Agenda

Covering crucial topics for credit union leaders

If your credit union is focused on cybersecurity, technology, innovation, or simply just staying ahead of threats and protecting member data, CU Intersect is right for you.

Complete with impactful keynotes, flexible breakout tracks, industry panel discussions, emerging tech use cases, and more. Mix and match any breakout sessions to customize your conference experience!

Some highlights you can expect to see at CU Intersect 2024:

  • AI Ethics and Safety for Credit Unions
  • Cloud Migration Best Practices and Lessons Learned
  • Vulnerability Management
  • Secure Access Service Edge (SASE) and Zero Trust
  • Effectively Outsourcing, Bringing in Third-Parties
  • Risk Assessments and Risk Management

2024 Speakers

2024 Agenda *Subject to change*

Day 1 Agenda

8:30 – 8:45 AM: Emcee(s) from NCU-ISAO / Pure IT CUSO – Welcome, Overview & Opening Remarks
8:45 – 9:45 AM: Jessica Caballero, Director of Cyber Risk Management, DefenseStorm – Are You Overfeeding Your Cyber Risk Appetite?

Description: Cyber risks are dynamic, so your program can’t be static! Effective cyber risk management requires frequent evaluation of inherent risk levels and an honest self-assessment of whether controls are working as designed to mitigate risk to an acceptable level. Your credit union uses this approach to evaluate all its financial risks, so why not do the same for cyber risk? In this session, you’ll understand what’s at stake by not addressing cyber risk effectively and get guidance on the steps you can take to bring about change. You’ll get practical insights from other credit unions who are tackling this challenge. And you’ll learn how to effectively manage all the different people who need to be involved, including the c-suite and Board.

9:45 – 10:45 AM: Hal Kempfer, CEO, GRIPSA –  Re-assessing Risk in an Era of Growing Global Instability

Description: With wars proliferating over the last few years, especially in just the last year, threats to our critical infrastructure thought as primarily terrorist based since 9-11 are being rapidly realigned to nation-state actors openly challenging the global order, and aggressively operating in the clandestine “gray zone” just short of open conflict. The risk faced across society and to our economy has shifted dramatically and seemingly fast, and analogies to the unstable years just prior WWII are becoming a common refrain. Non-state actors and state actors have begun to blur, and the level of sophistication and threat potential has increased correspondingly. Europe has awakened to continent of full saboteurs and spies, and North America is quickly realizing the same. Asia and the West Pacific is increasingly seen as a not too future battlefield portending tectonic shifts to our way of life. A myriad of threat tactics and techniques have been employed in a dizzying array of regular assaults where cyberspace and physical space are both impacted, and the potential consequences seems to grow exponentially. Added to this are the more apparent effects of climate change, where natural forces are also impacting our all-hazards threat assumptions to critical infrastructure in ways not seen in many decades, if not centuries.

Hal Kempfer, a retired Marine Intelligence Officer who is a renowned “go-to” national and homeland security analyst relied up by multiple television news networks, will bring his unique background and perspective from his many decades dealing with war and terrorism, along with both man-made and natural disasters, to address how this era of global instability is forcing us to reassess risk, and broaden our scope of what that now truly means.

10:45 – 11:15 AM: Break & Exhibit Hall Grand Opening

Breakout 1 (3 concurrent sessions)

CATO Networks, Brian Anderson, Global Field CTO – Modernize Networking and Security with SASE

Description: Learn how Secure Access Service Edge (SASE) helps credit unions to enhance cybersecurity posture, streamline network management, and ensure compliance with regulatory standards. Cato Networks converges networking and security into a unified, cloud-native platform delivering industry leading services over a global private backbone. This presentation will highlight real-world case studies, demonstrating how SASE solutions have enabled organizations to achieve greater agility, cost-efficiency, and improved overall service delivery in an increasingly digital world.

Allure Security, Sam Bakken, Director of Product Marketing – Credit Union Impersonations Online: Real Costs and Emerging Trends of a Critical Threat

Description:  Credit unions need to do more to attract younger members or risk “fading into irrelevance,” according to consulting group McKinsey. Key strategies include appealing to younger generations through increasing digital marketing investments and enhancing digital capabilities. However, online brand impersonations pose a significant threat to these initiatives by increasing fraud costs, damaging a credit union’s reputation, and eroding consumer trust in a credit union’s ability to keep its members safe.

In this session we’ll explore how fraudsters’ targeted credit unions and their members throughout 2024 and how credit unions need to respond in order to maintain and grow their organization.

Highlights:

• Key insights from Allure Security’s annual report “SPOOF 2024: Trends in Online Impersonation of Credit Unions”
• How to detect and eliminate online scams before they harm your members
• How to build a compelling business case for investing in proactive online brand protection initiatives

Breakout 2 (3 concurrent sessions)

Tim Parisi, Sr. Director, Incident Response & Cloud Services at CrowdStrike – The Front Lines with CrowdStrike: Latest Threats and Best Practices from CrowdStrike’s IR Team

Description: This presentation will provide an overview of the most recent and sophisticated cyberattacks that CrowdStrike’s incident response (IR) team has encountered and mitigated. You will learn about the tactics, techniques, and procedures (TTPs) of the adversaries, as well as the best practices and recommendations from the IR experts to enhance your security posture and resilience. You will also get a glimpse of how CrowdStrike’s cloud-native platform and services can help you prevent, detect, and respond to breaches faster and more effectively.

Randy Lindberg, CEO at Rivial Data Security – Examiner Expectations for Cyber Risk Management

Description:  Effective Cyber Risk Management is a challenge for credit unions of all sizes, because of the lack of specific guidance on how to manage these risks successfully. In this session, we’ll cover the core elements of an information security risk management program and look at advanced ways to improve risk measurement. Additionally, we will discuss examiner expectations and introduce a maturity matrix designed to help credit unions evolve towards more sophisticated risk management practices. The ultimate goal is to build a more efficient and effective cybersecurity program.

Key Topics:
• Essential elements of cyber risk management
• NCUA expectations for cyber risk
• Defining a risk appetite
• The importance of quantifying risk
• Techniques for measuring and treating risk
• Actionable steps to enhance your risk management next week

Breakout 3 (3 concurrent sessions)

Scott Johnson, Meritrust Credit Union – A New Ownership Model for Vulnerability Management

Description: With vulnerability management being every security practitioner’s or CISO’s favorite topic, this session will take you through our journey towards effective management and a 70% drop in vulnerabilities over six months. We will discuss policies, leadership buy in, security team tactics, and tools to help make this a reality.

Josh Langas, Information Security Analyst, Dupaco Community Credit Union – CTI & Detection Engineering for Beginners

Description:  In this session you will be introduced to two exciting cyber topics, cyber threat intelligence (CTI) and detection engineering (DE), at a beginner level. Josh will define and breakdown what CTI and DE are and how they can be leveraged by small teams with limited resources. Josh will wrap up each topic with a Dupaco use case and describe how Dupaco applies CTI and DE concepts based on a recent CISA advisory.

Lastly, you will be provided some free resources to get started on your CTI and DE journey.

Tom Cesar, Pure IT Credit Union Services – Creating a Proactive Cyber Incident Response Strategy

Description:  In an era where cyber threats are constantly evolving, it is crucial for credit union leaders to stay ahead of potential incidents. This session will delve into the development and delivery of an effective cyber incident response plan, tailored to address emerging threats. Building on insights shared by other speakers, this presentation will focus on creating a proactive incident response strategy. Key components will include threat hunting, conducting tabletop exercises, and fostering real-time collaboration with third-party incident response teams. Attendees will gain a holistic yet practical view of incident preparedness and response, equipping them with the tools and knowledge to protect their organizations effectively.

3:15 – 4:00 PM: Jacob Aguiar, Cybersecurity Advisor, CISA – Addressing the global threat landscape by working with federal partners

Description: Gain a clear insight into the global threat landscape from a CISA perspective. Receive an overview of key CISA services and learn how to receive these no cost services. Understand the vital importance of an incident response plan. Change minds, get wins and create security engagement through the use of table top exercises. Learn why “Secure by Design” is way forward for the software industry.

4:00 – 4:45 PM:  Steve Koinm, Pure IT Credit Union – Back to the Future…of Hacking Physical Security Systems

Description: Join us for an encore follow-up presentation from CU Intersect 2023 as Steve Koinm looks at advancements in hacker tools and technology to show how physical security systems can be compromised.

Day 2 Agenda

8:30 – 8:45 AM: Emcees, NCU-ISAO & Pure IT CUSO – Welcome, Day 2 Overview
8:45 – 9:45 AM: Alex Goryachev – Artificial Intelligence Expert, WSJ Best Selling Author, Expert on Innovation

Description:  AI transformation is not about technology; it’s about people. Alex Goryachev, a leading authority on AI-driven workplace transformation, is at the forefront of this shift.  An estimated 40% of the global workforce will require reskilling in the next three years due to AI. Organizations must invest in talent development as much as in technology to stay competitive.

Alex Goryachev’s extensive experience in senior roles at major corporations like Cisco, IBM, Amgen, Dell, and Pfizer, coupled with his active involvement in the International Standards Organization, provides him with unique insights into guiding organizations through this transformative period. Additionally, as a Wall Street Journal bestselling author, his expertise is both recognized and respected widely in the industry.

​As AI continues to reshape industries, the ability to effectively blend human skills with AI capabilities will determine which organizations merely survive and which ones thrive. By partnering with Alex, you’ll equip your team with the knowledge and tools needed to excel in the age of AI, ensuring your organization not only survives but thrives in this new era.

9:45 – 10:45 AM: Michael Leonard, VP of US Business Development at PenTest Partners –  Cybersecurity: Today’s best (and safest!) form of Member Success

Description: : Mike  will be diving into the key role that cybersecurity plays to member security (and happiness!) in today’s challenging times. In just the past year, the credit union space has been stuck by countless Ransomware attacks, system outages, and 3rd Party issues. Mike will explore how to build a long term strategy using everyone – from the board to the C-Suite to the cybersecurity/ compliance teams to the members themselves – to win and stay safe in FY’24 and beyond!

11:15- NOON: Cloud Migration Panel: Strategies and Lessons Learned – Mark Frieden at Hughes FCU, CJ Daiker at MAPS Credit Union, Wayne Trout at NCUA, Kurt Long at BUNKR – Moderated by Masako Long, Janusea

Description: Join us for a credit union panel discussing various aspects of the cloud.   Learn the how and the why of moving from on-prem to the cloud, including the latest technology strategies, regulatory considerations, and more.  Credit union leaders will share lessons learned during cloud migration in a compelling and dynamic discussion moderated by Masako Long, VP of Sales at Janusea.

NOON – 1:00 PM:  Lunch & Sponsor Exhibits

Breakout 1 (3 concurrent sessions)

Alexandria Fontana, Software Specialist, CoNetrix – The Threat Galaxy: Top Security Risks to Your Organization

Description: Every organization is the center of their own universe and Risk Management is like the final frontier: We know there’s dangers and we know we should prepare for them, but how much? Is every risk worth mitigating? Should I worry about risks that are out of my orbit? Join this session to learn the top security risks to your organization, how you can prepare for them, and explore the edges of the Threat Galaxy.

Jonathan Davis, Director of Field Strategy at Silverfort – Iceberg Ahead! The hidden dangers with Active Directory and Service Accounts that lie below the surface

Description: Active Directory has been around for 25 years and was not designed with security in mind. Because of this, the blind spots around AD are being exploited more, especially service accounts. Come learn why service accounts have been so tough to discover, why many companies can’t secure at scale, and learn how to protect these accounts like never before.

Adam Barrett, Director of Cyber Fraud at DefenseStorm – Unite to Fight the Growing Threat of Cyber Fraud

Description: The data is clear, cyber fraud is a growing risk for credit unions. According to the 2023 LexisNexis® True Cost of FraudTM study, successful fraudulent transactions in US financial institutions increased by 58% between 2022 and 2023. And with cyber criminals just beginning to leverage AI to make their attacks even more sophisticated, this trend will only get worse.

Take heart, there is hope in the fight against cyber fraud! Proactive credit unions are bringing together teams from infosec and fraud to exchange information and develop new approaches to fight fraud. Referred to as “fraud fusion centers,” this collaborative approach is already delivering results and promises to help banks and credit unions turn the tide against cyber fraud. A 2023 Gartner® report states directly that “Security-Cyber-Fraud Fusion Is the Future of Online Fraud Detection” for financial institutions.

With this innovative approach, you can stop fraud before funds leave your credit union to avoid losses, streamline operations, and defend your brand reputation. In this session, you’ll learn about trends in fraudulent activities, how to identify potential threats early, and the steps you can take to implement robust security measures that will protect your credit union and its members.

Breakout 2 (3 concurrent sessions)

Chris Catanzaro, VP of Global MSSP & Channel, Halcyon – Ransomware: Motive & Opportunity

Description: Ransomware has rapidly become one of, if not the most serious global cybersecurity threat. This presentation provides a comprehensive overview of evolving ransomware trends, examining sophisticated tactics such as double extortion and the rise of Ransomware-as-a-Service (RaaS). These innovations have democratized cybercrime, allowing attackers of all skill levels to launch large-scale attacks. By understanding the economic and motivational dynamics behind ransomware, participants will gain actionable insights to better protect their organizations from this growing threat.

Brian Hinze, VP Member Services & Operations, NCU-ISAO – The Dangers of Deepfakes to Credit Unions and their Leadership

Description: Deepfakes pose a significant threat to credit unions by facilitating fraud, identity theft, and misinformation. This session will explore how these deceptions can undermine trust and damage reputations, specifically targeting credit union leaders. Learn about detection and prevention strategies to protect your organization from this emerging digital threat.

Michael Weaver, CISO, edgefi – Creating a Strong Cyber Culture from the Top Down

Description: Cybersecurity is everyone’s job. It’s everyone’s job to install MFA, it’s everyone’s job to lock thier computers, it’s everyone’s job to not click that phishy link. It seems simple, but as we all know, that’s not always the case. Join us in a conversation about building a strong cyber culture from the top down. We will explore how strong leadership creates a strong team and discuss the details of how to help build that at your company.

Breakout 3 (3 concurrent sessions)

Aisa Burke, Customer Engineer, ZeroNetworks – How Credit Unions Can Ruin an Attacker’s Day: Network Segmentation

Description: The topography of a credit union is unique and requires a multi-faceted cybersecurity strategy to halt lateral movement, satisfy PCI requirements, and gain visibility into and control of network communications. Check the boxes and protect multiple servers and endpoints across myriad locations with segmentation – we’re here to show you how, with real-world examples gained from working with one of the largest credit unions in the US.
Join Zero’s interactive roundtable to discuss key components of a modern, zero trust architecture specific to credit unions:

  • Network Segmentation: Effectively prevent lateral movement and ransomware attacks, safeguarding your network down to the asset level regardless of your organization’s topography.
  • PCI Compliance: Check the compliance box with network-layer, just-in-time MFA that blocks unauthorized access across your network. See how detailed logs and visualizations support compliance efforts and facilitate comprehensive reporting for audits and security reviews.
  • Network Visibility: Identify and understand network relationships with real-time and historical data that details how different assets and users interact within the network.
Suzanne Kelly, vCISO, Pure IT – How to Talk Cybersecurity with the Board of Directors

Description: How we communicate and share information with the Board of Directors is vital – especially when it comes to cybersecurity. Attendees will learn how to translate technical jargon into business language, highlight the financial implications of cybersecurity, and foster a culture of security awareness at the board level. This session aims to empower leaders with the knowledge and tools needed to advocate for robust cybersecurity measures within their organizations, ensuring member data remains secure.

Idrees Rafiq, VP of Information Security & Risk Management, Cornerstone Resources – Exposure Management – Cyber is not just an IT Problem

Description: Expanding the view and scope of cybersecurity across the enterprise through the incorporation of traditional risk management and governance practices to develop a holistic view and understanding of cyber-related risks, impacts, and influences. A discussion on the expansion of Cyber Risk across the enterprise and how threat actors continue to navigate their way into systems, networks, and processes that can only be effectively mitigated with a comprehensive enterprise-wide program that includes governance, preparedness, and response that starts with the Board and flows down thru organizational culture and into everyday activities.

3:00 – 3:30 PM:  Break & Sponsor Exhibits
3:30 – 4:30 PM: Wayne Trout, NCUA – Update on the Cybersecurity Examination Program

Description: Join us as the National Credit Union Administration discusses key developments in the Information Security Examination (ISE) program, as well as key emerging threats to credit unions and how your organization should be prepared.  Delve into key takeaways from the 72-hour reporting rule, and what’s on the horizon for the future of examinations.

Day 3 Agenda

8:30 – 9:15 AM: Kurt Long, CEO, Founder & Philanthropist, BUNKR – Trust, Truth and Accountability in 2024 and Beyond

The speaker will explore:
* The relationship between trust, truth and accountability as it relates to our core institutions in the United States as well as in our individual lives
* Recent trends which undermine trust and endanger law and order as well as general trust in the world
* Finally, what we can do as institutions, leaders and particularly as individuals to turn the tide on these trends to create cultures of trust, truth and personal accountability. The result being that we are capable of withstanding escalating modern stresses on our institutions including increasingly ruthless cyber criminal attacks on individuals and businesses

9:15 – 9:45 AM:   Break, Last-chance Exhibits & Vendor Giveaways
9:45 – 11:15 AM:  Oliver Bagelman and Phil Schneider, Cyberbit, Live Fire Attack Exercise Incident Response Simulation

Description: CU Intersect has partnered with Cyberbit, a leading skill development platform and cyber range provider, to bring you a real-time cyber incident response exercise at this year’s conference!  Experienced Cyberbit trainers will conduct a live investigation of a security incident as it unfolds in real-time, simulated in Cyberbit’s hyper-realistic cyber range.

Key Takeaways:

• Gain experience and insight as you help a SOC analyst investigate and respond to an attack in real-time.
• Get feedback from an expert cyber trainer, and improve your knowledge of best practices, tools, and threats.
• Follow along as a hyper-realistic cyber range recreates the SOC experience, including the networks, the attacks, and the security tools.
• Observe how industry experts leverage market-leading SIEM platforms, firewalls, and network analysis tools in the incident response process.

11:15 AM – 11:30 AM:  Closing Comments & Conference Adjourn