<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">
  • Overview
  • Call For Presentations
  • Program
  • Sponsors

Thriving Together in a Dynamic World

Overview 

Join fellow FS-ISAC members from across the Americas for three full days of learning, collaboration, and networking. 

Summits are our largest events of the year, packed with insightful presentations, workshops, and panels on topics relevant to the security of the global financial services industry. 

Highlights 

Relevance 

The synthesis of cybersecurity and the financial sector distinguishes FS-ISAC Summits from other large industry events. The Americas Summit is specifically designed for cybersecurity professionals in financial institutions. 

Content 

Sessions are divided into three tracks – Intelligence, Security, and Resilience – so that you can focus on the most pressing issues in your organization today. 

Connection 

Collaborating with cybersecurity experts from across the Americas advances your skills and the sector’s security. And by learning from others, you can develop invaluable connections that outlast the Summit. 

Summit Chair

ArielWeintraub-headshot-3

 

Ariel Weintraub, Chief Information Security Officer (CISO) at Aon.

 

 

Summit Keynote

Prat_Chantel-edited

 

Chantel Prat, Professor of Psychology, Neuroscience, and Linguistics at the University of Washington.

 

 

Exercise

Participating in exercises increases resilience. Take part in our half-day, in-person Tabletop exercise, "Artificial Intelligence Impacts on Markets and Public Confidence," on 27 October. This exercise is hosted in conjunction with the 2024 Americas Fall Summit, but registration is separate. Find out more about the exercise here.

Event Details 

Theme: Thriving Together in a Dynamic World 

Date: 27 – 30 October, 2024 

Location: Atlanta, Georgia 

 

Interested in sponsoring this event?

View Sponsorship Opportunities

 

Call for Presentations

The call for presentations is now closed.

 

 

Our Summits present an opportunity for you to share your story, expertise, and career’s worth of knowledge with cybersecurity experts from across the region. 

Presentations contribute to our information-sharing mission. Members choose from Summit presentations, roundtables, discussions, or panels in the Intelligence, Security, and Resilience tracks. 

The theme for 2024 Americas Fall Summit is Thriving Together in a Dynamic World. Our 2024 Summits will allow our members to share collective knowledge and experience along the following tracks: 

Intelligence
- Incidents and Campaigns
- Intel Practices and Methodology
- Actor TTP Analysis

Security
- Working Group Topics (Anti-Fraud, Red Teaming, AI Risk, PQC, etc)
- COIs & Industry Specific Topics (including regulation)
- Network Defense
- App and Data Security
- Emerging Technology

Resilience
- GRC
- Board Reporting
- Exercises
- Insider Risk
- Biz Resilience
- Third-Party Risk Management

 

View CFP overview here.

There are no third-party sponsors for this event. FS-ISAC completely runs the CAPS exercises.
 
  1. October 27 Sunday

  2. 12:00 - 5:00 PM

    Tabletop Exercise: AI Impacts on Markets & Public Confidence
    Felicia Guerin, FS-ISAC Exercise

    Event Toggle Arrow
    MEMBERS ONLY (SEPERATE REGISTRATION REQUIRED) Join colleagues for a half-day, in-person, strategic tabletop exercise titled Artificial Intelligence Impacts on Markets and Public Confidence. Hosted in conjunction with the Americas Fall Summit the exercise is open to member staff working on the AI front, investment liquidity and brand reputation.

  3. 3:00 - 4:00 PM

    Early Registration

  4. 4:00 - 5:30 PM

    Women's Networking Event

  5. 5:30 - 7:30 PM

    Opening Reception

  6. October 28 Monday

  7. 7:30 - 6:30 PM

    Registration

  8. 7:30 - 8:15 AM

    Breakfast

  9. 8:15 - 8:45 AM

    Opening Remarks

  10. 8:45 - 9:30 AM

    Where Does Curiosity Come From?
    Chantel Prat, University of Washington Keynote

  11. 9:30 - 10:00 AM

    Creating a Compelling Business Case for an IAM Transformation Platinum

    Event Toggle Arrow
    This session introduces a compelling business case for IAM transformation programs built on a foundation of data science that results in significant gains in IAM operational capacity at a lower operating cost. A by-product is better risk management with higher job satisfaction for IAM staff.

  12. 10:00 - 10:45 AM

    Morning Networking and Snacks

  13. 10:45 - 3:30 PM

    Capture the Flag
    Mike Connor, Principal Financial; Jacob Kravitz, Principal Financial

    Event Toggle Arrow
    Capture the Flag (CTF) contests can provide security teams with a fun, engaging learning opportunity outside of traditional training methods. In this session learn what goes into to building CTF challenges and how you can leverage competitive learning to strengthen team dynamic and skillsets.

  14. 10:45 - 11:30 AM

    Threat Hunt Program - A Woman's Prospective
    Jonna Ipsen, DTCC Intel - Intel

    Event Toggle Arrow
    Drive into the what, why and how of Threat Hunts, the process and hunting styles, needed skills, and prospective that women can bring to threat hunting process. In addition, discuss the reporting and metrics and the challenges when a hunt brings no findings.

  15. 10:45 - 11:30 AM

    Check Fraud Disruption: Efforts & Evolution
    Casey Hertz, US Bank; Tom Robinson, US Bank; Matt Jacobus, US Bank Intel - Fraud

    Event Toggle Arrow
    Overview of U.S. Bank's proactive efforts to disrupt the rise in stolen check fraud. Details our team's creation, process, and automation to increase results and provide protection for the bank as well as our customers.

  16. 10:45 - 11:30 AM

    From Chaos to Control: The Security Governance "Factory"
    Soo Yi, PNC; Amy Altman, PNC Resilience - GRC

    Event Toggle Arrow
    Policies are the backbone of a strong security program, but organizations are drowning in policy chaos and ineffective controls. Attendees will gain practical insight into implementing security governance that can cut through the chaos and drive maturity, demonstrating value to the company.

  17. 10:45 - 11:30 AM

    A Risk-Based Approach to Governing Acquitisions
    Chelsea Hill, Mass Mutual; Patrick Gannon, Franklin Square Holdings G.P., LLC (FS Investments); Tracy Wilkerson Geiger, Humana; Tom Scarborough, Fifth Third Bancorp Resilience - Board

    Event Toggle Arrow
    Understand different types of subsidiary/parent integration patterns ​ and the different methods to implement a risk-based approach to oversight and governance. Learn how to engage, partner, and collaborate with key stakeholders​.

  18. 10:45 - 11:30 AM

    How Exercises Drive the Evolution from BCM to Op Resilience
    Bethany Netzel, CME Group; David Garland, CME Group; Joseph Jorgensen, CME Group Resilience - Resilience

    Event Toggle Arrow
    Looking at the evolution of BCM to Operational Resilience and how exercises can be used to pressure test the resilience strategies and planning. We will look at different types of exercises that can be done to validate a wide variety of planning aspects.

  19. 11:45 - 12:30 PM

    Building the CTI Brand: A Path to Success
    Matthew Brady, Target Corporation; Ryan Miller, Target Corporation Intel - Intel

    Event Toggle Arrow
    A strong cyber threat intelligence (CTI) brand is essential for maturing your CTI program. Learn from Target's CTI leaders about the pivotal role effective collaboration and strong partnerships play in building the CTI brand to gain internal support and enhance external trust and engagement.

  20. 11:45 - 12:30 PM

    Exercise Your Plans: Using Tabletops to Manage Risk
    Dana Turner, Union Bank & Trust Company (Nebraska) Resilience - Resilience

    Event Toggle Arrow
    Tabletop exercises play a pivotal role in risk management within organizations. These simulations enable evaluation of response plans and procedures. Unlike full-scale drills, tabletop exercises involve participants discussing and role-playing various crisis scenarios in a low-stress setting.

  21. 11:45 - 12:30 PM

    What’s Next for IT Risk, GRC and SecOps from Code-to-Cloud?
    Paul Leonhirth, Palo Alto Networks Resilience - GRC

    Event Toggle Arrow
    “Firms have invested Billions in IT Risk and Compliance controls. Are firms still using spreadsheets to monitor and report on today’s tech risk, from Code-to-Cloud-to customer? Why do we still have thousands of IT and Cybersecurity controls? How can we harness automation to deliver business results?

  22. 11:45 - 12:30 PM

    Red Teaming Your Fraud Controls
    Jerrry Tylman, Greenway Solutions Intel - Fraud

    Event Toggle Arrow
    Red Teaming tests customer-facing processes and associated fraud controls. Using live accounts and real money, it mimics fraudsters to find gaps in account opening, access, maintenance and money movement. This is analogous to cyber penetration testing and fills a critical fraud risk assessment gap.

  23. 11:45 - 12:30 PM

    More Visibility & Liability Adapting to The New CISO Reality Resilience - Board

    Event Toggle Arrow
    IANS Research & Artico Search 2024 Financial Services CISO Survey report showed that CISOs are experiencing anxiety and opportunity, which is attributed to the challenging economy, increasing cyber breaches, rise of generative AI tools & growing personal financial risk associated with legal action.

  24. 12:30 - 1:45 PM

    Lunch

  25. 1:45 - 2:30 PM

    Brand Protection – Defending the Seven Communication Realms
    Adam Perino, Regions Financial; Kaleb Beasley, Fifth Third Bancorp Intel - Fraud

    Event Toggle Arrow
    Fraudsters can pretend to be your company through any customer communication channel. Threat Intelligence can assemble proven vendor and in-house controls to detect, respond, and protect against brand infringement. Make defending the seven communication realms part of your company’s brand identity.

  26. 1:45 - 2:30 PM

    Human/Computer Relationships Across the Intel Life Cycle Intel - Intel

    Event Toggle Arrow
    Combining things like ChatGPT and fundamental automation and orchestration can empower intelligence analysts into more efficient and timely workflows. Automating aspects of the Intel Life Cycle allows analysts to function more like data scientists vs manual analysts.

  27. 1:45 - 2:30 PM

    Enhancing Cyber Resilience in FS through Targeted Emulation
    Graham Westbrook, SimSpace Resilience - Resilience

    Event Toggle Arrow
    Today, financial institutions face unprecedented challenges in safeguarding digital assets & maintaining regulatory compliance. However, with real world simulations and drills they can build & test resilient defenders & defenses. These exercises help enhance their defensive strategies effectively.

  28. 1:45 - 2:30 PM

    Insights on Navigating Material Cybersecurity Risks Resilience - GRC

    Event Toggle Arrow
    Prioritizing material risks has become a SEC mandate. This talk will examine the material risk framework and apply practical use cases for processes and tools to meet this new focus area with a collaborative approach to preventing and/or minimizing incidents before they become material.

  29. 1:45 - 2:30 PM

    Improving Access and Security Controls in M&A
    Bradon Rogers, Island Resilience - Board

    Event Toggle Arrow
    Mergers, acquisitions, and divestitures pose unique security challenges. While virtual deal rooms are preferred for secure exchange of data during due diligence, they are still at risk for data leaks. This session addresses techniques to improve access controls and data security in the M&A process.

  30. 2:45 - 3:30 PM

    Threat Assessments: Think Like a Threat Actor, Be a Guardian
    Tess Andrekus, Mass Mutual; Lauren Jones, M&T Bank Resilience - Resilience

    Event Toggle Arrow
    Threat actors are behind all cybersecurity incidents. So how can we get ahead? By pretending to be them & targeting each area of our company. Join a BISO & Security Intelligence Lead to understand "Threat Assessments" and how business unit specific intelligence can elevate your company's security.

  31. 2:45 - 3:30 PM

    Form an Alliance With Me? Managing Cybersecurity Partnership
    Sarah Saenz, Citi; James Katavolos, Citi Resilience - Board

    Event Toggle Arrow
    This presentation provides a framework for managing cybersecurity partnerships and establishing an internal sharing process. It will provide an overview of how Citi manages the flow of information from external partners and engages Citi experts on prioritized external cybersecurity objectives.

  32. 2:45 - 3:30 PM

    Furthering Operational Resilience in the Financial Sector
    Carlos Recalde, Sheltered Harbor; Josh Magri, Cyber Risk Institute Resilience - GRC

    Event Toggle Arrow
    Operational Resilience, Cyber-Resilience, Cyber Risk! What do these mean and how do we make progress in getting more resilient? In this session you will learn how to prepare for the worst from the experts at Sheltered Harbor and the Cyber Risk Institute.

  33. 2:45 - 3:30 PM

    Is your SOC Ready for an Uncertain World? Intel - Intel

    Event Toggle Arrow
    CISOs are facing growing pressure from leadership and the Board to quantify the concrete value that the business is getting in return for its ongoing investment in the SOC. This interactive session based on recent client research will cover key aspects of a modern-day SOC in an evolving landscape.

  34. 2:45 - 3:30 PM

    Detecting Financial Fraud with Elastic Security Intel - Fraud

    Event Toggle Arrow
    See how Elastic Security has been used in the Financial Services industry to onboard traditional and non-traditional cyber security logs, and detect financial transaction oriented fraud.

  35. 3:30 - 4:00 PM

    Afternoon Networking and Snacks

  36. 4:00 - 5:00 PM

    Hunt Nation: Insightful Automation
    Scott Poley, Intel 471 Silver Solutions Showcase

    Event Toggle Arrow
    Automation can revolutionize threat hunting without sacrificing human insight. This session will unveil the key operational goals of threat hunting and introduce a four-phased approach to integrating automation, elevating your threat hunting and inspiring creative approaches in your environment.

  37. 4:00 - 5:00 PM

    Leveraging AI to Redefine FiServ Security Silver Solutions Showcase

    Event Toggle Arrow
    In this session we will discuss the current pain points financial organizations are having in securing their environment. We'll dive into promising early warning security technologies and approaches that leverage AI and redefine how to stop threats while still in the formulation stage.

  38. 4:00 - 5:00 PM

    Securing Communication: Fraud Mitigation Strategies Silver Solutions Showcase

    Event Toggle Arrow
    Ensuring the integrity of telecom is crucial for reliable business-consumer communications and trust. Explore how our advanced fraud mitigation and data integrity solutions can support your institution's efforts to combat fraud, safeguard customer data and fortify your communications strategies.

  39. 4:00 - 5:00 PM

    Where Risk Meets Cybersecurity: A Critical Connection Point Silver Solutions Showcase

    Event Toggle Arrow
    Many orgs look at risk as pillars. There’s legal, fraud, regulatory, and cybersecurity. But these pillars can’t be separate columns that shoulder the load. They must be interconnected. This session looks at the ways risk and security must align and integrate to avoid gaps for a more resilient org.

  40. 4:00 - 5:00 PM

    Harnessing the Power of Outliers in Observability, Security Silver Solutions Showcase

    Event Toggle Arrow
    In today's complex cloud-native environments, outliers can be both a source of insight and a signal of potential issues. This talk will explore how identifying and analyzing outliers can enhance observability and security while driving key business performance indicators (KPIs).

  41. 4:00 - 5:00 PM

    Operationalizing CTI To Optimize Defenses Silver Solutions Showcase

    Event Toggle Arrow
    Operationalizing threat intelligence, aligning an organization’s security posture to the threats that are most likely to target them, is often manual and tedious. This talk will focus challenges security teams face to take information from a threat intelligence source and convert it into actionable.

  42. 5:00 - 6:30 PM

    Booth Crawl Reception

  43. October 29 Tuesday

  44. 7:30 - 5:15 PM

    Registration

  45. 7:30 - 8:15 AM

    Breakfast

  46. 8:15 - 8:30 AM

    Opening Remarks

  47. 8:30 - 8:45 AM

    Critical Provider Panel

  48. 8:45 - 9:15 AM

    Threat Intelligence & Operational Resilience Platinum

    Event Toggle Arrow
    In the face of relentless and sophisticated cyber attacks, financial institutions must prioritize operational resilience and risk mitigation. This session, drawing on Mandiant's M-Trends 2024 report, will expose the evolving threat landscape and attacker TTPs targeting the financial sector.

  49. 9:15 - 9:45 AM

    TBD Panel

  50. 9:45 - 10:15 AM

    Morning Networking and Snacks

  51. 10:15 - 11:00 AM

    Under Pressure - Balancing Burnout and Resiliency
    Justin Rager, State Farm; Bridget Bradley, State Farm Security - Organizations & People

    Event Toggle Arrow
    Professionals face constant pressure to meet deadlines, respond to alerts, and combat evolving threats. Explore how burnout, anxiety, evolving threats, and changing expectations, coupled with mental health concerns, impact intelligence reporting, insider risk, & an organization's cyber resiliency.

  52. 10:15 - 11:00 AM

    AI Driven CTI: Success stories using Machine Learning
    Jaqueline Duarte, Banco Do Brasil; Carlos Goncalves, Banco Do Brasil Security - AI

    Event Toggle Arrow
    In this opportunity we intend to discuss the challenges of cyber threat intelligence related to the diversity and quantity of data and its sources and present some initial, successful cases on CTI with the support of Machine Learning and Generative AI.

  53. 10:15 - 11:00 AM

    Guarding the Digital Vault: Locking up SaaS Security - Technology & Data

    Event Toggle Arrow
    SaaS applications manage sensitive client, credit, and employee information but are complex with limited visibility. We’ll delve into SaaS research our team has discovered with innovative strategies to identify and control SaaS security.

  54. 10:15 - 11:00 AM

    Tuition to Tech Transformation: Sallie Mae’s Cyber Evolution Intel - Intel

    Event Toggle Arrow
    Discover ways to obtain an enhanced cyber technology stack, SOC reporting metrics, and security outcomes, especially for smaller institutions with limited resources. Sallie Mae’s CSO will share how AI-driven threat detection and NextGen SOC capabilities are strengthening their cybersecurity posture.

  55. 10:15 - 11:00 AM

    Harnessing Structured OCR Data to Combat Check Fraud Intel - Fraud

    Event Toggle Arrow
    US Bank and Recorded Future will jointly present on how they work together to reduce check fraud losses. US Bank will show how they have reduced check fraud losses over the past year by using structured stolen check data to automate, prioritize, and remediate check theft at scale.

  56. 10:15 - 5:30 PM

    Capture the Flag
    Mike Connor, Principal Financial; Jacob Kravitz, Principal Financial

  57. 11:15 - 12:00 PM

    Why Financial Services are Moving to Phishing-Resistant Auth Security - Organizations & People

    Event Toggle Arrow
    During this session, Andrew Shikiar of the FIDO Alliance and Christiaan Brand from Google will discuss the latest developments in the global movement to passkeys for better security and user experiences.

  58. 11:15 - 12:00 PM

    It's Okay To Share, We Won't Byte
    Rahel Araia, FS-ISAC; Sydney Jones, CLS Services; Isabel Kiesel, Mastercard Intel - Intel

    Event Toggle Arrow
    We already know that Info Sharing is our secret weapon in security. But how does a firm take the leap into sharing? Join this panel to hear from members who have found success in creating a sharing friendly environment and hear about the new member built template that can help your firm do the same!

  59. 11:15 - 12:00 PM

    Addressing Digital Assets Threat & Resilience Trends
    Patricia Denno, Fidelity Investments; David Fortino, Circle Internet Financial; Yolanda Liu, Coinbase; David Cass, GSR International Trading Intel - Fraud

    Event Toggle Arrow
    Though there is overlap with traditional financial services, there are many unique threats in the digital assets space to understand and address. We will review the threat trends and how best to tackle them, starting with building a strong, collaborative digital assets community.

  60. 11:15 - 12:00 PM

    Fighting Misinformation & Fraud In A Deepfake Deception Era Security - AI

    Event Toggle Arrow
    While deepfakes aren’t new, a robocall of President Biden urging NH residents not to vote in the Democratic primaries sounded alarm bells in the White House on the power of AI. Vijay will use moments like this to educate attendees on the evolution of synthetic media/need for government intervention.

  61. 11:15 - 12:00 PM

    Zero Trust Architecture Security - Technology & Data

    Event Toggle Arrow
    Zero Trust Architecture: Optimizing security through redesign. A quick dive into an overview of Zero Trust Architecture, what it is, and how EY helped PNC along their journey to achieve it - as well as an overview of the benefits of Zero Trust to an organization.

  62. 12:00 - 1:15 PM

    Lunch

  63. 1:15 - 2:15 PM

    Unknown Assets: A Silent Threat to Network Security Silver Solutions Showcase

    Event Toggle Arrow
    Unknown assets continue to undermine mature network defenses, providing attackers easy footholds while defenders struggle to achieve full visibility into dynamic environments. We’ll explore new research into the true risk presented by unknowns, and novel approaches to solve this persistent problem.

  64. 1:15 - 2:15 PM

    Threat Management Automation with Prelude Silver Solutions Showcase

    Event Toggle Arrow
    In this session, we'll showcase how Prelude quickly transforms threat intelligence into threat hunting queries, security tests, and validated detections so that organizations can know with certainty that their defenses will protect them against the latest threats.

  65. 1:15 - 2:15 PM

    How (Blinded Company) is Solving Microsegmentation Silver Solutions Showcase

    Event Toggle Arrow
    Join us to discover how [financial org] halted lateral movement and ransomware attacks with modern microsegmentation. Gain insights from their journey and learn what to look for in a solution: agentless, automated, and equipped with extra layers of security like network-layer MFA.

  66. 1:15 - 2:15 PM

    API Driven Financial Fraud
    Will Glazier, Cequence Security; Aakash Tiwari, Cequence Security Security - Technology & Data

    Event Toggle Arrow
    The movement towards Open Banking APIs and increased interconnectivity between banks, applications and the aggregators facilitating these connections presents sophisticated detection challenges for security teams. We will investigate the multi-layered nature of this problem and share our experience.

  67. 1:15 - 2:15 PM

    30 Years of Arguing with Adults Silver Solutions Showcase

    Event Toggle Arrow
    Why are we are still losing to ransomware? Hear hilarious stories from a lifelong hacker outlining key success factors in his attacks and why they still apply. Learn about the evolution of hacking motivations & attack anatomy, cyber resilience, and strategies for financial services firms.

  68. 1:15 - 2:15 PM

    How to Quantify Cyber Risk Without a PhD.
    Andrew Barnett, Silver Solutions Showcase

    Event Toggle Arrow
    Join us for a session on how one of our Financial clients revolutionized their security management and risk management strategy using Metrics That Matter (MTM). Discover how MTM helped bridge the gap between technical and executive teams and also delivered significant benefits in reporting.

  69. 2:30 - 3:15 PM

    Deepfake Threat Taxonomy and Controls Framework Security - AI

    Event Toggle Arrow
    The purpose of this talk is to provide insights into a novel threat taxonomy for categorization of deepfake attacks, and the associated security control framework to effectively detect and prevent such attacks against financial organizations.

  70. 2:30 - 3:15 PM

    Law Enforcement Engagement vs Social Media Threat Actors
    Jason Hayden, US Bank; Paul Compton, US Bank Intel - Fraud

    Event Toggle Arrow
    Threat Actors continue to target financial institutions by leveraging social media to post financial instruments for sale. U.S. Bank Fraud Analysts will share how they are proactively targeting social media threat actors using techniques and experiences from their careers in Federal Law Enforcement.

  71. 2:30 - 3:15 PM

    Using OWASP Top 10 Mindset For Software Supply Chain Security Intel - Intel

    Event Toggle Arrow
    The rise of software supply chain attacks has demanded from CISOs & AppSec Leaders to re-invent how we approach this problem space. In this panel you will get practitioner feedback to help build the appropriate TPRM & Product Security strategy for your financial institutions stakeholders & teams.

  72. 2:30 - 3:15 PM

    TBD Security - Technology & Data

  73. 2:30 - 3:15 PM

    Vanguard's Blueprint for Secure, Rapid Development Security - Organizations & People

    Event Toggle Arrow
    How can you successfully embed a security-first mindset into your organization? Learn how Vanguard’s Identity & Access Management Cloud team used a shift-left approach to enable their developers to build secure applications and datastores while still meeting business timelines for feature delivery.

  74. 3:30 - 4:15 PM

    How TIAA is Addressing CyberSec Skill Shortage Internally
    Kathryn Patterson, TIAA Security - Organizations & People

    Event Toggle Arrow
    Concept of a cyber guild to address cyber skills shortage and expanding opportunities internally. Features: Why a Guild Network, Building a Cyber Guild, Guild Offerings & Case Studies, Gigs, Partnerships & Amplification, Lessons Learned & Successes, and key takeaways to answer WHY.

  75. 3:30 - 4:15 PM

    Building Bridges | Cyber Fraud Kill Chain
    Anna Fridley, Navy Federal Credit Union; Stanley Hixon, LGE Community Credit Union; Micah Semon, PNC Intel - Fraud

    Event Toggle Arrow
    The majority of fraud starts in the cyber realm and moves through the lifecycle to monetization. FS-ISAC's Cyber Fraud Kill Chain Working Group members will share how they have built a resource for the sector to bridge the gap between cyber and fraud efforts to move to fraud prevention.

  76. 3:30 - 4:15 PM

    Ready or Not - Here Comes AI (Governance)
    Priyadarshi Prasad, LightBeam Security - AI

    Event Toggle Arrow
    Your teams are raring to use the latest AI services. You are left wondering if that creates new security risks. How might you assess the risk posed by an AI service? What are some clear opportunities? Join us to discuss, share and learn more on data protection in the age of AI.

  77. 3:30 - 4:15 PM

    First Citizens Bank's GenAI-Powered Threat Defense
    Anand Sastry, First Citizens Bank; Michael Monte, Anvilogic Intel - Intel

    Event Toggle Arrow
    Financial institutions face cyber threats and unknown unknowns. Adaptation is key. Traditional SIEM tools can be limiting, but with data lakes and AI, First Citizens Bank has gained flexibility and increased MITRE ATT&CK technique coverage by over 60% while saving 90% in costs.

  78. 3:30 - 4:15 PM

    Securing The Post-AI World with Zero Trust Security - Technology & Data

    Event Toggle Arrow
    As adversaries adopt AI to innovate attacks, financial institutions and partners are also using AI to automate business and deepen cyber defenses, but risks abound. Hear from Zscaler and a special customer guest how zero trust architecture can secure apps, data and users in our post-AI world.

  79. 4:15 - 4:45 PM

    Afternoon Networking and Snacks

  80. 4:45 - 5:30 PM

    Mastering Information Security Requirements for Projects
    Véronique Moreau, Groupe Technologies Desjardins Security - Technology & Data

    Event Toggle Arrow
    Have you ever asked yourself how can you make sure your projects deliver secure solution? How can you make sure your security requirements are taken into consideration from the start to the end of your projects? Here’s how our security governance team worked with the PMO team to make it happen.

  81. 4:45 - 5:30 PM

    Insider Recruitment: Protecting Your Employees & Your Brand
    Tracey Blake, PNC; Alex Holladay, PNC; Dr. Deanna D. Caputo, MITRE; Troy Huth, Security - Organizations & People

    Event Toggle Arrow
    This panel discussion will look at the growing issue of bank employees being recruited by fraudsters to commit crimes against the bank. As this behavior occurs outside the walls of the bank, it is unfortunately difficult to detect and even more difficult to prevent.

  82. 4:45 - 5:30 PM

    Investigative Techniques for Identifying Elder Exploitation
    Jacqueline Hicks, Navy Federal Credit Union; Brian Carmack, Navy Federal Credit Union Intel - Fraud

    Event Toggle Arrow
    Elder Financial Abuse is a growing issue with harmful impacts on individuals and society. This presentation will cover investigative techniques and a case study to assist anti-fraud and security practitioners in identifying elder financial abuse to equip them with the knowledge to combat this issue.

  83. 4:45 - 5:30 PM

    Can't We All Just Get Along? Fusion Centers FTW
    Rachael Conover, Mastercard; Eric Strasser, Northern Trust Intel - Intel

    Event Toggle Arrow
    Inform FS-ISAC members of the structure and benefits of implementing a fusion concept and operating model, including specific guidance and lessons learned to consider when implementing an integrated threat management function.

  84. 4:45 - 5:30 PM

    Balancing Speed, Scale, and Security in an AI World Security - AI

    Event Toggle Arrow
    Join us to explore the critical balance between rapid AI adoption and robust security in financial services. Learn how accurate, real-time data is key to harnessing AI's potential while safeguarding your systems and ensuring ethical use. Don't miss this essential session!

  85. 6:00 - 10:00 PM

    Tuesday Signature Event

  86. October 30 Wednesday

  87. 7:30 - 4:30 PM

    Registration

  88. 8:00 - 8:45 AM

    Breakfast

  89. 8:45 - 9:00 AM

    Opening Remarks

  90. 9:00 - 9:30 AM

    What Joni Mitchell Can Teach Us About Our Security Journey Platinum

    Event Toggle Arrow
    When networks, applications, and APIs were on-premises, security was simpler. Hybrid and multicloud environments, however, pose significant challenges. This talk will link Joni Mitchell's "Both Sides Now" lyrics to modern security strategies.

  91. 9:30 - 10:00 AM

    How Hackers *Actually* Use A.I. to Attack Financial Service Platinum

    Event Toggle Arrow
    The purpose of this session is to provide an overview of how attackers actually use AI to target and exploit financial services’ applications, showcase example of tools used by hackers, and talk about actionable best practices to protect against AI-powered attacks, and how Radware can help you.

  92. 10:00 - 10:30 AM

    Morning Networking and Snacks

  93. 10:30 - 11:15 AM

    Who Runs the Mules?
    James Hogan II, JPMorgan Chase Intel - Fraud

    Event Toggle Arrow
    JPMC presents a look into a prolific money laundering ring under the leadership of "Verta," a self-proclaimed cashout mistress. JPMC details how they uncovered corporate accounts used by Verta's mules and what TTPs financial institutions should be aware of to protect unwitting clients and customers.

  94. 10:30 - 11:15 AM

    Right of Boom: Finding Resiliency Leveraging Lessons Learned
    Samuel Strohm, PNC; Jeff Boerio, US Bank Resilience - Resilience

    Event Toggle Arrow
    The panel will evaluate how BCP and incident response strategies held up during real-time incidents. Engaging in collaborative discussion, the aim is to contribute to the development of comprehensive and effective incident response plans to reduce risk for organizations of all sizes.

  95. 10:30 - 11:15 AM

    Visualize Breaches with Attack Flow
    Mark Haase, MITRE Intel - Attacks

    Event Toggle Arrow
    Learn how to document and visualize breaches using the open source Attack Flow project. This interactive session teaches you how to build a flow based on cyber threat intelligence and how to use the resulting flow to share and communicate breach information with others in your organization.

  96. 10:30 - 11:15 AM

    TBD
    Ryan Cooks, Aon PLC; Clark Cone, State Street Security - Organizations & People

    Event Toggle Arrow
    Outline: What are the Challenges in the Privileged Access Management Security Framework? What is Modern PAM? What are some potential changes to PAM with GenAI

  97. 10:30 - 11:15 AM

    Guardian Life’s Journey to Application and API Protection Security - Technology & Data

    Event Toggle Arrow
    Join a fireside chat with Greg Kyrytschenko, Guardian Life’s Chief Technology Security Officer, about his organization’s path to application and API security. Greg will share about the decisions his organization made leveraging technology, processes and people in application and AP.I security.

  98. 10:30 - 3:15 PM

    Capture the Flag
    Mike Connor, Principal Financial; Jacob Kravitz, Principal Financial

  99. 11:30 - 12:15 PM

    Navigating the Storm: Incident Response Readiness
    Rachel Bush, Nationwide Mutual Insurance Company; David Daniel, Nationwide Mutual Insurance Company Resilience - Resilience

    Event Toggle Arrow
    Cybersecurity incidents are increasing in frequency and cost. These events are high impact for your business, and can be career defining moments for leaders and associates alike. Dave and Rachel will share their real world experience and tips on IR readiness and response best practices.

  100. 11:30 - 12:15 PM

    AI Cyber Threats: 30 Minutes to Midnight Security - Organizations & People

    Event Toggle Arrow
    Phishing attacks continue to rise and with the advent of AI we can predict dramatic increases in sophistication and number of attacks. Legacy MFA is already under attack with AI making them even less effective. Learn about the present and future state of AI phishing and how to tackle these threats.

  101. 11:30 - 12:15 PM

    A Data Security Dilemma: Common Pitfalls in Data Protection Security - Technology & Data

    Event Toggle Arrow
    The data dilemma needs to be addressed. As data breaches increased by 78% in 2023 and threat actors increasingly use exfiltration and extortion tactics, data security falls to the side. Finding the balance between data consumption and security risk is possible, we just need to invert our approach.

  102. 11:30 - 12:15 PM

    Fight AI with AI: Build Smarter Security Defenses Intel - Attacks

    Event Toggle Arrow
    AI is driving change in cybersecurity, aiding attackers and defenders alike. Uncover how AI is being used to evade your defenses and how generative AI can help your security team stay ahead of an ever-changing threat landscape. Learn how you can start managing AI risks today.

  103. 11:30 - 12:15 PM

    Flipping the Script – Using AI to Expose P2P Messaging Scams
    Ryan Woodley, Netcraft Intel - Fraud

    Event Toggle Arrow
    Explore AI-powered research exposing criminal conversations from P2P message scams used in pig butchering, romance scams, advance fee fraud, and investment scams. This unique insight shows new opportunities to disrupt criminal behavior by combining fraud interdiction and proactive countermeasures.

  104. 12:15 - 1:30 PM

    Lunch

  105. 1:30 - 2:15 PM

    Fusing Responses : Incident Response & Insider Threat
    Bryan Bowie, Verizon Communications; Paul OConnor, Verizon Communications Security - Organizations & People

    Event Toggle Arrow
    Different teams have different responsibilities when it comes to defending the threat landscape; however, advanced threats don’t differentiate, an effective bridge for cross team communication, collaboration, and the sharing of lessons learned.

  106. 1:30 - 2:15 PM

    Bare Knuckle Forensics for White Knuckle Moments Resilience - Resilience

    Event Toggle Arrow
    In our well managed environments with our well managed and uniformly deployed tools we have complete visibility into everything that is going on everywhere all the time. If that statement applies to you, you have my admiration. This talk addresses incidents where this is not the case.

  107. 1:30 - 2:15 PM

    The Integration of Quantum Security Technologies
    Peter Bordow, Wells Fargo; Jeff Stapleton, Wells Fargo Security - Technology & Data

    Event Toggle Arrow
    With so many quantum security solutions emerging in the cybersecurity market, how do you choose which solutions to deploy and how do you integrate them into your overall technology stack and apply a single "pane of glass" view into the heterogeneous key management and data protection ecosystem.

  108. 1:30 - 2:15 PM

    Taming the Hydra
    Anna Fridley, Navy Federal Credit Union; Jason Tunis, Navy Federal Credit Union Intel - Fraud

    Event Toggle Arrow
    Join us for a case study of how Navy Federal took multiple streams of inbound fraud images, funneled them through a cohesive, repeatable and resilient process to save time and energy while speeding up delivering daily tactical counter-fraud intelligence.

  109. 1:30 - 2:15 PM

    Squashing Spiders: Trick or Treat, Cyber Defeat
    Holly Dragoo, New York Life; Ross Griswold, New York Life Intel - Attacks

    Event Toggle Arrow
    This case study examines the incident response of a Fortune 500 company, emphasizing real-time threat intel and team communication in deterring a Scattered Spider attack. Takeaways include the value of continuous monitoring, cross-functional coordination, and adaptive strategies for cyber resilience.

  110. 2:30 - 3:15 PM

    Russian Cyber: Here and There, Not Everywhere
    Ian Litschko, Royal Bank of Canada Intel - Attacks

    Event Toggle Arrow
    This presentation will focus on the Russian security services (FSB, GRU, SVR) and their cyber-enabled capabilities. It will explore the mandates of each agency, their organizational structure and how their respective cyber capabilities fit within each of them.

  111. 2:30 - 3:15 PM

    Block Zero Day and Attack IP Addresses (JAM)
    Yu Peng, ICE; Tony Drake, ICE Security - Technology & Data

    Event Toggle Arrow
    JAM (Jack-A-Mole) is a near real-time network perimeter protection tool that blocks known malicious and potentially problematic IP addresses at ICE’s perimeter. Utilizing numerous intelligence feeds and internally-developed data models to identify and block external IP addresses.

  112. 2:30 - 3:15 PM

    Jailbreaking Generative AI for Fun and Profit
    Matthew Pische, Sallie Mae Security - AI

    Event Toggle Arrow
    We will delve deep into how to make Generative AI misbehave via Jailbreaking. By learning how to break the locks on the GenAI box and make it dance to a different tune we will better appreciate the risks inherent to the most hyped technology of the decade and what we need to do to protect ourselves.

  113. 2:30 - 3:15 PM

    Rebuilding a Cyber Defense Tech Stack at Scale
    Peter Sprenger, Citi; Jeff Best, Citi Intel - Intel

    Event Toggle Arrow
    Discussion of best practices and lessons learned consolidating Citi's intelligence, incident response, and operational teams' ticketing and case management system to a single platform. Strategic, outcome-oriented product management and agile development were critical for a successful transformation.

  114. 2:30 - 3:15 PM

    Fighting Fraud through Intelligence Sharing & Collaboration
    Karen Helmberger, FS-ISAC; Samuel Strohm, PNC; Greg Williamson, BITS | Bank Policy Institute; Troy Wells, FS-ISAC Intel - Fraud

    Event Toggle Arrow
    The Financial Services sector is unifying in the fraud fight through enhanced intelligence sharing and collaboration. We will share an update of the efforts in process and detail the path to sharing, which will lead to fraud prevention.

  115. 3:30 - 4:15 PM

    MO: Inside LockBit Affiliate Velvet Tempest's Exfil & C2 Ops Intel - Attacks

    Event Toggle Arrow
    The BofA threat hunting team will reveal how they track and disrupt the LockBit affiliate ransomware group Velvet Tempest. This will be an unprecedented view into the ongoing and evolving TTPs, infrastructure, pattern of life and real-time behaviors of Velvet Tempest operators.

  116. 3:30 - 4:15 PM

    Transitioning to Risk Based Alerting
    Beth Young, AFLAC Intel - Intel

    Event Toggle Arrow
    MYTH: Risk Based Alerting will cut down on the number of false positives sent to the SOC every day. FACT: There are still false positives but they are different than the old false positives. Join Beth as she talks about Aflac's journey into Risk Based Alerting.

  117. 3:30 - 4:15 PM

    The Vital Role of Securing Open Source Software
    Dana Wang, Open Source Security Foundation; Rao Lakkakula, JPMorgan Chase; Mike Silverman, FS-ISAC; John Klein, Capital One Security - Technology & Data

    Event Toggle Arrow
    The panel will discuss the critical role of open source security in the financial sector, the challenges around supply chain security and regulatory compliance, the emerging technology trends and the increasing need of collaboration between open source community, private sector and public sector.

  118. 3:30 - 4:15 PM

    Digital Wallets: What Keeps us Up at Night
    John Omernik, Wells Fargo; Olivia Vining, Wells Fargo; Naveen Manivannan, Bank of America Intel - Fraud

    Event Toggle Arrow
    Digital Wallets are an emerging trend in multiple aspects of criminal activity against banks and their customers. Seeing use in phishing, cashout, card testing, and money laundering, this panel will discuss the recent trends, challenges in the data, and opportunities in understanding the space.

  119. 3:30 - 4:15 PM

    MO: Local GenerativeAI for Applications in FIs
    Kristina Dzeparoska, TD Bank; Erich Feige, TD Bank Security - AI

    Event Toggle Arrow
    Safe LLM deployment for security applications in financial institutions. We will discuss the challenges and risks and present our approach and controls to trustworthy LLM applications. We've deployed a safe, local LLM model using pre-trained weights and tested a number of use-cases to automate.

  120. 4:15 - 5:15 PM

    Closing Reception

fs-isac-greyscale

© Copyright 1999 - FS-ISAC, Inc. All Rights Reserved.

Terms and Policies