• Overview
  • Program
  • Sponsors
  • On-Demand

The Paradigm is Shifting

The financial services industry is evolving its business models to serve its customers and employees in a world where digitization is no longer an option. In this new era, where not only customers but also employees must adjust to operating virtually nearly overnight, cyber criminals are seeing endless opportunity.

During this virtual summit we will present important aspects of our new member experience as well as facilitate training sessions, demos and more. Stay at the forefront of the new trends and challenges facing the sector through our curated and enriched virtual content.

A mix of live and on-demand sessions covering relevant topics around:

  • Fraud
  • Threat intelligence
  • Testing and assurance
  • Risk management
  • Cloud, virtual environments
  • Resiliency

*** Please note that thanks to the generous support of our sponsors, FS-ISAC members can attend at no cost. 

Registration for this event is closed.

Program

Summit Chair

Timothy Byrd, CISO, TIAA

Event Toggle Arrow

Tim Byrd joined TIAA in 2019 as the Chiefheadshot Information Security Officer (CISO). In this role, Tim is responsible for the information security strategy and governance, technologies, security engineering, and cyber defense and monitoring.

Recognized as an industry leader, Tim currently serves as the Banking Policy Institute’s BITS (Business Information Technology Security) Security Steering Committee Chair, focusing on various sector-wide initiatives such as cloud security and identity and access management. He also serves on the Board of Directors of the Financial Services Information Sharing and Analysis Center (FS-ISAC).

 “Our role in Information Security is to protect our customers and enable our business. By creating a strong cybersecurity posture, we can drive towards digital transformation and provide a better customer experience.” – Tim Byrd

 

Background

Prior to joining TIAA, Tim served as Executive Vice President, Head of Strategic Assessments and Engagement at Wells Fargo, and was responsible for front-line information security and risk assessment. His responsibilities included designing a risk-based approach and building a world-class team to execute cyber-risk initiatives globally. Additionally, Tim oversaw third-party risk programs, security awareness and training, and all external cybersecurity public-private partnership engagement. He was also selected to serve as the executive sponsor for all cloud security efforts. In this role, Tim established strong governance and security criteria and led a cloud strategy transformation at Wells Fargo.

Before his time at Wells Fargo, Tim was the Senior Vice President, Global Information Security Executive at Bank of America, holding a variety of leadership positions during his 12-year tenure. In various roles, he provided strategic direction for the Distributed Denial-of-Service, Advanced Persistent Threat, Malware, Cyber Analytics and Network Access Control programs to design and build operational controls and end-to-end strategy.

Tim received a Bachelor of Science in Management Information Systems from the University of North Carolina at Charlotte and currently holds four product patents.

About TIAA

TIAA is a unique financial partner and the leading provider of financial services in the academic, research, medical, cultural and government fields. TIAA has $970 billion in assets under management (as of 12/31/2018) and offers a wide range of financial solutions, including investing, banking, advice and education and retirement services.

Tuesday 19 May

10:15 AM EDT

Opening Keynote: Innovation through Crisis: Lessons Learned from the 2008 Crisis and the Fintech Revolution 

Daniel P. Simon, Author of ‘The Money Hackers' and CEO of Vested

Event Toggle Arrow

Daniel P. Simon is a writer, entrepreneur, and financial communications expert. He has been part of the Fintech Revolution since its inception, advising on some of the biggest brands in the space including Morgan Stanley, Bloomberg, and Goldman Sachs.

Watch the trailer for his book. dan_headshot

The 2008 financial crisis brought challenges for many industries and businesses. Financial services was no exception. The banking industry was forever changed as a result of increased regulatory oversight and competition from new, and in some cases unforeseen, competitors. But for those who chose to see it – the emerging fintech providers – the 2008 crisis brought opportunity to offer new and innovative financial services. Today we face another crisis. Will your organization innovate and solve the problems at hand, or will you be left behind? Join us for this talk from Daniel P. Simon, author of The Money Hackers – Simon’s soon-to-be-released book that reviews some of fintech’s most powerful disruptors to explain how the Silicon-Valley thinking behind fintech continues to impact the banking industry today.

 

10:45 AM EDT

Internet Isolation: A Key Requirement for Modern Security Architecture

Kowsik Guruswamy, Menlo Security

Event Toggle Arrow

The cloud provides an on-demand set of software and network services that promise to reduce costs, improve productivity and offer infinitely scale with ultimate flexibility. But most companies don’t fully understand what it takes to complete this journey successfully, especially when it comes to security. This session will review how and why internet isolation is not just a theoretical goal, but a proven architectural approach that is being used today to help companies move to the cloud with the best security standards in mind.

10:45 AM EDT

Button It Up –Securing and Governing Your Azure Workloads

Lisa Lee, Microsoft

Event Toggle Arrow

You need to migrate to the cloud. You want to migrate to the cloud. But how can you be sure you are securely operating your workloads in the cloud? Your team may have the skills and maturity, but perhaps you want to confirm you are using the best controls available. This session will address some of the critical decisions and actions you need to take to ensure the security of your Azure environment and workloads. It will point you to ways you can monitor and improve your security posture as well as include a list of the most critical logs you should integrate into your SIEM.

10:45 AM EDT

Risk Management: Managing ‘Conduct’ Risk in Evolving Work Environments

Charles Keane, Forcepoint

Event Toggle Arrow

Trade surveillance, compliance/fraud monitoring and conduct risk – financial service organizations have developed sophisticated methodologies to address these issues, and yet concerns remain. With an ever-increasing demand to increase productivity, reduce costs and accommodate the new realities of a highly mobile workforce the need for precision in evaluating risk has never been greater. Despite these changes, an organization’s most valuable resources remain constant – it’s people and the sensitive data they interact with. This session will provide security leaders with strategies for improving their security posture while concurrently addressing core business needs. Gain insights into how to continuously evaluate this critical interaction by proactivity identifying risk indicators to reduce exposure and drive value.

11:30 AM EDT

Using Intelligence Sharing to Combat BEC

Crane Hassold, Agari | Teresa Walsh, FS-ISAC | Jackie Winters, American Express

Event Toggle Arrow

Phishing via non-technical social engineering methods, such as business email compromise (BEC), has increased significantly in recent years, costing businesses more than $26 billion since 2016. One of the most effective ways to make a positive impact is by disrupting the financial supply-chain that drives these attacks. This session will review how intelligence sharing can be used to diminish the effective lifespan of mule accounts and provide an overview of intelligence collected from research into BEC groups. The session also will discuss a real-world case of how intelligence-sharing has been used to shift part of the BEC ecosystem. 

11:30 AM EDT

Shifting PAM into High Gear with Zero Standing Privilege

Paul Lazi, Remediant

Event Toggle Arrow

Zero Standing Privilege was a new term introduced in 2019 and could be the best approach to shift your PAM strategy into high gear. This session will discuss how PAM projects have historically been managed, highlighting a new PAM approach to reduce the impact of compromised admin credentials. If you’re looking for quick wins in PAM, including removing local admin rights and supporting DevOps+PAM use-cases, join this session to learn how other organizations like yours have succeeded.

11:30 AM EDT

The Exponential Cost of Ransomware: Assessing the Impact

Allison Baker, Bank of America

Event Toggle Arrow

As ransomware attacks increase in frequency and demanded ransom payouts increase in size, more organizations are choosing to comply with cybercriminals by paying the ransom to regain access to compromised systems., Often, organizations rely on cyber-insurance to cover these payments.  As a result, the relatively low barrier of entry and high success rates attract cybercriminals to this threat vector. For organizations without cyber-insurance, increasing payments can force closure, causing economic and community impact. By providing basic training and sharing resources, institutions with robust information security programs can provide a valuable proactive resource against ransomware attacks.

12:10 PM EDT

Lying & Stealing: CyberFraud in Brokerage & Retirement Accounts

Dennis Lamm, Fidelity Investments | Lisa Tassara, Charles Schwab | Matthew O'Neill, USSS | Peter Falco, FS-ISAC

Event Toggle Arrow

Increasingly, organized crime and fraudsters are targeting customer brokerage and retirement accounts. Fraudsters are aware that the average brokerage account and 401(k) balance is significantly greater than the typical bank account, making them a lucrative target. The billions of compromised credentials available on the dark web, compounded by the typical customer who reuses credentials, increases this risk. This cyberfraud also creates a notable financial risk for broker-dealers and 401(k) recordkeepers, as customers typically expect reimbursement for their loss. This session will explore the methods used by today’s fraudsters and the controls used (or not) by leading broker-dealers to address this threat, and will discuss the challenges in the implementation and maintenance of these controls. 

12:10 PM EDT

Anatomy of the Invisible Firmware Attack

Yuriy Bulygin, Eclypsium

Event Toggle Arrow

Hackers are using firmware implants and back doors to compromise enterprise security via attacks that are stealthy and persistent. Firmware and hardware attacks are invisible to most financial organizations today. This session will illustrate the anatomy of a successful firmware attack, and walk attendees through how to dissect the attacker's motivations, while also showing the firmware components used in attacks.

12:50 PM EDT

Fighting Fraud: Strategies to Advance Payments Security

Jim Cunha, Federal Reserve Bank of Boston

Event Toggle Arrow

Today’s highly interconnected and digitized financial environment has spawned a multitude of new strategies for fraudsters. In the face of growing challenges, the commitment to improve payment security is motivating public and private sector action and collaboration to address key issues. This session will explore ongoing efforts to address payments security risks, including a campaign to promote industry adoption of the Fraud Classification Model and efforts to counter synthetic-identity-payments fraud. Attendees can expect to walk away from this session with a clear understanding of the Fraud Classification Model for Payments, with supporting definitions, and an industry adoption roadmap.

1:05 PM EDT

How the Rapid Growth of Security Tools Is Increasing Overall Risk

Gaurav Kulkarni, ReliaQuest

Event Toggle Arrow

A rapidly growing number of security tools have arisen to help organizations better secure their environments and actively protect important data, from SIEM to EDR to SOAR and more. In response, many organizations are purchasing more tools than they can effectively manage as they struggle to stay protected against the latest security threats. This growing set of tools actually increases organizational risk levels and decreases security teams' ability to respond effectively to threats. In this session we will explore how your organization can assess this and simple measurements you can take to decrease this risk moving forward.

1:05 PM EDT

Defeating Online Fraud Beyond Your Virtual Jurisdiction

Sam Small, ZeroFOX

Event Toggle Arrow

Online fraud across the internet is more persistent than ever, while the status-quo for preventing, identifying and remediating online fraud is often cumbersome and insufficient. This session will review results from a year-long effort to measure online-fraud trends. Practitioners will also learn a digital-threat taxonomy to help more rigorously evaluate programs, playbooks and priorities.

1:45 PM EDT

Attack Like a Panda: Fight like a Red Team

Adam Perino, Ryan Linn, Jordan Wigley | Wells Fargo

Event Toggle Arrow

The best-defended organizations in the world prepare to mitigate the most sophisticated threats. Instead of waiting for elite adversaries to target your organization, collaboration between your CTI, red, and blue teams can simulate mitigating any type of adversary: whether you are preparing for pandas, bears, or even kittens. Wells Fargo Information and Cyber Security leaders will discuss how to build actionable threat actor profiles, conduct red team attacks that emulate adversary behavior, and how to tame the most furious of cyberbeasts.

1:45 PM EDT

Building Temporal Least Privilege Controls to Public Cloud

Morgan Akers, JPMorgan Chase

Event Toggle Arrow

Leveraging public cloud resources to process sensitive data is critical to the future of financial services. This presentation outlines sets of controls to manage sensitive data on public cloud infrastructure. The approach uses the concept of least-privilege access in combination with limiting access time windows. This limits the number of users/systems that have access to data at any point in time, thus reducing the threat induced by persistent role-based access. This generalized design pattern can be applied across multiple cloud providers while also being extensible to support additional policy decisions.  

1:45 PM EDT

Work from Home: The Reality of Digital Collaboration

Mark Ostrowski, Check Point

Event Toggle Arrow

As the current world crisis forces businesses to allow their employees to work from home, new risks and dramatically increased attack surfaces have appeared overnight. What previously took place within the seemingly safe confines of corporate offices now has been exposed to the world in a completely new way. Not only are employees connecting in and accessing data on corporate networks, they also are exposing confidential information over digital collaboration tools that typically contain video and audio capabilities. This session will discuss the new risks working from home is posing for business and misconceptions around the security and privacy of digital collaboration.

2:25 PM EDT

Visibility from the Stratosphere: A Firm's Cloud Migration Insights

Brandon Dixon, RiskIQ

Event Toggle Arrow

"Cloud migration" sounds straight-forward, but it's not that simple. What is the migration process actually like, and how has it changed in the age of the remote workforce? What should an organization now be thinking about? This session will highlight how one financial institution has adopted cloud and what that adoption has meant for the institution's attack surface. Session details will include adoption metrics, the cloud providers leveraged, supportive tools, challenges and recommendations for companies considering or starting their own remote-access process as part of their COVID-19 crisis.

2:25 PM EDT

Future Cyberthreats to Financial Services

Rikki George, Accenture | James Katavalos, Citigroup

Event Toggle Arrow

During this session, cyber threat experts will discuss how threat actors are increasingly conducting multi-staged attacks targeting the critical value chains that support the financial sector. Key themes will include attacks that involve one or more of the following themes: credential, identity theft and abuse; data theft and manipulation; destructive and disruptive; disinformation; emerging technology; and supply chain.

3:05 PM EDT

Using the Right Metrics to Share Cyberthreats with the Board

Kristen Marquardt, Marc Spitler, Nicolette Ghosh | Bank of America

Event Toggle Arrow

What metrics are the right metrics to capture the necessary cybersecurity information for leadership? This session explores a large institution's approach to consistent board reporting about threats, risk and controls. It also will provide analysis from a practitioner of third-party information-security who will review the metrics and give insights into the methods, challenges and opportunities for automation. Attendees can expect to gain a clear understanding of how to leverage a consistent approach for reporting cyberthreats and risks to leadership.

3:05 PM EDT

Defeating Application Fraud in a Multicloud World

Shuman Ghosemajumder, F5

Event Toggle Arrow

Applications represent the single most lucrative set of targets for cybercriminals, with estimated online fraud losses from application attacks projected to exceed $48 billion per year by 2023. Defending apps against attacks, fraud, and  abuse in a multicloud world requires outcome-based methodology. This session will explain how attacker sophistication and adaptability to modern application development practices are changing the threat landscape. Financial institutions need to hold their partners and technology providers accountable for security outcomes.

3:05 PM EDT

Short Circuit: Tripping the Market Breakers in a Crisis

Peter Falco, FS-ISAC

Event Toggle Arrow

Did you know circuit breakers for markets and exchanges have been around for more than 25 years and are designed to help reduce market volatility during a crisis? In light of the COVID-19 pandemic, some of those circuit breakers have been tripped. What does this mean for information security practitioners? How does this assist in protecting the industry? This session will provide an overview of the history and purpose of circuit breakers, and what security professionals need to understand when a circuit breaker trips again.

3:45 PM EDT

Using Threat Objectives to Communicate Threat Intel with the Board

Jerry Perullo, The Intercontinental Exchange

Event Toggle Arrow

The Threat Objectives approach to a cybersecurity strategy focuses on the motivation of adversarial threats, rather than on the who, what, where, when or even how. But organizing adversarial threats based on “who, what, where” questions has proven effective, especially when it comes to sharing threat intelligence with organizational boards. Narrowing the dialog with the board down to specific steps for control implementation and harmonizing with the board on a small set of threat objectives will help cyberteams align their vocabulary to tag threat intelligence, testing and technology. In this perennial FS-ISAC session, Jerry Perullo, the CISO at Intercontinental Exchange Inc., will walk the audience through several practical applications of the Threat Objectives approach, including a "Board Risk Committee" presentation, scoping a red team engagement, and risk-rating a discovered vulnerability to prioritize remediation.

Wednesday 20 May

10:00 AM EDT

Responding to COVID: A Fireside Chat with DHS Dir. Christopher Krebs

DHS Dir. Christopher Krebs | Jenny Menna, US Bank

Event Toggle Arrow

Join us for this interactive one-on-one discussion with Christopher Krebs, the first Director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, who will review the impact that the COVID-19 pandemic is having on critical infrastructures in the US. How are critical-infrastructure industries such as financial services responding? Now that the U.S. and their global workforce is working from home, new stresses and demands on infrastructure, such as connectivity disruptions and cyberthreats are top concerns. Join us for this fireside chat with Dir. Krebs as he discusses his take on what the future holds, as well as implications that this pandemic could have on the long-term sustainability of outsourced IT services and call-center operations in other countries.

10:15 AM EDT

Panel: Financial-Services’ Global Response to COVID-19

Steven Silberstein, FS-ISAC | Daniel Barriuso, Santander Bank | Paul Benda, American Bankers Association | Sunila Shivpuri, Deutsche Bank | Fabrizio Pinna, Banco Bradesco

Event Toggle Arrow

From the early days of the COVID-19 outbreak, the financial-services sector’s response has set an example in responsiveness, resiliency and security. Join us for this interactive panel, moderated by FS-ISAC CEO Steven Silberstein, to learn how the sector’s playbook was invoked and the industry moved from preparation to widescale execution of work-from-home. All of this was accomplished while also keeping the sector running and protected as new threats emerged. Learn how financial services is setting an example for pandemic response now and into the future.

10:55 AM EDT

Proactive Security at Scale: Smarter Vulnerability Management Through Data Science

Matt Costello, Missy Gillette, Booz Allen Hamilton | Jessica Colvin, JPMorgan Chase

Event Toggle Arrow

Although vulnerability management is a fundamental piece of cybersecurity, most organizations fail to adequately understand and mitigate vulnerabilities in their environments. The core issue is cyberdefense’s emphasis on detection and response rather than preparation and prevention. Complex tool-coverage layers prevent timely responses; manual discovery and mitigation/remediation expose businesses to unnecessary risk; and the volume of vulnerabilities makes accurately understanding exposure nearly impossible. This session will review how data science and analytics provide better ways to execute vulnerability management at scale.

10:55 AM EDT

Collective Defense: Working Together to Shore Up Cyber-Defenses

Gen. (Retired) Keith Alexander, IronNet Cybersecurity

Event Toggle Arrow

Collective defense is an enduring security principle that binds members together against a definitive threat. With the proliferation of advanced attack techniques, it is more important than ever for companies to work together toward common defenses. This session will examine the current state of affairs in defending critical infrastructure and offer collective security strategies for near real-time industry collaboration to counter cyber-operations targeting financial services.

10:55 AM EDT

Operationalizing Predictive Intelligence through Automation

Dr. Anuj Goel, Jake Smith | Cyware

Event Toggle Arrow

Threat intelligence sharing offers a proactive approach to identifying and mitigating threats. By automating threat intel collection, analysis and dissemination, predictive intelligence can provide greater visibility to threats. This allows threat intel teams to anticipate and counter those threats before an attack. This session will examine how end-to-end threat intel automation in a closed and trusted sharing environment can be used to operationalize actionable and relevant predictive intelligence.

11:40 AM EDT

Proximity & Protection: How Financial Institutions Strengthen Fraud Protection

Dennis Busch, IH Mississippi Valley Credit Union

Event Toggle Arrow

Financial institutions continue to enhance and refine their fraud management efforts using technology. This session will explain how financial institutions can enhance their fraud detection by using readily-available geolocation data and analytics. The method discussed provides near real-time detection using events/logs from various sources across the institution’s IT infrastructure as well as cloud/partner service providers.  We will describe the approach the Mississippi Valley Credit Union has successfully implemented, show how this supports both fraud reduction and customer satisfaction, and discuss lessons learned.

11:40 AM EDT

Success with Security Initiatives within a Lean Operation

Mary Swiderski, Tess Balzer | Alliant Credit Union

Event Toggle Arrow

When we do not communicate creatively and effectively, not only do we fail at our security initiatives, but the relationships with key technology and business partners deteriorate. We will discuss the steps needed to successfully complete security initiatives within a lean operating model. From awareness to identity access, we’ll identify some creative ways you can take ideas from conferences like FS-ISAC and put it into practice, gaining the support of leadership along the way. 

11:40 AM EDT

Are We Missing the Point?

Lamont Orange, Netskope | Gary Long, Golder Associates

Event Toggle Arrow

Many recent, extremely public conversations about cloud security seem to focus on the inadvertent consequences of transformation as reason to stick with legacy approaches. We think that is entirely missing the point. Our session will address how we can use the progression to the cloud as a fresh start to fix the problems that have always plagued cybersecurity, rather than being held back by them.

12:20 PM EDT

Purple Teaming: The Fall of The Berlin Wall

Frank Clowes, JPMorgan Chase & Co.

Event Toggle Arrow

The concept of Purple Teaming has been around for a few years: how can you make sure that your incident response (Blue) team and your adversary emulation (Red) team work together to address concerns discovered during assessments? Leveraging the MITRE ATT&CK framework and threat intelligence information, we've improved the defense of our firm while improving the day-to-day communication between our teams. In this session we'll share lessons learned of how to achieve a Purple Team mindset in a financial institution.

12:20 PM EDT

So You Have MITRE. What's Your Point?

Jake Lee, Wells Fargo

Event Toggle Arrow

MITER ATT&CK and Pre-ATT&CK Framework are the buzzwords du jour.  But what is the bottom line benefit beyond just consistency and a productivity boost? This session explains how, by applying MITRE ATT&CK as one of the support cornerstones of day-to-day operations, you can build a “Rosetta stone” for the business that can be used to translate and interpret results to build business cases and justifications. We show how you can build out the process and technology to support leverageable cybersecurity defense tools, then apply standard business analytics to determine where and how  cybersecurity investments are providing value to manage risk.

12:20 PM EDT

Demystifying Hacker Magic: 7 Principles of People Hacking

Hayley Cohen, IBM Security

Event Toggle Arrow

Recent studies show that 93% of all data breaches start from attacks targeting people. That's because hacker tools and tricks prey on human frailties. To the untrained eye, the attacks can look like magic: They create an illusion to get around security measures. While psychological and mental miscues explain why phishing attacks and phony websites are so successful, many organizations continue to focus on network perimeters and devices, rather than people. This session will explain the fundamentals of hacker tactics that exploit people, using the principles of magic.

1:15 PM EDT

Why Your SDLC Keeps Failing and How to Fix It

Jeff Williams, Contrast Security

Event Toggle Arrow

Security teams have spent decades trying to get software development to avoid security mistakes. Despite brilliant individuals and Herculean efforts, nothing has significantly changed, except that buffer overflows have become dramatically less prevalent. This session will explore a new approach to application security being used in several large financial organizations. This approach, inspired by ASLR and DEP, starts with instrumenting web applications and APIs with powerful application security capabilities.

1:15 PM EDT

Scale Up Your Security Telemetry

Mike Wilusz, Chronicle

Event Toggle Arrow

Big data once meant terabytes; Today, your business thinks in petabytes or more. In this session, you will learn how to investigate incidents in your own network by correlating your massive amounts of telemetry data with threats in the wild at the speed of a Google search. Power your incident investigation and threat hunting with relational metadata and retroactive and proactive hunting capabilities in the world’s largest malware library.

1:15 PM EDT

Lessons in Implementing Threat Intelligence for CTI and SOC Teams

Joep Gommers, EclecticIQ

Event Toggle Arrow

Sometimes it seems CTI teams and SOC teams see the world differently. But they all face the same issues: An expanding attack surface, high complexity of threats, consolidating architectures which increase the impact of breaches and the ongoing challenge of balancing automation versus analyst focus. This session will outline the challenges and lessons learned implementing threat intelligence in both contexts.

2:00 PM EDT

Unveiling the Wonder of Automated Vulnerability Management in the Cloud

Eric Zielinski, Nationwide

Event Toggle Arrow

As more workloads move to the cloud, it is critical to secure those workloads against known vulnerabilities.  Benefits of the cloud include agility, speed and innovation, but the cloud also can pose a challenge for vulnerability management. This session will review best practices for cloud-vulnerability management, with a strong focus on automation. The session will also demonstrate options for asset-management, vulnerability-detection, remediation and reporting surrounding cloud vulnerabilities. 

2:00 PM EDT

How to CrowdSource Your Incident Response Function

Ariel Weintraub, Todd Campbell | MassMutual

Event Toggle Arrow

Learn how to use a streamlined methodology to leverage multiple roles across your cybersecurity and business teams to quickly manage incidents and mitigate control breaks before they have a chance to become incidents. Using the same methodology across both incidents and control breaks gives your business information security officers and control owners more exposure to the technical cyber-issues occurring on a day-to-day basis, while enabling your incident responders to focus on realized risk. 

2:40 PM EDT

Point-in-Time Assessments Are Over: A Technical Approach to 3rd Party Risk

Ely Pinto, American Express

Event Toggle Arrow

Third-party supply chain vendors and partners may represent the greatest risk to an organization's overall security program. However, owing to excessive trust in vendor capability or misconceptions regarding accountability for data protection, many organizations dedicate few resources to addressing third-party risk. Existing third-party risk programs tend to center almost entirely on periodic point-in-time assessments and questionnaires, and often culminate in acceptance of risk without an  accurate understanding of its extent or  without any active mitigation program in place. More than ever, the status quo needs to be challenged with a more security-centric approach.

2:40 PM EDT

Ensuring Operational Resilience During Digital Transformation

Keith Pearson, ServiceNow

Event Toggle Arrow

Operational resilience ensures that you can recover efficiently and effectively from a business disruption, which can easily occur during a time of digital transformation. While digital transformation brings organizations unmatched opportunities and capabilities for growth, it also creates a rapidly changing business environment that introduces new risks, making it imperative for organizations to manage them. However, to successfully manage the risk in digital transformation and ensure operational resilience you need a modern, integrated platform and an advanced approach to risk. Join us to discover how to transform your risk program so you can build operational resilience across your people, partners, technology, cyber and property.

2:40 PM EDT

How to Determine Your Employees' Security Awareness GPA

Marcy Zeplin, Genworth

Event Toggle Arrow

Are you curious about your employees' security awareness GPAs? This session will describe how security awareness GPA was developed using existing, albeit disparate, data points within a security awareness program. It will also explain the grading criteria and course-weighted system based on normal and specialized (privileged) users, along with rationale for differentiating users into two groups. This session will give a clear understanding of security awareness GPAs that can be shared with senior management within your organizations.

3:20 PM EDT

Applying Data Science as a Cornerstone for a Cybersecurity Program

Jim Routh and Alex Baldenko, MassMutual

Event Toggle Arrow

Data science capabilities are essential for the evolution of cybersecurity control design. This session offers several examples of how machine learning algorithms, sourced from vendor products, when modified or created, can enable more effective cybersecurity control design with lower labor costs. Applications include privileged user management, third-party governance, and tier one security-monitoring assistance. 

FS-ISAC thanks sponsors for their generous support. 

On-Demand

Natural-Language Generation: Creating Intelligence Reports from Structured Data

Jorg Abraham and Sergey Polzunov | EclecticIQ

Event Toggle Arrow

Natural-language generation is a specialized branch of artificial intelligence that describes the process of transforming structured data into text narratives. Different from natural-language processing, which reads and analyzes textual data to derive analytic insights, NLG composes synthesized text through analysis of pre-defined structured data. NLG in the information security space, and particularly within the cyberthreat-intelligence domain, remains sparse. This session will review how to use solutions to automate repetitive tasks related to intelligence-dissemination, as well as ways to introduce AI into intelligence operations.

Intelligence and Threat Actor Assurance, Leveraging Validation

Colby DeRodeff, Mandiant Security Validation

Event Toggle Arrow

How often are you asked if your infrastructure is safe against a particular threat actor? Answering this question is difficult without rock-solid evidence that your security controls are blocking, detecting and alerting based on real-life adversary behaviors. This session will review security instrumentation, an approach that uses real adversary behaviors to validate an organization’s ability to defend itself and suggest remediation steps. Attendees will walk away with a better understanding of how to ensure their controls will detect and prevent TTPs being leveraged against their organizations.

Lessons Learned in 10 Years of AppSec

Chris Eng, Veracode

Event Toggle Arrow

In tech, a decade is a lifetime. Consider that Uber, Square and Slack are all less than 10 years old. Software development has changed dramatically in the past 10 years as well, fueling many of the changes we see in the workplace and in our daily lives. But has software security evolved at all? We will take a look back at the last 10 years of software security to see what’s changed, what’s stayed the same, and how we can learn from our past.

Actionable Cybersecurity Best Practices in Disruptive Times

Grainne McKeever, Imperva

Event Toggle Arrow

The current environment is causing business disruption on a global scale, forcing industries to quickly adapt to the changing market, which is creating a hotbed of opportunity for cybercrime. The Financial Services sector has always been a prime target for attackers. Many banks and financial institutions are looking for ways to ramp up security to ensure their operations and critical data are protected. During this session, you will hear about the latest industry trends and actionable best practices to put in place to protect your company's valuable data and applications in turbulent times.

Learn More about Adversaries through 'Useless' Data

Jeremiah "Jay" Hankins, Root9B

Event Toggle Arrow

Recognizing data-set limits by searching for patterns consistent with reconnaissance and then correlating those patterns chronologically with geopolitical events has proved increasingly productive for threat mitigation. This session will review how combined threat-intelligence and data-analysis of blocked email logs in a global enterprise network has provided some surprising insights about significant nation-state threat actors as well as explain how this analysis technique can be applied to multiple types of data-sets.

The Evolution of Ransomware and What to Expect Next

Jason Rivera, CrowdStrike

Event Toggle Arrow

Financially motivated ransomware attacks continue to be a threat to businesses and the government. Many attacks use custom-compiled malware that is able to evade detection. Criminal threat-actors also collaborate with each other in a series of criminal ecosystems, allowing them to specialize in particular areas and then combine efforts. This session will cover the evolution of ransomware, the most prolific trends and techniques used by ransomware operators as well as offer an assessment of how ransomware is likely to evolve in the near future. The session also will review how threat actors are targeting commercial organizations with ransomware, and what commercial organizations can do to potentially mitigate destructive ransomware attacks.

How to Use Deception to Stop Post-Breach Attacker Movement

Ofer Israeli, Illusive Networks

Event Toggle Arrow

Despite the money, time and attention financial institutions have focused on cybersecurity, detecting advanced and persistent threats remains an intractable challenge. Deception technology is allowing financial institutions reshape their security programs to mitigate the cyber-risks associated with digital transformation and technology-driven business models. In this session, we will discuss how distributed deception technology gives organizations a way to regain control against the attack process.

Optimizing SecOps, Communicating to the Board During Times of Change

Kory Daniels, Trustwave

Event Toggle Arrow

As businesses continue to respond to the global pandemic of COVID-19, we have put many of our goals and priorities on-hold and have quickly pivoted to executing business-continuity plans, rapidly deploying remote workforces, adopting supportive cloud applications, and more. Whether you are assessing security costs, streamlining solutions and dumping “wasteful” spending, or are re-prioritizing personnel, optimizing security operations requires making choices. This session will review how to create economic efficiencies, communicate with your boards and solve the challenges of today’s threat landscape.

Explainable Threat Intelligence: Behind the Curtain of Threat Classification

Chip Epps, Reversing Labs

Event Toggle Arrow

What if today's security analysts had access to the most timely and relevant threat intelligence and had the ability to consume that intelligence in a verifiable way? This session will examine the next generation of explainable threat intelligence, which oftentimes integrates threat intelligence with existing environments (e.g., SIEM and SOAR) and maps it to common attack frameworks, such as the MITRE ATT&CK Framework. This session also reviews how contemporary malware is challenging security teams and why destructive-object insights are so relevant.

Continuous Controls Monitoring: How to Do It, What to Measure

Nik Whitfield, Panaseer

Event Toggle Arrow

Continuous controls monitoring is an emerging category of security that enables continuous visibility, measurement and remediation of cybersecurity risk. It's being used by security teams in financial institutions to automate and disseminate the production of security metrics. CCM provides the ability to gain insight into the cyber posture of an enterprise and adds trusted and timely business perspective to technology risk. This session will outline how to establish a CCM program and will provide examples of those security metrics to ensure the delivery of speed and risk reduction.

The Maturing of Compromise, from BEC to Enterprise Account Compromise

J.C. Checco, Sean O'Dowd | Proofpoint

Event Toggle Arrow

Historically, business email compromise has focused on spoofing a sender to convince the recipient to click on a URL or download a malware payload. With the progression of both back-end technologies, as well as front-end user security awareness training, there has been a significant drop in BEC-initiated compromises. But the growing prevalence of cloud-based office suites – and their misconfigurations – has allowed bad actors to takeover access to legitimate email and use it to bypass most existing detection techniques. This session will explain the factors that make so-called email or enterprise account compromise, EAC, a hard problem to solve, and then delve into areas where enterprises are most vulnerable base don recent use cases.

Showcase Sessions

Expanding SOAR Application across the Enterprise

Jay Spann, Swimlane

Event Toggle Arrow

Financial services organizations that have already implemented a security orchestration, automation and response (SOAR) solution typically adopt a handful of common use cases and add a few unique to their organization — potentially even the market. By leveraging a flexible, scalable SOAR platform, those FIs can harmonize their security-operations, incident-response, threat-intelligence, DevOps and threat-hunting teams. This session will explain how common use cases with SOAR can prevent fraud and personal data exfiltration, as well as meet governance, risk and compliance requirements and minimize alert fatigue.

Today’s Mobile Financial App Vulnerability Epidemic

Paul Dant, Ken Jochims | Arxan Technologies

Event Toggle Arrow

Today’s financial mobile applications are at serious risk of being reverse engineered, exposing data and API access. A majority of applications available for download from public app stores are easily compromised as a result of poor in-app security controls along with inadequate app hardening. In this session, see how easy it is to deconstruct mobile apps and expose vulnerabilities and hear best practices to protect mobile code, your business and your customers.

Protecting People on Both Ends of an Email

James Sheldrake, Egress

Event Toggle Arrow

People leak data every day. They are prone to making mistakes and behaving unpredictably, and as almost every employee has access to email, it’s one of the most at-risk applications for modern enterprise organisations. As the rise in email data breaches shows, static email security solutions can’t keep pace with this growing threat and are failing to protect sensitive information. In this session, we will share insights on specific email data breaches that put financial services data at risk and discuss the technologies and systems that can be used to mitigate this risk.

Artificial Intelligence Transforms Identity and Access Management

Mary Writz, ForgeRock

Event Toggle Arrow

This session will cover the application of artificial intelligence to improve both security and user experience for identity and access management (IAM) in the financial space. From banks to brokerage firms detecting fraud for customers while maintaining the best user experience is critical. Detecting and understanding insider threats is crucial from a security perspective. Whether a user is authenticating, authorizing or interacting with your IAM system there is a rich set of data available to learn normal behaviors and to identify and respond to unusual behaviors.

Dark Web Threat Intelligence Solutions

Benjamin Preminger, Sixgill

Event Toggle Arrow

Companies need to proactively collect and build accurate intelligence pictures that enable them to prioritize actions against the greatest threats they face. This session will review a real-time deep-dive into an escalating threat by researching the threat actor’s identity, modus operandi, history and more.

Augmented Reality for the Desktop

Paul Battista, Polarity

Event Toggle Arrow

How do we utilize more of our memory as analysts or security practitioners sifting through the vast information overflow within our environments? Using on-screen overlays, like augmented reality for analysts' computers giving them superhuman data awareness and recall, creates better decisions because users have the contextual information relative to what they are analyzing. Users will be able to make faster decisions because they don’t have to stop what they are doing, interrupt their workflow and look something up. Join this session as we discuss increased reality capabilities to enhance your employee's precision and speed.