ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud & Breach Summit: Chicago

May 14, 2019

Register Now

Welcome / Summit Overview

ISMG’s Global Summit Series will take place across four continents focusing on global security topics such as fraud and breach prevention and on many key industry verticals such as finance, government, retail, energy and healthcare.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, meet with leading technology providers and be a part of the ISMG community of over 700,000 subscribers.

Details

Convene Conference Center

16 West Adams Street
Chicago, IL
May 14th, 2019

$595

Register Now

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Everett Stern

Former HSBC whistleblower; CEO & Intelligence Director, Tactical Rabbit

Sadia Mirza

Attorney, Cybersecurity, Information Governance and Privacy Practice Group, Troutman Sanders

Randy Trzeciak

Insider Threat Research Team Technical Lead, CERT

Tim Horton

VP, Global Security & Fraud Product Management, First Data

Tommy McDowell

VP of Intelligence, RH-ISAC

Randy Sabett

Vice Chair, Privacy & Data Protection Practice Group, Cooley LLP

Laszlo Gonc

Practicing Chief Information Security Officer (CISO) in HealthCare, Cybersecurity and Transformation Strategist & Evangelist

Shaked Vax

Trusteer Product Strategist, IBM Security

SPEAKERS / Featured Speakers

Dan Fitzgerald

CISO, McKinsey & Company

Everett Stern

CEO & Intelligence Director, Tactical Rabbit

Laszlo Gonc

Practicing Chief Healthcare CISO, and Cybersecurity and Transformation Strategist & Evangelist

Ronald Raether

Partner, Partner at Troutman Pepper

Tom Field

Senior Vice President, Editorial, ISMG

Andres Rapela

AVP of Secure Payments, Federal Reserve Bank

Todd Carroll

CISO and VP of Cyber Operations, CybelAngel

Trace Fooshee

Senior Analyst, Aite Group

Nick Holland

Director, Banking and Payments, ISMG

Carlos Pero

AVP and Head of Cyber Application Security, Zurich Insurance

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Tommy McDowell

VP of Intelligence, RH-ISAC

Randy Sabett

Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

Tim Bedard

Director, Security Product Marketing, OneSpan

Mike Greene

CEO & GM, Enzoic

Carl Gustas

Solutions Engineer, Cequence Security

Tim Horton

VP, Global Merchant Security and Compliance Solutions, First Data

Shaked Vax

Trusteer Products Strategist, IBM Security

Darrin Kimes

Senior Special Agent, US Secret Service

Sadia Mirza

Attorney, Cybersecurity, Information Governance and Privacy Practice Group, Troutman Pepper

Schedule / Session Date & Times



  • Tuesday, May 14th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:50 am
9:00 am - 9:50 am

The Future of Cloud Security Programs

Speaker:
Dan Fitzgerald, CISO, McKinsey & Company

Stories, practical experiences, anecdotes and a bit of humor about creating and managing cloud security programs and the journey to devsecops. This will be an interactive session.

The session will cover:

  • Key components of cloud security programs and the basics of devsecops
  • Real world challenges and practical solutions for creating cloud security programs
  • Challenges of standardizing cloud infrastructure at scale and how to overcome
  • The changing nature of security teams in cloud settings
  • Action planning and applied discussion questions for participants
9:55 am -
10:30 am
9:55 am - 10:30 am

The Next Perfect Storm: Are You Ready for the Convergence of IoT, Blockchain, Better Data Analytics and AI?

Speaker:
Laszlo Gonc, Practicing Chief Healthcare CISO, and Cybersecurity and Transformation Strategist & Evangelist

Tremendous technology changes in recent years have made exponential leaps in the way we will communicate, interact and transact with each other. The Internet of Things has brought about the potential for embedded low cost sensors on everything around us, on us and even in us. Blockchains and smart contracts with advances in encryption tools will provide for the immutable trust and transparency required to build the foundation of Web 3.0. The collection of all this data will provide startling context to how we behave and make decisions through Better Data Analytics. Advances in Artificial Intelligence through machine learning will change the way we interact with machines, our environment and each other forever. What does this mean to your business? In this session you can learn:

  • The technology risks and security challenges to your organization
  • How to protect your company against the new cyberattacks
  • How these technologies impact your organization on its road to digital transformation
10:30 am -
10:40 am
10:30 am - 10:40 am

Compromised Credential Detection

Speaker:
Mike Greene, CEO & GM, Enzoic

Numerous options exist for strong authentication but, each involves introducing some form of friction into the user experience. User testing shows consumers have extremely limited tolerance for disruptions introduced by security measures, even when those measures are designed to protect the consumer, personal information and valuable assets.

Enzoic built its credential screening products with the understanding that consumers use the same login credentials across multiple sites. When a user logs in, Enzoic compares their credentials against a continuously updated database of compromised credentials. This process is behind-the-scenes and adds negligible latency to the login process.

If the user's credentials have been compromised, a range of responses can be taken: companies may force an immediate password reset, clear credit cards on the account, require an additional auth factor, or log for additional analysis. This protects the user's account and maintains enterprise security against credential stuffing and account takeover attacks launched by cybercriminals.

10:40 am -
11:10 am
10:40 am - 11:10 am

Exhibit & Networking Break

11:10 am -
11:40 am
11:10 am - 11:40 am Track A

Consumer Data: Multi-Layered Security Gets Personal

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

11:10 am - 11:40 am Track B

Malicious Bot Attacks: The New #1 Cyber Threat

Speaker:
Carl Gustas, Solutions Engineer, Cequence Security

In this discussion, I'll be covering the automation landscape as it pertains to nefarious actions against hyper connected organizations. We'll begin by talking about what bots were initially designed for and what they've evolved to. My focus will be on the negative effects automation can have on organizations, their business logic, infrastructure and security practices. The second half of the discussion will be around the tools commonly used by enterprise organizations and the pitfalls and challenges surrounding them.

11:45 am -
12:15 pm
11:45 am - 12:15 pm Track A

New Targets on Cybercriminals' Radar

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

Cybercrime has targeted bank and payments solutions for a long time, but in the past few years has expanded its target industries to airlines, insurance, travel, retail and others. CISOs and fraud leaders that have been focused on insider threats are finding they need to consider the fraud darknet eco-system and actors as part of their strategy development considerations. This session will:

  • Identify new industries targeted by cybercrime and fraud and key MOs used to attack them
  • Present opportunities for advancing digital cybercrime protection while improving the customer experience at the same time through implementation of new digital trust strategies.
11:45 am - 12:15 pm Track B

The State of Adaptive Authentication in the Financial Industry

Speaker:
Tim Bedard, Director, Security Product Marketing, OneSpan

Fifty-four percent of survey respondents say their institutions' digital authentication measures are average or below when compared to their peers. And 55 percent rate themselves at average or below when it comes to their institution's current ability to apply the right amount of security to the right transactions at the right time. These are among the key results of The State of Adaptive Authentication in Banking survey.

In this session, learn more about the survey results and receive live, expert analysis about:

  • How to benchmark where your organization is on the road of adaptive authentication;
  • Business benefits to be gained;
  • Tools, skills and partnerships to get you there.
12:15 pm -
1:00 pm
12:15 pm - 1:00 pm

Lunch

1:00 pm -
1:30 pm
1:00 pm - 1:30 pm Track A

GDPR, CCPA and Security in the New Privacy World

Speaker:
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

U.S. organizations were barely GDPR compliant in 2018, when California unveiled its own privacy legislation, the California Consumer Privacy Act, which goes into effect on Jan. 1, 2020. Yet, this is but one of several privacy laws being enacted across the U.S., and it poses many questions about the role of security to enable privacy - and the role of security leaders to enforce it.

Join this session for an exclusive legal overview of:

  • CCPA Overview - what's covered, who's covered, and against what?
  • GDPR Article 32 security requirements
  • "If I'm GDPR-compliant, aren't I CCPA-compliant?"
  • What happens if I'm not secure?
1:00 pm - 1:30 pm Track B

The Federal Reserve's Next Steps to Advance Payments Security

Speaker:
Andres Rapela, AVP of Secure Payments, Federal Reserve Bank

Over the years, the Federal Reserve has worked alongside the industry to pursue real-time, safe, highly secure, efficient, broadly inclusive and ubiquitous payment services in the U.S. The U.S. payments and fraud landscape continues to shift as technology evolves and new risks emerge. During this session, attendees will learn about the Federal Reserve's work to inform fraud risk and advance the payment system's safety, security and resiliency. Attend this session to learn about the Federal Reserve's involvement in the future of the U.S. payment system.

1:35 pm -
2:05 pm
1:35 pm - 2:05 pm Track A

The Elegant AppSec Solution: How to Design a Program that Developers Will Adopt

Speaker:
Carlos Pero, AVP and Head of Cyber Application Security, Zurich Insurance

Application Security can't continue to be the responsibility of just security experts anymore. After all, anyone can code! And while there are certainly best practices, there is no one-size-fits all. A reasonably designed and executed program should make everyone's job easier.

Join this session for first-hand insight on:

  • Security's role in application development
  • How to affect cultural change and gain developers' support for your security program
1:35 pm - 2:05 pm Track B

2019 Fraud Landscape: Top 6 Trends to Watch

Speaker:
Trace Fooshee, Senior Analyst, Aite Group

The bad guys are winning the war on identity-theft, with losses mounting for organizations across sectors. Increasingly organized criminals have plenty of weapons in their arsenal, including vast quantities of breached data and carefully cultivated synthetic identities. What are the top trends shaping the rising tide of financial fraud in 2019 and what can security professionals expect in the months and years to come?

Trace Fooshee, Senior Analyst for Aite Group, will share research that examines the latest trends challenging U.S. financial services providers. You'll learn:

  • The latest trends in identity theft-related financial crimes including the latest iteration of payments fraud tactics
  • Successful defensive strategies, including the latest trends in deploying omni-channel authentication hubs
  • The often overlooked role that communication plays in the customer experience
2:10 pm -
2:40 pm
2:10 pm - 2:40 pm Track A

Best Practices for Mitigating Insider Fraud

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

  • The latest research on insider fraud
  • How "accidental insiders" are enabling fraud schemes
  • How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.
2:10 pm - 2:40 pm Track B

Retail Breach Response

Speaker:
Tommy McDowell, VP of Intelligence, RH-ISAC

Target. Home Depot. Starwood. These retail and hospitality giants have been among the top data breach headlines in recent years. And in response, the industry formed the Retail and Hospitality Information Sharing and Analysis Center to be a central hub for sharing sector-specific cyber security information and intelligence.

In an exclusive appearance, Tommy McDowell, VP of Intelligence at the RH-ISAC, will speak at ISMG's Chicago Fraud and Breach Prevention Summit to discuss:

  • RH-ISAC's mission and accomplishments;
  • The 2019 threat landscape;
  • Top lessons learned from the headline breaches.
2:40 pm -
3:10 pm
2:40 pm - 3:10 pm

Exhibit & Networking Break

3:10 pm -
3:55 pm
3:10 pm - 3:55 pm

HSBC Whistleblower on Uncovering Fraud

Speaker:
Everett Stern, CEO & Intelligence Director, Tactical Rabbit

For at least half a decade, HSBC helped to wash hundreds of billions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, as well as move money for terrorist organizations linked to Al Qaeda and Hezbollah and for Russian gangsters. Furthermore, HSBC helped countries like Iran, the Sudan and North Korea evade sanctions. And, while serving murderers, terrorists and rogue states, HSBC aided countless common tax cheats in hiding their cash.

Everett Stern was pivotal in uncovering this huge fraud and money laundering scheme, which among other things, resulted in HSBC in 2012 being fined $1.9B - the largest fine to date by the U.S. Justice Department. In a rare appearance, Stern will share undisclosed information about what happened inside HSBC during this extraordinary event and what is happening now.

Attend to learn:

  • How HSBC created a fake AML program that led to a $1.9B penalty;
  • How terrorist organizations and drug cartels are being allowed to use our own financial system to harm American interests;
  • How one individual can be the difference in exposing fraud in even the largest of organizations.
4:00 pm -
4:35 pm
4:00 pm - 4:35 pm

IT Ecosystems and the Threat From Third Parties

Speaker:
Todd Carroll, CISO and VP of Cyber Operations, CybelAngel

In this session, Todd Carroll, former FBI Special Agent, will draw from his experience with the FBI and from his current role as CISO with Cybelangel to discuss:

  • Case studies showing exposure of sensitive data by trusted partners in airport operations
  • The increased risk of connected storage and exposure of data trends.
4:40 pm -
5:20 pm
4:40 pm - 5:20 pm

Incident Response Plans: Global Compliance Mandates and Obligations

Speakers:
Darrin Kimes, Senior Special Agent, US Secret Service
Sadia Mirza, Attorney, Cybersecurity, Information Governance and Privacy Practice Group, Troutman Pepper

Creating a cybersecurity incident response plan is a fundamental requirement of any cybersecurity program - and a requirement of many global regulations, including GDPR and PCI DSS. During this workshop, Troutman Sanders' Sadia Mirza will discuss the benefits of table top exercises. She then will be joined by law enforcement agents to discuss how to work most effectively with the law before and after an incident. Participants will:

  • Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
  • Learn key features in an incident response plan and how the table top exercise works to improves each component;
  • Learn how best to involve law enforcement agencies before, during and after an incident.
5:20 pm -
5:30 pm
5:20 pm - 5:30 pm

Closing Remarks

5:30 pm -
6:30 pm
5:30 pm - 6:30 pm

Cocktails & Networking

View Schedule

SPONSORS / Supporting Organizations

IBM
Cequence Security
First Data
PasswordPing (Enzoic)
OneSpan
Okta

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

LOCATION / Venue & Address

Convene Conference Center
16 West Adams Street
Chicago, IL

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Become a Member

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data