November 7, 2024

Cybersecurity Summit NY: Financial Services Hosted by BankInfoSecurity

8:00 AM ET - 5:00 PM ET

Event Overview

ISMG Summits feature carefully curated agendas delivering keynotes from industry luminaries, case-based learning, solution room workshops, private roundtable discussions, one-to-one networking and more. Our geo-targeted, industry-specific, and topic-driven events provide actionable education for security leaders’ top priorities and challenges.

View our ISMG Event Experience video to see what your peers are saying about their participation.

Venue

New York

TBC

NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Highlight Topics

Critical Infrastructure
Incidence Response
Supply Chain Threats and Response
Cyber Attacks
Zero Trust

Speakers

Thought Leaders on Stage and Leading Deep Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JP Morgan Chase

Aravind Swaminathan

Global Co-Chair Cybersecurity and Data Privacy, Orrick, Herrington & Sutcliffe LLP

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Susan Koski

CISO and Head of Enterprise Information Security, The PNC Financial Services Group

John Chan

Director of Technology - AI/ML, Raymond James

Umesh Yerram

Global CISO, Cboe Global Markets

Bjorn Austraat

Senior Vice President, Head of AI Acceleration, Truist

Sohail Iqbal

CISO, Veracode

Heather West

Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa

Head of Digital Transformation Office, Société Générale

Patrice Boffa

Chief Customer Officer, Arkose Labs

Itsik Alvas

CEO & Co-founder, Entro Security

Speakers

Thought Leaders on Stage and Leading the Critical Conversations

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Financial Services Cybersecurity Summit

Navigating the Storm: Protecting Financial Services in an Era of Cyber Turbulence

In the realm of financial services, the ever-looming specter of cyber threats casts a long shadow. Hacking and malware stand as formidable adversaries, continually challenging the security measures put in place by financial institutions. Yet, a storm is brewing on the horizon, as insider threats and accidental disclosures gather momentum, threatening to reshape the landscape of risk.

As if these challenges weren’t enough, the financial sector finds itself at a pivotal juncture with the soaring adoption of cloud technology. The allure of the cloud brings efficiency and scalability but also amplifies the risk, promising to usher in a new era of cyber vulnerabilities.

Drawing from commonly accepted statistics, we find that 75 percent of data breaches in this sector involve hacking and malware, while accidental disclosures account for 18 percent. The unsettling rise of insider threats has reached 6 percent, and physical breaches remain at 2 percent. The numbers are clear, and the message is stark: the financial services industry is at a crossroads, facing a complex and evolving cybersecurity landscape.

Join us for an exclusive keynote session that brings together top practitioners from some of the nation’s leading financial institutions. This gathering presents a masterclass in Chief Information Security Officer (CISO) leadership, addressing the latest developments and threats impacting the financial services industry.

Key discussion points will include:

The expanded attack surfaces created by the increased reach of APIs.
Leveraging the capabilities of artificial intelligence to bolster fraud detection and threat monitoring.
Strategies for safeguarding reputational integrity in the face of data breaches.
Navigating the complex web of state and federal regulations to ensure compliance.

In an age where the storm clouds of cyber threats gather, this keynote promises invaluable insights to help financial institutions fortify their defenses and chart a course to greater cybersecurity resilience.

Susan Koski, CISO, The PNC Financial Services Group

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JP Morgan Chase

Financial Services Cybersecurity Summit

Guardians of Revenue Protection: Navigating Evolving Cyber Threats in Financial Services

While CISOs don't generate revenue, you do have the responsibility of protecting revenue-generating activities and environments - your website and apps.

In this session, we’ll discuss specific attack types, like micro-deposit fraud, account origination, credential stuffing, and SMS Toll Fraud, that attackers are using intelligent bots in new ways to hone in on your online environments. The session will consist of real-world situations, actionable insights, and we’ll even look into our crystal ball and share emerging threats based on attack patterns we’re observing.

Patrice Boffa, Chief Customer Officer, Arkose Labs

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JP Morgan Chase

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology &

Operations, Citi

Financial Services Cybersecurity Summit

Software Security: How to Prioritize, Measure and Convey it to the Board

Amid the shifting threat landscape, cloud migration and ongoing digital transformation, software security is often low on a security leader's list of priorities.

But the cybersecurity executive order and continuing high-profile breaches have increased awareness around cybersecurity – especially for software – among the members of the board at organizations, making it important for security leaders to communicate to them about the organization’s risk posture.

But software security solutions differ from other security solutions: You don’t install a tool; you have to build security in from the start.

This session covers the following questions that security leaders want answered:

• How do you approach the software security challenge, and where is it among your priorities?

• How do you make the successful business case for a software security program?

• With a program in place, how do you ensure your developers are following your standards?

• How do you measure the success of your program?

• How do you communicate the metrics to your board and senior management?

Sohail Iqbal, CISO, Veracode

Financial Services Cybersecurity Summit

Modernization and Your Data: A New Take on Security and Compliance

Luke Babarinde, Global Solutions Architect, Imperva

Networking and Exhibition Break

Financial Services Summit

Nefarious Use of Modern Money

This panel discussion covers the criminal use of newer forms of money movement to hide criminal proceeds and cash out.

It examines how criminals use money movement with Sell, Coinbase, Fan Duel and other legalized gambling mechanisms.

Financial Services Cybersecurity Summit

Reclaim Control Over Your Secrets

Organizations large and small grapple with the challenge of secret sprawl as their cloud-native stack expands. R&D teams create and scatter secrets across vaults, code, collaboration solutions and more without any oversight or control by security teams.

Secret-based breaches are among the top three attack vectors, and they are the most destructive. What is the solution needed to protect organizations from exposed secrets?

How can you detect, safeguard and provide context for secrets stored across vaults, source code, collaboration tools, cloud environments and SaaS platforms?

Introducing Entro’s Secrets Security and Management Platform, which is designed specifically for CISOs and security teams to provide them with full oversight and the ability to govern any secret from a single pane of glass, integrating into all places in which secrets can be found, including BYOV – bring your own vault.

Itzik Alvas, CEO & Co-founder, Entro Security

Financial Services Summit

Cyber Blame Game: Navigating Legal Liability Before and After a Breach– Fireside Chat

Join us for this interactive session for Chief Information Security Officers (CISOs) and their teams to discuss the increased legal scrutiny they face following significant breaches.

After a company discovers a cyberattack on its network, the finger-pointing begins. The CEO blames the chief information security officer (CISO). The CISO blames the financial officers for not setting aside enough money for cyber defenses. The chief information officer begins to look for a scapegoat further down the supply chain. Maybe they fire a low-level employee who made a mistake or point to a vulnerability within a third-party vendor’s security system. Or, if the incident took place in the cloud, is the cloud provider or the data owner at fault?

Individual liability for cyber incidents is also evolving, with potential legal issues arising from failure to report incidents. While executives and boards of directors have largely gone unscathed in the legal aftermath of a cyber incident, this is not always true for CISO’s and their teams.

In this session, we will cover:

• The common blame game that occurs within companies after a cyberattack, and the importance of identifying who is legally liable.

• The Business Judgment Rule and how it may protect high-level executives and boards of directors from liability in cases of poor or unwise decisions made in good faith using appropriate procedures.

• The potential designation of CISOs as the “designated felon” in some cases of cyber incidents, and how they can protect themselves from legal and financial consequences through employment contract considerations.

• The evolving individual liability for cyber incidents, and the potential legal issues arising from failure to report incidents.

• The various insurance policies that CISOs must consider, such as cyber and Directors and Officers (D&O) insurance, to address their concerns about insurance coverage, and the obstacles they face in obtaining adequate coverage.

Financial Services Cybersecurity Summit

Navigating the Technical Landscape of AI: Empowering CISOs for Secure Implementation

As the digital landscape continues to evolve, the integration of AI and ML technologies into organizations' operations has become increasingly prevalent.

These transformative technologies hold great potential for enhancing efficiency, automation, and decision-making processes. However, with the tremendous benefits they offer, AI and ML also bring about unique challenges and risks that demand the attention of CISO’s.

This session is designed specifically for CISOs seeking to fortify their understanding of AI technologies and their implications on cybersecurity. The session will delve into the technical intricacies of AI systems and explore the pivotal role CISOs play in ensuring a secure and responsible AI implementation within their organizations.

Key topics covered during the session will include:

Fundamentals of AI and ML: Learn core principles and algorithms powering AI and ML. Helps CISOs understand AI-driven app mechanics.
AI in Cybersecurity: Exploring the current landscape of AI applications in the realm of cybersecurity, including threat detection, anomaly identification, and risk assessment, along with insights into the potential for AI-driven attacks.
Data Privacy and Ethics: Addressing the ethical considerations and data privacy challenges that arise from AI implementation
Adversarial AI and Mitigation Strategies: Analyzing the concept of adversarial AI, its potential to subvert AI systems, and best practices for safeguarding AI algorithms from malicious attacks.
AI Governance and Risk Management: Highlighting the significance of comprehensive AI governance frameworks and risk management strategies to mitigate potential AI-related risks effectively.
Collaborating with AI Teams: Strategies for fostering collaboration between CISOs and AI development teams, facilitating a cohesive approach to security in AI projects.

John Chan, Director of Technology – AI/ML, Raymond James

Heather West, Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa, Head of Digital Transformation Office, Société Générale

Karamjit Singh, Director, Artificial Intelligence, Mastercard

Lunch and Exhibition Break

Financial Services Cybersecurity Summit

From Vulnerable to Vault: Why FinServ Cyber Professionals Can’t Ignore Datacentric Security

Security leaders are responsible for safeguarding revenue-generating assets such as customer data and proprietary algorithms that are critical to your company’s bottom line, and if your information security program isn’t in compliance, the financial effects can be massive.

In this session, Trevor Foskett, senior director of solutions engineering at Virtru, will offer you a quick and comprehensive dive into datacentric security via Virtru’s Gateway.

Foskett will walk through real-world challenges such as compliance breaches, unauthorized data access, and sophisticated cyberthreats that your organization faces. Virtru’s Gateway sets a new standard in datacentric protection by integrating military-grade encryption, granular access controls, and stringent policy enforcement – safeguarding your data from endpoint to endpoint and everywhere in between.

Just as attackers evolve, so must our defenses. Garner immediate, actionable insights into fortifying your tech stack. Equip yourself with strategies to not only counteract today’s threats but also to preemptively mitigate the risks of tomorrow.

Trevor Foskett, Senior Director, Solutions Engineering, Virtru

Financial Services Cybersecurity Summit

Real-Time Attack Tracing and Automation in the SOC

Threat detection and response should take seconds – not minutes.

Real-time analytics is especially crucial for enterprises in the financial sector. Discover the full Devo stack and how it can support your SOC. See how your team can quickly identify and respond to security events, boost your SOC performance, and augment your analysts with AI – eliminating over 95% of security alerts.

David Cifuentes, Global Director of Solution Engineering, Devo Technology

Financial Services Cybersecurity Summit

From Attack to Recovery: Incident Response in Ransomware Scenarios

Ransomware persists among one of the most high-stakes threats cybersecurity leaders face, no matter how robust their organization’s security architecture may be. With growing attack vectors comes increased risk, whether through internal lapses in coverage, those in a partner’s supply chain, or the danger of human error, threat actors deploy increasingly sophisticated techniques to exploit vulnerabilities and infiltrate previously secure networks.

As a precursor to an interactive incident response workshop, learn from industry leaders who have faced and defended against the pervasive threat of ransomware attacks firsthand. Attendees will hone their knowledge of ransomware attacks and their own organizations’ potential vulnerabilities as they prepare to enter The Solution Room.

Key topics include:

Learn how to leverage public-private engagement to stay aware of global threats.

Explore best practices for preparation and response to ransomware attacks, while considering their impact on client and proprietary data.

Identify how to most effectively inform internal stakeholders of a security breach.

Gain a comprehensive understanding of ransomware’s complexities, and develop robust strategies for safeguarding digital assets in the face of this evolving cybercrime methods.

Stephen Dougherty, Special Agent, U.S Secret Service

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JP Morgan Chase

Tim Gallo, Global Security Architect Mandiant

Financial Services Summit

The Solution Room: CyberEdBoard and USSS

The Solution Room offers cybersecurity leaders a highly engaging and interactive conference session, providing them with peer-to-peer support and subject matter expertise to tackle their most pressing challenges.

Participants are invited to join one of the tables for this collaborative session, co-moderated by a CyberEdBoard Member and a distinguished Secret Service Agent.

During this interactive session, CISOs and cybersecurity professionals will engage in a dynamic and timely exercise centered on a global ransomware attack. The scenario revolves around a fictional shipping and Logistics Company and its semiconductor manufacturer supply chain partner.

The exercise is structured into three phases, each presenting unique challenges and crucial decision points relevant to real-life incident response.

The session’s objective is to provide practical insights into managing a global ransomware attack, mitigating supply chain risks, effectively engaging with law enforcement, and fostering a cyber-resilient organizational culture. By actively participating in the exercise, participants will gain valuable experience in dealing with cyber threats and hone their incident response preparedness, ultimately strengthening their organization’s cybersecurity defenses in the face of evolving challenges.

Claire Le Gal, Senior Vice President, Cyber Security & Risk Products, Mastercard

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JP Morgan Chase

Stephen Dougherty, Special Agent, U.S Secret Service

Aravind Swaminathan, Partner, Orrick

Steven Wallstedt, CISO, North America of ABN AMRO

Tim Gallo, Global Security Architect Mandiant

Networking and Exhibition Break

Financial Services Cybersecurity Summit

Cyber Insurance and Risk: What to expect

When CNA Financial – a top U.S. insurance company – was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data.

How do record-high ransomware incidents – and ransoms – affect the cyber insurance sector? What are the emerging standards for coverage, as well as legislative trends affecting the practice?

This exclusive panel tackles these questions as well as:

• Proving cyber insurance value;

• Partnering to build resiliency;

• The rising bar for entities to qualify for cyber insurance.

Steven Wallstedt, CISO, North America of ABN AMRO

Vlad Brodsky, CISO, OTC Markets Group

Financial Services Summit

Myth-Busting and the Move Toward a Clear Legal and Regulatory Framework for Crypto

In 2021 we saw a steady drum beat toward mainstream adoption of cryptocurrencies by traditional financial institutions and investors of all sizes.

We saw a move from a Bitcoin only world to an explosion of digital assets. And, we saw global regulators and policy makers begin discussions about building a clear regulatory framework for crypto. But, questions still remain and many myths still permeate the conversation. Crypto is only used for illicit activity. Crypto causes ransomware. Cryptocurrencies are unregulated and pose systemic risk. Join Dante Disparte of Circle, Perianne Boring of the Chamber of Digital Commerce and Ari Redbord of TRM Labs for some myth busting and a discussion of what to expect from crypto regulation and legislation in 2022 and beyond.

Financial Services Cybersecurity Summit

Cyber Blame Game: Navigating Legal Liability Before and After a Breach

Join us for this interactive session for Chief Information Security Officers (CISOs) and their teams to discuss the increased legal scrutiny they face following significant breaches. After a company discovers a cyberattack on its network, the finger-pointing begins. The CEO blames the chief information security officer (CISO).

The CISO blames the financial officers for not setting aside enough money for cyber defenses. The chief information officer begins to look for a scapegoat further down the supply chain. Maybe they fire a low-level employee who made a mistake or point to a vulnerability within a third-party vendor’s security system. Or, if the incident took place in the cloud, is the cloud provider or the data owner at fault?

In this session, we will cover:

• The common blame game that occurs within companies after a cyberattack, and the importance of identifying who is legally liable.

• The evolving individual liability for cyber incidents, and the potential legal issues arising from failure to report incidents.

Aravind Swaminathan, Partner, Orrick