Senior Vice President, Information Security Executive, Global Information Security
Kristin is an executive with Bank of America’s Global Information Security (GIS) team. She oversees and manages GIS’s external engagements with industry and government partners. In this role, her team leads GIS’s involvement in sector resilience efforts and works with internal partners and external stakeholders to identify external opportunities for driving security efforts that align with GIS’s overall goals. In her previous role, Kristin led GIS’s external cyber security public policy efforts.
Prior to joining Bank of America in 2012, Kristin was the Director of External Affairs for the Office of Cybersecurity and Communications within the Department of Homeland Security. She also served as the Director of Cybersecurity Legislative Affairs for the National Security Staff at the White House and was responsible for developing the Obama Administration’s cyber security legislative proposal.
Kristin is a graduate of the University of Delaware where she received her B.A. in Political Science and received her master’s degree in Public Policy from George Mason University. She lives in northern Virginia with her husband and their two children.
Mr. Inglis currently serves as the current U. S. Naval Academy Looker Distinguished Visiting Professor for Cyber Studies. He retired from the Department of Defense in January 2014 after 41 years of federal service, including 28 years at NSA and seven and a half years as its Deputy Director. He is a managing director at Paladin Capital, a member of the Department of Defense Science Board, a member of the Boards of FedEx and Huntington Bank, and a Commissioner on the US Cyberspace Solarium Commission.
Mr. Inglis holds advanced degrees in engineering and computer science from Columbia University, Johns Hopkins University, and the George Washington University. Mr. Inglis’ military career includes 30 years of service in the US Air Force and Air National Guard -- from which he retired as a Brigadier General. He holds the rating of Command Pilot.
Youyang Gu, Data Scientist | Paul Benda, ABA SVP | Max Morris, Ally Financial
FS-ISAC members are continuing to adapt operations during the pandemic. Forecasts of infection rates and immunity will help managers anticipate changes in operations and public facing service delivery.
The number of infections and the rate of deaths from Covid-19 are declining, why? The answer could be that there is immunity in the population from large numbers of people who have had Covid-19 infections and recovered. There may be immunity in the growing population who are vaccinated. There may be a significant group who have immunity from recovered infections plus vaccination. What effect will these combinations of immunity have on the US population in the coming months? What will be the rate of infection going forward? How will virus variants change the forecast?
Youyang Gu, a data scientist developed the most accurate 2020 forecast of Covid-19 fatality rates in the US. He has created a model using machine learning techniques that is forecasting significant changes in immunity and infection rates for 2021.
Paul Benda, ABA SVP has provided data driven briefings during the pandemic to the Financial Services Sector Coordinating Council and continues to monitor changes in reported Covid-19 numbers.
Max Morris, Max M. Morris is the Senior Director of Cyber Defense and Response for Ally Bank. In his role, Max leads a group of cyber security professionals who run the company’s Security Operations Center, handle Cyber Security Incident Response, provide Threat Intelligence and Data Loss Prevention services. His Teams also have responsibility for Cyber Crimes, Fusion Center integration, Insider Threat, Phishing Response, Cyber Tabletops and Exercises, Threat Hunting, Compromise Assessment and Penetration Testing.
Max has been heavily involved for over fifteen years with the Financial Services Information Sharing and Analysis Center (FS-ISAC), the only industry forum for collaboration on critical information and physical security threats facing the financial sector. He served two terms on the Board of Directors, co-Chairs the Threat Intelligence Committee (TIC), sits on the TIC’s Executive Governance Committee and Chairs the sector’s Media Response Team. He also represented the sector in the DHS sponsored Cyber Storm National Exercises, has participated in the Hamilton, CAPS and other industry cyber simulations, was elected to the FS-ISAC Crisis Management Leadership Team, chaired the Annual Member’s Conference for two years and developed and led a recurring Regional Outreach Program.
Robert Herjavec, Founder & CEO, Herjavec Group
Tempt the Titans Event Description:
FS-ISAC is hosting a “Shark Tank” style event called Tempt the Titans. This event offers an opportunity for innovative cyber startups to pitch to a panel of financial sector Titans. We’ll have three judges (prominent Cybersecurity Executives) along with Robert Herjavec from Shark Tank who provide feedback on the solution. If the Titans are tempted, start-ups will be offered a formal evaluation by the member firm.
This is going to be the year we look back to in terms of heightened impacts of nation-state attacks and emerging malware threats. Targeted attacks like those against the SolarWinds supply chain, and the total system disruption of UVM Health Network, are only the beginning of what we can expect to see. The challenges we will face as a cybersecurity community will be varied, continuous, and demanding. With the COVID-19 vaccine being rolled out, enterprises will start heading back into the physical workspace, embracing a flexible, hybrid work model. We will reconnect the devices we sent home a year ago and be in for a world of hurt if the right processes, programs and support services are not in place. As cybersecurity professionals, the pandemic drastically affected the way we detect, manage, respond, protect, and secure. Join Herjavec Group Founder & CEO, Robert Herjavec, as he explores the emerging threats targeting the Financial Services industry and our global economy. He will discuss key cybersecurity conversations that should be had across your executive teams in order to confront the paradigm shift resulting from the pandemic head on.
A dynamic entrepreneur, Robert Herjavec has built and sold several IT companies. In 2003 Robert founded Herjavec Group, and it quickly became one of North America’s fastest growing technology companies. Today, Herjavec Group is a global leader in information security, operating across the United States, United Kingdom and Canada; specializing in managed security services, advisory services, identity and incident response for enterprise level organizations. Robert’s ability to interpret industry trends and understand enterprise business security demands has helped him achieve the profile of a global cybersecurity expert. He has served as a Cybersecurity Advisor for the Government of Canada, participated in the White House Summit on Cybersecurity and is a member of the US Chamber of Commerce Task Force for Cybersecurity. His views on the threat landscape, on emerging technologies and on the need for a proactive security framework are regularly profiled across print, digital and television mediums. He shares his expertise with other entrepreneurs each week as a leading Shark on ABC’s Emmy Award-winning hit show Shark Tank.
Tempt the Titans Start-Up Firms:
Jim Routh | Former CISO | BigID
The purpose of this session is to understand the most effective ways of gaining business stakeholder alignment to build and implement an effective data protection program using a contemporary tech stack addressing the significant challenges for consumer and business data resilience given cyber security and privacy requirements.
CIBC, CME Group, and TD Bank
Being able to share intelligence across your company's footprint is extremely important. However, no two countries or regions are alike and each poses their own unique blend of challenges and opportunities. In this presentation, we will discuss our own experiences and lessons learned in developing successful cross-border intelligence exchange.
When faced with the stark reality that 8-character passwords represented a significant security risk, we went big: changing the rules, embracing digital, and launching globally. In this session you'll learn about Liberty Mutual’s approach to global adoption of passphrases.
In this presentation, we will review how synthetics are being utilized to perpetrate pandemic related frauds in the Payroll Protection Program and Unemployment Insurance. An overview of the government programs will take place with the controls that were in place, how they were compromised, by who and what you can do to remediate risk.
Federal Reserve Bank of Boston, LexisNexis, and Sentilink
The industry has struggled to combat synthetic identity fraud due to lack of awareness, differing definitions and inconsistent reporting. A Fed-led focus group developed an industry-recommended definition to foster improved measurement, detection and mitigation. Hear experts discuss the definition and how it plays into fighting this fraud.
Brand data protection as an enterprise-wide initiative and change attitudes about protecting the most critical data. A data inventory is key to success in quantifying and qualifying data in order to protect it. Protecting data is everyone's business - do your users know that?
Recent advances have seen a tremendous growth in the use of black box models (such as AI) for business decision making. Deploying trustworthy and secure models requires new approaches from traditional app development. This presentation reviews what security's role should be in this new paradigm.
Supply chain threats are increasing, with SolarWinds not being the first or last of its kind. How organizations can mitigate the impact of vendor breaches is front and centre in 2021. This session will discuss the role that cyber threat intelligence can play in minimalizing supply chain risk and how to grow a vendor intelligence program.
PowerShell attacks are becoming more and more prevalent throughout all stages of the attack lifecycle. This talk will aim to cover why attackers are using PowerShell, how malicious PowerShell activities look and behave, and then what defensive measures can be taken to detect and prevent these attacks.
MassMutual transitioned from rule-based security to model driven security using data science and analytics. Instead of looking at 7 different tools and trying to correlate user’s behavior, we now have a single product which delivers a unified, risk-prioritized view of threats across all our teams: data science, identity, security & architecture.