November 7, 2024

Cybersecurity Summit NY: Financial Services Hosted by BankInfoSecurity

7:30 AM ET - 4:10 PM ET

Event Overview

ISMG Summits feature carefully curated agendas delivering keynotes from industry luminaries, case-based learning, solution room workshops, private roundtable discussions, one-to-one networking and more. Our geo-targeted, industry-specific, and topic-driven events provide actionable education for security leaders’ top priorities and challenges.

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Highlight Topics

  • Critical Infrastructure
  • Incidence Response
  • Supply Chain Threats and Response
  • Cyber Attacks
  • Zero Trust

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

David Anderson

Vice President, Cyber, Woodruff Sawyer

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Erika Dean

CSO, Robinhood

Ali Khan

CISO, Better.com

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

Kevin Li

CISO, Cohen & Steers

Chetan Patel

SVP - CISO US & UK, Helaba

Stanley Lowe

CISO, U.S. Department of the Interior

Kevin Li

CISO, Cohen & Steers

Patrice Boffa

Chief Customer Officer, Arkose Labs

Itsik Alvas

CEO & Co-founder, Entro Security

Speakers

Thought Leaders on Stage and Leading the Critical Conversations

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

Kevin Li

CISO, Cohen & Steers

Erika Dean

CISO, Robinhood Markets

Eric Boateng

CISO, MassMutual

The Shifting Responsibilities of InfoSec Leaders Across Financial Services

Although all employees share the responsibility for cybersecurity, Chief Information Security Officers, Chief Risk Officers, and other senior security leaders are at the forefront, confronting cyber threats directly. Simply put, these essential responsibilities can no longer be regarded as back-office functions; these roles have gained strategic importance due to the growing sophistication of cybercriminals, their advanced tools, and the significant financial implications at stake.

Key Discussion Points:

  • Strengthening Multifactor Authentication: Proactively implement robust authentication methods to prevent high-risk data breaches.
  • Mitigating API Security Risks: Integrate real-time monitoring and threat detection to secure APIs against emerging vulnerabilities.
  • Enhancing Cloud Security Protocols: Identify and address gaps in SaaS deployments to ensure comprehensive cloud protection.
  • Managing Vendor Risks Proactively: Develop and enforce stringent risk management frameworks for third- and fourth-party vendors to minimize exposure.

Kevin Li, CISO, Cohen & Steers

 

Erika Dean, CSO, Robinhood Markets

 

Eric Boateng, CISO, MassMutual

Financial Services Cybersecurity Summit

2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

But how resilient are your users when it comes to fending off these threats? We looked at 11.9 million users across 55,675 organizations to find out.

In this session, you will learn the following:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • How to radically lower Phish-prone™ Percentage within 90 days
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

 

Anthony Scarola, SVP; Director of IT Governance, Risk & Compliance,

Apple Bank 

 

Chetan Patel, Senior Vice President – CISO US & UK, Helaba

Financial Services Cybersecurity Summit

Threat Intelligence: Proactive Security Posture Against Evolving Adversaries

This session will equip CISOs with the latest analysis on the global threat landscape, the ways in which bad actors are leveraging emerging technologies to exploit traditional weaknesses, and bold strategies for combatting new and evolving threats. Key takeaways will include:

  • Integrating new threat intelligence protectively into a robust risk management framework.
  • Analyzing the rise in zero-day attacks and the blind spots they exploit.
  • Understanding how AI/ML capabilities are being leveraged by adversaries for future attacks and how they can be leveraged to neutralize them.
  • Considering the role of behavioral analytics in enhancing threat detection capabilities.

Anthony Scarola, SVP; Director of IT Governance, Risk & Compliance,

Apple Bank 

 

Chetan Patel, Senior Vice President – CISO US & UK, Helaba

Financial Services Cybersecurity Summit

Best Practices for Zero-Day Vulnerability Attack Responses & Emergency Assessments

Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We’ll outline what’s required to prepare in advance so you’re ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we’ll cover the necessary steps and considerations for an effective response plan.

Session attendees will learn:

  • How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
  • How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
  • How quick-assess campaigns can automatically scope, distribute, and score responses

Networking and Exhibition Break

Financial Services Cybersecurity Summit

Secure the Non-Human Identity Nightmare

R&D teams create and scatter secrets across vaults, code, collaboration solutions and more without any oversight or control by security teams. Secret-based breaches are among the top three attack vectors, and they are the most destructive.

What solution is needed to enable organizations to securely utilize non-human identities and secrets? How can you detect, safeguard, and provide context for secrets stored across vaults, source code, collaboration tools, cloud environments, and SaaS platforms?

Introducing Entro – the complete platform for non-human identity & Secrets management.

With Entro, Security teams can finally efficiently oversee and protect non-human identities with automated lifecycle processes and seamless integration, ensuring comprehensive security and compliance through a unified interface.

Sohail Iqbal, CISO, Veracode

Financial Services Cybersecurity Summit

Enterprise Passkey Implementations: Key Considerations and Tradeoffs

Over the last year passkeys as a concept has really gained momentum as consumers and organizations alike are assessing what passkeys are and their benefits. And there is not just one type of passkey. It seems that every other day there is a new type of passkey on the scene ranging from synced passkeys to device-bound passkeys. But which one is right for your organization?

Join this session to learn about:

  • The different types of passkey implementations including:
  • Why enterprises should consider the user onboarding, account/credential recovery, compliance and risk exposure aspects when deciding the right passkey strategy.
  • Gain an understanding of real life enterprise scenarios and how to avoid common security and usability pitfalls.

Sohail Iqbal, CISO, Veracode

Financial Services Cybersecurity Summit

Fight Deepfakes and Fraud with Decentralized Identity

Organizations spend more than $30 million to combat threats, but traditional methods of identifying, authenticating and authorizing users are fraught with vulnerabilities. It’s time for a more secure and user-friendly model. Join Ping Identity to learn how PingOne Neo, our decentralized identity solution, prevents fraud by proofing and verifying digital identity securely in a shareable way.

Sohail Iqbal, CISO, Veracode

Track A

David Anderson

Vice President, Cyber, Woodruff Sawyer

Under the Cyber Hood: Exploring Insurance Myths and Realities

 Panelists will provide a roadmap for CISOs to fully leverage cyber insurance, safeguarding their security while clarifying its scope and debunking common misconceptions about its effectiveness and sustainability.

The discussion will explore key factors that insurers consider during the underwriting process, illustrating how companies can align their cyber insurance strategy with broader risk management objectives. Special attention will be paid to the strategic benefits of pre-breach services such as risk assessments and vulnerability scans, and post-breach services like incident response and claims support, which are pivotal in minimizing the impact of security incidents.

Key Takeaways:

  • Comprehensive Risk Management: Learn how to utilize cyber insurance as a tool for comprehensive risk management by integrating both pre-breach and post-breach services to enhance your cybersecurity posture.
  • Underwriting Insights for CISOs: Gain deep insights into the underwriting process, focusing on what insurers assess to help CISOs better prepare their organizations for favorable coverage.
  • Navigating Market and Regulatory Changes: Explore how shifts in the cyber insurance market and regulatory landscape affect policy offerings and coverage strategies, empowering CISOs to make informed decisions.
  • Optimization of Insurance Procurement: Discover strategies to streamline the cyber insurance acquisition process, improving how your organization approaches risk transfer and coverage optimization.

David Anderson, Vice President, Cyber, Woodruff Sawyer 

Track B

Ankur Ahuja

CISO, Billtrust

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

New Age of Payment Fraud: Hackers vs. Heroes

Join us as we delve into payment fraud prevention, examining rising threats such as account takeovers and synthetic identity fraud. Our expert panel will explore critical topics, including authentication techniques, data security practices, and adherence to regulatory standards. Additionally, we will address the growing risks associated with social engineering and the specific challenges faced in securing mobile payments.
 
Key topics include:
  • The Evolving Face of Payment Fraud: Unpacking New Trends and Their Industry Impact
  • Uncovering Weaknesses in Digital Payments: Lessons from Real-World Exploits
  • Harnessing AI for Fraud Prevention: The Transformative Role of Machine Learning
  • Mastering the Maze of International Fraud: Tackling Cross-Border Payment Challenges

Ankur Ahuja, CISO, Billtrust

 

Michael Woodson, Information Security and Privacy Director, Sonesta

Hotels

Track A

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Chetan Patel

Senior Vice President - CISO US & UK, Helaba

Protecting Digital Identity: Combatting Account Takeovers in Financial Services

This session will delve into the mechanics of account takeovers, highlighting how attackers pose as legitimate users to gain prolonged, undetected access to accounts. It will explore:

  • Methods employed by cybercriminals, such as brute force attacks, phishing, and malware.
  • The importance of implementing MFA and robust identity and access management frameworks to protect private data.
  • The broader implications of account takeovers beyond individual consumers, including risks to supply chains and vendors.
  • Preventing illegitimate access to cloud applications and ensuring continuous authentication and authorization of all users and devices

Anthony Scarola, SVP; Director of IT Governance, Risk & Compliance,

Apple Bank 

 

Chetan Patel, Senior Vice President – CISO US & UK, Helaba

Track B

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Ali Khan

CISO, Better.com

Financial Fortification: The Power of Interdisciplinary Risk Management

The panel will focus on the importance of establishing a common language across different risk domains and explore how fostering interdisciplinary communication and understanding is crucial for timely and effective threat response, aligning different departments under a unified risk management objective.

Discussion Highlights:

  • Collaborative Frameworks: Examine how CISOs and IT teams in financial services can seamlessly integrate security measures with everyday IT operations.
  • Success Stories: Highlight case studies from the financial sector that showcase the benefits of partnerships between risk functions, emphasizing efficient risk mitigation and the development of a robust cybersecurity culture.
  • Shared Language and Interdisciplinary Teams: Offer insights on establishing a common language for risk communication, forming interdisciplinary teams, and the importance of vigilant monitoring and rapid response systems in financial institutions.
  • Championing Security Investments: Discuss the critical role of CISOs in advocating for security investments and the necessity of executive support to foster an organizational environment that prioritizes cybersecurity awareness in financial services.

Vlad Brodsky, SVP, Chief Information Security Officer, OTC Markets

Group

 

Ali Khan, CISO, Better.com

Financial Services Cybersecurity Summit

The Intelligent SOC: Fusion Methodology at the Intersection of Intelligence, Context, and Action in Modern Enterprises

As adversarial activity grows more sophisticated, defenders face escalating challenges compounded by resource constraints. To effectively combat these threats, defenders require advanced tools and capabilities that deliver high-quality intelligence from various sources.

This session will explore:

  • The need to move beyond traditional methods and adopt an intelligence fusion center approach;
  • Insights into identifying and mitigating threats through intelligence tradecraft, advanced technology, and applied data science;
  • What the future of cybersecurity defense will look like against emerging threats.

Itzik Alvas, CEO & Co-founder, Entro Security

Financial Services Summit

ovalix

After a company discovers a cyberattack on its network, the finger-pointing begins. The CEO blames the chief information security officer (CISO). The CISO blames the financial officers for not setting aside enough money for cyber defenses. The chief information officer begins to look for a scapegoat further down the supply chain. Maybe they fire a low-level employee who made a mistake or point to a vulnerability within a third-party vendor’s security system. Or, if the incident took place in the cloud, is the cloud provider or the data owner at fault?
Individual liability for cyber incidents is also evolving, with potential legal issues arising from failure to report incidents. While executives and boards of directors have largely gone unscathed in the legal aftermath of a cyber incident, this is not always true for CISO’s and their teams.
In this session, we will cover:
• The common blame game that occurs within companies after a cyberattack, and the importance of identifying who is legally liable.
• The Business Judgment Rule and how it may protect high-level executives and boards of directors from liability in cases of poor or unwise decisions made in good faith using appropriate procedures.
• The potential designation of CISOs as the “designated felon” in some cases of cyber incidents, and how they can protect themselves from legal and financial consequences through employment contract considerations.
• The evolving individual liability for cyber incidents, and the potential legal issues arising from failure to report incidents.
• The various insurance policies that CISOs must consider, such as cyber and Directors and Officers (D&O) insurance, to address their concerns about insurance coverage, and the obstacles they face in obtaining adequate coverage.

Financial Services Cybersecurity Summit

AI-Driven Insights for Asset Visibility and Streamlined Patch Management

Finally, we will explore the broader role of AI and automation in revolutionizing IT operations, from accelerating incident response times to enhancing overall operational efficiency.

Discussion Points

  • Understand the critical importance of maintaining a real-time, accurate inventory of IT assets across your enterprise.
  • Learn how to streamline patch management processes using AI-driven insights and automation.
  • Explore the transformative role of AI and automation in revolutionizing IT operations. Learn how these technologies can accelerate incident response times, enhance operational efficiency, and reduce downtime, ultimately driving strategic business outcomes.
  • Gain actionable insights into how your organization can harness these advanced technologies to improve security, streamline operations, and achieve long-term business success.

Trevor Foskett, Senior Director, Solutions Engineering, Virtru

Exhibition Break

Financial Services Cybersecurity Summit

Understanding Real-World Social Engineering Threats

Join Fortra, as we explore:

  • How attackers craft convincing and deceptive scenarios to manipulate their targets;
  • Effective training methods to prepare employees for recognizing and countering these attacks;
  • Real-world examples showcasing the latest social engineering attacks and their impacts;

Trevor Foskett, Senior Director, Solutions Engineering, Virtru

Boris Klyuchnikov

Special Agent, Cyber Crime Task Force, FBI

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Real-Time Attack Tracing and Automation in the SOC

Real-time analytics is especially crucial for enterprises in the financial sector. Discover the full Devo stack and how it can support your SOC. See how your team can quickly identify and respond to security events, boost your SOC performance, and augment your analysts with AI – eliminating over 95% of security alerts.

Boris Klyuchnikov, Special Agent, Cyber Crime Task Force, FBI

 

Seth Rose, Supervisory Special Agent Group 06, U.S. Department of the

Treasury Cyber investigations Unit

Closing Comments

Don’t miss your chance to attend this dynamic impactful event

@ ISMG_News    #ISMGSummits

Venue

New York

TBC

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Sponsors

Recorded Future logo
Axonius logo

The Summit Experience

CPE Credits

ISMG Summits offers Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.

Register

RSVP here to attend our events. You can select for multiple or individual tickets. 

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Upcoming ISMG Events

September 17, 2024

Cybersecurity Summit: London

September 24, 2024

The Elastic and Google Cloud GenAI Roadshow San Francisco: Explore the Next Generation of AI-Driven Search and Insight

September 26, 2024

Cybersecurity Summit: Canada East

October 1, 2024

Proactive Cyber Third-Party Risk Management: Gaining Control

October 17, 2024

Government Cybersecurity Summit: DC Hosted by GovInfoSecurity

Upcoming ISMG Events

September 17, 2024

Cybersecurity Summit: London

September 24, 2024

The Elastic and Google Cloud GenAI Roadshow San Francisco: Explore the Next Generation of AI-Driven Search and Insight

September 26, 2024

Cybersecurity Summit: Canada East