November 7, 2024

Cybersecurity Summit NY: Financial Services Hosted by BankInfoSecurity

7:30 AM ET - 4:45 PM ET

Event Overview

ISMG Summits feature carefully curated agendas delivering keynotes from industry luminaries, case-based learning, solution room workshops, private roundtable discussions, one-to-one networking and more. Our geo-targeted, industry-specific, and topic-driven events provide actionable education for security leaders’ top priorities and challenges.

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Venue

New York Marriott Downtown

85 West Street at Albany Street

New York, NY 10006

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Highlight Topics

  • Critical Infrastructure
  • Incidence Response
  • Supply Chain Threats and Response
  • Cyber Attacks
  • Zero Trust

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

David Anderson

Vice President, Cyber, Woodruff Sawyer

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Erika Dean

CSO, Robinhood

Ali Khan

CISO, Better.com

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

Kevin Li

CISO, Cohen & Steers

Chetan Patel

SVP - CISO US & UK, Helaba

Ankur Ahuja

CISO, Billtrust

Eric Boateng

CISO, MassMutual

Boris Klyuchnikov

Special Agent, Cyber Crime Task Force, FBI

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Speakers

Thought Leaders on Stage and Leading the Critical Conversations

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

Matanda Doss

Executive Director, Cybersecurity and Technology Controls, JPMorganChase

Erika Dean

CISO, Robinhood Markets

Eric Boateng

CISO, MassMutual

The Shifting Responsibilities of InfoSec Leaders Across Financial Services

Although all employees share the responsibility for cybersecurity, Chief Information Security Officers, Chief Risk Officers, and other senior security leaders are at the forefront, confronting cyber threats directly. Simply put, these essential responsibilities can no longer be regarded as back-office functions; these roles have gained strategic importance due to the growing sophistication of cybercriminals, their advanced tools, and the significant financial implications at stake.

Key Discussion Points:

  • Strengthening Multifactor Authentication: Proactively implement robust authentication methods to prevent high-risk data breaches.
  • Mitigating API Security Risks: Integrate real-time monitoring and threat detection to secure APIs against emerging vulnerabilities.
  • Enhancing Cloud Security Protocols: Identify and address gaps in SaaS deployments to ensure comprehensive cloud protection.
  • Managing Vendor Risks Proactively: Develop and enforce stringent risk management frameworks for third- and fourth-party vendors to minimize exposure.

Matanda Doss, Executive Director, Cybersecurity and

Technology Controls, JPMorganChase

 

Erika Dean, CSO, Robinhood Markets

 

Eric Boateng, CISO, MassMutual

Joanna Huisman

SVP Strategic Insights & Research, KnowBe4

2024 Phishing Attack Landscape & Benchmark

This report highlights employee vulnerability by industry, revealing at-risk users that are susceptible to phishing/social engineering attacks.
 
You will learn:
 
  • Phishing benchmark data for 19 industries and 7 geographical regions
  • Understanding who’s at risk/what you can do
  • Actionable tips to create your human firewall

Joanna Huisman, SVP Strategic Insights & Research, KnowBe4

Financial Services Cybersecurity Summit

Threat Intelligence: Proactive Security Posture Against Evolving Adversaries

This session will equip CISOs with the latest analysis on the global threat landscape, the ways in which bad actors are leveraging emerging technologies to exploit traditional weaknesses, and bold strategies for combatting new and evolving threats. Key takeaways will include:

  • Integrating new threat intelligence protectively into a robust risk management framework.
  • Analyzing the rise in zero-day attacks and the blind spots they exploit.
  • Understanding how AI/ML capabilities are being leveraged by adversaries for future attacks and how they can be leveraged to neutralize them.
  • Considering the role of behavioral analytics in enhancing threat detection capabilities.

Anthony Scarola, SVP; Director of IT Governance, Risk & Compliance,

Apple Bank 

 

Chetan Patel, Senior Vice President – CISO US & UK, Helaba

Financial Services Cybersecurity Summit

Best Practices for Zero-Day Vulnerability Attack Responses & Emergency Assessments

Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We’ll outline what’s required to prepare in advance so you’re ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we’ll cover the necessary steps and considerations for an effective response plan.

Session attendees will learn:

  • How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
  • How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
  • How quick-assess campaigns can automatically scope, distribute, and score responses

Networking and Exhibition Break

Track A

David Anderson

Vice President, Cyber, Woodruff Sawyer

Under the Cyber Hood: Exploring Insurance Myths and Realities

 Panelists will provide a roadmap for CISOs to fully leverage cyber insurance, safeguarding their security while clarifying its scope and debunking common misconceptions about its effectiveness and sustainability.

The discussion will explore key factors that insurers consider during the underwriting process, illustrating how companies can align their cyber insurance strategy with broader risk management objectives. Special attention will be paid to the strategic benefits of pre-breach services such as risk assessments and vulnerability scans, and post-breach services like incident response and claims support, which are pivotal in minimizing the impact of security incidents.

Key Takeaways:

  • Comprehensive Risk Management: Learn how to utilize cyber insurance as a tool for comprehensive risk management by integrating both pre-breach and post-breach services to enhance your cybersecurity posture.
  • Underwriting Insights for CISOs: Gain deep insights into the underwriting process, focusing on what insurers assess to help CISOs better prepare their organizations for favorable coverage.
  • Navigating Market and Regulatory Changes: Explore how shifts in the cyber insurance market and regulatory landscape affect policy offerings and coverage strategies, empowering CISOs to make informed decisions.
  • Optimization of Insurance Procurement: Discover strategies to streamline the cyber insurance acquisition process, improving how your organization approaches risk transfer and coverage optimization.

David Anderson, Vice President, Cyber, Woodruff Sawyer 

Track B

Ankur Ahuja

CISO, Billtrust

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

New Age of Payment Fraud: Hackers vs. Heroes

Join us as we delve into payment fraud prevention, examining rising threats such as account takeovers and synthetic identity fraud. Our expert panel will explore critical topics, including authentication techniques, data security practices, and adherence to regulatory standards. Additionally, we will address the growing risks associated with social engineering and the specific challenges faced in securing mobile payments.
 
Key topics include:
  • The Evolving Face of Payment Fraud: Unpacking New Trends and Their Industry Impact
  • Uncovering Weaknesses in Digital Payments: Lessons from Real-World Exploits
  • Harnessing AI for Fraud Prevention: The Transformative Role of Machine Learning
  • Mastering the Maze of International Fraud: Tackling Cross-Border Payment Challenges

Ankur Ahuja, CISO, Billtrust

 

Michael Woodson, Information Security and Privacy Director, 

Sonesta Hotels

Financial Services Cybersecurity Summit

Secure the Non-Human Identity Nightmare

R&D teams create and scatter secrets across vaults, code, collaboration solutions and more without any oversight or control by security teams. Secret-based breaches are among the top three attack vectors, and they are the most destructive.

What solution is needed to enable organizations to securely utilize non-human identities and secrets? How can you detect, safeguard, and provide context for secrets stored across vaults, source code, collaboration tools, cloud environments, and SaaS platforms?

Introducing Entro – the complete platform for non-human identity & Secrets management.

With Entro, Security teams can finally efficiently oversee and protect non-human identities with automated lifecycle processes and seamless integration, ensuring comprehensive security and compliance through a unified interface.

Sohail Iqbal, CISO, Veracode

Josh Cigna

Solutions Architect, Yubico

Enterprise Passkey Implementations: Key Considerations and Tradeoffs

Over the last year passkeys as a concept has really gained momentum as consumers and organizations alike are assessing what passkeys are and their benefits. And there is not just one type of passkey. It seems that every other day there is a new type of passkey on the scene ranging from synced passkeys to device-bound passkeys. But which one is right for your organization?

Join this session to learn about:

  • The different types of passkey implementations including:
  • Why enterprises should consider the user onboarding, account/credential recovery, compliance and risk exposure aspects when deciding the right passkey strategy.
  • Gain an understanding of real life enterprise scenarios and how to avoid common security and usability pitfalls.

Josh Cigna, Solutions Architect, Yubico

Financial Services Cybersecurity Summit

Fight Deepfakes and Fraud with Decentralized Identity

Organizations spend more than $30 million to combat threats, but traditional methods of identifying, authenticating and authorizing users are fraught with vulnerabilities. It’s time for a more secure and user-friendly model. Join Ping Identity to learn how PingOne Neo, our decentralized identity solution, prevents fraud by proofing and verifying digital identity securely in a shareable way.

Sohail Iqbal, CISO, Veracode

Financial Services Cybersecurity Summit

The Intelligent SOC: Fusion Methodology at the Intersection of Intelligence, Context, and Action in Modern Enterprises

As adversarial activity grows more sophisticated, defenders face escalating challenges compounded by resource constraints. To effectively combat these threats, defenders require advanced tools and capabilities that deliver high-quality intelligence from various sources.

This session will explore:

  • The need to move beyond traditional methods and adopt an intelligence fusion center approach;
  • Insights into identifying and mitigating threats through intelligence tradecraft, advanced technology, and applied data science;
  • What the future of cybersecurity defense will look like against emerging threats.

Itzik Alvas, CEO & Co-founder, Entro Security

Financial Services Cybersecurity Summit

Understanding Real-World Social Engineering Threats

Join Fortra, as we explore:

  • How attackers craft convincing and deceptive scenarios to manipulate their targets;
  • Effective training methods to prepare employees for recognizing and countering these attacks;
  • Real-world examples showcasing the latest social engineering attacks and their impacts;

Trevor Foskett, Senior Director, Solutions Engineering, Virtru

Erik Gaston

Vice President, Global Executive Engagement, Tanium

AI: Managing Excitement & Risk | Balancing Innovation, Speed, Security, and Shadow AI in Financial Services

In this talk, we’ll explore the challenges of Shadow AI , the balance between speed and security, and the remotion responses individuals and organization face when navigating technological change. Join us to discover strategies for combatting Shadow Ai while driving innovation and learn how industry standards and future AI advancements will shape the next phase of adoption.

Erik Gaston, Vice President, Global Executive Engagement,

Tanium

Oriel Vaturi

CEO, Ovalix Security

From Strategy to Execution: Gaps Between Teams, Tools, and Processes

Unaddressed misalignments mean inconsistent processes, ineffective teams, and underutilized tools, leading to widespread inefficiencies, governance gaps, and increased risks of security breaches. Without clear and unified control over these elements, organizations incur these hidden costs every day. Introducing Ovalix: a unified platform for complete visibility and control over your security landscape. Ovalix bridges the gap between your teams, tools, and processes and ensures every aspect of your security strategy is optimized, helping you reduce risks, close governance gaps, and improve overall efficiency.

Oriel Vaturi, CEO, Ovalix Security

Boris Klyuchnikov

Special Agent, Cyber Crime Task Force, FBI

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury Cyber Investigations Unit

Ryan Roobian

Global Solutions Architect, Google Cloud Security

Deep Fakes, Real Stakes: Unmasking Cyber Deception in a High-Stakes Tabletop Simulation

This interactive session is meticulously crafted to mimic a sophisticated cyber attack.
It aims to bolster strategic response capabilities and enhance operational readiness against the backdrop of advanced cyber threats. The focal point of this exercise is a strategically crafted deep fake incident targeting a corporate executive, weaving together elements of social engineering, financial fraud, and the challenges posed by emerging technological threats.
What You Will Gain From This Experience
• Enhanced Organizational Readiness: To critically assess and improve organizational preparedness in responding to intricate cyber incidents involving deep fake technology and social engineering.
• Interagency Collaboration and Knowledge Exchange: To strengthen the partnership and information sharing between the sponsor and leaders in the private sector cybersecurity community.
• Strategic Response Development: To create all-encompassing incident response strategies that cover legal, technical, and communicational facets, while also identifying and rectifying weaknesses in existing cybersecurity policies and governance.
 

Boris Klyuchnikov, Special Agent, Cyber Crime Task Force, FBI

 

Seth Rose, Supervisory Special Agent Group 06, U.S. Department of 

the Treasury Cyber Investigations Unit

 

Ryan Roobian, Global Solutions Architect, Google Cloud Security

Exhibition & Networking Break

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Chetan Patel

Senior Vice President - CISO US & UK, Helaba

Protecting Digital Identity: Combatting Account Takeovers in Financial Services

This session will delve into the mechanics of account takeovers, highlighting how attackers pose as legitimate users to gain prolonged, undetected access to accounts. It will explore:

  • Methods employed by cybercriminals, such as brute force attacks, phishing, and malware.
  • The importance of implementing MFA and robust identity and access management frameworks to protect private data.
  • The broader implications of account takeovers beyond individual consumers, including risks to supply chains and vendors.
  • Preventing illegitimate access to cloud applications and ensuring continuous authentication and authorization of all users and devices.

Anthony Scarola, SVP; Director of IT Governance, Risk &

Compliance, Apple Bank 

 

Chetan Patel, Senior Vice President – CISO US & UK, Helaba

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Ali Khan

CISO, Better.com

Financial Fortification: The Power of Interdisciplinary Risk Management

The panel will focus on the importance of establishing a common language across different risk domains and explore how fostering interdisciplinary communication and understanding is crucial for timely and effective threat response, aligning different departments under a unified risk management objective.

Discussion Highlights:

  • Collaborative Frameworks: Examine how CISOs and IT teams in financial services can seamlessly integrate security measures with everyday IT operations.
  • Success Stories: Highlight case studies from the financial sector that showcase the benefits of partnerships between risk functions, emphasizing efficient risk mitigation and the development of a robust cybersecurity culture.
  • Shared Language and Interdisciplinary Teams: Offer insights on establishing a common language for risk communication, forming interdisciplinary teams, and the importance of vigilant monitoring and rapid response systems in financial institutions.
  • Championing Security Investments: Discuss the critical role of CISOs in advocating for security investments and the necessity of executive support to foster an organizational environment that prioritizes cybersecurity awareness in financial services.

Vlad Brodsky, SVP, Chief Information Security Officer, OTC

Markets Group

 

Ali Khan, CISO, Better.com

Closing Comments

Don’t miss your chance to attend this dynamic impactful event

@ ISMG_News    #ISMGSummits

Sponsors

Recorded Future logo
Axonius logo

The Summit Experience

CPE Credits

ISMG Summits offers Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.

Register

RSVP here to attend our events. You can select for multiple or individual tickets. 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Upcoming ISMG Events

October 4-6, 2024

CISO Engage: Offsite, Jaisalmer

October 10, 2024

Simplifying Security: Understanding SASE Fundamentals

October 23, 2024

The Elastic and Google Cloud GenAI Roadshow London: Explore the Next Generation of AI-Driven Search and Insight

October 24, 2024

The Elastic and Google Cloud GenAI Roadshow Seattle: Explore the Next Generation of AI-Driven Search and Insight

October 29-30, 2024

Virtual Government Cybersecurity Summit

Upcoming ISMG Events

October 4-6, 2024

CISO Engage: Offsite, Jaisalmer

October 10, 2024

Simplifying Security: Understanding SASE Fundamentals

October 23, 2024

The Elastic and Google Cloud GenAI Roadshow London: Explore the Next Generation of AI-Driven Search and Insight