Agenda

Breakout 1 (Concurrent Sessions) – 11:15 AM – Noon

Pure IT, Ben Corman, vCISO Advisor – Driving Cybersecurity Change Through Practical Risk Management

Description: Many credit unions struggle to turn risk assessments into real, measurable security improvements. In this session, seasoned CISO Ben Corman breaks down how to build a practical, repeatable risk management lifecycle that actually drives change—rather than becoming a “check-the-box” exercise.

Ben will explore how to connect the dots between governance, assessment, and action, ensuring that cybersecurity priorities are aligned with business goals and member impact. Attendees will walk away with a clearer picture of how to identify what matters most, communicate risk in business terms, and create a culture where cybersecurity decisions lead to lasting results.

Scott Lenker, Manager of Information Security at PSECU – Case Study: Key Pillars to Rolling out AI Effectively

Description: (Tentative)This talk presents a real-world case study highlighting the foundational elements that drive successful AI implementation across an organization. It explores strategic alignment, data readiness, and change management as the key pillars for scalable and sustainable AI adoption. Attendees will gain actionable insights into overcoming common barriers and fostering cross-functional collaboration to maximize AI impact.

Tom Ingles, Director of Technology Innovation & Customer Solutions & Austin Cooper, Director of Enterprise Sales at Guardian Protection – Beyond Convergence: Unification and Optimization of Physical and Cyber Security for Credit Unions in 2026

Description: Video management, access control, and burglar alarm platforms have evolved from standalone, server bound tools into cyber hardened, cloud native operational technology that belongs inside your cybersecurity program. This breakout will cover the evolution of AI in video and how efficient credit unions leverage the core pillars of a modern physical security environment: automated database management, monitored video solutions, and cutting edge advancements in intrusion protection. Using credit union–specific examples and AI driven integrations, you’ll see how unifying physical and cyber controls reduces risk, strengthens compliance, and simplifies operations.

Breakout 2 (Concurrent Sessions) – 1:00 PM – 1:45 PM

Andrea Argueta, Director of Financial Institution Advisory at Glia – The Responsible AI Imperative: Securing Your Future with AI-Powered Growth

Description: AI’s rapid evolution is a historic shift for credit unions, offering unprecedented opportunities to double frontline capacity and recalibrate the entire contact center for growth. However, this new frontier presents major security, compliance, and regulatory risks. This session, led by Glia’s Andrea Argueta—a former credit union COO herself—will demystify the meaning of Responsible AI in the contact center and discuss how to protect your credit union and its members from fraud and security risks. You’ll leave with a framework for integrating AI to enhance, not replace, your team, ensuring they are empowered to do their most impactful work: building and strengthening member relationships.

Expected takeaways:

• How to implement AI responsibly to transform your contact center from a cost center to a strategic asset.
• The essential questions to ask AI vendors to ensure security, compliance, and alignment with your institution’s core values.
• The concrete results credit unions are achieving by leveraging AI to double their frontline

Oto Ricardo, Director of Information Security and Cyber Risk, Advia Credit Union – Demistifying Vulnerabilities

Description: This session breaks down what it takes to run an effective vulnerability management program, from continuous scanning and risk‑based prioritization to structured patching and exception handling. Attendees will learn practical steps to meet regulatory expectations, strengthen cross‑team collaboration, and leverage automation and AI to improve speed, accuracy, and overall security readiness.

Key Takeaways:

• How to build a continuous, risk‑driven vulnerability management process
• Regulatory expectations and practical compliance tips
• Effective scanning, prioritization, patching, and exception handling
• The role of teamwork, automation, and AI in modern programs

Alex Beeler, Compliance Senior Manager, BPM Cybersecurity – NCUA and ISE: Designing Effective Controls Audit

Description: Responding to Examiner facts and findings is inevitable, but well-designed controls audit can keep a credit union one step ahead of the Examiner.

In this session, Alex will present the current NCUA and Information Security Examination (ISE) landscape, how it’s applied to credit unions of various sizes, and the rigor expected, but then focus on how to leverage the design of controls audit to both meet those compliance requirements and elevate the credit union’s security posture.

Attendees will be offered a take-home risk-based controls audit workpaper that they can implement or incorporate at their credit union.

Breakout 3 (Concurrent Sessions) – 2:00 PM – 2:45 PM

Mark Trinidad, Field CTO at Allure Security – Disinformation Security: Protecting Your Brand and Members

Description: Disinformation is no longer just a reputational risk; it’s a fraud vector. Criminals are now weaponizing trusted brands to deceive members through fake websites, deepfakes, and AI-generated content that drive account takeovers and financial loss. Credit unions are facing a 285% surge in brand impersonation attacks, with mid-sized institutions hit hardest. This session unpacks the growing disinformation threat facing credit unions, showing how brand trust itself has become a target.

Attendees will see real-world examples from Allure Security’s SPOOF ’26 Credit Union research and learn a practical framework for defending their brand beyond the network perimeter. The presentation closes with a step-by-step checklist credit unions can use to detect, disrupt, and dismantle impersonation campaigns before members are deceived.

Key takeaways:
-How disinformation drives financial fraud against credit unions
-Why brand impersonation has become the “new perimeter”
-Actionable steps to protect members and revenue

Lucas Hathaway, CRO at Rivial Data Security – Maturing Third-Party Risk Management: Deep-Dive Cybersecurity Reviews

Description:  As organizations rely more heavily on third parties to deliver critical services, vendor cybersecurity has become a top priority. This session will walk through how to perform deep-dive assessments of vendor security, build a scalable vendor risk program, and gain visibility into fourth-party dependencies. You’ll learn how to move beyond check-the-box reviews and implement a risk-based approach that includes clear processes, maturity models, and the right tools to manage vendor relationships with confidence.

Key Takeaways:
• How to conduct deep-dive cybersecurity assessments on vendors
• Roadmap to mature your third-party risk program
• Managing risk across both third- and fourth-party relationships
• Core components of an effective vendor management framework
• Tools and systems to streamline evaluation and oversight

3:15 PM – 4:00 PM: Elizabeth Osborne, COO at Great Lakes Credit Union – Using AI as a Catalyst for Organizational Strategy

Description: This session explores how AI can serve as a powerful catalyst for executing organizational strategy, rather than dictating it. It emphasizes the importance of grounding AI initiatives in a clear strategic vision, ensuring technology serves business goals—not the other way around. Attendees will leave with a framework for aligning AI capabilities with long-term objectives, fostering innovation without compromising strategic intent.

4:00 PM – 4:50 PM: Steve Koinm, CISO & Cofounder, Pure IT – From Burnout to Balance: Mental Health in Cybersecurity Roles

Description: In the rapidly evolving world of cyber-defense at credit unions, the role of the CISO and security team is under greater strain than ever. You’re not just fighting external adversaries — you’re also navigating internal stress, constant alerts, evolving threats, regulatory pressure, and often being the scapegoat when things go wrong. This session explores how to move from perpetual burnout to sustainable balance. We’ll talk frankly about the toll this work takes, why high turnover and anxiety are showing up, and give leaders practical steps to build resilient teams, establish healthy boundaries, and foster a cyber-culture that supports people and protects members. Attendees will leave with an actionable roadmap to strengthen both their human infrastructure and their security posture.

4:45 PM – 6:00 PM  – Kick-off Reception & Vendor Hall

Breakout 1 (Concurrent Sessions) – 11:30 AM – Noon

Gal Ron, CEO & Co-founder, Torch Security – AI for IAM: How AI is Transforming Compliance and Efficiency in Credit Unions

Description: As credit unions face mounting regulatory pressure and limited IT resources, manual identity and access management (IAM) processes are no longer sustainable. In this session, Torch founder Gal Ron explores how AI-driven, agentic IAM can automate access reviews, strengthen compliance, and eliminate up to 90% of manual IAM and IT management tasks. Learn how credit unions can leverage AI to enhance security, streamline audits, and free teams to focus on member value – without sacrificing trust or control.

John Findlay, CEO & Co-founder, LemonadeLXP – Beyond Firewalls: Training the Human Layer of Credit Union Security

Description:

More than two-thirds of breaches still involve a non-malicious human element — someone clicking, misconfiguring, or being socially engineered. For credit unions, that “human layer” now is the attack surface: branch staff, contact center reps, lenders, back office, even your vendors and board. Technology controls are necessary, but without intentional behavior change, they’re never enough.

In this session, we’ll look at how security and training teams can partner to turn everyday work into a security-habit-building process. We’ll unpack what actually changes behavior (spoiler: it’s not one annual compliance training), and show how to use short simulations, just-in-time microlearning, and real scenarios from branches and contact centers to harden your human perimeter—without crushing productivity or member experience.

Attendees will learn how to:
● Map human risk (phishing, credential misuse, social engineering, AI misuse) to specific roles and workflows.
● Design “in the flow of work” training that builds secure habits instead of checkbox completion.
● Connect training to measurable risk reduction: fewer clicks, faster reporting, better exam conversations.

Scott Beasley, Advanced Security Specialist & Engineer, Comcast Business – Turn Cyber Chaos into Confidence: How to Get Ahead of Attackers Today

Description: Cyber threats aren’t slowing down and neither should you. Credit unions today face an ever-expanding attack surface, increasingly sophisticated adversaries, and the challenge of doing more with limited security resources. Enter Managed Security Services, a game-changing approach that fuses cutting-edge threat detection technology with seasoned security experts to deliver 24/7 vigilance, lightning-fast incident response, and compliance peace of mind, all without the cost and complexity of building your own SOC.

In this session, we’ll pull back the curtain on how Managed Security services empower credit unions to stay ahead of attackers, minimize risk, and maintain operational continuity in a world of relentless cyber threats. You’ll walk away with pragmatic insights and a clear understanding of why Managed Security isn’t just a service, it’s your strategic advantage.

Breakout 2 (Concurrent Sessions) – 1:30 PM – 2:00 PM

Idrees Rafiq, VP, Information Security and Risk Management Consulting, Cornerstone Resources – Create a Risk Register for Your Credit Union

Description: Learn how to create a Risk Register tailored for your credit union that leverages AI prompts, industry frameworks, and comparative risk models. This session will show you how to simplify risk identification, align with standards like NIST, GLBA, and CIS as well as how to benchmark effectively—turning risk management into a strategic asset.

• Why a Risk Register matters
• Streamline risk documentation
• Mapping to frameworks and models for clarity and comparison
• Practical methods to get started quickly

Brian Hinze, President & CEO at NCU-ISAO with Oto Ricardo, ISO at Advia CU – The Power of Phishing Resistant Authentication

Description: Year after year, report after report, we hear that credentials are under siege.  With the rise of adversary-in-the-middle phishing as a service (AitM PaaS), credential theft is now easier and more dangerous than ever!

In this session, we will explore how these service compromise traditional authentication and MFA using a live EvilGinx server!  See how adopting phishing-resistant authentication stops these attacks in their tracks and why your credit union needs to adopt the FIDO2 standard today.

Mike Duncan, CEO & Cofounder at Bankjoy – AI, Fraud and the Security Landscape in 2026

Description: Bankjoy is a premier provider of digital banking solutions for credit unions and other financial institutions. In today’s digital-first world, fraud is no longer just a financial risk—it’s one of the biggest threats to member trust and loyalty. Credit unions that fail to act are leaving themselves exposed. This exclusive discussion will reveal how to build a fraud prevention framework that not only protects assets but also elevates the digital member experience and leverages AI. Discover proven tools, proactive monitoring strategies, and member education approaches that empower your teams and safeguard relationships for the long term.

Breakout 3 (Concurrent Sessions) – 2:15 PM – 2:45 PM

Cindy Heiner, vCISO, Pure IT – From the Trenches: What Your CISO Wants You To Know

Description: Ever wonder what’s really on your CISO’s mind? In this candid session, CISO Cindy Heiner pulls back the curtain on what credit union CISOs wish every executive and team member understood.

From why training and culture change take time, to how policy without proof is just paper, Cindy shares real-world lessons from the front lines of credit union security. Attendees will gain insight into what makes cybersecurity programs effective, how to partner more strategically with their infosec teams, and why “prove it” isn’t a challenge, but good governance.

Whether you’re a credit union executive or IT leader, this session will help you see your CISO not just as a protector but as a partner in driving your credit union’s mission forward.

Elizabeth Osborne, COO at Great Lakes Credit Union – Stablecoins & Real‑Time Payments: New Rails, New Risks, and 2026 Decisions for Credit Unions

Description: In this session, practical insights will be shared to help credit union leaders build a solid understanding of stablecoins and real‑time payments, and how these emerging rails are reshaping liquidity, payments, and member expectations. We’ll keep the conversation open and collaborative, using shared experiences and questions to learn from one another while outlining the key considerations credit unions face in 2026 and beyond.

Christopher Neuwirth, VP of Cyber Risk and Senior Ethical Hacker, NetWorks Group – Inside the Mind of a Threat Actor: Building Cyber Resilience the Practical Way

Description:  What does your credit union look like from the other side? In this session, you’ll get a rare perspective from someone who’s spent years as an ethical hacker, and learn the formula for building resilience that actually works.

Cyber resilience isn’t about checking boxes or buying the right tools. It’s about understanding what threat actors see when they look at your environment, and systematically reducing both the likelihood they get in and the impact when they do.

This isn’t theory. You’ll walk away with a clear framework and practical steps you can implement immediately, whether you’re a team of five or fifty.
What you’ll learn:
• How threat actors evaluate credit union environments and where they find the gaps
• The resilience formula: tools that reduce likelihood vs. tools that reduce impact
• Why your tabletop exercises might be giving you a false sense of security
• The highest-value investments for organizations with limited resources

3:15 PM – 4:15 PM: Becky Reed, COO, BankSocial – DeFi & Credit Unions: From Disruption to Cooperative Advantage

Description: Decentralized finance isn’t a threat to credit unions—it’s a blueprint. This keynote cuts through the hype to show how DeFi principles like tokenized value, programmable money, and trust-minimized rails align naturally with the cooperative model. Attendees will learn where DeFi actually creates leverage for credit unions, where the risks are real, and why waiting on the sidelines is the fastest way to lose relevance. The future isn’t banked or unbanked—it’s cooperatively built, on-chain, and already underway.

 

4:15 PM – 5:30 PM: Day 2 Reception & Vendor Hall Exhibits