, Agari

Event Toggle Arrow

Phishing via non-technical social engineering methods such as business email compromise costs businesses $1.2 billion a year. Presenters will cover why phishing is so effective and how cybercriminals have evolved their tactics to exploit organizations' weakest defenses — humans. Attendees will gain insights into the latest research into cybercrime organizations and get an overview of how the industry can thwart emerging phishing threats through collaboration with financial institutions and law enforcement.

12:00 PM

Lunch

1:00 PM

How ERP Risks Are Leaving Your Business Exposed to Fraud

Mr. Jason Fruge, Onapsis, Inc.

Event Toggle Arrow

A recent survey of IT executives of 430 North American organizations found that 70 percent of those companies suffered a breach of their Enterprise Resource Management (ERP) systems in the last two years. Attendees will explore five of the most common vulnerabilities impacting ERP and how they can be exploited to modify financial systems and inform insider trading. The session will also review how cybersecurity professionals can collaborate with IT, application and GRC teams to assess their organization's exposure to those material risks.

1:00 PM

Compliance in Cloud: Paced Migration is Key

Mr. Amandeep Lamba, PwC and Mr. Rinaldi Rampen, Fannie Mae

Event Toggle Arrow

When presented with the benefits of cloud, many companies attempt to transition too quickly and don't fully consider how their migration will impact security, operational risk and compliance requirements. In this session, attendees will explore how to manage risks using a "go slow-to-go fast" strategy that focuses on understanding how migration will affect their security and compliance profile. Presenters will also provide advice on establishing necessary governance and controls before migration take place.

1:00 PM

The Evolution of Authentication

Mr. George Avetisov, HYPR and Mr. Ed Amoroso, TAG

Event Toggle Arrow

As enterprises move to the cloud, the perimeter fades and the attack surface gets larger. Modern tools such as SNIPR and Modlishka have made it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of password-less security have a positive or negative impact? This session explores how the rise of virtual desktop infrastructure has affected workstation login and reviews how the evolution of authentication has impacted enterprises' identity-and-access-management systems.

1:00 PM

Protecting your Riskiest Asset in the Cloud: Office 365

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

Close to 90 percent of breaches include a phishing or pretexting component, with email as a primary vector. Between these threats and business email compromise, many view cloud-based email as too risky. As organizations move their email from on-premises to cloud-based, they must reevaluate security controls. This session will highlight the challenges and solutions Geico discovered to securing the cloud. Attendees will gain a better understanding of the choices available for cloud security such as networking, conditional access, classification, email protection, authentication and encryption within Office 365.

1:00 PM

CyberSaucier: The Automated Army of Cyber Analysts

Mr. Justin Borland, Barclays and Mr. David Heise, Barclays

Event Toggle Arrow

CyberSaucier allows security operations teams to apply complicated de-obfuscation and enrichment routines to arbitrary data sources, en masse. Security operations teams can build on their knowledge by running alert data against hundreds of recipes in near real-time. At Barclays, CyberSaucier is helping triage millions of alerts per week, providing the output of more than 200 cyber-analysts working 24/7. Whether it's WAF logs, IDS alerts, web logs or raw packet data, presenters will share how CyberSaucier can automate enhancement of incidents and alerts, allowing analysts to focus on previously unseen attacks. Attendees will understand how to apply this analysis pipeline to their own data.

1:00 PM

S&P's Journey to Build a Security-First Culture

Mr. Aaron Katz, SP Global and Ms. Megan Kaczanowski, SP Global

Event Toggle Arrow

Security teams often feel they are fighting a losing battle against their users. Developers don’t listen and business leaders just accept risk. It’s not that users don’t care; it’s that they lack context to understand why they should care. This session explores how one corporation was able to take a small presentation about cybersecurity risks and turn it into a security champions program by engaging and empowering developers and business leaders to understand why security is so important. Attendees will leave with actionable tips for implementing similar programs in their own organizations.

1:00 PM

Synthetic Identities: Chasing a Fraudulent Ghost

Mr. Steve Lenderman, ADP

Event Toggle Arrow

Synthetic identities are the biggest threat to the financial sector since identity theft boomed in the 1990s. This session explores the foundation of credit, the regulatory environment and how the current credit bureaus and data aggregators are manipulated to create synthetic identities. Attendees will review the underlying datapoints that build financial identities, data sources that aggregate them and how fraudsters are leveraging this information.

1:00PM

Threat-Driven Network Defense at Scale

Ms. Kimberly Watson, The Johns Hopkins Applied Physics Laboratory

Event Toggle Arrow

In today’s evolving and complex threat landscape, there’s a desire to automate, share and detect and respond to as much as possible ⁠— as fast as possible. Attendees will hear how to do so in a way that increases the effectiveness of operations. Presenters will share lessons learned from experiments aimed at defining ways to share adversary TTPs optimized for network defenders and defensive workflows for TTP investigation and mitigation.

1:00 PM

TLS 1.3: Security Considerations for Larger FIs

Mr. Kiran Tummala, Bank of America

Event Toggle Arrow

In August 2018, the Internet Engineering Task Force published the new Transport Layer Security (TLS) 1.3 protocol standard. The standard includes various security and performance improvements but was criticized outside the industry for possibly creating new security vulnerabilities. This session reviews risks associated with TLS 1.3, such as those surrounding pre-shared keys and zero round trip time resumption, if use-cases are not properly vetted before implementation. Attendees will learn implementation details to consider before enabling TLS 1.3.

2:00 PM

Securing and Governing Azure Workloads

Ms. Lisa Lee, Microsoft

Event Toggle Arrow

How can a business be sure its securely operating workloads in the cloud? Your team may have the skills and maturity, but what sources should you be relying on for your configurations? Attendees will identify valuable resources that can help businesses secure and govern Azure cloud workloads, as well as needed reference documents, such as benchmarks, for secure deployment. Attendees will review blueprints, specifically designed for FFIEC and PCI compliance, to accelerate certification and compliance and create consistent and repeatable environments.

2:00 PM

Rising Digital Platforms and the API Economy

Mr. Joe Diamond, Okta

Event Toggle Arrow

Digital experiences and API-driven innovation is the future of banking and finance. Consumers are demanding the ability to connect to financial service providers through online and mobile channels with anytime, anywhere accessibility. Forward-thinking companies are partnering with non-traditional players to offer new products and services and deploy APIs to build integrated application ecosystems. In this session, attendees will discuss the challenges and implications of shifting toward digital platforms and reaching untapped markets.

2:00 PM

Optimizing Workflow via Fusion of Threat Intel and Incident Response

Ms. Katie Kusjanovic, EclecticIQ

Event Toggle Arrow

In financial services, there are more fusion centers than SOCs. With this matured evolution, the divergent workflows of threat intelligence practitioners and incident response analysts have begun to overlap and converge. The progression of threat intelligence in the fusion center is a primary contributor to the blurring lines. Attendees will dissect an abstracted version of the previous generation threat intelligence and incident-response disciplines and explore how the two workflows can cooperate in the context of a breach.

2:00 PM

Why Sender ID Authentication in the Fight against Phishing

Mr. Alexander Garcia-Tobar, Valimail and Mr. Shaun Khalfan, Fannie Mae

Event Toggle Arrow

Sender identity, or lack thereof, is the key to slipping past current email defenses. According to a March, 2019 study from Barracuda, 83% of all phishing attacks involve brand impersonation — and another 6% were impersonations of trusted individuals, like your CFO. Another report from July 2019, from Great Horn, found that 43% of email attacks were impersonations of people trusted by the recipient, and that this was the most effective type of phishing attack. While most attempts to stop this kind of phishing focus on user training, this approach just winds up blaming the victim. There is a better solution: Validating sender identity. This session reviews how Freddie Mac implemented a cloud-based sender identity solution that does not require exposing any personal information from the contents of email messages.

2:00 PM

Save the Person, Save the Bank

Mr. Scott Alston Bank of America and Mr. Edward Traywick, Bank of America

Event Toggle Arrow

When it comes to insider threats, much attention is focused on reacting to an incident. Save the person, save the bank is a concept designed to benefit not only an organization, but also its employees. In an effort to move toward a more pre-emptive model, the primary emphasis should be on educating the workforce on how to recognize and report signs of employees who may be experiencing significant distress—while protecting the individual’s privacy. Attendees will hear how by taking this proactive approach, the bank is helping to prevent potential malicious acts, mitigate risk and reinforce that it cares about its people.

2:00 PM

Actually Achieving Diversity

Mr. Jonathan Shiflet, PNC Financial Group, Mr. Samuel Strohm, PNC Financial Group, and Ms. Annie Howard, PNC Financial Group

Event Toggle Arrow

Everyone agrees that having a diverse team improves performance, yet many banks struggle with executing on this. PNC’s Security Defense Office more than meets the current industry standard of 20 percent diversity in the workforce and 4 percent diversity in leadership roles. This session reviews how one bank fostered an inclusive culture to attract and retain diverse candidates. By prioritizing curiosity and drive and leveraging core subject matter experts to train new hires, the institution’s security defense office built an industry-leading intelligence unit, a growing security operations center and a mature attack surface management pillar.

2:00 PM

(Repeat) Synthetic Identities: Chasing a Fraudulent Ghost

Mr. Steve Lenderman, ADP

Event Toggle Arrow

Synthetic identities are the biggest threat to the financial sector since identity theft boomed in the 1990s. This session explores the foundation of credit, the regulatory environment and how the current credit bureaus and data aggregators are manipulated to create synthetic identities. Attendees will review the underlying datapoints that build financial identities, data sources that aggregate them and how fraudsters are leveraging this information.

2:00 PM

(Repeat) S&P's Journey to Build a Security-First Culture

Mr. Aaron Katz, SP Global and Ms. Megan Kaczanowski, SP Global

Event Toggle Arrow

Security teams often feel they are fighting a losing battle against their users. Developers don’t listen and business leaders just accept risk. It’s not that users don’t care; it’s that they lack context to understand why they should care. This session explores how one corporation was able to take a small presentation about cybersecurity risks and turn it into a security champions program by engaging and empowering developers and business leaders to understand why security is so important. Attendees will leave with actionable tips for implementing similar programs in their own organizations.

2:45 PM

Networking Break

3:15 PM

Implementing Security Metrics that Matter

Mr. Nik Whitfield, Panaseer

Event Toggle Arrow

Financial institutions must use metrics to understand how assets and controls are measured and reported. Attendees will hear how FIs are implementing continuous controls, including an accountability matrix for business areas and controls to improve metrics, illustrating how to overcome initial politics and disruption tactics. Presenters will also explain the value role-based metrics play in reducing risk and the concepts behind the Security Knowledge Graph and entity-centric risk.

3:15 PM

The SOC Triad: Creating Functional Harmony

Mr. Chris Morales, Vectra and Mr. Jason DePaul, Dun & Bradstreet

Event Toggle Arrow

In music, a triad is a set of three notes (or pitch classes) that can be stacked vertically in thirds to create a “harmonic triad.” In security operations, the SOC triad provides greater visibility into your environment by harmonizing three distinct capabilities – NDR, EDR and SIEM – reducing the likelihood of a bad actor staying hidden for an extended period of time. This session explores how Dun & Bradstreet’s security operations designed a SOC visibility triad to gain visibility across data centers and global office locations, while also integrating that approach into day-to-day operational practices. This discussion delivers practical best practices that offer SOCs increased threat visibility, detection, response, investigation and remediation powers.

3:15 PM

Credential Stuffing…The Enterprise Strikes Back

Mr. Craig Jacobik, E*TRADE and Mr. Jonathan Taylor, E*TRADE

Event Toggle Arrow

Credential stuffing is a persistent and incessant problem, especially for businesses where mandatory multi-factor authentication introduces unacceptable customer friction. An ensemble of analytical models provides an effective way to proactively identify impacted customers before fraud is committed. Some of these models include ARIMA timeseries algorithms and anomaly detection techniques, such as clustering and baselining. Attendees will hear insights on these techniques, their effectiveness and how they can be used to supplement other controls.

3:15 PM

(Repeat) Protecting your Riskiest Asset in the Cloud: Office 365

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

Close to 90 percent of breaches include a phishing or pretexting component, with email as a primary vector. Between these threats and business email compromise, many view cloud-based email as too risky. As organizations move their email from on-premises to cloud-based, they must reevaluate security controls. This session will highlight the challenges and solutions Geico discovered to securing the cloud. Attendees will gain a better understanding of the choices available for cloud security such as networking, conditional access, classification, email protection, authentication and encryption within Office 365.

3:15 PM

Industry vs. Fraudsters: Who’s Winning the Battle for Payments?

Mr. Jim Cunha, Federal Reserve Bank of Boston

Event Toggle Arrow

Synthetic identities are increasingly used to commit payments fraud, yet this type of fraud can be difficult to prevent or detect. Inconsistencies in definitions and detection approaches leave the industry with little capacity to identify and address payments fraud trends on a timely basis. During this session, attendees will hear from Senior Vice President of Treasury and Financial Services, Jim Cunha, on the work being done to better understand and battle this fast-growing threat to the U.S. payment system.

3:15 PM

Successfully Building a TIP

Mr. Jonathan Shiflet, PNC Financial Group, Mr. Adam Perino, Wells Fargo and Mr. Shahan Sudusinghe, JPMC

Event Toggle Arrow

It’s become industry standard for intelligence organizations to acquire or build a Threat Intelligence Platform (TIP). Acquiring a TIP is only half of a complicated, difficult struggle toward automated intelligence operations. This presentation will cover key milestones and the stumbling blocks to avoid to effectively deploy a TIP. Presenters will also discuss choosing the right tool for your environment and organization and getting the TIP to not only ingest, but also produce, actionable intelligence across multiple customers.

3:15 PM

Traveling is Risky Business: Developing a High-Risk Travel Program

Ms. Deborah Janeczek, American Express and Aaron Brown, American Express

Event Toggle Arrow

Cyberthreats increase as organizations grow and do business in high-risk countries. To combat threats, information security and risk personnel need to work with their institution to develop a high-risk travel program. In this session, presenters will share how their company developed its high-risk travel program, including how to determine high-risk countries and educate business travelers, while protecting and monitoring corporate devices.

3:15 PM

(Repeat) TLS 1.3: Security Considerations for Larger FIs

Mr. Kiran Tummala, Bank of America

Event Toggle Arrow

In August 2018, the Internet Engineering Task Force published the new Transport Layer Security (TLS) 1.3 protocol standard. The standard includes various security and performance improvements but was criticized outside the industry for possibly creating new security vulnerabilities. This session reviews risks associated with TLS 1.3, such as those surrounding pre-shared keys and zero round trip time resumption, if use-cases are not properly vetted before implementation. Attendees will learn implementation details to consider before enabling TLS 1.3.

4:15 PM

Silver Showcase: Hardware-Enforced Web Isolation

Mr. James Derbyshire, Garrison Technology

4:15 PM

Silver Showcase: Destructive Malware – Lessons from the Trenches

Mr. Charles DeBeck, IBM

4:15 PM

Silver Showcase: Stopping Malicious Automated Bots with Innovative Strategies

Mr. Shreyans Mehta, Cequence Security

4:15 PM

Silver Showcase: Freezing Financial Fraud: Putting Theft through Email on Ice

Mr. Bhagwat Swaroop, Proofpoint, Inc.

4:15 PM

Silver Showcase: Banks Can Optimize Resources, Reduce Risk with SOAR

Mr. Cody Cornell, Swimlane

4:15 PM

Silver Showcase: Cybersecurity Hygiene Showcase

Mr. Miguel Sian, Cyber Observer

4:15 PM

Silver Showcase: Not Your Average TIP: Meet Scout Threat

Mr. Dan Martin, LookingGlass Cyber Solutions

4:15 PM

Silver Showcase: Client-Side Website Security - A Threat to E-Commerce

Mr. Aanand Krishana, Tala Security

5:15 PM

Reception

7:00 PM

Signature Event Dinner

Tuesday 19 November

7:00 AM

Breakfast

8:00 AM

Opening Remarks

8:15 AM

Threat Hunting at Speed and Scale

Mr. Will Farrell, Booz Allen Hamilton and Mr. Jay Novak, Booz Allen Hamilton

Event Toggle Arrow

Threat hunting is a powerful tool in an intelligence-centric security operations team. However, many teams take an unstructured approach, which takes more effort to find the adversary, than it does for the adversary to change its TTP. By implementing a process around use case creation, capturing and reusing hunt trade craft and focusing on best sources of data, teams can reduce the cost of the hunt team. In this session, attendees will learn how to transform hunt operations by leveraging endpoint detection and response telemetry data and review detailed analysis of vendor-agnostic hunt-use cases.

8:45 AM

3 Musts to Reduce the Infrastructural Attack Surface

Mr. Tom Gillis, VMware

Event Toggle Arrow

The biggest challenge to safeguarding against threats that get past perimeter defenses remains the industry’s hyper-focus on reacting to threats, instead of identifying new ways to shrink the attack surface. IT leaders must make gains in accurately characterizing modern applications and then use that understanding to harden the underlying infrastructure. Attendees will review how defenders can approach perimeter defense more proactively.

9:45 AM

Networking Break

10:00 AM

Hacking Misconceptions: Lessons Learned Building a Penetration Testing Program

Mr. Sean O'Coiligh, DTCC

Event Toggle Arrow

Addressing the initial challenges experienced with the implementation and maturing of a program and its optics, perceptions, metrics, compliance, reporting, driving remediation, collaboration with other teams, dealing with audit, defining and demonstrating value, and defining what "penetration testing" is in our environment.

10:00 AM

Could Hackers Solve the Cybersecurity Skills Shortage?

Mr. Luke Tucker, HackerOne

Event Toggle Arrow

While there are many theories around why there’s a cybersecurity skills gap, there are only a few solutions offered. Attendees will discuss how organizations can fill cybersecurity gaps by looking beyond traditional channels, toward hackers themselves. By the end of 2020, more than 1 million hackers are expected to be registered as part of the self-employed workforce.

10:00 AM

Questions Every CEO Should Ask about Cyber Risks

Mr. Jonathan Halperin, Cybersecurity and Infrastructure Security Agency (DHS)

Event Toggle Arrow

Cyberthreats affect businesses of all sizes and require the attention and involvement of CEOs and other senior leaders. To help companies understand their risks and better prepare for cyberthreats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. Presenters will share best practices from CISA guidance, “Questions Every CEO Should Ask About Cyber Risks,” based on lessons learned from incident response activities and managing cyber-risk.

10:00 AM

Leveraging MITRE's ATT&CK Framework to Transform Cyber Defense

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

MITRE's ATT&CK framework is widely used; however, tangible ways to apply ATT&CK have proven problematic. Presenters will discuss how their organization adopted ATT&CK as its central framework for guiding its threat defense strategy. They will review how Geico leverages ATT&CK to track threat actors, guide security spending, predict the (near) future, save limited resources and measure program efficacy. Beyond simply an overview and organizational structure, attendees will identify implementation issues, current progress and lessons learned.

10:00 AM

Synthetic Identity: Are You Who You Say You Are?

Mr. Kevin Thomsen, Bank of America

Event Toggle Arrow

This session provides attendees with an overview of synthetic identity; a combination of fabricated credentials where the implied identity is not associated with a real person. Presenters will explain how fraudsters are exploiting this gap for financial gain and why synthetic identity is a blind spot for some financial institutions, due to organizational structure. The session will conclude with the latest on what’s being done at the industry-level and a high-level overview of what the banks are doing to mitigate risk.

10:00 AM

The Network Perimeter Protection Tool Known as Jack-a-Mole

Mr. Yu Peng, Intercontinental Exchange and Mr. Paul Braxton, Intercontinental Exchange

Event Toggle Arrow

Since the dawn of internet security, firms have struggled to react effectively to offensive IP addresses. Additionally, the amount of data teams need to proactively block IP addresses has increased exponentially with the maturation of information sharing communities, threat intelligence and ever-increasing IOC ingestion. Presenters will go over the design, implementation and tuning of a behavior and reputation-based network perimeter protection tool called Jack-a-Mole (JAM.) Attendees will hear about the challenges and compromises required for successful execution.

11:00 AM

Building the Bridge between Security and the Business

Ms. Jennifer Gagnon, PNC Bank and Ms. Kathleen Darroch, PNC Bank

Event Toggle Arrow

Security teams are looked at as a cost center, whereas the business side of the bank brings in the money. This session will focus on building relationships between the two. Attendees will review techniques and use-cases that helped PNC break down walls between departments and build partnerships among fraud, cyber and the business. Presenters will also discuss how security teams can actually help the business team engage customers in ways that turn security from a cost center to a revenue generator.

11:00 AM

(Repeat) Questions Every CEO Should Ask about Cyber Risks

Mr. Jonathan Halperin, Cybersecurity and Infrastructure Security Agency (DHS)

Event Toggle Arrow

Cyberthreats affect businesses of all sizes and require the attention and involvement of CEOs and other senior leaders. To help companies understand their risks and better prepare for cyberthreats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. Presenters will share best practices from CISA guidance, “Questions Every CEO Should Ask About Cyber Risks,” based on lessons learned from incident response activities and managing cyber-risk.

11:00 AM

(Repeat) Hacking Misconceptions: Lessons Learned Building a Penetration Testing Program

Mr. Sean O'Coiligh, DTCC

Event Toggle Arrow

Addressing the initial challenges experienced with the implementation and maturing of a program and its optics, perceptions, metrics, compliance, reporting, driving remediation, collaboration with other teams, dealing with audit, defining and demonstrating value, and defining what "penetration testing" is in our environment.

11:00 AM

(Repeat) Leveraging MITRE's ATT&CK Framework to Transform Cyber Defense

Mr. Kenneth Crist, GEICO

Event Toggle Arrow

MITRE's ATT&CK framework is widely used; however, tangible ways to apply ATT&CK have proven problematic. Presenters will discuss how their organization adopted ATT&CK as its central framework for guiding its threat defense strategy. They will review how Geico leverages ATT&CK to track threat actors, guide security spending, predict the (near) future, save limited resources and measure program efficacy. Beyond simply an overview and organizational structure, attendees will identify implementation issues, current progress and lessons learned.

11:45 AM

Innovative Showcase Lunch: Firmware: The Unprotected Attack Surface

Mr. Yuriy Bulygin, Eclypsium

11:45 AM

Innovative Showcase Lunch: Identity: The Key to Modernization and Unlocking Innovation

Mr. Richard Bird, Ping Identity

11:45 AM

Innovative Showcase Lunch: Security Instrumentation Is the Future of All Software

Mr. Jeff Williams, Contrast Security

11:45 AM

Innovative Showcase Lunch: Intercepting the Hack and Controlling Outcomes

Ms. Neill Sciarrone, Trinity Cyber Inc

1:15 PM

Today's Fraud Prevention Requires More Than Mere Bot Mitigation

Mr. Dan Woods, Shape Security

Event Toggle Arrow

Fraud losses from account takeover and imitation attacks are on the rise, as is the security community’s understanding of these threats. Sixty-five percent of all traffic on banks’, credit-card issuers’ and money transmitters’ websites is non-human; but highly motivated and technical attackers are evolving beyond bots. This session will review how aggregators, man-in-the-browser attacks and manual labor are contributing to automation threats in a more costly and effective way.

1:15 PM

Use-Case for Simplifying Cybersecurity Regulatory Compliance

Ms. Nadya Bartol, BCG Platinion, Mr. Josh Magri, Bank Policy Institute - BITS, Ms. Denyette DePierro, American Bankers Association, and Mr. John Goodman, PenFed

Event Toggle Arrow

This session discusses the use-case for how adoption of the Financial Services Cybersecurity Framework Profile can simplify regulatory compliance and reduce costs. This profile is a scalable and extensible framework that financial institutions of all types can use for cyber-risk management, as well as a mechanism to evidence compliance with multiple regulations, including the FFIEC's CAT and HKMA's CRAF. It is based on NIST CSF and is compatible with ISO/IEC 27001 and 27002, and was developed over a two-year period by a coalition of various trade associations and 150 financial institutions. A brief description of the profile will be reviewed in this session, as will plans for its maintenance. Attendees can expect to gain a better understanding of how they can adopt the profile at their institutions to manage multiple regulatory drivers, improve cyber-risk management, and reduce compliance costs.

1:15 PM

(Repeat) Building the Bridge between Security and the Business

Ms. Jennifer Gagnon, PNC Bank and Ms.Kathleen Darroch, PNC Bank

Event Toggle Arrow

Security teams are looked at as a cost center, whereas the business side of the bank brings in the money. This session will focus on building relationships between the two. Attendees will review techniques and use-cases that helped PNC break down walls between departments and build partnerships among fraud, cyber and the business. Presenters will also discuss how security teams can actually help the business team engage customers in ways that turn security from a cost center to a revenue generator.

1:15 PM

Partnering Offense and Defense: A Purple Team’s Journey

Mr. Chris Blow, Liberty Mutual and Mr. Brian Riley, Liberty Mutual

Event Toggle Arrow

Internal red and purple teaming have seen a large uptick in popularity within the past five years. Unfortunately, not all implementations are successful for reasons ranging from budgetary and scope constraints, lack of forward-thinking vision, executive buy-in and structure. In this session, Liberty Mutual Insurance will share its purple team journey and how it’s driven material improvements toward its security program. Attendees will gain knowledge that will assist in creating a successful team of their own.

1:15 PM

Detecting Debit Card Fraud with Hands-On Data Science

Mr. Salil Jain, Aetna and Mr. Heath Henry, Aetna

Event Toggle Arrow

Security vulnerabilities in a merchant or card processor’s payment card network can leave room for threat actors to exploit them. Data breaches are nearly impossible to detect until hackers begin using the cards for fraudulent purchases. This session will review how probabilistic correlation, Jaccard (similarity) index, a measure of similarity for two sets of data, and manual investigation have helped mitigation efforts to protect issuers from fraud.

1:15 PM

How to build a Cyber Counterintelligence (CCI) Program

Mr. Reggie Dickerson, Capital One, Nathan Weilbacher, Capital One, Jason Haile, Capital One and Dan Dye, Capital One

Event Toggle Arrow

On the digital battlefield, cyberdefenders must develop innovative, non-traditional capabilities to enhance standard cybersecurity operations. By incorporating deception into its cybersecurity toolkit, one financial institution is proactively leveraging advanced countermeasures to combat advanced threats. Attendees will hear how to develop and successfully incorporate a cyber counter-intelligence (CCI) program within their environments, gaining insight into lessons learned that can help strengthen existing cybersecurity strategies.

1:15 PM

Making a Cyber Awareness Program Sexy

Mr. Mandouh Csintalan, RenaissanceRe

Event Toggle Arrow

Security often struggles to capture the attention of other departments. But when a security incident occurs, security teams get all of the attention, and oftentimes the blame. This session reviews how security departments can push cyber-awareness programs within their organizations before an incident happens. The financial-services industry is among the most targeted for sophisticated cyber-attacks. We must train colleagues to be an extension of our cyber-army to thwart attacks.

2:15 PM

Making Cloud the Most Secure Environment for Financial Services

Mr. Rajiv Gupta, McAfee and Mr. Scott Vowels, Comerica Bank

Event Toggle Arrow

For financial institutions, developing an innate understanding of where and how they could encounter cyber-risk is of primary importance. Security teams must continuously strive to fulfill their fiduciary and regulatory responsibilities, while also meet increasing expectations for consumer privacy and innovative business solutions. In this session, presenters will cover best practices for securing the cloud, starting with visibility and control of cloud and web services and understanding which cloud services are in use and how.

2:15 PM

Consequences of E-Commerce and External Suppliers on the Web

Mr. Yonathan Klijnsma, RiskIQ

Event Toggle Arrow

As the e-commerce side of businesses have grown, so have their functionality and services. Websites have heavily relied on ads, analytics and other outsourced services as part of the expansion, without being heavily scrutinized. Attendees will hear how e-commerce supply chain attacks often start, play out and impact organizations with limited insight into these events.

2:15 PM

Using Behavior Analytics to Predict, Detect and Stop Insider Threats

Mr. Bryan Sheppard, State Farm

Event Toggle Arrow

Conventional cybersecurity tools, such as those aimed at data-loss prevention, intrusion-prevention, security-information and event-management, and network-monitoring, focus on defending the perimeter and offer little in the way of protecting against insider threats. IT security teams cannot monitor every action taken by every employee, consultant and privileged user, using manual processes. In this session, attendees will explore State Farm’s insider threat program and learn how the company’s user and entity behavior analytics platform compares real-time user behavior to base-lined, normal behavior.

2:15 PM

(Repeat) Detecting Debit Card Fraud with Hands-On Data Science

Mr. Salil Jain, Aetna and Mr. Heath Henry, Aetna

Event Toggle Arrow

Security vulnerabilities in a merchant or card processor’s payment card network can leave room for threat actors to exploit them. Data breaches are nearly impossible to detect until hackers begin using the cards for fraudulent purchases. This session will review how probabilistic correlation, Jaccard (similarity) index, a measure of similarity for two sets of data, and manual investigation have helped mitigation efforts to protect issuers from fraud.

2:15 PM

(Repeat) How to build a Cyber Counterintelligence (CCI) Program

Mr. Reggie Dickerson, Capital One, Mr. Nathan Weilbacher, Capital One, Mr. Jason Haile, Capital One and Mr. Dan Dye, Capital One

Event Toggle Arrow

On the digital battlefield, cyberdefenders must develop innovative, non-traditional capabilities to enhance standard cybersecurity operations. By incorporating deception into its cybersecurity toolkit, one financial institution is proactively leveraging advanced countermeasures to combat advanced threats. Attendees will hear how to develop and successfully incorporate a cyber counter-intelligence (CCI) program within their environments, gaining insight into lessons learned that can help strengthen existing cybersecurity strategies.

2:15 PM

Applied Innovation to Reduce Risk in Access Management

Ms. Neha Joshi, Accenture Security and Mr. John Denning, Bank of America

Event Toggle Arrow

As corporate environments become more complex, dynamic and data-driven, Access Management programs need to eliminate manual processes and use predictive analysis to maintain the currency of their controls. Attendees will review the journey one financial institution took by applying innovation to uncover access risk and explore the necessary steps to mitigate risk. Attendees will also learn how to introduce automation and analytics to increase efficiency and accuracy, while reducing risk to their organization.

3:00 PM

Networking Break

3:30 PM

Mobile Risk and Compliance in a Post-Perimeter Era

Mr. Aaron Cockerill, Lookout

Event Toggle Arrow

With the majority of fraudulent transactions take place on mobile devices and the volume of those transactions increasing, this session will explore its risk and compliance. Attendees will leave with a new understanding of how a post-perimeter security model, which applies a risk-based approach to authentication, can be applied to mobile devices.

3:30 PM

A Cyberthreat Mindset in Fraud Aspects

Mr. Jean-Yves Riverin, Desjardins

Event Toggle Arrow

The bad guys have entered the new millennium - the digital era of fraud. Fraud and security teams need to converge into one mindset. Fraud teams can benefit from various security tools, and security teams can benefit from fraud-detection systems. The expertise built by our cyberthreat intel team has been extended to different fraud teams to apply the same security principles. This session reviews Desjardins' efforts to fuse its fraud and security teams. Attendees will learn more about areas of common interest between and among cyberthreat inte teams and fraud teams and new ways to the two can work together.

3:30 PM

(Repeat) Synthetic Identity: Are You Who You Say You Are?

Mr. Kevin Thomsen, Bank of America

Event Toggle Arrow

This session provides attendees with an overview of synthetic identity; a combination of fabricated credentials where the implied identity is not associated with a real person. Presenters will explain how fraudsters are exploiting this gap for financial gain and why synthetic identity is a blind spot for some financial institutions, due to organizational structure. The session will conclude with the latest on what’s being done at the industry-level and a high-level overview of what the banks are doing to mitigate risk.

3:30 PM

(Repeat) Making a Cyber Awareness Program Sexy

Mr. Mandouh Csintalan, RenaissanceRe

Event Toggle Arrow

Security often struggles to capture the attention of other departments. But when a security incident occurs, security teams get all of the attention, and oftentimes the blame. This session reviews how security departments can push cyber-awareness programs within their organizations before an incident happens. The financial-services industry is among the most targeted for sophisticated cyber-attacks. We must train colleagues to be an extension of our cyber-army to thwart attacks.

3:30 PM

(Repeat) Using Behavior Analytics to Predict, Detect and Stop Insider Threats

Mr. Bryan Sheppard, State Farm

Event Toggle Arrow

Conventional cybersecurity tools, such as those aimed at data-loss prevention, intrusion-prevention, security-information and event-management, and network-monitoring, focus on defending the perimeter and offer little in the way of protecting against insider threats. IT security teams cannot monitor every action taken by every employee, consultant and privileged user, using manual processes. In this session, attendees will explore State Farm’s insider threat program and learn how the company’s user and entity behavior analytics platform compares real-time user behavior to base-lined, normal behavior.

3:30 PM

(Repeat) Partnering Offense and Defense: A Purple Team’s Journey

Mr. Chris Blow, Liberty Mutual and Mr. Brian Riley, Liberty Mutual

Event Toggle Arrow

Internal red and purple teaming have seen a large uptick in popularity within the past five years. Unfortunately, not all implementations are successful for reasons ranging from budgetary and scope constraints, lack of forward-thinking vision, executive buy-in and structure. In this session, Liberty Mutual Insurance will share its purple team journey and how it’s driven material improvements toward its security program. Attendees will gain knowledge that will assist in creating a successful team of their own.

4:30 PM

Silver Solutions Showcase: Zero Trust: Reimagine Secure Internet Access

Mr. Kowsik Guruswamy, Menlo Security

Wednesday 20 November

7:00 AM

Breakfast

8:00 AM

FS-ISAC Opening Remarks

8:15 AM

Breaking Down Silos: How CISOs Can Streamline ID Management

Mr. Rakesh Loonkar, Transmit Security

Event Toggle Arrow

CISOs at leading enterprises are shortening the time, from months to hours, to deliver identity-related projects using an integrated authentication and fraud-detection platform. In this session, attendees will hear firsthand the problems with identity management, along with solutions which t add an Identity and Access Management (IAM) orchestration layer to their environments. This session will also review how organizations bogged down with IAM deployment can find faster ways to introduce authentication technologies.

8:45 AM

Reducing Risk with Self-Hosted Open Source Messaging

Mr. Ian Tien, Mattermost, Inc.

Event Toggle Arrow

To accelerate innovation, while also increase security and reduce risk, many leading financial services firms are moving to an open-source, Slack-compatible workplace messaging platform. Attendees will uncover how and why open-source messaging is more secure than other popular messaging platforms. Presenters will also discuss how firms are using the platform to increase DevOps productivity and improve team collaboration.

9:15 AM

Using Threat Objectives to Strategize and Measure Your Security Program

Mr. Jerry Perullo, ICE / NYSE

Event Toggle Arrow

Faced with competing and confusing vocabularies around threats, risks, and priorities, the presenter will share a set of 10 high-level threat objectives and demonstrate how this taxonomy has helped to organize strategic, operational and tactical initiatives. Attendees will hear how to deliver threat intelligence to the board, respond to breaches in the news, setup the “Red Team” calendar and prioritize remediation efforts.

9:45 AM

Networking Break

10:15 AM

Lessons Learned from a Bank Moving 100% to the Cloud

Mr. Steven Lodin, Sallie Mae

Event Toggle Arrow

Presenters will share observations regarding the process of moving the data center assets of a Top 100 bank entirely to the cloud. Attendees will discuss the golden rules for providing security and assurance during a full cloud migration, as well as the gotchas, surprises, lessons learned and the resulting strategic changes, to raise awareness and prevent future mistakes.

10:15 AM

Protecting Critical Assets: A Unique Approach to Cyberthreats

Mr. Reggie Dickerson, Capital One, Mr. Khalil Tora, Capital One, Mr. Dan Dye, Capital One and Mr. Jason Haile, Capital One

Event Toggle Arrow

The financial services sector is a complex ecosystem of technologies, business processes, and people. In the cyber-era, banks must accurately and securely process, store and protect customer-related data. External and Internal cyberthreat actors are continuously looking for opportunities to attack financial  networks and customers. The Use Case Intelligence Framework is a proven way to predict, detect and prevent financially motivated threat actors from compromising critical assets across the enterprise. This session explains how to successfully apply the UCIF and describes lessons learned that can help strengthen existing cybersecurity strategies.

 
10:15 AM

Protecting Data at Scale

Mr. Omkhar Arasaratnam, JPMorgan Chase & Co., Mr. Tim Brophy, JPMorgan Chase & Co., and Mr. TJ Klevinsky, JPMorgan Chase & Co.

Event Toggle Arrow

Securing data across a large, multinational firm is complex because data is mobile and all trust boundaries are not equal. This session reviews how JPMorgan Chase's data protection experts are using novel methods to build next-generation data protection systems at scale. The presentation focuses on lessons learned from JPMC’s experience in developing a next-gen data-protection platform, including key decisions and discussions surrounding data classification and programmatic data handling; buying versus building the platform; top-down vs. bottoms-up data governance; and convincing internal teams to adopt the platform.

 
11:15 AM

(Repeat) Lessons Learned from a Bank Moving 100% to the Cloud

Mr. Steven Lodin, Sallie Mae

Event Toggle Arrow

Presenters will share observations regarding the process of moving the data center assets of a Top 100 bank entirely to the cloud. Attendees will discuss the golden rules for providing security and assurance during a full cloud migration, as well as the gotchas, surprises, lessons learned and the resulting strategic changes, to raise awareness and prevent future mistakes.

11:15 AM

PowerShell for Security Nerds

Mr. Aaron Katz, SP Global

Event Toggle Arrow

PowerShell is an extremely powerful administrative and automation tool that enables attackers and defenders alike to do devastating things to your network. This session explores PowerShell's capabilities, why attackers love it and highlights defenses the blue team can use to prevent and detect PowerShell abuse. Presenters also will share case studies about attackers’ previous uses and mitigation techniques.

11:15 AM

Member Authentication – A Medium-Sized Credit Union’s Story

Ms. Krista Baum, WSECU, Mr. Aaron Robel, WSECU and Mr. Rod Bell, WSECU

Event Toggle Arrow

Four years ago, WSECU, a Washington state credit union had an aging online banking platform, several third-party online financial tools for membership and up to four different types of online logins per member. Fraudsters preyed on members with phishing attacks. Attendees will discuss the challenges of getting the credit union's leadership aligned to fix digital identities and create a realistic roadmap. Presenters will also share the challenges of getting technologies on-boarded with a small team and the present state of single sign-on.

11:15 AM

(Repeat) Protecting Data at Scale

Mr. Omkhar Arasaratnam, JPMorgan Chase & Co., Mr. Tim Brophy, JPMorgan Chase & Co., and Mr. TJ Klevinsky, JPMorgan Chase & Co.

Event Toggle Arrow

Securing data across a large, multinational firm is complex because data is mobile and all trust boundaries are not equal. This session reviews how JPMorgan Chase's data protection experts are using novel methods to build next-generation data protection systems at scale. The presentation focuses on lessons learned from JPMC’s experience in developing a next-gen data-protection platform, including key decisions and discussions surrounding data classification and programmatic data handling; buying versus building the platform; top-down vs. bottoms-up data governance; and convincing internal teams to adopt the platform.

12:00 PM

Lunch

1:00 PM

Integrating Hunting & Forensic Triage into Insider Risk Programs

Mr. Doug Koster, American Express

Event Toggle Arrow

This session will highlight the importance of integrating hunting and computer forensic triage into an existing insider risk program. Attendees will hear real world examples of how they have led to enhanced enterprise risk reduction. Presenters will also discuss hunting for anti-forensic tools, administrative shares, unapproved software and malware.

1:00 PM

(Repeat) Protecting Critical Assets: A Unique Approach to Cyberthreats

Mr. Reggie Dickerson, Capital One, Mr. Khalil Tora, Capital One, Mr. Dan Dye, and Mr. Jason Haile, Capital One

Event Toggle Arrow

The financial-services sector is a complex ecosystem of technologies, business processes, and people. In the cyber-era, banks must accurately and securely process, store and protect customer-related data. External and Internal cyberthreat actors are continuously looking for opportunities to attack financial networks and customers. The Use Case Intelligence Framework is a proven way to predict, detect and prevent financially motivated threat actors from compromising critical assets across the enterprise. This session explains how to successfully apply the UCIF and describes lessons learned that can help strengthen existing cybersecurity strategies.

1:00 PM

Dissecting Android Malware

Ms. Marita Fowler, Capital One and Ms. Kathryn Torelli, Capital One

Event Toggle Arrow

In this session, analysts will perform a live dissection of a malicious Android Package Kit (APK), explaining each step, allowing attendees to gain an understanding of the important APK components and the role they play in analysis. The presenters will also discuss the different criminals running these operations and ongoing initiatives that counter them. Attendees will leave with a deeper understanding of the malware threat landscape and a list of analysis tools and resources.

1:00 PM

(Repeat) Member Authentication – A Medium-Sized Credit Union’s Story

Ms. Krista Baumm WSECU, Mr. Aaron Robel, WSECU and Mr. Rod Bell, WSECU

Event Toggle Arrow

Four years ago, WSECU, a Washington state credit union had an aging online banking platform, several third-party online financial tools for membership and up to four different types of online logins per member. Fraudsters preyed on members with phishing attacks. Attendees will discuss the challenges of getting the credit union's leadership aligned to fix digital identities and create a realistic roadmap. Presenters will also share the challenges of getting technologies on-boarded with a small team and the present state of single sign-on.

1:45 PM

Networking Break

2:15 PM

Physical Pen-Testing: A Must-Have for Overall Security

Mr. Chris Carlis, Zurich Insurance Group

Event Toggle Arrow

Cybersecurity areas of responsibility and threat modeling will often bump physical pen-testing to the bottom of the list. This session discusses the roles and responsibilities of the information security team in protecting an organization’s physical security. The session reviews how to reframe the discussion with higher-ups to better represent the risks and benefits and how to jumpstart the testing process by running through some of the more common TTPs used today.

2:15 PM

The Potential Impact of Deepfakes on Market Manipulation

Ms. Anna Skelton, Bank of America

Event Toggle Arrow

Deepfakes, videos that use AI-based technology to create or alter content to misrepresent the truth, are becoming more indistinguishable from reality. Attendees will gain insight into how threat actors are increasingly using this technology to create content that could cause significant market disruption. Presenters will also discuss the proliferation of this content via social media and its potential to immediately impact global economies.

2:15 PM

Cross-Sector Sharing: How It Benefits Financial Institutions

Mr. Errol Weiss, H-ISAC and Mr. Mark Orsi, Global Resilience Federation

Event Toggle Arrow

Threat actors don’t just target one industry. In many cases, the same malware is used to attack a variety of sectors. The National Council of ISACs and the Global Resilience Federation each play an important role in sharing attack data, as well as providing technological and analytical support for various sectors to consume and report information. Attendees will examine case studies on the effective use of cross-sector sharing to defend against cyberattacks.

2:15 PM

Leveraging Cyberthreat Intel to Find Account Takeover Activity

Mr. David DeLuca, Vanguard and Mr. Chris Plaisance, Vanguard

Event Toggle Arrow

Account takeover activity is on the rise and a consistent problem for financial firms. This session reviews how to leverage cyber-intelligence with your fraud department to identify and prevent account takeovers. Attendees will discover that fusing the two teams will empower one cohesive team to emerge and combat account takeover activity. Presenters will demonstrate how this partnership provides additional protection to clients and discuss how automation streamlines the process, resulting in meaningful and measurable metrics.

2:15 PM

An Update From the FS-ISAC Measurements Working Group

Ms. Carin Salonia, The Hartford, Ms. Sarah Lachance, Liberty Mutual, Mr. Sounil Yu, Bank of America and Ms. Kimberly Sims, FLHB

Event Toggle Arrow

Information security programs have a critical need to measure and manage the risk within an environment: from threat identification and protection, to risk mitigation, compliance and executive reporting. A uniform framework within the information security industry or the financial services sector does not currently exist. The FS-ISAC Measurements Working Group was created to develop a uniform set of measurements that FIs may adopt. Attendees will learn how the group was created, where the group is now and the remaining activities to have a defined set of measurements.

2:15 PM

(Repeat) PowerShell for Security Nerds

Mr. Aaron Katz, SP Global

Event Toggle Arrow

PowerShell is an extremely powerful administrative and automation tool that enables attackers and defenders alike to do devastating things to your network. This session explores PowerShell's capabilities, why attackers love it and highlights defenses the blue team can use to prevent and detect PowerShell abuse. Presenters also will share case studies about attackers’ previous uses and mitigation techniques.

2:30 PM

Red Team Best Practices

Mr. Conner Finlay, T. Rowe Price

Event Toggle Arrow

This session is a must for implementing a red team at a smaller FI. Conducting such an operation presents unique challenges, which may not be as prevalent in other industries. Attendees will hear what works, doesn't work and recommendations.

2:45 PM

Building a Cyber Education Program

Mr. Jim Orr, Independent Financial

Event Toggle Arrow

How can an enterprise educate employees and strengthen what is considered to be the weakest link in the cybersecurity of a bank? Attendees will hear from a financial institution that has created a comprehensive cybersecurity education program for its employees. Presenters will also share incentives and other proven tactics resulting in increased participation in their institution’s phishing campaigns.

3:15 PM

Mobile Risks: Always Connected, Always a Threat

Mr. Ray Richards, PNC

Event Toggle Arrow

The exponential growth of mobile device technology has made mobile device security a top priority for modern enterprises. As more companies integrate mobile technology into their daily operations, these devices have become a more lucrative target for attackers. Businesses expect constant employee connectivity, but the sensitive data employees work with puts employees at greater risk. Presenters will review the real mobile threats — separating vendor hype from actual risk — and will offer tips on how to mitigate vulnerabilities.

3:15 PM

Proactive Insider Threat – The Convergence of Information Security, Legal and HR

Mr. George Albero, Bank of America, Mr. Knut Nodeland, Bank of America, Mr. David Nardoni, Bank of America and Mr. Scott Randolph, Bank of America

Event Toggle Arrow

Attendees will discuss the convergence of binary metric data points from across an enterprise to create a holistic view of employees, while protecting privacy. This view enables the effective and non-discriminatory application of enhanced controls to proactively detect and prevent insider threats, while mitigating legal and operational risk to the institution.

3:15 PM

Metrics-Driven Security

Mr. Aaron Katz, SP Global

Event Toggle Arrow

Everyone knows how important information security is, right? That's why you got all that funding for your program. But how do you measure that success and show management an appropriate return on their investment? Being able to formulate a risk appetite, with supporting metrics, is crucial to running a successful information security program. This session explores various metrics and measures that can be presented at multiple levels of management, from the SOC manager all the way to the board of directors. These metrics can communicate the overall health of the program from an operational perspective, as well as provide key information to business stakeholders to allow informed decisions to be made.

3:15 PM

A Head Start to Create a Red Team

Ms. Stacy Monroe, Principal Financial Group and Mr. Tom Ervin, Principal Financial Group

Event Toggle Arrow

An effective security program helps ensure the safe management of high-asset customers. Integrity guides the culture at Principal Financial Group, where regular analysis aims to advance and improve the security perimeter and find the best ways to understand weaknesses. In January 2019, Principal Financial Group launched its red team service. This session explains the process used by Principal Financial Group to operationalize its red team. Attendees will learn exactly what a red team does and identify the value the red team brings, find ways to hire the right talent (based on skillset) for the red team, and identify gotchas any red team should be anticipating for the future.

3:15 PM

FSSCC Cybersecurity Profile: Community Institution Implementation

Ms. Joyce Flinn, First United Bank & Trust

Event Toggle Arrow

Various regulatory agencies are asking the same question in several ways, stretching already scarce cybersecurity talent. This is especially true for community institutions. This session will explore the logic behind the development of the FSSCC Cybersecurity Profile. Community institutions will discuss moving to the new profile and review the implementation process and lessons learned. Panelists will also discuss the first exam cycle utilizing the profile and regulatory acceptance.

3:15 PM

Developing a process for Direct Deposit BEC phishing

Mr. Pierre Lamy, S&P Global

Event Toggle Arrow

Doable for even new intelligence teams, this session will showcase a new threat intelligence program where the service catalog is built with multiple workflows and services. One of the key services is the direct deposit BEC phishing response. This presentation will detail the processes to execute, how to disseminate intelligence and feedback on this new program.

3:15 PM

(Repeat) Integrating Hunting & Forensic Triage into Insider Risk Programs

Mr. Doug Koster, American Express

Event Toggle Arrow

This session will highlight the importance of integrating hunting and computer forensic triage into an existing insider risk program. Attendees will hear real world examples of how they have led to enhanced enterprise risk reduction. Presenters will also discuss hunting for anti-forensic tools, administrative shares, unapproved software and malware.