Financial Services Cybersecurity Summit

October 17, 2023

Financial Services Cybersecurity Summit

8:00 AM ET - 5:00 PM ET

Event Overview

The annual ISMG New York Financial Services summit dedicates a full day to enhancing cybersecurity education for CISOs and their teams. The event will begin with a keynote session featuring Susan Koski, CISO of PNC, and Matanda Doss, executive director of cybersecurity and technology controls at JPMorgan Chase.

During this highly anticipated session, they will delve into team skill development, effective leadership techniques, and the intricacies of incident response, all in the context of the transformative potential of technology, especially AI.

Participants will gain valuable insights from an interactive session led by Aravind Swaminathan, a top U.S. personal liability lawyer and global co-chair cybersecurity and data privacy at Orrick, Herrington & Sutcliffe LLP. This session will analyze the Joe Sullivan Uber case and engage in a mock exercise exploring actions CISOs can take in challenging situations.

The summit will also comprehensively explore incident response strategies through an interactive “Solution Room” exercise. This challenging exercise will prompt CISOs and cybersecurity leaders to formulate incident response strategies in the scenario of a global ransomware attack.

Moreover, the summit will delve into the technical landscape of AI. This segment aims to equip leaders with the necessary knowledge for secure AI implementation while considering supply chain budget aspects. As cybersecurity leaders strive to maintain stability amid rapid evolution, the summit will offer guidance on achieving balance during periods of change. This emphasizes the pivotal role of steady leadership in safeguarding digital landscapes.

Venue

TBD

New York, NY

Topic Highlights

Critical Infrastructure
Incident Response
Supply Chain Threats and Response
Cyberattacks
Zero Trust

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

Claire Le Gal

Senior Vice President, Cyber Security & Risk Products, Mastercard

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Susan Koski

CISO and Head of Enterprise Information Security, PNC

John Chan

Director of Technology - AI/ML, Raymond James

Tim Gallo

Global Security Architect, Mandiant

Karamjit Singh

Director, Artificial Intelligence, Mastercard

Sohail Iqbal

CISO, Veracode

Heather West

Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa

Head of Digital Transformation Office, Société Générale

Patrice Boffa

Chief Customer Officer, Arkose Labs

Itzik Alvas

CEO & Co-Founder, Entro Security

Speakers

Thought Leaders Leading Critical Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Susan Koski

CISO, PNC

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

William Beer

Managing Director, Financial Services, Accenture

Paul Leonhirth

Global Financial Services Industry Lead, Palo Alto Networks

Navigating the Storm: Protecting Financial Services in an Era of Cyber Turbulence

In the realm of financial services, the ever-looming specter of cyberthreats casts a long shadow. Hacking and malware stand as formidable adversaries, continually challenging the security measures put in place by financial institutions. Yet, a storm is brewing on the horizon, as insider threats and accidental disclosures gather momentum, threatening to reshape the risk landscape.

As if these challenges weren’t enough, the financial sector finds itself at a pivotal juncture with the soaring adoption of cloud technology. The allure of the cloud brings efficiency and scalability but also amplifies risks, promising to usher in a new era of cyber vulnerabilities.

Drawing from commonly accepted statistics, we find that 75% of data breaches in this sector involve hacking and malware, while accidental disclosures account for 18% of the total breaches. Insider threats have risen to 6%, underscoring the importance of internal security, and physical breaches remain consistent at 2%. The numbers are clear, and the message is stark: the financial services industry is at a crossroads, facing a complex and evolving cybersecurity landscape.

Join us for an exclusive keynote session that unites top practitioners from some of the nation’s leading financial institutions. This gathering presents a masterclass in CISO leadership, addressing the latest developments and threats impacting the financial services industry.

Key discussion points will include:

The expanded attack surfaces created by the increased reach of APIs;
Leveraging the capabilities of artificial intelligence to bolster fraud detection and threat monitoring;
Strategies for safeguarding reputational integrity in the face of data breaches;
Navigating the complex web of state and federal regulations to ensure compliance.

In an age marked by the looming specter of cyberthreats, this keynote promises invaluable insights to help financial institutions fortify their defenses and chart a course to greater cybersecurity resilience.

Susan Koski, CISO, PNC

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JPMorgan Chase

William Beer, Managing Director, Financial Services, Accenture

Paul Leonhirth, Global Financial Services Industry Lead, Palo Alto Networks

Patrice Boffa

Chief Customer Officer, Arkose Labs

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Protecting Digital Identity: Combatting Account Takeovers in Financial Services

Online self-service tools have empowered customers, with the majority of transactions occurring online. However, this convenience brings significant risks. Account takeovers have become a prevalent threat, targeting online banking, alternative payment platforms, and messaging apps with payment components. Each new account introduces potential vulnerabilities, allowing attackers access to extensive personal and financial information.

This session will delve into the mechanics of account takeovers, highlighting how attackers pose as legitimate users to gain prolonged, under-detected access to accounts. It will explore:

Methods employed by cybercriminals, such as brute force attacks, phishing, and malware.
The importance of implementing MFA and robust identity and access management frameworks to protect private data.
The broader implications of account takeovers beyond individual consumers, including risks to supply chains and vendors.
Preventing illegitimate access to cloud applications and ensuring continuous authentication and authorization of all users and devices.

Patrice Boffa, Chief Customer Officer, Arkose Labs

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JPMorgan Chase

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology &

Operations, Citi

Sohail Iqbal

CISO, Veracode

The Shifting Responsibilities of CISOs in Capital Markets Cybersecurity

In the world of capital markets, cybersecurity extends beyond the traditional IT scope, ensuring the security of client and enterprise communications and data. Although all employees share the responsibility for cybersecurity, Chief Information Security Officers (CISOs), Chief Risk Officers, and other senior security leaders are at the forefront, confronting cyber threats directly.

Previously regarded as back-office functions, these roles have gained strategic importance due to the growing sophistication of cybercriminals, their advanced tools, and the significant financial implications at stake.

Significant cyber risks in the capital markets include:

Data Breaches and Authentication Weaknesses: Insufficient multifactor authentication can result in severe data breaches.
API Security Flaws: The fast pace of digital transformation reveals vulnerabilities in API ecosystems.
Cloud Security Issues: SaaS deployments bring about new security challenges.
Risks from Third-Party and Fourth-Party Vendors: Handling risks from external partners remains a complex issue.

Sohail Iqbal, CISO, Veracode

Sean Blenkhorn

VP, Sales Engineering, Axonius

New Age of Payment Fraud: Hackers vs. Heroes

Across industries, the payment ecosystem faces unprecedented challenges from increasingly sophisticated fraudsters. This session provides a comprehensive exploration of the evolving landscape of payment fraud, shedding light on the latest threats, detection strategies, and proactive measures to safeguard financial transactions.

Join us as we delve into payment fraud prevention, examining rising threats such as account takeovers and synthetic identity fraud. Our expert panel will explore critical topics, including authentication techniques, data security practices, and adherence to regulatory standards. Additionally, we will address the growing risks associated with social engineering and the specific challenges faced in securing mobile payments.

Key topics include:

The Evolving Face of Payment Fraud: Unpacking New Trends and Their Industry Impact
Uncovering Weaknesses in Digital Payments: Lessons from Real-World Exploits
Harnessing AI for Fraud Prevention: The Transformative Role of Machine Learning
Mastering the Maze of International Fraud: Tackling Cross-Border Payment Challenges

Sean Blenkhorn, VP, Sales Engineering, Axonius

Luke Babarinde

Global Solutions Architect, Imperva

Under the Cyber Hood: Exploring Insurance Myths and Realities

In this compelling discussion, top industry leaders will unravel the complexities of cyber insurance in an era of diversified and expanding risk. Panelists will provide a roadmap for CISOs to fully leverage cyber insurance, safeguarding their security while clarifying its scope and debunking common misconceptions about its effectiveness and sustainability.

The discussion will explore key factors that insurers consider during the underwriting process, illustrating how companies can align their cyber insurance strategy with broader risk management objectives. Special attention will be paid to the strategic benefits of pre-breach services such as risk assessments and vulnerability scans, and post-breach services like incident response and claims support, which are pivotal in minimizing the impact of security incidents.

Key Takeaways:

Comprehensive Risk Management: Learn how to utilize cyber insurance as a tool for comprehensive risk management by integrating both pre-breach and post-breach services to enhance your cybersecurity posture.
Underwriting Insights for CISOs: Gain deep insights into the underwriting process, focusing on what insurers assess to help CISOs better prepare their organizations for favorable coverage.
Navigating Market and Regulatory Changes: Explore how shifts in the cyber insurance market and regulatory landscape affect policy offerings and coverage strategies, empowering CISOs to make informed decisions.
Optimization of Insurance Procurement: Discover strategies to streamline the cyber insurance acquisition process, improving how your organization approaches risk transfer and coverage optimization.

Luke Babarinde, Global Solutions Architect, Imperva

Networking and Exhibition Break

Chris Lehman

CEO, SafeGuard Cyber

Financial Fortification: The Power of Interdisciplinary Risk Management

In this session, we will spotlight the critical synergies between various risk functions within financial services, particularly emphasizing the inter-connectedness of fraud, cyber, and technology risks.

The panel will focus on the importance of establishing a common language across different risk domains and explore how fostering interdisciplinary communication and understanding is crucial for timely and effective threat response, aligning different departments under a unified risk management objective.

Discussion Highlights:

Collaborative Frameworks: Examine how CISOs and IT teams in financial services can seamlessly integrate security measures with everyday IT operations.
Success Stories: Highlight case studies from the financial sector that showcase the benefits of partnerships between risk functions, emphasizing efficient risk mitigation and the development of a robust cybersecurity culture.
Shared Language and Interdisciplinary Teams: Offer insights on establishing a common language for risk communication, forming interdisciplinary teams, and the importance of vigilant monitoring and rapid response systems in financial institutions.
Championing Security Investments: Discuss the critical role of CISOs in advocating for security investments and the necessity of executive support to foster an organizational environment that prioritizes cybersecurity awareness in financial services.

Chris Lehman, CEO, SafeGuard Cyber

Itzik Alvas

CEO & Co-Founder, Entro Security

Reclaim Control Over Your Secrets

Organizations large and small grapple with the challenge of secret sprawl as their cloud-native stack expands. R&D teams create and scatter secrets across vaults, source code, collaboration solutions and more without any oversight or control by security teams.

Secret-based breaches are among the top three attack vectors, and they are the most destructive. What is the solution needed to protect organizations from exposed secrets?

How can you detect, safeguard and provide context for secrets stored across vaults, source code, collaboration tools, cloud environments and SaaS platforms?

Introducing Entro’s Secrets Security and Management Platform, which is designed specifically for CISOs and security teams to provide them with full oversight and the ability to govern any secret from a single pane of glass, integrating into all places in which secrets can be found, including BYOV – bring your own vault.

Itzik Alvas, CEO & Co-Founder, Entro Security

Siddharth Iyer

Systems Engineer, Radware

Navigating the Evolving DDoS Threat Landscape: Strategies for Mitigation

The evolution of DDoS attacks in scale, sophistication and motivation makes them a primary concern for cybersecurity practitioners.

In exploring the current threat landscape and dissecting the diverse attack vectors and malicious motivations, preparedness becomes key. By examining recent trends and real-world examples, emphasis needs to be on the importance of a proactive approach to protection.

Siddharth Iyer, Systems Engineer, Radware

Geoff Brown

Vice President of Global Intelligence Platforms, Recorded Future

Fireside Chat: A Sit Down with the Former CISO of the City of New York

In this fireside chat, Geoff Brown, former CISO of the City of New York and Vice President of Global Intelligence Platforms at Recorded Future will explore the evolving world of cybersecurity, threat intelligence, and the strategies required to adapt and thrive in an increasingly complex and dynamic threat landscape.

In this session, Brown will discuss:

How threat intelligence has evolved rapidly in recent years, with a particular focus on the transition to machine-to-machine intelligence;
Insights into his work related to threat intelligence in Ukraine and the Kingdom of Belgium;
Best practices that organizations can apply to their own cybersecurity strategies, especially considering current geopolitical events.

Geoff Brown, Vice President of Global Intelligence Platforms, Recorded Future

John Chan

Director of Technology - AI/ML, Raymond James

Heather West

Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa

Head of Digital Transformation Office, Société Générale

Karamjit Singh

Director, Artificial Intelligence, Mastercard

Navigating the Technical Landscape of AI: Empowering CISOs for Secure Implementation

As the digital landscape continues to evolve, the integration of AI and ML technologies into organizations' operations has become increasingly prevalent.

These transformative technologies hold great potential for enhancing efficiency, automation and decision-making processes. However, with the tremendous benefits they offer, AI and ML also bring about unique challenges and risks that demand the attention of CISOs.

This session is designed specifically for CISOs seeking to fortify their understanding of AI technologies and their implications on cybersecurity. The session will delve into the technical intricacies of AI systems and explore the pivotal role CISOs play in ensuring a secure and responsible AI implementation within their organizations.

Key topics covered during the session will include:

Fundamentals of AI and ML: Learning core principles and algorithms powering AI and ML that would help CISOs
understand AI-driven app mechanics;
AI in Cybersecurity: Exploring the current landscape of AI applications in the realm of cybersecurity, including threat detection, anomaly identification, and risk assessment, along with insights into the potential for AI-driven attacks;
Data Privacy and Ethics: Addressing the ethical considerations and data privacy challenges that arise from AI implementation;
Adversarial AI and Mitigation Strategies: Analyzing the concept of adversarial AI, its potential to subvert AI systems, and best practices for safeguarding AI algorithms from malicious attacks;
AI Governance and Risk Management: Highlighting the significance of comprehensive AI governance frameworks and risk management strategies to mitigate potential AI-related risks effectively;
Collaborating With AI Teams: Strategies for fostering collaboration between CISOs and AI development teams, facilitating a cohesive approach to security in AI projects.

John Chan, Director of Technology – AI/ML, Raymond James

Heather West, Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa, Head of Digital Transformation Office, Société Générale

Karamjit Singh, Director, Artificial Intelligence, Mastercard

Lunch and Exhibition Break

Trevor Foskett

Senior Director, Solutions Engineering, Virtru

From Vulnerable to Vault: Why FinServ Cyber Professionals Can’t Ignore Data-Centric Security

Security leaders are responsible for safeguarding revenue-generating assets such as customer data and proprietary algorithms that are critical to your company’s bottom line, and if your information security program isn’t in compliance, the financial impact can be massive.

In this session, Trevor Foskett, senior director of solutions engineering at Virtru, will offer you a quick and comprehensive dive into data-centric security via Virtru’s Gateway.

Foskett will walk through real-world challenges such as compliance breaches, unauthorized data access, and sophisticated cyberthreats that your organization faces. Virtru’s Gateway sets a new standard in data-centric protection by integrating military-grade encryption, granular access controls, and stringent policy enforcement – safeguarding your data from endpoint to endpoint and everywhere in between.

Just as attackers evolve, so must our defenses. Garner immediate, actionable insights into fortifying your tech stack. Equip yourself with strategies to not only counteract today’s threats but also to preemptively mitigate the risks of tomorrow.

Trevor Foskett, Senior Director, Solutions Engineering, Virtru

David Cifuentes

Global Director of Solution Engineering, Devo Technology

Real-Time Attack Tracing and Automation in the SOC

Threat detection and response should take seconds, not minutes.

Real-time analytics is especially crucial for enterprises in the financial sector. Discover the full Devo stack and how it can support your SOC. See how your team can quickly identify and respond to security events, boost your SOC performance, and augment your analysts with AI – eliminating over 95% of security alerts.

David Cifuentes, Global Director of Solution Engineering, Devo Technology

Cooper Kulich

Special Agent, US Secret Service

Tim Gallo

Global Security Architect, Mandiant

From Attack to Recovery: Incident Response in Ransomware Scenarios

Ransomware continues to be one of the most high-stakes threats cybersecurity leaders face, no matter how robust their organization’s security architecture may be. With growing attack vectors comes increased risk, whether through internal lapses in coverage, those in a partner’s supply chain, or the danger of human error, threat actors deploy increasingly sophisticated techniques to exploit vulnerabilities and infiltrate previously secure networks.

As a precursor to an interactive incident response workshop, learn from industry leaders who have faced and defended against the pervasive threat of ransomware attacks firsthand. Attendees will hone their knowledge of ransomware attacks and their own organizations’ potential vulnerabilities as they prepare to enter The Solution Room.

Key topics include:

Learn how to leverage public-private engagement to stay aware of global threats;
Explore best practices for preparation and response to ransomware attacks, while considering their impact on client and proprietary data;
Identify how to most effectively inform internal stakeholders of a security breach;
Gain a comprehensive understanding of ransomware’s complexities, and develop robust strategies for safeguarding digital assets in the face of evolving cybercrime methods.

Cooper Kulich, Special Agent, US Secret Service

Tim Gallo, Global Security Architect, Mandiant

Tim Gallo

Global Security Architect, Mandiant

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

Cooper Kulich

Special Agent, US Secret Service

Claire Le Gal

Senior Vice President, Cyber Security & Risk Products, Mastercard

Steven Wallstedt

CISO, North America of ABN AMRO

The Solution Room: CyberEdBoard and USSS

The Solution Room offers cybersecurity leaders a highly engaging and interactive conference session, providing them with peer-to-peer support and subject matter expertise to tackle their most pressing challenges.

Participants are invited to join one of the tables for this collaborative session, co-moderated by a CyberEdBoard member and a distinguished Secret Service Agent.

During this interactive session, CISOs and cybersecurity professionals will engage in a dynamic and timely exercise centered on a global ransomware attack. The scenario revolves around a fictional shipping and logistics company and its semiconductor manufacturer supply chain partner.

The exercise is structured into three phases, each presenting unique challenges and crucial decision points relevant to real-life incident response.

The session’s objective is to provide practical insights into managing a global ransomware attack, mitigating supply chain risks, effectively engaging with law enforcement, and fostering a cyber-resilient organizational culture. By actively participating in the exercise, participants will gain valuable experience in dealing with cyberthreats and hone their incident response preparedness, ultimately strengthening their organization’s cybersecurity defenses in the face of evolving challenges.

Tim Gallo, Global Security Architect, Mandiant

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology &

Operations, Citi

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JPMorgan Chase

Cooper Kulich, Special Agent, US Secret Service

Steven Wallstedt, CISO, North America of ABN AMRO

Claire Le Gal, Senior Vice President, Cyber Security & Risk Products,

Mastercard

Fahad Kabir, Director of Cybersecurity, ING Americas

Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response

Investigations, Alvarez & Marsal

Networking and Exhibition Break

Steven Wallstedt

CISO, North America of ABN AMRO

Vlad Brodsky

CISO, OTC Markets Group

Bino Gopal

Senior Solutions Architect, Cloudflare

ChatGPT: I, For One, Welcome our new AI Overlords!

We all know that Generative AI is the hot new thing today and the topic of conversation.

Come to this panel for some unique insights into Generative AI based on the panelists experience in the space and even a bit of spirited debate around whether or not the title is, in fact how we all feel about the subject.

Steven Wallstedt, CISO, North America of ABN AMRO

Vlad Brodsky, CISO, OTC Markets Group

Bino Gopal, Principal Solutions Architect, Cloudflare

Gary Meshell

Global Principal Partner Security Leader, AWS

John Gutkowski

Cybersecurity Director, Eviden

Gen AI and Cyber Mesh for Financial CISOs: Modern Detection and Response for a Resilient Enterprise

Financial institutions suffer from sophisticated cyberattacks even after investing in expensive security technologies. How can financial CISOs leverage their investments to create a robust, integrated detection, response and recovery program?

This session outlines a joint initiative between AWS and Eviden that brings together Eviden’s cybersecurity mesh architecture-enabled AIsaac platform with AWS Security Lake and Bedrock Gen AI, providing financial institutions with the tools they need to combat sophisticated cyberthreats, reduce business downtime, gain complete exposure visibility, and improve their cybersecurity resiliency.

Gary Meshell, Global Principal Partner Security Leader, AWS

John Gutkowski, Cybersecurity Director, Eviden

Claire Le Gal

Senior Vice President of Cyber Security and Risk Product, Mastercard

Protecting Trust in a Changing World

Over the last two decades, the payments landscape has undergone significant transformations, leading to new challenges and risks for financial institutions, merchants, and cardholders.

In this session, Claire Le Gal, Senior Vice President of Cyber Security and Risk Products at Mastercard, examines the evolution of safeguarding payments, reducing cyber risks, and key risk considerations to incorporate in fraud mitigation strategies.

Claire Le Gal, Senior Vice President of Cyber Security and Risk Product,

Mastercard