Speaker:
Everett Stern, CEO & Intelligence Director, Tactical Rabbit

For at least half a decade, HSBC helped to wash hundreds of billions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, as well as move money for terrorist organizations linked to Al Qaeda and Hezbollah and for Russian gangsters. Furthermore, HSBC helped countries like Iran, the Sudan and North Korea evade sanctions. And, while serving murderers, terrorists and rogue states, HSBC aided countless common tax cheats in hiding their cash.

Everett Stern was pivotal in uncovering this huge fraud and money laundering scheme, which among other things, resulted in HSBC in 2012 being fined $1.9B - the largest fine to date by the U.S. Justice Department. In a rare appearance, Stern will share undisclosed information about what happened inside HSBC during this extraordinary event and what is happening now.

Attend to learn:

• How HSBC created a fake AML program that led to a $1.9B penalty;
• How terrorist organizations and drug cartels are being allowed to use our own financial system to harm American interests;
• How one individual can be the difference in exposing fraud in even the largest of organizations.

Speaker:
Cris Ewell, CISO, UW Medicine

Managing risks are part of a robust information security program. Our organizations have come to depend on a complex network of third-party relationships. Reliance on third-parties can drive performance, but also pose significant risks. Many organizations are still struggling to effectively manage their third-party information security risks.

Attend this session to learn directly from a practicing CISO:

• An understanding of the potential risks that may arise from the use of third-parties
• The basic elements of an effective third-party risk management program
• Best practices for controlling third-party risks

Speaker:
Franklyn Jones, Chief Marketing Officer, Cequence

The web, mobile, and API-based applications that power your digitally-connected organization are under attack by malicious automated bots and bad actors. Unfortunately, many of these attacks are undetectable by traditional security technologies. So how bad is the problem, and what can do you to protect yourself? We'll share new research from nearly 900 US organizations that explains exactly what they're dealing with on a daily basis - and how it's impacting their businesses. Join Cequence Security to learn why this is becoming the new #1 threat in today's hyper-connected economy, and get answers on a strategy moving forward.

Speaker:
Ilker Taskaya, Principle Solutions Engineer, Delphix

Data in non-production environments occupy a significant percentage of total enterprise data volume--often as much as 80%. Non-production environments also carry more risk than production because there are more direct users. Data security regulations such as GDPR, CCPA, NY DFS etc., do not distinguish between non-production and production environments. If the data is real, it is within regulatory scope. Understanding the risks and how to protect these environments initially and on-going with process efficiency is very challenging.

In this session, we will discuss the challenges, architectural patterns, and process improvements to make data protection in non-production environments feasible:

• How to deal with integrated data environments where data needs to be protected consistently and potentially across different types of data sources
• How to deal with data sets which are located on-prem, in public cloud, and/or in other countries sometimes held by partners
• How to do this at scale for ever increasing data volumes with a workforce rarely all located in the same place, let alone the same country

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

AI will enable breakthrough advances in areas like healthcare, agriculture, education and transportation; it's already happening in many ways. But new technology also inevitably raises complex questions and broad societal concerns. As we look to a future powered by a partnership between computers and humans, it's important that we address these challenges head on and address:

• How do we ensure that AI is designed and used responsibly?
• How do we establish ethical principles to protect people?
• How should we govern its use?
• And how will AI impact employment and jobs?

To answer these questions, technologists will need to work closely with government, academia, business, civil society and other stakeholders. And focus on ethical principles - fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability - to guide the cross-disciplinary development and use of artificial intelligence for business and cyber. In this talk we'll share the principle ethics of AI & ML and have a discussion about how we can all work together to forward AI and ML use responsibly.

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.

Speaker:
David Houlding, Principal Healthcare Program Manager, Microsoft

Financial fraud can be notoriously hard to detect and easy to cover up. But does blockchain technology with its distributed digital ledger now offer a new tool to help organizations reduce risk and prevent fraud? Attend this session to learn:

• More about blockchain and its uses beyond digital currencies
• The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger
• Lessons from organizations that already are using blockchain technology as a tool to prevent fraud

Speaker:
Bryan Seely, ethical hacker, consultant

Hackers are getting more and more creative every single day. Companies spend months or years creating a defense only to find out that the hackers have already figured out another way in. Hackers don't think like the rest of the population, which is why they are able to spot weaknesses that everyone else just walks right by. Luckily, one of these brilliant hacker types uses his skills to protect consumers and companies, Bryan Seely is one of these individuals. In this session you will hear the story of how Bryan wiretapped the United States Secret Service and FBI and then walked into their office the next day to let them know there was a problem they needed to fix . Find out why he did it, what his thought process was, and even learn a few secrets that the general public doesn't know about. If you are looking for insights into what hackers are thinking, how they operate, and how you can protect yourself against them, then this is a session you will not want to miss.

Speaker:
Ronald Raether, Partner, Troutman Sanders

Creating a cybersecurity incident response plan is a fundamental requirement of any cybersecurity program - and a requirement of many global regulations, including GDPR and PCI DSS. During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

• Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
• Learn key features in an incident response plan and how the table top exercise works to improves each component;
• Hear of common mistakes made by companies when executing an incident response plan.

Speaker:
Anne-Marie Scollay, CISO, Axiom Law

There's a lot of talk about the malicious insider, but not as much about the unintentional insider. Whether its employees using personal software to simply get the job done or teams selecting and expensing unauthorized software, company information assets are increasingly difficult to manage. The cloud has brought many great things with it, but it has also created a new form of shadow IT that has the potential for much more devastating consequences than ever before.

Attend this session to learn:

• What unintentional insider threat looks like;
• Hear first-hand examples of unintentional insider behavior;
• Strategies for identifying and managing the other insider threat.

Speakers:
Aravind Swaminathan, Global Co-chair, Cyber, Privacy & Data Innovation, Orrick
Chris Niggel, Senior Director of Security and Compliance, Okta
Ginger Armbruster, Chief Privacy Officer, City of Seattle
Kelsey Finch, Senior Counsel, Future of Privacy Forum
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

U.S. organizations were barely GDPR compliant in 2018, when California unveiled its own privacy legislation, the California Consumer Privacy Act, which goes into effect on Jan. 1, 2020. Yet, this is but one of several privacy laws being enacted across the U.S., and it poses many questions about the role of security to enable privacy - and the role of security leaders to enforce it.

Join this session for an exclusive overview and discussion of:

• CCPA Overview - what's covered, who's covered, and against what?
• "If I'm GDPR-compliant, aren't I CCPA-compliant?"
• How this new world impacts the roles of security professionals.

Speakers:
Kristin Judge, CEO, Cybercrime Support Network
Ronald Raether, Partner, Troutman Sanders
Timothy Hunt, Seattle Field Office Electronic Crimes Task Force, United States Secret Service

Whether you're a large enterprise that has experienced a headline data breach or a midmarket organization that has just been paralyzed by ransomware, you share points in common. Which law enforcement agency do I call after the incident has been discovered? What do I do - and not do with the affected systems? What resources are available to help my organization respond and recover?

Join this panel for unique insights on:

• Legal do's and don'ts of incident response
• How to work most effectively with federal law enforcement agencies
• Unique new resources for small-to-midsized organizations