Day One: September 15
Chairman´s Opening Remarks
Security, Compliance and Productivity – Finding The Right Balance
Ganesh Umapathy, Product Marketing Manager, Duo Security
Protecting hybrid IT environments can be challenging. Additionally, organizations are now required to accommodate a fully remote workforce - adding a layer of complexity to information security programs. Choosing the right solution will help achieve a balance across security, compliance and productivity.
Attend this webinar to learn how you can:
- Achieve security project goals such as getting started with a zero trust strategy or implementing a strong secure access solution for the remote workers
- Reduce cyber risk by adopting compliance frameworks such as NIST, PCI-DSS, ACSC Essential 8, ARPA – CPS234
Improve productivity by empowering users with self-service and delivering the best user experience
Frictionless Zero Trust for Users - Why it Starts with Identity
Leigh Doddy, Zero Trust Advocate, Okta
Zero Trust has become a huge buzzword in the security world, especially with the reality of a semi-remote workforce becoming more permanent. But where do you start? In this session, we’ll be discussing why the key to a successful Zero Trust infrastructure is Identity at the core, while also looking at:
- How to maintain a seamless experience for customers and employees from anywhere
- Maintain security from any device, on any network
- How to use what you currently have in your stack to your advantage when building a zero trust ecosystem
8:30am GMTThe Future Of IT Security Is SASE
Jonathan Andresen, Senior Director, Products & Solutions Marketing, Bitglass
Secure Access Service Edge (SASE) has become one of the hottest topics in the IT industry. By 2024, Gartner predicts that 40% of companies will adopt a SASE architecture. The well-defined, static, and finite network edge of the past is being replaced by business users who are working remotely and accessing business information systems beyond the corporate data centre.
But what exactly is SASE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are outside the traditional enterprise boundary?
This presentation cuts through the hype to explain the fundamentals of SASE and how it compares to typical network and cloud security architectures. It will also cover real-world use cases for securing SASE, and the benefits of moving to a cloud-first SASE platform.
Realtime Business Continuity Management for GRC
Tom Kartanowicz, CISO Americas, Commerzbank AG
- Realizing that plans have changed completely and understanding the current reality that regulators are interested in the plan
- Divining your short and long term BCM plan
- Understanding the need to now hug the probability tail
- Preparing for the next low probability, high impact events
- Consistently engaging in adjustment for resiliency and knowing that BCM and resiliency are joined at the hip
- Ensuring that everyone from the C-Suite to the front lines are collaborating
Trust or Zero Trust: Privileged Access Management in the Age of a Remote Workforce
Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Thycotic
Attacks frequently start with one "low-value" endpoint or end-user credentials, and now more than ever, attacks on financial services firms are becoming more frequent and dangerous.
Locking down access to privileged accounts with access to sensitive data via a password vault (like the local Administrator and root, service accounts, domain administrators, and even standard user accounts) provides a significant security layer around the accounts most targeted by attackers. As financial services firms adopt IoT solutions, transition to the cloud, and a remote workforce, their systems become increasingly vulnerable to cyber-attacks and must lockdown privileged account access. Protecting privileged access is also an important security control required by most compliance and regulations audits.
The Principle of Least privilege is intended to prevent "over-privileged access" by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving the IT help desk. The least privilege model can also help curtail costs and increase efficiency.
Join this webinar to understand how to maximize the benefits of least privilege and learn just how much "privileged access" is too much. Join Thycotic's Chief Security Scientist Joseph Carson and learn more about:
- The Principle of Least Privilege
- Realities of the Zero Trust Model
- Best practices to get back in control with a remote workforce
Securing The Cloud: How Financial Services Organizations Can Protect a Disappearing Perimeter
Louis Evans, Product Marketing Manager, Arctic Wolf
Financial services and insurance firms are increasingly adopting cloud services that offer operational benefits like faster deployment and seamless scalability, while being incredibly cost-efficient and user-friendly. Unfortunately, these improvements in productivity and efficiency come with serious security concerns that are often overlooked.
In this webinar, Louis Evans, Product Marketing Manager for Arctic Wolf Networks, will cover how firms can plan to protect new attack surfaces beyond the traditional network perimeter.
Attendees will learn:
- What your responsibilities are in a shared security model, and how to enforce security policies internally and externally.
- Which threat vectors cybercriminals are most likely to exploit, including insecure APIs, security misconfigurations, administrator account compromise, and insider threats.
- How to evaluate cloud partners, including questions to ask during evaluation and procurement to ensure your new SaaS vendor will keep your data secure.
- How to monitor your cloud platforms for trademark behaviors of cybercriminals to proactively mitigate your cloud risk.
Thwarting The Threat Matrix When Transaction Velocity Increases By 40%
Nannette Cutliff, Sr. Vice President/Chief Information Officer/CISO, Pacific Service Credit Union
- Realizing that the US Federal Reserve will in fact go to 24/7
- The real-time payment and settlement service supporting faster payments has been pushed to 2021, but it’s coming
- Steadily ramping up your threat intelligence and detection to ensure your defense is ready for the tsunami of offense on it’s way
- Threading the needle on compliance to ensure a full real-time cyber security toolbox
Day Two: September 16
Chairperson’s Opening Remarks
The Intersection of Crises and Regulation
Cynthia Burke, Program Manager, Capsule8
Sweeping regulation tends to occur in the wake of crises - as the world navigates tremendous financial, political and social upheaval how might this impact ‘business as usual’ when it comes to security and compliance? Schrems II and the invalidation of the EU-US Data Privacy Shield in July of 2020, accelerated migrations to the cloud with a heavily distributed workforce now working on heavily distributed systems, record-setting compliance related fines from a broad cross section of industries - these are all indicators in terms of where we may need to focus attention specifically in regards to security and compliance in the years to come.
In this session we will look at useful areas of focus for those working in security and compliance even amid so many unknown unknowns. We will discuss the increasing importance of data privacy programs, and how those programs intersect directly with your security and operation teams. As we wait on clarifying guidance in the wake of Schrems II, this session will outline some useful approaches and preparations you can begin now - there will undoubtedly be an uptick in security questionnaires, additional scrutiny leveled against your existing audit practices, reports and certifications - repeatable evidence-based outcomes to prove you are both secure and compliant will be paramount. This session will offer high level suggestions on navigating an increasingly complex Global landscape of compliance and security.
Achieving Awareness Audacity
Stephanie Derdouri, Director, Information Security & Digital Risk - Risk Governance & Assurance, Fannie Mae
Evolving your mindset on information security and assurance
Diving in on the value of vulnerability management
Leading edge risk management realities
Governance beyond talking points
Realizing the path to security culture consciousness is straightforward and deliberate
eCrime from the Front Lines
Josh Burgess, Technical Lead Threat Intelligence Advisor, CrowdStrike (Former Senior Cyber Intelligence Analyst at VISA)
Please join this session as we review the significant events and trends in cyber threat activity observed over the past year. With input from CrowdStrike’s global observations, illustrated with real-world case studies that provide insight into today’s adversaries and their tactics, techniques and procedures (TTPs), we will offer actionable recommendations that can guide your cyber security strategy and help defend against sophisticated attacks in 2020 and beyond.
Topics covered will include:
- The latest lures and attacks revolving around COVID
- An assessment of the most capable criminal threat actors.
- Content on the evolution of ransomware.
- A review of how criminal groups are successfully breaching commercial and government organizations.
12:00pm ETBanking on Cyber AI: Neutralizing Threats Before Cyber-Attackers Strike Gold
Justin Fier, Director of Intelligence & Analysis, Darktrace
Today, digital financial data drives global businesses and economies. With greater rewards, cyber-attackers continue to target finance industry institutions with full force - and increasingly advanced attack capabilities.
Join Justin Fier, Darktrace’s Director of Intelligence & Analysis, as he discusses the challenges that financial institutions face including insider threat, IP theft, data breaches, and compliance and regulation. There will also be special focus on the importance of AI-powered cyber defense in fighting back against the next generation of stealthier, more powerful cyber-attacks.
- How advanced cyber defense technology protects the entire digital estate in high-risk environments
- How Cyber AI thwarted a spoofed Chase Fraud alert aimed at gathering information for fraudulent transactions
- How attackers are set to supercharge social engineering techniques with offensive AI
Expediting The Transformation To Universal Control Of The Infinite Perimeter
Shaju Bhaskaran, CISO, Ahli Bank QSC
- Continuing the ongoing cloud evolution
- Achieving true identity access management
- Expanding endpoint security
- Begrudgingly attaining a zero trust mindset
- Training the culture to adapt to these changes