FS-ISAC has been at the forefront of the sector’s collective security and resilience for over 25 years. But the threat environment across the financial services ecosystem is changing at an unprecedented rate – and our operating model is evolving in response.
Our CEO, Valerie Abend, outlines how our core services are a necessary response to the threat landscape, details our call to collaborative engagement, and explains why FS-ISAC’s mission to advance the cybersecurity and resilience of the global financial system will never change – but the way we achieve it must.
Transcription (edited for clarity)
Elizabeth Heathfield, Chief Corporate Affairs Officer, FS-ISAC: Welcome to FS-ISAC's podcast, FinCyber Today. I'm Elizabeth Heathfield, Chief Corporate Affairs Officer at FS-ISAC. It's an exciting time for us here at our Americas Spring Summit. Our new CEO, Valerie Abend, unveiled our forward-looking strategy. She joined me to discuss how everyone must be involved in our collective defense in the face of compounding systemic risks.
Heathfield: Let's talk about, for anybody who doesn't know you already, your journey to becoming the next CEO of FS-ISAC.
Valerie Abend, CEO, FS-ISAC: First of all, Elizabeth, thank you for taking the time to sit down with me. I am really excited to be able to do this with you. Yeah, it's been an awesome journey to get here, in the sense that I have been involved with FS-ISAC for over 20 years. And just to be able to be in this chair at this moment in time is, it's just huge. It's just huge. I am so appreciative of the opportunity, and I believe so strongly in our mission. It's just a real honor.
I've had lots of different roles throughout my career, right? I've been a member of FS-ISAC at a large institution. I have been at the helm of public-private partnerships. I have been a regulator, and I've worked with global authorities around the world, and I've also led a global cybersecurity practice for financial services. I've been a partner to FS-ISAC as well – like, I've literally been in every kind of relationship zone, so now to be inside and actually see it from the inside out, it's super cool.
Heathfield: So, you've been in the role for about six months. Why don't you talk about the listening tour you did. You spoke with so many of our members, partners, team, authorities – walk us through what that experience was like for you.
Abend: I was very fortunate to be able to have so many people who wanted to contribute to the listening tour. Some sent in notes to us and some actually spent time with me, over 250 individuals. So, it's been great. And I did get to meet with people all over the world, right? From all of our markets – Americas, EMEA, and APAC – we met with the team, we met with authorities, and we met, of course, with members and partners.
And what we heard – and what I heard very clearly – is at FS-ISAC, we are focused on the right mission, right? To advance the cybersecurity and the resilience of the global financial system is the right mission. But we have a lot of work to do in how we actually achieve this mission. And so, as a result of that, FS-ISAC has to move into its next chapter; we have to change. So that's what this new strategy is about. It's an evolution, and I'm excited to bring it out to the members and partners so we can begin to do the work together.
Heathfield: Let's talk about it. What are the key areas that were the top concerns for the sector?
Abend: There were really four consistent themes that came out through the course of the conversations. The first was supply chain risk, most often cited by members and authorities in all of the markets. They are super concerned about the growing reliance on critical partners around the world. That's both concentration risk as well as just the types of work that they do inside of a singular institution and how important it is to running an institution. So, we have to find a way to come closer together in terms of the supply chain and actually work more closely together as partners and allies in our mission. The second area that we heard about was really about geopolitical shift.
Heathfield: You're kidding.
Abend: I know, right? It's really big top of mind. It's something that [predominated] even before the situation that evolved in terms of the conflict with Iran, Israel, and the United States.
And it's the nature of the situation, where the fragmentation is going up. And as a result of that, you're seeing a really big, fast-paced, changing landscape of risk. And that has led to hybrid physical and cyber attacks. And so, we need to lean into this space because there are a lot of changes that have to happen to help institutions really respond and be ready to go in a crisis.
Heathfield: What else? Other areas of key concern? I'm sure I can pick a few that I know, but tell me what they told you.
Abend: So, fraud was also top of mind. A number of institutions talked to the fact that we have a growing type and complexity and impact coming from … different types of fraud impacting the financial system. You have situations where you're seeing insider risk coming from employees that are not really employees getting placed in our institutions or attempting to or getting placed in the supply chain or attempting to.
You're seeing it in social engineering and the many avenues that that takes, right? It's a combination of the email phishing with the voice phishing, vishing, or with smishing on a text, and it's all combined to a single attack on a singular individual, but it's happening at scale. And it seems right now to be particularly targeting young populations and the elderly, and it's wiping out entire savings. And it's happening at such a scale and speed now that it's really causing concern across our institutions. And they do see a need to come together through FS-ISAC to address it.
The final thing that I heard a lot about, not surprisingly, would be around emerging technology, specifically right now about AI and also quantum computing. FS-ISAC has already done a lot in both of these spaces. But the idea that we need to do more to help institutions with addressing the vulnerabilities that come from implementing not just AI inside their institutions, but the AI that's being used across their supply chain. Some even talked about how FS-ISAC needs to leverage AI so that we can achieve our mission at scale and speed.
And then on quantum computing, we have really deep membership expertise, we're really fortunate for that. But we need to be thinking about beyond just the thought leadership, how do we work with our supply chain partners to actually ensure they're meeting our guidelines and our timeline so that we're really coming together to fortify the whole ecosystem together.
Heathfield: One thing that, as you talk about it, one thing that comes out to me is, these are all interrelated, right? In terms of fraud, you have threat actors leveraging AI to have more convincing phishing lures and stuff like that. You started with supply chain, but then, of course, how do we make sure our suppliers are implementing the guidelines we need to be crypto-agile and stuff like that? So, talk about how these all kind of come together to really change the threat landscape into something that we haven't seen before.
Abend: You're right, Elizabeth. The threats and the vulnerabilities combined together do change into a really rapidly evolving risk landscape, unlike anything we've seen. And we're going to have to come together through collective defense, which is why I think the members focused on these specific areas for FS-ISAC; it’s because they're all interrelated, they are compounding, and we need to drive collaboratively to actually achieve the outcomes that the sector needs.
There's a unique component to what FS-ISAC brings to the table as a trusted community that we can then address these big meaty issues at scale across the globe.
Heathfield: These are things that nobody can actually solve on their own. So, okay, let's talk about how we're going to achieve all of this in terms of advancing our collective security and resilience amid this risk landscape that is unprecedented.
Abend: So, there's a number of things that FS-ISAC needs to do. And like I said, it's really an evolution, not starting from scratch. We have so much trust. We have so many amazing members and partners. What we need to do is just focus all of that in a way that actually achieves our mission. And so, to do this, we're really moving to a new operating model.
As we start implementing our strategy over time, we'll have three separate services that actually work collaboratively together and reinforce each other. Not surprisingly, Threat Intelligence, which is something we already do, will be one of those core services. What we need to do is augment, really build on our success in that space, so that we are sharing threat intelligence in real time with deep insight and industry specification. And then also part of that is reducing uncertainty. What's really something that's going on versus sort of rumor conjecture, and it's not really what's happening.
I think the next thing is Response & Resilience. When you think about that as a core capability, it's taking that threat intelligence and moving it into action. And that's a key component here: turning trust into action is really where FS-ISAC is going to start leaning in. That's who we need to be because of everything we talked about already.
And then finally, it's not just about how we do this in a crisis, right? How do we help respond in a rapid way, both at a regional and a global scale, to support our members and the whole financial system. It's also Proactive Security before things become incidents. How do we work through our communities, through our membership, with our partners as allies, to identify vulnerabilities and mitigate risk before they become incidents? And that's really that full circle of what we're hoping to be so that we can do our mission.
Heathfield: You mentioned how do we work more closely with partners? Can you talk through a little bit about how we need to be working more closely with both public partners and private partners to achieve the mission and the vision that you've laid out?
Abend: Well, FS-ISAC is deeply rooted in a long history of being a public-private partnership. And as a public-private partner, we work very closely with different authorities all over the world where we operate, in our three markets. That's why they were part of the listening tour. And they are very supportive of FS-ISAC in our role. And they actually need us to help the community not only understand the threat landscape but respond because it's different when it's a member-driven trusted organization doing that. Because we bring a real perspective to the table. So that is something I heard very clearly from all of the authorities. We're very fortunate to work in partnership with them. We take no money from them. We're not asking for anything other than, you know, working collaboratively so that we can help support them and their sectors inside those regions.
And then on the private-sector side – as I mentioned, the supply chain is super important. We have a strong critical provider program, but we work with partners of all sizes. Everything from the largest technology and telco companies all the way down to early-stage innovative companies that can really bring unique, cool capabilities and features to the table. Financial services has always been an early adopter of those kinds of capabilities and a proof point for them. And we want to be a place that kind of encourages that creativity, that constant learning. And so that's something we're going to lean into as well in our new strategy.
Heathfield: So, let's talk about what are the drivers of success? What do we need to do to make this all reality?
Abend: Yeah, there's really three things we need to do because it's super clear when you stand back, like we have the trusted organization. We have the right mission. We have incredibly knowledgeable members and partners. What we need to do is deepen our engagement. And that's engagement across our members, across the authorities, and across the partners in the private sector as well.
And what I mean by engagement, it's really about, we need you to share threat intelligence through our technology platforms in real time, because that's what drives data-driven results. So, giving very clear asks. And I think we've been a bit kind of, here or there, we can do all these things, but we need to stay focused on the four key priorities to really drive the outcomes in that way. And if we make clear asks, we're better able to do that.
The second thing we need to do is to innovate. When I think about innovation, it's people, processes, and technology. So, when we get threat intelligence, let's have a Rapid Response Call, let's inform our entire global membership, let's make sure they know what the call to collective action is. That is not necessarily a technological innovation; that's a process innovation. We need to think about people, process, and technology. How do we uplift the skills of AI across the entire system? How do we help them know how to secure AI? That's an innovation. People sometimes think innovation's just tech. It's actually all three.
And then the third thing that we really need to do is think about culture. And culture to me kind of trumps everything. It's like the number one thing. And that's because we have a culture where we are forward-leaning, thinking about taking action, humble in how we approach it, so that we can ask good questions and constantly learn and constantly improve and collaborate. That kind of culture is something we need to make sure everybody's bringing to the table. And it's not about any individual person. It's not about any individual organization. It's about everybody working in concert together to achieve the collective.
Heathfield: So, you talked about clear asks. So, let me ask you, what are your clear asks for everybody in the community? How can everybody get involved?
Abend: One I've already mentioned: we need to share threat intelligence that is on our platform in real time, right? Data-driven, because that's what it's going to take. And then we'll be able to do better analytics on all of it.
The second is, if you are an executive, if you're a chief information security officer or a head of resilience, get involved in our two Congresses, the CISO Congress or our Resilience Congress. And if you are a manager, a leader with deep subject matter expertise, get those teams engaged in that Proactive Security to help us identify those vulnerabilities, mitigate risks, produce best practices in a way that actually fits with all sizes of institutions and all industry segments, and also adjusted for each of the regions of the world. And that's a really important thing. Sometimes, you can produce things, but if it's not written in ways that like,’ hey, this works for a large institution, but this is how it would work in a smaller entity.’ You can kind of lose the forest through the trees. We actually need to make sure we're doing it for the whole of the collective. And so, we want our members, when they do get engaged, to actually make sure that they're thinking about it in those terms.
And then finally, there are a lot of people who are just coming into this field. Maybe they're new to FS-ISAC. We want them to understand that they're really important to us, that FS-ISAC has always benefited from that future generation. And we need to continue that. So, if you're new to it, I want you to make sure that you are learning, that you're networking, that you're asking great questions. You probably have new ideas that people like me aren't thinking about. And we want you to be involved. We want you to share those ideas because that kind of new thinking is really going to help change the future.
Heathfield: So, everybody has a role to play, every single person who's a member.
Abend: That's right. All people. Across all members. All partners. Everybody can play a role. All regions, all industry segments.
Heathfield: Everybody.
Abend: I think the big thing I keep saying when I looked out across our membership throughout the listening tour, when I think about all the people I've had the opportunity to talk with just in the six months, but even across all the Summits I've attended for the history of time, and all the things that we share, you know, just even on a day-to-day basis, yeah, we have everything we need to be successful.
You look across our members and our partners, we have the best capabilities in the world on security and resilience. We're the best, there's no question. And so, what we really need is everybody focused on collective defense and being Where Trust Meets Action. That, to me, sets it in a nutshell.
Heathfield: Hence the tagline.
FinCyber Today is a podcast from FS-ISAC that covers the latest developments in cybersecurity, contemporary risks, financial sector resilience and threat intelligence.
Our host Elizabeth Heathfield leads wide-ranging discussions with cybersecurity leaders and experts around the world who bring practical ideas on how to confront cyber challenges in the financial sector, improve incident response protocols, and build operational resilience.
Amid the clutter and noise, FS-ISAC Insights is your go-to destination for clarity and perspectives on the future of finance, data, and cybersecurity from C-level executives worldwide.
© 2026 FS-ISAC, Inc. All rights reserved.
Listen on
Valerie Abend is the CEO of FS-ISAC. She is a globally recognized cybersecurity and resilience expert with more than 30 years of experience in the private and public sectors, including as an...
Read Moreindustry practitioner, board director, advisor and consulting practice leader, and public servant. Previously, Abend was a Senior Managing Director at Accenture, leading the Global Financial Services Security practice, where she advised C-Suite executives, Boards of Directors, and policymakers on managing and overseeing cyber risk and resilience. She has also served on various boards around the world, including the Cloud Security Alliance and the Monetary Authority of Singapore’s Cyber Security Advisory Panel. Prior to joining Accenture, Abend led efforts to improve the security and resilience of the financial system at various financial authorities and as a Managing Director at Bank of New York Mellon. She has testified before Congress and is frequently quoted in the media on cybersecurity issues.
Elizabeth is a storyteller at the intersection of technology and money. Layer in geopolitics and the criminal underworld and you get today's issues in cybersecurity for the global financial system. Crypto. Web...
Read More3.0. Quantum. AI. Ransomware. Privacy. Regulation. Zero-days. Supply chain attacks. Developing new and diverse talent. How to protect the future of money. These are the topics Elizabeth asks top executives and experts in the field about on FinCyber Today.
Follow Us
© Copyright 1999 - 2026 FS-ISAC, Inc. All Rights Reserved.
