Agenda

Covering crucial topics for credit union leaders

If your credit union is focused on cybersecurity, technology, innovation, or simply just staying ahead of threats and protecting member data, CU Intersect is right for you. Check out our conference agenda from 2023 below, and stay tuned for updates on 2024’s conference.

Complete with impactful keynotes, flexible breakout tracks, industry panel discussions, emerging tech use cases, and more. Mix and match any breakout sessions to customize your conference experience!

2024 Preliminary Keynote Speakers include:
  • CISA, discussing emerging threats
  • NCUA, educating on compliance and audit requirements
  • Kurt Long, renowned speaker and philanthropist

Steve Koinm, Pure IT CISO, discusses advanced physical hacking tools, like the Wifi Pineapple, at CU Intersect 2023.

Interested in speaking at CU Intersect?

We are accepting applications for speakers in the areas of cybersecurity, technology, compliance, risk management, vendor management, AI, and more.

2023 Agenda

Day 1 Agenda

8:30 – 8:45 AM: Emcee(s) from NCU-ISAO / Pure IT CUSO – Welcome, Overview & Opening Remarks
8:45 – 9:45 AM: Steve Soukup, President / CEO, DefenseStorm –  From Cybersecurity to Cyber Risk Management

Description: Let’s face it, getting your credit union to take the right actions to effectively address cybersecurity can be difficult. Infosec and IT professionals are under tremendous pressure to deliver but often feel they can’t get the support they need in a cost-conscious and competitive environment. Executives and Board members know cybersecurity is important but often don’t understand their roles or what’s required to protect the institution, making prioritization and decision-making difficult. Putting all the differences aside, everyone shares the same goals of protecting the institution, its members, and its employees from cyber threats. It’s time for a new approach. Treating cybersecurity as a risk management issue provides the perspective and focus your institution needs to proactively and effectively take control of cyberthreats. You’ll come away understanding the components of cyber risk management, how to bridge organizational divides to create a cyber risk culture, and the importance of understanding your cyber risk maturity.

9:45 – 10:45 AM: Daniel Miessler, Founder, Unsupervised Learning –  Killer Context: How AI Will Disrupt Software and Security

Description: This talk introduces the game-changing influence of artificial intelligence on software development and cybersecurity. Learn how LLM-based software differs from traditional software, how why that matters, how that shift will affect cybersecurity, and see early examples of how this tech being used to solve real security problems. Finally, learn how this change will impact the security industry as a whole, and what we can do to prepare ourselves.

10:45 – 11:15 AM: Break & Exhibit Hall Grand Opening

Breakout 1

Randy Lindberg, CEO at Rivial Data Security – The Future of Cyber Risk: Quantification

Description:  In the cybersecurity world the term Risk Assessment brings about strong emotions in many people. Fear. Anxiety. Doubt. For years we have been told to do risk assessments, but very few people describe HOW to do an IT risk assessment.

Join Rivial Data Security’s founder as he reviews the fundamentals of a solid risk assessment, reveals advanced techniques for improving the measurement of risk, and uncovers secrets to success he has learned in his nearly two decades of designing and performing IT risk assessments.

Learning Objectives:
– Learn the fundamental building blocks of cybersecurity risk management
– Review the options for measuring risk
– Explore a simple process for cyber risk quantification
– Learn how to report cybersecurity to maximize ROI

Neal Roylance, Director of Security Research at RiskRecon, by MasterCard – Overcoming Threats in Your Digital Supply Chain

Description:  Every organization is experiencing cybersecurity threats within its digital supply chain. Whether that risk is seen or unseen, there is a weak link somewhere. As these risks continue to rise, it is critical that firms effectively assess, monitor, and manage supply chain risk to prioritize the threats that would have the largest impact on their business operations.

Join Neal Roylance to learn:
• Why supply chain risk management has become a priority
• How supply chain risk impacts your organization
• How you can manage supply chain risk effectively

Elizabeth Osborne, COO, Great Lakes Credit Union & Scott Lenker, Manager, Information Security Operations, PSECU – Vulnerability Management: Best Practices for Credit Unions

Description: This session provides a comprehensive overview of effective strategies to manage and mitigate vulnerabilities unique to credit unions. Attendees will gain insights into the latest cybersecurity threats facing the financial sector and learn practical approaches to identify, assess, and prioritize vulnerabilities. The session will emphasize the importance of proactive vulnerability management to ensure the security and resilience of credit union systems and sensitive financial information.

Breakout 2

Anne Legg, Founder, Thrive Strategic Services & Clear Core – 5 Essential Strategies To Activate Your Credit Union Data

Description:  Many credit union leaders feel that their enterprise data is all over the place, and any data initiative feels too overwhelming and expensive to take on.
This explains why 92% of credit unions fail to leverage their data effectively. And according to McKinsey, the five reasons for failed data efforts are:
1. Lack of clear data strategy.
Only 30% of FI surveyed had a data strategy
2. Inability to translate data strategy into tangible use cases.
3. Do not have clear roadmaps.
4. Do not have foundational data governance.
5. Have not leveraged their talent to translate data into valuable action.

This session will share the five must-haves needed to master enterprise data activation and provide valuable actions you can apply to your credit union.

Austin Dodds, Physical Security Program Manager, STCU – Breaking the Bank: Lessons from a Recent ATM Skimming Attack

Description: This session will be a deep dive into the mechanics of a recent sophisticated ATM skimming attack. We’ll discuss the techniques employed by criminals to compromise ATMs and gain unauthorized access to cardholder information. Attendees will gain valuable insights into the attack’s modus operandi and emerge with a heightened awareness of the risks around coordinated skimming attacks.

Mike Saylor, CEO, Black Swan Cybersecurity – Cybersecurity is not just an IT problem

Description: Mike Saylor, CEO of Blackswan Cybersecurity and Professor at the University of Texas in San Antonio, delves into the holistic perspective of cybersecurity. Prof. Saylor emphasizes that cybersecurity is not confined to IT but extends across all facets of a business, encompassing people, vendors, and the strategic use of technology and special services for enhanced protection and operational efficiency.

Breakout 3

Michael MacLean, Channel Sales Engineer at Cato Networks, CATO Networks – SASE: Empowering the Evolution of Credit Unions

Description:  During this presentation we explore the evolution of security. Discover how Cato Networks’ Secure Access Service Edge (SASE) is leading the charge in reshaping security. We’ll discuss the cutting-edge security features of Cato Networks SASE and shed light on why traditional, legacy security ideas have become obsolete in today’s digital landscape. Uncover the future of credit union security in this insightful session!

Josh Langas, Information Security Analyst, Dupaco Community Credit Union – How One CU’s Purple Teaming Journey can be Another CU’s Starting Point

Description:  Have you ever been curious about the benefits Purple Team exercises can bring to your credit union with a small security team? This presentation will help you do just that by expanding on how Dupaco Community Credit Union is working to implement Purple Team exercises with limited resources.

This presentation will cover how Dupaco’ Purple Team journey began and where it is today. Provide a high-level overview of how Dupaco is leveraging Purple Team exercises to train security team members on the TTPs used by threat actors, identifying and communicating risk generated during and after an exercise, and to gain a better understanding of your security tool stack. Lastly, provide a wrap up with an overview of topics discussed, where you can find resources to start your own Purple Team journey, and a Q&A.

Steve Koinm, VP Professional Services, Pure IT CUSO – Hacking Physical Systems: How pentesting tools put your branches and office facilities at risk

Description:  Often overshadowed in a world of remote cyber attacks, physical security breaches can be just as devastating to an organization as the prior.

This session will discuss how “penetration testing” tools such as the Wi-Fi Pineapple and Flipper Zero can be used in combination with proximity to buildings and assets to compromise networks and gain entry to buildings and restricted areas.

See demonstrations of hacking in-action and learn how to better secure your organization’s physical assets along the way.

3:15 – 4:00 PM: Panel: Joe Guidry & Monica Davis, Union Square Credit Union / Masako Long, Janusea / Jack Smith, Pure IT CUSO / Steve Soukup, DefenseStorm  – The Intersection of IT and Risk in the Battle Against Fraud

Description:

Join us for a captivating session that delves into the symbiotic partnership between IT and Risk, working harmoniously to combat and alleviate fraud within the credit union landscape. Our distinguished panelists include Monica Davis, Senior Vice President of Risk, and Joe Guidry, Chief Information Officer, both of Union Square Credit Union, an esteemed $650 million asset institution hailing from Texas; Masako Long, VP of Sales at Janusea, a revolutionary credit union and fintech middleware provider; and Steve Soukup, CEO of DefenseStorm, an avant-garde cyber risk firm exclusively dedicated to fortifying financial institutions armed with SIEM/SOC and cutting-edge fraud prevention software and services. Jack Smith, CEO of Pure IT CUSO will join as your moderator.

This engaging panel discussion will illuminate the pivotal roles between IT and Risk in meticulously selecting the optimal solution tailored to the unique needs of their credit union. The discourse will include a discerning analysis of potential Return on Investment (ROI) and fortified fraud prevention strategies, and the talk will extend to the seamless integration with the core, highlighting the invaluable synergy between IT and Risk. A pivotal juncture will be the exploration of a groundbreaking tool that augments organizational value, enriched by the collaborative efforts of IT and Risk experts.

Immerse yourself in this enlightening session, where the convergence of expertise culminates in a conversation to fortify credit unions against the ever-evolving landscape of fraud.

4:00 – 4:45 PM: Todd Hillis, Chief Intelligence Officer at IACI – SQL Injection: How an Old Attack Vector Led to the Biggest Hack of 2023

Description:  The MOVEit file transfer vulnerability is the biggest “hack” of 2023 to-date.  It all started with a simple SQL injection, an old but effective attack that has been around for quite some time. SQL injection has remained popular among bad actors as it is relatively easy to find, exploit, and then manipulate the data that is acquired.

In the case of MOVEit, the Cl0p ransomware gang’s team simply scanned for two things:

  • MOVEit appliances with open HTTP/HTTPS pages
  • Improper sanitization of SQL requests sent to the appliance

In this session, we will discuss how SQL injection works, how bad actors scan for it, and how it can be mitigated to prevent your credit union from becoming a victim of these attacks in the future.

Day 2 Agenda

8:30 – 8:45 AM: Emcees, NCU-ISAO & Pure IT CUSO – Welcome, Day 2 Overview
8:45 – 9:45 AM: Mark Sangster, VP Chief of Strategy at Adlumin – Finding Factors not Fault: Building Cyber Resilience for Credit Unions

Description: Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of an organization’s security, or worse, bury the true causes of incidents and lead to repeated data breaches or operations disrupting cyber incidents. Join Mark Sangster, author of No Safe Harbor and Adlumin Chief of Strategy, as he explores a famous aviation accident to identify human biases, best practice root cause analysis, and explores how blaming single factor robs us of the opportunity to identify system causes and make the changes necessary to prevent repeat incidents.

  • Explore human biases and how they skew our decision-making.
  • Examining a full range of factors and documenting impact
  • Continuous improvement through impartial examination
9:45 – 10:45 AM:  Dr. Fred Kennedy, Author, Speaker, Founder & CEO at Dark Fission Space Systems – Why Swans Only Look Black In Hindsight – How We Always Underestimate the Impact of Innovation and What To Do About It

Description:  Innovations often face resistance and skepticism upon their introduction, as established norms seek to maintain their influence and resources. This dynamic is evident in the space sector, with instances like reusable rockets (popularized by SpaceX) and the proliferation of small satellites. Critics often attempt to rationalize the innovations, resorting to tactics like questioning the necessity, exaggerating drawbacks, underestimating costs, and even predicting disastrous consequences once the innovation gains traction, reminiscent of debates around AI. This pattern of circular criticism consumes significant energy. However, whether a more effective approach to these discussions exists remains an open question.

11:15- NOON: Trent Henson, CTO, Pure IT CUSO with Dan Butterworth, Chief Marketing & Innovation Officer, EnCUrage Financial Networks – Discover SASE: Combining Cloud and Network Security

Description: Secure access service edge (SASE), pronounced “sassy,” is a cloud-based architecture that consolidates network and cloud-native security technologies into a single cloud service. SASE allows credit unions to manage their network and security tools within a single console, without the need for hardware, providing a straightforward security and networking solution that is independent of employee and resource location. By leveraging cloud technology’s widespread connectivity, SASE combines software-defined wide area network (SD-WAN) with network security functions like Zero Trust Network Access (ZTNA) and Software as a Service (SaaS). With the increase in remote workers and credit unions’ growing adoption of cloud services to run applications, SASE offers a convenient, fast, cost-effective, and scalable SaaS product for networking and security.

NOON – 1:00 PM:  Lunch & Sponsor Exhibits

Breakout 1

Mark Trinidad, Field CTO at Allure Security – Web of Deceit 2024: Trends in Online Brand Impersonation for Credit Unions & Taking Back Control

Description:  As online financial services boom, cybercriminals exploit members’ trust in their credit union by impersonating credit union brands online. When members fall victim, the impersonated credit union bears the brunt of the blame (whether deserved or not). Unfortunately, traditional methods of detecting deceptive websites, social media profiles, and apps based on name similarity alone miss about 70% of impersonation attacks – an alarming failure rate. But there’s hope!

In this insightful session, Allure Security will delve into its latest research on trends in online brand impersonations of credit unions for 2023 and beyond. You’ll learn the latest tactics, techniques, and procedures deployed by scammers against credit unions and the crucial role played by AI in stopping these scams. But most importantly you’ll come away with actionable steps you can take to protect your brand and members online once you return back to your daily duties.

Samantha Torrez-Hidalgo, Software Specialist at CoNetrix Tandem – The Ins & Outs of Your Annual Report to the Board

Description:  Each year, your organization is tasked with creating and presenting a report to your board about your information security program. But what should be included in this report? What is most important to focus on to have an efficient and effective meeting? Join Samantha as she discusses the ins & outs of your annual report to the board and how to make the process easy to complete each year.
3 Key takeaways the audience will gain from the presentation: Learning about your board and their background, how to identify what’s important to include in this report, and establishing clear communication with your board about your information security program.

Lynn Boyd, Vice President Sales, Americas, Cradlepoint by Ericsson – Generative AI and Credit Unions: Safeguarding Your Intellectual Property

Description:  Generative AI platforms, like ChatGPT, Bard, and their counterparts, are making significant inroads in the credit union industry. Their capabilities in distilling complex financial data, drafting reports, and streamlining operations are undeniable. However, these advantages do not come without concerns. There’s a risk that sensitive credit union data, if inadvertently input, might become a part of the AI’s training set, posing potential exposure in future outputs. In this session, we’ll delve into the pros and cons of Generative AI in the credit union environment and share strategies on preserving the confidentiality of your institution’s proprietary data.

You’ll learn:

  • Generative AI in the Financial Landscape: Get a comprehensive overview of how AI platforms, like ChatGPT and Bard, are revolutionizing credit unions.
  • Data Distillation Techniques: Understand the intricate processes these platforms utilize to break down and interpret complex financial datasets.
  • Report Drafting Capabilities: Discover the prowess of Generative AI in drafting comprehensive and accurate financial reports, streamlining the documentation process.
  • Operational Efficiency: Learn how these tools enhance operational workflows, leading to improved productivity and member service in credit unions.
  • Risks and Mitigation: Delve into the potential pitfalls, especially around data security, and the proactive measures to mitigate risks.

Arm yourself with a deeper understanding of Generative AI’s role in the credit union sector, and leave the session equipped with the knowledge and tools needed to harness its potential while ensuring the security of proprietary data.

Breakout 2

Gordon Flammer, President & CEO, Datava – Why Credit Unions Need an ERP: The only way to be Data-Driven and Member Focused

Description:  Discover the perfect synergy between Credit Unions and an Enterprise Resource Planning (ERP) system in achieving data-driven decision making and a member-centric focus. Join us to explore how ERPs empower Credit Unions to harness data effectively, foster seamless member experiences, enhance operational efficiency, and drive explosive growth and ROI. Leave fully prepared to elevate your credit union to the next level.

Jonathan Davis, Director of Field and Product Strategy, Silverfort – How credit unions are eliminating the blind spots of Active directory

Description: We will discuss how attackers are using the weakness of Active directory and exploiting common admin interfaces and service accounts to move laterally in your network and how addressing identity security is key to stopping this.

Breakout 3

Elizabeth Houser, Director, Cyber Defense, DefenseStorm – Building Cyber Resilience: Turning Data into Action

Description:  

Join Elizabeth Houser, DefenseStorm Director of Cyber Defense, to explore the critical components of cyber resilience, focusing on the role of tabletop exercises and reliable data to enhance your credit union’s proactive response to cyberthreats. You’ll reduce risk, become more efficient, and lower operational expenses! During this educational session, you will learn practical applications for your credit union, including:

• The meaning and importance of cyber resilience
• The critical role of tabletop exercises in improving Incident Response Plans (IR)
• How to leverage reliable data to prioritize cybersecurity initiatives and improve your cyber risk management program

Jon Nussbaum, Staff Sales Engineer and Choo Kim-Isgitt, Director, GTM Plans & Programs at Splunk – Integrating Threat Intel into your Cyber-Risk Management Processes

Description:  Cyber risk is becoming increasingly critical for all businesses, but especially businesses that manage customer finances. Learn from a practitioner and a business leader with experience in the field how to use current threat intelligence, both premium and open-source, as well as a wealth of data through NCU-ISAO, to reduce your cyber-risk.

Brian Hinze, VP, Member Services & Operations at NCU-ISAO – A Collaborative Approach to Fighting Online Banking Account Takeover

Description: Credit Union member accounts have been under attack for years; and the latest tactics used by fraudsters combine impersonated websites and convincing SMS lures to scare members and ultimately collect member online login credentials.  These compromised members accounts can lead to monetary losses and possible reputational risk.

In this session, we’ll discuss how one credit union is leveraging a combination of trends in information sharing intelligence from NCU-ISAO, additional partner intelligence and resources from our community, and working with their digital banking partners to identify these attacks as they emerge.

We’ll also discuss how credit unions can use these strategies to protect their brand, while also discussing NCU-ISAO member resources that may make this process a bit easier for organizations of all sizes.

3:00 – 3:30 PM:  Break & Sponsor Exhibits
3:30 – 4:30 PM:  Steve Koinm, VP Professional Services at Pure IT CUSO & Gene Fredriksen, President at NCU-ISAO – Key Principles in Incident Response

Description: This session delves into essential strategies for managing and mitigating cybersecurity incidents effectively. This session outlines fundamental principles that guide organizations in crafting robust incident response plans, emphasizing timely detection, swift containment, and thorough recovery. Attendees will gain insights into orchestrating coordinated responses, minimizing damage, and fostering resilience against evolving cyber threats.

Day 3 Agenda

8:30 – 9:15 AM: Edmond Momartin, Principal – Cybersecurity at AT&T & Board Member, OWASP Los Angelest – The OWASP Foundation

Description:  The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Our programming includes:

  • Community-led open source software projects
  • Over 250+ local chapters worldwide
  • Tens of thousands of members
  • Industry-leading educational and training conferences

In this session, Edmond will discuss OWASP, it’s history, relevance and projects to fill the gap.

9:15 – 9:45 AM:   Break, Last-chance Exhibits & Vendor Giveaways
9:45 – 10:30 AM:  Troy Leach, Chief Strategy Officer at Cloud Security Alliance (CSA) – CSA Resources for Assessing Your Vendors and Related Cloud Risks

Description: Attendees will receive insights into the comprehensive tools and frameworks offered by CSA to effectively assess the security of cloud service providers. By leveraging these resources, participants will be better equipped to make informed decisions about vendor partnerships and navigate the complex landscape of cloud security, enhancing their organization’s risk management strategies.

10:30 – 11:30 AM: Ernest Chambers, Division Director Critical Infrastructure & Todd Finkler, Cybersecurity Advisor at NCUA – Supervisory Priorities & Cybersecurity Update

Description: Hear it straight from the source!  NCUA will be present at CU Intersect 2023 to discussion trends in cybersecurity & examinations, including updates on the exam program and early-outcomes related to the deployment of the new Information Security Exam (ISE).  Gain actionable insights into 2023’s ISE findings in order to identify potential gaps in your current security programs, as well as NCUA’s perspectives on recent cyber attacks impacting the credit union industry.

11:30 AM:  Closing Comments & Conference Adjourn