ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Cybersecurity Summit: New York

August 13-14, 2019

Register Now

WELCOME / Summit Overview

ISMG’s Global Summit Series will take place across four continents focusing on global security topics such as fraud and breach prevention and on many key industry verticals such as finance, government, retail, energy and healthcare.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, meet with leading technology providers and be a part of the ISMG community of over 700,000 subscribers.

Details

Convene

117 W46th St.
New York, NY

August 13th & 14th, 2019

$895

Register Now

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Eugene Liderman

Director of Mobile Security Strategy, Google

Diana Kelley

Cybersecurity Field CTO, Microsoft

M.K. Palmore

VP, Field CSO, Palo Alto Networks, fmr FBI Agent, San Francisco Cyber Division

Jeffrey Dant

Managing Director, Fraud Ops and Intelligence, BMO Financial Group

Devon Bryan

Executive Vice President & CISO, Federal Reserve System

Julie Conroy

Research Director, Aite Group

Brian Harrell

Asst Dir, U.S. Cybersecurity and Infrastructure Security Agency

Stephen Katz

World's First CISO, former CISO, Merrill Lynch, Citi

SPEAKERS / Featured Speakers

Diana Kelley

Cybersecurity Field CTO, Microsoft

Stephen R. Katz

Former CISO, Merrill Lynch and Citi

Eugene Liderman

Director of Mobile Security Strategy, Google

Jeff Dant

Managing Director, Fraud Operations & Intelligence - Enterprise Fraud Management, BMO Financial Group

Devon Bryan

Executive Vice President & CISO, Federal Reserve System

Brian Harrell

Assistant Director for Infrastructure Security, U.S. Cybersecurity and Infrastructure Security Agency

Christopher R. Hetner

Special Advisor of Cyber Risk, National Association of Corporate Directors (NACD) and Former Sr. Cyber Security Advisor to SEC Chairman

Dora Gomez

President NYCFE, InfraGard Board Member, FinCrime Consultant., Ernst & Young

Everett Stern

CEO & Intelligence Director, Tactical Rabbit

Julie Conroy

Research Director, Aite Group

Tom Field

Senior Vice President, Editorial, ISMG

Kristin Judge

CEO, Cybercrime Support Network

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Ted Augustinos

Partner, Locke Lord LLP

Nick Holland

Director, Banking and Payments, ISMG

William Hugh Murray

Management Consultant and Information Assurance Trainer

Randy Sabett

Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

James Bernard

Vice President/Investments, Stifel

Joyce Brocaglia

Founder, Executive Women's Forum

Paul Ferrillo

Partner and Shareholder, Greenberg Traurig, LLP

Dena Bauckman

VP of Product Management, ZixCorp

John Bennett

SVP & General Manager, Identity & Access Management at LogMeIn, LastPass by LogMeIn

Matt Cauthorn

VP of Security, ExtraHop

Tony Cole

Chief Technology Officer, Attivo

Ryan Davis

CISO, Veracode

Don Gray

Chief Technology Officer, PacketViper

Craig Harber

CTO, Fidelis Cybersecurity

Tim Horton

VP, Global Merchant Security and Compliance Solutions, First Data

William 'Buck' Houston

Director, WW Business Development, Micro Focus Global Alliances

Moshe Ishai

Co-Founder & General Manager, HolistiCyber

Franklyn Jones

Chief Marketing Officer, Cequence

Deborah Kish

Executive Vice President, Marketing & Research, Fasoo

PJ Maloney

Senior Sales Executive, DXC Technology

Pete Nourse

CMO, Veriato

Jaret Osborne

Lead Solutions Engineer, Duo Security

Malcolm (M.K.) Palmore

VP, Field CSO, Palo Alto Networks

Brian Romansky

Chief Technology Officer, Owl Cyber Defense

Markku Rossi

Chief Technology Officer, SSH Communications Security

Mark Sangster

Vice President and Industry Security Strategist, eSentire

Ken Suh

Focus Group Leader, Cyber & Tech Claims, Beazley

Shaked Vax

Trusteer Products Strategist, IBM Security

Scott Ferguson

Managing Editor, News Desk, ISMG

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Chris Hallenbeck

CISO, Americas, Tanium

Michael La Marca

Associate, Hunton Andrews Kurth

Moriah Hara

CISO Board Advisor, Clearsky

Nashira Layade

SVP, CISO, Realogy

Janet Scott

Executive Director of Cybersecurity Engineering, Merck

F. Ward Holloway III

Senior Director of Global Strategic Alliances, ForeScout

Mike Krygier

Deputy Chief Information Security Officer, NYC

Kristen Mathews

Partner, Morrison & Foerster LLP

Andy Roth

Chief Privacy Officer, Intuit

David Masson

Director of Enterprise Cyber Security, Darktrace

Amit Patel

Special Agent, FBI

Neal Conlon

Senior Vice President of Business Development, AppGuard

Ajoy Kumar

Executive Director, Depository Trust & Clearing Corporation

Schedule / Session Dates & Times



  • Tuesday, August 13th

  • Wednesday, August 14th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:40 am
8:00 am - 8:40 am

Registration, Breakfast & Exhibit Browsing

8:40 am -
8:45 am
8:40 am - 8:45 am

Opening Remarks

8:45 am -
9:25 am
8:45 am - 9:25 am

State of the CISO

Speakers:
Stephen R. Katz, Former CISO, Merrill Lynch and Citi
William Hugh Murray, Management Consultant and Information Assurance Trainer

Given current, turbulent conversations around physical and cybersecurity, it's hard to get an exact pulse on the state of the industry and where to start shoring up corporate processes to protect information. But with business and personal safety on the line, it's become increasingly important to be able to identify and combat security vulnerabilities and breaches. Join us as we discuss:

  • What CISOs need to be prepared for in the years ahead
  • How to think about security breaches today
  • How to help keep your company and employees secure
9:30 am -
9:40 am
9:30 am - 9:40 am

Tech Spotlight#1

Speaker:
Dave Masson, Director of Enterprise Security, Darktrace

9:45 am -
10:20 am
9:45 am - 10:20 am

Cybersecurity Leadership 2.0

Speaker:
Christopher R. Hetner, Special Advisor of Cyber Risk, National Association of Corporate Directors (NACD) and Former Sr. Cyber Security Advisor to SEC Chairman

IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But how about the new demands on cybersecurity leaders? What new skills, tools and strategies are needed to understand, quantify and manage cyber risk - which some leaders have described as today's top business risk?

In this session, Chris Hetner - former Global CISO at GE Capital, as well as Senior Advisor to the United States Securities and Exchange Commission (SEC) Chairman on Cybersecurity - will share insights on what's required of the next generation of security leaders, including:

  • Identification, quantification and management of cyber risk in economic and business-impact terms;
  • Managing board oversight;
  • Ongoing due diligence to identify and manage new risks, especially during a merger or acquisition.
10:25 am -
10:35 am
10:25 am - 10:35 am

Tech Spotlight#2

Speaker:
Brian Romansky, Owl Cyber Defense

The IoT has the potential to increase efficiencies by providing vast sums of data on nearly every facet of business and industry. Unfortunately, the more connected things are, the less secure they become. What is needed is a simple endpoint security solution to protect IoT assets which is unhackable, easy to deploy, and requires minimal to no on-going maintenance. This session will outline the various challenges in IoT security today and provide an overview of the DiOTa data diode solution – what it is, how it works, and how businesses can use it to protect connected systems and devices.

10:35 am -
10:55 am
10:35 am - 10:55 am

Exhibiting & Networking Break

10:55 am -
11:25 am
10:55 am - 11:25 am Track A

Zero Trust Access: Five Steps to Securing the Extended Enterprise

Speaker:
Jaret Osborne, Lead Solutions Engineer, Duo Security

The perimeter-based security approach of the last century is no longer adequate for securing the modern enterprise. Today, organizations must secure a mobile workforce that uses a mix of corporate-owned and personal devices to access cloud-based applications and services, often from outside corporate networks. Attend this session to learn how the zero trust access model works, how leading organizations such as Google use this approach to secure access to their critical applications and data, and how you can implement this model in your organization in five logical steps.

10:55 am - 11:25 am Track B

The New #1 Cyber Threat- Attacks on the Applications that Power Your Business

Speaker:
Franklyn Jones, Chief Marketing Officer, Cequence

The web, mobile, and API-based applications that power your digitally-connected organization are under attack by malicious automated bots and bad actors. Unfortunately, many of these attacks are undetectable by traditional security technologies. So how bad is the problem, and what can you do to protect yourself? We'll share new research from nearly 900 US organizations that explains exactly what they're dealing with on a daily basis - and how it's impacting their businesses. Join Cequence Security to learn why this is becoming the new #1 threat in today's hyper-connected economy, and get answers on a strategy moving forward.

10:55 am - 11:25 am Track C

How to Succeed at Threat Hunting & IR: Think Differently about Data

Speaker:
Matt Cauthorn, VP of Security, ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. This session will explain how attackers can hide and misuse logs, agents, and standard security tools, and demonstrate effective approaches for countering their actions using network traffic analysis, passive monitoring, and real-time forensic data.

Join this session to learn:

  • Understanding of current attack practices including abuse of legitimate traffic and encryption
  • Ways hunters remain hidden from attackers to avoid your Counter IR maneuvers
  • Ideas for making analysts faster and more effective at validating, investigating, and responding to threats
  • Options for empowering cross-training and on-the-job training to increase analyst skills
  • Clarity on how to gain visibility into cloud and encrypted traffic
11:30 am -
12:00 pm
11:30 am - 12:00 pm Track A

Consumers Are Paying More Attention to Their Data - Why a Multi-Layered Security Approach Has Gotten Personal

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

11:30 am - 12:00 pm Track B

Resolve and Evolve: Machine Learning for Email Threat Protection

Speaker:
Dena Bauckman, VP of Product Management, ZixCorp

As email threats become more advanced, machine learning is being used to detect these attacks. Learn the latest about machine learning & how it is changing the threat landscape.

This session discusses:

  • How machine learning is being used to detect threats
  • Latest advancements in machine learning for cyber security
  • Limitations of machine learning in threat detection
  • How to improve threat detection using machine learning
11:30 am - 12:00 pm Track C

How Zero Trust Improves Cybersecurity

Speaker:
Markku Rossi, Chief Technology Officer, SSH Communications Security

Learn how the Zero Trust approach to access and authentication mitigates risk of misuse and prevents lateral movement inside a critical IT network. When implementing authentication for the right user at the right time with the right level of privilege, this approach helps organizations keep up with today's hybrid and multi-cloud environments by providing simple yet secure access control, convenience of use and improved visibility and auditability. Join our CTO, Markku Rossi, to learn why "Don't trust, verify" is your slogan for the future.

What Are Three Key Things the Audience Will Be Able to Do After Attending Your Session?

  • How to manage access to critical data in complex on-prem and cloud IT networks through a single pane of glass and in a mostly automated fashion
  • Why allowing only the right amount of privilege for the right user for the right amount of time improves security and mitigates internal and external risks
  • How to log and audit every session for traceability, auditability and compliance using Zero Trust access management
12:05 pm -
12:35 pm
12:05 pm - 12:35 pm Track A

Fraud Prevention - How to Correctly Mix AI and Cyber Intelligence for Impact

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

Join us for a behind the scenes tour of the largest anti-fraud provider research operation. We discuss how to interlace Machine Learning, cyber threat intelligence, and fraud analysis into agile and accurate fraud prevention.

Taking a use case approach, we will demo a behavioral biometrics detection technology and discuss how to combine it with device hygiene, fingerprint, phishing detection, spoofing attempts and a worldwide fraudster database, among other factors to help prevent fraud and at the same time provide as low as 0.005% alert rates.

12:05 pm - 12:35 pm Track B

The Art of Deception for Advanced Threat Detection

Speakers:
Ajoy Kumar, Executive Director, Depository Trust & Clearing Corporation
Rocco Grillo, Managing Director, Global Cyber Risk & Incident Response Services Alvarez & Marsal
Tony Cole, Chief Technology Officer, Attivo

Deception technology has been on security leaders' radar some time, but now it is becoming accessible to smaller organizations. And in their most recent analyses, market analysts give deception technologies kudos for improved sophistication and maturity.

Deception focuses on deploying assets - such as lures, bogus files, honeypots or simulated SCADA or IoT devices - in hopes of diverting attackers from the targets they most desire.

This expert panel discusses the maturity of deception technology solutions, with a focus on:

  • What are the critical success factors for deploying deception technology?
  • What lessons have been learned by pioneers?
  • What are the key questions to ask when searching for a deception solution?
12:05 pm - 12:35 pm Track C

The 3Ps of Third Party Risk: Prevention, Policies, Promises

Speaker:
Mark Sangster, Vice President and Industry Security Strategist, eSentire

Independent research revealed that while 60% of firms have formal third party risk policies, nearly half have experienced a significant breach caused by a vendor. Why? Executives don't make vendor risk a priority or are too trusting. Learn from 600 IT and security leaders about top concerns around supply chain and policies/procedures used to mitigate risks. Explore lessons learned from vendor breaches that avoided headlines, but caused operational havoc and headaches. Learn to engage board members and executives to secure resources, build a due diligence package, create contracts that mandate security requirements, reduce human error, indemnify your firm, and define breach response. Learn how to sell a vendor risk program based on leading security programs in the US and Europe.

Attend this session to:

  • Understand how to evaluate a vendors third party risk to your business
  • Discuss the different types of adversarial campaigns and tools that are used to infiltrate third parties using real world examples
  • Implement policies and procedures that mitigate third party risk.
12:35 pm -
1:25 pm
12:35 pm - 1:25 pm

Lunch

1:25 pm -
2:00 pm
1:25 pm - 2:00 pm Track A

The Ethics of ML and AI

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

AI will enable breakthrough advances in areas like healthcare, agriculture, education and transportation; it's already happening in many ways. But new technology also inevitably raises complex questions and broad societal concerns. As we look to a future powered by a partnership between computers and humans, it's important that we address these challenges head on and address:

  • How do we ensure that AI is designed and used responsibly?
  • How do we establish ethical principles to protect people?
  • How should we govern its use?
  • And how will AI impact employment and jobs?

To answer these questions, technologists will need to work closely with government, academia, business, civil society and other stakeholders. And focus on ethical principles - fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability - to guide the cross-disciplinary development and use of artificial intelligence for business and cyber. In this talk we'll share the principle ethics of AI & ML and have a discussion about how we can all work together to forward AI and ML use responsibly.

1:25 pm - 2:00 pm Track B

NY DFS Cybersecurity Regulation: Third-Party Risk and Other Compliance Challenges

Speaker:
Ted Augustinos, Partner, Locke Lord LLP

As of March 1, 2019, the two-year transition came to an end, and covered entities were required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. How are things going? How have they changed the way organizations currently approach vendor risk management? What can entities from other regulated sectors draw from NY DFS to improve their own third-party compliance?

In this session, attorney Ted Augustinos, a Partner at Locke Lord LLP and an expert on the NY DFS Cybersecurity Regulation, will discuss:

  • How to ensure your organization is compliant with the regulation;
  • The general state of compliance with NY DFS;
  • How New York's approach to cybersecurity broadly, and vendor risk management in particular, is influencing emerging legislation in other states and sectors.
1:25 pm - 2:00 pm Track C

CNP: Escalating Threats Amid Changing Rules of the Road

Speaker:
Julie Conroy, Research Director, Aite Group

Attacks on card-not-present (CNP) merchants are escalating rapidly globally, fueled by rampant breaches, automated credential stuffing attacks, and the rapid growth of the CNP transactional category as a whole. The trend line is concerning for merchants, issuers, and the payment networks alike, as the industry seeks to control losses while still maintaining a positive e-commerce customer experience. The industry is working to address these challenges in a variety of ways, through technology, collaboration, and even updates to the rules of the road for CNP rails. This session will explore each of these three pillars of evolution for CNP transactions.

2:05 pm -
2:35 pm
2:05 pm - 2:35 pm Track A

Modern Identity: Unifying Access & Authentication

Speaker:
John Bennett, SVP & General Manager, Identity & Access Management at LogMeIn

An overwhelming 92% of businesses are experiencing identity challenges, from lack of resources to lack of security experience. The biggest challenge? Balancing ease of use for employees with increased security for the business. These two goals are critical, yet always at odds. How can IT securely manage users - their devices, apps, behavior, and more - without making it more difficult for employees to do their job?

Please join John Bennett, General Manager for Identity and Access Management at LogMeIn as he discusses new analyst research on the current state and challenges of managing identity, why having a comprehensive identity solution can balance the control IT needs with the experience users expect, and how LastPass Identity provides simple control and unified visibility across every access point, without the hassle of managing multiple solutions.

2:05 pm - 2:35 pm Track B

Cyber Defense Approaches: What Are We Missing?

Speaker:
Moshe Ishai, Co-Founder & General Manager, HolistiCyber

Security professionals are facing today a reality where the balance between attackers and defenders in the Cyber arena has broken. Attackers have attained a significant advantage, unmatched to the means and security controls that the cyber defenders have developed.

In this session, you will learn:

  • How to stay ahead of the attackers?
  • Are we watching all angles / aspects?
  • What are the transitions we should be paying attention to?
  • How do we Identify the collisions between Trust management and Risk management?
  • How to define the risks of Zero Trust architecture?
  • How could "watching in all directions" weaken our security? And what can we do about it?
  • Situational analysis perspectives - could that improve our Cyber resilience?
2:05 pm - 2:35 pm Track C

Best Practices for Mitigating Insider Fraud

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

  • The latest research on insider fraud
  • How "accidental insiders" are enabling fraud schemes
  • How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.
2:40 pm -
3:10 pm
2:40 pm - 3:10 pm Track A

Transforming Security - 5 steps to secure Digital Transformation

Speakers:
PJ Maloney, Senior Sales Executive, DXC Technology
William 'Buck' Houston, Director, WW Business Development, Micro Focus Global Alliances

According to the 2019 Cyberthreat Defense Report nearly eight out of 10 organizations (78 percent) were victims of at least one successful cyberattack in 2018. As rapidly as security teams are closing some doors, the enterprise is opening others that expose the inner workings of digital transformation to the cybercriminal underground. While corporate strategies around transformation are driving measurable business outcomes, they are - at the same time - creating new security risks through the adoption of new technologies, increased complexity and expansion of the attack surface. Hear from DXC/Micro Focus as we discuss five omnipresent cybersecurity challenges and present corresponding way to overcome them with DXC Technology services and Micro Focus security solutions.

2:40 pm - 3:10 pm Track B

Addressing the Root Cause: Using Deception to Solve Practical Security Problems

Speaker:
Don Gray, Chief Technology Officer, PacketViper

For results-oriented security leaders seeking to rationalize their security stack, deception solutions can solve more than just the internal threat detection problem. This session will cover case studies where deception is used to not only amplify internal threat detection, but also improve threat prevention and reduce attack vectors to produce real-world benefits.

After this session, you will understand how deception can be used for:

  • Threat detection and adaptive responses without complex orchestrations
  • Obfuscating networks through a moving target defense (MTD)
  • Deception based vendor risk management and automated policy enforcement
2:40 pm - 3:10 pm Track C

Cyber Insurance and Services to Confront, Manage, and Recover from Cyber Incidents

Speaker:
Ken Suh, Focus Group Leader, Cyber & Tech Claims, Beazley

Risks associated with cyber security incidents and business interruption are major concerns for companies worldwide. Improperly managed, cyber security incidents like ransomware can bring companies to a standstill and the resulting financial losses can have a substantial impact. Using real life examples, learn how Beazley, the market-leading cyber security insurance carrier, successfully partners with clients to confront the technical threat associated with cyber security risks, manage the associated legal and regulatory exposure, and recover financially from a loss of resulting income with business interruption coverage.

3:10 pm -
3:40 pm
3:10 pm - 3:40 pm

Exhibit & Networking Break

3:40 pm -
4:20 pm
3:40 pm - 4:20 pm

Why Accelerating Zero Trust Adoption Makes Complete Security Sense

Speakers:
F. Ward Holloway III, Senior Director of Global Strategic Alliances, ForeScout
Malcolm (M.K.) Palmore, VP, Field CSO, Palo Alto Networks

The global nature of business and the presence and impact of cyber adversaries make it an organizational imperative to consistently re-assess the effectiveness of our security practices. Adopting best practices have become essential to consistently managing enterprise risk. Zero Trust offers security practitioners a roadmap to manage digital interactions at a foundational level. Hear from MK Palmore, Field CSO Palo Alto Networks and Ward Holloway, Sr. Director Strategic Alliances at Forescout, on the strategic benefits of implementing Zero Trust.

Join us to learn how to:

  • Increase visibility in your security environments
  • Reduce the attack surface (through the implementation of Zero Trust)
  • Block Known Threats
  • Identify New Threats & Implement Solutions
4:25 pm -
4:35 pm
4:25 pm - 4:35 pm

Tech Spotlight#3 | Insider Threats… Are They the Hole in Your Security Strategy?

Speaker:
Pete Nourse, CMO, Veriato

4:40 pm -
5:10 pm
4:40 pm - 5:10 pm

Do's and Don'ts of Investigations and Response

Speakers:
Jeff Dant, Managing Director, Fraud Operations & Intelligence - Enterprise Fraud Management, BMO Financial Group
Kristin Judge, CEO, Cybercrime Support Network

Whether you're a large enterprise that has experienced a headline data breach or a midmarket organization that has just been paralyzed by ransomware, you share points in common. Which law enforcement agency do I call after the incident has been discovered? What do I do - and not do with the affected systems? What resources are available to help my organization respond and recover?

Join this panel for unique insights on:

  • Legal do's and don'ts of incident response
  • How to work most effectively with federal law enforcement agencies
  • Unique new resources for small-to-midsized organizations
5:15 pm -
5:30 pm
5:15 pm - 5:30 pm

Wrap-Up

5:30 pm -
6:30 pm
5:30 pm - 6:30 pm

Cocktails & Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:40 am
9:00 am - 9:40 am

HSBC Whistleblower on Uncovering Fraud

Speaker:
Everett Stern, CEO & Intelligence Director, Tactical Rabbit

For at least half a decade, HSBC helped to wash hundreds of billions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, as well as move money for terrorist organizations linked to Al Qaeda and Hezbollah and for Russian gangsters. Furthermore, HSBC helped countries like Iran, the Sudan and North Korea evade sanctions. And, while serving murderers, terrorists and rogue states, HSBC aided countless common tax cheats in hiding their cash.

Everett Stern was pivotal in uncovering this huge fraud and money laundering scheme, which among other things, resulted in HSBC in 2012 being fined $1.9B - the largest fine to date by the U.S. Justice Department. In a rare appearance, Stern will share undisclosed information about what happened inside HSBC during this extraordinary event and what is happening now.

Attend to learn:

  • How HSBC created a fake AML program that led to a $1.9B penalty;
  • How terrorist organizations and drug cartels are being allowed to use our own financial system to harm American interests;
  • How one individual can be the difference in exposing fraud in even the largest of organizations.
9:45 am -
10:15 am
9:45 am - 10:15 am

Advanced Threats: Raising the Bar on Cyber Defenses

Speakers:
Craig Harber, CTO, Fidelis Cybersecurity
Mike Krygier, Deputy Chief Information Security Officer, NYC
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

From ransomware to infected devices and assaults on the critical infrastructure, organizations are increasingly encroached by advanced threats and threat actors. And security leaders are tasked with taking their traditional cyber defenses to the next level to mitigate the emerging risks. What are the defenses and strategies that will help CISOs raise the cybersecurity bar? Sit with this expert panel for practical responses to questions such as:

  • How do you mitigate advanced threats?
  • How do you mitigate the security risks of the IoT?
  • Would outsourcing your security make sense from financial and resource perspective?
10:20 am -
10:30 am
10:20 am - 10:30 am

Tech Spotlight#4 | Data Security is a Team Sport: What We Can Learn From Geese

Speaker:
Deborah Kish, EVP of marketing and research at Fasoo

10:35 am -
11:05 am
10:35 am - 11:05 am

Redefining Mobile Security (and Why it Works)

Speaker:
Eugene Liderman, Director of Mobile Security Strategy, Google

Google's Android is the most popular mobile operating system in the world, powering over 2.5 billion devices.

In this exclusive session, Eugene Liderman, Director of Mobile Security Strategy, Google, outlines Android's multi-layered security strategy, which includes hardware and software protections, as well as utilizing the power of machine-learning that helps protect devices at the application layer.

Learn how Android has proved that open doesn't mean unsecure, with third party validation determining that the Android platform provides the most robust security features available to enterprise.

11:05 am -
11:25 am
11:05 am - 11:25 am

Exhibiting & Networking Break

11:30 am -
12:00 pm
11:30 am - 12:00 pm Track A

The Risky Business of Third Party Risk Management

Speaker:
Ryan Davis, CISO, Veracode

CISOs, CIOs, CROs are all being asked to measure the effectiveness of their information security programs often overlooking their greatest risk: third party resources. For every company this risk manifests in different forms: third party developed software; vendors/suppliers with access to their data; contractors within their environment, and the list goes on. Join Veracode CISO, Ryan Davis, as he explores:

  • Which effective third party risk management strategies actually work
  • Challenges of TPRM within the cloud
  • Third party risk from the vendor perspective
11:30 am - 12:00 pm Track B

Evolution of the Threat Landscape

Speaker:
Chris Hallenbeck, CISO, Americas, Tanium

The media continues to report that the threat landscape is evolving. But this is a common cliché that can smokescreen reality. In fact, significant security events tend to share notable commonalities. Regardless of whether the attack is a widely distributed banking Trojan extracted from a phishing email or a targeted attack campaign by a sophisticated state-sponsored actor, the attacker's success hinges on a handful of key activities. This presentation will begin with a threat landscape review, focusing on commonalities across threat classes. Chris will draw on his experiences as an incident responder to share his insight.

11:30 am - 12:00 pm Track C

Ransomware Everywhere

Speaker:
Neal Conlon, Senior Vice President of Business Development, AppGuard

Little known before 2014, ransomware is now one of the most popular methods used by hackers to attack corporations. The recent attacks on government entities are more publicized but private corporations have been struggling with ransomware for a few years now. Join Neal Colon to learn more about recent attacks, how traditional security solutions are failing and what more corporations need to do to protect themselves.

12:05 pm -
12:35 pm
12:05 pm - 12:35 pm Track A

GDPR, CCPA and Security in the New Privacy World

Speakers:
Andy Roth, Chief Privacy Officer, Intuit
Kristen Mathews, Partner, Morrison & Foerster LLP
Michael La Marca, Associate, Hunton Andrews Kurth
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

U.S. organizations were barely GDPR compliant in 2018, when California unveiled its own privacy legislation, the California Consumer Privacy Act, which goes into effect on Jan. 1, 2020. Yet, this is but one of several privacy laws being enacted across the U.S., and it poses many questions about the role of security to enable privacy - and the role of security leaders to enforce it.

Join this session for an exclusive legal overview of:

  • CCPA Overview - what's covered, who's covered, and against what?
  • GDPR Article 32 security requirements
  • "If I'm GDPR-compliant, aren't I CCPA-compliant?"
  • What happens if I'm not secure?
12:05 pm - 12:35 pm Track B

Teaming-Up to Fight Cybercrime: The Power of Public/Private Partnership

Speakers:
Amit Patel, Special Agent, FBI
Dora Gomez, President NYCFE, InfraGard Board Member, FinCrime Consultant.
James Bernard, Vice President/Investments, Stifel
Paul Ferrillo, Partner and Shareholder, Greenberg Traurig, LLP

Teaming-up the public and private sectors to address cybercrime and cooperating with law enforcement is critical in reporting cybercrime to law enforcement agencies.

This expert panel of InfraGard Members and FBI Agents share how they have worked together on cybercrime investigations that affected both corporations and individuals, including:

  • A foreign-based organization that recovered from a BEC of over $3.5 million
  • Anatomy of a SIM Swap, and navigating the resolution; the service provider, the FBI, and local law enforcement
  • A cyber threat landscape overview and interaction with the FBI during cyber incidents with case studies including ransomware, Office 365/cloud, and more.
12:35 pm -
1:20 pm
12:35 pm - 1:20 pm

Lunch

1:20 pm -
1:50 pm
1:20 pm - 1:50 pm

Challenges with Real-time Correlation Hybrid Cloud and Legacy Environments

Speaker:
Devon Bryan, Executive Vice President & CISO, Federal Reserve System

As cyber defenders position themselves to support the strategic business directions of their organizations' consumption of cloud technologies, it is critical to have:

  • Appropriate end-to-end visibility and monitoring;
  • Threat detection for anomalous user or entity behaviors;
  • Ability to detect risky configurations, network intrusions, host vulnerabilities;
  • Risk scores for every resource, across multi-cloud and legacy on-prem environments.

This presentation will explore this challenge and leading approaches being pursued to address this real-time correlation.

1:55 pm -
2:35 pm
1:55 pm - 2:35 pm

The Challenges of Securing Critical Infrastructure in the Private Sector

Speaker:
Brian Harrell, Assistant Director for Infrastructure Security, U.S. Cybersecurity and Infrastructure Security Agency

Strong, reliable infrastructure is key to the nation's high standard of living, security, and strong economy. This includes systems like water and power, financial transactions, telecommunications, and so on. In short, critical infrastructure security and resilience is an integral to all of the systems that make our work and lives efficient, convenient and comfortable. Join us as Brian Harrell explores current and emerging threats and vulnerabilities in the critical infrastructure space as the cyber and physical worlds become more interconnected and interdependent, and learn about resources available through CISA to help build resilience to these threats.

2:40 pm -
3:10 pm
2:40 pm - 3:10 pm

CISO Panel on 2020 Agenda

Speakers:
Janet Scott, Executive Director of Cybersecurity Engineering, Merck
Joyce Brocaglia, Founder, Executive Women's Forum
Moriah Hara, CISO Board Advisor, Clearsky
Nashira Layade, SVP, CISO, Realogy

Join this panel of current security leaders to hear their unique insights on challenges for 2020, including:

  • Where security is heading - the threats, the risks and how to mitigate them;
  • Enabling digital transformation with emerging tech;
  • Evolution of the CISO role - critical skills, building trust and dealing with the inherent stresses.

3:10 pm -
3:15 pm
3:10 pm - 3:15 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

eSentire
IBM
Arxan
LastPass
Attivo Networks
First Data
SSH
Owl Cyber Defense
Veriato
Veracode
Cequence Security
Fidelis
Zixcorp
Beazley Group
Palo Alto Networks
ForeScout
ExtraHop
Micro Focus | DXC
Onfido
DUO Security
Darktrace
KnowBe4
PacketViper
HolistiCyber
Tanium
Fasoo
Appguard
Cylance-Blackberry
Fortinet

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

LOCATION / Venue & Address

Convene Conference Center
117 W46th St.
New York, NY

Room Block Reservations

The Muse by Kimpton
130 West 46th Street
New York, NY 10036
D: 212.485.2705 ext. 8005

We have secured a block of rooms across from the venue at The Muse by Kimpton.  Cutoff date is July 29th.

If booking by phone, guests must call our Central Reservations number at 844-861-5509 and provide the name of the Block (ISMG) or the Group Code  (AJL).

If booking online, please use this custom link:
https://bit.ly/2LbhQA6

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data