CU Intersect 2021 Conference Agenda

Main Room – Building a Resilient Security Program & Highlighting CU Resiliency (Lessons Learned from the past year)  

Jack Smith, Pure IT CUSO & Gene Fredriksen, NCU-ISAO

Description: “Resilience” may be a buzzy word, but security resilience is driven by real concepts driven by real industry trends.  This session will discuss these topics and provide actionable advice on building a resilient security program.

Main Room – The New Data Privacy

Michael S. Edwards, Attorney-at-Law

Description: New data privacy rules are setting stricter compliance requirements for credit unions throughout the United States as data breaches at major corporations like Facebook and Marriott Hotels increasingly make national news.  The California Consumer Protection Act and similar state data privacy laws, as well as the European Union’s General Data Protection Regulation, set data protection and data breach notification requirements that likely apply to your credit union if any of your members live in one of those jurisdictions.  Many other states are considering following the California and European data privacy models.

In this session you will learn key data privacy requirement that your credit union should know, including:•What new data privacy rules apply to your credit union;

•The key compliance requirements of the California Consumer Protection Act and other recent data privacy laws;

•How new data privacy laws relate to CFPB Regulation P and the federal Gramm-Leach-Bliley Act;

•Reputational and cybersecurity risks; and•Data privacy best practices.

Main Room – Updates on Cyber Regulatory Policy and Examinations  

Speaker, TBD – National Credit Union Administration (Confirmed)

Main Room – Preparing for Next-Gen Cyber Attacks: How Credit Unions Can Stay Ahead of Cyber Bad Actors

Steve Soukup, DefenseStorm

Description:  This session will provide an overview of the current trends and cyber threat realities that affect community banks and credit unions. Steve will detail the impact and consequences of a cyber breach and debunk the “odds are, it won’t happen to me” mentality.   The session will also demonstrate how to strategize in real time to ensure cyber safety, how to account for new vulnerabilities and how to prevent, combat and resolve cyber risks.

Main Room – I wasn’t hacked… Was I?

Jim Stickley, CEO, Stickley on Security 

Description: Jim Stickley has been robbing banks, hacking government computers, and stealing confidential information from businesses for over 30 years. In this unique session, Stickley will demonstrate how criminals are exploiting poorly designed features in web browsers, new tricks in social engineering, and how old security functionality is now being used against you.  Most importantly, Stickley will show how seemingly insignificant actions can lead to complete and total compromise. From credit card exploitation to online account takeovers, this session covers a large range of attacks that put both home users and corporate employees at risk. As always, Stickley will provide useful tips and tricks to help you detect these and prevent you from falling victim to these types of attacks.

Main Room – Advanced Mobility for the Credit Union: Move to your Membership

Trent Henson, Pure IT CUSO, Becky Reed, Lonestar Credit Union, Aaron Bedingfield, Firstmark Credit Union

Description:   Your key stakeholders are on the move, what if your credit union could meet their financial needs wherever they may roam? From strengthening your internal team with remote employment, to enabling real-time financial service at your membership’s fingertips, learn how to optimize operations and customize the service side of your credit union. Join Trent Henson, Chief Technology Officer of Pure IT Credit Union Services as he outlines these crucial strategic technology adjustments. Hear from Becky Reed, Chief Executive Officer for Lone Star Credit Union, as she delivers candid testimony on the unparalleled value Advanced Mobility gave her organization. Leave this session with the confidence and roadmap to unlock the full potential of your enterprise and knock-out competition: this is Advanced Mobility for the credit union.

Description:  If you aren’t sure how to do a cybersecurity risk assessment, or if you have been managing risk for years and want to catch up on the latest best practices, join us to learn the most innovative and advanced techniques for improving the measurement of risk and how to incorporate risk into all parts of the security program.

Attendees will learn how to:

• Properly present cybersecurity to the Board
• Master the complexity of cybersecurity in an organized, streamlined way for ultimate success at any level
• Comply with ambiguous guidance
• Gain confidence in your cybersecurity program
• Stop worrying about security and sleep better

Breakout Room – Hindsight is 20/20: The Importance of Proactive Vendor Due Diligence to Better Manage Risk

Michael Crofts, President, Maple Street

Description:  This session will provide attendees a comprehensive overview of the vendor management process, from the current trends in the industry to selecting and evaluating potential vendors with a risk-based lense.  Learn the key components of a modern vendor management system, objective assessment of future partners, the contract process, and how to effectively measure their performance.

Breakout Room – Why Financial Institutions Need a Security and Compliance Automation Platform

Tim Evans, SVP Chief of Strategy & Co-founder, Adlumin

Description: The key to success is knowing what your SIEM’s capabilities are and how they can better serve your organization. We will start with the type of data a financial institution ingests and how that would be different with a SIEM.  We will discuss what you should expect from your current Security Information and Event Management (SIEM), or demand if you’re buying a new SIEM. We will also cover the types of on-demand reports you should require in the platform and how you can comply with FFIEC CAT requirements. What you will learn:

• Live Monitoring: You should have real-time visibility and analysis into every identity and system within the enterprise.
• World-Class Artificial Intelligence: Any SIEM you purchase should have Artificial Intelligence and Machine Learning.  User & Entity Behavior Analytics (UEBA) constantly hunts a network for anomalous and malicious behavior to discover attacks that you have never even considered.
• PCI Compliance: In seconds, should allow you comply with the hardest parts of PCI DSS compliance.
• Federal Financial Institutions Examination Council (FFIEC) FFIEC CAT Compliance: Your SIEM should allow you to quickly analyze and answer FFIEC CAT Inherent Risk Profile and Cyber Maturity Risk Questions, becoming your System of Record for FFIEC CAT Compliance.  Your SIEM should give you the ability to print off reports that match the exact log requirements that your financial auditor is asking you to provide to them.

Breakout Room – Securing Financial Services: Today’s Attacks, Vulnerabilities, and Defense Strategies

Todd Hillis, International Association of Certified ISAOs

Description: This session will discuss key issues credit unions face to keep their networks, employees, and members safe.  Join this session for more on the human factor of information security, key issues and strategies on vulnerability management, and simplifying your approach to network defense.

Breakout Room – Taking Automation to the Credit Union

Camilo Ruiz, Network Security Supervisor, Dupaco Community Credit Union

Description:  This is a non-technical session for information security leaders from small- and medium-size Credit Unions with just a few security analysts. Today, many companies are adopting Security Orchestration, Automation and Response (SOAR) tools as part of their detection and response programs to respond to security incidents faster, efficiently and consistently.

This session will provide participants with strategies to help Credit Unions implement a SOAR tool effectively. Some of the topics for this session are:

• Life before and after SOAR.
• Expectations vs. reality after implementation.
• The use of tools before and after SOAR.
• Overview of use cases: phishing, malware analysis, reactive and proactive threat hunting, Mitre ATT&CK and adversary emulation.
• How implementing automation benefits Credit Unions regardless of the size.
• Budgets and Sr. Management buy-in.

Breakout Room – Fraud: Evolution of Scams from the Stone Age to the Cyber Stage

Jim Fuher, Fraud Prevention Manager, STCU

Description:  This presentation will inform and educate the attendees on how scams have evolved over the years in relation to online access.  Scams were successful prior to the conception of the internet, and since then access to others worldwide online has made fraud a Billion dollar plus industry.   We will go through the different scam and fraud scenarios and how they have morphed and changed over the years, as well as the tactics scammers use.  Finally, we will wrap it up with how scammers present day are using a mix of cyber skills and stone age technology to scam victims out of billions of dollars and how fraud and information security departments can combine forces and create synergy to fight crime.

Main Room – Conquering Today’s Security Challenges with Digital Transformation

Robbie Wright, PurITy Technology with Joey Badalament of Ingram Micro/Microsoft

Description:  Conquer our new era of commerce by utilizing the optimum tool at your fingertips: technology. Ditch the old world of traditional branch networks, and long-established services delivered through physical distribution, for a digital experience that is resilient, secure and nimble. Technology does more than dazzle your membership but increases the operational capacity of your entire organization. Address specific technology and culture changes needed to compete in today’s financial marketplace with real-time customer engagement, open banking systems, accelerated omni-channel experiences, convenience in a  socially engaging and secure environment.

Main Room – Group Discussion & Lessons Learned from COVID-19 Outbreak (BCP, Remote Work, Changes for the future)

Group participants & description coming soon!

Main Room – Cloud Security and Compliance in the Credit Union Industry

Kristen Haught, Security & Compliance Specialist supporting Financial Services customers at Amazon Web Services (AWS)

Kyle Stutzman, Co-Founder & CRO, Pure IT Credit Union Services

Description: To cloud, or not to cloud, that is the question. According to a recent industry survey, over 50% of CEOs responded that they were not in the cloud.  Cloud solutions are part of every credit union today in some form but few have embraced a full cloud architecture.  Today the cloud can replace your data center, Virtual Environment, and desktop images.  It can even be a ‘private cloud’ within the large public cloud.   Join this conversation and discover how cloud based infrastructures create true flexibility and a fortitude of security for your credit union. Through this unique compliance lens, private, public and hybrid cloud strategies are examined, including elements of data encryption, cybersecurity, SOC and SOC2 compliance, user authentication and more. This conversation is for the CTO, CIO, & CISO in all of us.

Main Room – Good Governance: The Board / Cyber Security Partnership

Gene Fredriksen, Executive Director, NCU-ISAO & CISO, PSCU (Ret.)

Description:  Today’s Boards have many duties in addition to the new focus on cyber. Additionally, today’s Boards can sometimes lack deep cyber security experience. As a result, the cyber security function may have to take the lead in developing the communications and measures. The design of meaningful, easily understood metrics that connect to the CU is foundational to building a strong partnership. This session discusses the strategies and measurements a cyber security group should establish for Board communications. We will discuss strategies in use by CU’s today, that bring strong results and meet business and regulatory needs.

Charles McPeters, Cyber Security Account Executive, Darktrace

Description:  In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing – and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data and people are protected, wherever they are. Today’s Autonomous, Self-Learning defenses are capable of identifying and neutralizing security incidents in seconds, not hours – before the damage is done.

Breakout Room – Allowing Credit Unions to Do Business Their Way

Speaker TBD, Corelation

Description:  This session will begin with an overview of Corelation and their KeyStone core system and KeyBridge API’s. From there, attendees will hear a use case in which a credit union user’s role and permissions change based on their network location in order to better understand how modern core and technology solutions support the modern credit union model.

Breakout Room – Topic and Speaker Pending Confirmation – Check back soon!

Breakout Room – Data Risk: The New and Hidden Challenges of Digital Transformation

Merrill Albert, Data Services Delivery Director, Trellance

Description:  From financial services to retail to car insurance, data is transforming industries and consumer expectations. As credit unions use technology to meet member needs and stay competitive, data risk has quickly become a new area of focus. In this interactive session, you’ll learn how to identify, manage & mitigate data risk. You’ll also hear about important regulatory requirements for classifying credit union data and what to consider as you manage data in the cloud. With live polling during the session, you’ll literally have your finger on the issues!

Breakout Room – ActiveCompliance 2.0: Perpetual, Full Cycle Compliance

Alex Hernandez, DefenseStorm

Description:  Come learn how DefenseStorm’s newly enhanced ActiveCompliance engine can help your credit union seamlessly achieve and maintain compliance.  ActiveCompliance can help your institution make sure you are doing the right things, doing them correctly, and able to prove it!  In this session we’ll touch on how the solution handles evidence collection, proof of compliance anytime, real-time board visibility, Google search-like ease of query, and push-button reporting on demand all built specifically for financial institutions and the regulatory scrutiny they face.

Breakout Room – Perched in the Cloud: Gaining Insight Into Your Cloud Security

Mike Riggs, Perch Security

Description:  In a business landscape that demands you adopt cloud services as part of your technology strategies, how do you manage the visibility into those services to ensure equitable security controls? Join Mike Riggs for a discussion on how you can gain visibility into your cloud services alongside your internal technology infrastructure.

Breakout Room – Shakespeare & The Puma: An Intelligence Primer

Graham Westbrook, Technical Accounts, & Curtis Gartenmann, Risk Intelligence Strategy at Flashpoint Intelligence

Description: An interactive, informal session by two former intelligence practitioners discussing their time in the US Intelligence Community (IC), DoD, Healthcare & Finance Industries. It’s a storytelling, ask-me-anything (AMA) event geared toward helping credit union security teams (cyber/fraud/physical) establish intelligence collections, build high-performing, intelligence-led programs and prepare for the next threat, not the last one.

Buck Strasser, Founder, Clear Core

Description:  As credit unions continue their technology maturity journey key areas of business that are often left un-transformed are: security and risk management. Come learn how to use, and hear real-world stories about, the latest in technology and data analytics to help your credit union address risk and mitigate threats to your member’s data and your institution’s reputation. Want to remove the complexity from using data and technology to proactively protect your critical data infrastructure? Easy: Join us!

Description: The SolarWinds compromise exemplifies the exposures of supply-chain risk. This massive attack was a wake-up call, hitting at one of the core foundations of our cybersecurity efforts. In the past, we have trusted the integrity of supplier patches and updates. Historically, upon notification that a security update was available, we would take those patches, assume they were good, and rapidly push them to the environment. This issue has challenged our view of the integrity of even these core updates to systems. Credit unions now need to spend time testing that the patches they are getting are good.These events like the SolarWinds breach have increased the focus on managing third-party software and service suppliers. But that alone is not enough. Cybersecurity is now tasked to police the suppliers of our suppliers, (known as the fourth party). To start, Credit Unions must ask the following questions about their vendor risk management efforts:
• Does the credit union have a master list of its suppliers, and are they prioritized based on their access to the core business?
• Does the credit union know what sensitive data or connections it has from external organizations?
• Do any third-party suppliers have suppliers, and, what do your vendors know about their own supply chain? This is known as fourth-party risk.

Main Room – Open Session

Session topic, speaker, description TBD