Speaker:
Dan Fitzgerald, CISO, McKinsey & Company

Stories, practical experiences, anecdotes and a bit of humor about creating and managing cloud security programs and the journey to devsecops. This will be an interactive session.

The session will cover:

• Key components of cloud security programs and the basics of devsecops
• Real world challenges and practical solutions for creating cloud security programs
• Challenges of standardizing cloud infrastructure at scale and how to overcome
• The changing nature of security teams in cloud settings
• Action planning and applied discussion questions for participants

Speaker:
Laszlo Gonc, Practicing Chief Healthcare CISO, and Cybersecurity and Transformation Strategist & Evangelist

Tremendous technology changes in recent years have made exponential leaps in the way we will communicate, interact and transact with each other. The Internet of Things has brought about the potential for embedded low cost sensors on everything around us, on us and even in us. Blockchains and smart contracts with advances in encryption tools will provide for the immutable trust and transparency required to build the foundation of Web 3.0. The collection of all this data will provide startling context to how we behave and make decisions through Better Data Analytics. Advances in Artificial Intelligence through machine learning will change the way we interact with machines, our environment and each other forever. What does this mean to your business? In this session you can learn:

• The technology risks and security challenges to your organization
• How to protect your company against the new cyberattacks
• How these technologies impact your organization on its road to digital transformation

Speaker:
Mike Greene, CEO & GM, Enzoic

Numerous options exist for strong authentication but, each involves introducing some form of friction into the user experience. User testing shows consumers have extremely limited tolerance for disruptions introduced by security measures, even when those measures are designed to protect the consumer, personal information and valuable assets.

Enzoic built its credential screening products with the understanding that consumers use the same login credentials across multiple sites. When a user logs in, Enzoic compares their credentials against a continuously updated database of compromised credentials. This process is behind-the-scenes and adds negligible latency to the login process.

If the user's credentials have been compromised, a range of responses can be taken: companies may force an immediate password reset, clear credit cards on the account, require an additional auth factor, or log for additional analysis. This protects the user's account and maintains enterprise security against credential stuffing and account takeover attacks launched by cybercriminals.

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

Speaker:
Carl Gustas, Solutions Engineer, Cequence Security

In this discussion, I'll be covering the automation landscape as it pertains to nefarious actions against hyper connected organizations. We'll begin by talking about what bots were initially designed for and what they've evolved to. My focus will be on the negative effects automation can have on organizations, their business logic, infrastructure and security practices. The second half of the discussion will be around the tools commonly used by enterprise organizations and the pitfalls and challenges surrounding them.

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

Cybercrime has targeted bank and payments solutions for a long time, but in the past few years has expanded its target industries to airlines, insurance, travel, retail and others. CISOs and fraud leaders that have been focused on insider threats are finding they need to consider the fraud darknet eco-system and actors as part of their strategy development considerations. This session will:

• Identify new industries targeted by cybercrime and fraud and key MOs used to attack them
• Present opportunities for advancing digital cybercrime protection while improving the customer experience at the same time through implementation of new digital trust strategies.

Speaker:
Tim Bedard, Director, Security Product Marketing, OneSpan

Fifty-four percent of survey respondents say their institutions' digital authentication measures are average or below when compared to their peers. And 55 percent rate themselves at average or below when it comes to their institution's current ability to apply the right amount of security to the right transactions at the right time. These are among the key results of The State of Adaptive Authentication in Banking survey.

In this session, learn more about the survey results and receive live, expert analysis about:

• How to benchmark where your organization is on the road of adaptive authentication;
• Business benefits to be gained;
• Tools, skills and partnerships to get you there.

Speaker:
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

U.S. organizations were barely GDPR compliant in 2018, when California unveiled its own privacy legislation, the California Consumer Privacy Act, which goes into effect on Jan. 1, 2020. Yet, this is but one of several privacy laws being enacted across the U.S., and it poses many questions about the role of security to enable privacy - and the role of security leaders to enforce it.

Join this session for an exclusive legal overview of:

• CCPA Overview - what's covered, who's covered, and against what?
• GDPR Article 32 security requirements
• "If I'm GDPR-compliant, aren't I CCPA-compliant?"
• What happens if I'm not secure?

Speaker:
Andres Rapela, AVP of Secure Payments, Federal Reserve Bank

Over the years, the Federal Reserve has worked alongside the industry to pursue real-time, safe, highly secure, efficient, broadly inclusive and ubiquitous payment services in the U.S. The U.S. payments and fraud landscape continues to shift as technology evolves and new risks emerge. During this session, attendees will learn about the Federal Reserve's work to inform fraud risk and advance the payment system's safety, security and resiliency. Attend this session to learn about the Federal Reserve's involvement in the future of the U.S. payment system.

Speaker:
Carlos Pero, AVP and Head of Cyber Application Security, Zurich Insurance

Application Security can't continue to be the responsibility of just security experts anymore. After all, anyone can code! And while there are certainly best practices, there is no one-size-fits all. A reasonably designed and executed program should make everyone's job easier.

Join this session for first-hand insight on:

• Security's role in application development
• How to affect cultural change and gain developers' support for your security program

Speaker:
Trace Fooshee, Senior Analyst, Aite Group

The bad guys are winning the war on identity-theft, with losses mounting for organizations across sectors. Increasingly organized criminals have plenty of weapons in their arsenal, including vast quantities of breached data and carefully cultivated synthetic identities. What are the top trends shaping the rising tide of financial fraud in 2019 and what can security professionals expect in the months and years to come?

Trace Fooshee, Senior Analyst for Aite Group, will share research that examines the latest trends challenging U.S. financial services providers. You'll learn:

• The latest trends in identity theft-related financial crimes including the latest iteration of payments fraud tactics
• Successful defensive strategies, including the latest trends in deploying omni-channel authentication hubs
• The often overlooked role that communication plays in the customer experience

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.

Speaker:
Tommy McDowell, VP of Intelligence, RH-ISAC

Target. Home Depot. Starwood. These retail and hospitality giants have been among the top data breach headlines in recent years. And in response, the industry formed the Retail and Hospitality Information Sharing and Analysis Center to be a central hub for sharing sector-specific cyber security information and intelligence.

In an exclusive appearance, Tommy McDowell, VP of Intelligence at the RH-ISAC, will speak at ISMG's Chicago Fraud and Breach Prevention Summit to discuss:

• RH-ISAC's mission and accomplishments;
• The 2019 threat landscape;
• Top lessons learned from the headline breaches.

Speaker:
Everett Stern, CEO & Intelligence Director, Tactical Rabbit

For at least half a decade, HSBC helped to wash hundreds of billions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, as well as move money for terrorist organizations linked to Al Qaeda and Hezbollah and for Russian gangsters. Furthermore, HSBC helped countries like Iran, the Sudan and North Korea evade sanctions. And, while serving murderers, terrorists and rogue states, HSBC aided countless common tax cheats in hiding their cash.

Everett Stern was pivotal in uncovering this huge fraud and money laundering scheme, which among other things, resulted in HSBC in 2012 being fined $1.9B - the largest fine to date by the U.S. Justice Department. In a rare appearance, Stern will share undisclosed information about what happened inside HSBC during this extraordinary event and what is happening now.

Attend to learn:

• How HSBC created a fake AML program that led to a $1.9B penalty;
• How terrorist organizations and drug cartels are being allowed to use our own financial system to harm American interests;
• How one individual can be the difference in exposing fraud in even the largest of organizations.

Speaker:
Todd Carroll, CISO and VP of Cyber Operations, CybelAngel

In this session, Todd Carroll, former FBI Special Agent, will draw from his experience with the FBI and from his current role as CISO with Cybelangel to discuss:

• Case studies showing exposure of sensitive data by trusted partners in airport operations
• The increased risk of connected storage and exposure of data trends.

Speakers:
Darrin Kimes, Senior Special Agent, US Secret Service
Sadia Mirza, Attorney, Cybersecurity, Information Governance and Privacy Practice Group, Troutman Sanders

Creating a cybersecurity incident response plan is a fundamental requirement of any cybersecurity program - and a requirement of many global regulations, including GDPR and PCI DSS. During this workshop, Troutman Sanders' Sadia Mirza will discuss the benefits of table top exercises. She then will be joined by law enforcement agents to discuss how to work most effectively with the law before and after an incident. Participants will:

• Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
• Learn key features in an incident response plan and how the table top exercise works to improves each component;
• Learn how best to involve law enforcement agencies before, during and after an incident.