• Overview
  • Program
  • Sponsors

Enduring Strength

Trust. Transform. Together.

Stay at the forefront of trends and challenges facing the financial sector through our curated and enriched content. Our thought-provoking and interactive sessions cover relevant topics including fraud, threat intelligence, resiliency, cloud and outsourcing. Build stronger relationships over two days with around 500 thought leaders, executives and members by sharing best practices.

Uniquely designed for the financial sector, the 2019 Europe Summit will provide you with actionable information needed to address evolving threats, develop new strategies and meet changing regulations.

Sessions are grouped into tracks. This year's tracks can be found here.

Members:

  • Platinum receive ten complimentary passes
  • Gold receive five complimentary passes
  • Premier receive two complimentary passes

After all complimentary passes are utilized, additional staff may attend at a cost.
Other membership tiers can attend at a cost.

Register Now

* Interested in sponsoring? Learn more here or email sales@fsisac.com. 

Travel Information

Reserve Your Hotel Room Now

FS-ISAC has reserved a block of rooms at the InterContinental® Berlin hotel.To receive the group rate, use this reservation link.
Berlin Tegel Airport (TXL) 
Distance to hotel: 9 km  
Drive Time: 20-30 minutes

Berlin Schönefeld Airport (SXF)  
Distance to hotel: 23 km   
Drive Time: 30-40 minutes

Justify your trip    

Call for Presentations

The Call for Presentations has closed. Submit late presentation proposals here.

Program

Monday, 28 October

Summit Chair

Carsten Fischer - Head of Information Security Operations, Deutsche Bank's Chief Security Office

Event Toggle Arrow

Carsten_Business_foto_Juli_2018Carsten Fischer joined Deutsche Bank’s Chief Security Office (CSO) in November 2017 as Head of Information Security Operations. Since January 2019 he is also Interim Head of Information Security Chief Technology Office.

Prior to this role, Carsten was Regional Head Information & Resilience Risk Management (IRRM) for Continental Europe and Global Head of Information Security Risk (ISR) in the Chief Risk Office.

Carsten joined Deutsche Bank after university in 1998 and had been working in different IT roles supporting the Corporate Center and Group Finance through 2004.

He was running Business Management and took on a Chief Operating Officer (COO) role, before becoming Head of Smart Sourcing and IT Risk Management for Investment Banking IT / Global Technology Capital Markets in August 2007.

From mid 2011 through to mid of 2013 Carsten was head of Risk and Control for Global Technology, and as such was responsible for all aspects of IT Risk Management and Operational Risk Management for Global Technology.

Carsten was the COO and Head of Strategy & Governance in the Chief Information Security Office (CISO) from October 2013 to February 2016. In this role, he was responsible for the Chief Administration Office Function, Governance, Strategy and Central Services (including Security Training and Awareness).

Carsten is member of the board of directors for Cyber Defence Alliance (CDA) and member of the International Banking Security Association (IBSA) representing Deutsche Bank.

Carsten did an apprenticeship with Deutsche Bank in 1989 and holds a degree in economic mathematics from the Technical University in Kaiserslautern.

8:30

Breakfast

9:30

Opening Remarks

9:45

Opening Keynote: Building Strong Cybersecurity Sharing Networks across Borders

Mr. Arne Schonbohm, German Federal Office for IT Security

Event Toggle Arrow

One of the central tasks of the German Federal Office for IT Security, as the national cybersecurity authority in Germany, is to collaborate with and engage in numerous networks of information exchange sharing. In his keynote address, the president of the German Federal Office for IT Security, Mr. Arne Schönbohm, will present the experiences his agency has had in cybersecurity awareness and resiliency. In doing so, Schönbohm will elaborate on the characteristics of strong information networks and provide examples for cooperation through those networks, both nationally and internationally.

 

10:30

Parallels between 'Prisoner's Dilemma' and Intelligence Sharing

Mr. Joseph Woodruff, EclecticIQ

Event Toggle Arrow

Prisoner’s dilemma is one of the most famous problems in game theory where two separate parties must cooperate to gain the highest overall reward, even if it is not the highest individual reward. This session will discuss the parallels between the “prisoner’s dilemma” and sharing intelligence within a community. It will also review the importance and benefits of being an active member in FS-ISAC’s community, by not only consuming intelligence, but also producing and sharing it.

11:15

How Good Metrics Make Effective Security Measurable

Mr. Nik Whitefield, Panaseer and Mr. Adam Palmer, Santander

Event Toggle Arrow

Whether it’s for the board, regulators, auditors or holding your own team accountable, financial institutions must demonstrate security control. This session will tackle common challenges that come with implementing effective security measures. Learn what constitutes a good metric and discover the type of data necessary to gain full visibility of security controls. See what it takes to have an automated, up-to-date metrics program readily accessible when stakeholders come calling.

11:15

MISP: Enabling Practical Cyber Adversary Campaign Analysis

Mr. Shane Duignan, Fidelity Investments

11:15

Destructive Malware Strategies for Cyber Resilience

Dr. David Aubrey-Jones, RBS

Event Toggle Arrow

The threat of destructive cyber-attacks continues to grow and the use of crypto-ransomware has skyrocketed since 2013, when Cryptolocker first demanded ransom payments using a digital currency. In 2017 we saw another game changer, with destructive worms being created when Wannacry and NotPetya caused huge damage. More recently we are seeing ransom attacks targeting organisations with the Bitpaymer, SamSam, Ryuk and LockerGoga ransomware. In some cases, backups have also been encrypted. In the face of increased threats, cyber-resilience is gaining more attention from regulators. This session will discuss the history and evolution of threats, what may be next and strategies to address concerns.

12:00

Lunch

13:00

How a Large Bank Is Implementing Information Protection

Ms. Lisa Lee, Microsoft

Event Toggle Arrow

There’s a big difference between having a data classification policy and implementing the controls to enforce it. Where should you begin? Identify the decision-makers who will decide the classification categories and labels to use.  Attendees will review lessons still being learned as a large bank moves forward with information protection and the tools to help financial institutions meet regulatory requirements and comply with guidance. This session will also provide an overview of best practices already identified.

13:00

BCD Scholarship: A Presentation from FS-ISAC's Scholarship

Mr. John Morgan Salomon, FS-ISAC

13:00

Autism, Cybercrime and the Future

Ms. Rebecca Ledingham, Mastercard

Event Toggle Arrow

A significant number of cyber-offenders show some autistic spectrum disorders. It is important to grasp the nuances of the behaviors to understand the threat actors targeting your organization. Attendees will gain insight into understanding who the offenders are by identifying key genetic traits, why they commit these crimes and learn how to gainfully employ people with autism to keep these cybercriminals at bay.

14:00

Detecting, Analyzing & Creating Actionable Intelligence

Dr. Carsten Willems, VmRay and Mr. Adam Palmer, Santander

Event Toggle Arrow

Explore the techniques advanced attackers use to defeat common security measures and learn how security teams can effectively counter-attack evasion techniques by improving operational security practices. Attendees will gain a better understanding of how to detect such attacks and gather actionable threat intelligence.

14:00

Defending Yourself from Risks Beyond Reach

Dr. Sam Small, ZeroFOX

Event Toggle Arrow

The biggest blind spot in enterprise security architecture may be activities taking place just beyond your view. Attackers hijack company accounts, launch spear-phishing campaigns against employees, build fraudulent accounts to socially engineer executives and attack customers at scale. This session will review truths about the modern digital and social landscape and take a deep dive into major TTPs.

 

14:00

Closing the Feedback Loop between Incidents and Hygiene

Mr. Todd James, UBS AG

Event Toggle Arrow

There are significant gaps between the findings when an incident is closed, when a red or purple team engagement has ended or when threat or open-source intelligence is distilled. Meaningful feedback is simply lost in a document or the roadblocks are so large that there is never any reduction to the attack surface. This session will review lessons learned about estate hardening and how closing the feedback loop between incidents and hygiene could help institutions prevent making the same mistakes.

14:45

Networking Break

15:15

How to become APT-Proof in 24 hours

Mr. Tim Ager, Cymulate

Event Toggle Arrow

Banking, financial services and insurance (BFSIs) companies are investing in information security more than any other sector. They’re doing everything right. From perimeter security and DLP to encryption and segmentation, in terms of optimizing their security posture, they’re already 80 percent there. Despite their efforts and with the risk of ATM- and ACH-related fraud, BFSIs are prime targets for advanced persistent threats (APTs). This session will review traditional and manual testing methods and explain why they fall short. Attendees will also learn how empirical risk scores can prioritize efforts and budget.

 

15:15

Threat Hunting: Taking Intelligence to The Next Level

Ms. Ria Biggs, Goldman Sachs

Event Toggle Arrow

Many financial institutions have mature cyberthreat intelligence programs but have yet to unlock the value of applying intelligence to cyberthreat hunting. This session will demonstrate how intelligence can be used to actively search for advanced persistent threats, including an explanation of Goldman Sachs’ approach to cyber threat hunting and how to turn intelligence into prioritized hunt missions with actionable results. Attendees will explore firsthand challenges and lessons learned when building a cyberthreat hunting team and advancing through the hunt maturity model.

15:15

Psychology of Social Engineering

Mr. Lance Wantenaar, Worldpay

Event Toggle Arrow

Social engineering is the biggest threat to organisations and it is being used with devastating effect in business email compromise fraud and phishing emails. This session will dive into the psychology and mechanisms of social engineering to explain how it affects a person when used to initiate phishing email link clicks or telephone social engineering of call centre staff to gain customer information. Attendees will understand how the brain processes these attacks to develop better awareness programs to protect staff and business profitability.

16:15

Silver Solutions Showcase: How to Train Your Organization to Deal with Hackers

Mrs. Lauren Koszarek and Mr. Ben Sadeghipour, HackerOne

16:15

Silver Solutions Showcase: Eliminating Credential Reuse, Fraud with True Password-less Security

Mr. George Avetisov, HYPR Corp

16:15

Silver Solutions Showcase: Disrupt Adversaries’ Pursuit of Exposed Data

Mr. Harrison Van Riper, Digital Shadows

16:15

Silver Solutions Showcase: Web Isolation: Enhance Business Function, Reduce Risk

Mr. Stefan Hager, DATEV and Mr. Henry Harrison, Garrison

16:15

Silver Solutions Showcase: How Managed Intelligence Benefits FIs of All Sizes

Mr. Krijn de Mik, Fox-IT

16:15

Silver Solutions Showcase: How Financial Companies Can Starve Attackers Who Live off the Land

Mr. Ofer Israeli, Illusive Networks

17:00

Reception

Tuesday, 29 October

8:30

Breakfast

9:15

Opening Remarks

9:30

How to Measure Anything in Cybersecurity Risk: Changing Perspectives

Mr. Adam Palmer, Santander and Mr. Doug Hubbard, Hubbard Analytics

10:15

How Terrorist Organisations Can Impact Banks

Mr. Jason Steer, Recorded Future

Event Toggle Arrow

This discussion will examine how a recent US designation of Iran's Islamic Revolutionary Guard Corps as a terrorist organisation can impact financial institutions. The presenter will demonstrate how new global realities can impact and potentially increase threats to banks throughout the world.

10:45

Networking Break

11:15

Hidden Tactics: The Hunt is On

Mr. Jonathan Couch, ThreatQuotient

Event Toggle Arrow

The increasingly popular MITRE ATT&CK framework provides great insight into the process of the attacker and offensive operations and strategic direction for security operations. ATT&CK can be leveraged with infrastructure and threat intelligence to start hunting for adversaries in a network, based on their tactics, techniques and procedures. In this session, attendees will walk through adversary operations and the ATT&CK model and map it against security infrastructure and processes. Speakers will discuss the future of security operations and how to leverage frameworks to hunt for adversaries based on their TTPs.

11:15

Lessons Learned from CTI Sharing between Competitors

Mr. Aviram Zrahia, Tel Aviv University

Event Toggle Arrow

Cyberthreat intelligence (CTI) sharing is a collaborative effort to fight cybercrime by leveraging capabilities, knowledge and experience with and among the broader financial sector. This session will offer a unique, multidisciplinary view of the challenges of CTI and look at the relationships between cybersecurity vendors. Attendees will gain insights from the network structure formed between vendors and characterize the relationships and common properties of sharing firms.

11:15

Schuman Series Exercise/Workshop

Mr. Greg Gist, FS-ISAC and Mr. Vincent Thiele, ING BANK

Event Toggle Arrow

Join this public-private working session to discuss protocols for the financial sector in reaction to a large-scale incident. Members and public agencies in the European Union will come together to discuss crisis coordination and response and resiliency actions.

12:00

Innovation Showcase Lunch

Event Toggle Arrow

In a TED Talks format, these showcase presentations will be high-level, conceptual discussions about industry advances within the financial sector.

12:00

Prioritize Vulnerabilities to Reduce Cyber-Risk

Mr. Jens Freitag, Tenable Network Security, Inc.

12:00

Transforming Financial Services with Active Analytics

Mr. James Mesney, Kinetica

13:15

A Full-Cycle Investigation of Phishers Targeting EMEA FIs

Mr. Dmitry Volkov and Mr. Nicholas Palmer, Group-IB

Event Toggle Arrow

Threat intelligence has identified and analysed 2.6 million unique phishing URLs on 727, 000 domains, which is a 9 percent increase from 2018. Phishers specializing in massive cyber-attacks use so-called phishing kits. This session will review research into phishing attacks that targeted EMEA financial institutions, the infrastructure the attackers used and the full-cycle investigation into the real identities of the attackers. Attendees will learn how to automate the capture of credentials stored in phishing logs and techniques used in online investigations of cybercriminals.

13:15

Intel Sharing and The Evolution of Threat Sharing

Mr. Alex Rifman, Anomali

Event Toggle Arrow

Intelligence and indicator sharing have come a long way from the dark ages of private forums. Today, threat intelligence platforms are regularly leveraged in operations centers across the globe to triage and disseminate actionable information. This session will review the history of information sharing, the current state of today’s analysis centers and how organizations automate incident response processes. Attendees will also take an in depth look at the near-term future of information sharing.

13:15

Providing an External Intelligence Lens to the Insider Threat

Mrs. Tracy Watts, Lloyds Banking Group

Event Toggle Arrow

Learn how to communicate internally to build the entire team's knowledge of threats and how to cultivate relationships with peers cross-sector to encourage sharing. Join this session to gain an external intelligence view into insider threat strategy.

14:15

After NotPetya, BadRabbit, WannaCry, What´s the Next 'Unexpected' Threat?

Mr. Zeki Turedi, CrowdStrike

Event Toggle Arrow

In 2017, the cyberworld was hit with numerous destructive attacks from a range of threat actors. What types of attacks are striking now and what is on the horizon? This session will share alarming trends observed in the global threat landscape and highlight evolving best practices that have proved most successful against cybercriminals, hacktivists and nation-state adversaries. Attendees will review the latest threat intelligence discovered in 2018 and 2019, how to use it to shape a security strategy, and lessons learned from in-depth digital forensics, incident response and remediation.

14:15

Developing a Threat Intelligence Program - From Zero-to-Hero

Mrs. Sonia Burney, Charles Schwab

Event Toggle Arrow

To successfully build a threat intelligence team, clear goals and initiatives need to be identified and developed through a standardized workflow. For each initiative, teams need to identify intake processes, standardize procedures, identify outputs, and report actionable intel to appropriate stakeholders. Teams can then determine automation for processes and outputs to perform analytics and machine learning on data and convert metrics into intelligence. This session will go through these road mapping steps and share examples of converting metrics into intelligence. Attendees will walk through how a successful threat intelligence team was built and lessons learned.

15:00

Networking Break w/Raffle

15:30

Thwarting Financial Fraud with Unique Fraud Governance

Mr. Terje Aleksander Fjeldvaer, DNB Bank ASA

Event Toggle Arrow

Fraud is more than just financial loss. Powered by new technology and the use of diverse channels, such as the call center and online banking, a holistic analysis can result in a significant increase in the number of terminated fraudulent transactions and reduce the total amount lost. This session will review DNB's unique fraud governance model with an approach that focuses on first-party fraud with the same effort as third-party fraud.

15:30

Cloud Risk Assessments 2.0

Mr. Jim de Haas, ABN AMRO and Mr. Adam Palmer, Santander

Event Toggle Arrow

This session will highlight updates to cloud assessments provided by ABN AMRO's and Santander's cloud security teams. Institutions will share what they are doing from a best practice perspective, their visions for future cloud risk assessments and methods to increase the effectiveness of risk analysis. ABN AMRO and Santander plan to define next steps in the cloud risk assessment field.

16:00

How to 'Conduct Risk' Can Change Security Culture

Mr. Sanjeev Shukla, Accenture and Mr. William Hoffman, Deutsche Bank

17:15

Chairman's Reception

Wednesday, 30 October

8:30

Breakfast

9:30

General Session

10:45

How TLS 1.3 Can Coexist in Your Enterprise

Mr. Chales Bretz, FS- and Mr. Darin Pettis, US Bank

Event Toggle Arrow

Gain an understanding of the enterprise visibility problems that occur with the adoption of the cryptographic protocol known as Transport Layer Security 1.3. Serious issues have arisen because of the migration to TLS 1.3. Attendees will hear thought leadership around how TLS 1.3 can be used in conjunction with the new Enterprise Transport Security (ETS) standard. An overview will be shared along with an update about vendor adoption of ETS and timing. 

10:45

SWIFT Red Team Live Hacking Demo on a Fictitious Retail Bank

Mr. Brett Lancaster, SWIFT

Event Toggle Arrow

Join this session and witness a live cyber-attack to see how often overlooked security protocols leave the door wide open. Attendees will learn how by combining minor vulnerabilities, cybercriminals can infiltrate a business, steal data and cause untold damage to a company’s reputation. No real bank will be harmed in the process of this demonstration.

10:45

The Increasing Focus on Operational Resilience

Ms. Tara Kenny, Lloyds Banking Group

Event Toggle Arrow

Lloyds Banking Group’s (LBG) approach to enhancing operational resilience puts service continuity at the heart of its strategy. Learn how operational resilience is put into practice across a large corporate enterprise.  Attendees will be provided with insights from one group’s overarching framework, notable challenges through various stages of strategy, key successes and important lessons learnt along the way, including how to engage from the board down.

11:45

Detecting SSL C2: Data Gathering, Aggregation and Analysis

Mr. Serge Ilyin, Intercontinental Exchange and Mr. Giles Barford, Intercontinental Exchange

Event Toggle Arrow

Encrypted communications are commonly used by malicious actors for command and control (C2) channels. This session will offer a statistical technique for detecting C2 channels, using SSL/TLS JA3 fingerprints and analysis of connection intervals. Hear about the architecture needed to collect and analyse the underlying endpoint and network data, construct the model and investigate breaches. The described solution may be used by any financial institution to improve detection of commodity malware and advanced actors.

11:45

Learning by Gaming - ING's Organizational Resilience Game

Mr. Tim Jordan, ING

Event Toggle Arrow

ING has developed a physical board game to support internal learning and training of business continuity and crisis management topics. This effort to foster the corporation’s organizational resilience can be played by anyone and with no prior knowledge of the covered topics. In this session, attendees will play the game and learn how experienced business continuity and crisis management professionals use innovative tools to support awareness and competence among their teams.

12:30

Birds of a Feather Lunch

13:30

Access Management: Overview, Critical Success Factors and Best Practices

Mr. Andres Maurer, UBS

Event Toggle Arrow

Many companies still struggle to implement an effective access management system. Speakers will provide a holistic view of the access management process, critical success factors and best practices and illustrate inter-dependencies. This session will span both the business and technical aspects of access management by reviewing Zero Trust and eXtensible Access Control Markup Language frameworks. Attendees will formulate and structure their problems, contribute suggestions, share experiences and provide tips on best approaches.

13:30

Division of Labour and Cybercrime

Mr. Daniel Sierra Saavedra, Banc Sabadell

Event Toggle Arrow

Collaboration between cybergangs has increased in recent years. This session will review ways gangs such as Trickbot, Gozi and Ramnit collaborate, offering their TTPs with each other in exchange for other tools, money and/or information. Attendees will walk through the development of a conceptual map and gain an understanding of the risks and how to forecast what to expect in the near future.

13:30

Operational Resilience: Ensuring Continuity in Wake of an Attack

Dr. Jorke Kamstra, Euroclear

Event Toggle Arrow

In an interconnected ecosystem, operational resilience is a top concern for financial services. Without operational resilience, any incident internal or external can escalate into a long-term outage. Operational resilience can lead to sound practices to help absorb shocks and assure senior stakeholders that business can continue even when an incident occur. This presentation will provide an overview of operational resilience and key takeaways .

14:30

Alert - Black Swans Coming

Dr. David Aubrey-Jones, RBS

Event Toggle Arrow

The ‘Black Swan’ theory is a metaphor that describes an event that comes as a surprise, has a major impact and is often inappropriately rationalized. Most organizations are so focused on immediate threats that they often fail to see the next ‘Black Swan’ threat. Examples include the WannaCry and NotPetya events. This session will discuss possible Black Swans that could be on the horizon within the next few years, how they may occur and the best ways a company can prepare for these attacks and their risks.

14:30

The European Financial Sector Resilience and Security Coordination

Mr. Adam Palmer, Santander

Event Toggle Arrow

At the 2018 EMEA Summit, FS-ISAC and several members and sector stakeholders founded European financial sector resilience group to provide strategic guidance, input and additional high-level coordination for the European financial sector. This session will seek to solicit member input into the structure and activities of this entity.

15:30

Threat-Driven Management: Building Organizations with Threats in Mind

Mr. Wade Bicknell, Db

Event Toggle Arrow

Financial institutions have been constructing their CISO organisations with a "compliance first" approach. While this is effective in mitigating compliance risk, it can sometimes lead to uneven and/or ineffective cyberdefense platforms that attempt to cover the full spectrum of cyberthreats. By taking a threat-based approach, organizations can better understand their cyber-exposure, and better understand. what their strategy might look like against current and emerging threats, the gaps they may have to fill and how to structure their organisation around a threat-based approach. This session will provide an overview of the cyberthreats financial institutions face globally and share best practices on how a CISO organization can be structured around them.

15:30

SWIFT's Enhanced Cyber Resilience 3 Years After the Bangladesh Attack

Mr. Brett Lancaster, SWIFT

Event Toggle Arrow

In its role in the global financial critical infrastructure, SWIFT continues to enhance its cyberprogramme to stay ahead of emerging cyber-attacks. SWIFT's internal cyber-programme is comprehensive, covering tools, processes, operations and cybersecurity teams which spans identification, protection, detection, response and recovery from cyberthreats. This session will review how SWIFT has used its Customer Security Framework to enhance security controls and resiliency three years after the attack against Bangladesh Bank. Attendees will hear firsthand how SWIFT is moving from "security built-in" to "resiliency built-in," as it adopts a layered approach to further strengthen its cyber-resilience.

15:30

Smart Contracts, Are You Sure?

Mr. Daniel Casado de Luis, Sabadell Banc

Event Toggle Arrow

This presentation will provide insight into the overall attack surface of smart contracts to evaluate their threat landscape’s ecosystem: the contracts themselves, Ethereum Virtual Machines, nodes and exchanges. Comparison between successful non-FI smart contract deployments and applicability to FIs will be analyzed. Attendees will consider or not whether the contracts are as trustworthy for financial institutions as they are for other sectors.

16:15

Reception