Carsten Fischer - Head of Information Security Operations, Deutsche Bank's Chief Security Office
Carsten Fischer joined Deutsche Bank’s Chief Security Office (CSO) in November 2017 as Head of Information Security Operations. Since January 2019 he is also Interim Head of Information Security Chief Technology Office.
Prior to this role, Carsten was Regional Head Information & Resilience Risk Management (IRRM) for Continental Europe and Global Head of Information Security Risk (ISR) in the Chief Risk Office.
Carsten joined Deutsche Bank after university in 1998 and had been working in different IT roles supporting the Corporate Center and Group Finance through 2004.
He was running Business Management and took on a Chief Operating Officer (COO) role, before becoming Head of Smart Sourcing and IT Risk Management for Investment Banking IT / Global Technology Capital Markets in August 2007.
From mid 2011 through to mid of 2013 Carsten was head of Risk and Control for Global Technology, and as such was responsible for all aspects of IT Risk Management and Operational Risk Management for Global Technology.
Carsten was the COO and Head of Strategy & Governance in the Chief Information Security Office (CISO) from October 2013 to February 2016. In this role, he was responsible for the Chief Administration Office Function, Governance, Strategy and Central Services (including Security Training and Awareness).
Carsten is member of the board of directors for Cyber Defence Alliance (CDA) and member of the International Banking Security Association (IBSA) representing Deutsche Bank.
Carsten did an apprenticeship with Deutsche Bank in 1989 and holds a degree in economic mathematics from the Technical University in Kaiserslautern.
Mr. Arne Schonbohm, German Federal Office for IT Security
One of the central tasks of the German Federal Office for IT Security, as the national cybersecurity authority in Germany, is to collaborate with and engage in numerous networks of information exchange sharing. In his keynote address, the president of the German Federal Office for IT Security, Mr. Arne Schönbohm, will present the experiences his agency has had in cybersecurity awareness and resiliency. In doing so, Schönbohm will elaborate on the characteristics of strong information networks and provide examples for cooperation through those networks, both nationally and internationally.
Mr. Joseph Woodruff, EclecticIQ
Prisoner’s dilemma is one of the most famous problems in game theory where two separate parties must cooperate to gain the highest overall reward, even if it is not the highest individual reward. This session will discuss the parallels between the “prisoner’s dilemma” and sharing intelligence within a community. It will also review the importance and benefits of being an active member in FS-ISAC’s community, by not only consuming intelligence, but also producing and sharing it.
Mr. Nik Whitefield, Panaseer and Mr. Adam Palmer, Santander
Whether it’s for the board, regulators, auditors or holding your own team accountable, financial institutions must demonstrate security control. This session will tackle common challenges that come with implementing effective security measures. Learn what constitutes a good metric and discover the type of data necessary to gain full visibility of security controls. See what it takes to have an automated, up-to-date metrics program readily accessible when stakeholders come calling.
Mr. Shane Duignan, Fidelity Investments
Dr. David Aubrey-Jones, RBS
The threat of destructive cyber-attacks continues to grow and the use of crypto-ransomware has skyrocketed since 2013, when Cryptolocker first demanded ransom payments using a digital currency. In 2017 we saw another game changer, with destructive worms being created when Wannacry and NotPetya caused huge damage. More recently we are seeing ransom attacks targeting organisations with the Bitpaymer, SamSam, Ryuk and LockerGoga ransomware. In some cases, backups have also been encrypted. In the face of increased threats, cyber-resilience is gaining more attention from regulators. This session will discuss the history and evolution of threats, what may be next and strategies to address concerns.
Ms. Lisa Lee, Microsoft
There’s a big difference between having a data classification policy and implementing the controls to enforce it. Where should you begin? Identify the decision-makers who will decide the classification categories and labels to use. Attendees will review lessons still being learned as a large bank moves forward with information protection and the tools to help financial institutions meet regulatory requirements and comply with guidance. This session will also provide an overview of best practices already identified.
Mr. John Morgan Salomon, FS-ISAC
Ms. Rebecca Ledingham, Mastercard
A significant number of cyber-offenders show some autistic spectrum disorders. It is important to grasp the nuances of the behaviors to understand the threat actors targeting your organization. Attendees will gain insight into understanding who the offenders are by identifying key genetic traits, why they commit these crimes and learn how to gainfully employ people with autism to keep these cybercriminals at bay.
Dr. Carsten Willems, VmRay and Mr. Adam Palmer, Santander
Explore the techniques advanced attackers use to defeat common security measures and learn how security teams can effectively counter-attack evasion techniques by improving operational security practices. Attendees will gain a better understanding of how to detect such attacks and gather actionable threat intelligence.
Dr. Sam Small, ZeroFOX
The biggest blind spot in enterprise security architecture may be activities taking place just beyond your view. Attackers hijack company accounts, launch spear-phishing campaigns against employees, build fraudulent accounts to socially engineer executives and attack customers at scale. This session will review truths about the modern digital and social landscape and take a deep dive into major TTPs.
Mr. Todd James, UBS AG
There are significant gaps between the findings when an incident is closed, when a red or purple team engagement has ended or when threat or open-source intelligence is distilled. Meaningful feedback is simply lost in a document or the roadblocks are so large that there is never any reduction to the attack surface. This session will review lessons learned about estate hardening and how closing the feedback loop between incidents and hygiene could help institutions prevent making the same mistakes.
Mr. Tim Ager, Cymulate
Banking, financial services and insurance (BFSIs) companies are investing in information security more than any other sector. They’re doing everything right. From perimeter security and DLP to encryption and segmentation, in terms of optimizing their security posture, they’re already 80 percent there. Despite their efforts and with the risk of ATM- and ACH-related fraud, BFSIs are prime targets for advanced persistent threats (APTs). This session will review traditional and manual testing methods and explain why they fall short. Attendees will also learn how empirical risk scores can prioritize efforts and budget.
Ms. Ria Biggs, Goldman Sachs
Many financial institutions have mature cyberthreat intelligence programs but have yet to unlock the value of applying intelligence to cyberthreat hunting. This session will demonstrate how intelligence can be used to actively search for advanced persistent threats, including an explanation of Goldman Sachs’ approach to cyber threat hunting and how to turn intelligence into prioritized hunt missions with actionable results. Attendees will explore firsthand challenges and lessons learned when building a cyberthreat hunting team and advancing through the hunt maturity model.
Mr. Lance Wantenaar, Worldpay
Social engineering is the biggest threat to organisations and it is being used with devastating effect in business email compromise fraud and phishing emails. This session will dive into the psychology and mechanisms of social engineering to explain how it affects a person when used to initiate phishing email link clicks or telephone social engineering of call centre staff to gain customer information. Attendees will understand how the brain processes these attacks to develop better awareness programs to protect staff and business profitability.
Mrs. Lauren Koszarek and Mr. Ben Sadeghipour, HackerOne
Mr. George Avetisov, HYPR Corp
Mr. Harrison Van Riper, Digital Shadows
Mr. Stefan Hager, DATEV and Mr. Henry Harrison, Garrison
Mr. Krijn de Mik, Fox-IT
Mr. Ofer Israeli, Illusive Networks
Mr. Adam Palmer, Santander and Mr. Doug Hubbard, Hubbard Analytics
Mr. Jason Steer, Recorded Future
This discussion will examine how a recent US designation of Iran's Islamic Revolutionary Guard Corps as a terrorist organisation can impact financial institutions. The presenter will demonstrate how new global realities can impact and potentially increase threats to banks throughout the world.
Mr. Jonathan Couch, ThreatQuotient
The increasingly popular MITRE ATT&CK framework provides great insight into the process of the attacker and offensive operations and strategic direction for security operations. ATT&CK can be leveraged with infrastructure and threat intelligence to start hunting for adversaries in a network, based on their tactics, techniques and procedures. In this session, attendees will walk through adversary operations and the ATT&CK model and map it against security infrastructure and processes. Speakers will discuss the future of security operations and how to leverage frameworks to hunt for adversaries based on their TTPs.
Mr. Aviram Zrahia, Tel Aviv University
Cyberthreat intelligence (CTI) sharing is a collaborative effort to fight cybercrime by leveraging capabilities, knowledge and experience with and among the broader financial sector. This session will offer a unique, multidisciplinary view of the challenges of CTI and look at the relationships between cybersecurity vendors. Attendees will gain insights from the network structure formed between vendors and characterize the relationships and common properties of sharing firms.
Mr. Greg Gist, FS-ISAC and Mr. Vincent Thiele, ING BANK
Join this public-private working session to discuss protocols for the financial sector in reaction to a large-scale incident. Members and public agencies in the European Union will come together to discuss crisis coordination and response and resiliency actions.
In a TED Talks format, these showcase presentations will be high-level, conceptual discussions about industry advances within the financial sector.
Mr. Jens Freitag, Tenable Network Security, Inc.
Mr. James Mesney, Kinetica
Mr. Dmitry Volkov and Mr. Nicholas Palmer, Group-IB
Threat intelligence has identified and analysed 2.6 million unique phishing URLs on 727, 000 domains, which is a 9 percent increase from 2018. Phishers specializing in massive cyber-attacks use so-called phishing kits. This session will review research into phishing attacks that targeted EMEA financial institutions, the infrastructure the attackers used and the full-cycle investigation into the real identities of the attackers. Attendees will learn how to automate the capture of credentials stored in phishing logs and techniques used in online investigations of cybercriminals.
Mr. Alex Rifman, Anomali
Intelligence and indicator sharing have come a long way from the dark ages of private forums. Today, threat intelligence platforms are regularly leveraged in operations centers across the globe to triage and disseminate actionable information. This session will review the history of information sharing, the current state of today’s analysis centers and how organizations automate incident response processes. Attendees will also take an in depth look at the near-term future of information sharing.
Mrs. Tracy Watts, Lloyds Banking Group
Learn how to communicate internally to build the entire team's knowledge of threats and how to cultivate relationships with peers cross-sector to encourage sharing. Join this session to gain an external intelligence view into insider threat strategy.
Mr. Zeki Turedi, CrowdStrike
In 2017, the cyberworld was hit with numerous destructive attacks from a range of threat actors. What types of attacks are striking now and what is on the horizon? This session will share alarming trends observed in the global threat landscape and highlight evolving best practices that have proved most successful against cybercriminals, hacktivists and nation-state adversaries. Attendees will review the latest threat intelligence discovered in 2018 and 2019, how to use it to shape a security strategy, and lessons learned from in-depth digital forensics, incident response and remediation.
Mrs. Sonia Burney, Charles Schwab
To successfully build a threat intelligence team, clear goals and initiatives need to be identified and developed through a standardized workflow. For each initiative, teams need to identify intake processes, standardize procedures, identify outputs, and report actionable intel to appropriate stakeholders. Teams can then determine automation for processes and outputs to perform analytics and machine learning on data and convert metrics into intelligence. This session will go through these road mapping steps and share examples of converting metrics into intelligence. Attendees will walk through how a successful threat intelligence team was built and lessons learned.
Mr. Terje Aleksander Fjeldvaer, DNB Bank ASA
Fraud is more than just financial loss. Powered by new technology and the use of diverse channels, such as the call center and online banking, a holistic analysis can result in a significant increase in the number of terminated fraudulent transactions and reduce the total amount lost. This session will review DNB's unique fraud governance model with an approach that focuses on first-party fraud with the same effort as third-party fraud.
Mr. Jim de Haas, ABN AMRO and Mr. Adam Palmer, Santander
This session will highlight updates to cloud assessments provided by ABN AMRO's and Santander's cloud security teams. Institutions will share what they are doing from a best practice perspective, their visions for future cloud risk assessments and methods to increase the effectiveness of risk analysis. ABN AMRO and Santander plan to define next steps in the cloud risk assessment field.
Mr. Sanjeev Shukla, Accenture and Mr. William Hoffman, Deutsche Bank
Mr. Chales Bretz, FS- and Mr. Darin Pettis, US Bank
Gain an understanding of the enterprise visibility problems that occur with the adoption of the cryptographic protocol known as Transport Layer Security 1.3. Serious issues have arisen because of the migration to TLS 1.3. Attendees will hear thought leadership around how TLS 1.3 can be used in conjunction with the new Enterprise Transport Security (ETS) standard. An overview will be shared along with an update about vendor adoption of ETS and timing.
Mr. Brett Lancaster, SWIFT
Join this session and witness a live cyber-attack to see how often overlooked security protocols leave the door wide open. Attendees will learn how by combining minor vulnerabilities, cybercriminals can infiltrate a business, steal data and cause untold damage to a company’s reputation. No real bank will be harmed in the process of this demonstration.
Ms. Tara Kenny, Lloyds Banking Group
Lloyds Banking Group’s (LBG) approach to enhancing operational resilience puts service continuity at the heart of its strategy. Learn how operational resilience is put into practice across a large corporate enterprise. Attendees will be provided with insights from one group’s overarching framework, notable challenges through various stages of strategy, key successes and important lessons learnt along the way, including how to engage from the board down.
Mr. Serge Ilyin, Intercontinental Exchange and Mr. Giles Barford, Intercontinental Exchange
Encrypted communications are commonly used by malicious actors for command and control (C2) channels. This session will offer a statistical technique for detecting C2 channels, using SSL/TLS JA3 fingerprints and analysis of connection intervals. Hear about the architecture needed to collect and analyse the underlying endpoint and network data, construct the model and investigate breaches. The described solution may be used by any financial institution to improve detection of commodity malware and advanced actors.
Mr. Tim Jordan, ING
ING has developed a physical board game to support internal learning and training of business continuity and crisis management topics. This effort to foster the corporation’s organizational resilience can be played by anyone and with no prior knowledge of the covered topics. In this session, attendees will play the game and learn how experienced business continuity and crisis management professionals use innovative tools to support awareness and competence among their teams.
Mr. Andres Maurer, UBS
Many companies still struggle to implement an effective access management system. Speakers will provide a holistic view of the access management process, critical success factors and best practices and illustrate inter-dependencies. This session will span both the business and technical aspects of access management by reviewing Zero Trust and eXtensible Access Control Markup Language frameworks. Attendees will formulate and structure their problems, contribute suggestions, share experiences and provide tips on best approaches.
Mr. Daniel Sierra Saavedra, Banc Sabadell
Collaboration between cybergangs has increased in recent years. This session will review ways gangs such as Trickbot, Gozi and Ramnit collaborate, offering their TTPs with each other in exchange for other tools, money and/or information. Attendees will walk through the development of a conceptual map and gain an understanding of the risks and how to forecast what to expect in the near future.
Dr. Jorke Kamstra, Euroclear
In an interconnected ecosystem, operational resilience is a top concern for financial services. Without operational resilience, any incident —internal or external— can escalate into a long-term outage. Operational resilience can lead to sound practices to help absorb shocks and assure senior stakeholders that business can continue even when an incident occur. This presentation will provide an overview of operational resilience and key takeaways .
Dr. David Aubrey-Jones, RBS
The ‘Black Swan’ theory is a metaphor that describes an event that comes as a surprise, has a major impact and is often inappropriately rationalized. Most organizations are so focused on immediate threats that they often fail to see the next ‘Black Swan’ threat. Examples include the WannaCry and NotPetya events. This session will discuss possible Black Swans that could be on the horizon within the next few years, how they may occur and the best ways a company can prepare for these attacks and their risks.
Mr. Adam Palmer, Santander
At the 2018 EMEA Summit, FS-ISAC and several members and sector stakeholders founded European financial sector resilience group to provide strategic guidance, input and additional high-level coordination for the European financial sector. This session will seek to solicit member input into the structure and activities of this entity.
Mr. Wade Bicknell, Db
Financial institutions have been constructing their CISO organisations with a "compliance first" approach. While this is effective in mitigating compliance risk, it can sometimes lead to uneven and/or ineffective cyberdefense platforms that attempt to cover the full spectrum of cyberthreats. By taking a threat-based approach, organizations can better understand their cyber-exposure, and better understand. what their strategy might look like against current and emerging threats, the gaps they may have to fill and how to structure their organisation around a threat-based approach. This session will provide an overview of the cyberthreats financial institutions face globally and share best practices on how a CISO organization can be structured around them.
Mr. Brett Lancaster, SWIFT
In its role in the global financial critical infrastructure, SWIFT continues to enhance its cyberprogramme to stay ahead of emerging cyber-attacks. SWIFT's internal cyber-programme is comprehensive, covering tools, processes, operations and cybersecurity teams which spans identification, protection, detection, response and recovery from cyberthreats. This session will review how SWIFT has used its Customer Security Framework to enhance security controls and resiliency three years after the attack against Bangladesh Bank. Attendees will hear firsthand how SWIFT is moving from "security built-in" to "resiliency built-in," as it adopts a layered approach to further strengthen its cyber-resilience.
Mr. Daniel Casado de Luis, Sabadell Banc
This presentation will provide insight into the overall attack surface of smart contracts to evaluate their threat landscape’s ecosystem: the contracts themselves, Ethereum Virtual Machines, nodes and exchanges. Comparison between successful non-FI smart contract deployments and applicability to FIs will be analyzed. Attendees will consider or not whether the contracts are as trustworthy for financial institutions as they are for other sectors.