November 7, 2024

Cybersecurity Summit NY:
Financial Services

Hosted by BankInfoSecurity

8:30 AM ET - 5:00 PM ET

Event Overview

Across a full day of engaging sessions, our esteemed speakers will offer deep insights into advanced threat intelligence, payment fraud prevention, the transformative impact of AI for threat actors and defenders alike, and how to leverage cyber insurance as a critical component of risk management. Attendees will gain practical, actionable knowledge to strengthen their defenses against emerging cyber threats.

The event will culminate in our highly interactive Solution Room workshop, an interactive incident response session where participants will be thrust into a high-stakes deep fake incident scenario, allowing them to apply key strategies and tools in real-time to enhance their organizations’ crisis planning and incident response frameworks.

View our ISMG Event Experience video to see what your peers are saying about their participation. 

Venue

New York Marriott Downtown

85 West Street at Albany Street New York, NY 10006

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Highlight Topics

  • Critical Infrastructure
  • Incidence Response
  • Supply Chain Threats and Response
  • Cyber Attacks
  • Zero Trust

David Anderson

Vice President, Cyber, Woodruff Sawyer

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Erika Dean

CSO, Robinhood

Ali Khan

CISO, Better.com

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

Kevin Li

CISO, Cohen & Steers

Carlos Suarez

Deputy Information Security Officer, Helaba

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan

Eric Boateng

CISO, MassMutual

Boris Klyuchnikov

Special Agent, Cyber Crime Task Force, FBI

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Speakers

Thought Leaders on Stage and Leading the Critical Conversations

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Opening Remarks

Erika Dean

CSO, Robinhood Markets

Eric Boaeng

CISO, MassMutual

The Shifting Responsibilities of InfoSec Leaders Across Financial Services

Although all employees share the responsibility for cybersecurity, Chief Information Security Officers, Chief Risk Officers, and other senior security leaders are at the forefront, confronting cyber threats directly. Simply put, these essential responsibilities can no longer be regarded as back-office functions; these roles have gained strategic importance due to the growing sophistication of cybercriminals, their advanced tools, and the significant financial implications at stake.

Key Discussion Points:

  • Strengthening Multifactor Authentication: Proactively implement robust authentication methods to prevent high-risk data breaches.
  • Mitigating API Security Risks: Integrate real-time monitoring and threat detection to secure APIs against emerging vulnerabilities.
  • Enhancing Cloud Security Protocols: Identify and address gaps in SaaS deployments to ensure comprehensive cloud protection.
  • Managing Vendor Risks Proactively: Develop and enforce stringent risk management frameworks for third- and fourth-party vendors to minimize exposure.

Erika Dean, CSO, Robinhood Markets
Eric Boateng, CISO, MassMutual

Joanna Huisman

SVP Strategic Insights & Research, KnowBe4

2024 Phishing Attack Landscape & Benchmark

This report highlights employee vulnerability by industry, revealing at-risk users that are susceptible to phishing/social engineering attacks.
 
You will learn:
 
  • Phishing benchmark data for 19 industries and 7 geographical regions
  • Understanding who’s at risk/what you can do
  • Actionable tips to create your human firewall

Joanna Huisman, SVP Strategic Insights & Research, KnowBe4

Charlie Leonard

Principal SecOps Transformation Advisor, Palo Alto Networks

Chris Holden

CISO, Crum & Forster

Erika Dean

CSO, Robinhood Markets

SecOps Transformation - Cybersecurity at Scale

These failures impacted organization’s ability to scale to meet business demands and reduced stability of the security architecture as environments and data volumes grew. The use of AI driven detections, automation, endpoint security, attack surface management and real-time threat intelligence application were the moonshot achievements for security solutions like SIEM, but were never achieved.
 
Join this session to discuss:
 
  • Scaling to meet business demands and stabilizing your security architecture
  • Reimagining organizational  security operations programs based on standardization
  • Achieving the impossible with security information and event management

Charlie Leonard, Principal SecOps Transformation Advisor, Palo Alto Networks
Chris Holden, CISO, Crum & Forster
Erika Dean, CSO, Robinhood Markets

Perraju Nadakuduty

Director & Distinguished Engineer, Capital One

Securing Workforce Identities with Modern FIDO Authentication

The FIDO authentication open standard offers the most modern defense tactic that organizations can leverage to create digital barriers against evolving threats. Learn how to raise the bar for security and innovation by driving phishing-resistant and passwordless authentication and cultivate phishing-resistant users across the enterprise.

Perraju Nadakuduty, Director & Distinguished

Engineer, Capital One

Networking and Exhibition Break

Track A

David Anderson

Vice President, Cyber, Woodruff Sawyer

Under the Cyber Hood: Exploring Insurance Myths and Realities

 Panelists will provide a roadmap for CISOs to fully leverage cyber insurance, safeguarding their security while clarifying its scope and debunking common misconceptions about its effectiveness and sustainability.

The discussion will explore key factors that insurers consider during the underwriting process, illustrating how companies can align their cyber insurance strategy with broader risk management objectives. Special attention will be paid to the strategic benefits of pre-breach services such as risk assessments and vulnerability scans, and post-breach services like incident response and claims support, which are pivotal in minimizing the impact of security incidents.

Key Takeaways:

  • Comprehensive Risk Management: Learn how to utilize cyber insurance as a tool for comprehensive risk management by integrating both pre-breach and post-breach services to enhance your cybersecurity posture.
  • Underwriting Insights for CISOs: Gain deep insights into the underwriting process, focusing on what insurers assess to help CISOs better prepare their organizations for favorable coverage.
  • Navigating Market and Regulatory Changes: Explore how shifts in the cyber insurance market and regulatory landscape affect policy offerings and coverage strategies, empowering CISOs to make informed decisions.
  • Optimization of Insurance Procurement: Discover strategies to streamline the cyber insurance acquisition process, improving how your organization approaches risk transfer and coverage optimization.

David Anderson, Vice President, Cyber,

Woodruff Sawyer 

Track B

Aaron Simpson

Partner, Hunton & Williams

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury Cyber Investigations Unit

Michael Woodson

Information Security and Privacy Director, Sonesta Hotels

New Age of Payment Fraud: Hackers vs. Heroes

Join us as we delve into payment fraud prevention, examining rising threats such as account takeovers and synthetic identity fraud. Our expert panel will explore critical topics, including authentication techniques, data security practices, and adherence to regulatory standards. Additionally, we will address the growing risks associated with social engineering and the specific challenges faced in securing mobile payments.
 
Key topics include:
  • The Evolving Face of Payment Fraud: Unpacking New Trends and Their Industry Impact
  • Uncovering Weaknesses in Digital Payments: Lessons from Real-World Exploits
  • Harnessing AI for Fraud Prevention: The Transformative Role of Machine Learning
  • Mastering the Maze of International Fraud: Tackling Cross-Border Payment Challenges

Aaron Simpson, Partner, Hunton & Williams

Seth Rose, Supervisory Special Agent Group 06, U.S. Department of the Treasury Cyber Investigations Unit 

Michael Woodson, Information Security and Privacy Director, Sonesta Hotels

Steve Jackson

VP Sales East, Entro Security

Reclaim Control Over Your Non-Human Identities

R&D teams create and scatter non-Human identities and secrets across vaults, codes, collaboration solutions, and more without any oversight or control by security teams. Non- Human Identity breaches are among the top two attack vectors, and they are the most destructive.

What solution is needed to enable organizations to securely utilize non-human identities and secrets? How can you detect, safeguard, and provide context for NHI’s & secrets stored across vaults, source code, collaboration tools, cloud environments, and SaaS platforms?

Introducing Entro – the complete platform for non-human identity & Secrets management. With Entro, Security teams can finally efficiently oversee and protect non-human identities with automated lifecycle processes and seamless integration, ensuring comprehensive security and compliance through a unified interface.

Steve Johnson, VP Sales East, Entro Security

Ed Thomas

SVP, ProcessUnity

Best Practices for Threat and Vulnerability Response & Emergency Assessments

While each event is unique, they all result in third-party risk management teams scrambling to ensure their organizations are protected. Rapid responses and emergency assessments can be knee-jerk, stressful and distracting. It doesn’t have to be that way.
 
Join us for a discussion on the best practices to responding to zero-day vulnerability attacks and conducting emergency assessments. We’ll outline what’s required to prepare in advance so you’re ready to execute when the time comes. From establishing solid communication channels to leveraging automation, we’ll cover the necessary steps and considerations for an effective response plan.
 
Session attendees will learn:
  • How to gain visibility into your entire vendor ecosystem and prepare in advance to reduce both reaction time and exposure to loss
  • How to quickly identify which third parties require follow-on action based on each specific threat actor or vulnerability
  • How quick-assess campaigns can automatically scope, distribute, and score responses

Ed Thomas, SVP, ProcessUnity

Darryl Jones

VP of Product and Strategy, Ping Identity

What's Next in Customer Identity - Reducing Fraud While Improving Experiences

This, “What’s Next in Customer Identity: Reducing Fraud While Improving Experiences,” explores innovative strategies and technologies aimed at enhancing security without compromising user experience. We will delve into the latest advancements in identity verification, such as biometrics and AI-driven analytics, and discuss the balance between rigorous fraud prevention measures and seamless customer journeys. By understanding emerging trends and best practices, businesses can transform their approach to customer identity, fostering trust, enhancing loyalty, and ultimately driving growth in a competitive landscape. Join us as we envision the future of customer identity management where safety and satisfaction go hand in hand.

 

Darryl Jones, VP of Product and Strategy, Ping

Identity

Bill Sovak

VP of Data Protection Sales, Fortra

Ethical Walls Within the Fintech Community

For many businesses – investment banks, consulting firms, and countless fintech companies – ethical walls are needed to form a barrier between departments to block the exchange of this information.

While this can be done for privacy reasons, it’s also imperative to prevent conflicts of interest and to comply with regulatory mechanisms. While new technologies like Data Security Posture Management (DSPM) can be helpful for providing visibility into where sensitive data resides, relying on a robust suite of solutions designed to safeguard data can ensure it isn’t shared between different lines of business, like retail companies and commercial banking.

In this chat, learn how Fortra’s Digital Guardian, Data Classification, and Terranova Security can work in tandem to help organizations avoid data breaches and secure sensitive data while complying with any information barriers that may be in place.   

Bill Sovak, VP of Data Protection Sales, Fortra

Vincent Stoffer

Field CTO, Corelight, Inc

Expanding Horizons: Leveraging Network Security Data for Fraud Detection Beyond the SOC

Hear some anecdotes about how passively collected network data was harnessed to alert security and fraud teams to anomalous behavior seen on application traffic. See how Corelight’s data driven approach to NDR goes beyond the SOC and into the most critical troves of data in the industry.

Vincent Stoffer, Field CTO, Corelight, Inc

Curtis Reynolds

Senior Systems Engineer, NetWitness

Defense Accelerated: How NetWitness is Revolutionizing Threat Detection, Investigation and Response

Join us as we take you through a live demo to showcase how you can obtain:
 
  • Unsurpassed visibility by collecting data across all capture points (user, endpoint, edge, core, cloud) and threat intelligence sources to expose the full scope of attacks.
  • Faster threat detection and investigation by enriching network and endpoint data at capture time with threat intelligence and business context.
  • Smarter, faster analytics by providing behavioral analytics (UEBA) and automation and orchestration capabilities so analysts can follow consistent, transparent, documented processes for threat hunting and investigation.

Curtis Reynolds, Senior Systems Engineer,

NetWitness

Erik Gaston

Vice President, Global Executive Engagement, Tanium

AI: Managing Excitement & Risk | Balancing Innovation, Speed, Security, and Shadow AI in Financial Services

In this talk, we’ll explore the challenges of Shadow AI , the balance between speed and security, and the remotion responses individuals and organization face when navigating technological change. Join us to discover strategies for combatting Shadow Ai while driving innovation and learn how industry standards and future AI advancements will shape the next phase of adoption.

Erik Gaston, Vice President, Global Executive

Engagement, Tanium

Oriel Vaturi

CEO, Ovalix Security

From Strategy to Execution: Gaps Between Teams, Tools, and Processes

Unaddressed misalignments mean inconsistent processes, ineffective teams, and underutilized tools, leading to widespread inefficiencies, governance gaps, and increased risks of security breaches. Without clear and unified control over these elements, organizations incur these hidden costs every day. Introducing Ovalix: a unified platform for complete visibility and control over your security landscape. Ovalix bridges the gap between your teams, tools, and processes and ensures every aspect of your security strategy is optimized, helping you reduce risks, close governance gaps, and improve overall efficiency.

Oriel Vaturi, CEO, Ovalix Security

Boris Klyuchnikov

Special Agent, Cyber Crime Task Force, FBI

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury Cyber Investigations Unit

Ryan Roobian

Global Solutions Architect, Google Cloud Security

Deep Fakes, Real Stakes: Unmasking Cyber Deception in a High-Stakes Tabletop Simulation

This interactive session is meticulously crafted to mimic a sophisticated cyber attack.
It aims to bolster strategic response capabilities and enhance operational readiness against the backdrop of advanced cyber threats. The focal point of this exercise is a strategically crafted deep fake incident targeting a corporate executive, weaving together elements of social engineering, financial fraud, and the challenges posed by emerging technological threats.
 
What You Will Gain From This Experience:
 
  • Enhanced Organizational Readiness: To critically assess and improve organizational preparedness in responding to intricate cyber incidents involving deep fake technology and social engineering.
  • Interagency Collaboration and Knowledge Exchange: To strengthen the partnership and information sharing between the sponsor and leaders in the private sector cybersecurity community.
  • Strategic Response Development: To create all-encompassing incident response strategies that cover legal, technical, and communicational facets, while also identifying and rectifying weaknesses in existing cybersecurity policies and governance.
 
Boris Klyuchnikov, Special Agent, Cyber Crime Task Force, FBI
Seth Rose, Supervisory Special Agent Group 06, U.S. Department of the Treasury Cyber Investigations Unit
Ryan Roobian, Global Solutions Architect, Google Cloud Security

Exhibition & Networking Break

Ronald Arden

Executive Vice President, CTO and COO, Fasoo, Inc

Data Security and Privacy Challenges in the AI Era

Significant risks from insider threats, both malicious and unintentional, and external parties underscore the need for a comprehensive approach to data governance.
 
Join this session to learn how:
  • To protect high quality data throughout its lifecycle while reducing risks
  • Data lineage will play a key role in data governance strategies
  • CISOs can establish a secure, modern governance framework

 

Ronald Arden, Executive Vice President, CTO &

COO, Fasoo, Inc.

Anthony Scarola

SVP; Director of IT Governance, Risk & Compliance, Apple Bank

Carlos Suarez

Deputy Information Security Officer, Helaba

Protecting Digital Identity: Combatting Account Takeovers in Financial Services

However, this convenience brings significant risks. Account takeovers have become a prevalent threat, targeting online banking, alternative payment platforms, and messaging apps with payment components. Each new account introduces potential vulnerabilities, allowing attackers access to extensive personal and financial information.

This session will delve into the mechanics of account takeovers, highlighting how attackers pose as legitimate users to gain prolonged, undetected access to accounts. It will explore:

  • Methods employed by cybercriminals, such as brute force attacks, phishing, and malware.
  • The importance of implementing MFA and robust identity and access management frameworks to protect private data.
  • The broader implications of account takeovers beyond individual consumers, including risks to supply chains and vendors.
  • Preventing illegitimate access to cloud applications and ensuring continuous authentication and authorization of all users and devices.
Anthony Scarola, SVP; Director of IT Governance, Risk Compliance, Apple Bank
Carlos Suarez, Deputy Information Security Officer, Helaba

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Ali Khan

CISO, Better.com

Financial Fortification: The Power of Interdisciplinary Risk Management

The panel will focus on the importance of establishing a common language across different risk domains and explore how fostering interdisciplinary communication and understanding is crucial for timely and effective threat response, aligning different departments under a unified risk management objective.

Discussion Highlights:

  • Collaborative Frameworks: Examine how CISOs and IT teams in financial services can seamlessly integrate security measures with everyday IT operations.
  • Success Stories: Highlight case studies from the financial sector that showcase the benefits of partnerships between risk functions, emphasizing efficient risk mitigation and the development of a robust cybersecurity culture.
  • Shared Language and Interdisciplinary Teams: Offer insights on establishing a common language for risk communication, forming interdisciplinary teams, and the importance of vigilant monitoring and rapid response systems in financial institutions.
  • Championing Security Investments: Discuss the critical role of CISOs in advocating for security investments and the necessity of executive support to foster an organizational environment that prioritizes cybersecurity awareness in financial services.

Vlad Brodsky, SVP, Chief Information Security

Officer, OTC Markets Group

 

Ali Khan, CISO, Better.com

Closing Comments

Don’t miss your chance to attend this dynamic impactful event

@ ISMG_News    #ISMGSummits

Sponsors

Axonius logo

The Summit Experience

CPE Credits

ISMG Summits offers Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.

Upcoming ISMG Events

Decemebr 5-6, 2024

Virtual IoT/OT Summit

December 10, 2024

State of Identity: Protecting Identities in the Modern Climate

December 10, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris

december 12, 2024

Revolutionizing AppSec with Multi-AI Agent Approach

February 11-12, 2025

Virtual Summit: Cybersecurity Implications of AI

Upcoming ISMG Events

Decemebr 5-6, 2024

Virtual IoT/OT Summit

December 10, 2024

State of Identity: Protecting Identities in the Modern Climate

December 10, 2024

Transformez vos Opérations avec l'IA Générative Avancée d'Elastic et Google Cloud Paris