Speaker:
Everett Stern, CEO & Intelligence Director, Tactical Rabbit

For at least half a decade, HSBC helped to wash hundreds of billions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, as well as move money for terrorist organizations linked to Al Qaeda and Hezbollah and for Russian gangsters. Furthermore, HSBC helped countries like Iran, the Sudan and North Korea evade sanctions. And, while serving murderers, terrorists and rogue states, HSBC aided countless common tax cheats in hiding their cash.

Everett Stern was pivotal in uncovering this huge fraud and money laundering scheme, which among other things, resulted in HSBC in 2012 being fined $1.9B - the largest fine to date by the U.S. Justice Department. In a rare appearance, Stern will share undisclosed information about what happened inside HSBC during this extraordinary event and what is happening now.

Attend to learn:

• How HSBC created a fake AML program that led to a $1.9B penalty;
• How terrorist organizations and drug cartels are being allowed to use our own financial system to harm American interests;
• How one individual can be the difference in exposing fraud in even the largest of organizations.

Speaker:
Diana Kelley, Cybersecurity Field CTO, Microsoft

AI will enable breakthrough advances in areas like healthcare, agriculture, education and transportation; it's already happening in many ways. But new technology also inevitably raises complex questions and broad societal concerns. As we look to a future powered by a partnership between computers and humans, it's important that we address these challenges head on and address:

• How do we ensure that AI is designed and used responsibly?
• How do we establish ethical principles to protect people?
• How should we govern its use?
• And how will AI impact employment and jobs?

To answer these questions, technologists will need to work closely with government, academia, business, civil society and other stakeholders. And focus on ethical principles - fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability - to guide the cross-disciplinary development and use of artificial intelligence for business and cyber. In this talk we'll share the principle ethics of AI & ML and have a discussion about how we can all work together to forward AI and ML use responsibly.

Speaker:
Anton Chuvakin, Research Vice President, Gartner GTP Security and Risk Management Strategies

Incident responders and law enforcement officials are in agreement: Reactive tactics are no longer sufficient in the coordinated efforts to detect and respond to cybersecurity incidents. Internal organizations need to embrace proactive threat hunting capabilities, and they must develop working relationships with federal law enforcement agencies before an incident becomes an investigation.

Join Anton Chuvakin, Research Vice President for Gartner, for an overview of:

• What threat hunting is and is not
• The skills and tools needed for a mature threat hunting capability
• Lessons learned from recent breaches and investigations

Speaker:
Ronald Raether, Partner, Troutman Sanders

Creating a cybersecurity incident response plan is a fundamental requirement of any cybersecurity program - and a requirement of many global regulations, including GDPR and PCI DSS. During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

• Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
• Learn key features in an incident response plan and how the table top exercise works to improves each component;
• Hear of common mistakes made by companies when executing an incident response plan.

Speaker:
Randy Trzeciak, Director, CERT Insider Threat Center, CMU

The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats. As part of this research, the center addresses how to detect and prevent insider fraud, as well as how to map insider threat programs to existing standards such as the NIST Cybersecurity Framework.

Attend this session to learn:

• The latest research on insider fraud
• How "accidental insiders" are enabling fraud schemes
• How to map your insider fraud/threat program against industry standards, including the NIST Cybersecurity Framework.

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Technology and advanced loyalty programs are driving the collection of additional data, causing consumers to pay more attention to the types of data they are willing to share with merchants.

In this session, you will learn why merchants must pay more attention to data security, how a multi-layered approach protects both your business and customers, and why End-to-End Encryption (E2EE) is not enough to properly secure personal data.

Speaker:
Ilker Taskaya, Principle Solutions Engineer, Delphix

Data security is on the minds of information security professionals everywhere. Protecting personal information is not only a good idea, it's the law in many countries and US states. This is true for production data as well as non-production data used in development, application testing, and analytics.

In this session, we will discuss data governance and approaches to protecting personal and sensitive information in non-production environments.

Discussion topics include:

• Do you know where your most sensitive data is and who has access to it?
• What have you done to prepare to meet these new security and privacy standards, and how effective are your efforts?
• What are the must-have policies and controls for data collection, access and security?

Speaker:
Alissa Knight, Senior Analyst, Aite Group

When a financial institution's mobile app can be decompiled, adversaries can access sensitive information inside the source code, which may lead to a range of exploits against the FI or its customers. And there is no shortage of evidence that hackers are actively seeking to leverage those vulnerabilities.

In this session, Alissa Knight, senior analyst with Aite Group, discusses her findings from her recently published research on vulnerabilities across 30 financial services mobile apps. Attend this session to learn:

• The perceived security of FIs' mobile apps
• Specific vulnerabilities and consequences uncovered in the study
• How application shielding, as well as threat detection and response, can strengthen the security of mobile apps.

Speaker:
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

U.S. organizations were barely GDPR compliant in 2018, when California unveiled its own privacy legislation, the California Consumer Privacy Act, which goes into effect on Jan. 1, 2020. Yet, this is but one of several privacy laws being enacted across the U.S., and it poses many questions about the role of security to enable privacy - and the role of security leaders to enforce it.

Join this session for an exclusive legal overview of:

• CCPA Overview - what's covered, who's covered, and against what?
• GDPR Article 32 security requirements
• "If I'm GDPR-compliant, aren't I CCPA-compliant?"
• What happens if I'm not secure?