Agenda

Breakout 1 (3 concurrent sessions)

CATO Networks, Brian Anderson, Global Field CTO – Modernize Networking and Security with SASE

Description: Learn how Secure Access Service Edge (SASE) helps credit unions to enhance cybersecurity posture, streamline network management, and ensure compliance with regulatory standards. Cato Networks converges networking and security into a unified, cloud-native platform delivering industry leading services over a global private backbone. This presentation will highlight real-world case studies, demonstrating how SASE solutions have enabled organizations to achieve greater agility, cost-efficiency, and improved overall service delivery in an increasingly digital world.

Allure Security, Sam Bakken, Director of Product Marketing – Credit Union Impersonations Online: Real Costs and Emerging Trends of a Critical Threat

Description:  Credit unions need to do more to attract younger members or risk “fading into irrelevance,” according to consulting group McKinsey. Key strategies include appealing to younger generations through increasing digital marketing investments and enhancing digital capabilities. However, online brand impersonations pose a significant threat to these initiatives by increasing fraud costs, damaging a credit union’s reputation, and eroding consumer trust in a credit union’s ability to keep its members safe.

In this session we’ll explore how fraudsters’ targeted credit unions and their members throughout 2024 and how credit unions need to respond in order to maintain and grow their organization.

Highlights:

• Key insights from Allure Security’s annual report “SPOOF 2024: Trends in Online Impersonation of Credit Unions”
• How to detect and eliminate online scams before they harm your members
• How to build a compelling business case for investing in proactive online brand protection initiatives

Breakout 2 (3 concurrent sessions)

Tim Parisi, Sr. Director, Incident Response & Cloud Services at CrowdStrike – The Front Lines with CrowdStrike: Latest Threats and Best Practices from CrowdStrike’s IR Team

Description: This presentation will provide an overview of the most recent and sophisticated cyberattacks that CrowdStrike’s incident response (IR) team has encountered and mitigated. You will learn about the tactics, techniques, and procedures (TTPs) of the adversaries, as well as the best practices and recommendations from the IR experts to enhance your security posture and resilience. You will also get a glimpse of how CrowdStrike’s cloud-native platform and services can help you prevent, detect, and respond to breaches faster and more effectively.

Randy Lindberg, CEO at Rivial Data Security – Examiner Expectations for Cyber Risk Management

Description:  Effective Cyber Risk Management is a challenge for credit unions of all sizes, because of the lack of specific guidance on how to manage these risks successfully. In this session, we’ll cover the core elements of an information security risk management program and look at advanced ways to improve risk measurement. Additionally, we will discuss examiner expectations and introduce a maturity matrix designed to help credit unions evolve towards more sophisticated risk management practices. The ultimate goal is to build a more efficient and effective cybersecurity program.

Key Topics:
• Essential elements of cyber risk management
• NCUA expectations for cyber risk
• Defining a risk appetite
• The importance of quantifying risk
• Techniques for measuring and treating risk
• Actionable steps to enhance your risk management next week

Breakout 3 (3 concurrent sessions)

Scott Johnson, Meritrust Credit Union – A New Ownership Model for Vulnerability Management

Description: With vulnerability management being every security practitioner’s or CISO’s favorite topic, this session will take you through our journey towards effective management and a 70% drop in vulnerabilities over six months. We will discuss policies, leadership buy in, security team tactics, and tools to help make this a reality.

Josh Langas, Information Security Analyst, Dupaco Community Credit Union – CTI & Detection Engineering for Beginners

Description:  In this session you will be introduced to two exciting cyber topics, cyber threat intelligence (CTI) and detection engineering (DE), at a beginner level. Josh will define and breakdown what CTI and DE are and how they can be leveraged by small teams with limited resources. Josh will wrap up each topic with a Dupaco use case and describe how Dupaco applies CTI and DE concepts based on a recent CISA advisory.

Lastly, you will be provided some free resources to get started on your CTI and DE journey.

Tom Cesar, Pure IT Credit Union Services – Creating a Proactive Cyber Incident Response Strategy

Description:  In an era where cyber threats are constantly evolving, it is crucial for credit union leaders to stay ahead of potential incidents. This session will delve into the development and delivery of an effective cyber incident response plan, tailored to address emerging threats. Building on insights shared by other speakers, this presentation will focus on creating a proactive incident response strategy. Key components will include threat hunting, conducting tabletop exercises, and fostering real-time collaboration with third-party incident response teams. Attendees will gain a holistic yet practical view of incident preparedness and response, equipping them with the tools and knowledge to protect their organizations effectively.

3:15 – 4:00 PM: Jacob Aguiar, Cybersecurity Advisor, CISA – Addressing the global threat landscape by working with federal partners

Description: Gain a clear insight into the global threat landscape from a CISA perspective. Receive an overview of key CISA services and learn how to receive these no cost services. Understand the vital importance of an incident response plan. Change minds, get wins and create security engagement through the use of table top exercises. Learn why “Secure by Design” is way forward for the software industry.

4:00 – 4:45 PM:  Steve Koinm, Pure IT Credit Union – Back to the Future…of Hacking Physical Security Systems

Description: Join us for an encore follow-up presentation from CU Intersect 2023 as Steve Koinm looks at advancements in hacker tools and technology to show how physical security systems can be compromised.

Breakout 1 (3 concurrent sessions)

Alexandria Fontana, Software Specialist, CoNetrix – The Threat Galaxy: Top Security Risks to Your Organization

Description: Every organization is the center of their own universe and Risk Management is like the final frontier: We know there’s dangers and we know we should prepare for them, but how much? Is every risk worth mitigating? Should I worry about risks that are out of my orbit? Join this session to learn the top security risks to your organization, how you can prepare for them, and explore the edges of the Threat Galaxy.

Jonathan Davis, Director of Field Strategy at Silverfort – Iceberg Ahead! The hidden dangers with Active Directory and Service Accounts that lie below the surface

Description: Active Directory has been around for 25 years and was not designed with security in mind. Because of this, the blind spots around AD are being exploited more, especially service accounts. Come learn why service accounts have been so tough to discover, why many companies can’t secure at scale, and learn how to protect these accounts like never before.

Adam Barrett, Director of Cyber Fraud at DefenseStorm – Unite to Fight the Growing Threat of Cyber Fraud

Description: The data is clear, cyber fraud is a growing risk for credit unions. According to the 2023 LexisNexis® True Cost of FraudTM study, successful fraudulent transactions in US financial institutions increased by 58% between 2022 and 2023. And with cyber criminals just beginning to leverage AI to make their attacks even more sophisticated, this trend will only get worse.

Take heart, there is hope in the fight against cyber fraud! Proactive credit unions are bringing together teams from infosec and fraud to exchange information and develop new approaches to fight fraud. Referred to as “fraud fusion centers,” this collaborative approach is already delivering results and promises to help banks and credit unions turn the tide against cyber fraud. A 2023 Gartner® report states directly that “Security-Cyber-Fraud Fusion Is the Future of Online Fraud Detection” for financial institutions.

With this innovative approach, you can stop fraud before funds leave your credit union to avoid losses, streamline operations, and defend your brand reputation. In this session, you’ll learn about trends in fraudulent activities, how to identify potential threats early, and the steps you can take to implement robust security measures that will protect your credit union and its members.

Breakout 2 (3 concurrent sessions)

Chris Catanzaro, VP of Global MSSP & Channel, Halcyon – Ransomware: Motive & Opportunity

Description: Ransomware has rapidly become one of, if not the most serious global cybersecurity threat. This presentation provides a comprehensive overview of evolving ransomware trends, examining sophisticated tactics such as double extortion and the rise of Ransomware-as-a-Service (RaaS). These innovations have democratized cybercrime, allowing attackers of all skill levels to launch large-scale attacks. By understanding the economic and motivational dynamics behind ransomware, participants will gain actionable insights to better protect their organizations from this growing threat.

Brian Hinze, VP Member Services & Operations, NCU-ISAO – The Dangers of Deepfakes to Credit Unions and their Leadership

Description: Deepfakes pose a significant threat to credit unions by facilitating fraud, identity theft, and misinformation. This session will explore how these deceptions can undermine trust and damage reputations, specifically targeting credit union leaders. Learn about detection and prevention strategies to protect your organization from this emerging digital threat.

Michael Weaver, CISO, edgefi – Creating a Strong Cyber Culture from the Top Down

Description: Cybersecurity is everyone’s job. It’s everyone’s job to install MFA, it’s everyone’s job to lock thier computers, it’s everyone’s job to not click that phishy link. It seems simple, but as we all know, that’s not always the case. Join us in a conversation about building a strong cyber culture from the top down. We will explore how strong leadership creates a strong team and discuss the details of how to help build that at your company.

Breakout 3 (3 concurrent sessions)

Aisa Burke, Customer Engineer, ZeroNetworks – How Credit Unions Can Ruin an Attacker’s Day: Network Segmentation

Description: The topography of a credit union is unique and requires a multi-faceted cybersecurity strategy to halt lateral movement, satisfy PCI requirements, and gain visibility into and control of network communications. Check the boxes and protect multiple servers and endpoints across myriad locations with segmentation – we’re here to show you how, with real-world examples gained from working with one of the largest credit unions in the US.
Join Zero’s interactive roundtable to discuss key components of a modern, zero trust architecture specific to credit unions:

• Network Segmentation: Effectively prevent lateral movement and ransomware attacks, safeguarding your network down to the asset level regardless of your organization’s topography.
• PCI Compliance: Check the compliance box with network-layer, just-in-time MFA that blocks unauthorized access across your network. See how detailed logs and visualizations support compliance efforts and facilitate comprehensive reporting for audits and security reviews.
• Network Visibility: Identify and understand network relationships with real-time and historical data that details how different assets and users interact within the network.

Suzanne Kelly, vCISO, Pure IT – How to Talk Cybersecurity with the Board of Directors

Description: How we communicate and share information with the Board of Directors is vital – especially when it comes to cybersecurity. Attendees will learn how to translate technical jargon into business language, highlight the financial implications of cybersecurity, and foster a culture of security awareness at the board level. This session aims to empower leaders with the knowledge and tools needed to advocate for robust cybersecurity measures within their organizations, ensuring member data remains secure.

Idrees Rafiq, VP of Information Security & Risk Management, Cornerstone Resources – Exposure Management – Cyber is not just an IT Problem

Description: Expanding the view and scope of cybersecurity across the enterprise through the incorporation of traditional risk management and governance practices to develop a holistic view and understanding of cyber-related risks, impacts, and influences. A discussion on the expansion of Cyber Risk across the enterprise and how threat actors continue to navigate their way into systems, networks, and processes that can only be effectively mitigated with a comprehensive enterprise-wide program that includes governance, preparedness, and response that starts with the Board and flows down thru organizational culture and into everyday activities.

3:00 – 3:30 PM:  Break & Sponsor Exhibits

3:30 – 4:30 PM: Wayne Trout, NCUA – Update on the Cybersecurity Examination Program

Description: Join us as the National Credit Union Administration discusses key developments in the Information Security Examination (ISE) program, as well as key emerging threats to credit unions and how your organization should be prepared.  Delve into key takeaways from the 72-hour reporting rule, and what’s on the horizon for the future of examinations.