Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

Nicholas Thompson has occupied the most prestigious positions in the world of tech writing and journalism—staking out a bold, optimistic vision for what our future will look like. Nicholas currently serves as CEO of The Atlantic. In 2022, The Atlantic earned the top honor for magazines, General Excellence, at the National Magazine Awards; earned its second Pulitzer Prize in as many years; and was named Digiday’s Publisher of the Year.

How will the world’s dominant tech corporations—Apple, Google, Facebook, Amazon, Microsoft—interact with citizens, help write policy, and redefine privacy and security? How will artificial intelligence and robotics change our devices, the way we work, earn a living, fight wars, solve problems—our very selves? No matter the subject—design, culture, media, tech, ethics, or our digital future—he’s more than ready to break the news with big ideas and fearless takes.

As the Editor-in-Chief of WIRED, Nicholas broke massive stories about Facebook’s hidden flaws, cyber-warfare, the Robert Mueller investigation, and numerous other topics. His ground-breaking investigative reporting on Facebook was a finalist for a 2020 Loeb Award, and he oversaw work that won the Pulitzer Prize, the National Magazine Award, and has even led to Oscar-winning films.

At The New Yorker, Nicholas served as editor of the magazine’s digital platforms, breaking new ground with stories about his friendship with Joseph Stalin’s daughter, how our lives are forever changed by the consumer drone industry, and arson amid the election cycle. His work at The New Yorker is defined by his fearless leadership and unwavering commitment to quality stories: The main strategy for growing audience is to publish more, better stories. The stories we’re prouder of, the stories we put more effort into, attract more readers.

He’s also the author of the critically acclaimed biography The Hawk and the Dove: Paul Nitze, George Kennan, and the History of the Cold War—a fascinating double biography that follows two rivals and friends from the beginning of the Cold War to its end. The New York Times said that the book was “brimming with fascinating revelations about the men and the harrowing events they steered through.”

Nicholas is a former Senior Editor at Legal Affairs and a former contributor at CBS. With a massive and vigilant following on social media, he’s one of LinkedIn’s most-followed individuals. He earned the 21st Century Leader Award from The National Committee on American Foreign Policy, was a Future Tense Fellow at the New America Foundation and is a member of the Council on Foreign Relations.

Link to printable PDF

Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

How Capital One, TIAA and Wells Fargo are innovating by unifying their data controls to avoid siloed approaches and optimize security, privacy and governance.

•Establish a single workbench for collaboration and remediation
•Deliver granular access control
•Protect shared data and in motion

There are two pervasive myths regarding Machine Learning. I will dispel the myth that ML is too dense to do in-house. Second, I will bust the myth that ML is a cure-all for cyber security by outlining a 3 year journey building a ML program. Gain practical takeaways to start your own ML program.

First, we’ll talk about quantum supremacy and the implications of Y2Q. From there, we’ll discuss the future of phishing and BEC by examining the state of deepfakes toolkits. Last, we’ll wrap up with a note on AI-enabled script kiddies and look at a few specific examples using ChatGPT.

This presentation aims to provide Hiring Managers and Team Leads actionable tips on attracting and retaining diverse talent and show the benefits a diverse workforce can have for teams/companies.

Phishing as-a-service (PhaaS) creates scalable campaigns targeting multiple brands simultaneously, simplifies phishing content creation, and is evolving anti-detection capabilities to prolong threat exposure.  This session will provide an overview of this threat and what we can do to fight back.  

Identity is the cloud's perimeter and it is complex. Learn how Accenture leveraged Cloud Infrastructure Entitlement Management (CIEM) solution to maintain cloud identity hygiene and mitigate the risk of data breaches in public cloud environments.

A panel session with industry CISO’s that will help FS-ISAC members solve their current top of mind security challenges by learning about peer based best practice around understanding more about how security can be improved using measurement and metrics.

Over 80% of modern application code is open source. Endor Labs’ solutions helps finserv companies safely use OSS by cutting 80% of the noisy alerts generated by existing SCA tools, defending against next-gen supply chain attacks, improving performance, and managing the lifecycle of SBOMs. 

Threat Hunting has become a term used in many venues to mean different things. Let's define what real threat hunting looks like, how different organizations utilize it and the challenges they face, and how threat hunting can add long term benefits to Strategy, Risk, and ROI on other investments.

Review quantum threat to FSI and provide guidance on Y2Q

1. Qrypt & Co-founder intro, background cryptography in the CIA. 
2. The quantum problem we face and how we got here.
3. The exposure and risk to FSI
4. Question if there is a better way 
5. Present Qrypt solution
6. Guidance

Link to printable PDF

Kris Fador is deputy chief information security officer at Bank of America and is directly responsible for leading cybersecurity operations around the globe to protect the company’s information systems, safeguard client and employee data, and ensure overall cyber resilience. His team conducts a variety of critical functions for the bank’s Global Information Security (GIS) team, including Cyber Security Defense, Cyber Security Assurance, Cyber Crime Prevention and the Business Information Security Office.

An experienced leader on Bank of America’s security team with deep operational knowledge and a global perspective, Fador most recently led the Cyber Security Defense team. In this role, he oversaw cybersecurity threat intelligence, emerging threat analytics, adversary replication, information protection, vulnerability management, insider threat programs, system defense, and cyber incident response and recovery. Previously, Fador served as the GIS Global Business Information Security officer, working closely with business units across the bank to ensure their operations were both secure and resilient in a dynamic threat environment. He has also led the bank’s cyber incident response organization, the global cybersecurity assessment function, and the information security team in Asia.

As a driver of increasing collaboration on cybersecurity issues within the financial sector, Fador has been a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC) since 2019 and currently serves as chair of the audit committee.

Before joining Bank of America, Fador led the corporate security intelligence and analysis function for North America at ABN AMRO Bank. He also held leadership roles at a risk consulting firm advising clients on cybersecurity, compliance and fraud issues.

Fador is a passionate advocate for narrowing the gender gap in technology. He serves as co-executive sponsor for Bank of America’s Women in Technology & Operations, having previously co-chaired the employee advocacy group. Fador is a graduate of Lake Forest College, where he earned a bachelor’s degree in economics and history.

This session addresses how to successfully engage your executive leader to support your business asks while understanding their business expectations. Even if your project addresses security gaps, is a "must-have" project, you still must understand the "Business Value".

This presentation walks through the patterns of successfully starting of a DevSecOps program from scratch. It focuses on the strategies to be successful and the lessons learned along the way. Lastly, this talk concludes how the recent EO of SBOM shapes the next steps of DevSecOps maturity.

Threatcasting provides a systematic and transparent method to model a range of potential future conditions and threats in a complex and uncertain environment. 

This session will provide insight into the model as well as findings from the previous two years.

This session will provide an overview of how the CRI Profile and Cloud Profile have been used when moving to the cloud. Through a detailed use case, session participants will learn best practices for working with cloud service providers during cloud implementation. 

This presentation will explain why cloud security is critical in the financial industry, explain the different assets that you are responsible for securing in your cloud, share best practices for securing your data, and explain the various technology solutions available to help you.

Threat Hunting is an important tool in any security teams arsenal to enable them to validate and improve their security posture. Osquery makes it simple to search through all the artifacts that occur on an endpoint to narrow your focus to only the items you are interested in.

The North Americas Business Resilience Committee is piloting an Operational Resilience Risk Level methodology to replace the Physical Threat Level. This session is a discussion of that methodology and  dialogue with members to form a baseline Risk Level based on current threats and risks.

While developing application, the developers often use various secrets in code like password and other credentials. These codes with secrets are often ignored and not scanned for any vulnerabilities. This becomes one of the attack vectors for bad actor. Let's discuss how to manage this major issue.

Regions Bank’s Red Team and Threat Hunting managers present an intel-driven approach to emulating real-world low-sophistication attacks, Red Team best practices, and how a healthy partnership between red and blue teams is essential to hardening your organization’s defenses from adversaries.

Join Bojan Simic, HYPR's CEO, CTO and co-founder for an insightful "Inside Scoop" session with Dawn Watters, SVP of Identity & Access Management at Fiserv, where you'll gain an over the shoulder view from an executive that was involved in the transition to passwordless, phishing resistant MFA. 

Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three. In this talk, we'll discuss strategies to measure and communicate risk up and down your entire organization to align security and business in reducing cyber risk.

This presentation will cover an overview of what  successful exercise program looks like and where cyber ranges fit in. It will also cover the benefits and limitations of cyber ranges and how to choose what is right for your organization.

Want to maximize your Intelligence team’s time and effort? Want to identify more valuable defensive actions while reducing stress on your security teams?  This talk will provide you with clear and immediate steps for creating threat models based on a threat actor's perspective of your organization.

Having retired as a CISO and sat on both sides of the Board table, Jerry Perullo will showcase a set of practical concrete visualizations and presentation formats that have resonated well with Financial Service Board members.

Each firm defines, tests and measures resilience differently, making it a rarity to openly discuss lessons learned with others. This interactive roundtable will be a candid conversation between FS-ISAC member firms about resilience and what it looks like within their organizations.

Learn how FIs must navigate evolving cyber incident notification requirements based on regs issued by US financial regulators, proposed by the Financial Stability Board and the Department of Homeland Security/CISA and about coordinated industry efforts to harmonize these requirements.

Setting and communicating a strategy in today’s rapidly changing technical environment can be challenging, but a strategy remains an essential part of defining clear company-wide information security goals and how to achieve them. This session will review how to develop and communicate a strategy.

Everyone is "doing cyber threat intelligence." If you aren't yet, you are starting to. But what exactly does that mean and what does a program really look like? This talk discusses how to build a program avoiding the pitfalls that make programs irrelevant and ineffective.

As tactics of bad actors evolve, it puts greater importance on safeguarding critical card data and using layers of proactive and reactive fraud tools to prevent loss. We will discuss best practices for effectively protecting cardholders and financial institutions, including implementing PCI DSS v4.

Link to printable PDF