Speaker:
Brett Johnson, Former Most Wanted and "The Original Internet Godfather"

Brett Johnson, referred to by the United States Secret Service as "The Original Internet Godfather" has been a central figure in the cybercrime world for almost 20 years. He founded and was the leader of Counterfeitlibrary.com and Shadowcrew.com. Working alongside the top cyber criminals of our time, he helped design, implement, and refine modern Identity Theft, ATO fraud, Card Not Present fraud, IRS Tax Fraud and countless other social engineering attacks, breaches and hacking operations.

Join Johnson as he discusses:

• His involvement in online crime;
• The current state of cybercrime, the crooks and the crimes they commit;
• How to avoid being a cybercrime victim.

Speaker:
Stephen R. Katz, Former CISO, Merrill Lynch and Citi

Given current, turbulent conversations around physical and cybersecurity, it's hard to get an exact pulse on the state of the industry and where to start shoring up corporate processes to protect information. But with business and personal safety on the line, it's become increasingly important to be able to identify and combat security vulnerabilities and breaches. Join Stephen Katz - the world's first CISO - as he shares his unique historic perspective, pitfalls to avoid and discusses:

• What CISOs need to be prepared for in the year ahead
• How to think about security breaches today
• How to help keep your company and employees secure

Speakers:
Christopher McMahon, Special Agent, New York Field Office, US Secret Service
Randy Sabett, Vice Chair, Privacy & Data Protection Practice Group, Cooley LLP

"Know your customer" is a familiar refrain in business circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation states, cybercrime gangs or lone actors. Join this panel of law enforcement officials and internal investigators for their insights on:

• Today's most prevalent cybercrime schemes - and why they are successful
• Traits of the threat actors most commonly perpetrating these schemes
• Lessons learned from actual crime investigations - and how you can put these to work to improve your own defenses.

Speaker:
Matt Konwiser, Technical Sales Manager - Financial Markets North America, IBM

How can you establish trust over digital channels so you can seamlessly welcome in both new and existing users? The answer lies in how you assess the risk of digital identities. To help transparently identify true users in the digital channel, organizations will need strong digital identity risk assessment capabilities that examine each user's digital patterns and can detect potential bad actors more accurately. In this session, you will learn how IBM solutions can help you to quickly and transparently establish a trusted, frictionless digital relationship for your customers, employees, and business partners.

Speaker:
J. Paul Haynes, President & COO, eSentire

The likelihood of a cyber-attack that bypasses all of your security controls is high and often not detected until it's already over. To solve this problem service providers have created a radically new model of cyber security services called Managed Detection and Response or MDR. The focus of MDR is to detect the attack early in its lifecycle and respond by containing it so it cannot complete. How it is done will be the focus of this talk. Topics covered include:

• Technology components needed to support threat hunting and response teams
• Operational requirements to deliver 24x7 MDR
• Where Machine Learning and AI can augment human threat hunters
• Case study of where the MDR approach detected and contained a Nation State attack
• What does the next generation MDR look like?

Speaker:
Gerald Beuchelt, CISO, LastPass Enterprise

Businesses remain plagued with weak, reused, old, and potentially-compromised credentials, and every password is a potential entryway to the business that needs to be properly protected and managed. While technology can help address these issues, it is critical to address people and processes first to improve the overall password regime. For business and IT leaders, the ability to help securely control, store and manage employees' passwords can mitigate unnecessary risks due to poor password hygiene or the threat of malicious, complacent, and inadvertent insiders.

In this session, Gerald will discuss:

• Why a well-implemented Enterprise Password Management solution should be foundational;
• Best practices for how to implement more effective policies and training;
• An early look into soon-to-be released data that will help businesses quantify their own individual level of risk.

Speaker:
Jeff Michael, Senior Solutions Architect, Lastline

Why do the bad guys always have the best stuff? In most organizations their overworked security analyst, if they have one, are trailing the bad guys in technology and knowledge. This gap leads to a snowball effect of increased risk and frustration.

Join this session, as we discuss:

• Where do you stand versus the bad guys?
• Do you understand what risk really is?
• How to utilize your strengths to combat the criminals.

Speaker:
Mark Bower, General Manager and CRO, Egress Technologies

Despite increasing investment in cyber security tools, there has been a significant increase in in data breaches, compliance violations and their related costs, specifically those relating to insider threats: accidental loss, misdirected content, and the malicious insider. These types of incidents contribute up to 80% of all breached records and are often the result of human error when handling sensitive data - mistakes that traditional tools are unable to identify and address - until now.

The session will explore the role of user-centric AI and Machine Learning to enable secure data sharing and collaboration across complex enterprise organizations while proactively detecting and preventing unintentional and malicious insider threats.

Speakers:
Keith Carlson, General Manager, Payments and Fraud Prevention, Amazon Web Services
Ryan Schmiedl, General Manager, Fraud and Financial Crimes Prevention, Amazon Web Services

Protecting customers and company resources in the cloud is a constant struggle and balancing act. Fraudsters are aided by new techniques and technologies while unknowing customers support their efforts. In this session, fraud prevention experts from Amazon Web Services will outline the compromise problem and discuss strategies to address, specifically covering the following topics:

• The key problems and constraints you need to consider as you are tackling this problem;
• Approaches and techniques to prevent, detect and remediate this fraud exploit;
• Key monitoring and measurements necessary to ensure fraud prevention strategies are performing and legit customer impact is minimized.

Speaker:
Sam Curry, Chief Security Officer, Cybereason

Artificial Intelligence, Machine Learning and Data Science are among the many disciplines abused by cybersecurity marketing and snake oil salesman alike. But how do you separate snake oil from reality? Where do you turn for practical insight on emerging technologies that truly can improve your cybersecurity defensive posture? Join Sam Curry for an engaging discussion on what's hype vs. what's reality.

Speaker:
Avi Rembaum, Vice President of Security Solutions, Check Point

We are facing an inflection point in the world of cyber-attacks. Mega-attacks have spread fast to almost every country and every industry possible - from banking, transportation to healthcare to production lines. Regardless of all our current investments in cyber security, the majority of enterprises have experienced a significant cyber security threat in past 3 years. Are we adopting the right security strategy? Are we using the appropriate generation of technologies to cope with these Mega-attacks?

In order to address this generation gap, we need to aggressively advance security programs and embrace a fifth generation strategy today.

Speaker:
Jennifer Bayuk, CEO, Decision Framework Systems

This talk covers the professional practice of cybersecurity risk management considered from the perspective of enterprise governance and operational risk management. It will encompass cybersecurity risk classification and assessment. Concepts include: cybersecurity risk identification, classification, measurement, remediation, monitoring and reporting. These will be illustrated with examples of assessments, controls, issues, events and metrics.

Speaker:
Peter Beardmore, Director of Digital Risk Management Solutions, RSA

Digital Risk is the greatest facet of risk most organizations now face, driven by global acceleration of digitization. It's an issue that has risen well-above the security group, and is forcing executives and boards to think beyond the core competency of their organization; because in many cases, they've transformed into a digital business.

Meanwhile, the security functions in most organizations are struggling just to keep up, while they're incapable of answering broader, business-level questions such as "How is this effecting our overall exposure?" or simply "Are we doing enough?"

To manage digital risk, organizations need a unified, structured and phased approach to align all stakeholders. And they need visibility, insight, and response capabilities that stretch across the organization, enabling each function to participate fully in transforming digital risk into reward.

Speaker:
Brian Hussey, VP of Cyber Threat Detection & Response, Trustwave

Trustwave SpiderLabs has uncovered a new type of cyber-attack targeting the financial industry. Come find out how this "hybrid-style" campaign has resulted in over one billion USD in losses. Featuring a case study on a series of investigations, you will see the most recent pivot in the banking threat landscape and get insights for protecting your organization from these dangerous adversaries.

Speaker:
Will LaSala, Director Security Solutions, OneSpan

Traditional Authentication is not a standalone fraud killer. One Time Passwords, Biometrics, Mobile Authentication via PUSH or SMS, these technologies by themselves are being subverted by new attacks. 15 years ago, with FFIEC guidance, One Time Passwords reduced fraud by themselves by over half. Today, new forms of front end user authentication are being adopted by more users than ever, but yet Fraud is still increasing.

Risk Based Authentication is not a standalone fraud killer. Leveraging risk engines to identify fraudulent activity is only as good as the data being given to the engine and the rules applied to the data. In some banks there are risk engines with hundreds of rules, making it a nightmare to manage and impossible to adjust for new attacks. Manually adjusting these rules has to come to an end and users are requiring real-time decisions and real-time protection from fraud and attacks.

Combining the appropriate level of authentication at the right time is key to new authentication needs. Artificial Intelligence and Machine Learning combined with data gathers on multiple end-points for multiple channels increases the overall visibility of fraud happening at a user level. Adding in the ability to challenge and address the attacks and fraud in real-time by asking users to provide the correct level of authentication when a problem is detected is paramount.

This session will look at the past technologies of authentication and risk analysis and offer a new perspective on where these technologies are headed and how to make use of them immediately.

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered? What could be the damage? Diana Kelley of Microsoft discusses the emerging topic of data integrity and how to preserve it.

Join this session, as Kelley discusses:

• How and where data can be altered - and the potential impacts;
• Implications across the enterprise, even with stored data;
• Cybersecurity tools to help ensure data integrity.

Speaker:
Jim Routh, Chief Information Security Officer, Aetna

For years now, leading-edge security thought leaders have called for organizations to shift from a conventional "peacetime" view of cybersecurity to more of a wartime mindset - acknowledging and responding to the aggressive tactics of global adversaries. It is time, then, for enterprises to shift from conventional to unconventional security controls. Join veteran CISO Jim Routh as he discusses:

• An emerging trend in cybersecurity control evolution
• The world of unconventional controls
• Ideas on talent management for Security