New York Summit
November 9 - 10, 2021
This virtual summit's agenda will cover Zero Trust, IAM, Ransomware, Privacy, Fraud, Payments, IoT, Cryptocurrency, End Point Protection, Cloud Security and more.
ISMG's geo-targeted, industry-specific, and topic-driven agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Bassam Khan
VP of Product Marketing
Gigamon
As Gigamon's Vice President of Product and Technical Marketing Engineering, Khan is responsible for positioning and promoting the company’s products and solutions and its corporate and go-to-market strategy. He has more than 20 years of experience managing products and marketing...
Gil Azrielant
CTO & Co-Founder
Axis Security
As Co-Founder and CTO of Axis Security, Azrielant is responsible for technology strategy and the development of the company’s cloud-based zero trust application access platform. Prior to joining Axis Security, he was co-founder and CTO of Cool Cousin, a cloud-based...
Pete Chestna
North America CISO
Checkmarx
Chestna provides customers and prospects with practical advice for building successful application security programs. With more than 15 years of direct AppSec practitioner experience, Chestna has held roles ranging from developer and development leader to his most recent position as...
Sean Kearney
CISO
Natixis CIB Americas
Kearney has spent the last 10 years delivering information security and technology risk management within financial institutions. As the CISO for Natixis CIB Americas, he leads the information security program for the Americas region of Natixis Corporate Investment Bank and...
Rocco Grillo
Managing Director, Global Cyber Risk & Incident Response Investigations
Alvarez & Marsal
As the managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice, Grillo leads multidisciplinary teams who provide cyber risk and incident response services to clients globally. He has been a trusted partner of multiple government...
Karen Boyer
VP, Financial Crimes and Fraud Intelligence
People's United Bank
Boyer has over 20 years of diverse banking experience with over 15 years in the realm of fraud. She is currently vice president of financial crimes and fraud intelligence at People’s United Bank, a regional bank in the Northeast with...
Lisa Sotto
Partner and Chair of the Global Privacy and Cybersecurity Practice
Hunton Andrews Kurth LLP
Keith O'Sullivan
Global CISO
Standard Industries
Alexander Grijalva
CISO
VillageCare
Neal McCarthy
Senior IR Consultant
Secureworks
McCarthy has over 30 years of IT/InfoSec experience and brings a strategic business focus to cyber incident response planning. His previous duties for a multinational Fortune 100 retailer included managing the ISOC and the Enterprise Risk Management program, serving as...
Badri Raghunathan
Director Product Management
Druva
Michael Johns
Director Private and Public Sector Outreach for Cyber Security ASAIC- Criminal Investigative Division
U.S. Secret Service
Bill Bernard, CISSP
Senior Director of Solutions Architecture
deepwatch
Bernard is senior director of solutions architecture at deepwatch. He has 20 years of experience in information security and works with his team and customers to design innovative security solutions. He is also the "on-call" cybersecurity expert on John Williams'...
Patrick Pushor
Principal Technical Evangelist
Orca Security
Pushor is a serial startup technologist who has played early and key roles in over six startups across four countries in the past 12 years, including multiple cybersecurity and fintech companies. Previously, he worked as an independent consultant focused on...
Kenneth Suh
Claims Focus Group Leader - Technology E&O
Beazley
Suh is the focus group leader for the cyber and tech team at Beazley, where he uses his tech and legal experience to assist stakeholders in managing cybersecurity, technology errors and omissions, and intellectual property risk. He regularly speaks about...
Chris Holden
CISO
Crum & Forster
As CISO for Crum & Forster, Holden is responsible for maintaining the day-to-day security of the organization's information systems and data while adhering to regulatory requirements. He started his career as a forensics analyst for Hewlett-Packard’s global cybersecurity team, where...
Steven Wallstedt
CISO
ABN AMRO Holdings USA
Julie Conroy
Head of Risk Insights and Advisory
Aite-Novarica Group
Hannah Dalke
Director of Product
LastPass
As a Director of Product Management at LastPass, Dalke is responsible for leading the company's core Enterprise password management strategy. With over a decade of experience, she specializes in defining and delivering enterprise-level cybersecurity products.
Aram Eblighatian
Senior Technical Product Manager
HCL BigFix
Eblighatian leads BigFix's ecosystem and integration strategy. He has over 20 years of experience in information technology with a broad focus on security, and in his 15 years with HCL BigFix he has held various leadership roles across customer advocacy,...
Angus King
Senator
Maine
In January 2013, Angus King was sworn in as Maine’s first Independent U.S. senator. He is a member of the Armed Services Committee, the Select Committee on Intelligence, the Committee on Energy and Natural Resources, and the Committee on Rules...
John Frushor
VP and Deputy CISO
New-York Presbyterian
Frushour is the deputy chief information security officer for the New York-Presbyterian Hospital System, where he manages all things InfoSec, including the hospital’s Security Operations Center, Identity and Access Management Team, Vulnerability and Forensics Team, Security Engineering and Architecture teams,...
Claus Torp Jenesen
Chief Innovation Officer, EVP of R&D and IT
Teladoc Health
Manny Cancel
SVP & CEO
E-ISAC
Jay Schiavo
VP of ECS Markets
Entrust
Robert Slocum
Product Marketing Director
Tessian
Slocum has over 24 years of experience in technology and cybersecurity and extensive experience in leveraging data science to secure the human layer, insider threats, IoT and IT devices, identity, and data security. Prior to Tessian, he worked at Forescout,...
Chris Pin
VP, Security and Privacy
PKWARE
Pin drives value and awareness for all PKWARE customers regarding the various challenges that both privacy and security regulations bring to the data-driven world. He works closely with all customers and potential customers to help them better understand how PKWARE...
Gary W. Phipps
Vice President, Solution Engineering
CyberGRX
Phipps is a vice president supporting the engineering organization at CyberGRX. He has over 20 years of experience providing program design support to sales initiatives involving risk management, regulatory compliance, and internal control enforcement for clients in various industries including...
Miguel El Lakkis
Global CISO
Cantor Fitzgerald
Yogesh Mudgal
Director, Operational Risk Management – Technology/Cyber, Citi
Citi
Nicole Ford
VP and CISO
Carrier
Ford has over 20 years of experience spanning the federal government and corporate venues and extensive knowledge and application experience in cybersecurity, cyber forensics and homeland security practices. She oversees global information security and product (IoT) cybersecurity. Prior to joining...
Richard White, PhD.
SVP & Chief Information Security Officer
Flushing Bank
White is a recognized industry expert in the fields of cybersecurity infrastructure, cybersecurity remediation and cybersecurity program development. With over 25 years of experience in systems design, security technology implementation and security policy development and enforcement, he has developed innovative...
Jeremy Livingston
CISO
Stevens Institute of Technology
Livingston is the CISO at Stevens Institute of Technology. He is also chair of the Eduroam Advisory Board and a senior partner with Fortium Partners. He serves on the Executive Steering Committee for Internet2 and teaches cybersecurity courses for American...
Michael Baker
Vice President and CISO
General Dynamics Information Technology
David Pier
Senior Sales Engineer
Malwarebytes
Pier is a senior sales engineer at Malwarebytes, where he has worked for eight years. Prior to that, he spent more than a decade in IT desktop support.
Stephen Dougherty
Financial Analyst/ Investigator
U.S. Secret Service
Cody Cornell
Co-founder and Chief Strategy Officer
Swimlane
View Agenda
Prevent Ransomware with Due Diligence
Gary W. Phipps, Vice President, Solution Engineering, CyberGRX

Your third parties are under attack from ransomware. It’s time to defend yourself differently

  • How ransomware targeted at third parties is on the rise
  • The evolution of ransomware into extortionware    
  • How shared responsibility plays a role in third-party cyber risk management
  • What controls are commonly exploited in a ransomware attack?
  • Common ways to mitigate ransomware and extortionware
Gary W. Phipps
  • 09:00 AM
  • 09:29 AM
Track B: One on One with Nicole Ford, VP and CISO of Carrier
Nicole Ford, VP and CISO, Carrier

Nicole Ford is starting her third year as VP and CISO at Carrier, the multinational home appliances manufacturer. In this exclusive, in-depth discussion, she discusses her accomplishments, challenges and 2022 priorities, including: 

  • Why now is the 'Golden Age of Cybersecurity' 
  • How she is approaching the OT security challenge 
  • The new opportunity to develop security as a component of certain Carrier products
Nicole Ford
  • 09:30 AM
  • 09:59 AM
  • 10:00 AM
  • 10:29 AM
Track A
Hannah Dalke
Richard  White, PhD.
Track A: Implementing Security Without Sacrificing Employee Experience
Hannah Dalke, Director of Product, LastPass
Richard White, PhD., SVP & Chief Information Security Officer, Flushing Bank

Join Hannah Dalke, Director of Product at LastPass and Richard White, PhD., SVP & CISO of Flushing Bank, for an engaging conversation on cybersecurity and password management. The panelists will discuss how organizations can increase their level of security without adding in complexities, and share best practices, challenges, and requirements to achieve: 

  • Better password hygiene 
  • Improved user experience 
  • Integrating security into existing platforms 
  • Compliance and regulation
  • 10:00 AM
  • 10:29 AM
Track B
Bassam Khan
Track B: Today’s Ransomware & FinServ: A Prescription for Stronger Defense
Bassam Khan, VP of Product Marketing, Gigamon

72 hours. That’s how long organizations have to report known ransomware to the New York Department of Financial Services. Cybercriminals' methodology has changed from a quick, opportunistic attack to a prolonged and targeted approach. While this shift presents threat actors with the opportunity to spread wider and lay the foundation for a double extortion scheme, it also presents security teams with the opportunity to detect activity before the encryption trigger is pulled.

We will explore how ransomware loitering allows security analysts to use network visibility, detection and response to discover malicious activity between initial compromise and encryption, including:

  • How threat actors rely on your network, and how you can use network visibility to your advantage; 
  • The importance of inspecting encrypted traffic, the challenges of doing so, and the NSA’s guidelines on addressing those challenges; 
  • How a new and innovative approach to network detection and response is transforming the SOC.
  • 10:30 AM
  • 10:59 AM
Track A
Neal McCarthy
Track A: Cyber Insurance – How to Keep Coverage and Stay Ahead of the Bad Guys
Neal McCarthy, Senior IR Consultant, Secureworks

As the number of cyberattacks has increased since the beginning of the pandemic, cyber insurers have been scrambling to keep up with the risk analysis in the new normal. This has caused an unprecedented increase in rates since 2019. Companies coming up for renewal are getting blindsided by new questions over their IT security stance and in some cases are being denied coverage if they can’t adhere to the new standards. Join us as Secureworks security consultant Neal McCarthy, author of "The Computer Incident Response Planning Handbook," discusses the steps companies are taking to help maintain coverage, battle rate increases and increase security posture.

  • 10:30 AM
  • 10:59 AM
Track B
Bill Bernard, CISSP
Track B: The Mystery of the 8 Second Breach
Bill Bernard, CISSP, Senior Director of Solutions Architecture, deepwatch

How is it that when the average time it takes to detect and contain a breach is 230 days, a contractor to AmeriGas was able to address theirs in 8 seconds?

This presentation will compare and contrast two breaches that have been reported on publicly in 2021 to identify how each took a different approach to security, and how those approaches yielded differing results. Using the NIST CSF as a model for discussing these different approaches, the presentation will make the case for rebalancing security spending to emphasize detection and remediation capabilities and look at how, as an industry, we in information security have conditioned ourselves to focus on prevention to the detriment of most of the other domains in the NIST CSF.

In addition, the presentation will touch on the problems with paying ransoms and the limitations of cyber insurance as a curative measure.

  • 11:00 AM
  • 11:14 AM
Track A
Robert Slocum
Track A: Navigating the Dark Corners of Social Engineering Attacks and How to Combat Advanced Phishing and Ransomware Surge
Robert Slocum, Product Marketing Director, Tessian

In recent years, attackers have successfully infiltrated organizations through highly sophisticated social engineering techniques that exploited human behavior and vulnerabilities and led to some of the worst data breaches in history.

In this fireside chat, we'll take you through some of the most sophisticated, real-world email social engineering attacks found by Tessian’s Threat Intelligence Team, including spear-phishing and vendor account takeover. See real-life examples of how these threats infiltrate organizations and how you can move your organization left of breaches by stopping them early in the MITRE ATT&CK Framework.

  • 11:00 AM
  • 11:14 AM
Track B
David Pier
Track B: Simplified Ransomware Mitigation
David Pier, Senior Sales Engineer, Malwarebytes

Remove the complexity of ransomware with the right EDR solution. We know your job is stressful, with an ever-growing list of concerns - and ransomware tops that list. Join this live simulation to see how you can simplify your ransomware protection, detection and response capabilities with endpoint detection and response (EDR) tools.

Join this live demo to see:

  • An actual ransomware infection scenario;
  • Multi-mode isolation and investigation of threats;
  • Seamless integration with SIEM and SOAR;
  • Ransomware recovery via 72-hour rollback;
  • How to comply with NIST and similar guidelines.  
  • 11:00 AM
  • 11:14 AM
Track C
Gil  Azrielant
Track C: Securing The Modern Workplace
Gil Azrielant , CTO & Co-Founder, Axis Security

The way we work has changed. Seventy-seven percent of organizations will allow for hybrid work going forward. One out of every three users who requires access to business resources is a third-party user. And those business resources are now SaaS apps and are moving to public cloud. This is the modern workplace.

Join Gil Azrielant, co-founder and CTO of Axis Security, and learn:

  • Why organizations are adopting zero trust architectures to protect business resources
  • The top technologies replacing legacy access solutions, such as VPN, that you should know about
  • How to balance security with user productivity
  • 11:15 AM
  • 11:29 AM
Track A
Patrick Pushor
Track A: Crafting Comprehensive Cloud Compliance
Patrick Pushor, Principal Technical Evangelist, Orca Security

Whether you are formally regulated or are simply looking to demonstrate your commitment to security and governance with best practice guidance, Infrastructure-as-a-Service and Platform-as-a-Service offerings provide unique governance challenges.  These platforms offer a wide array of services, each with their own security controls that must be continuously tested against a trusted standard.  At the same time, public cloud platforms also host more traditional services such as virtual machines, containers and storage buckets, where risks including old unpatched software - and hence vulnerabilities, sloppy credentials embedded in a test script, misplaced PII, or keys that facilitate lateral movement are hiding within your workloads.

Join Patrick Pushor as he discusses how to build fully functional compliance guardrails at both the deep workload and broad cloud services levels with a single, simple approach.
 

  • 11:15 AM
  • 11:29 AM
Track B
Badri Raghunathan
Track B: Ransomware: Building Multi-Layered Defense and Accelerating Recovery
Badri Raghunathan, Director Product Management, Druva
  • 11:30 AM
  • 11:59 AM
Track A
Lisa Sotto
Track A: Ransomware, DDoS and Privacy: The Legal Opinion by Lisa Sotto
Lisa Sotto, Partner and Chair of the Global Privacy and Cybersecurity Practice, Hunton Andrews Kurth LLP

"Standout." "Star." "Legend." Attorney Lisa Sotto has received great accolades for her work as a data security and privacy litigator." If you have a data breach, you’d be lucky to get her to handle it," says one peer. In this exclusive session, Sotto offers her take on how to respond to some of the more persistent cyber attacks, including the ransomware resurgence. She discusses:

  • Ransomware – how to respond to today's most destructive attacks
  • DDoS – it's back and bigger than ever
  • Privacy laws – how do you harmonize three disparate state laws, with more coming?
  • 11:30 AM
  • 11:59 AM
Track B
Sean Kearney
Chris Holden
Miguel El Lakkis
Track B:
Sean Kearney, CISO, Natixis CIB Americas
Chris Holden, CISO, Crum & Forster
Miguel El Lakkis, Global CISO, Cantor Fitzgerald

Cybersecurity has been getting lots of attention in the media, and the general population is more aware of security issues than ever. Recent news related to the great resignation, Apple delaying child protection features and zero days for commonly used software give Cybersecurity professionals reason to stop and think.


In this exclusive session, experienced CISO's from the financial services and insurance sectors will discuss and help answer these questions and provide some practical suggestions for helping Cybersecurity continue to progress.

  • Is this media attention helping or hurting our industry? 
  • What can we learn by examining the headlines? 
  • What opportunities are created by this attention? 
  • How can we help build for the future?
  • 12:30 PM
  • 12:59 PM
Track A
Chris Pin
Track A: Streamlining Security Solutions: The Answer to Evolving Cyber Threats?
Chris Pin, VP, Security and Privacy, PKWARE

In 2021, ransomware attacks increased in triple-digit percentages, becoming regular staples in the news. Cybersecurity strategies must continue to transform in order to thwart ever-evolving threats. Organizations have invested in myriad tools and security systems in order to protect their most valuable asset: data. But in today’s collaborative world, with data constantly on the move, are disorganized security components contributing to more difficulty in protecting against increasingly organized cyberattacks?

PKWARE data expert Chris Pin leads this panel discussion on the value in leveraging a single data security solution designed to protect your entire organization wherever it stores, sends and uses data. Attendees will get insight into:  

  • How a single, collaborative approach to security reduces vulnerabilities in security practices;
  • Why automated discovery and protection processes strengthen data security;
  • How a single security solution provides real-time visibility and security collaboration across departments.
  • 12:30 PM
  • 12:59 PM
Track B
Pete Chestna
Track B: The Cloud Developer – Generation DevOps
Pete Chestna, North America CISO, Checkmarx

Requirements for developers have shifted over the last five years. Team sizes are shrinking, but responsibilities, including for DevOps and accelerated SDLC, are growing. Developers must become fluent in software architecture, testing, deployment, telemetry and security. Their jobs are now less about "multilayer" and more about "multidiscipline."

In this talk, Pete Chestna, CISO of North America for Checkmarx, will share updates to the insights that he first shared over four years ago. We will discuss how the opportunities and accountability afforded to developers need better support from employers and the vendor community. There will be practical advice to rise to the challenge.

You will learn about:

  • The change in responsibility and ownership that has occurred in application development;
  • The gap that exists in the support system that is affecting your velocity;
  • What developers and development leaders should do to better enable teams to succeed
  • 01:30 PM
  • 01:59 PM
Track A
Claus Torp Jenesen
Track A: 'We Need a New Breed of Technology Leader' – Insights from Claus Torp Jenson, Chief Innovation Officer, Teladoc Health
Claus Torp Jenesen, Chief Innovation Officer, EVP of R&D and IT, Teladoc Health

His business cards have boasted titles such as Chief Digital Officer, CTO, strategist. But Claus Torp Jensen foremost considers himself a coach, an entrepreneur, a storyteller.
He's worked at IBM, CVS Health, Memorial Sloan Kettering Cancer Center. From his current role at Teledoc Health, Jensen sees the need for a new breed of technology leader – one that combines people, business and tech skills to drive business transformation.
In this session, Jensen discusses:

  • What "technology leadership" means today
  • What it means to be a transitional leader
  • The difference between being a good leader and a great one
  • 01:30 PM
  • 01:59 PM
Track B
Rocco Grillo
Greg Kyrytschenko
Steven Wallstedt
Track B: When Attack is Inevitable: How to Build Business Resilience
Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response Investigations, Alvarez & Marsal
Greg Kyrytschenko, Deputy CISO, Guardian Life
Steven Wallstedt, CISO, ABN AMRO Holdings USA

Averting cyber attacks is always the preference, but frequently not the reality. What happens when the attack can't be avoided? That's when cyber and business resilience play their roles.


In this exclusive panel, two CISOs and a veteran cybersecurity investigator discuss how to:

  • Define, instill and train for resilience
  • Minimize business disruption
  • Ensure your senior management and board are prepare
  • 01:30 PM
  • 01:59 PM
Track C
Keith O'Sullivan
Chris Nicodemo
John Frushor
Track C: CISOs vs. Ransomware: Tips from the Trenches
Keith O'Sullivan, Global CISO, Standard Industries
Chris Nicodemo, Global Head of Information Security , Comcast Advertising
John Frushor, VP and Deputy CISO, New-York Presbyterian

Enough is enough. Frustrated by the toll ransomware is taking on entities large and small –particularly small-to-midsized businesses that are under-resourced – three vastly different CISOs combine forces in this session to discuss how to revitalize your ransomware defenses, including:

  • How to make do with minimal resources
  • How to deal with "the people problem"
  • What about those vendors and their vulnerabilities?
Track B: Secret Service Playbook: Inside the Fight Against BEC
Stephen Dougherty, Financial Analyst/ Investigator, U.S. Secret Service
Michael Johns, Director Private and Public Sector Outreach for Cyber Security ASAIC- Criminal Investigative Division, U.S. Secret Service

Business email compromise: The success rates and illicit earnings are staggering. In one recent case, the U.S. Secret Service helped a victim avoid losing $21 million. In this session, two USSS agents take us inside their BEC playbook to discuss:

  • The latest trends – what we know vs. what's unreported 
  • Anatomy of a BEC attack 
  • How to raise awareness about detection, defense and response 
Stephen Dougherty
Michael Johns
  • 02:00 PM
  • 02:29 PM
Track A: First Look: Fraud 2022 – The Trends and Technologies
Karen Boyer, VP, Financial Crimes and Fraud Intelligence, People's United Bank
Julie Conroy, Head of Risk Insights and Advisory, Aite-Novarica Group

One is a longtime financial fraud researcher; the other a hands-on practitioner. Both have their fingers on the racing pulse of fraud trends and defenses. And in this panel discussion they open up on the latest trends and technologies, including:

  • Digital channel fraud – how banks are responding
  • Application fraud and analytics
  • 3D Secure authentication – is it making a difference?
Karen Boyer
Julie Conroy
  • 02:30 PM
  • 02:59 PM
Zero Trust, Ransomware and Other 2022 Challenges: A Conversation with Michael Baker, CISO of General Dynamics IT
Michael Baker, Vice President and CISO, General Dynamics Information Technology

2021 brought Colonial Pipeline, Kaseya and the broadest cybersecurity executive order in history. What is 2022 likely to bring? More ransomware, more stops along the zero trust roadmap and more efforts to keep pace with adversaries who always seem to be two steps ahead. In this exclusive conversation, CISO Michael Baker opens up on:

  • The truth about what's hard about zero trust 
  • Defending against ransomware 
  • The executive order bombshell that no one's discussing
Michael Baker
  • 03:00 PM
  • 03:29 PM
Live Video Conversation & Q&A with David Pollino, Sean Kearney, Chris Holden and Miguel El Lakkis
Chris Holden, CISO, Crum & Forster
Miguel El Lakkis, Global CISO, Cantor Fitzgerald
Chris Holden
Miguel El Lakkis
  • 03:35 PM
  • 03:59 PM

Speaker Interviews

November 9 - 10, 2021

New York Summit