CU Intersect 2020 Conference Agenda

NCU-ISAO Member-only Pre-session

Main Room – Security Resilience: Defining, Understanding, and Achieving It

Gene Fredriksen, Executive Director, NCU-ISAO & Jack Smith, CEO, Pure IT CUSO

Description: “Resilience” may be a buzzy word, but security resilience is driven by real concepts driven by real industry trends.  This session will discuss these topics and provide actionable advice on building a resilient security program.

Main Room – National Credit Union Administration Information Systems and Assurance Examination Program (ISAEP)

Johnny Davis, Jr., Division Director for Critical Infrastructure, NCUA

Description: The NCUA will discuss its current and future cyber security initiatives to advance consistency, transparency, and accountability within the NCUA’s cybersecurity examination program and provide credit unions with information and resources to improve their preparedness and resiliency.  You’ll also learn about updates to the NCUA Information Security Examination Program regarding:

•Information Technology Risk Examination (InTREx): focusing on a core module for audit, management, development and acquisition, and support and delivery.

•Modern Examination and Risk Identification Tool (MERIT): The NCUA’s new examination procedures described in Part 748, piloted in 2020 with scheduled implementation in 2021.

Main Room – The New Data Privacy

Michael S. Edwards, Attorney-at-Law

Description: New data privacy rules are setting stricter compliance requirements for credit unions throughout the United States as data breaches at major corporations like Facebook and Marriott Hotels increasingly make national news.  The California Consumer Protection Act and similar state data privacy laws, as well as the European Union’s General Data Protection Regulation, set data protection and data breach notification requirements that likely apply to your credit union if any of your members live in one of those jurisdictions.  Many other states are considering following the California and European data privacy models.  In this session you will learn key data privacy requirement that your credit union should know, including:

•What new data privacy rules apply to your credit union;

•The key compliance requirements of the California Consumer Protection Act and other recent data privacy laws;

•How new data privacy laws relate to CFPB Regulation P and the federal Gramm-Leach-Bliley Act;

•Reputational and cybersecurity risks; and

•Data privacy best practices.

Conference Welcome Reception, Presented by Adlumin

Join us to kick-off CU Intersect with our friends at Adlumin with this fun, social networking event!

Main Room – Preparing for Next-Gen Cyber Attacks: How Credit Unions Can Stay Ahead of Cyber Bad Actors

Steve Soukoup, DefenseStorm

Description:  This session will provide an overview of the current trends and cyber threat realities that affect community banks and credit unions. Steve will detail the impact and consequences of a cyber breach and debunk the “odds are, it won’t happen to me” mentality.   The session will also demonstrate how to strategize in real time to ensure cyber safety, how to account for new vulnerabilities and how to prevent, combat and resolve cyber risks.

Main Room – I wasn’t hacked… Was I?

Jim Stickley, CEO, Stickley on Security

Description: Jim Stickley has been robbing banks, hacking government computers, and stealing confidential information from businesses for over 30 years. In this unique session, Stickley will demonstrate how criminals are exploiting poorly designed features in web browsers, new tricks in social engineering, and how old security functionality is now being used against you.

Most importantly, Stickley will show how seemingly insignificant actions can lead to complete and total compromise. From credit card exploitation to online account takeovers, this session covers a large range of attacks that put both home users and corporate employees at risk. As always, Stickley will provide useful tips and tricks to help you detect these and prevent you from falling victim to these types of attacks.

Trent Henson, Pure IT CUSO & Becky Reed, Lonestar Credit Union

Description:   Your key stakeholders are on the move, what if your credit union could meet their financial needs wherever they may roam? From strengthening your internal team with remote employment, to enabling real-time financial service at your membership’s fingertips, learn how to optimize operations and customize the service side of your credit union. Join Trent Henson, Chief Technology Officer of Pure IT Credit Union Services as he outlines these crucial strategic technology adjustments. Hear from Becky Reed, Chief Executive Officer for Lone Star Credit Union, as she delivers candid testimony on the unparalleled value Advanced Mobility gave her organization. Leave this session with the confidence and roadmap to unlock the full potential of your enterprise and knock-out competition: this is Advanced Mobility for the credit union.

Breakout Room – Shedding Light on the Dark Web – 2020 Forecast

Eli Dominitz, CEO, Q6 Cyber

Description: The Dark Web is home to many of the fraudsters targeting credit unions. In this presentation, we will venture into the Dark Web (back by popular demand!) and profile the latest trends in financial fraud and cybercrime. In a live, real-time demo, we will browse the most popular fraud and hacker communities, showcase leading “anti-detect” tools, and highlight noteworthy shifts in the underground cybercriminal ecosystem that we expect to see in 2020. Importantly, we will discuss how credit unions can collect timely and actionable intelligence on the Dark Web to disrupt cybercriminal and fraud operations.  Learning objectives:

• What are the latest trends in financial fraud and cybercrime as seen on the Digital Underground, Dark Web, and Deep Web?
• What tools and tactics can we expect to see from cybercriminals and fraudsters targeting credit unions in 2020?
• How do leading financial institutions leverage intelligence from the Digital Underground to combat cybercrime and fraud?

Michael Crofts, President, Maple Street

Description: Most vendor contracts are written to protect the vendor from risks or shift risk from the vendor to the customer, and poorly negotiated contracts can create or shift business and legal risk unfairly. That’s why the vendor management guidelines require attention to sixteen specific contract provisions in negotiating vendor contracts. Attendees will gain insights into specific risk areas of contracts pertaining to:
1) Performance and Service Level Agreements
2) Data Breach
3) Limits of Liability, Indemnity Clauses, and Dispute Resolution
4) Termination Provisions
5) Suggestions for Specific Provisions such as Performance, Uptime Requirements, Service Level Standards, and Data Breach and Event Reporting

Breakout Room – Why Financial Institutions Need a Security and Compliance Automation Platform

Tim Evans, SVP Chief of Strategy & Co-founder, Adlumin

The key to success is knowing what your SIEM’s capabilities are and how they can better serve your organization. We will start with the type of data a financial institution ingests and how that would be different with a SIEM.  We will discuss what you should expect from your current Security Information and Event Management (SIEM), or demand if you’re buying a new SIEM. We will also cover the types of on-demand reports you should require in the platform and how you can comply with FFIEC CAT requirements.

What you will learn:

• Live Monitoring: You should have real-time visibility and analysis into every identity and system within the enterprise.
• World-Class Artificial Intelligence: Any SIEM you purchase should have Artificial Intelligence and Machine Learning.  User & Entity Behavior Analytics (UEBA) constantly hunts a network for anomalous and malicious behavior to discover attacks that you have never even considered.
• PCI Compliance: In seconds, should allow you comply with the hardest parts of PCI DSS compliance.
• Federal Financial Institutions Examination Council (FFIEC) FFIEC CAT Compliance: Your SIEM should allow you to quickly analyze and answer FFIEC CAT Inherent Risk Profile and Cyber Maturity Risk Questions, becoming your System of Record for FFIEC CAT Compliance.  Your SIEM should give you the ability to print off reports that match the exact log requirements that your financial auditor is asking you to provide to them.

Softchoice

Breakout Room – Applying MITRE ATT&CK For Small and Medium Sized Credit Unions

Camilo Ruiz, Network Security Analyst, Dupaco Community Credit Union

Description: This is a non-technical session for information security leaders from small- and medium-size Credit Unions with just a few security analysts. Participants will learn the basics of MITRE ATT&CKTM framework and how to start applying it in their organizations.

Today, many companies are adopting ATT&CK as part of their detection and response programs. ATT&CK provides deeper insights into the tactics, techniques, procedures and tools that adversaries commonly use.

Implementing ATT&CK framework effectively can be challenging, though. This session will provide participants with strategies to help Credit Unions identify gaps in their tools’ detection capabilities, avoid redundancy in their security tools and allocate additional cybersecurity funding.

Participants also will learn how adversary emulation will help test their detection capabilities: choose an ATT&CK technique and a test for that technique, execute the test procedure, analyze the detections of the procedure, improve your defenses and start over.

Breakout Room – Fraud: Evolution of Scams from the Stone Age to the Cyber Stage

Jim Fuher, Fraud Prevention Manager, STCU

Description:  This presentation will inform and educate the attendees on how scams have evolved over the years in relation to online access.  Scams were successful prior to the conception of the internet, and since then access to others worldwide online has made fraud a Billion dollar plus industry.   We will go through the different scam and fraud scenarios and how they have morphed and changed over the years, as well as the tactics scammers use.  Finally, we will wrap it up with how scammers present day are using a mix of cyber skills and stone age technology to scam victims our of Billions of dollars and how fraud and information security departments can combine forces and create synergy to fight crime.

Industry Panel Discussion

Description:  Conquer our new era of commerce by utilizing the optimum tool at your fingertips: technology. Ditch the old world of traditional branch networks, and long-established services delivered through physical distribution, for a digital experience that is resilient, secure and nimble. Technology does more than dazzle your membership but increases the operational capacity of your entire organization. Address specific technology and culture changes needed to compete in today’s financial marketplace with real-time customer engagement, open banking systems, accelerated omni-channel experiences, convenience in a  socially engaging and secure environment.

Main Room – Cloud Security and Compliance in the Credit Union Industry

Speaker Pending

Description: To cloud, or not to cloud, that is the question. According to a recent industry survey, over 50% of CEOs responded that they were not in the cloud.  Cloud solutions are part of every credit union today in some form but few have embraced a full cloud architecture.  Today the cloud can replace your data center, Virtual Environment, and desktop images.  It can even be a ‘private cloud’ within the large public cloud.   Join this conversation and discover how cloud based infrastructures create true flexibility and a fortitude of security for your credit union. Through this unique compliance lens, private, public and hybrid cloud strategies are examined, including elements of data encryption, cybersecurity, SOC and SOC2 compliance, user authentication and more. This conversation is for the CTO, CIO, &  CISO in all of us.

Main Room – Good Governance: The Board / Cyber Security Partnership

Gene Fredriksen, Executive Director, NCU-ISAO & CISO, PSCU (Ret.)

Description:  Today’s Boards have many duties in addition to the new focus on cyber. Additionally, today’s Boards can sometimes lack deep cyber security experience. As a result, the cyber security function may have to take the lead in developing the communications and measures. The design of meaningful, easily understood metrics that connect to the CU is foundational to building a strong partnership. This session discusses the strategies and measurements a cyber security group should establish for Board communications. We will discuss strategies in use by CU’s today, that bring strong results and meet business and regulatory needs.

Main Room – Computer Security and Why it is Everyone’s Responsibility

James Morrison, Computer Scientist, FBI (Retired)

Description: Computer Security and Why it is everyone’s responsibility – Computer Criminals are increasingly targeting small businesses and individuals and causing havoc across these networks.  Learning how these attacks are carried out is just the beginning to learning how to protect yourself.  This presentation will help you in this process.

Timothy Choi, Darktrace

Description:  The digital enterprise is constantly expanding, with new IoT, cloud, and operational technologies all challenging traditional notions of cyber security. Safeguarding these evolving environments against machine-speed attacks has never been more difficult.  Yet the digital battleground now features its most formidable defender in Cyber AI — a self-learning technology that distinguishes friend from foe in order to thwart threats autonomously. With a Cyber AI Platform protecting your entire infrastructure in real time, it doesn’t matter whether the attack originates on a connected device, an industrial system, or in the cloud. Wherever it strikes, the AI fights back in seconds. In this session, you’ll discover:

• Why only Autonomous Response can counter today’s machine-speed attacks
• Where advanced threat actors exploit vulnerabilities in the cloud and IoT
• What achieving 100% visibility can reveal about your organization’s risk profile
• How the Cyber AI Analyst reduces the time spent triaging threats by 92%

Breakout Room – Topic Under Review

Corelations

Breakout Room – Cybersecurity Testing Limitations & How to Overcome Them

David Sylvester, Lumu Technologies

Description: As a general rule, we find what we look for. This has been the case with conventional security testing which “looks” for vulnerabilities and security loopholes. While this is a necessary exercise, it fails to intentionally look for compromise. This session will look at the evolution in security testing and explore why testing practices must evolve to include a state of continuous compromise assessment.

Breakout Room – Data Risk: The New and Hidden Challenges of Digital Transformation

Merrill Albert, Trellance

Description:  From financial services to retail to car insurance, data is transforming industries and consumer expectations. As credit unions use technology to meet member needs and stay competitive, data risk has quickly become a new area of focus. In this interactive session, you’ll learn how to identify, manage & mitigate data risk. You’ll also hear about important regulatory requirements for classifying credit union data and what to consider as you manage data in the cloud. With live polling during the session, you’ll literally have your finger on the issues!

Breakout Room – ActiveCompliance 2.0: Perpetual, Full Cycle Compliance

Alex Hernandez, DefenseStorm

Description:  Come learn how DefenseStorm’s newly enhanced ActiveCompliance engine can help your credit union seamlessly achieve and maintain compliance.  ActiveCompliance can help your institution make sure you are doing the right things, doing them correctly, and that you are able to prove it!  In this session we’ll touch on how the solution can ease the burden faced by credit union executives through the handling evidence collection, providing proof of compliance anytime, assisting with real-time board visibility, supporting Google search-like ease of query, and outputting push-button reporting on demand all built specifically for financial institutions and the regulatory scrutiny they face.

Mike Riggs, Perch Security

Description:

In a business landscape that demands you adopt cloud services as part of your technology strategies, how do you manage the visibility into those services to ensure equitable security controls? Join Mike Riggs for a discussion on how you can gain visibility into your cloud services alongside your internal technology infrastructure.

Speaker Pending

Main – DevSecOps and Credit Unions:  Recipes for Success

Credit Union Leadership Panel Discussion

Description:  Automation of your credit union processes, IT and security? You heard us. Join leaders in custom infrastructure and learn credit union pathways to automation. Hear what happens when credit unions offer instant service to their membership and employees at their fingertips. Give your members instant gratification with a  service mission.  Panelists disclose first hand experiences in DevSecOps operations, from identifying complexities, outlining goals, and the rapid development /deployment of functionality. This includes automation and intelligence for built-in security as part of the overall design by empowered teams,  not just security specialists.   Implementing features securely, not adding more security features is the only safe way to move forward.  Let’s talk about what is really possible today and where things are headed.

Main Room – Looking Ahead: Trends in Security and Technology Shaping Tomorrow

Jack Smith, CEO, Pure IT CUSO