Financial Services Cybersecurity Summit

October 17, 2023

Financial Services Cybersecurity Summit

8:00 AM ET - 5:00 PM ET

Event Overview

The annual ISMG New York Financial Services summit dedicates a full day to enhancing cybersecurity education for CISOs and their teams. The event will begin with a keynote session featuring Susan Koski, CISO of PNC, and Matanda Doss, executive director of cybersecurity and technology controls at JPMorgan Chase.

During this highly anticipated session, they will delve into team skill development, effective leadership techniques, and the intricacies of incident response, all in the context of the transformative potential of technology, especially AI.

Participants will gain valuable insights from an interactive session led by Aravind Swaminathan, a top U.S. personal liability lawyer and global co-chair cybersecurity and data privacy at Orrick, Herrington & Sutcliffe LLP. This session will analyze the Joe Sullivan Uber case and engage in a mock exercise exploring actions CISOs can take in challenging situations.

The summit will also comprehensively explore incident response strategies through an interactive “Solution Room” exercise. This challenging exercise will prompt CISOs and cybersecurity leaders to formulate incident response strategies in the scenario of a global ransomware attack.

Moreover, the summit will delve into the technical landscape of AI. This segment aims to equip leaders with the necessary knowledge for secure AI implementation while considering supply chain budget aspects. As cybersecurity leaders strive to maintain stability amid rapid evolution, the summit will offer guidance on achieving balance during periods of change. This emphasizes the pivotal role of steady leadership in safeguarding digital landscapes.

Venue

The Westin New York at Times Square

270 West 43rd Street, New York, New York, USA, 10036

Topic Highlights

Critical Infrastructure
Incident Response
Supply Chain Threats and Response
Cyberattacks
Zero Trust

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

Claire Le Gal

Senior Vice President, Cyber Security & Risk Products, Mastercard

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Susan Koski

CISO and Head of Enterprise Information Security, PNC

John Chan

Director of Technology - AI/ML, Raymond James

Tim Gallo

Global Security Architect, Mandiant

Karamjit Singh

Director, Artificial Intelligence, Mastercard

Sohail Iqbal

CISO, Veracode

Heather West

Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa

Head of Digital Transformation Office, Société Générale

Patrice Boffa

Chief Customer Officer, Arkose Labs

Itzik Alvas

CEO & Co-Founder, Entro Security

Speakers

Thought Leaders Leading Critical Discussions on Stage

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.

Agenda

You can now view or download a PDF version of the attendee guide.

Registration and Breakfast

Susan Koski

CISO, PNC

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

William Beer

Managing Director, Financial Services, Accenture

Paul Leonhirth

Global Financial Services Industry Lead, Palo Alto Networks

Navigating the Storm: Protecting Financial Services in an Era of Cyber Turbulence

In the realm of financial services, the ever-looming specter of cyberthreats casts a long shadow. Hacking and malware stand as formidable adversaries, continually challenging the security measures put in place by financial institutions. Yet, a storm is brewing on the horizon, as insider threats and accidental disclosures gather momentum, threatening to reshape the risk landscape.

As if these challenges weren’t enough, the financial sector finds itself at a pivotal juncture with the soaring adoption of cloud technology. The allure of the cloud brings efficiency and scalability but also amplifies risks, promising to usher in a new era of cyber vulnerabilities.

Drawing from commonly accepted statistics, we find that 75% of data breaches in this sector involve hacking and malware, while accidental disclosures account for 18% of the total breaches. Insider threats have risen to 6%, underscoring the importance of internal security, and physical breaches remain consistent at 2%. The numbers are clear, and the message is stark: the financial services industry is at a crossroads, facing a complex and evolving cybersecurity landscape.

Join us for an exclusive keynote session that unites top practitioners from some of the nation’s leading financial institutions. This gathering presents a masterclass in CISO leadership, addressing the latest developments and threats impacting the financial services industry.

Key discussion points will include:

The expanded attack surfaces created by the increased reach of APIs;
Leveraging the capabilities of artificial intelligence to bolster fraud detection and threat monitoring;
Strategies for safeguarding reputational integrity in the face of data breaches;
Navigating the complex web of state and federal regulations to ensure compliance.

In an age marked by the looming specter of cyberthreats, this keynote promises invaluable insights to help financial institutions fortify their defenses and chart a course to greater cybersecurity resilience.

Susan Koski, CISO, PNC

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JPMorgan Chase

William Beer, Managing Director, Financial Services, Accenture

Paul Leonhirth, Global Financial Services Industry Lead, Palo Alto Networks

Patrice Boffa

Chief Customer Officer, Arkose Labs

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Guardians of Revenue Protection: Navigating Evolving Cyberthreats in Financial Services

While CISOs don't generate revenue, they do have the responsibility of protecting revenue-generating activities and environments - their website and apps.

During this session, we will delve into various attack types, such as micro-deposit fraud, account origination, credential stuffing, and SMS toll fraud. We will explore how attackers are ingeniously employing intelligent bots to target your online environments with precision. You can expect to encounter real-world scenarios, gain actionable insights, and peer into our crystal ball as we share emerging threats based on attack patterns we’re observing.

Patrice Boffa, Chief Customer Officer, Arkose Labs

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JPMorgan Chase

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology &

Operations, Citi

Sohail Iqbal

CISO, Veracode

Software Security: How to Prioritize, Measure and Convey It to the Board

Amid the shifting threat landscape, cloud migration and ongoing digital transformation, software security is often low on a security leader's list of priorities.

But the cybersecurity Executive Order and continuing high-profile breaches have increased awareness around cybersecurity – especially for software – among the members of the board at organizations, making it important for security leaders to communicate to them about the organization’s risk posture.

However, software security solutions differ from other security solutions: You don’t install a tool; you have to build security from the start.

This session provides answers to the following questions that security leaders want answered:

• How do you approach the software security challenge, and where is it among your priorities?

• How do you make the successful business case for a software security program?

• With a program in place, how do you ensure your developers are following your standards?

• How do you measure the success of your program?

• How do you communicate the metrics to your board and senior management?

Sohail Iqbal, CISO, Veracode

Sean Blenkhorn

VP, Sales Engineering, Axonius

Want to Control Cybersecurity Complexity? Start With Understanding Your Assets

Compare cybersecurity today to cybersecurity a decade ago. Things have changed drastically, right?

Our environments are more complex than ever – and gaining visibility into what we have is getting trickier by the day. The need for comprehensive asset management, catered specifically to cybersecurity, is paramount. You can’t secure what you don’t know exists. But our tried-and-true manual asset inventory approaches no longer cut it.

Join this session with Sean Blenkhorn of Axonius to learn how cybersecurity asset management helps you adapt to the needs of your modern environment.

Sean Blenkhorn, VP, Sales Engineering, Axonius

Luke Babarinde

Global Solutions Architect, Imperva

Modernization and Your Data: A New Take on Security and Compliance

For modern financial services, organizations must maintain data-centric business operations, among other things, in order to provide innovative digital services to their customers. This leads to the sprawl of your most critical data across various environments, making it exponentially more complex to proactively identify and manage risks of abuse and theft. This data security complexity also presents difficulty in adhering to strict regulatory compliance and privacy laws that financial services organizations face.

Join us in this presentation to understand how to modernize your data protection strategy by applying intelligence to reveal abusive data queries across heterogeneous environments and secure your most critical data assets while reducing the overhead of meeting your regulatory requirements.

Luke Babarinde, Global Solutions Architect, Imperva

Networking and Exhibition Break

Chris Lehman

CEO, SafeGuard Cyber

Safeguarding Against an Evolving Threatscape - Mitigating Risk Across Your Unmonitored Business Communication Channels

Cyberattackers are using AI to mount more automated, aggressive and coordinated language-based attacks across multiple communication channels. This uncharted territory poses increased challenge and risk for compliance and security within the financial services industry.

How do you evolve to meet these challenges and mitigate your risk?

During this session, we will examine how financial services organizations can proactively mitigate regulatory policy violations, account takeover, credential theft, social engineering, phishing, and insider threats across email, mobile and web messaging apps, collaboration apps and social platforms.

We will explore the three key pillars of defense – unified visibility, contextual AI and threat impact analysis.

Attendees will learn a proactive and innovative approach to predicting and responding to business communication compromise.

Chris Lehman, CEO, SafeGuard Cyber

Itzik Alvas

CEO & Co-Founder, Entro Security

Reclaim Control Over Your Secrets

Organizations large and small grapple with the challenge of secret sprawl as their cloud-native stack expands. R&D teams create and scatter secrets across vaults, source code, collaboration solutions and more without any oversight or control by security teams.

Secret-based breaches are among the top three attack vectors, and they are the most destructive. What is the solution needed to protect organizations from exposed secrets?

How can you detect, safeguard and provide context for secrets stored across vaults, source code, collaboration tools, cloud environments and SaaS platforms?

Introducing Entro’s Secrets Security and Management Platform, which is designed specifically for CISOs and security teams to provide them with full oversight and the ability to govern any secret from a single pane of glass, integrating into all places in which secrets can be found, including BYOV – bring your own vault.

Itzik Alvas, CEO & Co-Founder, Entro Security

Siddharth Iyer

Systems Engineer, Radware

Navigating the Evolving DDoS Threat Landscape: Strategies for Mitigation

The evolution of DDoS attacks in scale, sophistication and motivation makes them a primary concern for cybersecurity practitioners.

In exploring the current threat landscape and dissecting the diverse attack vectors and malicious motivations, preparedness becomes key. By examining recent trends and real-world examples, emphasis needs to be on the importance of a proactive approach to protection.

Siddharth Iyer, Systems Engineer, Radware

Geoff Brown

Vice President of Global Intelligence Platforms, Recorded Future

Fireside Chat: A Sit Down with the Former CISO of the City of New York

In this fireside chat, Geoff Brown, former CISO of the City of New York and Vice President of Global Intelligence Platforms at Recorded Future will explore the evolving world of cybersecurity, threat intelligence, and the strategies required to adapt and thrive in an increasingly complex and dynamic threat landscape.

In this session, Brown will discuss:

How threat intelligence has evolved rapidly in recent years, with a particular focus on the transition to machine-to-machine intelligence;
Insights into his work related to threat intelligence in Ukraine and the Kingdom of Belgium;
Best practices that organizations can apply to their own cybersecurity strategies, especially considering current geopolitical events.

Geoff Brown, Vice President of Global Intelligence Platforms, Recorded Future

John Chan

Director of Technology - AI/ML, Raymond James

Heather West

Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa

Head of Digital Transformation Office, Société Générale

Karamjit Singh

Director, Artificial Intelligence, Mastercard

Navigating the Technical Landscape of AI: Empowering CISOs for Secure Implementation

As the digital landscape continues to evolve, the integration of AI and ML technologies into organizations' operations has become increasingly prevalent.

These transformative technologies hold great potential for enhancing efficiency, automation and decision-making processes. However, with the tremendous benefits they offer, AI and ML also bring about unique challenges and risks that demand the attention of CISOs.

This session is designed specifically for CISOs seeking to fortify their understanding of AI technologies and their implications on cybersecurity. The session will delve into the technical intricacies of AI systems and explore the pivotal role CISOs play in ensuring a secure and responsible AI implementation within their organizations.

Key topics covered during the session will include:

Fundamentals of AI and ML: Learning core principles and algorithms powering AI and ML that would help CISOs
understand AI-driven app mechanics;
AI in Cybersecurity: Exploring the current landscape of AI applications in the realm of cybersecurity, including threat detection, anomaly identification, and risk assessment, along with insights into the potential for AI-driven attacks;
Data Privacy and Ethics: Addressing the ethical considerations and data privacy challenges that arise from AI implementation;
Adversarial AI and Mitigation Strategies: Analyzing the concept of adversarial AI, its potential to subvert AI systems, and best practices for safeguarding AI algorithms from malicious attacks;
AI Governance and Risk Management: Highlighting the significance of comprehensive AI governance frameworks and risk management strategies to mitigate potential AI-related risks effectively;
Collaborating With AI Teams: Strategies for fostering collaboration between CISOs and AI development teams, facilitating a cohesive approach to security in AI projects.

John Chan, Director of Technology – AI/ML, Raymond James

Heather West, Senior Director, Cybersecurity and Privacy Services, Venable

Sateesh Kumar Challa, Head of Digital Transformation Office, Société Générale

Karamjit Singh, Director, Artificial Intelligence, Mastercard

Lunch and Exhibition Break

Trevor Foskett

Senior Director, Solutions Engineering, Virtru

From Vulnerable to Vault: Why FinServ Cyber Professionals Can’t Ignore Data-Centric Security

Security leaders are responsible for safeguarding revenue-generating assets such as customer data and proprietary algorithms that are critical to your company’s bottom line, and if your information security program isn’t in compliance, the financial impact can be massive.

In this session, Trevor Foskett, senior director of solutions engineering at Virtru, will offer you a quick and comprehensive dive into data-centric security via Virtru’s Gateway.

Foskett will walk through real-world challenges such as compliance breaches, unauthorized data access, and sophisticated cyberthreats that your organization faces. Virtru’s Gateway sets a new standard in data-centric protection by integrating military-grade encryption, granular access controls, and stringent policy enforcement – safeguarding your data from endpoint to endpoint and everywhere in between.

Just as attackers evolve, so must our defenses. Garner immediate, actionable insights into fortifying your tech stack. Equip yourself with strategies to not only counteract today’s threats but also to preemptively mitigate the risks of tomorrow.

Trevor Foskett, Senior Director, Solutions Engineering, Virtru

David Cifuentes

Global Director of Solution Engineering, Devo Technology

Real-Time Attack Tracing and Automation in the SOC

Threat detection and response should take seconds, not minutes.

Real-time analytics is especially crucial for enterprises in the financial sector. Discover the full Devo stack and how it can support your SOC. See how your team can quickly identify and respond to security events, boost your SOC performance, and augment your analysts with AI – eliminating over 95% of security alerts.

David Cifuentes, Global Director of Solution Engineering, Devo Technology

Cooper Kulich

Special Agent, US Secret Service

Tim Gallo

Global Security Architect, Mandiant

From Attack to Recovery: Incident Response in Ransomware Scenarios

Ransomware continues to be one of the most high-stakes threats cybersecurity leaders face, no matter how robust their organization’s security architecture may be. With growing attack vectors comes increased risk, whether through internal lapses in coverage, those in a partner’s supply chain, or the danger of human error, threat actors deploy increasingly sophisticated techniques to exploit vulnerabilities and infiltrate previously secure networks.

As a precursor to an interactive incident response workshop, learn from industry leaders who have faced and defended against the pervasive threat of ransomware attacks firsthand. Attendees will hone their knowledge of ransomware attacks and their own organizations’ potential vulnerabilities as they prepare to enter The Solution Room.

Key topics include:

Learn how to leverage public-private engagement to stay aware of global threats;
Explore best practices for preparation and response to ransomware attacks, while considering their impact on client and proprietary data;
Identify how to most effectively inform internal stakeholders of a security breach;
Gain a comprehensive understanding of ransomware’s complexities, and develop robust strategies for safeguarding digital assets in the face of evolving cybercrime methods.

Cooper Kulich, Special Agent, US Secret Service

Tim Gallo, Global Security Architect, Mandiant

Tim Gallo

Global Security Architect, Mandiant

Fred Harris

Global Head of Risk & Compliance for Enterprise Technology & Operations, Citi

Matanda Doss

Executive Director - Cybersecurity and Technology Controls, JPMorgan Chase

Cooper Kulich

Special Agent, US Secret Service

Claire Le Gal

Senior Vice President, Cyber Security & Risk Products, Mastercard

Steven Wallstedt

CISO, North America of ABN AMRO

The Solution Room: CyberEdBoard and USSS

The Solution Room offers cybersecurity leaders a highly engaging and interactive conference session, providing them with peer-to-peer support and subject matter expertise to tackle their most pressing challenges.

Participants are invited to join one of the tables for this collaborative session, co-moderated by a CyberEdBoard member and a distinguished Secret Service Agent.

During this interactive session, CISOs and cybersecurity professionals will engage in a dynamic and timely exercise centered on a global ransomware attack. The scenario revolves around a fictional shipping and logistics company and its semiconductor manufacturer supply chain partner.

The exercise is structured into three phases, each presenting unique challenges and crucial decision points relevant to real-life incident response.

The session’s objective is to provide practical insights into managing a global ransomware attack, mitigating supply chain risks, effectively engaging with law enforcement, and fostering a cyber-resilient organizational culture. By actively participating in the exercise, participants will gain valuable experience in dealing with cyberthreats and hone their incident response preparedness, ultimately strengthening their organization’s cybersecurity defenses in the face of evolving challenges.

Tim Gallo, Global Security Architect, Mandiant

Fred Harris, Global Head of Risk & Compliance for Enterprise Technology &

Operations, Citi

Matanda Doss, Executive Director – Cybersecurity and Technology Controls,

JPMorgan Chase

Cooper Kulich, Special Agent, US Secret Service

Steven Wallstedt, CISO, North America of ABN AMRO

Claire Le Gal, Senior Vice President, Cyber Security & Risk Products,

Mastercard

Fahad Kabir, Director of Cybersecurity, ING Americas

Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response

Investigations, Alvarez & Marsal

Networking and Exhibition Break

Steven Wallstedt

CISO, North America of ABN AMRO

Vlad Brodsky

CISO, OTC Markets Group

Bino Gopal

Senior Solutions Architect, Cloudflare

ChatGPT: I, For One, Welcome our new AI Overlords!

We all know that Generative AI is the hot new thing today and the topic of conversation.

Come to this panel for some unique insights into Generative AI based on the panelists experience in the space and even a bit of spirited debate around whether or not the title is, in fact how we all feel about the subject.

Steven Wallstedt, CISO, North America of ABN AMRO

Vlad Brodsky, CISO, OTC Markets Group

Bino Gopal, Principal Solutions Architect, Cloudflare

Gary Meshell

Global Principal Partner Security Leader, AWS

John Gutkowski

Cybersecurity Director, Eviden

Gen AI and Cyber Mesh for Financial CISOs: Modern Detection and Response for a Resilient Enterprise

Financial institutions suffer from sophisticated cyberattacks even after investing in expensive security technologies. How can financial CISOs leverage their investments to create a robust, integrated detection, response and recovery program?

This session outlines a joint initiative between AWS and Eviden that brings together Eviden’s cybersecurity mesh architecture-enabled AIsaac platform with AWS Security Lake and Bedrock Gen AI, providing financial institutions with the tools they need to combat sophisticated cyberthreats, reduce business downtime, gain complete exposure visibility, and improve their cybersecurity resiliency.

Gary Meshell, Global Principal Partner Security Leader, AWS

John Gutkowski, Cybersecurity Director, Eviden

Claire Le Gal

Senior Vice President of Cyber Security and Risk Product, Mastercard

Protecting Trust in a Changing World

Over the last two decades, the payments landscape has undergone significant transformations, leading to new challenges and risks for financial institutions, merchants, and cardholders.

In this session, Claire Le Gal, Senior Vice President of Cyber Security and Risk Products at Mastercard, examines the evolution of safeguarding payments, reducing cyber risks, and key risk considerations to incorporate in fraud mitigation strategies.

Claire Le Gal, Senior Vice President of Cyber Security and Risk Product,

Mastercard