As our sector unlocks new opportunities that come with rapid technological advancement, so too do we face new challenges in securing the assets entrusted to us. We must not only protect and defend against emergent threats; we must also ensure that we can continue to serve our customers, no matter what the future brings.
Together, we have the resources to rise to this challenge. Our 2023 Summits will allow our members to share collective knowledge and experience along the following tracks:
Building a Diverse Workforce – How can we attract and retain a talent pool with broad sets of skills and experience - the more kinds of thinking we have, the better equipped we'll be to stay ahead of a constantly innovating adversary.
Securing the Supply Chain – We depend on many of the same suppliers of critical services and infrastructure, some of whom do not have the financial sector’s legacy of robust security. We will pool our resources to identify and address our common vulnerabilities.
Preparing for the Quantum World - Infinitely faster and more powerful computers will unleash new business models - and may break current cryptographic standards. Now is the time to re-engineer our security practices and systems to withstand the watershed moment to come.
Protecting Digital Assets – With the rise of central bank digital currencies and stablecoins, the world’s financial firms will all enter the crypto world. We must learn to secure the new asset classes of Web 3.0.
Combatting Cyber Fraud – As instant payments become business-as-usual, our time to recognize and recall fraudulent payments during the settlement process is erased. We must shift from a fraud management paradigm to one of fraud prevention – before the transaction is initiated.
Managing Identity and Access – Perceptive and inventive fraudsters play on deeply embedded neural patterns to enter our systems and take over our customers’ accounts. How can we outsmart the con men to ensure availability only to the right people?
Mastering the Ordinary with the Extraordinary – New methods of incentivizing staff and customers to attend to the critical baseline cyber hygiene practices that close off the vast majority of threat actors’ entry points.
View the Health and Safety FAQs here.
Here is Jenny Menna, Humana's Vice President, Threat Management and Response on the value of FS-ISAC Summits.
The theme of the 2023 Summits is Forging a Resilient Future
The submission portal has closed.
If you have submission-related queries, please contact us via email summit@fsisac.com
Member Presentations: A Member Presentation is a proposal for either a panel or standalone or workshop provided by FS-ISAC members and/or FS-ISAC staff. Panels are limited to three (3) participants and one (1) moderator. There is no cost to FS-ISAC members for speaking sessions. FS-ISAC does not reimburse any travel expenses or pay speaker fees. Questions regarding content should be sent to content@fsisac.com.
Please note: Member submissions that include a sponsor will be considered sponsored sessions. Sponsored sessions are required to fill out the CFP form as a Solution Provider.
Submissions are evaluated by the Content Committee, which comprises FS-ISAC members, and staff.
Submissions are evaluated by the Content Committee, consisting of FS-ISAC staff and member subject matter experts.
All submissions are reviewed and vetted by our Content Committee and FS-ISAC Content Team for technical merits, expertise, topic selection, approach and interest to attendees. Presentation proposals are most often rejected because they are sales pitches (except Silver Sponsorship). Platinum and Gold Sponsors are educational, content-driven
The Call for Presentation (CFP) submission portal is open until 11:59 pm (EST) 6 January 2023.
Notification of acceptance decisions is 27 January 2023.
The track and associated topics listed below provide a representational, NOT exhaustive, list of what attendees would like to see, and how we may group submissions into concurrent tracks. A note that some topics, such as AI/ML, ATT&CK, Cloud, Emerging Technologies, etc., can be applied to many of the tracks and while not called out, they are in scope for this event.
With this year’s theme, Forging a Resilient Future, in mind, the following themes will receive extra consideration:
When submitting presentations, we recommend you over-communicate and provide more information, speaker notes, etc., to help the Content Committee better understand your presentation and make informed decisions about the session content. You may of course update your draft presentation to a final version after acceptance.
Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.
An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.
As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.
Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.
Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.
Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.
An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.
As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.
Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.
Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.
Nicholas Thompson has occupied the most prestigious positions in the world of tech writing and journalism—staking out a bold, optimistic vision for what our future will look like. Nicholas currently serves as CEO of The Atlantic. In 2022, The Atlantic earned the top honor for magazines, General Excellence, at the National Magazine Awards; earned its second Pulitzer Prize in as many years; and was named Digiday’s Publisher of the Year.
How will the world’s dominant tech corporations—Apple, Google, Facebook, Amazon, Microsoft—interact with citizens, help write policy, and redefine privacy and security? How will artificial intelligence and robotics change our devices, the way we work, earn a living, fight wars, solve problems—our very selves? No matter the subject—design, culture, media, tech, ethics, or our digital future—he’s more than ready to break the news with big ideas and fearless takes.
As the Editor-in-Chief of WIRED, Nicholas broke massive stories about Facebook’s hidden flaws, cyber-warfare, the Robert Mueller investigation, and numerous other topics. His ground-breaking investigative reporting on Facebook was a finalist for a 2020 Loeb Award, and he oversaw work that won the Pulitzer Prize, the National Magazine Award, and has even led to Oscar-winning films.
At The New Yorker, Nicholas served as editor of the magazine’s digital platforms, breaking new ground with stories about his friendship with Joseph Stalin’s daughter, how our lives are forever changed by the consumer drone industry, and arson amid the election cycle. His work at The New Yorker is defined by his fearless leadership and unwavering commitment to quality stories: The main strategy for growing audience is to publish more, better stories. The stories we’re prouder of, the stories we put more effort into, attract more readers.
He’s also the author of the critically acclaimed biography The Hawk and the Dove: Paul Nitze, George Kennan, and the History of the Cold War—a fascinating double biography that follows two rivals and friends from the beginning of the Cold War to its end. The New York Times said that the book was “brimming with fascinating revelations about the men and the harrowing events they steered through.”
Nicholas is a former Senior Editor at Legal Affairs and a former contributor at CBS. With a massive and vigilant following on social media, he’s one of LinkedIn’s most-followed individuals. He earned the 21st Century Leader Award from The National Committee on American Foreign Policy, was a Future Tense Fellow at the New America Foundation and is a member of the Council on Foreign Relations.
Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.
An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.
As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.
Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.
Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.
How Capital One, TIAA and Wells Fargo are innovating by unifying their data controls to avoid siloed approaches and optimize security, privacy and governance.
•Establish a single workbench for collaboration and remediation
•Deliver granular access control
•Protect shared data and in motion
There are two pervasive myths regarding Machine Learning. I will dispel the myth that ML is too dense to do in-house. Second, I will bust the myth that ML is a cure-all for cyber security by outlining a 3 year journey building a ML program. Gain practical takeaways to start your own ML program.
First, we’ll talk about quantum supremacy and the implications of Y2Q. From there, we’ll discuss the future of phishing and BEC by examining the state of deepfakes toolkits. Last, we’ll wrap up with a note on AI-enabled script kiddies and look at a few specific examples using ChatGPT.
This presentation aims to provide Hiring Managers and Team Leads actionable tips on attracting and retaining diverse talent and show the benefits a diverse workforce can have for teams/companies.
Phishing as-a-service (PhaaS) creates scalable campaigns targeting multiple brands simultaneously, simplifies phishing content creation, and is evolving anti-detection capabilities to prolong threat exposure. This session will provide an overview of this threat and what we can do to fight back.
Identity is the cloud's perimeter and it is complex. Learn how Accenture leveraged Cloud Infrastructure Entitlement Management (CIEM) solution to maintain cloud identity hygiene and mitigate the risk of data breaches in public cloud environments.
A panel session with industry CISO’s that will help FS-ISAC members solve their current top of mind security challenges by learning about peer based best practice around understanding more about how security can be improved using measurement and metrics.
Over 80% of modern application code is open source. Endor Labs’ solutions helps finserv companies safely use OSS by cutting 80% of the noisy alerts generated by existing SCA tools, defending against next-gen supply chain attacks, improving performance, and managing the lifecycle of SBOMs.
Threat Hunting has become a term used in many venues to mean different things. Let's define what real threat hunting looks like, how different organizations utilize it and the challenges they face, and how threat hunting can add long term benefits to Strategy, Risk, and ROI on other investments.
Review quantum threat to FSI and provide guidance on Y2Q
1. Qrypt & Co-founder intro, background cryptography in the CIA.
2. The quantum problem we face and how we got here.
3. The exposure and risk to FSI
4. Question if there is a better way
5. Present Qrypt solution
6. Guidance
Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.
An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.
As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.
Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.
Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.
This session addresses how to successfully engage your executive leader to support your business asks while understanding their business expectations. Even if your project addresses security gaps, is a "must-have" project, you still must understand the "Business Value".
This presentation walks through the patterns of successfully starting of a DevSecOps program from scratch. It focuses on the strategies to be successful and the lessons learned along the way. Lastly, this talk concludes how the recent EO of SBOM shapes the next steps of DevSecOps maturity.
Threatcasting provides a systematic and transparent method to model a range of potential future conditions and threats in a complex and uncertain environment.
This session will provide insight into the model as well as findings from the previous two years.
This session will provide an overview of how the CRI Profile and Cloud Profile have been used when moving to the cloud. Through a detailed use case, session participants will learn best practices for working with cloud service providers during cloud implementation.
This presentation will explain why cloud security is critical in the financial industry, explain the different assets that you are responsible for securing in your cloud, share best practices for securing your data, and explain the various technology solutions available to help you.
Threat Hunting is an important tool in any security teams arsenal to enable them to validate and improve their security posture. Osquery makes it simple to search through all the artifacts that occur on an endpoint to narrow your focus to only the items you are interested in.
The North Americas Business Resilience Committee is piloting an Operational Resilience Risk Level methodology to replace the Physical Threat Level. This session is a discussion of that methodology and dialogue with members to form a baseline Risk Level based on current threats and risks.
While developing application, the developers often use various secrets in code like password and other credentials. These codes with secrets are often ignored and not scanned for any vulnerabilities. This becomes one of the attack vectors for bad actor. Let's discuss how to manage this major issue.
Regions Bank’s Red Team and Threat Hunting managers present an intel-driven approach to emulating real-world low-sophistication attacks, Red Team best practices, and how a healthy partnership between red and blue teams is essential to hardening your organization’s defenses from adversaries.
Join Bojan Simic, HYPR's CEO, CTO and co-founder for an insightful "Inside Scoop" session with Dawn Watters, SVP of Identity & Access Management at Fiserv, where you'll gain an over the shoulder view from an executive that was involved in the transition to passwordless, phishing resistant MFA.
Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three. In this talk, we'll discuss strategies to measure and communicate risk up and down your entire organization to align security and business in reducing cyber risk.
This presentation will cover an overview of what successful exercise program looks like and where cyber ranges fit in. It will also cover the benefits and limitations of cyber ranges and how to choose what is right for your organization.
Want to maximize your Intelligence team’s time and effort? Want to identify more valuable defensive actions while reducing stress on your security teams? This talk will provide you with clear and immediate steps for creating threat models based on a threat actor's perspective of your organization.
Having retired as a CISO and sat on both sides of the Board table, Jerry Perullo will showcase a set of practical concrete visualizations and presentation formats that have resonated well with Financial Service Board members.
Each firm defines, tests and measures resilience differently, making it a rarity to openly discuss lessons learned with others. This interactive roundtable will be a candid conversation between FS-ISAC member firms about resilience and what it looks like within their organizations.
Learn how FIs must navigate evolving cyber incident notification requirements based on regs issued by US financial regulators, proposed by the Financial Stability Board and the Department of Homeland Security/CISA and about coordinated industry efforts to harmonize these requirements.
Setting and communicating a strategy in today’s rapidly changing technical environment can be challenging, but a strategy remains an essential part of defining clear company-wide information security goals and how to achieve them. This session will review how to develop and communicate a strategy.
Everyone is "doing cyber threat intelligence." If you aren't yet, you are starting to. But what exactly does that mean and what does a program really look like? This talk discusses how to build a program avoiding the pitfalls that make programs irrelevant and ineffective.
As tactics of bad actors evolve, it puts greater importance on safeguarding critical card data and using layers of proactive and reactive fraud tools to prevent loss. We will discuss best practices for effectively protecting cardholders and financial institutions, including implementing PCI DSS v4.
SPONSORSHIP OPPORTUNITIES
You will spend three days networking with financial sector cyber and information security professionals – decision-makers and influencers. If the financial sector is your market, you will be in front of an audience eager to learn from your subject experts in sessions, talk to your team in the Solutions Hall and get to know you at casual networking at social events. Sponsors enjoy high member to sponsor attendance ratio and abundant networking opportunities with financial firms from the diverse verticals in the financial sector.
All sponsorships include:
• Complimentary registrations (see specific sponsorship for number)
• Company included on www.fsisac.com event website, on-site materials and Summit App
• LeadCapture App license
• Pre-event opt-in list – includes company, title, city, country
• Post-event opt-in list – includes company, first and last name, title, email, city, state, country, and postal code.
View full sponsorship opportunities here. For information or questions contact the Business Development Team at sales@fsisac.com.
View the Terms and Conditions here
© Copyright 1999 - 2023 FS-ISAC, Inc. All Rights Reserved.