Join Us
    • Overview
    • Call For Presentations
    • Program
    • Sponsors

    Thriving Together in a Dynamic World

    Overview 

    Join fellow FS-ISAC members from across the Americas for three full days of learning, collaboration, and networking. 

    Summits are our largest events of the year, packed with insightful presentations, workshops, and panels on topics relevant to the security of the global financial services industry. 

    Highlights 

    Relevance 

    The synthesis of cybersecurity and the financial sector distinguishes FS-ISAC Summits from other large industry events. The Americas Summit is specifically designed for cybersecurity professionals in financial institutions. 

    Content 

    Sessions are divided into three tracks – Intelligence, Security, and Resilience – so that you can focus on the most pressing issues in your organization today. 

    Connection 

    Collaborating with cybersecurity experts from across the Americas advances your skills and the sector’s security. And by learning from others, you can develop invaluable connections that outlast the Summit. 

    Summit Chair

    ArielWeintraub-headshot-3

     

    Ariel Weintraub, Chief Information Security Officer (CISO) at Aon.

     

     

    Summit Keynote

    Prat_Chantel-edited

     

    Chantel Prat, Professor of Psychology, Neuroscience, and Linguistics at the University of Washington.

     

     

    Exercise

    Participating in exercises increases resilience. Take part in our half-day, in-person Tabletop exercise, "Artificial Intelligence Impacts on Markets and Public Confidence," on 27 October. This exercise is hosted in conjunction with the 2024 Americas Fall Summit, but registration is separate. Find out more about the exercise here.

    Event Details 

    Theme: Thriving Together in a Dynamic World 

    Date: 27 – 30 October, 2024 

    Location: Atlanta, Georgia 

     

     

    Call for Presentations

    The call for presentations is now closed.

     

     

    Our Summits present an opportunity for you to share your story, expertise, and career’s worth of knowledge with cybersecurity experts from across the region. 

    Presentations contribute to our information-sharing mission. Members choose from Summit presentations, roundtables, discussions, or panels in the Intelligence, Security, and Resilience tracks. 

    The theme for 2024 Americas Fall Summit is Thriving Together in a Dynamic World. Our 2024 Summits will allow our members to share collective knowledge and experience along the following tracks: 

    Intelligence
    - Incidents and Campaigns
    - Intel Practices and Methodology
    - Actor TTP Analysis

    Security
    - Working Group Topics (Anti-Fraud, Red Teaming, AI Risk, PQC, etc)
    - COIs & Industry Specific Topics (including regulation)
    - Network Defense
    - App and Data Security
    - Emerging Technology

    Resilience
    - GRC
    - Board Reporting
    - Exercises
    - Insider Risk
    - Biz Resilience
    - Third-Party Risk Management

     

    View CFP overview here.
     
    1. October 27 Sunday

    2. 12:00 - 5:00 PM

      Tabletop Exercise: AI Impacts on Markets & Public Confidence
      Felicia Guerin, FS-ISAC Exercise

      Event Toggle Arrow
      MEMBERS ONLY (SEPERATE REGISTRATION REQUIRED) Join colleagues for a half-day, in-person, strategic tabletop exercise titled Artificial Intelligence Impacts on Markets and Public Confidence. Hosted in conjunction with the Americas Fall Summit the exercise is open to member staff working on the AI front, investment liquidity and brand reputation.

    3. 3:00 - 7:30 PM

      Early Registration

    4. 4:00 - 5:30 PM

      Women's Networking Event

    5. 5:30 - 7:30 PM

      Welcome Reception

    6. October 28 Monday

    7. 7:30 - 6:30 PM

      Registration

    8. 7:30 - 8:15 AM

      Breakfast

    9. 8:15 - 8:45 AM

      Opening Remarks

    10. 8:45 - 9:30 AM

      Where Does Curiosity Come From?
      Chantel Prat, University of Washington Keynote

    11. 9:30 - 10:00 AM

      Creating a Compelling Business Case for an IAM Transformation
      Jim Routh, Saviynt; Laura Deaner, Northwestern Mutual; Ann Barron-DiCamillo, Citi; Ariel Weintraub, Aon PLC Platinum

      Event Toggle Arrow
      This session introduces a compelling business case for IAM transformation programs built on a foundation of data science that results in significant gains in IAM operational capacity at a lower operating cost. A by-product is better risk management with higher job satisfaction for IAM staff.

    12. 10:00 - 10:45 AM

      Morning Networking and Snacks

    13. 10:45 - 3:30 PM

      Capture the Flag
      Mike Connor, Principal Financial; Jacob Kravitz, Principal Financial

      Event Toggle Arrow
      Capture the Flag (CTF) contests can provide security teams with a fun, engaging learning opportunity outside of traditional training methods. In this session learn what goes into to building CTF challenges and how you can leverage competitive learning to strengthen team dynamic and skillsets.

    14. 10:45 - 11:30 AM

      Threat Hunt Program - A Woman's Prospective
      Jonna Ipsen, DTCC Intel - Intel

      Event Toggle Arrow
      Drive into the what, why and how of Threat Hunts, the process and hunting styles, needed skills, and prospective that women can bring to threat hunting process. In addition, discuss the reporting and metrics and the challenges when a hunt brings no findings.

    15. 10:45 - 11:30 AM

      Threat Assessments: Think Like a Threat Actor, Be a Guardian
      Tess Andrekus, Mass Mutual; Lauren Jones, M&T Bank Resilience - Resilience

      Event Toggle Arrow
      Threat actors are behind all cybersecurity incidents. So how can we get ahead? By pretending to be them & targeting each area of our company. Join a BISO & Security Intelligence Lead to understand "Threat Assessments" and how business unit specific intelligence can elevate your company's security.

    16. 10:45 - 11:30 AM

      Check Fraud Disruption: Efforts & Evolution
      Casey Hertz, US Bank; Tom Robinson, US Bank Intel - Fraud

      Event Toggle Arrow
      Overview of U.S. Bank's proactive efforts to disrupt the rise in stolen check fraud. Details our team's creation, process, and automation to increase results and provide protection for the bank as well as our customers.

    17. 10:45 - 11:30 AM

      From Chaos to Control: The Security Governance "Factory"
      Soo Yi, PNC; Amy Altman, PNC Resilience - GRC

      Event Toggle Arrow
      Policies are the backbone of a strong security program, but organizations are drowning in policy chaos and ineffective controls. Attendees will gain practical insight into implementing security governance that can cut through the chaos and drive maturity, demonstrating value to the company.

    18. 10:45 - 11:30 AM

      A Risk-Based Approach to Governing Acquisitions
      Chelsea Hill, Mass Mutual; Patrick Gannon, Franklin Square Holdings G.P., LLC (FS Investments); Tracy Wilkerson Geiger, Humana; Tom Scarborough, Fifth Third Bancorp Resilience - Board

      Event Toggle Arrow
      Understand different types of subsidiary/parent integration patterns ​ and the different methods to implement a risk-based approach to oversight and governance. Learn how to engage, partner, and collaborate with key stakeholders​.

    19. 11:45 - 12:30 PM

      Building the CTI Brand: A Path to Success
      Matthew Brady, Target Corporation; Ryan Miller, Target Corporation Intel - Intel

      Event Toggle Arrow
      A strong cyber threat intelligence (CTI) brand is essential for maturing your CTI program. Learn from Target's CTI leaders about the pivotal role effective collaboration and strong partnerships play in building the CTI brand to gain internal support and enhance external trust and engagement.

    20. 11:45 - 12:30 PM

      Exercise Your Plans: Using Tabletops to Manage Risk
      Dana Turner, Union Bank & Trust Company (Nebraska) Resilience - Resilience

      Event Toggle Arrow
      Tabletop exercises play a pivotal role in risk management within organizations. These simulations enable evaluation of response plans and procedures. Unlike full-scale drills, tabletop exercises involve participants discussing and role-playing various crisis scenarios in a low-stress setting.

    21. 11:45 - 12:30 PM

      What’s Next for IT Risk, GRC and SecOps from Code-to-Cloud?
      Chris Schumm, Palo Alto Networks; Phil Collett, American Express; Brad Manganello, Citi; Jennifer Buckner, Mastercard Resilience - GRC

      Event Toggle Arrow
      “Firms have invested Billions in IT Risk and Compliance controls. Are firms still using spreadsheets to monitor and report on today’s tech risk, from Code-to-Cloud-to customer? Why do we still have thousands of IT and Cybersecurity controls? How can we harness automation to deliver business results?

    22. 11:45 - 12:30 PM

      More Visibility & Liability Adapting to The New CISO Reality
      Nick Kakolowski, IANS Research; Steve Martano, Resilience - Board

      Event Toggle Arrow
      IANS Research & Artico Search 2024 Financial Services CISO Survey report showed that CISOs are experiencing anxiety and opportunity, which is attributed to the challenging economy, increasing cyber breaches, rise of generative AI tools & growing personal financial risk associated with legal action.

    23. 11:45 - 12:30 PM

      Red Teaming Your Fraud Controls
      Jerry Tylman, Greenway Solutions; Ryan Blakely, PNC; Amy Davis, Capital One Intel - Fraud

      Event Toggle Arrow
      Red Teaming tests customer-facing processes and associated fraud controls. Using live accounts and real money, it mimics fraudsters to find gaps in account opening, access, maintenance and money movement. This is analogous to cyber penetration testing and fills a critical fraud risk assessment gap.

    24. 12:30 - 1:45 PM

      Lunch

    25. 1:45 - 2:30 PM

      Brand Protection – Defending the Seven Communication Realms
      Adam Perino, Regions Financial; Kaleb Beasley, Fifth Third Bancorp Intel - Fraud

      Event Toggle Arrow
      Fraudsters can pretend to be your company through any customer communication channel. Threat Intelligence can assemble proven vendor and in-house controls to detect, respond, and protect against brand infringement. Make defending the seven communication realms part of your company’s brand identity.

    26. 1:45 - 2:30 PM

      Human/Computer Relationships Across the Intel Life Cycle
      Neal Dennis, Cyware Intel - Intel

      Event Toggle Arrow
      Combining things like ChatGPT and fundamental automation and orchestration can empower intelligence analysts into more efficient and timely workflows. Automating aspects of the Intel Life Cycle allows analysts to function more like data scientists vs manual analysts.

    27. 1:45 - 2:30 PM

      Enhancing Cyber Resilience in FS through Targeted Emulation
      Graham Westbrook, SimSpace Resilience - Resilience

      Event Toggle Arrow
      Today, financial institutions face unprecedented challenges in safeguarding digital assets & maintaining regulatory compliance. However, with real world simulations and drills they can build & test resilient defenders & defenses. These exercises help enhance their defensive strategies effectively.

    28. 1:45 - 2:30 PM

      Insights on Navigating Material Cybersecurity Risks
      Steve Winterfeld, Akamai; Jason Aguiar, Akamai Resilience - GRC

      Event Toggle Arrow
      Prioritizing material risks has become a SEC mandate. This talk will examine the material risk framework and apply practical use cases for processes and tools to meet this new focus area with a collaborative approach to preventing and/or minimizing incidents before they become material.

    29. 1:45 - 2:30 PM

      Improving Access and Security Controls in M&A
      Bradon Rogers, Island Resilience - Board

      Event Toggle Arrow
      Mergers, acquisitions, and divestitures pose unique security challenges. While virtual deal rooms are preferred for secure exchange of data during due diligence, they are still at risk for data leaks. This session addresses techniques to improve access controls and data security in the M&A process.

    30. 2:45 - 3:30 PM

      Form an Alliance With Me? Managing Cybersecurity Partnership
      Sarah Saenz, Citi; James Katavolos, Citi Resilience - Board

      Event Toggle Arrow
      This presentation provides a framework for managing cybersecurity partnerships and establishing an internal sharing process. It will provide an overview of how Citi manages the flow of information from external partners and engages Citi experts on prioritized external cybersecurity objectives.

    31. 2:45 - 3:30 PM

      How Exercises Drive the Evolution from BCM to Op Resilience
      Bethany Netzel, CME Group; David Garland, CME Group; Joseph Jorgensen, CME Group Resilience - Resilience

      Event Toggle Arrow
      Looking at the evolution of BCM to Operational Resilience and how exercises can be used to pressure test the resilience strategies and planning. We will look at different types of exercises that can be done to validate a wide variety of planning aspects.

    32. 2:45 - 3:30 PM

      Unlocking Success: Adopting the CRI Framework
      Josh Magri, Cyber Risk Institute; John Denning, FS-ISAC; Jenny Menna, Sallie Mae; Linda Betz, FS-ISAC Resilience - GRC

      Event Toggle Arrow
      Join us as industry experts share real-world insights on adopting the CRI Profile. We’ll discuss the reasons for adoption, the control mapping process, and the impact of upgrading from CRI 1.0 to 2.0. Hear from experts as they share tools, strategies, and lessons learned on improving cybersecurity, resilience, and operational efficiency. This session offers practical advice for integrating CRI standards into your organization, with valuable perspectives from both small and large companies.

    33. 2:45 - 3:30 PM

      Is your SOC Ready for an Uncertain World?
      Lawrence Zelvin, BMO Harris Bank; Judith Pinto, Accenture Intel - Intel

      Event Toggle Arrow
      CISOs are facing growing pressure from leadership and the Board to quantify the concrete value that the business is getting in return for its ongoing investment in the SOC. This interactive session based on recent client research will cover key aspects of a modern-day SOC in an evolving landscape.

    34. 2:45 - 3:30 PM

      Detecting Financial Fraud with Elastic Security
      Joseph Murin, Elastic Intel - Fraud

      Event Toggle Arrow
      See how Elastic Security has been used in the Financial Services industry to onboard traditional and non-traditional cyber security logs, and detect financial transaction oriented fraud.

    35. 3:30 - 4:00 PM

      Afternoon Networking and Snacks

    36. 4:00 - 5:00 PM

      Hunt Nation: Insightful Automation
      Scott Poley, Intel 471 Silver Solutions Showcase

      Event Toggle Arrow
      Automation can revolutionize threat hunting without sacrificing human insight. This session will unveil the key operational goals of threat hunting and introduce a four-phased approach to integrating automation, elevating your threat hunting and inspiring creative approaches in your environment.

    37. 4:00 - 5:00 PM

      Leveraging AI to Redefine Fi Serv Security
      Michael Rothschild, Armis Silver Solutions Showcase

      Event Toggle Arrow
      In this session we will discuss the current pain points financial organizations are having in securing their environment. We'll dive into promising early warning security technologies and approaches that leverage AI and redefine how to stop threats while still in the formulation stage.

    38. 4:00 - 5:00 PM

      Securing Communication: Fraud Mitigation Strategies
      Jaime Zetterstrom, Somos Silver Solutions Showcase

      Event Toggle Arrow
      Ensuring the integrity of telecom is crucial for reliable business-consumer communications and trust. Explore how our advanced fraud mitigation and data integrity solutions can support your institution's efforts to combat fraud, safeguard customer data and fortify your communications strategies.

    39. 4:00 - 5:00 PM

      Where Risk Meets Cybersecurity: A Critical Connection Point
      Justin Bajko, Expel; Hector Rodriguez, VISA Silver Solutions Showcase

      Event Toggle Arrow
      Many orgs look at risk as pillars. There’s legal, fraud, regulatory, and cybersecurity. But these pillars can’t be separate columns that shoulder the load. They must be interconnected. This session looks at the ways risk and security must align and integrate to avoid gaps for a more resilient org.

    40. 4:00 - 5:00 PM

      Harnessing the Power of Outliers in Observability, Security
      Deepti Bhutani, Splunk Silver Solutions Showcase

      Event Toggle Arrow
      In today's complex cloud-native environments, outliers can be both a source of insight and a signal of potential issues. This talk will explore how identifying and analyzing outliers can enhance observability and security while driving key business performance indicators (KPIs).

    41. 4:00 - 5:00 PM

      Operationalizing CTI To Optimize Defenses
      Ian Roth, Silver Solutions Showcase

      Event Toggle Arrow
      Operationalizing threat intelligence, aligning an organization’s security posture to the threats that are most likely to target them, is often manual and tedious. This talk will focus challenges security teams face to take information from a threat intelligence source and convert it into actionable.

    42. 5:00 - 6:30 PM

      Booth Crawl Reception

    43. October 29 Tuesday

    44. 7:30 - 5:15 PM

      Registration

    45. 7:30 - 8:15 AM

      Breakfast

    46. 8:15 - 8:30 AM

      Opening Remarks

    47. 8:30 - 8:45 AM

      Insights on Emerging Threats with Our Critical Providers
      Steve Winterfeld, Akamai; Lisa Lee, Microsoft; David Stone, Google; Elizabeth Heathfield, FS-ISAC

      Event Toggle Arrow
      Join FS-ISAC's Chief Communications Officer, Elizabeth Heathfield, in a discussion with FS-ISAC's Critical Providers for a discussion on the latest important topics.

    48. 8:45 - 9:15 AM

      Threat Intelligence & Operational Resilience
      Steve Elovitz, Mandiant, now part of Google Cloud Platinum

      Event Toggle Arrow
      In the face of relentless and sophisticated cyber attacks, financial institutions must prioritize operational resilience and risk mitigation. This session, drawing on Mandiant's M-Trends 2024 report, will expose the evolving threat landscape and attacker TTPs targeting the financial sector.

    49. 9:15 - 9:45 AM

      Lessons Learned in Op Resilience From Recent Incidents
      Donna Hart, Ally Financial; Elizabeth Heathfield, FS-ISAC; Ariel Weintraub, Aon PLC; Susan Koski, PNC; Bethany Netzel, CME Group

    50. 9:45 - 10:15 AM

      Morning Networking and Snacks

    51. 10:15 - 11:00 AM

      Under Pressure - Balancing Burnout and Resiliency
      Justin Rager, State Farm; Bridget Bradley, State Farm Security - Organizations & People

      Event Toggle Arrow
      Professionals face constant pressure to meet deadlines, respond to alerts, and combat evolving threats. Explore how burnout, anxiety, evolving threats, and changing expectations, coupled with mental health concerns, impact intelligence reporting, insider risk, & an organization's cyber resiliency.

    52. 10:15 - 11:00 AM

      AI Driven CTI: Success stories using Machine Learning
      Jaqueline Duarte, Banco Do Brasil; Carlos Goncalves, Banco Do Brasil Security - AI

      Event Toggle Arrow
      In this opportunity we intend to discuss the challenges of cyber threat intelligence related to the diversity and quantity of data and its sources and present some initial, successful cases on CTI with the support of Machine Learning and Generative AI.

    53. 10:15 - 11:00 AM

      Guarding the Digital Vault: Advanced SaaS Security for Fis
      Marina Elmore, AppOmni Security - Technology & Data

      Event Toggle Arrow
      SaaS applications manage sensitive client, credit, and employee information but are complex with limited visibility. We’ll delve into SaaS research our team has discovered with innovative strategies to identify and control SaaS security.

    54. 10:15 - 11:00 AM

      Sallie Mae’s SOC Evolution: Big Threats, Small Budget
      Tiffany Kleeman, Deloitte; Julie Bernard, Deloitte; Jenny Menna, Sallie Mae Intel - Intel

      Event Toggle Arrow
      Discover ways to obtain an enhanced cyber technology stack, SOC reporting metrics, and security outcomes, especially for smaller institutions with limited resources. Sallie Mae’s CSO will share how AI-driven threat detection and NextGen SOC capabilities are strengthening their cybersecurity posture.

    55. 10:15 - 11:00 AM

      Harnessing Structured OCR Data to Combat Check Fraud
      Bill Harney, Recorded Future; Casey Hertz, US Bank Intel - Fraud

      Event Toggle Arrow
      US Bank and Recorded Future will jointly present on how they work together to reduce check fraud losses. US Bank will show how they have reduced check fraud losses over the past year by using structured stolen check data to automate, prioritize, and remediate check theft at scale.

    56. 10:15 - 5:30 PM

      Capture the Flag
      Mike Connor, Principal Financial; Jacob Kravitz, Principal Financial

      Event Toggle Arrow
      Capture the Flag (CTF) contests can provide security teams with a fun, engaging learning opportunity outside of traditional training methods. In this session learn what goes into to building CTF challenges and how you can leverage competitive learning to strengthen team dynamic and skillsets.

    57. 11:15 - 12:00 PM

      Why Financial Services are Moving to Phishing-Resistant Auth
      Christian Brand, Google; Andrew Shikiar, FIDO Alliance Security - Organizations & People

      Event Toggle Arrow
      During this session, Andrew Shikiar of the FIDO Alliance and Christiaan Brand from Google will discuss the latest developments in the global movement to passkeys for better security and user experiences.

    58. 11:15 - 12:00 PM

      It's Okay To Share, We Won't Byte
      Rahel Araia, FS-ISAC; Sydney Jones, CLS Services; Isabel Kiesel, Mastercard Intel - Intel

      Event Toggle Arrow
      We already know that Info Sharing is our secret weapon in security. But how does a firm take the leap into sharing? Join this panel to hear from members who have found success in creating a sharing friendly environment and hear about the new member built template that can help your firm do the same!

    59. 11:15 - 12:00 PM

      Addressing Digital Assets Threat & Resilience Trends
      Patricia Denno, Fidelity Investments; David Fortino, Circle Internet Financial; Yolanda Liu, Coinbase; David Cass, GSR International Trading Intel - Fraud

      Event Toggle Arrow
      Though there is overlap with traditional financial services, there are many unique threats in the digital assets space to understand and address. We will review the threat trends and how best to tackle them, starting with building a strong, collaborative digital assets community.

    60. 11:15 - 12:00 PM

      Fighting Misinformation & Fraud In A Deepfake Deception Era
      Vijay Balasubramaniyan, Pindrop Security - AI

      Event Toggle Arrow
      While deepfakes aren’t new, a robocall of President Biden urging NH residents not to vote in the Democratic primaries sounded alarm bells in the White House on the power of AI. Vijay will use moments like this to educate attendees on the evolution of synthetic media/need for government intervention.

    61. 11:15 - 12:00 PM

      Unlock the Strategic Value of Zero Trust
      Rob Foster, EY; Nik Ziegler, EY Security - Technology & Data

      Event Toggle Arrow
      In a financial landscape where threats evolve daily, Zero Trust is not just a concept—it's an imperative. This session cuts through the jargon to deliver the clear value of Zero Trust for your organization. We'll break down the silos and demonstrate the strategic benefits, showcasing how Zero Trust fortifies your most critical assets and identities.

    62. 12:00 - 1:15 PM

      Lunch

    63. 1:15 - 2:15 PM

      Unknown Assets: A Silent Threat to Network Security
      Julie Albright, runZero; Bryan O'Neil, runZero Silver Solutions Showcase

      Event Toggle Arrow
      Unknown assets continue to undermine mature network defenses, providing attackers easy footholds while defenders struggle to achieve full visibility into dynamic environments. We’ll explore new research into the true risk presented by unknowns, and novel approaches to solve this persistent problem.

    64. 1:15 - 2:15 PM

      Threat Management Automation with Prelude
      Pete Constantine, Prelude Silver Solutions Showcase

      Event Toggle Arrow
      In this session, we'll showcase how Prelude quickly transforms threat intelligence into threat hunting queries, security tests, and validated detections so that organizations can know with certainty that their defenses will protect them against the latest threats.

    65. 1:15 - 2:15 PM

      How (Blinded Company) is Solving Microsegmentation
      Nicholas DiCola, Zero Networks; Gabe Cioffi, Mizuho Financial Group Silver Solutions Showcase

      Event Toggle Arrow
      Join us to discover how [financial org] halted lateral movement and ransomware attacks with modern microsegmentation. Gain insights from their journey and learn what to look for in a solution: agentless, automated, and equipped with extra layers of security like network-layer MFA.

    66. 1:15 - 2:15 PM

      API-Driven Financial Fraud
      Will Glazier, Cequence Security Silver Solutions Showcase

      Event Toggle Arrow
      The movement towards Open Banking APIs and increased interconnectivity between banks, applications and the aggregators facilitating these connections presents sophisticated detection challenges for security teams. We will investigate the multi-layered nature of this problem and share our experience.

    67. 1:15 - 2:15 PM

      30 Years of Arguing with Adults
      David Brauchler, NCC Group Silver Solutions Showcase

      Event Toggle Arrow
      Why are we are still losing to ransomware? Hear hilarious stories from a lifelong hacker outlining key success factors in his attacks and why they still apply. Learn about the evolution of hacking motivations & attack anatomy, cyber resilience, and strategies for financial services firms.

    68. 1:15 - 2:15 PM

      How to Quantify Cyber Risk Without a PhD.
      Andrew Barnett, Consortium Networks Silver Solutions Showcase

      Event Toggle Arrow
      Join us for a session on how one of our Financial clients revolutionized their security management and risk management strategy using Metrics That Matter (MTM). Discover how MTM helped bridge the gap between technical and executive teams and also delivered significant benefits in reporting.

    69. 2:30 - 3:15 PM

      Deepfake Threat Taxonomy and Controls Framework Security - AI

      Event Toggle Arrow
      The purpose of this talk is to provide insights into a novel threat taxonomy for categorization of deepfake attacks, and the associated security control framework to effectively detect and prevent such attacks against financial organizations.

    70. 2:30 - 3:15 PM

      Law Enforcement Engagement vs Social Media Threat Actors
      Jason Hayden, US Bank; Paul Compton, US Bank Intel - Fraud

      Event Toggle Arrow
      Threat Actors continue to target financial institutions by leveraging social media to post financial instruments for sale. U.S. Bank Fraud Analysts will share how they are proactively targeting social media threat actors using techniques and experiences from their careers in Federal Law Enforcement.

    71. 2:30 - 3:15 PM

      Using OWASP Top 10 Mindset For Software Supply Chain Security
      Ali Khan, ReversingLabs; Steven Demeulenaere, Equifax; Paul Brown, Mastercard; Nauman Noor Intel - Intel

      Event Toggle Arrow
      The rise of software supply chain attacks has demanded from CISOs & AppSec Leaders to re-invent how we approach this problem space. In this panel you will get practitioner feedback to help build the appropriate TPRM & Product Security strategy for your financial institutions stakeholders & teams.

    72. 2:30 - 3:15 PM

      How You Can Survive a Severe Cyber Outage
      Carlos Recalde, Sheltered Harbor Security - Technology & Data

    73. 2:30 - 3:15 PM

      Vanguard's Blueprint for Secure, Rapid Development
      Akhil Prasanna Degala, Vanguard; Richard Bleakley, Vanguard Security - Organizations & People

      Event Toggle Arrow
      How can you successfully embed a security-first mindset into your organization? Learn how Vanguard’s Identity & Access Management Cloud team used a shift-left approach to enable their developers to build secure applications and datastores while still meeting business timelines for feature delivery.

    74. 3:30 - 4:15 PM

      How TIAA is Addressing CyberSec Skill Shortage Internally
      Kathryn Patterson, TIAA Security - Organizations & People

      Event Toggle Arrow
      Concept of a cyber guild to address cyber skills shortage and expanding opportunities internally. Features: Why a Guild Network, Building a Cyber Guild, Guild Offerings & Case Studies, Gigs, Partnerships & Amplification, Lessons Learned & Successes, and key takeaways to answer WHY.

    75. 3:30 - 4:15 PM

      Building Bridges | Cyber Fraud Prevention Framework
      Anna Fridley, Navy Federal Credit Union; Stanley Hixon, LGE Community Credit Union; Micah Semon, PNC; Karen Helmberger, FS-ISAC Intel - Fraud

      Event Toggle Arrow
      The majority of fraud starts in the cyber realm and moves through the lifecycle to monetization. FS-ISAC's Cyber Fraud Kill Chain Working Group members will share how they have built a resource for the sector to bridge the gap between cyber and fraud efforts to move to fraud prevention.

    76. 3:30 - 4:15 PM

      Ready or Not - Here Comes AI (Governance)
      Priyadarshi Prasad, LightBeam Security - AI

      Event Toggle Arrow
      Your teams are raring to use the latest AI services. You are left wondering if that creates new security risks. How might you assess the risk posed by an AI service? What are some clear opportunities? Join us to discuss, share and learn more on data protection in the age of AI.

    77. 3:30 - 4:15 PM

      Operationalize the SOC Using a Threat-Informed Defense
      Anand Sastry, First Citizens Bank; Michael Monte, Anvilogic Intel - Intel

      Event Toggle Arrow
      In this session, First Citizens Bank will share how adopting a modern security data lake has enabled flexibility over their data strategy while increasing priority MITRE ATT&CK technique coverage through cross-data platform correlation. We'll also explore how they implement multi-stage, threat-based detection scenarios from their data platforms and signals from security tools to reduce risk while GenAI force multiplies their team to scale their defenses.

    78. 3:30 - 4:15 PM

      Securing The Post-AI World with Zero Trust
      Sam Curry, Zscaler Security - Technology & Data

      Event Toggle Arrow
      As adversaries adopt AI to innovate attacks, financial institutions and partners are also using AI to automate business and deepen cyber defenses, but risks abound. Hear from Zscaler and a special customer guest how zero trust architecture can secure apps, data and users in our post-AI world.

    79. 4:15 - 4:45 PM

      Afternoon Networking and Snacks

    80. 4:45 - 5:30 PM

      Mastering Information Security Requirements for Projects
      Véronique Moreau, Groupe Technologies Desjardins Security - Technology & Data

      Event Toggle Arrow
      Have you ever asked yourself how can you make sure your projects deliver secure solution? How can you make sure your security requirements are taken into consideration from the start to the end of your projects? Here’s how our security governance team worked with the PMO team to make it happen.

    81. 4:45 - 5:30 PM

      Insider Recruitment: Protecting Your Employees & Your Brand
      Tracey Blake, PNC; Alex Holladay, PNC; Dr. Deanna D. Caputo, MITRE Security - Organizations & People

      Event Toggle Arrow
      This panel discussion will look at the growing issue of bank employees being recruited by fraudsters to commit crimes against the bank. As this behavior occurs outside the walls of the bank, it is unfortunately difficult to detect and even more difficult to prevent.

    82. 4:45 - 5:30 PM

      Investigative Techniques for Identifying Elder Exploitation
      Jacqueline Hicks, Navy Federal Credit Union; Brian Carmack, Navy Federal Credit Union Intel - Fraud

      Event Toggle Arrow
      Elder Financial Abuse is a growing issue with harmful impacts on individuals and society. This presentation will cover investigative techniques and a case study to assist anti-fraud and security practitioners in identifying elder financial abuse to equip them with the knowledge to combat this issue.

    83. 4:45 - 5:30 PM

      Can't We All Just Get Along? Fusion Centers FTW
      Rachael Conover, Mastercard; Eric Strasser, Northern Trust Intel - Intel

      Event Toggle Arrow
      Inform FS-ISAC members of the structure and benefits of implementing a fusion concept and operating model, including specific guidance and lessons learned to consider when implementing an integrated threat management function.

    84. 4:45 - 5:30 PM

      AI: Balancing Innovation, Speed, Security and Shadow Risks
      Erik Gaston, Tanium; Tim Morris, Tanium Security - AI

      Event Toggle Arrow
      In today’s fast-paced financial service industry, AI adoption is transforming how we operate, bringing both innovation and risk. As departments implement AI solutions without governance Shadow AI emerges. In this talk, we’ll explore the challenges of Shadow AI, the balance between speed and security, and the remotion responses individuals and organizations face when navigating technological change.

    85. 6:30 - 9:30 PM

      Tuesday Signature Event

    86. October 30 Wednesday

    87. 7:30 - 4:30 PM

      Registration

    88. 8:00 - 8:45 AM

      Breakfast

    89. 8:45 - 9:00 AM

      Opening Remarks

    90. 9:00 - 9:30 AM

      What Joni Mitchell Can Teach Us About Our Security Journey
      Josh Goldfarb, F5 Platinum

      Event Toggle Arrow
      When networks, applications, and APIs were on-premises, security was simpler. Hybrid and multicloud environments, however, pose significant challenges. This talk will link Joni Mitchell's "Both Sides Now" lyrics to modern security strategies.

    91. 9:30 - 10:00 AM

      How Hackers *Actually* Use A.I. to Attack Financial Service
      Shira Sagiv, Radware Platinum

      Event Toggle Arrow
      The purpose of this session is to provide an overview of how attackers actually use AI to target and exploit financial services’ applications, showcase example of tools used by hackers, and talk about actionable best practices to protect against AI-powered attacks, and how Radware can help you.

    92. 10:00 - 10:30 AM

      Morning Networking and Snacks

    93. 10:30 - 11:15 AM

      Who Runs the Mules? Intel - Fraud

      Event Toggle Arrow
      JPMC presents a look into a prolific money laundering ring under the leadership of "Verta," a self-proclaimed cashout mistress. JPMC details how they uncovered corporate accounts used by Verta's mules and what TTPs financial institutions should be aware of to protect unwitting clients and customers.

    94. 10:30 - 11:15 AM

      Right of Boom: Finding Resiliency Leveraging Lessons Learned
      Jeff Boerio, US Bank; Elizabeth Geary, Fiserv Enterprise Technology Resilience - Resilience

      Event Toggle Arrow
      The panel will evaluate how BCP and incident response strategies held up during real-time incidents. Engaging in collaborative discussion, the aim is to contribute to the development of comprehensive and effective incident response plans to reduce risk for organizations of all sizes.

    95. 10:30 - 11:15 AM

      Visualize Breaches with Attack Flow
      Mark Haase, MITRE Intel - Attacks

      Event Toggle Arrow
      Learn how to document and visualize breaches using the open source Attack Flow project. This interactive session teaches you how to build a flow based on cyber threat intelligence and how to use the resulting flow to share and communicate breach information with others in your organization.

    96. 10:30 - 11:15 AM

      The Modern Privileged Access Management (PAM) Framework
      Ryan Cooks, Aon PLC; Clark Cone, State Street Security - Organizations & People

      Event Toggle Arrow
      Join two security engineers in an engaging conversation through the journey of privileged access management. We’ll explore the evolution of PAM and highlight the guidelines that modern privileged access frameworks require.

    97. 10:30 - 11:15 AM

      Guardian Life’s Journey to Application and API Protection
      Greg Kyrytschenko, Guardian Life Insurance; David Holmes, Imperva Security - Technology & Data

      Event Toggle Arrow
      Join a fireside chat with Greg Kyrytschenko, Guardian Life’s Chief Technology Security Officer, about his organization’s path to application and API security. Greg will share about the decisions his organization made leveraging technology, processes and people in application and AP.I security.

    98. 10:30 - 3:15 PM

      Capture the Flag
      Mike Connor, Principal Financial; Jacob Kravitz, Principal Financial

      Event Toggle Arrow
      Capture the Flag (CTF) contests can provide security teams with a fun, engaging learning opportunity outside of traditional training methods. In this session learn what goes into to building CTF challenges and how you can leverage competitive learning to strengthen team dynamic and skillsets.

    99. 11:30 - 12:15 PM

      Navigating the Storm: Incident Response Readiness
      Rachel Bush, Nationwide Mutual Insurance Company; David Daniel, Nationwide Mutual Insurance Company Resilience - Resilience

      Event Toggle Arrow
      Cybersecurity incidents are increasing in frequency and cost. These events are high impact for your business, and can be career defining moments for leaders and associates alike. Dave and Rachel will share their real world experience and tips on IR readiness and response best practices.

    100. 11:30 - 12:15 PM

      AI Cyber Threats: 30 Minutes to Midnight
      Josh Cigna, Yubico Security - Organizations & People

      Event Toggle Arrow
      Phishing attacks continue to rise and with the advent of AI we can predict dramatic increases in sophistication and number of attacks. Legacy MFA is already under attack with AI making them even less effective. Learn about the present and future state of AI phishing and how to tackle these threats.

    101. 11:30 - 12:15 PM

      A Data Security Dilemma: Common Pitfalls in Data Protection
      James Rice, Protegrity Security - Technology & Data

      Event Toggle Arrow
      The data dilemma needs to be addressed. As data breaches increased by 78% in 2023 and threat actors increasingly use exfiltration and extortion tactics, data security falls to the side. Finding the balance between data consumption and security risk is possible, we just need to invert our approach.

    102. 11:30 - 12:15 PM

      Flipping the Script – Using AI to Expose P2P Messaging Scams
      Ryan Woodley, Netcraft Intel - Fraud

      Event Toggle Arrow
      Explore AI-powered research exposing criminal conversations from P2P message scams used in pig butchering, romance scams, advance fee fraud, and investment scams. This unique insight shows new opportunities to disrupt criminal behavior by combining fraud interdiction and proactive countermeasures.

    103. 11:30 - 12:15 PM

      New Ways to Combat Fraud and Identity Compromise
      Alex Weinert, Microsoft Intel - Attacks

      Event Toggle Arrow
      Identity compromise and fraud pose significant threats to financial services companies. This session will delve into two powerful solutions: passkeys and decentralized identity. Gain insights into the latest trends in identity and fraud attacks and discover how passkeys and decentralized identities can synergize to bolster security and to thwart fraud. We will highlight the remarkable effectiveness and straightforward deployment of these cutting-edge technologies.

    104. 12:15 - 1:30 PM

      Lunch

    105. 1:30 - 2:15 PM

      Fusing Responses: Incident Response & Insider Threat
      Bryan Bowie, Verizon Communications; Paul OConnor, Verizon Communications Security - Organizations & People

      Event Toggle Arrow
      Different teams have different responsibilities when it comes to defending the threat landscape; however, advanced threats don’t differentiate, an effective bridge for cross team communication, collaboration, and the sharing of lessons learned.

    106. 1:30 - 2:15 PM

      Bare Knuckle Forensics for White Knuckle Moments Resilience - Resilience

      Event Toggle Arrow
      In our well managed environments with our well managed and uniformly deployed tools we have complete visibility into everything that is going on everywhere all the time. If that statement applies to you, you have my admiration. This talk addresses incidents where this is not the case.

    107. 1:30 - 2:15 PM

      The Integration of Quantum Security Technologies
      Jeff Stapleton, Wells Fargo Security - Technology & Data

      Event Toggle Arrow
      With so many quantum security solutions emerging in the cybersecurity market, how do you choose which solutions to deploy and how do you integrate them into your overall technology stack and apply a single "pane of glass" view into the heterogeneous key management and data protection ecosystem.

    108. 1:30 - 2:15 PM

      Streamlining Counter-Fraud Tactical Intelligence Delivery
      Anna Fridley, Navy Federal Credit Union; Jason Tunis, Navy Federal Credit Union Intel - Fraud

      Event Toggle Arrow
      Join us for a case study of how Navy Federal took multiple streams of inbound fraud images, funneled them through a cohesive, repeatable and resilient process to save time and energy while speeding up delivering daily tactical counter-fraud intelligence.

    109. 1:30 - 2:15 PM

      Squashing Spiders: Trick or Treat, Cyber Defeat
      Holly Dragoo, New York Life; Ross Griswold, New York Life Intel - Attacks

      Event Toggle Arrow
      This case study examines the incident response of a Fortune 500 company, emphasizing real-time threat intel and team communication in deterring a Scattered Spider attack. Takeaways include the value of continuous monitoring, cross-functional coordination, and adaptive strategies for cyber resilience.

    110. 2:30 - 3:15 PM

      Russian Cyber: Here and There, Not Everywhere (Members Only)
      Ian Litschko, Royal Bank of Canada Intel - Attacks

      Event Toggle Arrow
      This presentation will focus on the Russian security services (FSB, GRU, SVR) and their cyber-enabled capabilities. It will explore the mandates of each agency, their organizational structure and how their respective cyber capabilities fit within each of them.

    111. 2:30 - 3:15 PM

      Block Zero Day and Attack IP Addresses (JAM) (Members Only)
      Yu Peng, ICE; Tony Drake, ICE Security - Technology & Data

      Event Toggle Arrow
      JAM (Jack-A-Mole) is a near real-time network perimeter protection tool that blocks known malicious and potentially problematic IP addresses at ICE’s perimeter. Utilizing numerous intelligence feeds and internally-developed data models to identify and block external IP addresses.

    112. 2:30 - 3:15 PM

      Jailbreaking Generative AI for Fun and Profit (Members Only)
      Matthew Pische, Sallie Mae Security - AI

      Event Toggle Arrow
      We will delve deep into how to make Generative AI misbehave via Jailbreaking. By learning how to break the locks on the GenAI box and make it dance to a different tune we will better appreciate the risks inherent to the most hyped technology of the decade and what we need to do to protect ourselves.

    113. 2:30 - 3:15 PM

      Rebuilding a Cyber Defense Tech Stack at Scale (Members Only)
      Peter Sprenger, Citi Intel - Intel

      Event Toggle Arrow
      Discussion of best practices and lessons learned consolidating Citi's intelligence, incident response, and operational teams' ticketing and case management system to a single platform. Strategic, outcome-oriented product management and agile development were critical for a successful transformation.

    114. 2:30 - 3:15 PM

      Fighting Fraud Through Intelligence Sharing & Collaboration (Members Only)
      Karen Helmberger, FS-ISAC; Greg Williamson, BITS | Bank Policy Institute; Troy Wells, FS-ISAC Intel - Fraud

      Event Toggle Arrow
      The Financial Services sector is unifying in the fraud fight through enhanced intelligence sharing and collaboration. We will share an update of the efforts in process and detail the path to sharing, which will lead to fraud prevention.

    115. 3:30 - 4:15 PM

      Transitioning to Risk Based Alerting (Members Only)
      Beth Young, AFLAC Intel - Intel

      Event Toggle Arrow
      MYTH: Risk Based Alerting will cut down on the number of false positives sent to the SOC every day. FACT: There are still false positives but they are different than the old false positives. Join Beth as she talks about Aflac's journey into Risk Based Alerting.

    116. 3:30 - 4:15 PM

      Digital Wallets: What Keeps us Up at Night (Members Only)
      John Omernik, Wells Fargo; Olivia Vining, Wells Fargo; Naveen Manivannan, Bank of America Intel - Fraud

      Event Toggle Arrow
      Digital Wallets are an emerging trend in multiple aspects of criminal activity against banks and their customers. Seeing use in phishing, cashout, card testing, and money laundering, this panel will discuss the recent trends, challenges in the data, and opportunities in understanding the space.

    117. 3:30 - 4:15 PM

      Member Only Session

    118. 4:15 - 5:15 PM

      Closing Reception

    fs-isac-greyscale

    © Copyright 1999 - FS-ISAC, Inc. All Rights Reserved.

    Terms and Policies