Mr. Carsten Fischer - Head of Information Security Operations, Deutsche Bank's Chief Security Office
Carsten Fischer joined Deutsche Bank’s Chief Security Office in November 2017 as Head of Information Security Operations. Since January 2019, he also has served as Interim Head of Information Security within Deutsche Bank’s Chief Technology Office.
Prior to that role, Fischer was Regional Head of Information and Resilience Risk Management for Continental Europe and Global Head of Information Security Risk in the Chief Risk Office.
He joined Deutsche Bank in 1998, working in different IT roles supporting the Corporate Center and Group Finance through 2004.
Fischer took on a Chief Operating Officer before becoming Head of Smart Sourcing and IT Risk Management for Investment Banking IT/Global Technology Capital Markets in August 2007.
From mid-2011 to mid-2013, Fischer was head of Risk and Control for Global Technology, overseeing all aspects of IT Risk Management and Operational Risk Management for Global Technology.
Fischer was the COO and Head of Strategy & Governance in the Chief Information Security Office from October 2013 to February 2016, when he was responsible for the Chief Administration Office Function, as well as Governance, Strategy and Central Services (including Security Training and Awareness).
Fischer is on the board for the Cyber Defence Alliance and is a member of the International Banking Security Association representing Deutsche Bank.
Mr. Arne Schönbohm, German Federal Office for IT Security
One of the central tasks of the German Federal Office for IT Security, as the national cybersecurity authority in Germany, is to collaborate with and engage in numerous networks of information exchange sharing. In his keynote address, the president of the German Federal Office for IT Security, Mr. Arne Schönbohm, will present the experiences his agency has had in cybersecurity awareness and resiliency. In doing so, Schönbohm will elaborate on the characteristics of strong information networks and provide examples for cooperation through those networks, both nationally and internationally.
Mr. Joseph Woodruff, EclecticIQ
Prisoner’s dilemma is one of the most famous problems in game theory where two separate parties must cooperate to gain the highest overall reward, even if it is not the highest individual reward. This session will discuss the parallels between the “prisoner’s dilemma” and sharing intelligence within a community. It will also review the importance and benefits of being an active member in FS-ISAC’s community, by not only consuming intelligence, but also producing and sharing it.
Mr. Nik Whitfield, Panaseer and Mr. Adam Palmer, Santander
Whether it’s for the board, regulators, auditors or holding your own team accountable, financial institutions must demonstrate security control. This session will tackle common challenges that come with implementing effective security measures. Learn what constitutes a good metric and discover the type of data necessary to gain full visibility of security controls. See what it takes to have an automated, up-to-date metrics program readily accessible when stakeholders come calling.
Mr. Shane Duignan, Fidelity Investments
This session discusses how to adopt and apply the Malware Information Sharing Platform (MISP) as a threat intelligence platform solution for attribution of threat actors targeting a financial institution. Attendees can expect to learn more about the motivations for developing a threat group attribution program and how to design a playbook that captures the threat-analyst-intel-lifecycle workflow that is mapped to on-premise threat intel products and technologies. The session also covers threat intel models and frameworks that are compatible with threat intel platforms, a breakdown of the steps to perform threat attribution and issues encountered during the lifecycle operation. (NOTE: This workshop will break for lunch.)
Mr. David Aubrey-Jones
The threat of destructive cyber-attacks continues to grow and the use of crypto-ransomware has skyrocketed since 2013, when Cryptolocker first demanded ransom payments using a digital currency. In 2017 we saw another game changer, with destructive worms being created when Wannacry and NotPetya caused huge damage. More recently we are seeing ransom attacks targeting organisations with the Bitpaymer, SamSam, Ryuk and LockerGoga ransomware. In some cases, backups have also been encrypted. In the face of increased threats, cyber-resilience is gaining more attention from regulators. This session will discuss the history and evolution of threats, what may be next and strategies to address concerns.
Ms. Lisa Lee, Microsoft
There’s a big difference between having a data classification policy and implementing the controls to enforce it. Where should you begin? Identify the decision-makers who will decide the classification categories and labels to use. Attendees will review lessons still being learned as a large bank moves forward with information protection and the tools to help financial institutions meet regulatory requirements and comply with guidance. This session will also provide an overview of best practices already identified.
Mr. John Morgan Salomon, FS-ISAC
Mr. Michael Wandel, Aviva
This workshop brings FS-ISAC members from the insurance sector together for a roundtable-like discussion about cybersecurity concerns specific to the insurance industry. Discussion will review new tools being developed by FS-ISAC members to address leading cybersecurity issues, as well as building threat-intelligence functions within insurance businesses, intelligence requirements, intel vendors, products, metrics, and tooling. This workshop is TLP Red.
Mr. Ian Thornton-Trump, Amtrust International
We live in a world of competing nation-states, proxies of those states and non-nation state actors. This competition manifests itself in any number of ways – conflict, sanctions, restrictions, embargoes, assassinations and much more. Clausewitz suggested, “War is politics by other means." The natural conclusion is that cyber-espionage, cyber-attacks and cyber-influence operations are merely manifestations of a policy clash between two or more competing powers or proxies. Or are they? This session explores how nation-state APT actors have embraced cyber to further their national goals through covert or overt means.
Mrs. Teresa Walsh, FS-ISAC
This workshop aims to provide a forum for active discussion between FS-ISAC members and representatives from Europol’s EC3 Financial Cybercrime Consortium about mutual topics of interest. The workshop also will review the advantages strong collaboration between the financial sector and law enforcement provides. This Europol Consortium was originally founded as a way for financial institutions and law enforcement to discuss significant cybercrime incidents from an operational perspective. The intimate setting of this workshop with Europol will allow for trusted discussion in a controlled setting. This session is open to FS-ISAC members, law enforcement and government.
Dr. Carsten Willems, VmRay and Mr. Adam Palmer, Santander
Explore the techniques advanced attackers use to defeat common security measures and learn how security teams can effectively counter-attack evasion techniques by improving operational security practices. Attendees will gain a better understanding of how to detect such attacks and gather actionable threat intelligence.
Dr. Sam Small, ZeroFOX
The biggest blind spot in enterprise security architecture may be activities taking place just beyond your view. Attackers hijack company accounts, launch spear-phishing campaigns against employees, build fraudulent accounts to socially engineer executives and attack customers at scale. This session will review truths about the modern digital and social landscape and take a deep dive into major TTPs.
Mr. Todd James, UBS AG
There are significant gaps between the findings when an incident is closed, when a red or purple team engagement has ended or when threat or open-source intelligence is distilled. Meaningful feedback is simply lost in a document or the roadblocks are so large that there is never any reduction to the attack surface. This session will review lessons learned about estate hardening and how closing the feedback loop between incidents and hygiene could help institutions prevent making the same mistakes.
Mr. Tim Ager, Cymulate and Mr. Jorge Ruao, Euronext
Banking, financial services and insurance (BFSIs) companies are investing in information security more than any other sector. They’re doing everything right. From perimeter security and DLP to encryption and segmentation, in terms of optimizing their security posture, they’re already 80 percent there. Despite their efforts and with the risk of ATM- and ACH-related fraud, BFSIs are prime targets for advanced persistent threats (APTs). This session will review traditional and manual testing methods and explain why they fall short. Attendees will also learn how empirical risk scores can prioritize efforts and budget.
Ms. Ria Biggs, Goldman Sachs
Many financial institutions have mature cyberthreat intelligence programs but have yet to unlock the value of applying intelligence to cyberthreat hunting. This session will demonstrate how intelligence can be used to actively search for advanced persistent threats, including an explanation of Goldman Sachs’ approach to cyber threat hunting and how to turn intelligence into prioritized hunt missions with actionable results. Attendees will explore firsthand challenges and lessons learned when building a cyberthreat hunting team and advancing through the hunt maturity model.
Mr. Lance Wantenaar, Worldpay
Social engineering is the biggest threat to organisations and it is being used with devastating effect in business email compromise fraud and phishing emails. This session will dive into the psychology and mechanisms of social engineering to explain how it affects a person when used to initiate phishing email link clicks or telephone social engineering of call centre staff to gain customer information. Attendees will understand how the brain processes these attacks to develop better awareness programs to protect staff and business profitability.
Mrs. Laurie Mercer, HackerOne
Mr. George Avetisov, HYPR Corp
Mr. Craig Barrington, Digital Shadows
Mr. Henry Harrison, Garrison and Ms. Katie Hewitt, Llyods Banking Group
Mr. Krijn de Mik, Fox-IT
Mr. Wade Lance, Illusive Networks
Mr. Jamie Sarakinis, Securonix
Mr. Doug Hubbard, Hubbard Analytics
Drawing on techniques discussed in Doug Hubbard’s book, How to Measure Anything in Cybersecurity Risk, this session will change perspectives on managing risk to information security programs. Topics in this session include everything from principles of assessing and communicating risks, measuring “intangibles” like damage to reputation, measuring an expert’s skill at providing “calibrated estimates” of probabilities, and using spreadsheet-based simulations, to reviewing how some of the most popular risk assessments like heat maps and risk scores have objectively failed, and how to make the case for quantitative methods in your organization.
Mr. Jason Steer, Recorded Future
This discussion will examine how a recent US designation of Iran's Islamic Revolutionary Guard Corps as a terrorist organisation can impact financial institutions. The presenter will demonstrate how new global realities can impact and potentially increase threats to banks throughout the world.
Mr. Jonathan Couch, ThreatQuotient
The increasingly popular MITRE ATT&CK framework provides great insight into the process of the attacker and offensive operations and strategic direction for security operations. ATT&CK can be leveraged with infrastructure and threat intelligence to start hunting for adversaries in a network, based on their tactics, techniques and procedures. In this session, attendees will walk through adversary operations and the ATT&CK model and map it against security infrastructure and processes. Speakers will discuss the future of security operations and how to leverage frameworks to hunt for adversaries based on their TTPs.
Mr. Aviram Zrahia, Tel Aviv University
Cyberthreat intelligence (CTI) sharing is a collaborative effort to fight cybercrime by leveraging capabilities, knowledge and experience with and among the broader financial sector. This session will offer a unique, multidisciplinary view of the challenges of CTI and look at the relationships between cybersecurity vendors. Attendees will gain insights from the network structure formed between vendors and characterize the relationships and common properties of sharing firms.
Mr. Greg Gist, FS-ISAC, Mr. Brandon Brucker, FS-ISAC and Mr. Vincent Thiele, ING BANK
Join this public-private working session to discuss exercising approaches and protocols for the financial sector in reaction to a large-scale incident. Members and public agencies in the European Union will come together to discuss exercises for crisis coordination and response and resiliency actions.
In a TED-Talk-style format, these showcase presentations will be high-level, conceptual discussions about industry advances within the financial sector.
Mr. Richard Cassidy, Exabeam
A zero trust environment is built upon the premise that no asset or account has inherent access to anything, regardless of whether it exists inside or outside the network. Security practitioners have been extolling the virtues of this architecture model for a number of years; and whilst it is more complex to implement than the traditional perimeter-based defense, it certainly makes life harder for would-be attackers.To truly understand risk, organisations need up-to-date information that works in their favor. This session reviews how security automation and orchestration can truly benefit operations teams.
Mr. Jens Freitag, Tenable Network Security, Inc.
Digital transformation has created a complex computing environment of cloud, development and operations, traditional compute and corporate LAN, mobility and IoT. Everything is connected as part of the new, modern attack surface, which has created a massive gap in organizations' abilities to truly understand their cyber exposure at any given time. This session reviews new approaches to effectively prioritize vulnerabilities and reduce cyber-risk.
Mr. Aaron Mog, RiskIQ
Mr. Nick Caley, ForgeRock
Open banking and PSD2 (the Revised Payment Service Directive) represent both regulatory challenges and competitive opportunities for banks and fintech. This session reviews how a unified and open-source solution will be key to addressing challenges in the future around customer authentication, secure APIs, customer consent and identity best practices. Banks can and should achieve more than just regulatory compliance; they also can introduce new products and services designed to meet the needs and expectations of today’s empowered consumers.
Mr. Dmitry Volkov, Group-IB
Threat intelligence has identified and analysed 2.6 million unique phishing URLs on 727, 000 domains, which is a 9 percent increase from 2018. Phishers specializing in massive cyber-attacks use so-called phishing kits. This session will review research into phishing attacks that targeted EMEA financial institutions, the infrastructure the attackers used and the full-cycle investigation into the real identities of the attackers. Attendees will learn how to automate the capture of credentials stored in phishing logs and techniques used in online investigations of cybercriminals.
Mr. Alex Rifman, Anomali
Intelligence and indicator sharing have come a long way from the dark ages of private forums. Today, threat intelligence platforms are regularly leveraged in operations centers across the globe to triage and disseminate actionable information. This session will review the history of information sharing, the current state of today’s analysis centers and how organizations automate incident response processes. Attendees will also take an in depth look at the near-term future of information sharing.
Mrs. Tracy Watts, Lloyds Banking Group
Learn how to communicate internally to build the entire team's knowledge of threats and how to cultivate relationships with peers cross-sector to encourage sharing. Join this session to gain an external intelligence view into insider threat strategy.
Mr. Chris Meidinger, CrowdStrike
In 2017, the cyberworld was hit with numerous destructive attacks from a range of threat actors. What types of attacks are striking now and what is on the horizon? This session will share alarming trends observed in the global threat landscape and highlight evolving best practices that have proved most successful against cybercriminals, hacktivists and nation-state adversaries. Attendees will review the latest threat intelligence discovered in 2018 and 2019, how to use it to shape a security strategy, and lessons learned from in-depth digital forensics, incident response and remediation.
Mrs. Sonia Burney, Charles Schwab
To successfully build a threat intelligence team, clear goals and initiatives need to be identified and developed through a standardized workflow. For each initiative, teams need to identify intake processes, standardize procedures, identify outputs, and report actionable intel to appropriate stakeholders. Teams can then determine automation for processes and outputs to perform analytics and machine learning on data and convert metrics into intelligence. This session will go through these road mapping steps and share examples of converting metrics into intelligence. Attendees will walk through how a successful threat intelligence team was built and lessons learned.
Mr. Nick David, OneTrust
In today’s shifting security and regulatory environment, ongoing third-party monitoring is critical to ensure compliance. This session outlines the keys to third-party risk-management success through a modern approach to monitoring vendors. Learn more about maintaining oversight of third-party vendor risks, reassessing vendor risks on a regular basis and keeping your data-map up to date to map vendor data flows. The session also reviews the benefits of a third-party risk exchange, and how to proactively protect against third-party threats like data breaches.
Mr. Jim de Haas, ABN AMRO and Mr. Adam Palmer, Santander
This session will highlight updates to cloud assessments provided by ABN AMRO's and Santander's cloud security teams. Institutions will share what they are doing from a best practice perspective, their visions for future cloud risk assessments and methods to increase the effectiveness of risk analysis. ABN AMRO and Santander plan to define next steps in the cloud risk assessment field.
Mr. Terje Aleksander Fjeldvaer, DNB Bank ASA
Fraud is more than just financial loss. Powered by new technology and the use of diverse channels, such as the call center and online banking, a holistic analysis can result in a significant increase in the number of terminated fraudulent transactions and reduce the total amount lost. This session will review DNB's unique fraud governance model with an approach that focuses on first-party fraud with the same effort as third-party fraud.
Mr. Steffen Nagel, Frankfurter Volksbank and lIllumio
For three consecutive years, risk acceptance has been the answer to audit findings. Visibility of application traffic was non-existent and segmentation mandated by Germany's Federal Financial Supervisory Authority, BaFin, was hard to achieve. But that is changing, as Frankfurter Volksbank proves. This session reviews how Frankfurter Volksbank is overcoming traffic visibility challenges to comply with BaFin's segmentation requirements.
Mr. Sanjeev Shukla, Accenture and Mr. William Hoffman, Deutsche Bank
Financial institutions have struggled to make attitudinal changes toward cybersecurity but have managed to make major improvements in handling conduct risk. This session will explore how conduct risk has been handled and the benefits for an institution’s cybersecurity program. It will also offer cross-industry insights regarding safety and security and will review aspects of behavioral sciences that can help change attitudes toward cyber-risk. Attendees will leave with a framework for influencing and changing security culture within a financial services organization.
Daniel Barriuso, Global CISO Santander Group
The financial sector continues to be a key target for cybercriminals in search of financial gain. A holistic, intelligence-led approach to cybersecurity is key to anticipating cyberthreats and minimising incident-response time and impact to an organisation. This session explores how and why building cross-sectorial, international intelligence exchange networks is essential in order to obtain first-hand knowledge about cyber-incidents, as well as to enhance detection and response capabilities.
Mr. Chales Bretz, FS-ISAC and Mr. Darin Pettis, US Bank
Gain an understanding of the enterprise visibility problems that occur with the adoption of the cryptographic protocol known as Transport Layer Security 1.3. Serious issues have arisen because of the migration to TLS 1.3. Attendees will hear thought leadership around how TLS 1.3 can be used in conjunction with the new Enterprise Transport Security (ETS) standard. An overview will be shared along with an update about vendor adoption of ETS and timing.
Mr. Kenneth Janssen, SWIFT and Mr. Hubert Toussaint, SWIFT
Join this session and witness a live cyber-attack to see how often overlooked security protocols leave the door wide open. Attendees will learn how by combining minor vulnerabilities, cybercriminals can infiltrate a business, steal data and cause untold damage to a company’s reputation. No real bank will be harmed in the process of this demonstration.
Ms. Tara Kenny, Lloyds Banking Group
Lloyds Banking Group’s (LBG) approach to enhancing operational resilience puts service continuity at the heart of its strategy. Learn how operational resilience is put into practice across a large corporate enterprise. Attendees will be provided with insights from one group’s overarching framework, notable challenges through various stages of strategy, key successes and important lessons learnt along the way, including how to engage from the board down.
Mr. Giles Barford, Intercontinental Exchange
Encrypted communications are commonly used by malicious actors for command and control (C2) channels. This session will offer a statistical technique for detecting C2 channels, using SSL/TLS JA3 fingerprints and analysis of connection intervals. Hear about the architecture needed to collect and analyse the underlying endpoint and network data, construct the model and investigate breaches. The described solution may be used by any financial institution to improve detection of commodity malware and advanced actors.
Mr. Tim Jordan, ING
ING has developed a physical board game to support internal learning and training of business continuity and crisis management topics. This effort to foster the corporation’s organizational resilience can be played by anyone and with no prior knowledge of the covered topics. In this session, attendees will play the game and learn how experienced business continuity and crisis management professionals use innovative tools to support awareness and competence among their teams.
Mr. Andres Maurer, UBS
Many companies still struggle to implement an effective access management system. Speakers will provide a holistic view of the access management process, critical success factors and best practices and illustrate inter-dependencies. This session will span both the business and technical aspects of access management by reviewing Zero Trust and eXtensible Access Control Markup Language frameworks. Attendees will formulate and structure their problems, contribute suggestions, share experiences and provide tips on best approaches.
Mr. Daniel Sierra Saavedra, Banc Sabadell
Collaboration between cybergangs has increased in recent years. This session will review ways gangs such as Trickbot, Gozi and Ramnit collaborate, offering their TTPs with each other in exchange for other tools, money and/or information. Attendees will walk through the development of a conceptual map and gain an understanding of the risks and how to forecast what to expect in the near future.
Dr. Jorke Kamstra, Euroclear
In an interconnected ecosystem, operational resilience is a top concern for financial services. Without operational resilience, any incident —internal or external— can escalate into a long-term outage. Operational resilience can lead to sound practices to help absorb shocks and assure senior stakeholders that business can continue even when an incident occur. This presentation will provide an overview of operational resilience and key takeaways .
Dr. David Aubrey-Jones, RBS
The ‘Black Swan’ theory is a metaphor that describes an event that comes as a surprise, has a major impact and is often inappropriately rationalized. Most organizations are so focused on immediate threats that they often fail to see the next ‘Black Swan’ threat. Examples include the WannaCry and NotPetya events. This session will discuss possible Black Swans that could be on the horizon within the next few years, how they may occur and the best ways a company can prepare for these attacks and their risks.
Mr. Andres Maurer, UBS
Many companies still struggle to implement an effective access management system, even though identity and access management feeds and complements a number of critical areas, including behavioral biometrics and fraud analysis. This session provides a holistic view of the access management process, highlighting both critical success factors and best practices, and illustrating their inter-dependencies. This session spans both the business and technical aspects of access management, by reviewing Zero Trust and XACML (eXtensible Access Control Markup Language) frameworks. This session will allow participants to formulate and structure their problems, contribute suggestions, share experiences and provide tips about best approaches.
Mr. John Morgan Salomon, FS-ISAC
At the 2018 EMEA Summit, FS-ISAC and several members and sector stakeholders founded European financial sector resilience group to provide strategic guidance, input and additional high-level coordination for the European financial sector. This session will seek to solicit member input into the structure and activities of this entity.
Mr. Wade Bicknell, Deutsche Bank
Financial institutions have been constructing their CISO organisations with a "compliance first" approach. While this is effective in mitigating compliance risk, it can sometimes lead to uneven and/or ineffective cyberdefense platforms that attempt to cover the full spectrum of cyberthreats. By taking a threat-based approach, organizations can better understand their cyber-exposure, and better understand. what their strategy might look like against current and emerging threats, the gaps they may have to fill and how to structure their organisation around a threat-based approach. This session will provide an overview of the cyberthreats financial institutions face globally and share best practices on how a CISO organization can be structured around them.
Mr. Frank Versmessen, SWIFT
In its role in the global financial critical infrastructure, SWIFT continues to enhance its cyberprogramme to stay ahead of emerging cyber-attacks. SWIFT's internal cyber-programme is comprehensive, covering tools, processes, operations and cybersecurity teams which spans identification, protection, detection, response and recovery from cyberthreats. This session will review how SWIFT has used its Customer Security Framework to enhance security controls and resiliency three years after the attack against Bangladesh Bank. Attendees will hear firsthand how SWIFT is moving from "security built-in" to "resiliency built-in," as it adopts a layered approach to further strengthen its cyber-resilience.
Mr. Daniel Casado de Luis, Banc Sabadell
This presentation will provide insight into the overall attack surface of smart contracts to evaluate their threat landscape’s ecosystem: the contracts themselves, Ethereum Virtual Machines, nodes and exchanges. Comparison between successful non-FI smart contract deployments and applicability to FIs will be analyzed. Attendees will consider or not whether the contracts are as trustworthy for financial institutions as they are for other sectors.