CU Intersect 2021 Conference Agenda

Jack Smith, Pure IT CUSO & Gene Fredriksen, NCU-ISAO

Description: “Resilience” may be a buzzy word, but security resilience is driven by real concepts driven by real industry trends.  This session will discuss these topics and provide actionable advice on building a resilient security program.

Michael S. Edwards, Attorney-at-Law

Description: New data privacy rules are setting stricter compliance requirements for credit unions throughout the United States as data breaches at major corporations like Facebook and Marriott Hotels increasingly make national news.  The California Consumer Protection Act and similar state data privacy laws, as well as the European Union’s General Data Protection Regulation, set data protection and data breach notification requirements that likely apply to your credit union if any of your members live in one of those jurisdictions.  Many other states are considering following the California and European data privacy models.

In this session you will learn key data privacy requirement that your credit union should know, including:•What new data privacy rules apply to your credit union;

•The key compliance requirements of the California Consumer Protection Act and other recent data privacy laws;

•How new data privacy laws relate to CFPB Regulation P and the federal Gramm-Leach-Bliley Act;

•Reputational and cybersecurity risks; and•Data privacy best practices.

Speaker, TBD

Steve Soukup, DefenseStorm

Description:  This session will provide an overview of the current trends and cyber threat realities that affect community banks and credit unions. Steve will detail the impact and consequences of a cyber breach and debunk the “odds are, it won’t happen to me” mentality.   The session will also demonstrate how to strategize in real time to ensure cyber safety, how to account for new vulnerabilities and how to prevent, combat and resolve cyber risks.

Jim Stickley, CEO, Stickley on Security 

Description: Jim Stickley has been robbing banks, hacking government computers, and stealing confidential information from businesses for over 30 years. In this unique session, Stickley will demonstrate how criminals are exploiting poorly designed features in web browsers, new tricks in social engineering, and how old security functionality is now being used against you.  Most importantly, Stickley will show how seemingly insignificant actions can lead to complete and total compromise. From credit card exploitation to online account takeovers, this session covers a large range of attacks that put both home users and corporate employees at risk. As always, Stickley will provide useful tips and tricks to help you detect these and prevent you from falling victim to these types of attacks.

Trent Henson, Pure IT CUSO, Becky Reed, Lonestar Credit Union, Aaron Bedingfield, Firstmark Credit Union

Description:   Your key stakeholders are on the move, what if your credit union could meet their financial needs wherever they may roam? From strengthening your internal team with remote employment, to enabling real-time financial service at your membership’s fingertips, learn how to optimize operations and customize the service side of your credit union. Join Trent Henson, Chief Technology Officer of Pure IT Credit Union Services as he outlines these crucial strategic technology adjustments. Hear from Becky Reed, Chief Executive Officer for Lone Star Credit Union, as she delivers candid testimony on the unparalleled value Advanced Mobility gave her organization. Leave this session with the confidence and roadmap to unlock the full potential of your enterprise and knock-out competition: this is Advanced Mobility for the credit union.

Michael Crofts, President, Maple Street

Description:  This session will provide attendees a comprehensive overview of the vendor management process, from the current trends in the industry to selecting and evaluating potential vendors with a risk-based lense.  Learn the key components of a modern vendor management system, objective assessment of future partners, the contract process, and how to effectively measure their performance.

Tim Evans, SVP Chief of Strategy & Co-founder, Adlumin

Description: The key to success is knowing what your SIEM’s capabilities are and how they can better serve your organization. We will start with the type of data a financial institution ingests and how that would be different with a SIEM.  We will discuss what you should expect from your current Security Information and Event Management (SIEM), or demand if you’re buying a new SIEM. We will also cover the types of on-demand reports you should require in the platform and how you can comply with FFIEC CAT requirements. What you will learn:

• Live Monitoring: You should have real-time visibility and analysis into every identity and system within the enterprise.
• World-Class Artificial Intelligence: Any SIEM you purchase should have Artificial Intelligence and Machine Learning.  User & Entity Behavior Analytics (UEBA) constantly hunts a network for anomalous and malicious behavior to discover attacks that you have never even considered.
• PCI Compliance: In seconds, should allow you comply with the hardest parts of PCI DSS compliance.
• Federal Financial Institutions Examination Council (FFIEC) FFIEC CAT Compliance: Your SIEM should allow you to quickly analyze and answer FFIEC CAT Inherent Risk Profile and Cyber Maturity Risk Questions, becoming your System of Record for FFIEC CAT Compliance.  Your SIEM should give you the ability to print off reports that match the exact log requirements that your financial auditor is asking you to provide to them.

Todd Hillis, International Association of Certified ISAOs

Description: This session will discuss key issues credit unions face to keep their networks, employees, and members safe.  Join this session for more on the human factor of information security, key issues and strategies on vulnerability management, and simplifying your approach to network defense.

Camilo Ruiz, Network Security Analyst, Dupaco Community Credit Union

Description: This is a non-technical session for information security leaders from small- and medium-size Credit Unions with just a few security analysts. Participants will learn the basics of MITRE ATT&CK framework and how to start applying it in their organizations.  Today, many companies are adopting ATT&CK as part of their detection and response programs. ATT&CK provides deeper insights into the tactics, techniques, procedures and tools that adversaries commonly use.

Implementing ATT&CK framework effectively can be challenging, though. This session will provide participants with strategies to help Credit Unions identify gaps in their tools’ detection capabilities, avoid redundancy in their security tools and allocate additional cybersecurity funding.  Participants also will learn how adversary emulation will help test their detection capabilities: choose an ATT&CK technique and a test for that technique, execute the test procedure, analyze the detections of the procedure, improve your defenses and start over.

Jim Fuher, Fraud Prevention Manager, STCU

Description:  This presentation will inform and educate the attendees on how scams have evolved over the years in relation to online access.  Scams were successful prior to the conception of the internet, and since then access to others worldwide online has made fraud a Billion dollar plus industry.   We will go through the different scam and fraud scenarios and how they have morphed and changed over the years, as well as the tactics scammers use.  Finally, we will wrap it up with how scammers present day are using a mix of cyber skills and stone age technology to scam victims our of Billions of dollars and how fraud and information security departments can combine forces and create synergy to fight crime.

Robbie Wright, PurITy Technology with Joey Badalament of Ingram Micro/Microsoft

Description:  Conquer our new era of commerce by utilizing the optimum tool at your fingertips: technology. Ditch the old world of traditional branch networks, and long-established services delivered through physical distribution, for a digital experience that is resilient, secure and nimble. Technology does more than dazzle your membership but increases the operational capacity of your entire organization. Address specific technology and culture changes needed to compete in today’s financial marketplace with real-time customer engagement, open banking systems, accelerated omni-channel experiences, convenience in a  socially engaging and secure environment.

Group participants & description coming soon!

Kristen Haught, Security & Compliance Specialist supporting Financial Services customers at Amazon Web Services (AWS)

Xerex Bueno, Pure IT Credit Union Services

 Description: To cloud, or not to cloud, that is the question. According to a recent industry survey, over 50% of CEOs responded that they were not in the cloud.  Cloud solutions are part of every credit union today in some form but few have embraced a full cloud architecture.  Today the cloud can replace your data center, Virtual Environment, and desktop images.  It can even be a ‘private cloud’ within the large public cloud.   Join this conversation and discover how cloud based infrastructures create true flexibility and a fortitude of security for your credit union. Through this unique compliance lens, private, public and hybrid cloud strategies are examined, including elements of data encryption, cybersecurity, SOC and SOC2 compliance, user authentication and more. This conversation is for the CTO, CIO, &  CISO in all of us.

Gene Fredriksen, Executive Director, NCU-ISAO & CISO, PSCU (Ret.)

Description:  Today’s Boards have many duties in addition to the new focus on cyber. Additionally, today’s Boards can sometimes lack deep cyber security experience. As a result, the cyber security function may have to take the lead in developing the communications and measures. The design of meaningful, easily understood metrics that connect to the CU is foundational to building a strong partnership. This session discusses the strategies and measurements a cyber security group should establish for Board communications. We will discuss strategies in use by CU’s today, that bring strong results and meet business and regulatory needs.

TBD, Darktrace

Description:  The digital enterprise is constantly expanding, with new IoT, cloud, and operational technologies all challenging traditional notions of cyber security. Safeguarding these evolving environments against machine-speed attacks has never been more difficult.  Yet the digital battleground now features its most formidable defender in Cyber AI — a self-learning technology that distinguishes friend from foe in order to thwart threats autonomously. With a Cyber AI Platform protecting your entire infrastructure in real time, it doesn’t matter whether the attack originates on a connected device, an industrial system, or in the cloud. Wherever it strikes, the AI fights back in seconds. In this session, you’ll discover:

• Why only Autonomous Response can counter today’s machine-speed attacks
• Where advanced threat actors exploit vulnerabilities in the cloud and IoT
• What achieving 100% visibility can reveal about your organization’s risk profile
• How the Cyber AI Analyst reduces the time spent triaging threats by 92%

Rob Landis, Corelation

Description:  This session will begin with an overview of Corelation and their KeyStone core system and KeyBridge API’s. From there, attendees will hear a use case in which a credit union user’s role and permissions change based on their network location in order to better understand how modern core and technology solutions support the modern credit union model.

David Sylvester, Lumu Technologies

Description: As a general rule, we find what we look for. This has been the case with conventional security testing which “looks” for vulnerabilities and security loopholes. While this is a necessary exercise, it fails to intentionally look for compromise. This session will look at the evolution in security testing and explore why testing practices must evolve to include a state of continuous compromise assessment.

TBD, Trellance

Description:  From financial services to retail to car insurance, data is transforming industries and consumer expectations. As credit unions use technology to meet member needs and stay competitive, data risk has quickly become a new area of focus. In this interactive session, you’ll learn how to identify, manage & mitigate data risk. You’ll also hear about important regulatory requirements for classifying credit union data and what to consider as you manage data in the cloud. With live polling during the session, you’ll literally have your finger on the issues!

Alex Hernandez, DefenseStorm

Description:  Come learn how DefenseStorm’s newly enhanced ActiveCompliance engine can help your credit union seamlessly achieve and maintain compliance.  ActiveCompliance can help your institution make sure you are doing the right things, doing them correctly, and able to prove it!  In this session we’ll touch on how the solution handles evidence collection, proof of compliance anytime, real-time board visibility, Google search-like ease of query, and push-button reporting on demand all built specifically for financial institutions and the regulatory scrutiny they face.

Mike Riggs, Perch Security

Description:  In a business landscape that demands you adopt cloud services as part of your technology strategies, how do you manage the visibility into those services to ensure equitable security controls? Join Mike Riggs for a discussion on how you can gain visibility into your cloud services alongside your internal technology infrastructure.

Chris Pratapas, Softchoice

Session topic, speaker, description TBD