ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud & Breach Prevention Summit: Chicago

June 26-27, 2018 - W Chicago City Center

View Sessions

Welcome / Letter from the Editor

Tom Field

Tom Field

SVP, Editorial, ISMG

From Meltdown and Spectre to GDPR to the Facebook/Cambridge Analytica privacy furor, it’s already been a busy year for security and fraud leaders – and 2018 isn’t even half over.

Want to arm yourself with strategies and solutions to tackle the rest of the year? Then register now for ISMG’s 5th annual Chicago Fraud and Breach Prevention Summit.

This two-day conference brings together thought-leaders, industry professionals and solutions vendors to focus intensely on the security and fraud topics that matter most – IoT, Blockchain, cybercrime, machine learning, payments security, identity fraud, the insider threat and behavioral analytics to name a few – all with a single goal: Education.

We strive to bring unique speakers and insight. Case in point: Brett Johnson, a former FBI most-wanted criminal who was once called “the original Internet godfather.” What can you learn from this former career criminal? How not to be someone else’s cybercrime victim.

Johnson is but one of the engaging speakers who will make this Summit unique.

Sign up now and join the discussion.

Details

W Chicago City Center

June 26th & 27th, 2018

$895

View Sessions

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Diana Kelley

Cybersecurity Field CTO, Microsoft

Brett Johnson

Former Most Wanted and "The Original Internet Godfather"

David Lott

Payments Risk Expert, Federal Reserve Bank of Atlanta

Tom Field

SVP - Editorial, ISMG

Randy Trzeciak

Insider Threat Research Team Technical Lead, CERT

Denyette DePierro

VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association

David Houlding

Principal Healthcare Program Manager, Microsoft

Matthew Maglieri

CISO, Ashley Madison's parent company Ruby Life Inc.

SPEAKERS / Featured Speakers

Diana Kelley

Cybersecurity Field CTO, Microsoft

Matthew Maglieri

CISO, Ruby, parent company of Ashley Madison

Brett Johnson

Former Most Wanted and "The Original Internet Godfather"

Patrick Hogan

Assistant to the Special Agent in Charge, U.S. Secret Service

Brent Maher

CISO, Johnson Financial Group

Carlos Pero

AVP and Head of Cyber Application Security, Zurich Insurance

David Houlding

Principal Healthcare Program Manager, Microsoft

David Lott

Payments Risk Expert, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta

Tom Field

Senior Vice President, Editorial, ISMG

Aaron Sherman

Senior Director of Cyber Threat Intelligence, Braintrace

Denyette DePierro

VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Julie Conroy

Research Director, Aite Group

Mark Bower

General Manager and CRO, Egress Technologies

Doug Copley

President, Data Protection Partners

Gleb Esman

Senior Product Manager, Fraud Analytics and Research, Splunk

Patrick Bedwell

Head of Product Marketing, Lastline

Paul Bowen

Principal Security Technologist, Arbor Networks

Howard Anderson

News Editor, ISMG

Frank Mendicino

Digital Identity & Fraud Prevention, Cyber Security, IBM US

Brian Hussey

VP of Cyber Threat Detection & Response, Trustwave

Daniel Wierzbicki

Supervisory Special Agent - Criminal & National Security Cyber Investigations, FBI Chicago Division

Antonio Enriquez

Cyber Security Advisor, Office of Cybersecurity and Communications, US Department of Homeland Security

Sam Curry

Chief Security Officer, Cybereason

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



  • Tuesday, June 26th

  • Wednesday, June 27th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:50 am
9:00 am - 9:50 am

Cybercrime Exposed: Insights from a Former U.S. Most Wanted Cybercriminal

Speaker:
Brett Johnson, Former Most Wanted and "The Original Internet Godfather"

Brett Johnson, referred to by the United States Secret Service as "The Original Internet Godfather" has been a central figure in the cybercrime world for almost 20 years. He founded and was the leader of Counterfeitlibrary.com and Shadowcrew.com. Working alongside the top cyber criminals of our time, he helped design, implement, and refine modern Identity Theft, ATO fraud, Card Not Present fraud, IRS Tax Fraud and countless other social engineering attacks, breaches and hacking operations.

Join Johnson as he discusses:

  • His involvement in online crime;
  • The current state of cybercrime, the crooks and the crimes they commit;
  • How to avoid being a cybercrime victim.
9:55 am -
10:40 am
9:55 am - 10:40 am

Blockchain as a Tool for Fraud Prevention

Speaker:
David Houlding, Principal Healthcare Program Manager, Microsoft

Financial fraud can be notoriously hard to detect and easy to cover up. But does blockchain technology with its distributed digital ledger now offer a new tool to help organizations reduce risk and prevent fraud?

This session describes:

  • More about blockchain and its uses beyond digital currencies;
  • The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger;
  • Lessons from organizations that already are using blockchain technology as a tool to prevent fraud.
10:40 am -
11:00 am
10:40 am - 11:00 am

Exhibit & Networking Break

11:00 am -
11:30 am
11:00 am - 11:30 am Track A

Awareness Discussion: How to Turn Your End User Into Your Friend User and Reduce Your Biggest Risk Vector

Speaker:
Arbor Networks,

Accidentally careless employees are the biggest cause of incidents involving data loss, responsible for almost 25 percent of all breaches.

Given that employees are the first line of defense against socially engineered schemes, such as account takeover, new account fraud and other crimes, doesn't it make sense to train your end users to support your security efforts - not just hinder them?

This session offers insights on:

  • Why many end user training efforts fall flat;
  • Effective new ways to utilize technology to train employees;
  • Use cases for how to turn the adversarial end user relationship into a "friend user" partnership.
11:00 am - 11:30 am Track B

Finding Fraud Using Machine Data

Speaker:
Gleb Esman, Senior Product Manager, Fraud Analytics and Research, Splunk

Security hygiene can be poor, and criminals know it. Fraudulent activity costs are in the billions worldwide across industries, and over 16 million consumers in the US were victims of identity theft or fraud in the past year. Learning to onboard new data at the speed of the business will ensure your fraud team can detect and investigate data to quickly find anomalies and reduce loss of money, reputation and organizational efficiencies.

In this session you will learn:

  • How to recognize examples of fraudulent activities in your environment;
  • How to more quickly find anomalies of transactions or behaviors of accounts that are fraudulent, acting fraudulently or being taken over;
  • Recommendations and best practices on how to get started detecting fraudulent patterns and activities by using machine data and an analytics-driven security platform.
11:35 am -
12:05 pm
11:35 am - 12:05 pm Track A

Know Your (Digital) Customer in the Identity Theft Era

Speaker:
Frank Mendicino, Digital Identity & Fraud Prevention, Cyber Security, IBM US

As businesses evolve to support a complete digital experience, a challenge has emerged to one of the most basic questions of doing business: How can I truly trust I know my customer?

In the world of data breaches and identity theft, legacy programs of identity proofing and authentication do not instill a high level of confidence in the end user's claims to allow establishing digital identity trust. New technologies and approaches are needed to assess the risk of digital identities that examine each user's digital patterns and can detect bad actors more accurately.

This session dives into the details of a framework that establishes digital trust based on capabilities from fraud protection and Identity. Showing how it quickly and transparently establish a trusted, frictionless digital relationship for customers, employees, and business partners. The session also explores key scenarios of deployment, best practices and top technologies that establishes a digital trust stack.

11:35 am - 12:05 pm Track B

Security 2020: A Dating Story of Enablement

Speaker:
Doug Copley, President, Data Protection Partners

Many models of security have their roots in older infrastructure. But older models don't fit the needs of modern businesses, and with the death of the network perimeter and the rapidly approaching end to passwords, we need security that will enable us now and into the future - especially with new devices coming in ever-changing forms. This may seem new, but establishing trust in this new model of security is much like establishing trust when your child wants to go on a date. This presentation covers IoT, mobility, cloud, as well as the end of solutions like VPNs, firewalls, MDM and passwords - and we pick things apart. While they may seem like completely different topics, all of these things end up having security implications in unexpected ways.

Attend this session to:

  • Contrast security risk in legacy and future computing environments;
  • Learn what to look for in new technologies and security;
  • Prepare for a world without perimeters, VPNs, and passwords.
12:05 pm -
1:05 pm
12:05 pm - 1:05 pm

Lunch

1:05 pm -
1:50 pm
1:05 pm - 1:50 pm

The State of Payment Fraud and the Path to Reduce it

Speaker:
David Lott, Payments Risk Expert, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta

Maintaining strong payments security practices is a continuously moving target given the ever-evolving payments ecosystem and dynamic nature of the threat environment. The commitment to improve security is a priority throughout the payments industry as evidenced by the ongoing collaboration across these issues. This session covers:

  • Efforts to support the payment industry, such as the Federal Reserve's payment fraud study;
  • Initiatives designed to tackle tough issues, such as data protection, payment identity management and cybersecurity.
1:55 pm -
2:25 pm
1:55 pm - 2:25 pm Track A

AI and Machine Learning: More Than Buzzwords?

Speaker:
Chris Testa, Regional Vice President, Cybereason

In a world where adversaries are evolving their tools and techniques, defenders also need to advance their techniques to stay one step ahead of the ever evolving threat. While breach prevention used to rely heavily on static, signature-based detection, this is no longer an approach that will keep even simple threats out of your environment. This session will explain how AI, deception, and dynamic, behavioral analysis can enable organizations to prevent advanced attacks including ransomware, fileless malware, and never-before-seen threats.

1:55 pm - 2:25 pm Track B

Understanding Your TCCR (Total Cost of Cyber Risk)

Speaker:
Patrick Bedwell, Head of Product Marketing, Lastline

Organizations spend millions every year to prevent attacks, yet they have very little insight into the actual cyber risk they're facing. Without that insight, it's difficult to know where to focus resources or measure the value of any security investments.

This presentation discusses how you can build your own cyber risk model: understanding the breach chain, how to identify the relative risk at each stage of the chain, and the costs associated with reducing the risk at each stage.

2:25 pm -
2:45 pm
2:25 pm - 2:45 pm

Exhibit & Networking Break

2:45 pm -
3:30 pm
2:45 pm - 3:30 pm

Email: Still A Top Threat Vector!

Speaker:
Brent Maher, CISO, Johnson Financial Group

A consistent message throughout this Summit: Most threats to an organization continue to enter through the route of least resistance - email. In this session, hear directly from a CISO on why email security needs renewed focus and how he's addressed it in his own organization, including:

  • Why smart employees continue to fall for email phishing schemes;
  • How to use adult learning techniques as part of a new anti-phishing strategy;
  • How to reduce exposure via phishing by more than 30 percent.
3:35 pm -
4:20 pm
3:35 pm - 4:20 pm

Data Integrity in the "Fake News" Era: How to Ensure that Critical Data is Private, Secure ... and Unaltered

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered? What could be the damage? Diana Kelley of Microsoft discusses the emerging topic of data integrity and how to preserve it.

Join this session, as Kelley discusses:

  • How and where data can be altered - and the potential impacts;
  • Implications across the enterprise, even with stored data;
  • Cybersecurity tools to help ensure data integrity.
4:20 pm -
4:30 pm
4:20 pm - 4:30 pm

Closing Remarks, Day 2 Preview

4:30 pm -
5:30 pm
4:30 pm - 5:30 pm

Cocktail Reception

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:50 am
9:00 am - 9:50 am

The Felon and the Fed: Two Very Different Views of Cybercrime

Speakers:
Aaron Sherman, Senior Director of Cyber Threat Intelligence, Braintrace
Brett Johnson, Former Most Wanted and "The Original Internet Godfather"

Brett Johnson was a career fraudster - he stole millions from victims by pioneering a plethora of cyber fraud schemes. Aaron Sherman is a career law enforcement agent - most recently operating as a cyber special agent with the FBI. Together, they offer a two-pronged look at some of today's top cybercrimes - how they are perpetrated and how they are stopped. Join Brett and Aaron as they offer their unique perspectives on topics including:

  • Business Email Compromise
  • Account Takeovers
  • Payment Card Fraud
9:55 am -
10:40 am
9:55 am - 10:40 am

Ashley Madison: Cybersecurity in a World of Discretion

Speaker:
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison

What does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers?

Join Matthew Maglieri, CISO of Ashley Madison's parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is really required to defend against an advanced targeted attack and prevent the scenario that keeps us all up at night. He will discuss:

  • Anatomy of a targeted attack;
  • How to recover from a high-profile breach;
  • "Offensive-driven" risk management and how to best ensure breach resilience.
10:40 am -
11:00 am
10:40 am - 11:00 am

Exhibiting & Networking Break

11:00 am -
11:30 am
11:00 am - 11:30 am Track A

Using User-Centric Machine Learning to Contain the Insider Threat

Speaker:
Mark Bower, General Manager and CRO, Egress Technologies

Despite increasing investment in cyber security tools for the data center, we continue to see a rise in data breaches and their related costs, specifically those relating to the insider threat: accidental loss, misdirected content and the malicious insider. These types of incidents contribute up to 80% of all breached records and are often the result of the human mistake and human error factor in handling sensitive data that traditional tools are unable to address - until now.

The session explores:

  • The dependency on the end user to manage unstructured data securely;
  • Why that dependency is becoming greater over time;
  • How to think about a user-centric approach to security and give users tools to protect their data and themselves.
11:00 am - 11:30 am Track B

A New Kind of Hybrid Attack: Lessons That Can Help Protect Your Business

Speaker:
Brian Hussey, VP of Cyber Threat Detection & Response, Trustwave

Trustwave SpiderLabs has uncovered a new type of cyber-attack targeting the financial industry. Come find out how this "hybrid-style" campaign has resulted in over one billion USD in losses. Featuring a case study on a series of investigations, you will see the most recent pivot in the banking threat landscape and get insights for protecting your organization from these dangerous adversaries.

11:35 am -
12:20 pm
11:35 am - 12:20 pm Track A

Digital Threats and Cyber Risk Where You Least Expect it: Social Media and Web Apps

Speaker:
Carlos Pero, AVP and Head of Cyber Application Security, Zurich Insurance

You can build a tall castle with fortified walls, but what good are the defenses if you leave the drawbridge open?

Recent breaches such as Equifax and Panera Bread have shown how basic vulnerabilities to application framework and web service code can lead to embarrassing headlines and crises of confidence.

At the same time, how do you identify and mitigate risk on new and old digital channels alike? What is the link between social media, social engineering, business email compromise and fraud? Join this session for answers to these questions and insights on:

  • How to develop a first line of defense to buy time in the event of a breach;
  • How to prevent application vulnerabilities from being exposed in the first place.
  • What are the characteristics of developing a risk culture at your institution?
  • How to respond to innovation in a supervised, heavily regulated industry.
11:35 am - 12:20 pm Track B

Critical Infrastructure Protection: Making Public/Private Partnerships Work

Speaker:
Antonio Enriquez, Cyber Security Advisor, Office of Cybersecurity and Communications, US Department of Homeland Security

What are the keys to successful threat-intelligence sharing between the public and private sectors? The government has focused a great deal of attention on how to adequately automate and share threat intelligence. This session explores how the private sector can use the government's experience and apply it, and develop public/private relationships for joint cyber initiatives.

12:20 pm -
1:20 pm
12:20 pm - 1:20 pm

Lunch

1:20 pm -
2:05 pm
1:20 pm - 2:05 pm

New Account Fraud: Emerging Schemes & Solutions

Speaker:
Julie Conroy, Research Director, Aite Group

The bad guys are currently winning the war on the new account fraud front, with losses mounting for organizations across sectors. Organized criminals have plenty of weapons in their arsenal, including vast quantities of breached data and carefully cultivated synthetic identities. How can businesses keep pace with the rising tide of financial fraud, while still maintaining an easy onboarding experience?

Julie Conroy, Research Director for Aite Group, will share brand new research that examines the new account fraud challenge for U.S. financial services providers, and successful solutions. You'll learn:

  • The latest attack vectors and losses
  • Successful defensive strategies, including machine learning analytics and digital identity detection solutions
  • The role of customer experience as businesses are evaluating new technologies to deploy
2:10 pm -
2:55 pm
2:10 pm - 2:55 pm

Insider Threat Program: Malicious vs. Accidental - Prioritizing Risk

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

When it comes to fraud prevention, many organizations overlook the insider threat - both the malicious actor who intends to commit fraud as well as the accidental insider who makes a mistake or is taken advantage of by an external entity. The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud. In this session, the center's director offers:

  • The latest research on insider fraud;
  • The growing role of the accidental insider in fraud schemes;
  • How to start up an insider fraud detection program within your organization.
3:00 pm -
3:45 pm
3:00 pm - 3:45 pm

Panel: Know Your Attacker: Lessons Learned from Cybercrime Investigations

Speakers:
Daniel Wierzbicki, Supervisory Special Agent - Criminal & National Security Cyber Investigations, FBI Chicago Division
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison
Patrick Hogan, Assistant to the Special Agent in Charge, U.S. Secret Service

"Know your customer" is a familiar refrain in business circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation states, cybercrime gangs or lone actors. Join this panel of law enforcement officials and internal investigators for their insights on:

  • Today's most prevalent cybercrime schemes - and why they are successful;
  • Traits of the threat actors most commonly perpetrating these schemes;
  • Lessons learned from actual crime investigations - and how you can put these to work to improve your own defenses.
3:45 pm -
4:00 pm
3:45 pm - 4:00 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

Splunk
DUO Security
IBM
Lastline
Cybereason
Trustwave
Arbor Networks
OneSpan
Egress
ForeScout

LOCATION / Venue & Address

W Chicago City Center
172 West Adams Street
Chicago, IL, 60603-3604

Visit the venue website

WATCH SESSIONS ONLINE

For our premium members, we offer online webinars from all of our past events. Become a member now to get access to keynotes and important sessions from previous events.

Become a Member

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data