Financial Services Summit
Virtual Summit January 25 - 26, 2022
As Financial Services security professionals look forward to 2022, the challenges ahead will be unpredictable and unlike previous years. The past couple of years and even the past couple of weeks have shown that threats are constantly evolving and impact every aspect of our business and personal lives.

Each year ISMG kicks off the Global Summit Series with our annual Financial Services Summit. This summit brings industry leaders and decision-makers together to connect and learn from each other’s success, as well as challenges, in an interactive educational environment.

The Financial Services Summit programming committee, made up of cross-sector SME’s has designed an agenda that is relevant to almost every part of the industry. You will hear from the White House’s Director of Cybersecurity on the Administration’s Financial Services Risk outlook, and learn FinCEN’s new initiative on Ransomware and ways they work more closely with industry. Hear what the FBI wants you to know about Supply Chain Risk, attend deep-dive sessions that will unpack the present and future of Cyber Insurance, and what Government and private industry do to mitigate the risk of Cryptocurrency being used for criminal payments and more.

As you plan for the coming year, navigate the latest stage in the pandemic, and pivot for unexpected vulnerabilities and ever-changing threat landscape, please join us on January 25-26 for the Financial Services Summit!
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
David Pollino
Former CISO
PNC Bank
Pollino is an experienced security and risk executive with over 25 years of experience in information security, fraud prevention and risk management. He has focused on financial services for 20 years and was the CISO of Bank of the West...
Ari Redbord
Head of Legal and Government Affairs
TRM Labs
Ari Redbord is the head of legal and government affairs at TRM Labs, the blockchain intelligence company. Prior to joining TRM, he was the senior adviser to the deputy secretary and the undersecretary for terrorism and financial intelligence at the...
Tom Malta
FS Strategic Advisor
Okta
Malta is CEO and principal at IAM Experts LLC, which is a boutique cybersecurity startup focused on helping international clients with IAM design, strategic advisory and execution. He is a financial services expert partnered with Okta. Malta has held numerous...
James Dennehy
Special Agent-in-Charge for Counterintelligence and Cyber Division
FBI
Dennehy is the special agent in charge of the Intelligence and Surveillance Division of the New York Field Office. He most recently served as chief of staff to the executive assistant director of the National Security Branch at FBI Headquarters...
AnnaLou Tirol
Deputy Director
FinCen
AnnaLou Tirol is the deputy director of the Financial Crimes Enforcement Network, a bureau of the U.S. Department of the Treasury. FinCEN’s mission is to safeguard the financial system from illicit use, combat money laundering and promote national security through...
Dante A. Disparte
Chief Strategy Officer and Head of Global Policy
Circle
Disparte works closely with the executive team of Risk Cooperative to ensure the organization meets its strategic objectives and continues to be regarded as an industry leader. He is also the chief strategy officer and head of global policy at...
Bassam Khan
VP of Product Marketing
Gigamon
As Gigamon's vice president of product and technical marketing engineering, Khan is responsible for positioning and promoting the company’s products and solutions and its corporate and go-to-market strategy. He has more than 20 years of experience managing products and marketing...
Jeremy Grant
Managing Director
Venable
Jeremy Grant was the founding leader of the National Program Office for the National Strategy for Trusted Identities in Cyberspace and senior executive adviser for identity management at the National Institute of Standards and Technology. He led the White House’s...
Tom FIeld
SVP, Editorial
ISMG
Rocco Grillo
Managing Director, Global Cyber Risk & Incident Response Investigations
Alvarez & Marsal
Rocco Grillo currently serves as a Managing Director with Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice. He focuses on leading multi disciplinary teams who provide cyber risk and incident response services to clients globally. He has...
Lisa Sotto
Partner and Chair of the Global Privacy and Cybersecurity Practice
Hunton Andrews Kurth LLP
Named in The National Law Journal's "100 Most Influential Lawyers," Sotto serves on Hunton & Williams' executive committee. Sotto was voted the world's leading privacy adviser by Computerworld magazine and has earned the highest honor by Chambers and Partners as...
Chris Holden
CISO
Crum & Forster
As CISO for Crum & Forster, Holden is responsible for maintaining the day-to-day security of the organization's information systems and data while adhering to regulatory requirements. He started his career as a forensics analyst for Hewlett-Packard’s global cybersecurity team, where...
Ax Sharma
Senior Security Researcher
Sonatype
Sharma’s work and expert analyses have frequently been featured in leading media outlets such as Fortune, The Register, TechRepublic, CSO Online and BleepingComputer. He is an expert in security vulnerability research, reverse engineering and software development.
Kevin Li
CISO
MUFG Securities Americas
Li has over 20 years of experience working at large global financial institutions. He is the CISO for MUFG Securities Americas, or MUSA, and leads the MUSA information security group that is responsible for information risk management, security operations and...
Perianne Boring
Founder and President
Chamber of Digital Commerce
Perianne Boring is the founder and president of the Chamber of Digital Commerce, the world's largest trade association representing the blockchain industry. The chamber’s mission is to promote the acceptance and use of digital assets and blockchain-based technologies. Working with...
Nick Economidis
VP
Crum & Forster
Economidis is a vice president in the professional liability department for Crum & Forster, responsible for eRisk, including cyber insurance products and technology errors and omissions. He has over 30 years of total underwriting experience and 20 years of experience...
Chuck McAllister
Analytics/Architecture/Engineering Information Security
Yubico
Chuck McCallister is a senior solutions engineer at Yubico, primarily working with financial services and cryptocurrency customers. He is a technology industry veteran with a strong focus on frictionless user experiences that lead to better adoption of strong authentication. Prior...
Anna Delaney
Director, ISMG Productions
ISMG
Michael Sawyer
Head of Technology Controls for Consumer Lending, Credit Cards and Merchant Services and Wealth and Investment Management
Wells Fargo
Sawyer is the technology control executive for the Consumer Lending and Wealth and Investment Management divisions of Wells Fargo. He leads front-line technology control activities for consumer lending, with a team that monitors adherence to risk appetites and ensures daily...
Jason Cook
Technical Sales Director
Rubrik
As technical sales director, Cook is responsible for major accounts at Rubrik. He has been with the company for over four years and has experience in consulting, sales, project management and information technology.
Karen Boyer
VP, Financial Crimes and Fraud Intelligence
People's United Bank
Karen Boyer has over 20 years of diverse banking experience with over 15 in the realm of Fraud. She is currently Vice President of Financial Crimes and Fraud Intelligence, at People’s United Bank, a regional bank in the Northeast with...
Claire Le Gal
Sr. VP, Fraud Intelligence, Strategy & Cyber Products
Mastercard
Le Gal is senior vice president, responsible for the fraud intelligence, strategy and cyber products team in the Cyber and Intelligence Solutions division at Mastercard. She is responsible for a variety of global functions, including fraud reporting and analytics, cybersecurity...
Parthiv Shah
SVP & CISO
Signature Bank
Danny Jenkins
CEO / President Founder / Owner
ThreatLocker
Danny Jenkins is the CEO and co-founder of ThreatLocker, a cybersecurity firm providing zero trust endpoint security. He is a leading expert in cybersecurity with over two decades of experience in building and securing corporate networks, including many roles on...
Carole House
Director of Cybersecurity and Secure Digital Innovation at National Security Council
The White House
House is the Director of Cybersecurity and Secure Digital Innovation for the National Security Council at The White House. House is an experienced cybersecurity and risk management professional with a demonstrated background in U.S. military intelligence within the federal, executive...
Gavin Hill
VP Marketing
HUMAN Security, Inc.
Gavin Hill is the vice president of insights at HUMAN, where he is responsible for helping customers mitigate the risk of high-impact bot problems with HUMAN's unique insights and threat models. He has held leadership positions in product management, product...
Fred Harris
Head of Cybersecurity Risk, Data Risk and IT Risk
Societe Generale
Harris is the head of cybersecurity risk, data risk and IT risk at Societe Generale Americas. He has more than 30 years of technology and cybersecurity experience in the financial services industry. Before joining SG, Harris served in a similar...
View Agenda
Welcome to the ISMG Virtual Cybersecurity Summit: Financial Services!
Tom FIeld, SVP, Editorial, ISMG
David Pollino, Former CISO, PNC Bank
Tom FIeld
David Pollino
  • 08:56 AM
  • 08:59 AM
Biden Administration's Priorities for Critical Infrastructure and Financial Services
Carole House, Director of Cybersecurity and Secure Digital Innovation at National Security Council, The White House

In 2021, the Biden administration issued the most comprehensive cybersecurity executive order in history. How is the order being enforced to protect critical infrastructure and financial services? And how fares the administration's battle against ransomware?

In this exclusive keynote, Carole House, the director of cybersecurity and secure digital innovation within the NSC, discusses:

  • The state of critical infrastructure protection; 
  • The war on ransomware; 
  • Zero Trust security and the focus on identity.  
Carole House
  • 09:00 AM
  • 09:31 AM
Today’s Ransomware & FinServ: A Prescription for Stronger Defense
Bassam Khan, VP of Product Marketing, Gigamon

72 hours. That’s how long organizations have to report known ransomware to the New York Department of Financial Services. Cybercriminals' methodology has changed from a quick, opportunistic attack to a prolonged and targeted approach. While this shift presents threat actors with the opportunity to spread wider and lay the foundation for a double extortion scheme, it also presents security teams with the opportunity to detect activity before the encryption trigger is pulled. 

We will explore how ransomware loitering allows security analysts to use network visibility, detection and response to discover malicious activity between initial compromise and encryption, including: 

  • How threat actors rely on your network, and how you can use network visibility to your advantage
  • The importance of inspecting encrypted traffic, the challenges of doing so, and the NSA’s guidelines on addressing those challenges
  • How a new and innovative approach to network detection and response is transforming the SOC.
Bassam Khan
  • 09:30 AM
  • 09:59 AM
  • 10:00 AM
  • 10:29 AM
Track A
Lisa Sotto
Track A: Cyber Attack: Essentials of Putting Together the Best Team You Hope You Never Need, Your Incident Response Team
Lisa Sotto, Partner and Chair of the Global Privacy and Cybersecurity Practice, Hunton Andrews Kurth LLP

When it comes to cyber incident response, it truly is a matter of: It's not just what you know, it's who know. Proper response requires a proper team, and renowned attorney Lisa Sotto is often  on the receiving end of a 2am emergency incident response call.  In this exclusive ISMG summit session, she shares insight on:

  • When incident response actually begins (hint: long before your attackers gain entry)
  • Common gaps even in updated and tested plans
  • Step by step – what happens after the call is made
  • 10:00 AM
  • 10:29 AM
Track B
Chris Holden
Nick Economidis
Fred Harris
Track B: Cyber Insurance and Risk: What To Expect in 2022
Chris Holden, CISO, Crum & Forster
Nick Economidis, VP, Crum & Forster
Fred Harris, Head of Cybersecurity Risk, Data Risk and IT Risk, Societe Generale

When CNA Financial – a top U.S. insurance company – was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How do record-high ransomware incidents – and ransoms – affect the cyber insurance sector? What are the emerging standards for coverage, as well as legislative trends affecting the practice?

This exclusive panel tackles these questions as well as:

  • Proving cyber insurance value; 
  • Partnering to build resiliency; 
  • The rising bar for entities to qualify for cyber insurance.
  • 10:30 AM
  • 10:59 AM
Track A
Ax Sharma
Track A: Lessons Learned from the Log4j Exploit
Ax Sharma, Senior Security Researcher, Sonatype

The Log4shell vulnerability found in the Log4j logging framework has been recognized as one of the most critical vulnerabilities ever, open source or otherwise. And while the dangers of the Log4j vulnerability remain high, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: If you don’t know what’s in your software supply chain, you’re already behind.

When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.

While this outlook might seem bleak, there are easy steps you can take to significantly mitigate risk. This session will help you do that by answering:

  • Why the Log4j vulnerability is so severe and common remediation measures companies took to secure their code
  • How you can improve your security posture with automation and SBOMs, and better prepared for the inevitable next open source vulnerability that comes along  
  • 10:30 AM
  • 10:59 AM
Track B
Jason Cook
Track B: Don't Pay the Ransom
Jason Cook, Technical Sales Director, Rubrik

A ransomware attack strikes every 11 seconds.

Despite thick firewalls, the bad guys will get through. Some businesses pay the ransom but most want to recover, so they don’t let the bad guys win.

A payout isn't the only way out.

If hackers exploit your backups, you pay the ransom. If your backups survive, you need to know what to recover and how long it will take. If you don't, you pay the ransom. But even with a decryption key, recovery takes days or weeks and the hackers may not return all the data.

Recovery from a clean backup is the only way to beat hackers. Data managed by Rubrik can’t be encrypted after the fact. Once ingested, no external or internal operation can modify it. So, your data is immune to ransomware. Since data can’t be overwritten, even infected data ingested by Rubrik can’t infect existing files/folders.

We'll discuss how to:

  • Analyze backup metadata for unusual behavior
  • Quickly identify what data was encrypted and where it lives
  • Locate PII that may have been exposed to a data exfiltration attack
  • Automatically protect new workloads and lock retention to prohibit deletion of backup data.
What the FBI Wants You To Know About Ransomware, Supply-Chain Threats and Response
James Dennehy, Special Agent-in-Charge for Counterintelligence and Cyber Division, FBI

Was last year’s record surge of ransomware and supply chain attacks an anomaly? Unfortunately, the FBI is positive it was not, and the outlook for the New Year is: more attacks. Many more.

In this exclusive session, James Dennehy, special agent in charge of the Intelligence and Surveillance Division at the FBI's New York Field Office, shares expert insight on:

  • The current and future trajectory of ransomware, business email compromise, supply chain attacks and more; 
  • The resources the FBI brings to a cybercrime investigation; 
  • When and how to engage with the FBI before an attack has been detected.

James Dennehy
  • 11:00 AM
  • 11:32 AM
  • 11:30 AM
  • 11:44 AM
Track A
Tom Malta
Track A: Identity and the Open Banking Revolution
Tom Malta, FS Strategic Advisor, Okta

A banking revolution is underway in the form of a new financial transparency. A focus on third-party access and straightforward payment options is forcing compliance and regulation mandates on a global scale. The critical technology for this shift is the open API. What does this mean for service providers worldwide?

In this session, attendees will learn about the importance of securing customer identity, protecting APIs and enforcing authentication.

  • 11:30 AM
  • 11:50 AM
Track B
Danny Jenkins
Track B: Demystifying Zero Trust and Its Role in Cybersecurity
Danny Jenkins, CEO / President Founder / Owner, ThreatLocker

The Zero Trust framework is based on the principle of "never trust, always verify." Join us to learn about Zero Trust, how to adopt it, and the technologies you need to take control of your environment in the fight against ransomware.  

  • 12:00 PM
  • 12:29 PM
Track A
Gavin Hill
Track A: Your Digital Transformation is Being Sabotaged
Gavin Hill, VP Marketing, HUMAN Security, Inc.

Digital transformation promises business growth by providing value to customers by leveraging emerging technologies and supporting skills for new business models. At its core, data-driven decisions are the lifeblood of digital transformation. When data is poisoned, stolen and misused for malicious intent, progress slows, resulting in poor customer experience and satisfaction.

In this session, we will explore how sophisticated bot attacks are contaminating top digital transformation trends related to automation, data analytics and application architectures that should be part of every security strategy to solve in 2022.

  • 12:00 PM
  • 12:29 PM
Track B
Chuck McAllister
Karen Boyer
Jeremy Grant
Track B: How Financial Services Can Differentiate Themselves with Modern Strong Authentication
Chuck McAllister, Analytics/Architecture/Engineering Information Security, Yubico
Karen Boyer, VP, Financial Crimes and Fraud Intelligence, People's United Bank
Jeremy Grant, Managing Director, Venable

The financial services industry often struggles with perceived commoditization among customers, but organizations can set themselves apart by offering strong security. Fraud associated with account takeover is largely driven by weak authentication, such as usernames and passwords, security questions and mobile-based authentication - OTP, SMS and push notifications. Modern strong authentication offers end customers highest-assurance security along with ease of use and can create meaningful differentiation and value to drive new customer acquisition and customer retention. Attend this panel discussion to hear the current challenges related to authentication and best practices to implement moving forward.

Myth-Busting and the Move Toward a Clear Legal and Regulatory Framework for Crypto
Ari Redbord, Head of Legal and Government Affairs, TRM Labs
Perianne Boring, Founder and President, Chamber of Digital Commerce
Dante A. Disparte, Chief Strategy Officer and Head of Global Policy, Circle

In 2021 we saw a steady drum beat toward mainstream adoption of cryptocurrencies by traditional financial institutions and investors of all sizes. We saw a move from a Bitcoin only world to an explosion of digital assets. And, we saw global regulators and policy makers begin discussions about building a clear regulatory framework for crypto. But, questions still remain and many myths still permeate the conversation. Crypto is only used for illicit activity. Crypto causes ransomware. Cryptocurrencies are unregulated and pose systemic risk. Join Dante Disparte of Circle, Perianne Boring of the Chamber of Digital Commerce and Ari Redbord of TRM Labs for some myth busting and a discussion of what to expect from crypto regulation and legislation in 2022 and beyond.

Ari Redbord
Perianne Boring
Dante A. Disparte
  • 12:30 PM
  • 12:59 PM
Nefarious Use of Modern Money
Karen Boyer, VP, Financial Crimes and Fraud Intelligence, People's United Bank
Claire Le Gal, Sr. VP, Fraud Intelligence, Strategy & Cyber Products, Mastercard

This panel discussion covers the criminal use of newer forms of money movement to hide criminal proceeds and cash out. It examines how criminals use money movement with Sell, Coinbase, Fan Duel and other legalized gambling mechanisms.

Karen Boyer
Claire Le Gal
  • 01:00 PM
  • 01:34 PM
Absolute Musts in Your Incident Response Plan: Those Who Fail to Plan – Fail
Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response Investigations, Alvarez & Marsal
Kevin Li, CISO, MUFG Securities Americas
Parthiv Shah, SVP & CISO, Signature Bank

If SolarWinds and Kaseya didn't put it to the test, then Log4j did. Your incident response plan: When was it last updated or tested? Does it account for today's latest ransomware and supply chain threats? Does it meet the latest regulatory demands for incident reporting?

Join this panel of seasoned cybersecurity experts for lively discussion of incident response planning, including:

  • The shift from response to resilience; 
  • Preparing for the latest threats; 
  • How to work best with regulators and law enforcement agencies.
Rocco Grillo
Kevin Li
Parthiv Shah
  • 01:30 PM
  • 01:59 PM
Ransomware Stole My Job!
David Pollino, Former CISO, PNC Bank

Ransomware has dominated the headlines for the past few years. But much of the long-term human and career devastation resulting from ransomware attacks remains untold and possibly buried out of view.

In this exclusive session, ISMG Global Content Contributor David Pollino will unpack a real-world example of how a ransomware incident led to numerous layoffs and discuss with an individual their journey from ransomware incident to pink slip, during an event you may have read about in the media. Names and details of the incident have been changed to protect the innocent and, at times, the guilty.

David Pollino
  • 02:00 PM
  • 02:31 PM
FinCEN on Ransomware: The New Regulatory Expectations Explained
AnnaLou Tirol, Deputy Director, FinCen

In November 2021, the U.S. Financial Crimes Enforcement Network - the bureau of the U.S. Department of the Treasury that collects and analyzes information about financial transactions - released a new advisory on ransomware and the use of the financial system to facilitate ransom payments. The comprehensive advisory covers trends, red flags, suspicious activity reporting and more.

In this exclusive session, AnnaLou Tirol, deputy director of FinCEN, explains the guidance and offers deeper insight into:

  • When to report ransomware incidents - and to whom;
  • How and when to engage law enforcement authorities;
  • What trends and typologies you need to know in 2022. 
AnnaLou Tirol
  • 02:30 PM
  • 02:59 PM
Crypto Landscape - Meet the Experts Live and Interactive Q&A
Perianne Boring, Founder and President, Chamber of Digital Commerce
Dante A. Disparte, Chief Strategy Officer and Head of Global Policy, Circle
Ari Redbord, Head of Legal and Government Affairs, TRM Labs
Perianne Boring
Dante A. Disparte
Ari Redbord
  • 03:00 PM
  • 03:29 PM

As Financial Services security professionals look forward to 2022, the challenges ahead will be unpredictable and unlike previous years. The past couple of years and even the past couple of weeks have shown that threats are constantly evolving and impact every aspect of our business and personal lives.

Each year ISMG kicks off the Global Summit Series with our annual Financial Services Summit. This summit brings industry leaders and decision-makers together to connect and learn from each other’s success, as well as challenges, in an interactive educational environment.

The Financial Services Summit programming committee, made up of cross-sector SME’s has designed an agenda that is relevant to almost every part of the industry. You will hear from the White House’s Director of Cybersecurity on the Administration’s Financial Services Risk outlook, and learn FinCEN’s new initiative on Ransomware and ways they work more closely with industry. Hear what the FBI wants you to know about Supply Chain Risk, attend deep-dive sessions that will unpack the present and future of Cyber Insurance, and what Government and private industry do to mitigate the risk of Cryptocurrency being used for criminal payments and more.

As you plan for the coming year, navigate the latest stage in the pandemic, and pivot for unexpected vulnerabilities and ever-changing threat landscape, please join us on January 25-26 for the Financial Services Summit!
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

David Pollino
Former CISO
PNC Bank
Pollino is an experienced security and risk executive with over 25 years of experience in information security, fraud prevention and risk management. He has focused on financial services for 20 years and was the CISO of Bank of the West...
Ari Redbord
Head of Legal and Government Affairs
TRM Labs
Ari Redbord is the head of legal and government affairs at TRM Labs, the blockchain intelligence company. Prior to joining TRM, he was the senior adviser to the deputy secretary and the undersecretary for terrorism and financial intelligence at the...
Tom Malta
FS Strategic Advisor
Okta
Malta is CEO and principal at IAM Experts LLC, which is a boutique cybersecurity startup focused on helping international clients with IAM design, strategic advisory and execution. He is a financial services expert partnered with Okta. Malta has held numerous...
James Dennehy
Special Agent-in-Charge for Counterintelligence and Cyber Division
FBI
Dennehy is the special agent in charge of the Intelligence and Surveillance Division of the New York Field Office. He most recently served as chief of staff to the executive assistant director of the National Security Branch at FBI Headquarters...
AnnaLou Tirol
Deputy Director
FinCen
AnnaLou Tirol is the deputy director of the Financial Crimes Enforcement Network, a bureau of the U.S. Department of the Treasury. FinCEN’s mission is to safeguard the financial system from illicit use, combat money laundering and promote national security through...
Dante A. Disparte
Chief Strategy Officer and Head of Global Policy
Circle
Disparte works closely with the executive team of Risk Cooperative to ensure the organization meets its strategic objectives and continues to be regarded as an industry leader. He is also the chief strategy officer and head of global policy at...
Bassam Khan
VP of Product Marketing
Gigamon
As Gigamon's vice president of product and technical marketing engineering, Khan is responsible for positioning and promoting the company’s products and solutions and its corporate and go-to-market strategy. He has more than 20 years of experience managing products and marketing...
Jeremy Grant
Managing Director
Venable
Jeremy Grant was the founding leader of the National Program Office for the National Strategy for Trusted Identities in Cyberspace and senior executive adviser for identity management at the National Institute of Standards and Technology. He led the White House’s...
Tom FIeld
SVP, Editorial
ISMG
Rocco Grillo
Managing Director, Global Cyber Risk & Incident Response Investigations
Alvarez & Marsal
Rocco Grillo currently serves as a Managing Director with Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice. He focuses on leading multi disciplinary teams who provide cyber risk and incident response services to clients globally. He has...
Lisa Sotto
Partner and Chair of the Global Privacy and Cybersecurity Practice
Hunton Andrews Kurth LLP
Named in The National Law Journal's "100 Most Influential Lawyers," Sotto serves on Hunton & Williams' executive committee. Sotto was voted the world's leading privacy adviser by Computerworld magazine and has earned the highest honor by Chambers and Partners as...
Chris Holden
CISO
Crum & Forster
As CISO for Crum & Forster, Holden is responsible for maintaining the day-to-day security of the organization's information systems and data while adhering to regulatory requirements. He started his career as a forensics analyst for Hewlett-Packard’s global cybersecurity team, where...
Ax Sharma
Senior Security Researcher
Sonatype
Sharma’s work and expert analyses have frequently been featured in leading media outlets such as Fortune, The Register, TechRepublic, CSO Online and BleepingComputer. He is an expert in security vulnerability research, reverse engineering and software development.
Kevin Li
CISO
MUFG Securities Americas
Li has over 20 years of experience working at large global financial institutions. He is the CISO for MUFG Securities Americas, or MUSA, and leads the MUSA information security group that is responsible for information risk management, security operations and...
Perianne Boring
Founder and President
Chamber of Digital Commerce
Perianne Boring is the founder and president of the Chamber of Digital Commerce, the world's largest trade association representing the blockchain industry. The chamber’s mission is to promote the acceptance and use of digital assets and blockchain-based technologies. Working with...
Nick Economidis
VP
Crum & Forster
Economidis is a vice president in the professional liability department for Crum & Forster, responsible for eRisk, including cyber insurance products and technology errors and omissions. He has over 30 years of total underwriting experience and 20 years of experience...
Chuck McAllister
Analytics/Architecture/Engineering Information Security
Yubico
Chuck McCallister is a senior solutions engineer at Yubico, primarily working with financial services and cryptocurrency customers. He is a technology industry veteran with a strong focus on frictionless user experiences that lead to better adoption of strong authentication. Prior...
Anna Delaney
Director, ISMG Productions
ISMG
Michael Sawyer
Head of Technology Controls for Consumer Lending, Credit Cards and Merchant Services and Wealth and Investment Management
Wells Fargo
Sawyer is the technology control executive for the Consumer Lending and Wealth and Investment Management divisions of Wells Fargo. He leads front-line technology control activities for consumer lending, with a team that monitors adherence to risk appetites and ensures daily...
Jason Cook
Technical Sales Director
Rubrik
As technical sales director, Cook is responsible for major accounts at Rubrik. He has been with the company for over four years and has experience in consulting, sales, project management and information technology.
Karen Boyer
VP, Financial Crimes and Fraud Intelligence
People's United Bank
Karen Boyer has over 20 years of diverse banking experience with over 15 in the realm of Fraud. She is currently Vice President of Financial Crimes and Fraud Intelligence, at People’s United Bank, a regional bank in the Northeast with...
Claire Le Gal
Sr. VP, Fraud Intelligence, Strategy & Cyber Products
Mastercard
Le Gal is senior vice president, responsible for the fraud intelligence, strategy and cyber products team in the Cyber and Intelligence Solutions division at Mastercard. She is responsible for a variety of global functions, including fraud reporting and analytics, cybersecurity...
Parthiv Shah
SVP & CISO
Signature Bank
Danny Jenkins
CEO / President Founder / Owner
ThreatLocker
Danny Jenkins is the CEO and co-founder of ThreatLocker, a cybersecurity firm providing zero trust endpoint security. He is a leading expert in cybersecurity with over two decades of experience in building and securing corporate networks, including many roles on...
Carole House
Director of Cybersecurity and Secure Digital Innovation at National Security Council
The White House
House is the Director of Cybersecurity and Secure Digital Innovation for the National Security Council at The White House. House is an experienced cybersecurity and risk management professional with a demonstrated background in U.S. military intelligence within the federal, executive...
Gavin Hill
VP Marketing
HUMAN Security, Inc.
Gavin Hill is the vice president of insights at HUMAN, where he is responsible for helping customers mitigate the risk of high-impact bot problems with HUMAN's unique insights and threat models. He has held leadership positions in product management, product...
Fred Harris
Head of Cybersecurity Risk, Data Risk and IT Risk
Societe Generale
Harris is the head of cybersecurity risk, data risk and IT risk at Societe Generale Americas. He has more than 30 years of technology and cybersecurity experience in the financial services industry. Before joining SG, Harris served in a similar...

View Agenda
Welcome to the ISMG Virtual Cybersecurity Summit: Financial Services!
Tom FIeld, SVP, Editorial, ISMG
David Pollino, Former CISO, PNC Bank
Tom FIeld
David Pollino
  • 08:56 AM
  • 08:59 AM
Biden Administration's Priorities for Critical Infrastructure and Financial Services
Carole House, Director of Cybersecurity and Secure Digital Innovation at National Security Council, The White House

In 2021, the Biden administration issued the most comprehensive cybersecurity executive order in history. How is the order being enforced to protect critical infrastructure and financial services? And how fares the administration's battle against ransomware?

In this exclusive keynote, Carole House, the director of cybersecurity and secure digital innovation within the NSC, discusses:

  • The state of critical infrastructure protection; 
  • The war on ransomware; 
  • Zero Trust security and the focus on identity.  
Carole House
  • 09:00 AM
  • 09:31 AM
Today’s Ransomware & FinServ: A Prescription for Stronger Defense
Bassam Khan, VP of Product Marketing, Gigamon

72 hours. That’s how long organizations have to report known ransomware to the New York Department of Financial Services. Cybercriminals' methodology has changed from a quick, opportunistic attack to a prolonged and targeted approach. While this shift presents threat actors with the opportunity to spread wider and lay the foundation for a double extortion scheme, it also presents security teams with the opportunity to detect activity before the encryption trigger is pulled. 

We will explore how ransomware loitering allows security analysts to use network visibility, detection and response to discover malicious activity between initial compromise and encryption, including: 

  • How threat actors rely on your network, and how you can use network visibility to your advantage
  • The importance of inspecting encrypted traffic, the challenges of doing so, and the NSA’s guidelines on addressing those challenges
  • How a new and innovative approach to network detection and response is transforming the SOC.
Bassam Khan
  • 09:30 AM
  • 09:59 AM
  • 10:00 AM
  • 10:29 AM
Track A
Lisa Sotto
Track A: Cyber Attack: Essentials of Putting Together the Best Team You Hope You Never Need, Your Incident Response Team
Lisa Sotto, Partner and Chair of the Global Privacy and Cybersecurity Practice, Hunton Andrews Kurth LLP

When it comes to cyber incident response, it truly is a matter of: It's not just what you know, it's who know. Proper response requires a proper team, and renowned attorney Lisa Sotto is often  on the receiving end of a 2am emergency incident response call.  In this exclusive ISMG summit session, she shares insight on:

  • When incident response actually begins (hint: long before your attackers gain entry)
  • Common gaps even in updated and tested plans
  • Step by step – what happens after the call is made
  • 10:00 AM
  • 10:29 AM
Track B
Chris Holden
Nick Economidis
Fred Harris
Track B: Cyber Insurance and Risk: What To Expect in 2022
Chris Holden, CISO, Crum & Forster
Nick Economidis, VP, Crum & Forster
Fred Harris, Head of Cybersecurity Risk, Data Risk and IT Risk, Societe Generale

When CNA Financial – a top U.S. insurance company – was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How do record-high ransomware incidents – and ransoms – affect the cyber insurance sector? What are the emerging standards for coverage, as well as legislative trends affecting the practice?

This exclusive panel tackles these questions as well as:

  • Proving cyber insurance value; 
  • Partnering to build resiliency; 
  • The rising bar for entities to qualify for cyber insurance.
  • 10:30 AM
  • 10:59 AM
Track A
Ax Sharma
Track A: Lessons Learned from the Log4j Exploit
Ax Sharma, Senior Security Researcher, Sonatype

The Log4shell vulnerability found in the Log4j logging framework has been recognized as one of the most critical vulnerabilities ever, open source or otherwise. And while the dangers of the Log4j vulnerability remain high, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: If you don’t know what’s in your software supply chain, you’re already behind.

When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.

While this outlook might seem bleak, there are easy steps you can take to significantly mitigate risk. This session will help you do that by answering:

  • Why the Log4j vulnerability is so severe and common remediation measures companies took to secure their code
  • How you can improve your security posture with automation and SBOMs, and better prepared for the inevitable next open source vulnerability that comes along  
  • 10:30 AM
  • 10:59 AM
Track B
Jason Cook
Track B: Don't Pay the Ransom
Jason Cook, Technical Sales Director, Rubrik

A ransomware attack strikes every 11 seconds.

Despite thick firewalls, the bad guys will get through. Some businesses pay the ransom but most want to recover, so they don’t let the bad guys win.

A payout isn't the only way out.

If hackers exploit your backups, you pay the ransom. If your backups survive, you need to know what to recover and how long it will take. If you don't, you pay the ransom. But even with a decryption key, recovery takes days or weeks and the hackers may not return all the data.

Recovery from a clean backup is the only way to beat hackers. Data managed by Rubrik can’t be encrypted after the fact. Once ingested, no external or internal operation can modify it. So, your data is immune to ransomware. Since data can’t be overwritten, even infected data ingested by Rubrik can’t infect existing files/folders.

We'll discuss how to:

  • Analyze backup metadata for unusual behavior
  • Quickly identify what data was encrypted and where it lives
  • Locate PII that may have been exposed to a data exfiltration attack
  • Automatically protect new workloads and lock retention to prohibit deletion of backup data.
What the FBI Wants You To Know About Ransomware, Supply-Chain Threats and Response
James Dennehy, Special Agent-in-Charge for Counterintelligence and Cyber Division, FBI

Was last year’s record surge of ransomware and supply chain attacks an anomaly? Unfortunately, the FBI is positive it was not, and the outlook for the New Year is: more attacks. Many more.

In this exclusive session, James Dennehy, special agent in charge of the Intelligence and Surveillance Division at the FBI's New York Field Office, shares expert insight on:

  • The current and future trajectory of ransomware, business email compromise, supply chain attacks and more; 
  • The resources the FBI brings to a cybercrime investigation; 
  • When and how to engage with the FBI before an attack has been detected.

James Dennehy
  • 11:00 AM
  • 11:32 AM
  • 11:30 AM
  • 11:44 AM
Track A
Tom Malta
Track A: Identity and the Open Banking Revolution
Tom Malta, FS Strategic Advisor, Okta

A banking revolution is underway in the form of a new financial transparency. A focus on third-party access and straightforward payment options is forcing compliance and regulation mandates on a global scale. The critical technology for this shift is the open API. What does this mean for service providers worldwide?

In this session, attendees will learn about the importance of securing customer identity, protecting APIs and enforcing authentication.

  • 11:30 AM
  • 11:50 AM
Track B
Danny Jenkins
Track B: Demystifying Zero Trust and Its Role in Cybersecurity
Danny Jenkins, CEO / President Founder / Owner, ThreatLocker

The Zero Trust framework is based on the principle of "never trust, always verify." Join us to learn about Zero Trust, how to adopt it, and the technologies you need to take control of your environment in the fight against ransomware.  

  • 12:00 PM
  • 12:29 PM
Track A
Gavin Hill
Track A: Your Digital Transformation is Being Sabotaged
Gavin Hill, VP Marketing, HUMAN Security, Inc.

Digital transformation promises business growth by providing value to customers by leveraging emerging technologies and supporting skills for new business models. At its core, data-driven decisions are the lifeblood of digital transformation. When data is poisoned, stolen and misused for malicious intent, progress slows, resulting in poor customer experience and satisfaction.

In this session, we will explore how sophisticated bot attacks are contaminating top digital transformation trends related to automation, data analytics and application architectures that should be part of every security strategy to solve in 2022.

  • 12:00 PM
  • 12:29 PM
Track B
Chuck McAllister
Karen Boyer
Jeremy Grant
Track B: How Financial Services Can Differentiate Themselves with Modern Strong Authentication
Chuck McAllister, Analytics/Architecture/Engineering Information Security, Yubico
Karen Boyer, VP, Financial Crimes and Fraud Intelligence, People's United Bank
Jeremy Grant, Managing Director, Venable

The financial services industry often struggles with perceived commoditization among customers, but organizations can set themselves apart by offering strong security. Fraud associated with account takeover is largely driven by weak authentication, such as usernames and passwords, security questions and mobile-based authentication - OTP, SMS and push notifications. Modern strong authentication offers end customers highest-assurance security along with ease of use and can create meaningful differentiation and value to drive new customer acquisition and customer retention. Attend this panel discussion to hear the current challenges related to authentication and best practices to implement moving forward.

Myth-Busting and the Move Toward a Clear Legal and Regulatory Framework for Crypto
Ari Redbord, Head of Legal and Government Affairs, TRM Labs
Perianne Boring, Founder and President, Chamber of Digital Commerce
Dante A. Disparte, Chief Strategy Officer and Head of Global Policy, Circle

In 2021 we saw a steady drum beat toward mainstream adoption of cryptocurrencies by traditional financial institutions and investors of all sizes. We saw a move from a Bitcoin only world to an explosion of digital assets. And, we saw global regulators and policy makers begin discussions about building a clear regulatory framework for crypto. But, questions still remain and many myths still permeate the conversation. Crypto is only used for illicit activity. Crypto causes ransomware. Cryptocurrencies are unregulated and pose systemic risk. Join Dante Disparte of Circle, Perianne Boring of the Chamber of Digital Commerce and Ari Redbord of TRM Labs for some myth busting and a discussion of what to expect from crypto regulation and legislation in 2022 and beyond.

Ari Redbord
Perianne Boring
Dante A. Disparte
  • 12:30 PM
  • 12:59 PM
Nefarious Use of Modern Money
Karen Boyer, VP, Financial Crimes and Fraud Intelligence, People's United Bank
Claire Le Gal, Sr. VP, Fraud Intelligence, Strategy & Cyber Products, Mastercard

This panel discussion covers the criminal use of newer forms of money movement to hide criminal proceeds and cash out. It examines how criminals use money movement with Sell, Coinbase, Fan Duel and other legalized gambling mechanisms.

Karen Boyer
Claire Le Gal
  • 01:00 PM
  • 01:34 PM
Absolute Musts in Your Incident Response Plan: Those Who Fail to Plan – Fail
Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response Investigations, Alvarez & Marsal
Kevin Li, CISO, MUFG Securities Americas
Parthiv Shah, SVP & CISO, Signature Bank

If SolarWinds and Kaseya didn't put it to the test, then Log4j did. Your incident response plan: When was it last updated or tested? Does it account for today's latest ransomware and supply chain threats? Does it meet the latest regulatory demands for incident reporting?

Join this panel of seasoned cybersecurity experts for lively discussion of incident response planning, including:

  • The shift from response to resilience; 
  • Preparing for the latest threats; 
  • How to work best with regulators and law enforcement agencies.
Rocco Grillo
Kevin Li
Parthiv Shah
  • 01:30 PM
  • 01:59 PM
Ransomware Stole My Job!
David Pollino, Former CISO, PNC Bank

Ransomware has dominated the headlines for the past few years. But much of the long-term human and career devastation resulting from ransomware attacks remains untold and possibly buried out of view.

In this exclusive session, ISMG Global Content Contributor David Pollino will unpack a real-world example of how a ransomware incident led to numerous layoffs and discuss with an individual their journey from ransomware incident to pink slip, during an event you may have read about in the media. Names and details of the incident have been changed to protect the innocent and, at times, the guilty.

David Pollino
  • 02:00 PM
  • 02:31 PM
FinCEN on Ransomware: The New Regulatory Expectations Explained
AnnaLou Tirol, Deputy Director, FinCen

In November 2021, the U.S. Financial Crimes Enforcement Network - the bureau of the U.S. Department of the Treasury that collects and analyzes information about financial transactions - released a new advisory on ransomware and the use of the financial system to facilitate ransom payments. The comprehensive advisory covers trends, red flags, suspicious activity reporting and more.

In this exclusive session, AnnaLou Tirol, deputy director of FinCEN, explains the guidance and offers deeper insight into:

  • When to report ransomware incidents - and to whom;
  • How and when to engage law enforcement authorities;
  • What trends and typologies you need to know in 2022. 
AnnaLou Tirol
  • 02:30 PM
  • 02:59 PM
Crypto Landscape - Meet the Experts Live and Interactive Q&A
Perianne Boring, Founder and President, Chamber of Digital Commerce
Dante A. Disparte, Chief Strategy Officer and Head of Global Policy, Circle
Ari Redbord, Head of Legal and Government Affairs, TRM Labs
Perianne Boring
Dante A. Disparte
Ari Redbord
  • 03:00 PM
  • 03:29 PM

Speaker Interviews

Critical Infrastructure Security Summit Preview - Grant Schneider on Water, Power and Financial Services
Critical Infrastructure Security Summit Preview - Grant Schneider on Water, Power and Financial Services
Critical Infrastructure Security Summit Preview - Grant Schneider on Water, Power and Financial Services
Cryptocurrency's significant year with landmark arrests, an executive order, and outrageous fraud schemes.
Cryptocurrency's significant year with landmark arrests, an executive order, and outrageous fraud schemes.
Cryptocurrency's significant year with landmark arrests, an executive order, and outrageous fraud schemes.
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a Cyberattack
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a Cyberattack
Importance of Medical Ethics in Cybersecurity - Christopher Frenz on Patient Care After a...
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity Operating Model
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity Operating Model
Transforming an Organization's Security Culture - CISO Bobby Ford on Building a New Cybersecurity...
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where is CISO Role Headed?
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where is CISO Role Headed?
Profiles in Leadership: Rob Hornbuckle, CISO, Allegiant - Beyond Security, More Than Business: Where...
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship With the Board
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship With the Board
Profiles in Leadership: Selim Aissi, IMT (Ellie Mae) - Perspectives on the CISO Relationship...
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision of U.K.’s New Self-Regulatory Body
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision of U.K.’s New Self-Regulatory Body
UK Cyber Security Council to Tackle Education, Standards - Dr. Claudia Natanson Describes Vision...
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients for a Mature Program
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients for a Mature Program
Data Risk Governance: The BISO's Perspective - Patrick Benoit of CBRE on Necessary Ingredients...
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of Threats, Technology and Leadership
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of Threats, Technology and Leadership
CISO Spotlight: Troels Oerting, World Economic Forum - Veteran Cybersecurity Leader on Evolution of...
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing Hospitals Without Borders
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing Hospitals Without Borders
Driving Healthcare Innovation With a Security Mindset - ChristianaCare CISO Anahi Santiago on Securing...
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as Head of SEI’s CERT Division
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as Head of SEI’s CERT Division
Touhill: What It Takes to Be Resilient - Ex-Federal CISO Starts New Role as...
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State of the Industry and Technologies to Watch
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State of the Industry and Technologies to Watch
Art Coviello: 'It's a Roaring '20s for Technology' - RSA's Former CEO on State...
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was 'Most Secure Election of My Career'
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was 'Most Secure Election of My Career'
Election Security: Lessons Learned from 2020 - FBI's Elvis Chan on Why This Was...
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020 and Opportunities in the Year Ahead
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020 and Opportunities in the Year Ahead
CISO Spotlight: Marene Allison, Johnson & Johnson - Reflections on Seismic Change in 2020...
Do You Need a Human OS Upgrade? - CISO of World Health Organization on Multilayered Defense Strategies
Do You Need a Human OS Upgrade? - CISO of World Health Organization on Multilayered Defense Strategies
Do You Need a Human OS Upgrade? - CISO of World Health Organization on...
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity Succeeds CISO Jim Routh
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity Succeeds CISO Jim Routh
Ariel Weintraub Takes Charge of Cybersecurity at MassMutual - New Head of Enterprise Cybersecurity...
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique
Zero Trust': An Outdated Model? - Cyjax CISO Ian Thornton-Trump Offers a Critique
Zero Trust: 'What Are You Trying to Protect?' - Father of Zero Trust, John Kindervag, on How Conversation, Industry Have Evolved
Zero Trust: 'What Are You Trying to Protect?' - Father of Zero Trust, John Kindervag, on How Conversation, Industry Have Evolved
Zero Trust: 'What Are You Trying to Protect?' - Father of Zero Trust, John...
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management Progress
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management Progress
Better Identity Coalition: A Project Update - Jeremy Grant, Coalition Coordinator, Discusses Identity Management...
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM Techniques
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM Techniques
Changing Authentication for Employees - Navy Federal Credit Union’s Thomas Malta on Applying CIAM...
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is Broken, and It’s Time for a Change’
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is Broken, and It’s Time for a Change’
Equifax CISO Jamil Farshchi on SolarWinds and Supply Chains - ‘Supply Chain Security Is...
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM for Remote Workforce
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM for Remote Workforce
The Critical Role of Dynamic Authentication - Wells Fargo's Sridhar Sidhu on Redefining IAM...
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention to Fundamental Need for Better DevSecOps
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention to Fundamental Need for Better DevSecOps
NIST's Ron Ross: 'The Adversary Lives in the Cracks' - SolarWinds Breach Calls Attention...

January 25 - 26, 2022

Financial Services Summit

© 2023 Information Security Media Group, Corp.
Privacy & GDPR Statement  |  CCPA: Do Not Sell My Personal Data
Summits Engage Roundtables Faculty About Contact Us