(Use Google Chrome or Mozilla Firefox to secure your place)

Establishing A Cyber Secure Financial Services Industry
It’s a fool’s errand to go believing that the Financial Services industry is such fertile ground for cyber threats and incidents simply because of the money. As we know, a successful ransomware attack that nets a significant sum of money for a cyber criminal is nice, but the bigger gain is understanding how your system has been breached. The IP of where future value will be is more valuable than simply securing current currency.

The greater cyber security industry is expediting a tectonic shift to meet the threats associated with a brand new mostly remote workforce. Though the industry has spent the past couple of years ensuring the front lines are aware of myriad threat vectors, awareness campaigns remain on the rise. Our recent Cyber Security Hub survey outlined that the biggest current area of focus is in fact, security awareness.  And it’s not just time spent- asked where budget is being allocated- security awareness is a top three spend.

Compliance with regulation is the reason for some of that focus and spend and the Financial Services industry knows all about regulation. There is an evolution of cyber security regulation to speak to issues beyond privacy. The sharing of attack information, once anathema to regulators- has had a re-think as state and corporate infrastructure can only compete with malicious behavior if collaborative principles are utilized on both sides.

It’s from this brand new landscape that Cyber Security Hub is proud to launch our Financial Services Cyber Security Summit:
Key Themes:
  • Gaining an understanding of FS collaboration tools and consortiums
  • True IAM purpose built for FS
  • The evolution from DDoS to Credential Stuffing
  • Developing secure infrastructure, frameworks and standards
  • Remaining best in class in GRC while outpacing cyber criminals
  • Realizing how far we’ve come on security awareness- and how far we have to go
  • Preparing for the future of FS cyber security due to the coming transaction velocity tsunami
  • How to keep the FS enterprise secure with an onslaught of remote workers
  • Exploring the scope of the CISO role as one part Technical, one part Legal and one part Business
What to expect from CS FS Digital:
  • Access to cutting edge content and world class speakers from the comfort of your desk
  • Video: Downloadable mp4 recordings of all presentations
  • Downloadable slides you can review again and again
  • Opportunity to meet cutting edge technology providers

Who is it for?
  • Cyber Security executives who want to hear from and engage with their peers on similar pain points/challenges faced within the Financial Services industry
  • Attendees of IQPC Cyber Security events that missed sessions or want to re-listen
  • CS professionals based outside the Financial Services industry who want to learn from Financial Services case studies

Who should attend?
  • CISOs
  • CIOs
  • Head and directors of Cyber Security
  • Head and directors of Information Security
  • Head and directors of IT
  • Providers of cyber security solutions, services and software
Day One: September 15
Chairman´s Opening Remarks

9:00am ET
Realtime BCM for GRC
Tom Kartanowicz, CISO Americas, Commerzbank AG

  • Realizing that plans have changed completely and understanding the current reality that regulators are interested in the plan
  • Divining your short and long term BCM plan
  • Understanding the need to now hug the probability tail
    • Preparing for the next low probability, high impact events
  • Consistently engaging in adjustment for resiliency and knowing that BCM and resiliency are joined at the hip
  • Ensuring that everyone from the C-Suite to the front lines are collaborating

10:00am ET

Trust or Zero Trust: Privileged Access Management in the Age of a Remote Workforce
Joseph Carson, Chief Security Scientist (CSS) & Advisory CISO, Thycotic

Attacks frequently start with one "low-value" endpoint or end-user credentials, and now more than ever, attacks on financial services firms are becoming more frequent and dangerous.

Locking down access to privileged accounts with access to sensitive data via a password vault (like the local Administrator and root, service accounts, domain administrators, and even standard user accounts) provides a significant security layer around the accounts most targeted by attackers. As financial services firms adopt IoT solutions, transition to the cloud, and a remote workforce, their systems become increasingly vulnerable to cyber-attacks and must lockdown privileged account access. Protecting privileged access is also an important security control required by most compliance and regulations audits.

The Principle of Least privilege is intended to prevent "over-privileged access" by users, applications, or services to help reduce the risk of exploitation without impacting productivity or involving the IT help desk. The least privilege model can also help curtail costs and increase efficiency.

Join this webinar to understand how to maximize the benefits of least privilege and learn just how much "privileged access" is too much. Join Thycotic's Chief Security Scientist Joseph Carson and learn more about:
  • The Principle of Least Privilege
  • Realities of the Zero Trust Model
  • Best practices to get back in control with a remote workforce

11:00am ET

Securing The Cloud: How Financial Services Organizations Can Protect a Disappearing Perimeter
Louis Evans, Product Marketing Manager, Arctic Wolf

Financial services and insurance firms are increasingly adopting cloud services that offer operational benefits like faster deployment and seamless scalability, while being incredibly cost-efficient and user-friendly. Unfortunately, these improvements in productivity and efficiency come with serious security concerns that are often overlooked.
In this webinar, Louis Evans, Product Marketing Manager for Arctic Wolf Networks, will cover how firms can plan to protect new attack surfaces beyond the traditional network perimeter.
Attendees will learn:
  • What your responsibilities are in a shared security model, and how to enforce security policies internally and externally.
  • Which threat vectors cybercriminals are most likely to exploit, including insecure APIs, security misconfigurations, administrator account compromise, and insider threats.
  • How to evaluate cloud partners, including questions to ask during evaluation and procurement to ensure your new SaaS vendor will keep your data secure.
  • How to monitor your cloud platforms for trademark behaviors of cybercriminals to proactively mitigate your cloud risk.

12:00pm ET

Thwarting The Threat Matrix When Transaction Velocity Increases By 40%
Nannette Cutliff, Sr. Vice President/Chief Information Officer/CISO, Pacific Service Credit Union

  • Realizing that the US Federal Reserve will in fact go to 24/7
  • The real-time payment and settlement service supporting faster payments has been pushed to 2021, but it’s coming
  • Steadily ramping up your threat intelligence and detection to ensure your defense is ready for the tsunami of offense on it’s way
  • Threading the needle on compliance to ensure a full real-time cyber security toolbox

Day Two: September 16
Chairperson’s Opening Remarks

9:00am ET

The Intersection of Crises and Regulation
Cynthia Burke, Program Manager, Capsule8

Sweeping regulation tends to occur in the wake of crises - as the world navigates tremendous financial, political and social upheaval how might this impact ‘business as usual’ when it comes to security and compliance? Schrems II and the invalidation of the EU-US Data Privacy Shield in July of 2020, accelerated migrations to the cloud with a heavily distributed workforce now working on heavily distributed systems, record-setting compliance related fines from a broad cross section of industries - these are all indicators in terms of where we may need to focus attention specifically in regards to security and compliance in the years to come.

In this session we will look at useful areas of focus for those working in security and compliance even amid so many unknown unknowns. We will discuss the increasing importance of data privacy programs, and how those programs intersect directly with your security and operation teams. As we wait on clarifying guidance in the wake of Schrems II, this session will outline some useful approaches and preparations you can begin now - there will undoubtedly be an uptick in security questionnaires, additional scrutiny leveled against your existing audit practices, reports and certifications - repeatable evidence-based outcomes to prove you are both secure and compliant will be paramount. This session will offer high level suggestions on navigating an increasingly complex Global landscape of compliance and security.

10:00am ET

FS Endpoint Security Beyond Zero Trust
  • Knowing that a lack of knowledge of incident doesn’t mean there has not been an incident
  • Realizing your technology stack now lives with your employee’s kids
  • Ensuring consistent an continual improved user cyber security awareness
  • Scaling up your communications efforts as you ascend the privilege ladder

11:00am ET

eCrime from the Front Lines
Josh Burgess, Technical Lead Threat Intelligence Advisor, CrowdStrike (Former Senior Cyber Intelligence Analyst at VISA)

Please join this session as we review the significant events and trends in cyber threat activity observed over the past year. With input from CrowdStrike’s global observations, illustrated with real-world case studies that provide insight into today’s adversaries and their tactics, techniques and procedures (TTPs), we will offer actionable recommendations that can guide your cyber security strategy and help defend against sophisticated attacks in 2020 and beyond.

Topics covered will include:
  • The latest lures and attacks revolving around COVID
  • An assessment of the most capable criminal threat actors.
  • Content on the evolution of ransomware.
  • A review of how criminal groups are successfully breaching commercial and government organizations.

12:00pm ET
Searching For FS SIEM Insights: Lost In The Data Warehouse, Drowning In The Data Lake 
  • Unpacking your on-prem SIEM protected data to find that you are data rich and insight poor
  • Securely recalculating the calculated does not net your financial services organization a competitive advantage
  • Identifying how to securely leverage external transaction velocity and buying propensity for your organization
  • Gaining an understanding that the data conversation is a risk conversation

1:00pm ET

Expediting The Transformation To Universal Control Of The Infinite Perimeter
Shaju Bhaskaran, CISO, Ahli Bank QSC

  • Continuing the ongoing cloud evolution
  • Achieving true identity access management
  • Expanding endpoint security
  • Begrudgingly attaining a zero trust mindset
  • Training the culture to adapt to these changes

Featured Speakers

Cynthia Burke

Program Manager


Tom Kartanowicz

CISO Americas

Commerzbank AG

Nannette Cutliff

Head of Technology & Information Security

Pacific Service Credit Union

Ganesh Umapathy

Product Marketing Manager


Shaju Bhaskaran


Ahli Bank QSC

Louis Evans

Product Marketing Manager

Arctic Wolf

Josh Burgess

Technical Lead Threat Intelligence Advisor


Joseph Carson

Chief Security Scientist (CSS) & Advisory CISO


Event Sponsors