Financial Services Summit: New York 2025 ISMG%%sep%%Events ismg.events

November 6, 2025

Cybersecurity Summit:
New York Financial Services

Hosted by BankInfoSecurity

8:30 AM ET - 5:00 PM ET

Event Overview

ISMG’s 2025 Financial Services Cybersecurity Summit will tackle the sector’s most urgent cyber challenges. A keynote panel of leading CISOs will discuss how InfoSec leaders’ responsibilities now span IT, data, communications and operations, underscoring cybersecurity’s strategic role. Sessions will deliver insights on advanced threat intelligence, payment fraud prevention, AI’s impact on attackers and defenders, and leveraging cyber insurance in risk management.

The event concludes with the interactive Solution Room, a hands-on incident response workshop where participants face a high-stakes deepfake scenario to strengthen crisis planning and response.

View our ISMG Event Experience video to see what your peers are saying about their participation.

Venue

New York Marriott Downtown

85 West Street at Albany Street New York, NY 10006

NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Highlight Topics

Critical Infrastructure
Incidence Response
Supply Chain Threats and Response
Cyber Attacks
Zero Trust

David Anderson

Vice President, Cyber, Woodruff Sawyer

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Erika Dean

CSO, Robinhood

Ali Khan

CISO, Better.com

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

Kevin Li

CISO, Cohen & Steers

Carlos Suarez

Deputy Information Security Officer, Helaba

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan

Eric Boateng

CISO, MassMutual

Boris Klyuchnikov

Special Agent, Cyber Crime Task Force, FBI

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

2024 Speakers

Thought Leaders on Stage and Leading the Critical Conversations

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

Financial Services Summit: New York

CISO 360° - Expanding the Cybersecurity Mandate in Financial Services

The role of the financial CISO is undergoing a profound revolution.

No longer confined to protecting IT infrastructure alone, today’s CISOs are charged with safeguarding enterprise-wide data, communications, and even operational continuity.

This session examines how cybersecurity leadership is expanding into a business-wide mandate – from compliance and privacy to fraud prevention and operational resilience. We will discuss the growing strategic importance of cybersecurity at all organizational levels and how CISOs must collaborate across risk, compliance, and business units to embed security into the company’s DNA.

Attendees will hear how new regulations and rising board expectations are elevating the CISO’s accountability. Through real-world examples, we’ll explore strategies for breaking down silos, communicating cyber risk in financial terms, and aligning security initiatives with core business objectives to drive resilience and trust.

Key Takeaways:

How and why the CISO’s responsibilities now span enterprise risk management, data governance, and business operations.
Approaches to bridge communication gaps between cybersecurity, fraud, compliance, and other risk domains.
Effective methods to engage the Board and executive leadership on cybersecurity as a strategic business issue.
Strategies for measuring and conveying security program value in financial terms to support informed decision-making.

Erika Dean, CSO, Robinhood Markets
Eric Boateng, CISO, MassMutual

Financial Services Summit: New York

2024 Phishing Attack Landscape & Benchmark

Our 2024 Phishing by Industry Benchmarking study analyzed a data set of 11.9 million users across 55,675 organizations with over 54.1 million simulated phishing security tests.

This report highlights employee vulnerability by industry, revealing at-risk users that are susceptible to phishing/social engineering attacks.

You will learn:

Phishing benchmark data for 19 industries and 7 geographical regions
Understanding who’s at risk/what you can do
Actionable tips to create your human firewall

Joanna Huisman, SVP Strategic Insights & Research, KnowBe4

Financial Services Summit: New York

Identity-Centric Security in Finance

In an era of credential stuffing, phishing, and MFA fatigue attacks, financial institutions are shifting to an identity-centric security model as the core of zero trust architecture.

This session focuses on how banks and insurers can harden authentication and access control – for both customers and employees – to shut down breaches at the front door. We’ll discuss the latest in identity and access management innovations: from phishing-resistant multifactor authentication and passwordless logins to granular privilege management and continuous user monitoring. We’ll also address the explosion of non-human identities – API keys, service accounts, bots – and why managing their access is critical.

Key Discussion Topics:

Modernizing authentication to counter advanced credential attacks
Tackling MFA bypass and identity-based threats with layered defenses
Customer IAM (CIAM) strategies to prevent account takeover and fraud
Treating identity as “critical infrastructure” in cybersecurity strategy

Charlie Leonard, Principal SecOps Transformation Advisor, Palo Alto Networks
Chris Holden, CISO, Crum & Forster
Erika Dean, CSO, Robinhood Markets

Financial Services Summit: New York

Securing Workforce Identities with Modern FIDO Authentication

Securing workforce identities is vital, but yesterday’s technologies are no match for tomorrow’s cyber threats.

The FIDO authentication open standard offers the most modern defense tactic that organizations can leverage to create digital barriers against evolving threats. Learn how to raise the bar for security and innovation by driving phishing-resistant and passwordless authentication and cultivate phishing-resistant users across the enterprise.

Perraju Nadakuduty, Director & Distinguished

Engineer, Capital One

Networking and Exhibition Break

Track A

Financial Services Summit: New York

Under the Cyber Hood: Exploring Insurance Myths and Realities

In this compelling discussion, top industry leaders will unravel the complexities of cyber insurance in an era of diversified and expanding risk.

Panelists will provide a roadmap for CISOs to fully leverage cyber insurance, safeguarding their security while clarifying its scope and debunking common misconceptions about its effectiveness and sustainability.

The discussion will explore key factors that insurers consider during the underwriting process, illustrating how companies can align their cyber insurance strategy with broader risk management objectives. Special attention will be paid to the strategic benefits of pre-breach services such as risk assessments and vulnerability scans, and post-breach services like incident response and claims support, which are pivotal in minimizing the impact of security incidents.

Key Takeaways:

Comprehensive Risk Management: Learn how to utilize cyber insurance as a tool for comprehensive risk management by integrating both pre-breach and post-breach services to enhance your cybersecurity posture.
Underwriting Insights for CISOs: Gain deep insights into the underwriting process, focusing on what insurers assess to help CISOs better prepare their organizations for favorable coverage.
Navigating Market and Regulatory Changes: Explore how shifts in the cyber insurance market and regulatory landscape affect policy offerings and coverage strategies, empowering CISOs to make informed decisions.
Optimization of Insurance Procurement: Discover strategies to streamline the cyber insurance acquisition process, improving how your organization approaches risk transfer and coverage optimization.

David Anderson, Vice President, Cyber,

Woodruff Sawyer

Track B

Financial Services Summit: New York

New Age of Payment Fraud: Hackers vs. Heroes

Across industries, the payment ecosystem faces unprecedented challenges from increasingly sophisticated fraudsters. This session provides a comprehensive exploration of the evolving landscape of payment fraud, shedding light on the latest threats, detection strategies, and proactive measures to safeguard financial transactions.

Join us as we delve into payment fraud prevention, examining rising threats such as account takeovers and synthetic identity fraud. Our expert panel will explore critical topics, including authentication techniques, data security practices, and adherence to regulatory standards. Additionally, we will address the growing risks associated with social engineering and the specific challenges faced in securing mobile payments.

Key topics include:

The Evolving Face of Payment Fraud: Unpacking New Trends and Their Industry Impact
Uncovering Weaknesses in Digital Payments: Lessons from Real-World Exploits
Harnessing AI for Fraud Prevention: The Transformative Role of Machine Learning
Mastering the Maze of International Fraud: Tackling Cross-Border Payment Challenges

Aaron Simpson, Partner, Hunton & Williams

Seth Rose, Supervisory Special Agent Group 06, U.S. Department of the Treasury Cyber Investigations Unit

Michael Woodson, Information Security and Privacy Director, Sonesta Hotels

Financial Services Summit: New York

Incident-Ready: Building Cyber Resilience in Financial Services

Despite our best prevention efforts, breaches and disruptions in the financial sector are a matter of "when, not if".

This session is all about preparing your institution to withstand and bounce back from cyber incidents with minimal damage.

We will discuss how leading banks are adopting an operational resilience mindset and draw lessons from recent incidents that illustrate what effective response and recovery looks like under pressure.

The session will also explore new resilience requirements from regulators and strategies to ensure data resilience and business continuity.

In this session, you’ll learn:

Why 100% prevention is impossible and how to shift to a response-first mindset.
Components of an effective cyber incident response plan.
The role of business continuity and disaster recovery (BC/DR) in cyber incidents.
How to test and bolster resilience through regular drills and simulations.

Steve Johnson, VP Sales East, Entro Security

Lunch

Financial Services Summit: New York

Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

Join CyberEdBoard and Google for this interactive tabletop exercise that places you at the center of a sophisticated insider threat scenario, driven by generative AI and psychological manipulation.

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.

What You Will Gain From This Experience:

Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks.
Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems.
Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.

Ed Thomas, SVP, ProcessUnity

Exhibition & Networking Break

Financial Services Summit: New York

Generative AI Arms Race - Cyber Offense and Defense

Generative AI has unleashed a cyber arms race, with threat actors and defenders vying to outpace each other using machine intelligence.

This session confronts the double-edged sword of AI in cybersecurity. On one side, we see cybercriminals leveraging generative AI to supercharge phishing campaigns, create polymorphic malware, and even produce convincing deepfake voices or videos to facilitate fraud. On the other side, forward-leaning security teams are deploying AI for threat detection, automated incident response, and code review at unprecedented speed. We will explore real examples of AI-powered attacks – as well as how financial firms are harnessing AI in defense. Experts will emphasize the need for governance and caution amid the hype, including strategies to prevent AI model abuse and ensure AI outputs can be trusted.

Attendees will learn:

How adversaries are weaponizing generative AI, and where these tactics have been observed in the wild.
Ways financial institutions can deploy AI and machine learning for defense.
The importance of AI governance and security for AI systems to prevent new attack vectors.
Emerging best practices and frameworks to responsibly integrate AI into cybersecurity programs.

Darryl Jones, VP of Product and Strategy, Ping

Identity

Financial Services Summit: New York

Payment Fraud 2.0 - Stopping Cybercriminals in Real Time

Financial institutions are grappling with an onslaught of next-generation payment fraud schemes that blur the lines between cyber attack and fraud.

In this session, we explore the “New Age” of payment fraud and the tools and tactics needed to combat it. From synthetic identity fraud to sophisticated social engineering that bypasses controls on real-time payment networks, fraudsters are innovating quickly. We will examine recent cases of large-scale payment and wire fraud that leveraged data breaches, account takeovers, and increasingly convincing use of deepfakes. This discussion will focus on how cyber teams and fraud units can partner more closely, sharing data and insights to detect anomalies in digital transactions. We’ll also highlight defensive innovations such as machine learning models for transaction monitoring and customer behavior analytics to spot illicit patterns.

We will discuss:

The rise of synthetic identities and account takeovers targeting banks and payment platforms.
Techniques to detect and block fraudulent transfers before money is lost.
Organizational approaches for converging fraud prevention and cybersecurity.
Emerging tools that help identify subtle fraud indicators without adding excessive friction.

Bill Sovak, VP of Data Protection Sales, Fortra

Financial Services Summit: New York

Embedding Security at the Speed of Finance

As financial institutions push for faster digital innovation, security teams are often left playing catch-up - or worse, seen as blockers.

But a well-executed DevSecOps strategy can turn security into a business enabler, integrating controls directly into the software lifecycle without stalling delivery. This session focuses on what DevSecOps means for CISOs in financial services: not just shifting left, but embedding governance, risk, and compliance directly into development workflows.

We’ll explore how leading financial firms are implementing security guardrails in CI/CD pipelines, using policy-as-code to enforce controls, and ensuring that software shipped to production meets regulatory and resilience standards.

We’ll also discuss how to drive alignment across AppSec, DevOps, and GRC functions – especially in environments where infrastructure is increasingly ephemeral and APIs serve as critical product infrastructure.

We will cover:

How to establish DevSecOps as a governance model, aligned to compliance and operational resilience.
Real-world practices for embedding security guardrails into CI/CD pipelines.
Strategies to integrate SBOM validation, third-party component monitoring, and change control into Dev workflows.
Cultural and structural changes needed to align AppSec, DevOps, and GRC teams.

Vincent Stoffer, Field CTO, Corelight, Inc