Cybersecurity Financial Services Summit: New York

November 6, 2025 | 8:30 AM ET - 5:00 PM ET

Hosted by BankInfoSecurity

Event Overview

ISMG’s 2025 Financial Services Cybersecurity Summit will tackle the sector’s most urgent cyber challenges. A keynote panel of leading CISOs will discuss how InfoSec leaders’ responsibilities now span IT, data, communications and operations, underscoring cybersecurity’s strategic role. Sessions will deliver insights on advanced threat intelligence, payment fraud prevention, AI’s impact on attackers and defenders, and leveraging cyber insurance in risk management.

The event concludes with the interactive Solution Room, a hands-on incident response workshop where participants face a high-stakes deepfake scenario to strengthen crisis planning and response.

Request to Attend

By submitting this form you agree to our Privacy & GDPR Statement.

If you have any trouble submitting this form, please send an email to roundtables@ismg-events.com for assistance.

*Please note that this is an invitation-only event and space is limited. All requests to attend will be reviewed by our event staff and approved based on professional qualifications and event capacity. Additionally, these events will not be recorded and the Chatham House Rule will apply.

Venue

Conrad New York Downtown

102 N End Avenue, New York, NY 10282

NOTE:  All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.

Scott Tenenbaum

Head of Claims, North America, Resilience

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigation Unit

David Anderson

Vice President, Cyber, Woodruff Sawyer

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Kimberly Pack

Counsel, Thompson Hine LLP

Speakers

Thought Leaders on Stage Leading Deep-Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

Keynote Speaker

Moriah Hara

AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

Moriah is a 3x Fortune 500 Award Winning CISO at Wells Fargo Capital Markets, Interpublic Group and Bank of Montreal. She is a Board Advisor to several startups and a Cybersecurity Co-Author for the book, “The Perfect Scorecard: Getting An ‘A’ in Cybersecurity From Your Board Of Directors.”

She was named by Cybercrime Magazine as one of top 100 Fascinating Women Fighting Cyber, and has multiple, industry recognized security certifications such as the CISSP, CISM, CSSLP, PCI QSA and AWS Security and graduated from Harvard’s inaugural executive cybersecurity program.

Keynote Speaker

Moriah Hara

AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

Interpublic Group and Bank of Montreal. She is a Board Advisor to several startups and a Cybersecurity Co-Author for the book, “The Perfect Scorecard: Getting An ‘A’ in Cybersecurity From Your Board Of Directors.”

She was named by Cybercrime Magazine as one of top 100 Fascinating Women Fighting Cyber, and has multiple, industry recognized security certifications such as the CISSP, CISM, CSSLP, PCI QSA and AWS Security and graduated from Harvard’s inaugural executive cybersecurity program.

Keynote Speaker

Hardik Mehta

Global Head of Risk and Regulatory Compliance, JPMorganChase

Expert in building high-performing risk teams, aligning engineering and regulatory goals, and embedding risk into product development. Pioneered the world’s first cloud-native self-service compliance platform on Azure, automating 450+ controls with AI/ML. Skilled in FAIR, SOX, NIST, GDPR, and large-scale program delivery. Known for translating complex risk into actionable frameworks and driving cultural change across global teams.

Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

7:30 AM - 8:30 AM ET

Registration & Breakfast

8:30 am - 8:35 am et

Opening Comments

8:35 AM - 9:00 AM ET

AI in Financial Services: What's Real?

These topics are all top-of-mind for financial institutions headed into 2026. But what does AI success look like? Which AI-powered goals are realistic, and which ones might be deployed to impress the Board?

Our expert panelists share their experience w/AI in major financial service institutions and tackle questions on topics including:

  • How to manage data security in the AI era
  • AI-powered supply chain risk – how to get a handle on it
  • How to cut through all the noise and sidestep AI FOMO

Moriah Hara,

AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

Hardik Mehta,

Global Head of Risk and Regulatory Compliance, JPMorganChase

9:00 AM - 9:30 AM ET

Zero Trust in the Age of AI and What it Means - How Should Financial Organizations Think About the Risks of AI, and Where Does Zero Trust Fit In?

This includes implementing a modern zero trust architecture to protect data and users, embracing AI while managing its risks, and handling the technical and financial implications of ever-expanding environments. A risk-based approach to security ensures CIOs and CISOs deliver a secure, phased transformation.
Join this session to:

  • Understand how zero trust and AI together, unlike firewalls, provide the strongest cyber defense by stopping threat actors from lateral movement within networks
  • Learn strategies for protecting AI applications developed internally for customers and employees, while preventing data leaks from public AI applications
  • Discover how AI is being leveraged for better cyber defense, in areas like segmentation, data classification and agentic operations

Sanjit Ganguli,

VP, CTO in Residence, Zscaler

Hardik Mehta,

Global Head of Risk and Regulatory Compliance, JPMorganChase

9:30 AM - 10:00 AM ET

The Path to a Password-Less Future

The goal has been common to the financial industry for several years: What will it take to achieve it? This session will explore advances in biometrics, hard tokens, passkeys and also consider how these advances can improve – or impede – customer UX, and where more friction could be a requirement. Panelists will also discuss the implications of password-free security within financial organizations. 

Session highlights:

  • Implications for the future of identity;
  • Potential password-less attack;
  • The role of data analytics and AI in supporting password-less security frameworks;
  • Impact on insider threat detection and internal system management.

Vlad Brodsky,

Chief Information Officer & Chief Information Security Officer, OTC Markets Group Inc.

Steve Lenderman,

Head of Fraud Prevention, iSolved, CyberEdBoard Member

Josh Cigna,

Solutions Architect, Yubico

10:00 AM - 10:30 am

Top Recommendations from the Financial Services State of Software Security & AI Reports

The report analyzed 1.3 million applications to find the most significant risks that this sector faces.

Highlights include:

  • 57% of financial services apps have at least one security flaw, progress on reducing flaws has stagnated since 2021;
  • Fixing issues takes 276 days on average—nearly a month longer than other industries;
  • 77% of organizations carrying unresolved flaws over a year old, 63% of which are critical;
  • Most of the critical security debt (82%) comes from open-source code;
  • 45% of AI assisted code completion tasks generate a flaw that must be remediated.


Join us to learn more about the key findings, best practices to fix them, and a discussion on where the industry will go next.

Chris Wysopal,

Chief Security Evangelist, Veracode

10:30 AM - 10:40 am

Beyond the Endpoint: Why Network Detection and Response Is Critical in the Financial Industry’s Threat Landscape

As the attack surface continues to expand across cloud environments, OT devices, and third-party vendors, attackers have more opportunities to gain the initial access they need to launch attacks. Corelight’s NDR platform provides the essential telemetry and contextual intelligence required to identify and safeguard high-value assets, meet compliance demands, and empower security teams to detect and respond to sophisticated threats effectively in real-time.

Vincent Stoffer,

Field CTO, Corelight, Inc

JP Morgan

Chief Excecutive Officer

10:40 am - 11:05 am

Networking Break

11:05 AM - 11:35 am

Combating Insider Threats with Data Resilience and Endpoint Control

This session explores how to detect, respond to, and recover from internal attacks. Learn how to strengthen your security posture with proactive monitoring, unified endpoint management, and resilient backup strategies that protect data, ensure compliance, and minimize damage from insider-driven incidents.

Chris Young,

Cybersecurity Enterprise Account Executive, OpenText

JP Morgan

Chief Excecutive Officer

11:40 AM - 11:50 AM ET

From Roadblock to Growth Engine: Security’s New Role in Business Acceleration

Next-gen security leads have flipped the script, becoming growth partners by creating controlled environments where high-risk work thrives, without limits. Learn proven patterns on how top orgs made the shift: enabling M&A in days not months, creating new product with dangerous data, and other examples turning security into a measurable business advantage.

Kristopher Schroeder,

Founder & CEO, Replica Cyber

JP Morgan

Chief Excecutive Officer

11:55 AM - 12:25 PM ET

Navigating 23 NYCRR 500 Compliance in Financial Services

Join this session to address the unique challenges of critical system security within the framework of 23 NYCRR 500, including the latest November 1 deadline. We’ll break down each regulatory requirement, highlight why critical systems must be a central focus, and explore the tangible costs of non-compliance. From vulnerability management and penetration testing to MFA and surgical data recovery, we’ll provide actionable insights and a readiness checklist to help you take immediate steps toward compliance. 

You will learn: 

  • How to align critical system security, like mainframe and IBM i, with 23 NYCRR 500 requirements;
  • Phased approaches to minimize disruption and meet regulatory needs;
  • Practical steps for vulnerability management, MFA, and more;


Don’t miss this opportunity to gain clarity, reduce noise, and take control of your critical system security strategy.

Tim Hill,

VP, Software Engineering, Rocket Software

JP Morgan

Chief Excecutive Officer

12:25 PM - 12:55 PM ET

Get Off the Assessment Treadmill. Take a Data-First, Questionnaire-Second Approach

More resources? Not likely. Sound familiar? You’re not alone. We’ve been at this for years, yet the process continues to become more burdensome for your team and for the people in your company who rely on your third parties. It doesn’t have to be that way.

The newest risk exchange models are eliminating up to 80% of questionnaire requests by leveraging validated data. In this session, we’ll show you how to transform your third-party risk management program by incorporating smarter workflows and better data access.

What you’ll learn:

  • How to instantly perform inherent risk analysis across your entire vendor portfolio;
  • Ways to incorporate real-time risk data to reduce the number of questionnaires;
  • How to map your questionnaires to industry-standard frameworks or threat profiles to ask fewer, more targeted questions;
  • How to access assessment data on large, hard-to-assess third parties that don’t respond;
  • How to monitor 100% of your third-party portfolio not just your critical vendors.

Sandeep Bhide,

VP Product Management, ProcessUnity

JP Morgan

Chief Excecutive Officer

12:55 PM - 1:40 PM ET

Lunch Break

1:40 PM - 2:10 PM ET

The New Economics of Cyber Risk: Quantifying Exposure, Liability, and Resilience

Today, lawsuits can follow within days of a breach, insurers are tightening terms, and underwriters want proof of governance maturity and supply chain visibility — not just policies on paper.

This session explores how CISOs, legal teams, and insurers are redefining the economics of cyber risk. We’ll examine how financial institutions are quantifying exposures across data breaches, business interruption, privacy practices, and third-party dependencies — and how cyber insurance is evolving to keep pace with new forms of liability, litigation, and regulatory oversight.

We’ll discuss:

  • What’s measurable and what remains unpredictable in cyber risk quantification
  • The new wave of “non-breach” privacy and arbitration claims shaping insurance coverage
  • How underwriters and CISOs are aligning around resilience, governance, and transparency
  • The blurring lines between cyber, E&O, and crime coverage in financial institutions
  • Communicating risk exposure and resilience to boards in business terms

Scott Tenenbaum,

Head of Claims, North America, Resilience

David Anderson, CIPP/US

Vice President, Cyber, Woodruff Sawyer – A Gallagher Company

Kimberly Pack

Counsel, Thompson Hine LLP

2:10 PM - 2:40 PM ET

EHLO World: Spear-Phishing at Scale using Generative AI

Today, lawsuits can follow within days of a breach, insurers are tightening terms, and underwriters want proof of governance maturity and supply chain visibility — not just policies on paper.

This session explores how CISOs, legal teams, and insurers are redefining the economics of cyber risk. We’ll examine how financial institutions are quantifying exposures across data breaches, business interruption, privacy practices, and third-party dependencies — and how cyber insurance is evolving to keep pace with new forms of liability, litigation, and regulatory oversight.

We’ll discuss:

  • What’s measurable and what remains unpredictable in cyber risk quantification
  • The new wave of “non-breach” privacy and arbitration claims shaping insurance coverage
  • How underwriters and CISOs are aligning around resilience, governance, and transparency
  • The blurring lines between cyber, E&O, and crime coverage in financial institutions
  • Communicating risk exposure and resilience to boards in business terms

Scott Tenenbaum,

Head of Claims, North America, Resilience

David Anderson, CIPP/US

Vice President, Cyber, Woodruff Sawyer – A Gallagher Company

Kimberly Pack

Counsel, Thompson Hine LLP

2:40 PM - 3:40 PM ET

Solution Room -Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.

What You Will Gain From This Experience:

  • Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks;
  • Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems;
  • Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.

Seth Rose,

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

3:40 PM - 4:00 PM ET

Networking

4:00 PM - 4:10 PM ET

Sponsor Showcase: Anvilogic

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.

What You Will Gain From This Experience:

  • Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks;
  • Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems;
  • Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.

Seth Rose,

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

4:10 PM - 4:40 PM ET

The Hidden Risk: Securing the 80% of Data Most Organizations Overlook

But what about the other 80% of enterprise data that resides in non-production environments like development, testing, analytics, and AI/ML? These environments are rich with sensitive data, yet frequently underprotected, creating a massive blind spot for CISOs and cyber leaders.

Join Aaron Jensen, Director of Solutions Engineering at Delphix, as he unveils insights from the 2025 State of Data Compliance and Security Report, which found that 54% of organizations have already experienced data breaches in non-production environments, and 84% allow compliance exceptions that increase risk. With AI accelerating data sprawl and regulatory scrutiny intensifying, the stakes have never been higher.

This session will explore how Delphix helps financial institutions eliminate data risk without slowing innovation—using automated data masking, secure replication, and continuous compliance across hybrid and cloud environments. Learn how to secure the data that fuels development while meeting the demands of regulators, auditors, and your board.

Key Takeaways:

  • Why non-production environments are the new frontier for cyber risk;
  • How Delphix enables secure, compliant data delivery for DevOps and AI;
  • Strategies to align data protection with speed, agility, and innovation.

Aaron Jensen,

Director of Solutions Engineering, Delphix

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

4:40 PM - 5:05 PM ET

Hidden Links, Big Fallout: Lessons From the New Wave of Supply Chain Attacks

In this session, we address the critical challenge of third-party and supply chain risk management in the financial sector. We’ll explore real-world case studies and cover best practices for due diligence, continuous monitoring, and incident response planning.

Key Takeaways:

  • Real-world impacts of supply chain breaches in finance• Methods to perform rigorous vendor due diligence and monitoring;
  • Tactics for managing fourth-party risk and systemic concentration;
  • Incident response considerations for third-party incidents.

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

Seth Rose,

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

5:05 PM ET

Closing Comments

11:05 AM - 11:35 am

Top Emerging Cybersecurity Threats in Finance and How to Combat Them

As cyber threats escalate, from ransomware to advanced phishing and supply chain breaches, AI is stepping up as the game-changer leaders need to tackle complex challenges head-on.
 
This discussion will explore how AI is empowering businesses to not only defend against cyberattacks but also fuel growth and drive innovation. With cybercrime becoming more sophisticated and breaches occurring at an alarming rate, AI isn’t just critical for defense—it’s essential for reshaping business leadership. Learn how AI can supercharge your security, streamline operations, and unlock new growth opportunities, positioning your organization for long-term success in a constantly shifting digital environment.
 
Attendees will walk away with practical insights on integrating AI into their cybersecurity strategies. Discover how to strengthen defenses, boost operational efficiency, and drive sustainable innovation, ensuring your business is ready to stay ahead in a fast-paced world where cyber risks and competition are only getting fiercer.
 
We’ll Discuss:
  • Addressing Today’s Leadership Challenges- Cybersecurity leaders are under immense pressure—fiercer competition, escalating cyber risks, and shifting customer demands. In this session, we’ll discuss how AI can help leaders stay ahead of these challenges by transforming security and operations.
  • AI as a Strategic Game-Changer- AI is not just solving problems; it’s reshaping how businesses make decisions and manage risk. Learn how AI is tackling sophisticated threats like adversarial attacks and enhancing decision-making and efficiency in real-time.
  • Evaluating Processes for AI Integration- AI is making an impact across every part of business, but where should you focus? We’ll show you how to evaluate current processes—whether in real-time threat detection, incident response, or customer engagement—and identify where AI can deliver the most value.
  • AI for Innovation and Business Growth- AI isn’t just about security—it’s a powerhouse for driving growth. Learn how AI can help your company stay competitive by accelerating digital transformation, sparking product innovation, and creating personalized customer experiences, all while strengthening security defenses.
 

Herman Lisman,

Director, Sales Engineering - US, Arctic Wolf

JP Morgan

Chief Excecutive Officer

11:40 AM - 11:50 am

Cyber Resilience in the Age of AI: How Thales Safeguards Your Financial Data

Thales helps organizations achieve data immunity in the age of AI. Building on decades of leadership in financial data protection, Thales delivers encryption, tokenization, and advanced data masking to secure PCI, PII, transactions, and customer assets—even against AI-powered attacks.

In this session, discover how Thales secures sensitive financial data and AI models alike by protecting every stage of the AI lifecycle, from training and inference to analytics, ensuring resilience, compliance, and trust in every interaction.

Sanyam Bassi,

Principal Solutions Architect, Thales

JP Morgan

Chief Excecutive Officer

11:55 AM - 12:25 pm

From Exposure to Exploitation: Confronting the Rise of Initial Access Brokers and Ransomware Groups

Using a real-world case study, we’ll show how one ransomware group leveraged IABs to infiltrate a company’s network.

Drawing on our involvement in the BidenCash takedown, we’ll also share how Searchlight helped seize cryptocurrency linked to dark web marketplaces and present insights from our analysis of ransomware groups, including Cl0p, Play, Akira, and Qilin.

In this session, you’ll learn:

  • How IABs operate and advertise corporate network access;
  • What information about your organization is traded on the dark web;
  • How attackers view and exploit your external attack surface;
  • How correlating vulnerabilities with dark web activity helps prioritize real risk.

Ryan Cole,

Product Technical Specialist, Searchlight Cyber

10:00 AM - 10:30 am

Building Resilience Against the Rise of AI-Powered Cyber Threats

Cybercriminals are now leveraging AI to launch attacks with unprecedented speed, precision, and adaptability, creating an environment where traditional security measures are increasingly ineffective. From AI-powered phishing to automated malware deployment, attackers are exploiting machine learning algorithms to bypass conventional defenses.
 
At the same time, AI-driven security systems are emerging as the frontline defenders in this high-stakes cyber arms race, enabling organizations to predict, detect, and neutralize threats at machine speed. As we move into 2026, enterprises must evolve to counter AI-powered adversaries or risk being overwhelmed by the pace of attack innovation. This panel will explore how businesses can build cyber resilience in this AI-driven era, uncovering both the challenges and opportunities AI presents for cybersecurity. In a world where cyber threats are becoming more intelligent and sophisticated, traditional defenses simply aren’t enough.
 
Join us for a critical discussion on how AI is not only reshaping the threats you face but also empowering you to build resilient, future-proof defenses capable of staying ahead in an era of intelligent attacks.
 
Key Discussion Points:
 
  • Understand the dual role of AI as both a weapon for cybercriminals and a powerful tool for defense. Explore the risks of AI-driven attacks and the opportunities for organizations to leverage AI for proactive threat detection and neutralization.
  • Dive into real-world examples of AI-driven cyberattacks, including autonomous botnet networks and deepfake-driven fraud, and discover how these attacks are evolving faster than ever before. Learn the latest countermeasures that are keeping pace with these intelligent threats.
  • Learn how to design adaptive, self-learning defense systems that evolve with the threat landscape. Discover strategies for embedding machine learning into threat intelligence and response systems, ensuring your defenses can anticipate and outsmart evolving AI adversaries.
  • Explore actionable strategies for CISOs to stay one step ahead of AI-powered adversaries. From AI-driven threat modeling to automated security orchestration, learn how to fortify your digital ecosystem and maintain an agile, proactive defense.

JP Morgan

Chief Excecutive Officer

JP Morgan

Chief Excecutive Officer

JP Morgan

Chief Excecutive Officer

JP Morgan

Chief Excecutive Officer

7:30 AM - 8:30 AM ET

Registration & Breakfast

8:30 am - 8:35 am et

Opening Comments

8:35 AM - 9:00 AM ET

Keynote Session: Panel Discussion

Our Keynote will examine how cybersecurity leadership is expanding into a business-wide mandate – from compliance and privacy to fraud prevention and operational resilience. We will discuss the growing strategic importance of cybersecurity at all organizational levels and how CISOs must collaborate across risk, compliance, and business units to embed security into the company’s DNA. Attendees will hear how new regulations and rising board expectations are elevating the CISO’s accountability. Through real-world examples, we’ll explore strategies for breaking down silos, communicating cyber risk in financial terms, and aligning security initiatives with core business objectives to drive resilience and trust.

Key Takeaways:
  • How and why the CISO’s responsibilities now span enterprise risk management, data governance, and business operations;
  • Approaches to bridge communication gaps between cybersecurity, fraud, compliance, and other risk domains;
  • Effective methods to engage the Board and executive leadership on cybersecurity as a strategic business issue;
  • Strategies for measuring and conveying security program value in financial terms to support informed decision-making.
9:00 AM - 9:30 AM ET

Zero Trust in the Age of AI and What it Means - How Should Financial Organizations Think About the Risks of AI, and Where Does Zero Trust Fit In?

This includes implementing a modern zero trust architecture to protect data and users, embracing AI while managing its risks, and handling the technical and financial implications of ever-expanding environments. A risk-based approach to security ensures CIOs and CISOs deliver a secure, phased transformation.
Join this session to:

  • Understand how zero trust and AI together, unlike firewalls, provide the strongest cyber defense by stopping threat actors from lateral movement within networks
  • Learn strategies for protecting AI applications developed internally for customers and employees, while preventing data leaks from public AI applications
  • Discover how AI is being leveraged for better cyber defense, in areas like segmentation, data classification and agentic operations

Sanjit Ganguli,

VP, CTO in Residence, Zscaler

9:30 AM - 10:00 AM ET

The Path to a Password-Less Future

The goal has been common to the financial industry for several years: What will it take to achieve it? This session will explore advances in biometrics, hard tokens, passkeys and also consider how these advances can improve – or impede – customer UX, and where more friction could be a requirement. Panelists will also discuss the implications of password-free security within financial organizations. 

Session highlights:

  • Implications for the future of identity;
  • Potential password-less attack;
  • The role of data analytics and AI in supporting password-less security frameworks;
  • Impact on insider threat detection and internal system management.
10:00 AM - 10:30 AM ET

Top Recommendations from the Financial Services State of Software Security & AI Reports

The report analyzed 1.3 million applications to find the most significant risks that this sector faces.

Highlights include:

  • 57% of financial services apps have at least one security flaw, progress on reducing flaws has stagnated since 2021;
  • Fixing issues takes 276 days on average—nearly a month longer than other industries;
  • 77% of organizations carrying unresolved flaws over a year old, 63% of which are critical;
  • Most of the critical security debt (82%) comes from open-source code;
  • 45% of AI assisted code completion tasks generate a flaw that must be remediated.


Join us to learn more about the key findings, best practices to fix them, and a discussion on where the industry will go next.

Chris Wysopal,

Chief Security Evangelist, Veracode

10:30 AM - 10:40 AM ET

Beyond the Endpoint: Why Network Detection and Response Is Critical in the Financial Industry’s Threat Landscape

As the attack surface continues to expand across cloud environments, OT devices, and third-party vendors, attackers have more opportunities to gain the initial access they need to launch attacks. Corelight’s NDR platform provides the essential telemetry and contextual intelligence required to identify and safeguard high-value assets, meet compliance demands, and empower security teams to detect and respond to sophisticated threats effectively in real-time.

Vincent Stoffer,

Field CTO, Corelight, Inc

10:40 AM - 11:05 AM ET

Networking Break

11:05 AM - 11:35 AM ET

Combating Insider Threats with Data Resilience and Endpoint Control

This session explores how to detect, respond to, and recover from internal attacks. Learn how to strengthen your security posture with proactive monitoring, unified endpoint management, and resilient backup strategies that protect data, ensure compliance, and minimize damage from insider-driven incidents.

Chris Young,

Cybersecurity Enterprise Account Executive, OpenText

11:40 AM - 11:50 AM ET

From Roadblock to Growth Engine: Security’s New Role in Business Acceleration

Next-gen security leads have flipped the script, becoming growth partners by creating controlled environments where high-risk work thrives, without limits. Learn proven patterns on how top orgs made the shift: enabling M&A in days not months, creating new product with dangerous data, and other examples turning security into a measurable business advantage.

Kristopher Schroeder,

Founder & CEO, Replica Cyber

11:55 Am - 12:25 pm et

Navigating 23 NYCRR 500 Compliance in Financial Services

Join this session to address the unique challenges of critical system security within the framework of 23 NYCRR 500, including the latest November 1 deadline. We’ll break down each regulatory requirement, highlight why critical systems must be a central focus, and explore the tangible costs of non-compliance. From vulnerability management and penetration testing to MFA and surgical data recovery, we’ll provide actionable insights and a readiness checklist to help you take immediate steps toward compliance. 

You will learn: 

  • How to align critical system security, like mainframe and IBM i, with 23 NYCRR 500 requirements;
  • Phased approaches to minimize disruption and meet regulatory needs;
  • Practical steps for vulnerability management, MFA, and more;


Don’t miss this opportunity to gain clarity, reduce noise, and take control of your critical system security strategy.

Tim Hill

VP, Software Engineering, Rocket Software

12:25 Pm - 12:55 Pm et

Get Off the Assessment Treadmill. Take a Data-First, Questionnaire-Second Approach

More resources? Not likely. Sound familiar? You’re not alone. We’ve been at this for years, yet the process continues to become more burdensome for your team and for the people in your company who rely on your third parties. It doesn’t have to be that way.

The newest risk exchange models are eliminating up to 80% of questionnaire requests by leveraging validated data. In this session, we’ll show you how to transform your third-party risk management program by incorporating smarter workflows and better data access.

What you’ll learn:

  • How to instantly perform inherent risk analysis across your entire vendor portfolio;
  • Ways to incorporate real-time risk data to reduce the number of questionnaires;
  • How to map your questionnaires to industry-standard frameworks or threat profiles to ask fewer, more targeted questions;
  • How to access assessment data on large, hard-to-assess third parties that don’t respond;
  • How to monitor 100% of your third-party portfolio not just your critical vendors.

Sandeep Bhide

VP Product Management, ProcessUnity

12:55 PM - 1:40 PM ET

Lunch

1:40 Pm - 2:10 Pm et

The New Economics of Cyber Risk: Quantifying Exposure, Liability, and Resilience

Today, lawsuits can follow within days of a breach, insurers are tightening terms, and underwriters want proof of governance maturity and supply chain visibility — not just policies on paper.

This session explores how CISOs, legal teams, and insurers are redefining the economics of cyber risk. We’ll examine how financial institutions are quantifying exposures across data breaches, business interruption, privacy practices, and third-party dependencies — and how cyber insurance is evolving to keep pace with new forms of liability, litigation, and regulatory oversight.

We’ll discuss:

  • What’s measurable and what remains unpredictable in cyber risk quantification
  • The new wave of “non-breach” privacy and arbitration claims shaping insurance coverage
  • How underwriters and CISOs are aligning around resilience, governance, and transparency
  • The blurring lines between cyber, E&O, and crime coverage in financial institutions
  • Communicating risk exposure and resilience to boards in business terms

Scott Tenenbaum

Head of Claims, North America, Resilience

David Anderson

CIPP/US, Vice President, Cyber, Woodruff Sawyer - A Gallagher Company

Kimberly Pack

Counsel, Thompson Hine LLP

2:10 PM - 2:40 PM ET

EHLO World: Spear-Phishing at Scale using Generative AI

This session explores how to detect, respond to, and recover from internal attacks. Learn how to strengthen your security posture with proactive monitoring, unified endpoint management, and resilient backup strategies that protect data, ensure compliance, and minimize damage from insider-driven incidents.

Vincent Stoffer,

Field CTO, Corelight, Inc

2:40 PM - 3:40 PM ET

Solution Room -Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.

What You Will Gain From This Experience:

  • Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks;
  • Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems;
  • Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.

Seth Rose,

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

3:40 pM - 4:00 pM ET

Networking Break

4:00 PM - 4:10 PM ET

Sponsor Showcase: Anvilogic

But a well-executed DevSecOps strategy can turn security into a business enabler, integrating controls directly into the software lifecycle without stalling delivery. This session focuses on what DevSecOps means for CISOs in financial services: not just shifting left, but embedding governance, risk, and compliance directly into development workflows.
We’ll explore how leading financial firms are implementing security guardrails in CI/CD pipelines, using policy-as-code to enforce controls, and ensuring that software shipped to production meets regulatory and resilience standards.
 
We’ll also discuss how to drive alignment across AppSec, DevOps, and GRC functions – especially in environments where infrastructure is increasingly ephemeral and APIs serve as critical product infrastructure.
 
We will cover:
  • How to establish DevSecOps as a governance model, aligned to compliance and operational resilience.
  • Real-world practices for embedding security guardrails into CI/CD pipelines.
  • Strategies to integrate SBOM validation, third-party component monitoring, and change control into Dev workflows.
  • Cultural and structural changes needed to align AppSec, DevOps, and GRC teams.
 

Vincent Stoffer,

Field CTO, Corelight, Inc

4:10 PM - 4:40 PM ET

The Hidden Risk: Securing the 80% of Data Most Organizations Overlook

But what about the other 80% of enterprise data that resides in non-production environments like development, testing, analytics, and AI/ML? These environments are rich with sensitive data, yet frequently underprotected, creating a massive blind spot for CISOs and cyber leaders.

Join Aaron Jensen, Director of Solutions Engineering at Delphix, as he unveils insights from the 2025 State of Data Compliance and Security Report, which found that 54% of organizations have already experienced data breaches in non-production environments, and 84% allow compliance exceptions that increase risk. With AI accelerating data sprawl and regulatory scrutiny intensifying, the stakes have never been higher.

This session will explore how Delphix helps financial institutions eliminate data risk without slowing innovation—using automated data masking, secure replication, and continuous compliance across hybrid and cloud environments. Learn how to secure the data that fuels development while meeting the demands of regulators, auditors, and your board.

Key Takeaways:

  • Why non-production environments are the new frontier for cyber risk;
  • How Delphix enables secure, compliant data delivery for DevOps and AI;
  • Strategies to align data protection with speed, agility, and innovation.

Aaron Jensen,

Director of Solutions Engineering, Delphix

4:40 Pm - 5:05 pm et

Hidden Links, Big Fallout: Lessons From the New Wave of Supply Chain Attacks

In this session, we address the critical challenge of third-party and supply chain risk management in the financial sector. We’ll explore real-world case studies and cover best practices for due diligence, continuous monitoring, and incident response planning.

Key Takeaways:

  • Real-world impacts of supply chain breaches in finance• Methods to perform rigorous vendor due diligence and monitoring;
  • Tactics for managing fourth-party risk and systemic concentration;
  • Incident response considerations for third-party incidents.

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

Vlad Brodsky

Chief Information Officer & Chief Information Security Officer, OTC Markets Group Inc. 

5:05 PM ET

Closing Comments

Don’t miss your chance to attend this dynamic impactful event

@ ISMG_News    #ISMGSummits

Summit Sponsors

Register

CPE Credits

ISMG Summits offer Continuing Professional Education Credits. Learn informative and engaging content created specifically for security professionals.

The Summit Experience

Upcoming ISMG Events

November 5, 2025​

Fraud Prevention Security Summit: New York

November 6, 2025​

Cybersecurity Summit: New York Financial Services

November 25, 2025​

DynamicCISO Excellence Awards 2025

December 4-5, 2025

Virtual: South Asia Summit

February 24, 2026

Virtual: Cybersecurity Summit: Implications of AI

Upcoming ISMG Events

November 5, 2025​

Fraud Prevention Security Summit: New York

November 6, 2025​

Cybersecurity Summit: New York Financial Services

November 25, 2025​

DynamicCISO Excellence Awards 2025