• Overview
  • Call For Presentations
  • Program
  • Sponsors
  • Keynote

Safeguarding Trust

Overview 

Join fellow FS-ISAC members from across the Americas for three full days of learning, collaboration, and networking. 

Summits are our largest events of the year, packed with insightful presentations, workshops, and panels on topics relevant to the security of the global financial services industry. 

Highlights 

Relevance 

The synthesis of cybersecurity and the financial sector distinguishes FS-ISAC Summits from other large industry events. The Americas Summit is specifically designed for cybersecurity professionals in financial institutions. 

Content 

Sessions are divided into three tracks – Intelligence, Security, and Resilience – so that you can focus on the most pressing issues in your organization today. 

Connection 

Collaborating with cybersecurity experts from across the Americas advances your skills and the sector’s security. And by learning from others, you can develop invaluable connections that outlast the Summit.

Exercise

Participating in exercises increases resilience. Take part in our in-person tabletop exercise, "Cloud Outage", on 5 October. This exercise is hosted in conjunction with the 2025 Americas Fall Summit, but registration is separate. Find out more about the exercise here.

Event Sponsorship

We are fully sold out for the 2025 Americas Fall Summit in Scottsdale. No sponsorship packages or sponsor passes are available. Email sales@fsisac.com to learn about future events and see upcoming events here.

Register Now

 

 

Call for Presentations

The theme for 2025 Americas Fall Summit is Safeguarding Trust.

The call for presentations is now closed. Notifications will be sent out on 29 July.

 

 

Our Summits present an opportunity for you to share your story, expertise, and career’s worth of knowledge with cybersecurity experts from across the region. 

Presentations contribute to our information-sharing mission. Members choose from Summit presentations, roundtables, discussions, or panels in the Intelligence, Security, and Resilience tracks. 


Intelligence
- Incidents and Campaigns
- Intel Practices and Methodology
- Actor TTP Analysis

Security
- Working Group Topics (Anti-Fraud, Red Teaming, AI Risk, PQC, etc)
- COIs & Industry Specific Topics (including regulation)
- Network Defense
- App and Data Security
- Emerging Technology

Resilience
- GRC
- Board Reporting
- Exercises
- Insider Risk
- Biz Resilience
- Third-Party Risk Management

Mike Massimino

Massimino_MikeMike Massimino is a former NASA Astronaut, a New York Times bestselling author, a Columbia University engineering professor, an advisor at The Intrepid Sea, Air and Space Museum, and a television personality.

After working as an engineer at IBM, NASA, and McDonnell Douglas Aerospace, along with academic appointments at Rice University and at the Georgia Institute of Technology, Mike was selected as an astronaut by NASA in 1996. He persisted through three rejections over 7 years on his way to becoming an astronaut, including overcoming a medical disqualification by training his eyes and brain to see better. A spacewalker on the fourth and fifth Hubble Space Telescope servicing missions in 2002 and 2009, Mike and his crews traveled faster (Mach 26) and higher (350 miles) than any other astronauts in the 21st century while increasing the discovery capabilities of arguably the greatest scientific instrument ever built by a factor of 100. During the final Hubble servicing mission, Mike was faced with both success and life-threatening challenges as he performed the most intricate repair ever attempted in space. Mike was the first person to tweet from space, holds the team record for the most spacewalking time on a single space shuttle mission, and was the last person to work inside of the Hubble Space Telescope. In 2014, Mike left NASA to become a professor of mechanical engineering at Columbia University where he teaches two courses, Introduction to Human Space Flight and Aerospace Human Factors Engineering, which harness his years of academic and professional experience. He also teaches The Art of Engineering, a course in which all first-year engineers work on engineering projects with socially responsible themes. In addition, Mike is the faculty advisor for the Columbia student space club (the Columbia Space Initiative), and faculty director of the India Urban Works challenge. His responsibilities also include outreach to high schools throughout the United States to promote STEM education, and support of university development efforts and alumni affairs.

Mike’s book, Spaceman: An Astronaut’s Unlikely Journey to Unlock the Secrets of the Universe, has received rave reviews and is a New York Times best-seller. His second book, Spaceman: The True Story of a Young Boy’s Journey to Becoming an Astronaut, a young adult version of his previously published autobiography, is a National Science Teachers Association 2021 Best STEM Book Winner.

In Mike’s new book, Moonshot: A NASA Astronaut’s Guide to Achieving the Impossible, he distills stories and insights from NASA into an actionable guide to accomplish your biggest goals. Mike reveals how to make possible the seemingly impossibl —on Earth. Written with characteristic wit and a big heart, Mike identifies ten hard-earned lessons of spaceflight and his other life experiences.

Mike is a recipient of 2 NASA Space Flight Medals, the NASA Distinguished Service Medal, Columbia Alumni Association Egleston Medal, Star of Italian Solidarity (Italian Knighthood), Christopher Award for Most Inspirational Book, Long Island Reads Book of the Year Award, Columbia Outstanding Community Service Award, National Space Club Communications Award, an Honorary Doctorate from Hofstra University, and was inducted into the Long Island Air and Space Hall of Fame. The street that Mike grew up on in Franklin Square, Long Island has been renamed “Mike Massimino Street.”

Mike has made numerous television appearances and movie cameos, including a recurring role as himself on the CBS comedy The Big Bang Theory. He was featured in National Geographic Television’s One Strange Rock, in the Netflix series Worn Stories, and in the IMAX movie Hubble 3D, and has been called the real-life astronaut who inspired George Clooney’s role in the movie “Gravity.”

Mike is a frequent guest on morning shows and late-night television including The Today Show, Good Morning America, and The Daily Show, and a guest expert on network and cable news including NBC, ABC, CBS, CNN, Fox News Channel, MSNBC, and CNBC.

As a keynote speaker, Mike uses humor and his unique storytelling ability to inspire audiences to identify the passion in their work, to use teamwork and innovation to solve problems, to provide leadership in the face of adversity and crisis, and to never give up when pursuing a goal. He also conveys messages on the importance of safety, education, and environmental awareness.
  1. October 5 Sunday

  2. 11:30 - 3:30 PM

    Tabletop Exercise - Cloud Outage (additional registration required)

  3. 11:30 - 3:00 PM

    Fraud Workshop (additional registration required)

  4. 3:00 - 7:00 PM

    Early Registration

  5. 5:00 - 6:30 PM

    Welcome Reception Sponsored by Sponsored by Netcraft

  6. October 6 Monday

  7. 7:30 - 8:15 AM

    Breakfast Sponsored by Optiv Security

  8. 8:15 - 8:45 AM

    Opening Remarks

  9. 8:45 - 9:30 AM

    Keynote

  10. 9:30 - 10:00 AM

    Divide & Conquer: Ransomware Doesn't Stand a Chance

    Platinum
    Event Toggle Arrow
    Ransomware attacks create a business crisis, but resilience strategies with segmentation isolate compromise, stop lateral movement, and protect systems. See how a real breach became a non-event when containment worked as designed. Learn clear steps to architect your environment to stay in control.

  11. 10:00 - 10:45 AM

    TIC Panel

  12. 10:45 - 11:15 AM

    AM Networking & Snacks Sponsored by MorganFranklin

  13. 11:15 - 12:00 PM

    Fight Fraud as One with the Cyber Fraud Prevention Framework

    Allison Glenn, Bank of America; Adam Perino, Regions Financial; Steven Perkins, Comerica; Ryan Praskovich, Nationwide Mutual Insurance Company Intel - Fraud
    Event Toggle Arrow
    Explore the journey from theory to real-world application of the Cyber Fraud Prevention Framework, offering a detailed view on how organizations can proactively defend against evolving digital threats. Attendees will gain insights into the practical steps of operationalizing the framework.

  14. 11:15 - 12:00 PM

    CTR+ALT Deceit: FS-ISAC Intel vs. DPRK Hiring Fraud

    Ryan Regnier, Nelnet; Rashmi Singh, TIAA Intel - Attacks
    Event Toggle Arrow
    After a brief overview of Nelnet and its Cybersecurity department, we will cover the North Korean IT Worker Fraud Scheme, the FS-ISAC Intelligence that led to the Threat Identification, Nelnet's response to the Threat, and what you can do to protect yourself from falling victim to the fraud.

  15. 11:15 - 12:00 PM

    Automating Security, Compliance, and Audit

    Quincy Wilson, Google; Theodore Bruckbauer, CME Group Resilience - GRC
    Event Toggle Arrow
    To provide the audience with actionable insights on integrating technology to enable scalability across their three lines of defense: Security Operations (1LOD), risk oversight (2LOD), and internal audit (3LOD) while maintaining independence between each line.

  16. 11:15 - 12:00 PM

    Cloud Security and Transformational Opportunities

    Erik Bataller, M&T Bank; Ajish George, State Street; Ozzy Bommannan, Plante Moran; Ben LeClaire, Plante Moran Security - Technology
    Event Toggle Arrow
    As organizations accelerate their cloud adoption, the role of cybersecurity evolves from a gatekeeper to a strategic enabler. This panel will explore how different enterprises are designing and adapting their cloud security strategies to align with business transformation and operational agility

  17. 11:15 - 12:00 PM

    Weaponizing Policy

    Steven Nider, U.S. Department of the Treasury Resilience - Op Resilience
    Event Toggle Arrow
    Weaponizing Policy: How the US Government is Using Executive Power to Fight Global Threats. This session will be a panel that discusses two Executive Orders that were recently released that will have impact on national practices.

  18. 12:00 - 1:00 PM

    Lunch Sponsored by Hadrian

  19. 1:15 - 2:00 PM

    The $40B Deepfake Dilemma: What's Next & How to Fight It

    Intel - Attacks
    Event Toggle Arrow
    Deloitte predicts losses of up to $40B from generative AI fraud, like deepfakes, are transforming fraud risks across finance, media, government, and more. This session explores the evolving threat landscape and demonstrates how advanced technology helps organizations re-establish trust, verify authe

  20. 1:15 - 2:00 PM

    Trust Runs on Resilience - From Recovery to Continuity

    Resilience - Op Resilience
    Event Toggle Arrow
    Trust is essential in financial services, yet traditional continuity plans fall short against sophisticated cyber threats. Join this session to learn proactive resilience strategies, build a "Minimum Viable Business" model, and hear how other organisations safeguard core operations from disruptions

  21. 1:15 - 2:00 PM

    Reshaping Trust: Browser Security in Financial Services

    Security - Technology
    Event Toggle Arrow
    As threats grow more advanced, the browser has become the new frontline of cyber defense--yet it's often the most overlooked. This session challenges outdated assumptions and introduces a bold shift to Zero Trust, built around browser-native security and modern access control.

  22. 1:15 - 2:00 PM

    Safeguarding Trust through Intelligence

    Jason Witty, Fidelity Investments; Rodrigo Figueroa, Fidelity Investments Intel - Fraud
    Event Toggle Arrow
    Insights on how the Fidelity team gathers, interprets, and actions threat intel to manage current and emerging threats across cyber and fraud. They'll also provide key takeaways that security professionals can bring to their organizations and business partners to promote a culture of security.

  23. 1:15 - 2:00 PM

    Implementing Exposure Management to Safeguard Trust

    Steven Lodin, Sallie Mae Resilience - GRC
    Event Toggle Arrow
    This presentation outlines how Sallie Mae successfully implemented an exposure management program to improve risk reduction, compliance readiness, and stakeholder confidence. Key achievements include the development of a risk-based prioritization framework and 90% reduction in critical vulns.

  24. 2:15 - 3:00 PM

    High-Risk Vendor Management: Moving Towards Supply Chain SOC

    Martin Metz, Accenture Resilience - GRC
    Event Toggle Arrow
    Traditional third-party risk tools fall short. High-risk vendors are central to real cyber incidents. This session explores the Supply Chain SOC: continuous monitoring, threat intel, vendor integration, and collaboration, featuring a global bank's real-world lessons and how to get started.

  25. 2:15 - 3:00 PM

    Why API Security is Critical in Protecting GenAI Based Apps

    Security - Technology
    Event Toggle Arrow
    We're increasingly adopting GenAI-driven applications. With workflows driven by LLM-generated business logic and interfaces defined as flexible APIs (e.g. MCP), these apps are exposed to risk of data leaks and other emerging threats. Join to learn how you can prepare your organization for the AI age

  26. 2:15 - 3:00 PM

    Building Resilient Defenses in an Evolving Fraud Landscape

    Intel - Fraud
    Event Toggle Arrow
    With $485B annual fraud losses, financial institutions face AI-powered attacks that outpace traditional defenses. Our experts reveal how cloud-native security transforms fraud prevention from real-time threat detection to zero-trust that adapts while maintaining seamless customer experiences.

  27. 2:15 - 3:00 PM

    The Role of Geopolitics in a Resilience Environment

    Anne Kiplinger, CME Group; Aubrey Quick, CME Group Resilience - Op Resilience
    Event Toggle Arrow
    This presentation will illustrate the important role geopolitics plays in a financial company's resilience efforts. Two Operational Resilience professionals will provide an overview of how they integrate geopolitics into their planning and response framework.

  28. 2:15 - 3:00 PM

    Threat-Led Operations: Turning Intelligence into Action

    Michael Price, Nationwide Mutual Insurance Company; Dustin Barker, Nationwide Mutual Insurance Company; Matthew Schweitzer, Nationwide Mutual Insurance Company Intel - CTI
    Event Toggle Arrow
    Build a threat-led defense with MITRE ATT&CK and CTI. Learn to integrate testing, map capabilities with scorecards, and drive cultural change. Gain a repeatable model, real-world workflows, and tools to align stakeholders and demonstrate strategic value.

  29. 3:15 - 4:00 PM

    Addressing Post-Quantum Cryptography Risks in FinServ

    Security - Emerging Tech
    Event Toggle Arrow
    This session will explore the truth behind the current state of post quantum computing (PQC). Using new research and analysis from F5 Labs, we will showcase the current adoption of PQC across the world's top sites, and explain current browser and device readiness for these new hybrid ciphers.

  30. 3:15 - 4:00 PM

    A Paramount Alliance: Fraud, Cyber and Beyond

    Brittany Layell, TIAA; Leigh Williams, Zelis; Sebastian Buddle, ICE; Ross Bentzler, Alpine Bank (CO) Intel - Fraud
    Event Toggle Arrow
    This session is meant to dive into synergies between fraud and cyber security teams, promote ideas of how you can start building those connections and why they work. We will also provide insights into additional meaningful relationships inside and outside of your organization that protect clients.

  31. 3:15 - 4:00 PM

    The Value of Analytic Tradecraft for Private Sector Intel

    Stefan Konrad, BMO Harris Bank; JR (John Robert) Jewczyk, BMO Harris Bank Intel - CTI
    Event Toggle Arrow
    In this presentation, the BMO Fusion Intelligence Team will demonstrate how it has used analytic tradecraft to increase the confidence of our key stakeholders and significantly grow relationships with multiple teams across our organization.

  32. 3:15 - 4:00 PM

    DORA: A Strategic Shift for Global Financial Services

    Iain Wilson, CME Group Resilience - Op Resilience
    Event Toggle Arrow
    The Digital Operational Resilience Act, or DORA, became applicable to EU "financial entities" in January 2025. DORA represents a significant shift in how digital risk is overseen and regulated by European Authorities, impacting both the global operations and IT compliance programs of CME Group.

  33. 3:15 - 4:00 PM

    GitOps to Greatness: How Engineers Streamlined IAM Migration

    Nick King, State Farm; Matthew Spotts, State Farm Resilience - Identity
    Event Toggle Arrow
    Learn how embedding software engineers into specialized teams can accelerate complex projects. We'll share how our SRE team helped an IAM team migrate access management from on-prem to AWS, offering insights on cross-functional collaboration, technical excellence, and alternative approaches.

  34. 4:00 - 4:30 PM

    PM Networking & Snacks Sponsored by Guidepoint Security

  35. 4:30 - 5:30 PM

    Building an AI Driven SOC: Amplify the Analyst Experience

    Silver Solutions Showcase
    Event Toggle Arrow
    Discover how Gurucul's Self-Driving AI SIEM improves detection efficacy and removes mundane work for analysts. We'll showcase how our army of AI agents work across the entire threat detection, investigation and response lifecycle decreasing investigation time by 58% and eliminating Tier 1 triage.

  36. 4:30 - 5:30 PM

    Defense Through The Deal: Protecting Fragmented Environment

    Jason Pfeiffer, ReliaQuest - MSSP; Robert Allen, Arthur J. Gallagher & Co. Silver Solutions Showcase
    Event Toggle Arrow
    Mergers and acquisitions bring cybersecurity risks like unknown assets and siloed controls. Join Gallagher and ReliaQuest experts to explore strategies for unifying teams, enhancing visibility, and managing risks. Learn how GreyMatter supports scalable, secure transitions during M&A.

  37. 4:30 - 5:30 PM

    Four Hours to Impact: In-the-Wild Exploitation Mayhem

    Benjamin Harris, watchTowr Silver Solutions Showcase
    Event Toggle Arrow
    In-the-wild exploitation now happens within hours of disclosure - not days. This session reveals how watchTowr's continuous, attacker-informed approach to external threat detection helps financial institutions identify and respond to real-world risks faster than traditional vulnerability management.

  38. 4:30 - 5:30 PM

    Make the Complex Simple: Secure Access Control for Financial

    Silver Solutions Showcase
    Event Toggle Arrow
    Demo to learn how Policy Based Access Control can help address critical use cases across Retail, Commercial, Institutional, and traditional Insurance use cases. From Zero Trust, Data Privacy / Compliance to ensuring an optimal User Experience, PlainID can help make the complex simple.

  39. 4:30 - 5:30 PM

    Gradually Build Trust with AI Security Workers

    Ely Abramovtich, Legion Silver Solutions Showcase
    Event Toggle Arrow
    Legion earns trust, trains on your workflows, and scales your team's expertise. It's not just automation it mirrors how your best analysts think, act, and decide, so you can move faster without compromising the judgment that sets you apart.

  40. 4:30 - 5:30 PM

    GRC Innovation You Can Bank On

    Silver Solutions Showcase
    Event Toggle Arrow
    This session explores how RegScale, an early-stage FS-ISAC affiliate, helps financial institutions revolutionize GRC with AI, automation, and Continuous Controls Monitoring. We'll show how RegScale's platform solves challenges in regulatory response management, operational efficiency, and more.

  41. 4:30 - 5:30 PM

    Guardare Demo

    Dane Fiori, Guardare Silver Solutions Showcase
    Event Toggle Arrow
    Guardare's AI cybersecurity platform automatically maps people and software across all assets connected to the network, helping you proactively identify threats. We continuously offer insights across asset interactions, tracking changing risk levels, misconfigurations, or unused features

  42. 5:30 - 6:30 PM

    Booth Crawl Reception

  43. October 7 Tuesday

  44. 7:30 - 8:15 AM

    Breakfast Sponsored by Secure Code Warrior

  45. 8:15 - 8:45 AM

    Opening Remarks

  46. 8:45 - 9:15 AM

    Critical Provider Panel

  47. 9:15 - 9:45 AM

    Resilience Built in the Cloud

    Platinum
    Event Toggle Arrow
    Discover how resilience is embedded in cloud services to minimize disruption risk. Learn how fault isolation and defense-in-depth are engineered at scale. Explore shared responsibility, reliability principles, and fault injection strategies that ensure continuity amid failures, bugs, and errors.

  48. 9:45 - 10:15 AM

    AM Networking & Snacks Sponsored by Corelight

  49. 10:15 - 11:00 AM

    Executive Threats in the Era of Resentment

    Chuck Randolph, 360 Privacy; Fred Burton; Niall Herlehy, VISA Resilience - C-Suite
    Event Toggle Arrow
    Explores how digital, reputational & physical threats target today's leaders. Panelists share real-world insights on threat detection, reputational resilience & integrated protection to help organizations assess risk & reduce executive exposure.

  50. 10:15 - 11:00 AM

    AI-Driven Collaboration in Financial Cybersecurity

    AJ Nash, Mattermost Intel - Operations
    Event Toggle Arrow
    This session explores the intersection of AI and secure collaboration, focusing on the unique challenges and opportunities facing high-trust environments like finance. gain insights into how AI can enhance real-time threat detection, automate incident response workflows, and support compliance .

  51. 10:15 - 11:00 AM

    Friend or Foe? Understanding & Mitigating Agentic AI Threats

    Security - Emerging Tech
    Event Toggle Arrow
    Agentic AI opens opportunities and threats to FSIs. This session explores how attackers use it to create disruptive threats and the challenges in identifying malicious and legitimate AI Agents. Learn tactics used by attackers, protection best practices and how to turn Agentic AI into a trusted ally.

  52. 10:15 - 11:00 AM

    Strategic Updates: Industry Efforts to Disrupt Telecom Abuse

    Micah Semon, Bank of America; Mina Hanna, JPMorgan Chase; Greg Williamson, Bank Policy Institute Intel - Fraud
    Event Toggle Arrow
    Join financial institutions and representatives from financial industry consortiums to learn more about ongoing strategic telecommunications abuse disruption industry efforts, the current state of these efforts, and how your firm can get involved.

  53. 10:15 - 11:00 AM

    Branching Out From CTI: What's Next For Your Career?

    Adam Perino, Regions Financial; Patricia Denno, Fidelity Investments; Jeff Boerio, US Bank; Ryan Praskovich, Nationwide Mutual Insurance Company Security - People
    Event Toggle Arrow
    Cyber Threat Intel (CTI) has enriched many of our careers, but today's job market requires branching out to other disciplines. A panel of elected FS-ISAC Threat Intel Committee EXEC reps will discuss our journeys and actionable guidance on how your career can have resiliency and continue to thrive.

  54. 11:15 - 12:00 PM

    Targeted at the Top: Intelligence for Executive Protection

    Resilience - C-Suite
    Event Toggle Arrow
    As executive threats evolve�from impersonation to synthetic media�organizations must adapt. This session explores real-world approaches to managing executive risk, hardening attack surfaces, and operationalizing intelligence for VIP protection.

  55. 11:15 - 12:00 PM

    Demystifying AI in Cybersecurity

    Intel - Operations
    Event Toggle Arrow
    This presentation explores the progressive journey of Security Operations Center (SOC) automation, highlighting key phases in the integration of artificial intelligence and advanced monitoring techniques.

  56. 11:15 - 12:00 PM

    Practical Use Cases & Insights to Deploy Agentic AI

    Upendra Mardikar, TIAA Security - Emerging Tech
    Event Toggle Arrow
    Agentic AI, are poised to transform the financial services industry. This presentation will cover how Agentic AI can have a significant impact to the financial sector and how we at TIAA are taking first steps exploring these capabilities and potential implementation within our environment.

  57. 11:15 - 12:00 PM

    Sweetening the Deal: Building Trust in Cybersecurity

    Kyle Holley, CSAA Insurance Group; Alyxandra Pearce, CSAA Insurance Group Security - People
    Event Toggle Arrow
    Sweetening the Deal dives into the strategies and best practices for creating a cybersecurity program that truly resonates with company staff. Explore how to better engage employees, build a culture of trust, and establish a feedback loop that allows the security team to better support the business.

  58. 11:15 - 12:00 PM

    Scale Up, or Pay Up: How to Scale Your Fraud Defenses

    Kyle Flaherty, Capital One; John Dukewich, Capital One Intel - Fraud
    Event Toggle Arrow
    As fraudsters scale their operations with increasingly sophisticated tools like AI-driven phishing schemes, machine learning, and extensive APIs - financial institutions must respond not just in kind - but at scale. In this talk, we'll walk through how your FI can reimagine Fraud Intelligence.

  59. 12:00 - 1:00 PM

    Lunch Sponsored by Seemplicity

  60. 1:15 - 2:15 PM

    Unifying Security Intelligence to Neutralize Cyber Threats

    Andrew Gunn, Intel 471 Silver Solutions Showcase
    Event Toggle Arrow
    You struggle to prioritize cyber threats, act promptly to neutralize them, mitigate risk, and conduct business confidently due to a lack of visibility and tools. Intelligence-driven solutions offer a valuable remedy, but many across the industry struggle to provide an integrated view of the threats.

  61. 1:15 - 2:15 PM

    Your SaaS Vendor was just Breached - Now What?

    Yoni Shohet, Valence Security Silver Solutions Showcase
    Event Toggle Arrow
    Learn how to stop SaaS attacks before they start. In this 15-min session, experts from AssuredPartners and Valence Security share real-world tactics to secure SaaS apps by closing gaps in identities, configurations, and data access without slowing the business down.

  62. 1:15 - 2:15 PM

    Data Security and Privacy

    Elizabeth Nammour, Teleskope; Ivan Aguilar, Teleskope; Aidan Hrynda, Teleskope Silver Solutions Showcase
    Event Toggle Arrow
    Teleskope offers comprehensive data protection from detection to remediation to prevention. Our Data Protection Platform seamlessly integrates with your cloud, SaaS providers, or on-premises data repositories to automatically discover, classify, and provide actionable, contextual insights. Teleskope

  63. 1:15 - 2:15 PM

    How Much Does a Breach Really Cost? We Have 300,000 Receipts

    Andrew Barnett, Consortium Networks Silver Solutions Showcase
    Event Toggle Arrow
    What's the average financial loss from a security incident at a company like yours? How do ransomware attacks typically unfold and what actually works to reduce their impact? We analyzed over 300,000 cyber insurance claims to find out.

  64. 1:15 - 2:15 PM

    Unseen APIs: Financial Compliance & AI Risk

    Silver Solutions Showcase
    Event Toggle Arrow
    Financial API compliance is crucial, not just a checkbox. Learn to manage your full API inventory, leverage posture governance to limit risk, and secure against AI-driven threats. This session provides actionable insights for financial institutions to achieve real API security.

  65. 1:15 - 2:15 PM

    War Rooms to Workflows: Automate IR for Real-Time Resilience

    Silver Solutions Showcase
    Event Toggle Arrow
    AI is transforming incident response from reactive war rooms to proactive workflows. Agentic AI enables faster detection, containment, and recovery reducing dwell time, cost, and business disruption. Real-time visibility and automation are essential for resilience, compliance, and dissolving silos

  66. 1:15 - 2:15 PM

    The Anatomy of a Good Metric

    Silver Solutions Showcase
    Event Toggle Arrow
    The presentation will focus on the challenges and risks associated with Shadow SaaS in modern enterprises. We will delve into the current state of enterprise IT, highlighting the increasing reliance on cloud computing, the benefits of SaaS, and the security risks and challenges posed by Shadow SaaS.

  67. 2:30 - 3:15 PM

    Using the CISO Work Cycle to Communicate to Senior Leaders

    Alex Foley, Truist Resilience - C-Suite
    Event Toggle Arrow
    For years CISOs have struggled to consistently communicate progress to senior leaders. The CISO Work Cycle is a brand-new, innovative way to present to senior leaders, adapting our often-unplanned work to deterministic enterprise strategic planning models.

  68. 2:30 - 3:15 PM

    Understanding Credit Union Breaches

    Nate Wright, SECU Intel - CIAC
    Event Toggle Arrow
    Collected information on and analyzed data around Credit Union external data breaches since 2022 to determine any trends that could help institutions protect against threat actors targeting the sector.

  69. 2:30 - 3:15 PM

    A National Approach to Check Fraud Prevention

    Intel - Fraud
    Event Toggle Arrow
    With $21B in attempted check fraud in 2023, financial institutions face urgent pressure to strengthen defenses. This session introduces the National Check Verification System (NCVS), a proposed shared service to authenticate checks at deposit and reduce fraud systemwide.

  70. 2:30 - 3:15 PM

    Restoring Trust in Calls: A 360: Perspective for FIs

    Jaime Zetterstrom, Somos; Guy Pearson, Bank of America; Kasey Flanagan, Northwest Federal Credit Union; Anna Fridley, Navy Federal Credit Union Intel - Fraud
    Event Toggle Arrow
    Scams and spoofing have shaken trust in voice calls. Join Jaime Zetterstrom of Somos and a panel of leading experts from the financial industry for a 360 look at how financial institutions can verify inbound calls and authenticate outbound ones restoring confidence on both sides of the line.

  71. 2:30 - 3:15 PM

    Making the Case for an Enhanced Insider Threat Program

    Sheryll May, Fiserv Enterprise Technology; Daniel Gordon, State Street; Yolanda Liu, Coinbase Resilience - Insider Threat
    Event Toggle Arrow
    Though insider threats are not new, the expanding scope of insiders and advanced threat vectors demand more focus than ever to protect organizations. The speakers will review the threat evolution, how the threats are monetized, and key recommendations to develop a robust program.

  72. 3:30 - 4:15 PM

    ATM Attacks - Lucrative Criminal Income Stream

    Nate Aguilar, Metro Credit Union (NE) Intel - CIAC
    Event Toggle Arrow
    A review of the current trends in ATM/ITM attacks and some hints on how to best prevent them.

  73. 3:30 - 4:15 PM

    Cyber Metrics Without the Cyber

    Eddie Contreras, Cullen/Frost Bankers Resilience - C-Suite
    Event Toggle Arrow
    Is your program metrics falling on def ears? Are your budgets not getting approved? Have you ever thought your metrics are perfect, yet your program often is treated as an after thought? It's time to re-evaluate how your communicate risk.

  74. 3:30 - 4:15 PM

    Closing the Intelligence Gap on Merchant-Enabled Scams

    Intel - Fraud
    Event Toggle Arrow
    Scam websites tied to merchant accounts enable instant fraudulent transactions and financial loss. This talk shows how scalable infrastructure and ad abuse help scams persist, and why targeted intelligence and collaboration are key for CTI and fraud teams to detect and disrupt these threats.

  75. 3:30 - 4:15 PM

    Insider Threat: Understand, Manage, and Mitigate the Risk

    Wendy Emanuelson, Citizens Property Insurance Corporation Resilience - Insider Threat
    Event Toggle Arrow
    Explores insider threat risks from a governance and risk perspective. Covers threat types, indicators, governance impact, technical controls, and a phased Insider Threat Program launch model for organizations to enhance resiliency.

  76. 3:30 - 4:15 PM

    Quantum & AI / GenAI Security Working Group Paper

    Hiranmayi Palanki, American Express; John Hancock, American Express Security - Emerging Tech
    Event Toggle Arrow
    The purpose of this talk is provide insights into a comprehensive, forward looking view into the utilization of quantum algorithms for enhancing predictive AI and generative AI based security controls, specific to the financial sector, a cohesive body of work from the Quantum / AI Risk Working Group

  77. 4:15 - 4:45 PM

    PM Networking & Snacks Sponsored by MorganFranklin

  78. 4:45 - 5:30 PM

    Transforming SaaS Risk into Operational Readiness

    Security - Technology
    Event Toggle Arrow
    SaaS powers financial services—but security often assumes more is covered than actually is. In this fireside chat, AppOmni and BluOcean discuss how teams are uncovering hidden risks, aligning ownership, and building security into workflows and governance programs.

  79. 4:45 - 5:30 PM

    ML/AI Tools for Fraud Risk Management in Credit Unions

    Olga Zlatkova-Georgiev, Patelco CU; Tiffany Kiefer, Golden 1 Credit Union; Matthew Prouse, Golden 1 Credit Union Intel - CIAC
    Event Toggle Arrow
    A panel of fraud and security leaders will explore ML/AI tools for fraud risk management in credit unions, covering tool suitability, integration challenges, data quality, cybersecurity implications, and cross-functional collaboration. Includes case studies and actionable takeaways.

  80. 4:45 - 5:30 PM

    AI Security by Design for Operational Resilience

    Chris Schumm, Palo Alto Networks Resilience - Insider Threat
    Event Toggle Arrow
    How can financial services firms manage risk through AI Security by Design? Learn how to: - Track and monitor AI usage for every employee and contractor - Secure every step of AI app development lifecycle and supply chain - Protect AI data from unauthorized access and leakage at all times

  81. 4:45 - 5:30 PM

    Insider Threats and the Strength of Security Fusion

    Karen Bokovitz, PNC; Samuel Strohm, PNC; Kaci Opferman, PNC; Kathleen Carey, PNC Intel - Fraud
    Event Toggle Arrow
    Overview of PNC's Global Security Fusion Center and how employee fraud investigations are enabled by collaboration, communication, and the converged security model. Speakers will highlight key team activities, responsibilities during an internal fraud investigation, and review a high-level use case.

  82. 4:45 - 5:30 PM

    X9 Financial PKI is a Reality

    Jeff Stapleton, Wells Fargo; Peter Bordow, Wells Fargo Security - Technology
    Event Toggle Arrow
    The Accredited Standards Committee (ASC) X9 Financial Services announced the X9 Financial PKI in February 2025 and participated in a joint webinar with DigiCert in April 2025. This session is an update on the X9 PKI program.

  83. 6:00 - 10:00 PM

    Signature Event Sponsored by Apiiro, Cloud Software, and Doppel

  84. October 8 Wednesday

  85. 7:30 - 8:15 AM

    Breakfast

  86. 8:15 - 8:30 AM

    Opening Remarks

  87. 8:30 - 9:00 AM

    Reduce Threat Exposure With Security Controls Optimization

    Platinum
    Event Toggle Arrow
    Demonstrate how Breach & Attack Simulation (BAS) combined with Adversarial Exposure Validation (AEV) delivers a continuous, evidence-based loop that turns static control inventories into measurable, business-aligned risk reduction.

  88. 9:00 - 9:45 AM

    Deepfakes, AI, and KYC: How Criminals Use Them for Profit

    Eric Huber, TD Bank General Session
    Event Toggle Arrow
    Join us as we take you through a sometimes-shocking tour of the technology and tactics that criminals use to impersonate others. We will show you the most advanced methodology in areas such as defeating KYC and demonstrate face changing technology being used to scam victims around the globe.

  89. 9:45 - 10:15 AM

    AM Networking & Snacks Sponsored by Guidepoint Security

  90. 10:15 - 11:00 AM

    Disrupting Deception: A Social Engineering Defense Playbook

    Intel - Operations
    Event Toggle Arrow
    Learn how security leaders are shifting from alert triage to campaign takedown. This session explores a real-world approach to Social Engineering Defense linking threats across surfaces to dismantle attacker infrastructure and protect trust at scale.

  91. 10:15 - 11:00 AM

    Strong Users & Enterprise: Vanguard's Resist Phishing Path

    Resilience - Identity
    Event Toggle Arrow
    Discover how Vanguard achieved phishing resistance and advanced Zero Trust with end to end FIDO2 authentication. This session shares key lessons and best practices to implement hardware-backed security at scale boosting identity protection and reducing cyber risk from AI and phishing threats.

  92. 10:15 - 11:00 AM

    From Start to Smart: Assessing & Advancing Your CTI Program

    Neal Dennis, Cyware Intel - CTI
    Event Toggle Arrow
    Kickstarting a Cyber Threat Intelligence (CTI) program can feel daunting - especially in financial services. This session explores smart starting points, key justifications, and resource-savvy strategies, plus how to assess and advance your CTI maturity to stay ahead of evolving threats.

  93. 10:15 - 11:00 AM

    The Everchanging AI Landscape

    Angela Patel, Cyber Risk Institute Resilience - Op Resilience
    Event Toggle Arrow
    Financial institutions face increasing AI risks outpacing traditional GRC frameworks, hindering effective oversight. This presentation offers actionable insights for integrating AI risk management into GRC, improving communication to leadership, and leveraging practical implementation strategies.

  94. 10:15 - 11:00 AM

    What's Next - Future Fraud Attacks

    Brad Smith, Barclays; Brad Sneade, Barclays Intel - Fraud
    Event Toggle Arrow
    Looking beyond current fraud and economic crime attacks and challenges, this session explores several fraud themes and attack vectors that financial institutions will face in the next few years.

  95. 11:15 - 12:00 PM

    Scaling Asset Intelligence

    Resilience - Identity

  96. 11:15 - 12:00 PM

    The Power of Process: A Blueprint for Scalable Security Ops

    Vanessa Herrera, Blackbaud Intel - Operations
    Event Toggle Arrow
    Discover how a lean Security Operations team maintained high performance after a 30% headcount reduction by shifting to process-driven operations, optimizing their resources, and upskilling analysts offering a blueprint for resilient, efficient security operations.

  97. 11:15 - 12:00 PM

    CAPTCHA If You Can: Insights into 2FA Phishing Kits

    Ashley Salisbury, BNP Paribas; Lianne Dings, CLS Services Intel - Fraud
    Event Toggle Arrow
    In CAPTCHA phishing campaigns, attackers exploit users' trust in security measures to lower their guard. By understanding the attacker mindset and analyzing phishing kits for their psychological framing, defenders can build countermeasures to address technical and human layers of the attack surface.

  98. 11:15 - 12:00 PM

    Help! The Internet is Broken & my OSINT is a Disaster

    Ash Whitson, Worldpay Intel - CTI
    Event Toggle Arrow
    The web is broken and as analysts we can only adapt to these changes. This talk will cover how OSINT investigations have changed over time and provide some helpful solutions. We will also use these methods to uncover a real DPRK IT worker persona.

  99. 11:15 - 12:00 PM

    Vendor and Suppliers - The Commonly Ignored Risk

    Shaun Miller, CommunityAmerica Credit Union Resilience - Op Resilience
    Event Toggle Arrow
    While vendors are supplier risk is known, the amount of due diligence is often lacking. For many organizations, a SOC 2 for a provider is no longer sufficient. This session will start with a case study that happened to me along with some updated best practices to reduce risk for your company.

  100. 12:15 - 1:00 PM

    The Emissary's Mistake: Seeing the Pebble, Missing the Path

    Jared Atkinson, SpecterOps; Andrew VanVleet, Edward Jones Intel - Fraud
    Event Toggle Arrow
    Modern detection often fixates on isolated alerts. By learning from neuroscience, we can restore context and meaning. This session explores how to prioritize critical paths, enrich alerts, and scale insights using Tradecraft Research Reports.

  101. 12:15 - 1:00 PM

    Stopping Exfiltration in Salesforce

    Tyler LedDuke, Pentagon Federal Credit Union; Mukilan Narayanamoorthy, Rocket Central; Patrick Vandagriff, Pentagon Federal Credit Union; Nick Bradley, Salesforce Intel - Operations
    Event Toggle Arrow
    Panel discussion from 2 financial institutions and their experience with a similar scattered spider campaign. Discussing how the attacker(s) tried to get in, controls that works, controls that didn't, and steps taken afterwards.

  102. 12:15 - 1:00 PM

    17 Lines of Code Could Save You 17 Hours or More

    Theodore Robertson, Berkshire Hathaway; Lars Ostmann, Berkshire Hathaway Intel - CTI
    Event Toggle Arrow
    Our presentation seeks to empower members. Demonstrating methods to maximize the value of existing security tools while enabling the audience to identify and pursue automation opportunities in cyber threat intelligence, supported by a practical framework. Leading to meaningful business impact.

  103. 12:15 - 1:00 PM

    Digital Transformation, Digital API's, and IAM

    Jason Petry, Nationwide Mutual Insurance Company Resilience - Identity
    Event Toggle Arrow
    Digital Transformation, especially through the deployment of Digital API's designed for consumption by third parties, makes new requirements and presents new challenges for IAM teams. This presentation will discuss four key things for IAM teams to know and implement during Digital Transformation.

  104. 12:15 - 1:00 PM

    The Insider Threat of Unusual Employment Scenarios

    Brianne Fahey, FIS Global Resilience - Insider Threat
    Event Toggle Arrow
    How to leverage people, process, and technology to help detect and reduce risk of people who are not who they say they are within your enterprise.

  105. 1:00 - 2:15 PM

    Lunch Sponsored by Yubico

  106. 2:30 - 3:15 PM

    Following the Trail - Tracking Scattered Spider

    Arun Warikoo, BNP Paribas Member Only
    Event Toggle Arrow
    Scattered Spider, a sophisticated cyber criminal, is continuously evolving its tactics and techniques to continuously target multiple sectors including the financial sector. This presentation will enable attendees to identify and track Scattered Spider infrastructure and hunt for such activity.

  107. 2:30 - 3:15 PM

    Stop the Scams: A Phishing Prevention Framework for FIs

    Aaron Carpenter, Citi; Kasey Flanagan, Northwest Federal Credit Union; Micah Semon, Bank of America Intel - Fraud
    Event Toggle Arrow
    Insights and best practices from the newly published FSISAC Phishing Prevention Framework for Financial Institutions will be shared to help organizations develop and mature processes for collecting, enriching, and disrupting customer facing phishing threats.

  108. 2:30 - 3:15 PM

    Let Your Red Teams Cook! Scenarios to Challenge Assumptions

    David Thomas, Regions Financial Member Only
    Event Toggle Arrow
    This talk explores practical red team scenarios, inspired by active threat actors in the financial sector and informed by personal experience, that can generate insights into your organization's readiness, and resiliency, challenge security assumptions, and measurably reduce your attack surface.

  109. 2:30 - 3:15 PM

    Lessons Learned Taking PQC from the Lab to Production

    Peter Bordow, Wells Fargo Security - Technology
    Event Toggle Arrow
    As we continue to invent, evaluate and prove quantum-resistant solution in the lab, we need to figure out how to bridge the implementation gap between lab and production. We will share our journey and lessons learned.

  110. 2:30 - 3:15 PM

    TraderTraitor: A Real Bad MATA or "How to Not Be ByBit"

    Daniel Gordon, State Street Intel - Attacks
    Event Toggle Arrow
    TraderTraitor is a North Korean threat actor responsible for dozens of major cryptocurrency heists including ByBit. This presentation is a deep dive into TraderTraitor TTPs with real examples. The presentation gives actionable steps for tracking and protecting against this threat actor.

  111. 3:30 - 4:15 PM

    End to End SMS Abuse Investigations

    Karen Helmberger, FS-ISAC; James Hogan II, JPMorgan Chase; Joel Townsend, Bank of America; Adrianna Melendez, Wells Fargo Intel - Fraud
    Event Toggle Arrow
    Phishing is the gateway to many fraud and scam threats. Text, or SMS-based phishing is used to start conversations, convince a target they need to act quickly or report fraud, and more. This session will provide insights into how to identify, mitigate, investigate, and prevent SMS-based threats.

  112. 3:30 - 4:15 PM

    Managing Custom Threat Detection Content as Code

    Tony Latteri, Raymond James & Associates Security - Technology
    Event Toggle Arrow
    Learn how your detection engineering team can practically implement a detection-as-code framework for your organization. Raymond James Financial detection engineering team will discuss how custom detection content is managed, validated, and implemented via devops pipelines.

  113. 3:30 - 4:15 PM

    Enhancing Detections with Structured Workflows

    Yash Sanzgiri, ICE Member Only
    Event Toggle Arrow
    Even after developing a detection engineering program, companies usually still struggle with similar challenges in their security operations. This presentation focusses on solving common challenges faced by security operations' teams, by using structured workflows.

  114. 3:30 - 4:15 PM

    Protect Open Banking with Financial-Grade API Security

    Kevin Yu, Fifth Third Bancorp Member Only
    Event Toggle Arrow
    With Dodd-Frank 1033 rules finalized, financial services industry faces new challenges to secure external facing APIs that enable open banking. The presentation discusses how FAPI 2.0 standard addresses weaknesses of current OAuth 2.0 and provide higher security.

  115. 3:30 - 4:15 PM

    Active Defense - Considerations and Steps for Threat Hunting

    Mark Bowling, Signal Advisors Intel - Attacks
    Event Toggle Arrow
    Active Defense is a concept for defending your technology environment, which turns into Active Response in the event of a compromise. This presentation will look at 6 Overarching Principles to consider when defending your environment, and then will detail the 15 steps that must be implemented.

  116. 4:15 - 5:15 PM

    Closing Reception

fs-isac-greyscale

© Copyright 1999 - FS-ISAC, Inc. All Rights Reserved.

Terms and Policies