Preliminary Agenda (all times EDT) 

Tuesday, December 14, 2021
9:30 AM - 10:00 AM

How do companies balance the desire to innovate with the need to protect sensitive information? Few have nailed this challenge better than PayPal, one of the most successful startups to come out of Silicon Valley and rise to market dominance by delivering the convenience and flexibility expected from digital consumers within the highly risk adverse financial services sector. Hear from PayPal Vice President of Enterprise Security Assaf Keren about the challenges and techniques of prioritizing consumer experience without sacrificing security of sensitive financial data along the way.

Assaf Keren Jill Aitoro
10:05 AM - 10:50 AM

Given the transactional nature of the business, financial services is a market that frequently engages with customers, often exchanging communications and documents digitally. Brand phishing attacks take advantage of this standard, impersonating financial organizations to get customer information and ultimately account access. This panel will examine defense strategies that protect consumers from phishing schemes and minimize the damage once bad actors gain access.

Michael Bruemmer Penny Lane Chris Streeks Bradley Barth
10:55 AM - 11:05 AM

Financial organizations are embracing DevOps to deliver services at the speed and scale required. At the same time, ensuring compliance from the outset means testing at every stage of the SDLC to detect issues early. However, integrating AST tooling can stall DevOps processes, as large, monolithic testing can congest pipelines, and unnecessary scanning cycles can hinder development velocity. This makes it necessary for organizations to have a purpose-built, cloud-based CI/CD pipeline that automatically performs the right security tests at the right time, based on relevant events and defined policies. In this session, learn how a major financial services provider used Synopsys’ Intelligent Orchestration, a risk-based and adaptive solution for policy management and security testing coordination, to optimize their testing processes and ensure compliance with governance and regulatory policies.

Natasha Gupta
11:10 AM - 11:55 AM

Two decades after online financial transactions became a reality, financial organizations still struggle with authenticating users. Stolen credentials and compromised consumer machines in active botnets make fraud most banking institutions single point of failure. This panel will punch holes in typical tactics to identify the best approach to recognizing when a fraudster is at the door.

Meg Anderson Joe Uchill
12:00 PM - 12:20 PM

If your company has been around for any length of time, you have legacy applications that are making you money. They are also likely to be full of technical debt. The debt takes many forms including legacy architectures and deployment models, unpatched vulnerabilities, and general code brittleness. You are also likely to be working on transforming all of these to cloud native implementations, fighting the security battle on 2 fronts simultaneously. If it’s going smoothly then you are in the minority. Most are overwhelmed by the volume and pace with the legacy taking too long and the transformations moving too fast.

In this talk, Pete Chestna, CISO of North America for Checkmarx, will share practical advice to rise to the challenge. You will learn:

  • How to put the battle into perspective
  • How to help the business understand the risks
  • What you can do to better enable teams to succeed
Peter Chestna
12:25 PM - 1:10 PM

As consumers embrace the convenience of mobile banking, so have malware operators. Banking trojans target banking and wallet apps, swiping login credentials and stealing accounts stored on devices from consumers that too often lower their standards of security in a mobile environment. This panel will examine the typical vulnerabilities that leave mobile banking apps exposed, and the critical security standards needed to protect users.

Helen Brooks David Tuyo Joe Uchill
1:15 PM - 2:00 PM

There’s no question that crypto platforms, digital wallets and P2P apps have changed the game of personal and corporate finance, giving users more ways than ever to move their funds around. But as evidenced by a spate of recent attacks against decentralized finance e-payment services, these newer forms of banking have also introduced their own unique set of risks. This panel will examine how the threat landscape differs with these new approaches to banking, and what security needs to be baked into services to ensure “the next big thing” in finance doesn’t fail before it even leaves its mark.

Grant Bourzikas Bill Bowman Jonathan Reiber Jill Aitoro
2:05 PM - 2:25 PM

Active Directory has become the primary target of attackers who stealthily raid companies’ most vital assets. Our industry wrongly models advanced attacks as flows that begin outside your organization, fly through networks and endpoints to eventually reach your data and vital assets. Unfortunately, this model ignores the obvious, all-powerful overseer that orchestrates literally everything in your IT infrastructure: Active Directory. Which, as a consequence, receives too little attention from IT security specialists. However, if AD is given the attention that it deserves, we can reduce the attack surface and reduce the successful attacks. This is completed with a radical change in how we approach AD security. In this session, Derek Melber will describe zero trust and how a change in thinking can allow for a rock solid AD security environment.

Derek Melber
2:30 PM - 2:40 PM

In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing - and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data and people are protected, wherever they are. Today’s Autonomous, Self-Learning defenses are capable of identifying and neutralizing security incidents in seconds, not hours - before the damage is done.  In this session, learn how self-learning AI:

  • Detects, investigates and responds to threats – even while you are OOTO
  • Protects your entire workforce and digital environment - wherever they are, whatever the data
  • Defends against zero-days and other advanced attacks – without disrupting the organization  

In addition, hear Chris Sprague, security chief from TruWest credit union on how Darktrace gave his team a new way of approaching cyber security when faced with a number of challenges securing their network and critical digital assets against cyber attackers.

Smita Nalluri
2:50 PM - 3:25 PM

Join Sophos Senior Solutions Architect, Jeramy Kopacko, for a conversation around the five biggest risks affecting digital banking and end-user security. He’ll cover market research around these risks and how they’ve amplified since the pandemic. The session will end with an overview of key terms and metrics in the space.

Jeramy Kopacko
Wednesday, December 15, 2021
9:35 AM - 10:05 AM

Financial services is among the most targeted sectors by cybercriminals, leaving both law enforcement and the institutions themselves to combat what are clearly increasingly sophisticated adversaries. So how do they do that? Bryan Vorndran, assistant director of the cyber division at FBI, will share the latest on threats to financial services, efforts to address those threats, and where partnership with the private sector fist in law enforcement strategies.

Bryan Vorndran Joe Uchill
10:10 AM - 10:55 AM

Financial services is among the most targeted industries by ransomware groups, seen as vulnerable in light of the impact that an outage would have on the national or even global economy. At the same time, as double exportation becomes increasingly the flavor of choice for attackers, exposure of customer data can be a potential regulatory violation for financial organizations – not to mention catastrophic to business. This panel will examine the state of the threat, and how financial organizations are mitigating the risk.

Ronald Banks Jacob Berry Christine Herman Jill Aitoro
11:00 AM - 11:20 AM

Cyber attacks, ransomware, identity-based security, and digital transformation are hot topics for information security teams today. The financial services industry (like many others) has had to aggressively pivot in the last year as workforces and business practices accelerated their adoption of digital services. Zero trust security plays a big role in how leading organizations respond to these changing technology conditions. Okta, a leading independent provider of identity-based security, recently published an annual report that studied market factors for zero trust security initiatives — including how financial services organizations are ramping up their strategies. In this presentation, you’ll see the biggest takeaways from the report for financial services organizations, including:  

  • How the pandemic fueled zero trust prioritization
  • How zero trust adoption dramatically accelerated over the past year
  • Why identity is the new perimeter
  • Why organizations must secure and protect their people, devices, and data
Jacquelyn Painter
11:25 AM - 12:10 PM

Financial organizations are well acquainted with Sarbanes-Oxley and Payment Card Industry Data Security Standards, but a patchwork of cybersecurity regulations that often differ by state and even country has grown all the more complicated by the surge of online transactions. This panel will examine best practices for compliance as insurance companies, banks and other financial services institutions dive deeper into digital services.

Tom Kartanowicz Erica Wilson Bradley Barth
12:15 PM - 1:00 PM

The financial sector by its nature brings a plethora of third-party suppliers that support different aspects of transactions, the movement of assets, and the exchange of documents. That brings a heightened level of risk. This panel will examine the critical need for financial institutions to avoid liability by putting in place effective processes and procedures to ensure all strategic partners and suppliers follow security protocols to effectively protect sensitive data and comply with regulations.

Sean Cronin Betty Elliott Jill Aitoro
1:05 PM - 1:25 PM

Implementing multi-factor authentication (MFA) as part of enforcing access controls is one of the most important initiatives an organization can undertake to help prevent potential compromises. This session will discuss what MFA is, why it is critical to use it for all access, and strategies for implementing MFA across an organization. This presentation will also include a brief demo showing how open source software can be used to help enforce MFA when accessing servers, databases, web applications and Kubernetes clusters.

Jonathan Canada
1:30 PM - 2:15 PM

A recent study by the Cloud Security Alliance found that 91 percent of financial services organizations are actively using cloud services or plan to employ them during the next six to nine months. Standards are in place to bake security into those environments, but high rates of misconfigurations combined with proliferation of APIs that open security holes create heightened risk in a market that can’t afford a breach. This panel will examine the state of cloud security in financial services, and best practices for protecting personal and sensitive data in multi-cloud environments.

Hilary Kramer Matthew Lang Hank Schless Bradley Barth
2:20 PM - 2:30 PM

In this session, Recorded Future intelligence expert Jake Munroe walks through key security trends and pain points relevant to security teams in the financial services sector. He'll cover how to use intelligence across specific security functions to stay ahead of the most common industry threats.

Jake Munroe