• Live Chat
ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud & Breach Summit: Seattle

June 04, 2019

Register Now

Welcome / Summit Overview

ISMG’s Global Summit Series will take place across four continents focusing on global security topics such as fraud and breach prevention and on many key industry verticals such as finance, government, retail, energy and healthcare.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, meet with leading technology providers and be a part of the ISMG community of over 700,000 subscribers.

Details

Seattle, WA

W Seattle
June 4th, 2019

$595

Register Now

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Diana Kelley

Cybersecurity Field CTO, Microsoft

Andrew Whitaker

CISO, City of Seattle

Ron Raether

Partner, Troutman Sanders

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Everett Stern

Former HSBC Whistleblower

Tom Field

SVP - Editorial, ISMG

Kristin Judge

CEO, Cybercrime Support Network

Nick Holland

Director of Banking and Payments, ISMG

SPEAKERS / Featured Speakers

Ginger Armbruster

Chief Privacy Officer, City of Seattle

Everett Stern

CEO & Intelligence Director, Tactical Rabbit

Diana Kelley

Cybersecurity Field CTO, Microsoft

Andrew Whitaker

CISO, City of Seattle

Cris Ewell

CISO, UW Medicine

Tom Field

Senior Vice President, Editorial, ISMG

Kristin Judge

CEO, Cybercrime Support Network

Nick Holland

Director, Banking and Payments, ISMG

David Houlding

Principal Healthcare Program Manager, Microsoft

Randy Sabett

Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

Randy Trzeciak

Director, CERT Insider Threat Center, CMU

Ronald Raether

Partner, Troutman Sanders

Tim Horton

VP, Global Merchant Security and Compliance Solutions, First Data

Ilker Taskaya

Principle Solutions Engineer, Delphix

Anne-Marie Scollay

CISO, Axiom Law

Chris Niggel

Senior Director of Security and Compliance, Okta

Aravind Swaminathan

Global Co-chair, Cyber, Privacy & Data Innovation, Orrick

Kelsey Finch

Senior Counsel, Future of Privacy Forum

Bryan Seely

ethical hacker, consultant

Franklyn Jones

Chief Marketing Officer, Cequence

Timothy Hunt

Seattle Field Office Electronic Crimes Task Force, United States Secret Service

Schedule / Session Times

  • Tuesday, June 4th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:50 am
9:00 am - 9:50 am

HSBC Whistleblower on Uncovering Fraud

Speaker:
Everett Stern, CEO & Intelligence Director, Tactical Rabbit

For at least half a decade, HSBC helped to wash hundreds of billions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, as well as move money for terrorist organizations linked to Al Qaeda and Hezbollah and for Russian gangsters. Furthermore, HSBC helped countries like Iran, the Sudan and North Korea evade sanctions. And, while serving murderers, terrorists and rogue states, HSBC aided countless common tax cheats in hiding their cash.

Everett Stern was pivotal in uncovering this huge fraud and money laundering scheme, which among other things, resulted in HSBC in 2012 being fined $1.9B - the largest fine to date by the U.S. Justice Department. In a rare appearance, Stern will share undisclosed information about what happened inside HSBC during this extraordinary event and what is happening now.

Attend to learn:

  • How HSBC created a fake AML program that led to a $1.9B penalty;
  • How terrorist organizations and drug cartels are being allowed to use our own financial system to harm American interests;
  • How one individual can be the difference in exposing fraud in even the largest of organizations.
9:55 am -
10:35 am
9:55 am - 10:35 am

CISO's Perspective: Managing Third-Party Risks

Speaker:
Cris Ewell, CISO, UW Medicine

Managing risks are part of a robust information security program. Our organizations have come to depend on a complex network of third-party relationships. Reliance on third-parties can drive performance, but also pose significant risks. Many organizations are still struggling to effectively manage their third-party information security risks.

Attend this session to learn directly from a practicing CISO:

  • An understanding of the potential risks that may arise from the use of third-parties
  • The basic elements of an effective third-party risk management program
  • Best practices for controlling third-party risks
10:35 am -
11:00 am
10:35 am - 11:00 am

Exhibiting & Networking Break

11:00 am -
11:30 am
11:00 am - 11:30 am Track A

The New #1 Cyber Threat - Attacks on the Applications that Power Your Business

Speaker:
Franklyn Jones, Chief Marketing Officer, Cequence

The web, mobile, and API-based applications that power your digitally-connected organization are under attack by malicious automated bots and bad actors. Unfortunately, many of these attacks are undetectable by traditional security technologies. So how bad is the problem, and what can do you to protect yourself? We'll share new research from nearly 900 US organizations that explains exactly what they're dealing with on a daily basis - and how it's impacting their businesses. Join Cequence Security to learn why this is becoming the new #1 threat in today's hyper-connected economy, and get answers on a strategy moving forward.

11:00 am - 11:30 am Track B

Challenges and Best Practices for Reducing Your Data Risk Footprint

Speaker:
Ilker Taskaya, Principle Solutions Engineer, Delphix

Data in non-production environments occupy a significant percentage of total enterprise data volume--often as much as 80%. Non-production environments also carry more risk than production because there are more direct users. Data security regulations such as GDPR, CCPA, NY DFS etc., do not distinguish between non-production and production environments. If the data is real, it is within regulatory scope. Understanding the risks and how to protect these environments initially and on-going with process efficiency is very challenging.

In this session, we will discuss the challenges, architectural patterns, and process improvements to make data protection in non-production environments feasible:

  • How to deal with integrated data environments where data needs to be protected consistently and potentially across different types of data sources
  • How to deal with data sets which are located on-prem, in public cloud, and/or in other countries sometimes held by partners
  • How to do this at scale for ever increasing data volumes with a workforce rarely all located in the same place, let alone the same country
11:35 am -
12:05 pm
11:35 am - 12:05 pm Track A

Consumers Are Paying More Attention to Their Data - Why a Multi-Layered Security Approach Has Gotten Personal

Speaker:
Tim Horton, VP, Global Merchant Security and Compliance Solutions, First Data

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

11:35 am - 12:05 pm Track B

The Ethics of ML and AI

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

AI will enable breakthrough advances in areas like healthcare, agriculture, education and transportation; it's already happening in many ways. But new technology also inevitably raises complex questions and broad societal concerns. As we look to a future powered by a partnership between computers and humans, it's important that we address these challenges head on and address:

  • How do we ensure that AI is designed and used responsibly?
  • How do we establish ethical principles to protect people?
  • How should we govern its use?
  • And how will AI impact employment and jobs?

To answer these questions, technologists will need to work closely with government, academia, business, civil society and other stakeholders. And focus on ethical principles - fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability - to guide the cross-disciplinary development and use of artificial intelligence for business and cyber. In this talk we'll share the principle ethics of AI & ML and have a discussion about how we can all work together to forward AI and ML use responsibly.

12:10 pm -
12:40 pm
12:10 pm - 12:40 pm Track A

Best Practices for Mitigating Insider Fraud

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

  • The latest research on insider fraud
  • How "accidental insiders" are enabling fraud schemes
  • How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.
12:10 pm - 12:40 pm Track B

Blockchain as a Tool for Fraud Prevention

Speaker:
David Houlding, Principal Healthcare Program Manager, Microsoft

Financial fraud can be notoriously hard to detect and easy to cover up. But does blockchain technology with its distributed digital ledger now offer a new tool to help organizations reduce risk and prevent fraud? Attend this session to learn:

  • More about blockchain and its uses beyond digital currencies
  • The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger
  • Lessons from organizations that already are using blockchain technology as a tool to prevent fraud
12:40 pm -
1:30 pm
12:40 pm - 1:30 pm

Lunch

1:30 pm -
2:15 pm
1:30 pm - 2:15 pm

Ethical Hacker Gives View Inside Minds of Cybercriminals

Speaker:
Bryan Seely, ethical hacker, consultant

Hackers are getting more and more creative every single day. Companies spend months or years creating a defense only to find out that the hackers have already figured out another way in. Hackers don't think like the rest of the population, which is why they are able to spot weaknesses that everyone else just walks right by. Luckily, one of these brilliant hacker types uses his skills to protect consumers and companies, Bryan Seely is one of these individuals. In this session you will hear the story of how Bryan wiretapped the United States Secret Service and FBI and then walked into their office the next day to let them know there was a problem they needed to fix . Find out why he did it, what his thought process was, and even learn a few secrets that the general public doesn't know about. If you are looking for insights into what hackers are thinking, how they operate, and how you can protect yourself against them, then this is a session you will not want to miss.

2:15 pm -
2:25 pm
2:15 pm - 2:25 pm

Exhibit & Networking Break

2:25 pm -
3:00 pm
2:25 pm - 3:00 pm Track A

Incident Response Plans: Global Compliance Mandates and Obligations

Speaker:
Ronald Raether, Partner, Troutman Sanders

Creating a cybersecurity incident response plan is a fundamental requirement of any cybersecurity program - and a requirement of many global regulations, including GDPR and PCI DSS. During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

  • Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
  • Learn key features in an incident response plan and how the table top exercise works to improves each component;
  • Hear of common mistakes made by companies when executing an incident response plan.
2:25 pm - 3:00 pm Track B

The Other Insider Threat

Speaker:
Anne-Marie Scollay, CISO, Axiom Law

There's a lot of talk about the malicious insider, but not as much about the unintentional insider. Whether its employees using personal software to simply get the job done or teams selecting and expensing unauthorized software, company information assets are increasingly difficult to manage. The cloud has brought many great things with it, but it has also created a new form of shadow IT that has the potential for much more devastating consequences than ever before.

Attend this session to learn:

  • What unintentional insider threat looks like;
  • Hear first-hand examples of unintentional insider behavior;
  • Strategies for identifying and managing the other insider threat.
3:00 pm -
3:30 pm
3:00 pm - 3:30 pm

Exhibit & Networking Break

3:30 pm -
4:15 pm
3:30 pm - 4:15 pm

GDPR, CCPA and Security in the New Privacy World

Speakers:
Aravind Swaminathan, Global Co-chair, Cyber, Privacy & Data Innovation, Orrick
Chris Niggel, Senior Director of Security and Compliance, Okta
Ginger Armbruster, Chief Privacy Officer, City of Seattle
Kelsey Finch, Senior Counsel, Future of Privacy Forum
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

U.S. organizations were barely GDPR compliant in 2018, when California unveiled its own privacy legislation, the California Consumer Privacy Act, which goes into effect on Jan. 1, 2020. Yet, this is but one of several privacy laws being enacted across the U.S., and it poses many questions about the role of security to enable privacy - and the role of security leaders to enforce it.

Join this session for an exclusive overview and discussion of:

  • CCPA Overview - what's covered, who's covered, and against what?
  • "If I'm GDPR-compliant, aren't I CCPA-compliant?"
  • How this new world impacts the roles of security professionals.
4:20 pm -
5:00 pm
4:20 pm - 5:00 pm

After the Breach: Do's and Don'ts of Investigations and Response

Speakers:
Kristin Judge, CEO, Cybercrime Support Network
Ronald Raether, Partner, Troutman Sanders
Timothy Hunt, Seattle Field Office Electronic Crimes Task Force, United States Secret Service

Whether you're a large enterprise that has experienced a headline data breach or a midmarket organization that has just been paralyzed by ransomware, you share points in common. Which law enforcement agency do I call after the incident has been discovered? What do I do - and not do with the affected systems? What resources are available to help my organization respond and recover?

Join this panel for unique insights on:

  • Legal do's and don'ts of incident response
  • How to work most effectively with federal law enforcement agencies
  • Unique new resources for small-to-midsized organizations
5:00 pm -
5:15 pm
5:00 pm - 5:15 pm

Closing Remarks

5:15 pm -
6:15 pm
5:15 pm - 6:15 pm

Cocktails & Networking

SPONSORS / Supporting Organizations

First Data
Microsoft
Delphix
Okta

Meet Our Speakers

Fighting Against Malicious Bot Attacks

Franklyn Jones of Cequence Describes the Growing Problem

New Account Fraud’s ‘Perfect Storm’

Aite's Julie Conroy Unveils New Findings on Banking Fraud

Why Security Pros Need a Framework for Change

Dora Gomez of Association of Certified Fraud Examiners on Setting Priorities

FBI’s Palmore on Leadership and Diversity

(Former) Cyber Investigator on the Need to Diversify Skills in Cyber Workforce

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

LOCATION / Venue & Address

W Seattle

1112 4th Ave
Seattle, WA 98101

+1 206-264-6000

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

  • BankInfoSecurity
  • CUInfoSecurity
  • GovInfoSecurity
  • HealthcareInfoSecurity
  • InfoRiskToday
  • CareersInfoSecurity
  • DataBreachToday
Home | Summits | Press Releases | Sponsorship
© 2019 Information Security Media Group, Corp.