• Overview
  • Call For Presentations
  • Program
  • Sponsors

Forging a Resilient Future

As our sector unlocks new opportunities that come with rapid technological advancement, so too do we face new challenges in securing the assets entrusted to us. We must not only protect and defend against emergent threats; we must also ensure that we can continue to serve our customers, no matter what the future brings.

View the Printable Version of the Full Agenda

Together, we have the resources to rise to this challenge. Our 2023 Summits will allow our members to share collective knowledge and experience along the following tracks:

 

  • Building a Diverse Workforce – How can we attract and retain a talent pool with broad sets of skills and experience - the more kinds of thinking we have, the better equipped we'll be to stay ahead of a constantly innovating adversary.

  • Securing the Supply Chain – We depend on many of the same suppliers of critical services and infrastructure, some of whom do not have the financial sector’s legacy of robust security. We will pool our resources to identify and address our common vulnerabilities.

  • Preparing for the Quantum World - Infinitely faster and more powerful computers will unleash new business models - and may break current cryptographic standards. Now is the time to re-engineer our security practices and systems to withstand the watershed moment to come.

  • Protecting Digital Assets – With the rise of central bank digital currencies and stablecoins, the world’s financial firms will all enter the crypto world. We must learn to secure the new asset classes of Web 3.0.

  • Combatting Cyber Fraud – As instant payments become business-as-usual, our time to recognize and recall fraudulent payments during the settlement process is erased. We must shift from a fraud management paradigm to one of fraud prevention – before the transaction is initiated.

  • Managing Identity and Access – Perceptive and inventive fraudsters play on deeply embedded neural patterns to enter our systems and take over our customers’ accounts. How can we outsmart the con men to ensure availability only to the right people?

  • Mastering the Ordinary with the Extraordinary – New methods of incentivizing staff and customers to attend to the critical baseline cyber hygiene practices that close off the vast majority of threat actors’ entry points.

View the Health and Safety FAQs here.

Here is Jenny Menna, Humana's Vice President, Threat Management and Response on the value of FS-ISAC Summits.

HubSpot Video

 

Call for Presentations

The theme of the 2023 Summits is Forging a Resilient Future

 

 

The submission portal has closed.

If you have submission-related queries, please contact us via email summit@fsisac.com

Member Presentations: A Member Presentation is a proposal for either a panel or standalone or workshop provided by FS-ISAC members and/or FS-ISAC staff. Panels are limited to three (3) participants and one (1) moderator. There is no cost to FS-ISAC members for speaking sessions. FS-ISAC does not reimburse any travel expenses or pay speaker fees. Questions regarding content should be sent to content@fsisac.com.

Please note: Member submissions that include a sponsor will be considered sponsored sessions. Sponsored sessions are required to fill out the CFP form as a Solution Provider.

Submissions are evaluated by the Content Committee, which comprises FS-ISAC members, and staff.

PROPOSAL EVALUATION

Submissions are evaluated by the Content Committee, consisting of FS-ISAC staff and member subject matter experts.

All submissions are reviewed and vetted by our Content Committee and FS-ISAC Content Team for technical merits, expertise, topic selection, approach and interest to attendees. Presentation proposals are most often rejected because they are sales pitches (except Silver Sponsorship). Platinum and Gold Sponsors are educational, content-driven sessions that provide actionable, relevant and useful information to attendees that do not require the purchase of products/services that you represent. These should be delivered by subject matter experts and not people with marketing, sales or product titles.

TIPS FOR SELECTION

  • Selection and Timeliness of the Topic   
    Is this topic important to Summit attendees? Are member firms struggling to get their arms around it? The Committee assesses both the technical merits and potential interest of the presentation proposal.
  • Educational Value of the Topic   
    Attendees appreciate hearing real implementation stories - both domestically and internationally. Members like to leave the Summit equipped with alternative approaches and “lessons learned”, something to take back to the office.

CALL FOR PRESENTATION TIMELINES

The Call for Presentation (CFP) submission portal is open until 11:59 pm (EST) 6 January  2023.

Notification of acceptance decisions is 27 January 2023.

TOPIC TRACKS

The track and associated topics listed below provide a representational, NOT exhaustive, list of what attendees would like to see, and how we may group submissions into concurrent tracks. A note that some topics, such as AI/ML, ATT&CK, Cloud, Emerging Technologies, etc., can be applied to many of the tracks and while not called out, they are in scope for this event.

With this year’s theme, Forging a Resilient Future, in mind, the following themes will receive extra consideration:

  • Building a Diverse Workforce
  • Securing the Supply Chain
  • Mastering the Ordinary with the Extraordinary (“Do the basic stuff well”)
  • Cryptography (including Post-Quantum, Agility)
  • Combatting Cyber Fraud
  • Protecting Digital Assets

REQUIRED FOR SUBMISSION

  1. Presentation deck (a complete deck is preferred, a DRAFT is acceptable, and an annotated outline is needed at the minimum) and all supporting materials (videos, supporting research findings, polling placeholders, etc).
  2. All speaker details including name, title, phone, email, biography and headshot of each. Sponsors will also provide Event POC contact and Contract Signer details.

When submitting presentations, we recommend you over-communicate and provide more information, speaker notes, etc., to help the Content Committee better understand your presentation and make informed decisions about the session content. You may of course update your draft presentation to a final version after acceptance.

  1. March 19 Sunday
  2. • Summit Chair Kris Fador, Bank of America

    Event Toggle Arrow

    FS-ISAC_KristopherFador-BofAKris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

    An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

    As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

    Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

    Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

  3. 3:00 - 6:00PM

    • Early Registration

  4. 5:00 - 7:00PM

    • Opening Reception

  5. • Printable Version of Agenda

    Event Toggle Arrow

    Link to the printable PDF

  6. March 20 Monday
  7. • Summit Chair Kris Fador, Bank of America

    Event Toggle Arrow

    FS-ISAC_KristopherFador-BofAKris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

    An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

    As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

    Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

    Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

  8. 7:30 - 8:30AM

    • Registration and Breakfast

  9. 8:30 - 8:45AM

    • Opening Remarks

  10. 8:45 - 9:30AM

    • Keynote Nicholas Thompson, CEO of the Atlantic | Former Editor-in-Chief of WIRED

    Event Toggle Arrow

    Thompson_Nicholas_PROMOPIC (1)Nicholas Thompson has occupied the most prestigious positions in the world of tech writing and journalism—staking out a bold, optimistic vision for what our future will look like. Nicholas currently serves as CEO of The Atlantic. In 2022, The Atlantic earned the top honor for magazines, General Excellence, at the National Magazine Awards; earned its second Pulitzer Prize in as many years; and was named Digiday’s Publisher of the Year.

    How will the world’s dominant tech corporations—Apple, Google, Facebook, Amazon, Microsoft—interact with citizens, help write policy, and redefine privacy and security? How will artificial intelligence and robotics change our devices, the way we work, earn a living, fight wars, solve problems—our very selves? No matter the subject—design, culture, media, tech, ethics, or our digital future—he’s more than ready to break the news with big ideas and fearless takes.

    As the Editor-in-Chief of WIRED, Nicholas broke massive stories about Facebook’s hidden flaws, cyber-warfare, the Robert Mueller investigation, and numerous other topics. His ground-breaking investigative reporting on Facebook was a finalist for a 2020 Loeb Award, and he oversaw work that won the Pulitzer Prize, the National Magazine Award, and has even led to Oscar-winning films.

    At The New Yorker, Nicholas served as editor of the magazine’s digital platforms, breaking new ground with stories about his friendship with Joseph Stalin’s daughter, how our lives are forever changed by the consumer drone industry, and arson amid the election cycle. His work at The New Yorker is defined by his fearless leadership and unwavering commitment to quality stories: The main strategy for growing audience is to publish more, better stories. The stories we’re prouder of, the stories we put more effort into, attract more readers.

    He’s also the author of the critically acclaimed biography The Hawk and the Dove: Paul Nitze, George Kennan, and the History of the Cold War—a fascinating double biography that follows two rivals and friends from the beginning of the Cold War to its end. The New York Times said that the book was “brimming with fascinating revelations about the men and the harrowing events they steered through.”

    Nicholas is a former Senior Editor at Legal Affairs and a former contributor at CBS. With a massive and vigilant following on social media, he’s one of LinkedIn’s most-followed individuals. He earned the 21st Century Leader Award from The National Committee on American Foreign Policy, was a Future Tense Fellow at the New America Foundation and is a member of the Council on Foreign Relations.

  11. 9:30 - 10:00AM

    • Protecting Digital Assets with Zero Trust Architecture Jay Chaudhry, Zscaler, Inc. & Jeff Lund, Marsh McLennan

    Event Toggle Arrow
    Financial institutions must excel at protecting digital assets in the face of cyberthreats. Legacy perimeter security falls short as apps and data move to the cloud and users work anywhere. Learn how zero trust architecture can help firms improve security while gaining the agility of the cloud.
  12. 10:00 - 10:30AM

    • What if Emerging Threats Could be the Best Security Enablers Nicole Clement, Bank of America & Chris Mikucki, Ernst & Young LLP

    Event Toggle Arrow
    This joint session with EY and Bank of America will cover the evolution of threat-led defense – including the trends in cyber threat defense and implications for Financial Services. The presenters will lead a case study covering the implementation of such a framework, challenges, and benefits.
  13. 10:30 - 11:00AM

    • Networking Snack Break

  14. 11:00 - 11:45AM

    • Legal is Your Friend, not Foe! Lori Anello, Fifth Third Bank & Jessica Dipre, Fifth Third Bank

    Event Toggle Arrow
    In today's world of regulatory land mines as well as increased cyber threats having a strong relationship between the cybersecurity defense leader and the legal team is a must.  Come hear how Lori (cyber defense) and Jessica (lawyer) worked together to strengthen threat response and intel sharing.
  15. 11:00 - 11:45AM

    • Implementing GRC and Keeping the Momentum Going Courtney Buchanan, AFLAC

    Event Toggle Arrow
    In today’s dynamic tech and business environment, a successful Enterprise GRC program is key to enabling business. Leaders must understand the key components before they start their GRC journey to enable an enterprise-wide transformation that allows for critical organizational risk management.
  16. 11:00 - 11:45AM

    • Running Up That Hill:​ Maturing Your CTI​ Lea Cure, Citizens Bank & Brandon DiGiulio, Citizens Bank

    Event Toggle Arrow
    Level up your cyber threat intelligence function through tactical and strategic maturation. Operationalize your PIRs, develop hunt hypothesis and better inform internal stakeholders of the cyber threat landscape through finished intelligence.
  17. 11:00 - 11:45AM

    • Finding our way Through Third-Party Security Management David DeLuca, Vanguard & Jennifer Kessler, Vanguard

    Event Toggle Arrow
    Conducting cyber assessments of your third party partners is a critical function within most security organizations. This session will focus on our journey in which we share lessons learned, as well as the value these assessments provide back to our various business groups.
  18. 11:00 - 11:45AM

    • Banking on Phish Zak Grater, Citi & Rodney Pelsy, Citi

    Event Toggle Arrow
    Presentation will cover both the journey as well as the value obtained from building a phishing analysis function utilizing employee-submitted suspicious emails.
  19. 11:00 - 11:45AM

    • Auth Proxy Attacks: Detection, Response and Hunting Dan Jackson, Northwestern Mutual & Chris Merkel, Northwestern Mutual

    Event Toggle Arrow
    Proxy attacks are on the rise, allowing threat actors to easily take over MFA-enabled accounts. We’ll demonstrate how the ingenuity of this attack has a fatal flaw at its core, allowing us to hunt, detect, mitigate and block this these attacks.
  20. 12:00 - 12:45PM

    • The FinServ Supply Chain: An Underestimated Attack Surface J.C. Checco, Proofpoint

    Event Toggle Arrow
    The brief will focus on understanding the unique characteristics of the FinServ supply chain. This brief aims to widen the view of where hidden supply chain risks exist in an organization, operational dependencies, and effective tactics to bring supply chain risks down to tolerable levels.
  21. 12:00 - 12:45PM

    • Secure Cyber Insurance Coverage in the Age of Global Threats Paul Gouge, CNA Insurance

    Event Toggle Arrow
    This presentation will address the key Cyber Security and Business Management practices that most Cyber Insurance carriers are looking for to provide a customer with Cyber Coverage. A Cyber Underwriter will share the various components of a Cyber Policy and discuss what is and isn't covered.
  22. 12:00 - 12:45PM

    • Mastering the (Extra)Ordinary: A New Red Team Maturity Model Brent Harrell, Humana & Garet Stroup, Humana

    Event Toggle Arrow
    Red Teams play a pivotal role in testing and understanding an organization's security posture and resiliency after an attack occurs. But how do we know the Red Team is up to the task? We will present and discuss a new capability maturity model that fills the existing lack of resources in this area.
  23. 12:00 - 12:45PM

    • Transform Your Sec Posture w/Strategic Security Testing Wade Lance, Synack

    Event Toggle Arrow
    Discuss a strategic security testing methodology that can transform tactical penetration tests and data, revealing root cause of persistent weaknesses in security posture due to broken processes and overwhelmed staff. Tracks and communicates improvements to overall security posture to leadership. 
  24. 12:00 - 12:45PM

    • Payment Fraud Tammy McKinnon, Scotiabank

    Event Toggle Arrow
    Payments modernization brings new considerations for fraud - speed and irrevocability of real time payments are attractive vectors for financial crime, including fraud.  A multi-layered strategy is required to detect suspicious fraud activity.    
  25. 12:00 - 12:45PM

    • How to Think Like a Threat Actor in the Cloud Andre Rall, Uptycs

    Event Toggle Arrow
    Threat actors today have become cloud experts. Their TTPs are evolving quicker than most want to believe. This session will provide key insights from five years leading internal AWS security teams, following how attacker used compromised credentials to perform malicious actions inside accounts.
  26. 12:45 - 1:45PM

    • Lunch

  27. 12:45 - 1:45PM

    • Becoming an FS-ISAC Champion Lunch

  28. 2:00 - 2:45PM

    • Payment Card Fraud: The Factors Driving Criminal Demand Stanislav Alforov, Recorded Future

    Event Toggle Arrow
    The criminal ecosystem of card fraud mirrors the housing market. Just as homes in desirable areas are in demand, compromised cards that can be easily monetized for fraudulent activity are more coveted than others. In this presentation, learn how specific factors drive demand for stolen cards.
  29. 2:00 - 2:45PM

    • Advancing Security and Compliance With Modern FIDO Auth Jerrod Chong, Yubico & Dallas Knudson, Discover Financial Services

    Event Toggle Arrow
    Evolving threats and regulations call for new approaches to protect digital assets. Learn from Discover on how they are protecting critical assets by moving from legacy authentication to modern FIDO-based passwordless authentication, to advance security and stay ahead of the regulatory curve. 
  30. 2:00 - 2:45PM

    • Where is the Team? Raja Jasper, Huntington Bank & James Potter, Huntington Bank

    Event Toggle Arrow
    The past few years created a paradigm shift from teams being collocated in offices to remote/hybrid. This is the story about how we made the pivot, while growing and maturing the team during the journey.
  31. 2:00 - 2:45PM

    • Malware Combating in Financial Service Software Supply Chain Ali Khan, ReversingLabs & Matt Rose, ReversingLabs

    Event Toggle Arrow
    Malware injections into open source components and third-party libraries as part of a software supply chain attack are increasing. Targeted attacks on open-source code are outpacing vulnerabilities as the initial vector for supply chain attacks. Financial Services have many of these use cases.
  32. 2:00 - 2:45PM

    • From Intelligence Framework (T4RGET) to Platform Reqs Sarah Lorch, Standard Chartered

    Event Toggle Arrow
    Discussion of the Standard Chartered CTI team's roadmap to creating a more effective CTI function for the bank. Topics include our team's intelligence analysis framework and implementation of an appropriate threat intelligence platform.
  33. 2:00 - 2:45PM

    • KillNet - Hunting for Attribution

    Event Toggle Arrow
    We observed several KillNet IPs, which tracked back to three companies — Fine Group Servers Solutions, LLC, TrafficTransitSolution, LLC, and Fitz ISP LTD. These companies hosted a significant portion of KillNet's DDoS infrastructure. OSINT revealed the person behind these companies.
  34. 3:00 - 3:45PM

    • Vulnerability Management At Scale Dawn David-Swan, JP Morgan Chase

    Event Toggle Arrow
    Presentation provides a risk-based approach of vulnerability management that is scalable to meet the continuously increasing volume of vulnerabilities facing Cybersecurity teams today and in the future.
  35. 3:00 - 3:45PM

    • Threats to the Supply Chain Lianne Dings, BNP Paribas & Caitlin Fernandez, JP Morgan Chase & Jordan Jeffer, BNY Mellon & Arun Warikoo, BNP Paribas

    Event Toggle Arrow
    Experts from the three major banks  will have a panel discussion on the Threats to the Supply Chain. Supply Chain has emerged as one of the top attack vectors.

    Panel will share insights on top threats, discuss threat actors targeting the supply chain, challenges faced and how firms can manage it.
  36. 3:00 - 3:45PM

    • To Catch an Insider Jacob Esparza, PwC

    Event Toggle Arrow
    Some organizations know they have an insider threat problem, but just cannot seem to root out the individual or prove intent. This is where scouring cyber criminal fraud forums in search of operational security failures can provide that last piece of the puzzle to finally catch the insider.
  37. 3:00 - 3:45PM

    • Defending Against Cyber Extortion Erik Gaston, Tanium Inc. & Tim Morris, Tanium Inc.

    Event Toggle Arrow
    This session will discuss an evolving Cyber Threat trend we are seeing in FSI: Cyber Extortion.  It is more costly, disruptive, and higher impact to FSIs and is more lucrative for criminals.  We will address extortion, cite real-life examples, and provide actionable guidance to prevent this threat.
  38. 3:00 - 3:45PM

    • Hunting Adversarial Infrastructure with Open Source Tools Donald McKeon, M&T Bank

    Event Toggle Arrow
    According to FS-ISAC's 2022 Year End Report, BEC fraud has accounted for the bulk of member submissions. In order to combat this threat, M&T Bank is using open-source tools to identify our adversaries infrastructure as soon as it is operational with the aim to have counter measures deployed ASAP.
  39. 3:00 - 3:45PM

    • Enabling People Through Tech for More Efficient Security Lamont Orange, Netskope & Robert Throckmorton, Western Union & Ryan Frillman, Equifax

    Event Toggle Arrow
    Security leaders are always looking for ways to make their strategies and their teams more efficient. By taking advantage of platform automations and integrations, leaders can better enable teams, leading to more efficient security and a diversity of thought around keeping digital assets safe.
  40. 3:45 - 4:15PM

    • Networking Snack Break

  41. 4:15 - 5:15PM

    • The Answer is Always Cryptography so What's the Question? Brad Beutlich, Fortanix

    Event Toggle Arrow
    Cryptography prevents data breaches that perimeter security cannot. Because properly used cryptography CANNOT be hacked, everyone is/will be using it. Keys will be everywhere and management/protection is a challenge. Learn how you can simplify protection/management of keys and protect precious data.
  42. 4:15 - 5:15PM

    • Segment Everything. Connect Everyone Nicholas DiCola, Zero Networks

    Event Toggle Arrow
    In this presentation, we explore how Zero Networks protects organizations of all sizes by providing an automated microsegmentation solution at scale and a next-generation ZTNA product.
  43. 4:15 - 5:15PM

    • Continuous Exposure Reduction Across Hybrid Cloud Paul Giorgi, XM Cyber

    Event Toggle Arrow
    In this session, you’ll learn how XM Cyber is helping other financial institutions reduce their exposure risk by uncovering hidden attack paths and security control gaps across the cloud and on-prem. See how attackers combine misconfigurations, vulnerabilities, and mismanaged identities to compromise your critical assets – and how our solution makes it easier for you to prioritize and remediate the issues that pose the greatest risk.
  44. 4:15 - 5:15PM

    • Master Email Encryption: A Step Closer to Cyber Resilience Sam Kumarsamy, OpenText Cybersecurity

    Event Toggle Arrow
    Email is the primary form of business communication worldwide, making it the #1 threat vector for bad actors. Protecting information flowing in and out of financial institutions is vital to ensure privacy and regulatory compliance. Boost your cyber resilience through robust email security practices.
  45. 4:15 - 5:15PM

    • A Guide to Modern Business Communication Attacks Steven Spadaccini, Safeguard Cyber

    Event Toggle Arrow
    This session explores the evolution of the modern business communication ecosystem and resulting increase in social engineering attacks against financial services institutions. It will detail real-life attacks and offer best practices for organizations to mitigate the risks of multi-channel attacks.
  46. 4:15 - 5:15PM

    • Prevent Advanced Phishing Attacks, Human Error & Data Exfil Jordan Mertel, Egress

    Event Toggle Arrow
    Despite significant investment in Microsoft 365 and secure email gateways, financial firms remain highly vulnerable to advanced phishing attacks, human error, and data exfiltration. See how Egress protects your employees from falling victim to these advanced inbound and outbound email threats.
  47. 4:15 - 5:15PM

    • Expanding Zero Trust with Email Security Austin Munro, Cloudflare

    Event Toggle Arrow
    See Cloudflare Area 1’s preemptive cloud email security solution to learn about the critical role email security plays in adopting a comprehensive Zero Trust approach. Find out what you need to fully secure the #1 attack vector – your organization’s email.
  48. 4:15 - 5:15PM

    • Evolution of Prevention-First AI Cybersecurity Ross Rosenzweig, BlackBerry Cylance

    Event Toggle Arrow
    Only a few years ago, proactive cybersecurity was little more than an aspiration. Today threats are on the rise and predictive AI technology matters more than ever. Join BlackBerry Cylance to learn what changed, and how to apply a prevention-first cyber defense to your own organization.
  49. 4:15 - 5:15PM

    • Cybersec Operations and M&A: Effective Diligence and Integration Todd Thiemann, ReliaQuest & Bo Olsen, Eastern Bank

    Event Toggle Arrow
    Financial institutions merge and are acquired, and security teams then need to integrate security operations across a mix of security tools. This session explains the ins and outs of security before & after an M&A deal is done including experiences of an institution integrating M&A targets.  
  50. 5:15 - 6:30PM

    • Booth Crawl Reception

  51. • Printable Version of Agenda

    Event Toggle Arrow
  52. March 21 Tuesday
  53. • Summit Chair Kris Fador, Bank of America

    Event Toggle Arrow

    FS-ISAC_KristopherFador-BofAKris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

    An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

    As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

    Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

    Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

  54. 7:30 - 8:30AM

    • Registration and Breakfast

  55. 8:30 - 8:45AM

    • Opening Remarks

  56. 8:45 - 9:15AM

    • Data Controls for the Big-Bang Era of Cloud Data Oleg Aspis, TIAA & Rehan Jalil, Securiti & Awah Teh, Capital One

    Event Toggle Arrow

    How Capital One, TIAA and Wells Fargo are innovating by unifying their data controls to avoid siloed approaches and optimize security, privacy and governance.


    •Establish a single workbench for collaboration and remediation
    •Deliver granular access control
    •Protect shared data and in motion

  57. 9:15 - 9:45AM

    • How Cybercriminals Capture Customer Info w/o Network Access Brad Wardman & Tony Harris, Booz Allen Hamilton

    Event Toggle Arrow
    Cybercriminals heavily target customer-facing products such as web portals, mobile applications, and APIs to extract or monetize company data without accessing company networks. Booz Allen will present examples of real-world product attack scenarios and provide insights into detection/mitigation.
  58. 9:45 - 10:15AM

    • Networking Snack Break

  59. 10:30 - 11:15AM

    • Agile Methodology Meets the Intelligence Cycle Chris Alexander, Synchrony

    Event Toggle Arrow
    The Intelligence Cycle is well-established, however it lacks the process-rigor of project management methodologies and is foreign to security and technology teams — Learn how Synchrony gained process maturity and improved partner engagement by overlaying Agile methodology onto the Intelligence Cycle
  60. 10:30 - 11:15AM

    • Creating Cyversity in the Financial Sector Meg Anderson, Principal & Jenny Menna, Humana & Vernecia Ruffin, Mass Mutual

    Event Toggle Arrow
    Diversity, Equity, & Inclusion strategies have failed despite good intentions. Like compliance is to security, current practices provide a false sense of accomplishment. The panel challenges the current practices  and will explore tangible & actionable alternatives to improve our sector's diversity.
  61. 10:30 - 11:15AM

    • Identifying and Responding to Insider Threats Marcus Cavil, Raymond James Financial & Michael McKinley, Raymond James Financial

    Event Toggle Arrow
    The presentation portrays Raymond James's journey toward establishing an Insider Threat Program and the decision to utilize its own security stack to develop its own platform to execute the mission. It presents realistic examples of what an Insider Threat looks like from a financial perspective. 
  62. 10:30 - 11:15AM

    • Cryptocurrency Threats and You Trish Denno, Fidelity Investments & Sydney Jones, BNP Paribas & Kate Dowling, Synchrony Financial

    Event Toggle Arrow
    Financial institutions do not have to trade in cryptocurrencies to be impacted by them. The authors of FS-ISAC Threat Intelligence Committee's "Point of View Paper on Threats to Digital Assets" share insights, including recent threat activities, attack vectors and applicability of existing threat models.
  63. 10:30 - 11:15AM

    • Listen-First Approach to InfoSec Consulting Adam Dzuricky, Erie Insurance

    Event Toggle Arrow
    Learn about how the Erie Insurance Information Security team built new ways to help others be more secure.  No tech, just a change in approach.  You will get details on why this service is valuable, how to build such a program at your company, and even get access to a "starter pack" of materials.
  64. 10:30 - 11:15AM

    • Post-Quantum Security Considerations For FinSvcs Ronald Jones, DTCC

    Event Toggle Arrow
    Post Quantum Cryptography will introduce changes to the Cyber Security landscape.  This presentation is to provide an elementary background introduction to Quantum Computing and the security threat.  
  65. 11:30AM - 12:15PM

    • What can Financial Institutions Learn From Shipbuilders? Jason Aguiar, Akamai & Guruprasad Ramamoorthy, S&P Global

    Event Toggle Arrow
    Shipbuilders have long used containment to control flooding. Similarly, financial institutions use segmentation to rapidly mitigate zero-days and prevent data exfil from breaches. Akamai and S&P Global share how this strategy can provide the needed visibility to prevent and detect lateral movement.
  66. 11:30AM - 12:15PM

    • What Does the FS-ISAC Board do? Meg Anderson, Principal & Kris Fador, Bank of America & Ann Barron-DiCamillo, CITI & Karl Schimmeck, Morgan Stanley

    Event Toggle Arrow
    Are you curious about what the FS-ISAC Board does?  Interested in serving on the Board now or in the future?  Current FS-ISAC Board members will discuss what it is like to be on the FS-ISAC Board, duties, time commitment, learnings, etc. and answer questions from the audience about the role and the
  67. 11:30AM - 12:15PM

    • Off-Label EDR Threat Hunting Chris Boehm, SentinelOne & Joseph Weber, Regions Bank

    Event Toggle Arrow
    SentinelOne and Regions Bank Threat Hunters present their “off-label” EDR practices to diagnose issues and triage cyber risks. We cover threat-hunting missions, adversary detection, security hygiene, success stories, metrics, and best practices to sterilize your network.
  68. 11:30AM - 12:15PM

    • Empowering Others Through Purposeful Mentoring Clark Cone, MassMutual

    Event Toggle Arrow
    Whether you are a seasoned mentor or are starting to guide others, this session is for you! We will cover different coaching methods, personality types, and motivators. Combining this with shared experiences, we will build a comprehensive playbook so that you can build a diverse and empowered team!
  69. 11:30AM - 12:15PM

    • How Your Contact Center & IVR Are Being Weaponized Shawn Hall, Pindrop & Darren Baldwin, Pindrop

    Event Toggle Arrow
    When it comes to fraud prevention, the smallest data points can be followed to uncover trends in major fraudulent activity. With over 61% of fraud losses tied to the IVR, learn about real scenarios where fraudsters utilized the IVR to commit cyber fraud and successfully takeover accounts, with ease.
  70. 11:30AM - 12:15PM

    • Office Hours - A Continuing PQC Saga David Edelman, Citi

    Event Toggle Arrow
    An opportunity for everyone to have a low key discussion of an event of immense importance that will require coordination at a massive scale. 
  71. 12:15 - 1:15PM

    • Lunch

  72. 1:30 - 2:15PM

    • Bridging the Gap Between Security & Fraud Nathan Adams, PNC Financial Services & Reese D'Herckens, ExtraHop & Annie Howard, PNC Financial Services

    Event Toggle Arrow
    Combating cyber fraud and cybercrime has many similarities, yet at most financial institutions, they’re kept at arm’s length. PNC Financial shares the strategic vision that led them to bring cohesion to their cyber battlefront, as well as practical advice for how to help both teams excel.
  73. 1:30 - 2:15PM

    • PQC Industry Standardization Peter Bordow, Wells Fargo & Jeff Stapleton, Wells Fargo

    Event Toggle Arrow
    This session looks at the PQC industry standardization efforts from an alphabet soup perspective, including ASC X9, ISO TC68, ISO/IEC JTC1, ETSI, IETF, IEEE, ITU-T, INCITS, PCI SSC, and others. This is not your grandfather’s quantum world anymore, it’s the next generation’s quantum technology. 
  74. 1:30 - 2:15PM

    • Making CISA Advisories a Pillar of Security Program Joe Calia, MasterCard & Jay Gazlay, Cybersecurity and Infrastructure Security Agency (CISA) & Poonam Verma, US Bank & Cycognito

    Event Toggle Arrow
    CISA Advisories remain an amazing free resource available to security programs large & small but as the volume of CVEs and, most of all, critical CVEs increases every year, security teams have more difficulty staying on top. The panel will discuss how to operationalize CISA with real examples.
  75. 1:30 - 2:15PM

    • Leveraging Threat Intelligence to Modernize Cyber Insurance Derrick Lewis, Liberty Mutual Insurance & Brian Riley, Liberty Mutual Insurance

    Event Toggle Arrow
    Insurance carriers need to modernize how they assess the posture of the companies they insure. Liberty Mutual will discuss how they think about the risk posture of their customers, and how they are using their internal security program to add additional value to their cyber insurance product.
  76. 1:30 - 2:15PM

    • How to Build Security Teams for Lasting Cyber Resilience Dan Potter, Immersive Labs

    Event Toggle Arrow
    Effective cybersecurity requires diverse skills, yet a rigid focus on traditional cyber career paths and global talent shortages expose businesses to attacks. To build cyber resilience, leaders must rethink cyber teams and talent and adopt a more inclusive, people-centric approach to cybersecurity.
  77. 1:30 - 2:15PM

    • Bust Machine Learning Myths to Build Your Program Stephen Salerno, Fifth Third Bank

    Event Toggle Arrow

    There are two pervasive myths regarding Machine Learning. I will dispel the myth that ML is too dense to do in-house. Second, I will bust the myth that ML is a cure-all for cyber security by outlining a 3 year journey building a ML program. Gain practical takeaways to start your own ML program.

  78. 2:30 - 3:15PM

    • FinSvcs Specific Response for Post-Quantum Cryptography Peter Bordow, Wells Fargo & Mike Silverman, FS-ISAC & George Webster, HSBC

    Event Toggle Arrow
    The practitioner-led FS-ISAC PQC Working Group worked throughout 2022 to develop a comprehensive response to the disruption PQC may cause in the future.  This session will review the output, give suggestions on how to consume the output, and discuss next steps for the WG.
  79. 2:30 - 3:15PM

    • The Future of Cyber Threats

    Event Toggle Arrow

    First, we’ll talk about quantum supremacy and the implications of Y2Q. From there, we’ll discuss the future of phishing and BEC by examining the state of deepfakes toolkits. Last, we’ll wrap up with a note on AI-enabled script kiddies and look at a few specific examples using ChatGPT.

  80. 2:30 - 3:15PM

    • Belonging and Community: Build and Keep a Diverse Workforce Aisha Jimoh, FS-ISAC

    Event Toggle Arrow

    This presentation aims to provide Hiring Managers and Team Leads actionable tips on attracting and retaining diverse talent and show the benefits a diverse workforce can have for teams/companies.

  81. 2:30 - 3:15PM

    • Preparing for High-Volume Phishing-as-a-Service Threats Mike Kielt, Bank of America & Guy Pearson, Bank of America

    Event Toggle Arrow

    Phishing as-a-service (PhaaS) creates scalable campaigns targeting multiple brands simultaneously, simplifies phishing content creation, and is evolving anti-detection capabilities to prolong threat exposure.  This session will provide an overview of this threat and what we can do to fight back.  

  82. 2:30 - 3:15PM

    • Solving Multi-Cloud Identity with Cloud Infra Entitlement Management Johan Lund, Accenture

    Event Toggle Arrow

    Identity is the cloud's perimeter and it is complex. Learn how Accenture leveraged Cloud Infrastructure Entitlement Management (CIEM) solution to maintain cloud identity hygiene and mitigate the risk of data breaches in public cloud environments.

  83. 2:30 - 3:15PM

    • Solving Real World Security Challenges Using Metrics Moderator: Nik Whitfield, Panaseer Panellists: Christian Adam, BNY Mellon & Shawn Bowen, World Fuel Services & Paul Rogers, JP Morgan Chase & Charlotte Jupp, Panaseer

    Event Toggle Arrow

    A panel session with industry CISO’s that will help FS-ISAC members solve their current top of mind security challenges by learning about peer based best practice around understanding more about how security can be improved using measurement and metrics.

  84. 3:30 - 4:00PM

    • Networking Snack Break

  85. 4:10 - 5:30 PM

    • Temp the Titans Titans: Roberto Armenteros, CITI MD & Gary McAlum, AIG & Brian Minick, Fifth Third Bank & Asim Murad, Bank of America

  86. 4:10 - 4:30PM

    • In the Eye of the Storm: Mastering Cloud Incident Response Paul Stamp, Cado Security

    Event Toggle Arrow
    Innovation in cloud prevention and detection means organizations know about cloud attacks in near real time; but, when it comes to incident response, there’s a huge gap. Learn how to leverage the scale, speed and automation of the cloud to master incident response in a dynamic cloud world.
  87. 4:30 - 4:50PM

    • SBOMs w/o F-Bombs - Select, Secure & Maintain OSS at Scale Varun Badhwar, Endor Labs

    Event Toggle Arrow

    Over 80% of modern application code is open source. Endor Labs’ solutions helps finserv companies safely use OSS by cutting 80% of the noisy alerts generated by existing SCA tools, defending against next-gen supply chain attacks, improving performance, and managing the lifecycle of SBOMs. 

  88. 4:50 - 5:10PM

    • Threat Hunting: Not a Buzz Word, but a Game Changer... Scott Poley, Cyborg Security

    Event Toggle Arrow

    Threat Hunting has become a term used in many venues to mean different things. Let's define what real threat hunting looks like, how different organizations utilize it and the challenges they face, and how threat hunting can add long term benefits to Strategy, Risk, and ROI on other investments.

  89. 5:10 - 5:30PM

    • Quantum Security & Y2Q..... Is Y2Q a Red Herring? Denis Mandich, Qrypt

    Event Toggle Arrow

    Review quantum threat to FSI and provide guidance on Y2Q


    1. Qrypt & Co-founder intro, background cryptography in the CIA. 
    2. The quantum problem we face and how we got here.
    3. The exposure and risk to FSI
    4. Question if there is a better way 
    5. Present Qrypt solution
    6. Guidance

  90. 6:00 - 10:00PM

    • Signature Dinner Event

  91. • Printable Version of Agenda

    Event Toggle Arrow
  92. March 22 Wednesday
  93. • Summit Chair Kris Fador, Bank of America

    Event Toggle Arrow

    FS-ISAC_KristopherFador-BofAKris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

    An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

    As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

    Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

    Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

  94. 7:30 - 8:30AM

    • Registration and Breakfast

  95. 8:30 - 8:45AM

    • Discussion With FS-ISAC's Critical Providers Mani Sundaram, Akamai & Steven Silberstein, FS-ISAC & David Stone, Google

  96. 8:45 - 9:15AM

    • An Abnormal Approach to Risk Reduction: Securing Email Arun Singh, Abnormal Security & Gary Sherman, Liberty Mutual & Clayton Kruegar, Ascensus

    Event Toggle Arrow
    As huge financial organizations, Liberty Mutual and Abnormal Security are under constant pressure to mitigate their risk. Unfortunately, email remains one of the easiest ways in. This session will show how these financial organizations are transforming their security practices to stay ahead of emerging threats.
  97. 9:15 - 9:45AM

    • Balancing Innovation and Cyber Risk During Digital Xforms Moderator: Aly Farooqui, IBM Cloud Panelists: Charles Henderson, IBM & Joe LoBianco, CIBC & Ronald Smalley, Fiserv

    Event Toggle Arrow
    All organizations strive for improved efficiency and smarter ways of doing business. When designing or operationalizing a hybrid cloud strategy, what considerations are needed to do so securely and within regulatory compliance? How do emerging threats & changing rules impact transformation planning?
  98. 9:45 - 10:15AM

    • Networking Snack Break

  99. 10:15 - 11:00AM

    • Lines in the Sand or Etched in Stone? Elizabeth Brady, Bank of America & Kristopher Fador, Bank of America & Kristin Royster, Bank of America

    Event Toggle Arrow
    Strengthening firm security and resilience through improved collaboration and communication between cyber risk management and threat defense functions – a discussion with the first and second lines.
  100. 10:15 - 11:00AM

    • The Mind of a CISO Edward Contreras, Frost Bank

    Event Toggle Arrow

    This session addresses how to successfully engage your executive leader to support your business asks while understanding their business expectations. Even if your project addresses security gaps, is a "must-have" project, you still must understand the "Business Value".

  101. 10:15 - 11:00AM

    • How To Start a Successful DevSecOps Program Josh Hankins, Qualys

    Event Toggle Arrow

    This presentation walks through the patterns of successfully starting of a DevSecOps program from scratch. It focuses on the strategies to be successful and the lessons learned along the way. Lastly, this talk concludes how the recent EO of SBOM shapes the next steps of DevSecOps maturity.

  102. 10:15 - 11:00AM

    • Secure Identity & Forge a Resilient Future for Your Business Derek Melber, QOMPLX, Inc. & Jonathan Mason, Fidelity National Financial, Inc.

    Event Toggle Arrow
    As organization sprawl continues beyond on-premises into the cloud, identity has become the new security boundary. Identity abuse and compromise leads to lateral movement and privilege escalation, which can take any financial service offline.  Learn best practices to keep your business safe.
  103. 10:15 - 11:00AM

    • Why a Maverick Mindset is what "Next-Gen CTI" Needs Mike Lefebvre, SEI

    Event Toggle Arrow
    CTI enables defenders to share threat indicators, however, it focuses on one side of the dogfight – what the attacker is doing! CTI must evolve to include incident handling actions. This talk is a vision on enhancing CTI  to include defender transparency to expedite incident handling. 
  104. 10:15 - 11:00AM

    • What is Threatcasting and Why Should We be Doing it? Michelle McCluer, Mastercard

    Event Toggle Arrow

    Threatcasting provides a systematic and transparent method to model a range of potential future conditions and threats in a complex and uncertain environment. 

    This session will provide insight into the model as well as findings from the previous two years.

  105. 11:15AM - 12:00PM

    • Peer-Benchmarked Threat Resiliency Metrics Bashar Abouseido, Charles Schwab & David Cowart, Chubb & Dave Ritenour, Capital Group & Tim Wainwright, Security Risk Advisors

    Event Toggle Arrow
    The FS Threat Simulation “Index” can help prioritize and steer detection capabilities and resilience against threat groups.  Join these leading organizations in adopting benchmarked Defense Success Metrics for threat resilience and MITRE ATT&CK alignment.  The Index is free for all FS-ISAC members.
  106. 11:15AM - 12:00PM

    • CRI Profile in Action: A Use Case by Fulton Bank Brad Agatone, Fulton Bank & Barth Bailey, Fulton Bank & Emily Beam, Cyber Risk Institute

    Event Toggle Arrow

    This session will provide an overview of how the CRI Profile and Cloud Profile have been used when moving to the cloud. Through a detailed use case, session participants will learn best practices for working with cloud service providers during cloud implementation. 

  107. 11:15AM - 12:00PM

    • Cloud Security Fundamentals: Protect Your Digital Assets Tim Chase, Lacework

    Event Toggle Arrow

    This presentation will explain why cloud security is critical in the financial industry, explain the different assets that you are responsible for securing in your cloud, share best practices for securing your data, and explain the various technology solutions available to help you.

  108. 11:15AM - 12:00PM

    • Better Together: Intelligence and Insider Threat AJ Nash, ZeroFox

    Event Toggle Arrow
    We will provide the keys to effective Intelligence and Insider Threat programs (goals, objectives, processes, outputs, and measurements of effectiveness), and explain how to build symbiotic relationships - while maintaining confidentiality - that increase effectiveness, reduce risk and lower costs.
  109. 11:15AM - 12:00PM

    • Push Button Intel – Automating the Grunt Work Parker Eastman, Liberty Mutual

    Event Toggle Arrow
    This presentation will cover the Intelligence Development Process and will present examples of how Liberty Mutual has leveraged this model to drastically reduce analysts’ workloads
  110. 11:15AM - 12:00PM

    • You Can’t Stop What you Can’t see - Threat Hunting w/Osquery Steve Shedlock, SEI

    Event Toggle Arrow

    Threat Hunting is an important tool in any security teams arsenal to enable them to validate and improve their security posture. Osquery makes it simple to search through all the artifacts that occur on an endpoint to narrow your focus to only the items you are interested in.

  111. 12:15 - 1:00PM

    • Collective Defense: Intel Sharing, Collab., & Automation Neal Dennis, Cyware

    Event Toggle Arrow
    Having timely, frontline threat intel from your entire industry at your fingertips lets you respond quickly. Learn how to share ISAC threat intel to throughout your organization, orchestrate tools across security silos, and automate response actions, based on reliable and up-to-date intelligence.
  112. 12:15 - 1:00PM

    • Operational Resilience Risk Level: Creating a Baseline Cameron Dicker, FS-ISAC

    Event Toggle Arrow

    The North Americas Business Resilience Committee is piloting an Operational Resilience Risk Level methodology to replace the Physical Threat Level. This session is a discussion of that methodology and  dialogue with members to form a baseline Risk Level based on current threats and risks.

  113. 12:15 - 1:00PM

    • Manage Secret Credential Scanning in Source Code Vivek Kumar, CBOE

    Event Toggle Arrow

    While developing application, the developers often use various secrets in code like password and other credentials. These codes with secrets are often ignored and not scanned for any vulnerabilities. This becomes one of the attack vectors for bad actor. Let's discuss how to manage this major issue.

  114. 12:15 - 1:00PM

    • Keeping Teenage Extortionists off Your Cyber Lawn Adam Perino, Regions Bank & Nick VanGilder, Regions Bank

    Event Toggle Arrow

    Regions Bank’s Red Team and Threat Hunting managers present an intel-driven approach to emulating real-world low-sophistication attacks, Red Team best practices, and how a healthy partnership between red and blue teams is essential to hardening your organization’s defenses from adversaries.

  115. 12:15 - 1:00PM

    • The Inside Scoop with Fiserv: The Transition to Passwordless Bojan Simic, HYPR & Dawn Watters, Fiserv

    Event Toggle Arrow

    Join Bojan Simic, HYPR's CEO, CTO and co-founder for an insightful "Inside Scoop" session with Dawn Watters, SVP of Identity & Access Management at Fiserv, where you'll gain an over the shoulder view from an executive that was involved in the transition to passwordless, phishing resistant MFA. 

  116. 12:15 - 1:00PM

    • Master the 3 Levels of Strategic Risk Decision Making Nathan Wenzler, Tenable

    Event Toggle Arrow

    Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three. In this talk, we'll discuss strategies to measure and communicate risk up and down your entire organization to align security and business in reducing cyber risk.

  117. 1:00 - 2:00PM

    • Lunch and Raffle

  118. 2:15 - 3:00PM

    • Members Only: Proactive Threat Detection Through Geopolitical Intel Olivia DiFresca, TD Bank & Ryan Smith, TD Bank

    Event Toggle Arrow
    The session will begin with an overview of TD's Fusion Intelligence Team (slide 3-4) and dive into how the Security Intelligence Team operates to provide extraordinary intelligence through geopolitical lens (5). We will conclude with relevant case studies showcasing proactive threat detection (6). 
  119. 2:15 - 3:00PM

    • Members Only: ABCs of Cybersecurity in the Financial Sector Peter Falco, FS-ISAC & Sydney Jones, BNP Paribas & Jeffrey Potter, Davenport & Company LLC & Greg Markovich, FINRA

    Event Toggle Arrow
    This panel is geared for individuals new to the financial sector, but not necessarily new to cybersecurity. This panel will cover the ‘whys’ of what it is that information security people are trying to keep secure, and how rules and regulations are also a vital part in this. 
  120. 2:15 - 3:00PM

    • Members Only: Building Muscle Memory Through Exercising: Cyber Ranges Matthew Goard, Morgan Stanley

    Event Toggle Arrow

    This presentation will cover an overview of what  successful exercise program looks like and where cyber ranges fit in. It will also cover the benefits and limitations of cyber ranges and how to choose what is right for your organization.

  121. 2:15 - 3:00PM

    • Members Only: Threat Modeling: A Different Approach to Security Intel Lauren Jones, MassMutual

    Event Toggle Arrow

    Want to maximize your Intelligence team’s time and effort? Want to identify more valuable defensive actions while reducing stress on your security teams?  This talk will provide you with clear and immediate steps for creating threat models based on a threat actor's perspective of your organization.

  122. 2:15 - 3:00PM

    • Members Only: Presenting Cybersecurity to the Board Jerry Perullo

    Event Toggle Arrow

    Having retired as a CISO and sat on both sides of the Board table, Jerry Perullo will showcase a set of practical concrete visualizations and presentation formats that have resonated well with Financial Service Board members.

  123. 3:15 - 4:00PM

    • Members Only: Detection Engineering Evolution for Quality Detections Sarah Beck, State Farm Insurance & Steph Klingele, State Farm

    Event Toggle Arrow
    Can rapid growth happen on a Detection Engineering team?  This presentation outlines our experiences in how we handled rapid growth that led to improvements that impacted our entire SOC, leading to a greater understanding of our threat posture and gaps.
  124. 3:15 - 4:00PM

    • Members Only: A Discussion on What Does "Resilience" Mean to you? Lori Bilske, CME Group & Rikki George, CME Group & Anne Kiplinger, CME Group

    Event Toggle Arrow

    Each firm defines, tests and measures resilience differently, making it a rarity to openly discuss lessons learned with others. This interactive roundtable will be a candid conversation between FS-ISAC member firms about resilience and what it looks like within their organizations.

  125. 3:15 - 4:00PM

    • Members Only: Navigating Evolving Cyber Incident Notification Requirements John Carlson, American Bankers Association & Heather Hogsett, BITS/BPI

    Event Toggle Arrow

    Learn how FIs must navigate evolving cyber incident notification requirements based on regs issued by US financial regulators, proposed by the Financial Stability Board and the Department of Homeland Security/CISA and about coordinated industry efforts to harmonize these requirements.

  126. 3:15 - 4:00PM

    • Members Only: Your Strategy Needs a Strategy Kristina Dorville, AIG & Carrie Norman, AIG

    Event Toggle Arrow

    Setting and communicating a strategy in today’s rapidly changing technical environment can be challenging, but a strategy remains an essential part of defining clear company-wide information security goals and how to achieve them. This session will review how to develop and communicate a strategy.

  127. 3:15 - 4:00PM

    • Members Only: How to Fail at Cyber Threat Intelligence Kristina Dorville, AIG & Carrie Norman, AIG

    Event Toggle Arrow

    Everyone is "doing cyber threat intelligence." If you aren't yet, you are starting to. But what exactly does that mean and what does a program really look like? This talk discusses how to build a program avoiding the pitfalls that make programs irrelevant and ineffective.

  128. 3:15 - 4:00PM

    • Members Only: Understanding & Combatting Card Fraud Best Practices Karen Helmberger, FS-ISAC

    Event Toggle Arrow

    As tactics of bad actors evolve, it puts greater importance on safeguarding critical card data and using layers of proactive and reactive fraud tools to prevent loss. We will discuss best practices for effectively protecting cardholders and financial institutions, including implementing PCI DSS v4.

  129. 5:00 - 6:00PM

    • Closing Reception

  130. • Printable Version of Agenda

    Event Toggle Arrow

SPONSORSHIP OPPORTUNITIES

You will spend three days networking with financial sector cyber and information security professionals – decision-makers and influencers. If the financial sector is your market, you will be in front of an audience eager to learn from your subject experts in sessions, talk to your team in the Solutions Hall and get to know you at casual networking at social events. Sponsors enjoy high member to sponsor attendance ratio and abundant networking opportunities with financial firms from the diverse verticals in the financial sector.

All sponsorships include:

• Complimentary registrations (see specific sponsorship for number)

• Company included on www.fsisac.com event website, on-site materials and Summit App

• LeadCapture App license

• Pre-event opt-in list – includes company, title, city, country

• Post-event opt-in list – includes company, first and last name, title, email, city, state, country, and postal code.

 

View full sponsorship opportunities here. For information or questions contact the Business Development Team at sales@fsisac.com.

View the Terms and Conditions here