ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud & Breach Prevention Summit: Chicago

June 20-21, 2017

Watch Past Sessions Online

Speaker

Gregory Touhill, Brigadier General (retired), First U.S. CISO, U.S. Government

Welcome / Letter from the Content Director

Howard Anderson

News Editor, ISMG

The data stolen during a breach is used for many purposes, but especially for fraud. Security and fraud teams are working ever more closely together, both pre- and post-breach, to ensure that they are in the best possible position to defend, detect and respond. In this dual track day, intended for senior InfoSec and fraud professionals, we’ll focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach problem that affects all industries. Feel free to switch between sessions in each track and network with your peers as well as our speakers and sponsors throughout the day.

Attendees also gain onDemand access to all summit recordings and our curriculum of 400+ webinars after the Summit.

Details

Chicago Marriott Downtown Magnificent Mile

June 20th & 21st, 2017

$795

View Sessions

Registering For a Group?
Call +1 (609)-356-1499

  • Event Gallery

Mark Rasch

Principal, Rasch Technology and Cyber Law; former Chief Security Evangelist, Verizon

Tracy Kitten

Director of Global Events Content; Executive Editor, BankInfoSecurity, ISMG

Howard Anderson

News Editor, ISMG

Steve Durbin

Managing Director, Information Security Forum (ISF)

Alex Mosher

Vice President of Security Strategy, CA Technologies

Kevin Flynn

Director of Products, Skybox

Michael Theis

Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

Tom Field

Vice President, Editorial, ISMG

FEATURED SPEAKERS / Featured Speakers For Our Chicago Summit

General Gregory Touhill, Retired

First US CISO & President, Appgate Federal

Lee Kim

Director of Privacy and Security, HIMSS

Jennings Aske

CISO, New York-Presbyterian

Shaked Vax

Trusteer Products Strategist, IBM Security

Brian Jeffords

Director of Identity Management and Cybersecurity Services, Boeing

Ed O'Neill

Assistant Vice President, Secure Payments Leadership Team, Federal Reserve

Robert Villanueva

Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service

Erik Devine

CISO, Riverside Healthcare

Tom Field

Senior Vice President, Editorial, ISMG

Michael Theis

Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

Denyette DePierro

VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association

Howard Anderson

News Editor, ISMG

Ruth Promislow

Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

Jon Clay

Director, Global Threat Communications, Trend Micro

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Alex Mosher

Vice President of Security Strategy, CA Technologies

Peter Beardmore

Director of Digital Risk Management Solutions, RSA

Sean Brady

Sr. Director, Product Marketing, Arbor Networks

Kevin Flynn

Global Director of Products, Skybox Security

Dr. Christopher Pierson

Founder & CEO, BLACKCLOAK

Michael Lynch

Chief Strategy Officer, InAuth

Todd Carroll

CISO and VP of Cyber Operations, CybelAngel

Bryce Austin

fmr Sr Group Manager and Retail Technology Program Lead at Target during the 2013 breach, TCE Strategy

David Vos

Supervisory Special Agent, Criminal and National Security Cyber Investigations, FBI Chicago

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



  • Tuesday, June 20th

  • Wednesday, June 21st

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
10:00 am
9:00 am - 10:00 am

Cybersecurity = Risk Management: Lessons Learned from the First U.S. CISO

Speaker:
General Gregory Touhill, Retired, First US CISO & President, Appgate Federal

Cybersecurity is at the top of the agenda in board rooms around the world. In this presentation, Retired Brigadier Gen. Greg Touhill, the first Chief Information Security Officer of the United States Government, will discuss lessons learned during his military and federal service. Discover how properly executing critical tasks and following through on strategy, policies and procedures are essential to protecting you, your brand and your reputation.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

10:45 am -
11:05 am
10:45 am - 11:05 am

Exhibiting & Networking Break

11:05 am -
11:35 am
11:05 am - 11:35 am Fraud Track

Cybercrime as a Service: Which Threats Should We Address First?

Speaker:
Kevin Flynn, Global Director of Products, Skybox Security

Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services - particularly the vulnerabilities they use, re-use and share - vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes. This session will cover what's been driving the shift to distributed cybercrime, how to align vulnerability management with real-world threat behavior, and what intelligence and tools are needed.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

11:05 am - 11:35 am Data Breach Track

Pawn Storm - A Prolific Cyber Espionage Group

Speaker:
Jon Clay, Director, Global Threat Communications, Trend Micro

In this session, Trend Micro will review its own research into Pawn Storm (a.k.a., APT28, Fancy Bear, Strontium, etc.), which exposes the scope and scale of the cyber-espionage attacks the cyber tradecraft of those who wage these attacks. Trend Micro's researchers have observed activity dating back to 2004, with attacks that have been targeting government, military, media and political organizations around the world. This session will review how the groups that wage cyber-espionage attacks have shifted their focus toward cyber-propaganda over the past two years, with a 400 percent increase in targeting activity in 2016 alone. Additionally, this session will cover the extensive threat vectors that are used to target victims and how organizations can understand these threats and come up with ways to combat them.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

11:40 am -
12:10 pm
11:40 am - 12:10 pm

The Not-So-Delicate Art of Aligning Business Risk Management with IT Security

Speaker:
Peter Beardmore, Director of Digital Risk Management Solutions, RSA

How is it that, while cybersecurity spending is approaching $100 billion annually, attacks such as ransomware, distributed-denial-of-service and data theft remain so prevalent? Congressional reports about recent breaches such as the OPM breach read like Keystone Cops scripts. IT and security leaders are exhausted, if not defeated. And while many business executives remain bewildered by "The Cyber," some of the answers may ultimately be found in applying relevant business context to cybersecurity operations - translating the language of IT security to that of business risk, ultimately arriving at better strategy and decision-making. In this session, Peter Beardmore of RSA will explore the challenges and practical onramps for getting started on the journey of improving risk mitigation and cybersecurity maturity.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

12:10 pm -
12:55 pm
12:10 pm - 12:55 pm

Speed Networking with Presenters and Peers

One of the most valuable ways to learn is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the arena of fraud and breach prevention and discuss solutions to those potential obstacles. Mingle, share and learn in this unique, rapid fire and interactive environment.

12:55 pm -
1:45 pm
12:55 pm - 1:45 pm

Lunch

1:45 pm -
2:15 pm
1:45 pm - 2:15 pm Fraud Track

Mobile Authentication: Best Practices for Mitigating Mobile Payment and Transaction Risks

Speaker:
Michael Lynch, Chief Strategy Officer, InAuth

Retailers and financial institutions are dealing with the changing face of customer interactions. For many businesses, mobile logins have surpassed online logins, and consumers are voicing their demands for more mobile services. Consumers expect to bank, pay, buy, transfer and more via their mobile devices - and they want to do all of this with the least number of security steps possible. But these new ways to pay require new ways to secure. The shift toward mobile payments puts extreme pressure on businesses to raise the bar on security, while also providing frictionless environments that deliver positive customer experiences. This session will explore and review specific risks related to mobile payments, wallets and applications, and review how device intelligence and authentication technologies are enabling the mobile device itself to be a trusted and secure token that can mitigate risk and lead to new and enhanced customer and business opportunities.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

1:45 pm - 2:15 pm Data Breach Track

PAM and Secure Code: Gaining an Inside and Outside View of Applications

Speaker:
Alex Mosher, Vice President of Security Strategy, CA Technologies

Many organizations are undergoing a transformation to support digital platforms and stay competitive; but in order to maintain security, they have to ensure that access to these platforms is limited and that security remains a priority. New vulnerabilities to cybercrime are being introduced through hybrid environments, ones that often include remote access to systems and servers, automation of processes, and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users' credentials are being compromised and access to systems is being fooled by the coders. According to the 2017 Verizon Data Breach Investigations Report, today's breaches involve a "combination of human factors, hardware devices, exploited configurations or malicious software." How can these risks be mitigated while still keeping a competitive edge? This session will explore how taking a proactive stance can help mitigate risks, while still enabling the business to use tools that are necessary in today's digitally charged economy.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

2:20 pm -
2:50 pm
2:20 pm - 2:50 pm

A Re-evaluation of the 2014 FFIEC Joint Statement

Speaker:
Sean Brady, Sr. Director, Product Marketing, Arbor Networks

In 2014, the FFIEC released the Joint Statement "Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources." This session will review the six primary guidelines provided within the statement, assess the evolution(s) that have occurred in the threat landscape since its release and drive a discussion about needed adjustments to existing risk controls.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

2:50 pm -
3:15 pm
2:50 pm - 3:15 pm

Exhibiting & Networking Break

3:15 pm -
3:55 pm
3:15 pm - 3:55 pm

Panel: In the Wake of WannaCry: Creating a Data Security Action Plan that Addresses the Core Elements

Speakers:
Erik Devine, CISO, Riverside Healthcare
Howard Anderson, News Editor, ISMG
Jennings Aske, CISO, New York-Presbyterian
Lee Kim, Director of Privacy and Security, HIMSS

In the wake of recent of recent ransomware attacks, such as WannaCry, which have plagued healthcare organizations, in particular, for the last year, what lessons do we have yet to learn? Ransomware attacks are nothing new, and while WannaCry was widespread, it was not sophisticated or stealthy, necessarily. So why did it have such an impact?

In this session, our panelists will discuss why the "wartime mindset" has yet to be embraced, and why CISOs need to take charge and lead the way toward developing more effective security action plans.

Experienced healthcare CISOs and legal experts will:

  • Provide real-world insights into how to create an effective cybersecurity action plan;
  • Spell out the core elements of breach prevention, detection and response strategies; and
  • Identify security technologies that can play an effective role in supporting a so-called "wartime" strategy

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

4:00 pm -
4:40 pm
4:00 pm - 4:40 pm

We've Been Breached: Now What? How to Effectively Work with Law Enforcement and Regulators

Speakers:
Brian Jeffords, Director of Identity Management and Cybersecurity Services, Boeing
Ruth Promislow, Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto
Todd Carroll, CISO and VP of Cyber Operations, CybelAngel

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts will discuss what well prepared organizations are doing right, when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

4:40 pm -
5:00 pm
4:40 pm - 5:00 pm

Closing Remarks / Look Ahead to Day 2

5:00 pm -
6:00 pm
5:00 pm - 6:00 pm

Cocktails & Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:35 am
9:00 am - 9:35 am

Unintended Consequences of the IoT

Speaker:
Bryce Austin, fmr Sr Group Manager and Retail Technology Program Lead at Target during the 2013 breach

The number of Internet of Things (IoT) devices will surpass the number of people on the planet by the end of the year. These devices can potentially provide a direct conduit to some very private and valuable information in your company. In our rush to connect everything, security and privacy are often afterthoughts. Is it possible to instill sound SDL (security development lifecycle) techniques into IoT device manufacturing and maintenance? Practices are improving and more refinements are on the way, but hope, as they say, is not a strategy. Several gatekeeper onboarding solutions exist for brokering the relationship between enterprise and device, implementing connectivity in controlled phases, and managing patch levels and authentication. Join us as we attempt to help you say: "Yes, you can connect now. We've got this covered."

9:40 am -
10:15 am
9:40 am - 10:15 am

Insider Threat Detection: How to Develop a Successful Program

Speaker:
Michael Theis, Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

What are the biggest threats to your organization's data? Recent media attention to high-profile cyberattacks would lead an organization to think external threats are its only concern. Unfortunately, this misconception allows another significant threat to your organization's critical assets to stay completely under the radar - the threat of malicious and non-malicious insiders. With so much of an organization's valuable information digitized today, it may be possible that an insider can steal your information or expose it unintentionally without you knowing it.

In this session, we will explore:

  • Some of the startling results of meticulous analysis of hundreds of real-life insider attacks;
  • Some potential technical and behavioral insider threat risk indicators;
  • Which new technologies enable the detection of anomalous behavior patterns often before an insider incident occurs; and
  • The five steps companies need to take in order to develop an effective Insider Threat Detection Program.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

10:15 am -
10:35 am
10:15 am - 10:35 am

Exhibiting & Networking Break

10:35 am -
11:05 am
10:35 am - 11:05 am

Fighting Cybercrime and Identity Fraud in a Digital Age

Speaker:
Shaked Vax, Trusteer Products Strategist, IBM Security

As cybercriminals evolve from attacking financial institutions to targeting various organizations with identity theft tools, digital users' identification strategies need to quickly adapt as well. At the same time, customers expect faster and more convenient services, enhancing the challenges organizations face - namely in ensuring users can access their accounts while also detecting suspicious behavior and providing superior customer experience. This session will explore the recent evolution in cybercrime methodologies and techniques and tools being used to detect, analyze and take action to prevent digital identity fraud.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

11:10 am -
11:50 am
11:10 am - 11:50 am

The State of Healthcare Security

Speaker:
Jennings Aske, CISO, New York-Presbyterian

The healthcare industry is at an information security crossroads, ill-prepared for the cyberattacks increasingly targeting healthcare organizations. This session will review how the focus on security regulatory compliance has hindered the healthcare industry's ability to prevent, detect and respond to the current cyberthreat landscape. This session also will review how the healthcare industry must embrace security frameworks, such as the NIST Common Security Framework and ISO 27001, along with practices used by other industry verticals to address cyberthreats, thereby facilitating regulatory compliance.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

11:50 am -
12:40 pm
11:50 am - 12:40 pm

Lunch

12:40 pm -
1:25 pm
12:40 pm - 1:25 pm

Current Trends on Eurasian Cybercrime

Speaker:
Robert Villanueva, Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service

Robert Villanueva, assistant special agent in charge (retired), and the founder of the United States Secret Service's Cyber Intelligence Section, in this session will the current rise in the U.S. of data breaches, ransomware, business email compromises, phishing and computer network intrusions. The majority of these cybercrime incidents target U.S. merchants and the financial sector are perpetrated by educated malware writers and highly skilled hackers from Eastern Europe. Right now, many of these miscreants are actually living amongst us in major metropolitan areas in the United States. Villanueva will offer a unique and real-world perspective on financial cybercrime by illustrating specific case examples, local past arrests and highlighting some of their latest tactics/techniques. Additionally, Villanueva will be providing a "live demo" exposing some of these malicious criminal websites that are trafficking in enormous amounts of stolen data from both U.S. and international people and entities.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

1:30 pm -
2:05 pm
1:30 pm - 2:05 pm

Panel: EMV and the Evolution of Payments Fraud

Speakers:
Dr. Christopher Pierson, Founder & CEO, BLACKCLOAK
Ed O'Neill, Assistant Vice President, Secure Payments Leadership Team, Federal Reserve

With payments innovations picking up speed and the push toward faster payments in the U.S., the modernization of payment methods has changed and will continue to change the type of fraud perpetrated against bank deposit accounts. These accounts hold the funds used to make payments by consumers and businesses. This session will reveal trends and actionable results organizations can use to develop and change their fraud-prevention strategies while demonstrating how fraud is evolving.

The rollout of EMV technology has changed the face of fraud for merchants and retailers. In this session, we'll discuss an overview of the EMV rollout from the merchant perspective, as well as review merchant adoption and the specific deployment challenges, especially for the petrol industry. Join us as we discuss:

  • An assessment of the liability shift and its impact on U.S. commerce;
  • Concerns about lack of transparency regarding the chargeback process;
  • Recent changes announced by Visa and MasterCard related to routing and liability shift dates for ATMs and self-service gas pumps; and
  • Emerging and evolving fraud patterns in the wake of EMV

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

2:05 pm -
2:20 pm
2:05 pm - 2:20 pm

Exhibit & Networking Break

2:20 pm -
2:50 pm
2:20 pm - 2:50 pm

Fighting the Next Generation of Targeted BEC Attacks

Speaker:
Denyette DePierro, VP & Senior Counsel - Center for Payments & Cybersecurity, American Bankers Association

Business email compromise (BEC) attacks that impersonate executives and business partners to trick employees comprise the biggest cyberthreat organizations face today. This is not news. But what may come as a surprise is that the vast majority of BEC attacks are preventable. This session will review why email spoofing works, the role social media plays in social engineering, current BEC trends and attack methods, and advances in technology that are being used to identify and block BEC attacks before they hit the inbox.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

2:55 pm -
3:30 pm
2:55 pm - 3:30 pm

Deception Technology: When It Works, It Works. But What about When It Goes Wrong?

Speakers:
Dr. Christopher Pierson, Founder & CEO, BLACKCLOAK
Robert Villanueva, Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service
Todd Carroll, CISO and VP of Cyber Operations, CybelAngel

Deception is the most successful strategy in military history. Just as armies used deceit to conquer continents, cyber-deception is being used by more and more organizations to exploit a hacker's greatest weakness - being a human, after all, behind a keyboard. Deception techniques such as honeypots are not a new. But new techniques and capabilities are delivering new approaches to how cyberthreats are dealt with, proactively. During this session, we will deconstruct recent attacks from a hacker's perspective and show how you can use deception technology to detect stealthy attacks, illuminate network blind spots and minimize breach detection time - highlighting the benefits of deception defenses. But what about when these techniques don't work as planned? Can deception technology actually create more problems long-term? We will explore the positives and negatives of deception technology.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

3:30 pm -
3:40 pm
3:30 pm - 3:40 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

Arbor Networks
Attivo Networks
Biocatch
bitglass
CA Technologies
Cyber Ark
Darktrace
DF Labs
FireEye
FIS
IBM
InAuth
Information Security Forum (ISF)
Ixia
LexisNexis
NSS Labs
RSA
Skybox
Tata Communications
Thycotic

LOCATION / Venue & Address

Chicago Marriott Downtown Magnificent Mile

540 North Michigan Avenue
Chicago, Illinois 60611

Visit Venue Website

Location TBA

Register Now

WATCH SESSIONS ONLINE

For our premium members, we offer online webinars from all of our past events. Become a member now to get access to keynotes and important sessions from previous events.

Become a Member

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data