Daniel Miessler, Founder at Unsupervised Learning

Keynote Session: Killer Context: How AI Will Disrupt Software and Security

Bio:  Daniel Miessler is a highly accomplished security leader and the Founder of Unsupervised Learning. With a remarkable ability to blend technical problem-solving, first principles thinking, and crisp narrative, Daniel has become a trusted advisor for some of the most prominent companies worldwide.

Drawing upon his extensive experience, Daniel has effectively resolved complex business, security, and technology challenges for numerous top-tier organizations. As an alumnus of renowned companies such as Apple, Robinhood, IOActive, and HP, he has consistently demonstrated his expertise in navigating the intricate landscape of cybersecurity and technology.

Throughout his career, Daniel has left an indelible mark on the industry, having worked in over a dozen Global 50 companies. Furthermore, his contributions extend beyond individual organizations, as he has provided invaluable consultation services to hundreds of companies within the Fortune 500. His insights and strategic guidance have been instrumental in helping these organizations fortify their security posture and embrace innovative technological solutions.

Steve Soukup, President/CEO at DefenseStorm

Keynote Session: From Cybersecurity to Cyber Risk Management

Bio:  Steve Soukup has served as Chief Executive Officer since 2020 and in that role is responsible for leading all aspects of the company’s business. He is passionate about building a community of trust among our teams and with our customers while also enabling our customers to do the same with their account holders.

Steve joined us as Chief Revenue Officer in May 2017 with a charge to drive growth for the business while leveraging his extensive experience serving the banking vertical. He was promoted to President in October 2019 and then to CEO in April of 2020. Under his leadership, DefenseStorm has set the standard for enabling banks and credit unions to achieve cyber risk readiness.

Steve has built world class customer-focused sales teams that have delivered double-digit year-over-year profitable revenue growth in fast paced and competitive environments. His background includes shaping a 100+ sales organization at e-banking leader Q2 to deliver 30% year-over-year revenue growth, as well as leadership positions at Intuit, S1 Corporation and KPN. Steve also has direct banking experience through management positions at Key Bank, BankBoston and State Street Bank.

Steve is a graduate of Boston College and earned a Master of Business Administration degree from Boston University. A native of Cleveland, Ohio, Steve and his family have called the Atlanta area home for over 10 years.

11:15 – 12:00PM: Randy Lindberg, CEO at Rivial Data Security – The Future of Cyber Risk: Quantification

Description:  In the cybersecurity world the term Risk Assessment brings about strong emotions in many people. Fear. Anxiety. Doubt. For years we have been told to do risk assessments, but very few people describe HOW to do an IT risk assessment.

Join Rivial Data Security’s founder as he reviews the fundamentals of a solid risk assessment, reveals advanced techniques for improving the measurement of risk, and uncovers secrets to success he has learned in his nearly two decades of designing and performing IT risk assessments.

Learning Objectives:
– Learn the fundamental building blocks of cybersecurity risk management
– Review the options for measuring risk
– Explore a simple process for cyber risk quantification
– Learn how to report cybersecurity to maximize ROI

12:00 – 1:00 PM: Lunch & Sponsor Exhibits

1:00 – 1:45 PM: Neal Roylance, Director of Security Research at RiskRecon, by MasterCard – Overcoming Threats in Your Digital Supply Chain

Description:  Every organization is experiencing cybersecurity threats within its digital supply chain. Whether that risk is seen or unseen, there is a weak link somewhere. As these risks continue to rise, it is critical that firms effectively assess, monitor, and manage supply chain risk to prioritize the threats that would have the largest impact on their business operations.

Join Neal Roylance to learn:
• Why supply chain risk management has become a priority
• How supply chain risk impacts your organization
• How you can manage supply chain risk effectively

1:45 – 2:00 PM: Transition time

2:00 – 2:45 PM: Elizabeth Osborne, COO, Great Lakes Credit Union & Scott Lenker, Manager, Information Security Operations, PSECU – Vulnerability Management: Best Practices for Credit Unions

Description: This session provides a comprehensive overview of effective strategies to manage and mitigate vulnerabilities unique to credit unions. Attendees will gain insights into the latest cybersecurity threats facing the financial sector and learn practical approaches to identify, assess, and prioritize vulnerabilities. The session will emphasize the importance of proactive vulnerability management to ensure the security and resilience of credit union systems and sensitive financial information.

2:45 – 3:15 PM: Break & Sponsor Exhibits

11:15 – 12:00PM: Anne Legg, Founder, Thrive Strategic Services & Clear Core – 5 Essential Strategies To Activate Your Credit Union Data

Description:  Many credit union leaders feel that their enterprise data is all over the place, and any data initiative feels too overwhelming and expensive to take on.
This explains why 92% of credit unions fail to leverage their data effectively. And according to McKinsey, the five reasons for failed data efforts are:
1. Lack of clear data strategy.
Only 30% of FI surveyed had a data strategy
2. Inability to translate data strategy into tangible use cases.
3. Do not have clear roadmaps.
4. Do not have foundational data governance.
5. Have not leveraged their talent to translate data into valuable action.

This session will share the five must-haves needed to master enterprise data activation and provide valuable actions you can apply to your credit union.

12:00 – 1:00 PM: Lunch & Sponsor Exhibits

1:00 – 1:45 PM: Austin Dodds, Physical Security Program Manager, STCU – Breaking the Bank: Lessons from a Recent ATM Skimming Attack

Description: This session will be a deep dive into the mechanics of a recent sophisticated ATM skimming attack. We’ll discuss the techniques employed by criminals to compromise ATMs and gain unauthorized access to cardholder information. Attendees will gain valuable insights into the attack’s modus operandi and emerge with a heightened awareness of the risks around coordinated skimming attacks.

1:45 – 2:00 PM: Transition time

2:00 – 2:45 PM: Mike Saylor, CEO, Black Swan Cybersecurity – Cybersecurity is not just an IT problem

Description: Mike Saylor, CEO of Blackswan Cybersecurity and Professor at the University of Texas in San Antonio, delves into the holistic perspective of cybersecurity. Prof. Saylor emphasizes that cybersecurity is not confined to IT but extends across all facets of a business, encompassing people, vendors, and the strategic use of technology and special services for enhanced protection and operational efficiency.

2:45 – 3:15 PM: Break & Sponsor Exhibits

11:15 – 12:00PM: Michael MacLean, Channel Sales Engineer at Cato Networks, CATO Networks – SASE: Empowering the Evolution of Credit Unions

Description:  During this presentation we explore the evolution of security. Discover how Cato Networks’ Secure Access Service Edge (SASE) is leading the charge in reshaping security. We’ll discuss the cutting-edge security features of Cato Networks SASE and shed light on why traditional, legacy security ideas have become obsolete in today’s digital landscape. Uncover the future of credit union security in this insightful session!

12:00 – 1:00 PM: Lunch & Sponsor Exhibits

1:00 – 1:45 PM: Josh Langas, Information Security Analyst, Dupaco Community Credit Union – How One CU’s Purple Teaming Journey can be Another CU’s Starting Point

Description:  Have you ever been curious about the benefits Purple Team exercises can bring to your credit union with a small security team? This presentation will help you do just that by expanding on how Dupaco Community Credit Union is working to implement Purple Team exercises with limited resources.

This presentation will cover how Dupaco’ Purple Team journey began and where it is today. Provide a high-level overview of how Dupaco is leveraging Purple Team exercises to train security team members on the TTPs used by threat actors, identifying and communicating risk generated during and after an exercise, and to gain a better understanding of your security tool stack. Lastly, provide a wrap up with an overview of topics discussed, where you can find resources to start your own Purple Team journey, and a Q&A.

1:45 – 2:00 PM: Transition time

2:00 – 2:45 PM: Steve Koinm, VP Professional Services, Pure IT CUSO – Hacking Physical Systems: How pentesting tools put your branches and office facilities at risk

Description:  Often overshadowed in a world of remote cyber attacks, physical security breaches can be just as devastating to an organization as the prior.

This session will discuss how “penetration testing” tools such as the Wi-Fi Pineapple and Flipper Zero can be used in combination with proximity to buildings and assets to compromise networks and gain entry to buildings and restricted areas.

See demonstrations of hacking in-action and learn how to better secure your organization’s physical assets along the way.

2:45 – 3:15 PM: Break & Sponsor Exhibits

3:15 – 4:00 PM: Panel: Joe Guidry & Monica Davis, Union Square Credit Union / Masako Long, Janusea / Jack Smith, Pure IT CUSO / Steve Soukup, DefenseStorm  – The Intersection of IT and Risk in the Battle Against Fraud

Description:

Join us for a captivating session that delves into the symbiotic partnership between IT and Risk, working harmoniously to combat and alleviate fraud within the credit union landscape. Our distinguished panelists include Monica Davis, Senior Vice President of Risk, and Joe Guidry, Chief Information Officer, both of Union Square Credit Union, an esteemed $650 million asset institution hailing from Texas; Masako Long, VP of Sales at Janusea, a revolutionary credit union and fintech middleware provider; and Steve Soukup, CEO of DefenseStorm, an avant-garde cyber risk firm exclusively dedicated to fortifying financial institutions armed with SIEM/SOC and cutting-edge fraud prevention software and services. Jack Smith, CEO of Pure IT CUSO will join as your moderator.

This engaging panel discussion will illuminate the pivotal roles between IT and Risk in meticulously selecting the optimal solution tailored to the unique needs of their credit union. The discourse will include a discerning analysis of potential Return on Investment (ROI) and fortified fraud prevention strategies, and the talk will extend to the seamless integration with the core, highlighting the invaluable synergy between IT and Risk. A pivotal juncture will be the exploration of a groundbreaking tool that augments organizational value, enriched by the collaborative efforts of IT and Risk experts.

Immerse yourself in this enlightening session, where the convergence of expertise culminates in a conversation to fortify credit unions against the ever-evolving landscape of fraud.

4:00 – 4:45 PM: Todd Hillis, Chief Intelligence Officer at IACI – SQL Injection: How an Old Attack Vector Led to the Biggest Hack of 2023

Description:  The MOVEit file transfer vulnerability is the biggest “hack” of 2023 to-date.  It all started with a simple SQL injection, an old but effective attack that has been around for quite some time. SQL injection has remained popular among bad actors as it is relatively easy to find, exploit, and then manipulate the data that is acquired.

In the case of MOVEit, the Cl0p ransomware gang’s team simply scanned for two things:

• MOVEit appliances with open HTTP/HTTPS pages
• Improper sanitization of SQL requests sent to the appliance

In this session, we will discuss how SQL injection works, how bad actors scan for it, and how it can be mitigated to prevent your credit union from becoming a victim of these attacks in the future.

Dr. Fred G. Kennedy III, Author, Speaker, Founder & CEO of Dark Fission Space Systems

Keynote Session: Why Swans Only Look Black In Hindsight – How We Always Underestimate the Impact of Innovation and What To Do About It

Bio: Dr. Fred Kennedy is Dark Fission’s Chief Executive Officer and co-founder. He served as the President of the space tug builder Momentus from September 2020 until January 2022. Prior to this, Fred worked at Astra as the company’s Vice President for Future Missions, focusing on small satellite production capabilities. He left federal service in 2019, after standing up the U. S. Department of Defense’ss (DoD’s) Space Development Agency (SDA), established by Acting Secretary of Defense Patrick M. Shanahan.

From 2017 until he became the SDA Director, Dr. Kennedy was the Director of the Tactical Technology Office (TTO) of the Defense Advanced Research Projects Agency (DARPA). Before this, he served as the senior policy advisor for national security space and aviation in the National Security and International Affairs Division of the White House Office of Science and Technology Policy (OSTP). In this role, Dr. Kennedy advised the President of the United States on matters related to space and aviation policy. He is active on multiple aerospace company advisory boards. Dr. Kennedy contributes to Forbes Online, primarily on space and defense issues.

Dr. Kennedy served over 23 years in the United States Air Force, where he retired as a colonel. During his tenure, he served as a Senior Materiel Leader in both the Air Force’s Space and Missile Systems Center’s Remote Sensing Directorate and the Air Force Lifecycle Management Center’s Battle Management Directorate. Prior to that, he was the lead for Space Requirements with the Joint Staff/J-8 in the Capabilities and Acquisition Division at the Pentagon and a chief for Spacecraft Payload Development and Test and Satellite Systems and Acquisition at the National Reconnaissance Office. From 2005 to 2008, while still in the Air Force, Dr. Kennedy served as a program manager at DARPA, where he created and managed efforts around spacecraft and satellite servicing, advanced space power and propulsion systems, and innovative space technologies.

Dr. Kennedy holds a Ph.D. in electronics and physical sciences from the University of Surrey, Guildford, Surrey, United Kingdom; a Master of Arts in organizational management from George Washington University; a Master of Arts in Strategic Studies from the U.S. Army War College; and Master and Bachelor of Science degrees in Aeronautics and Astronautics, from the Massachusetts Institute of Technology.

Mark Sangster, VP Chief of Strategy, Adlumin

Keynote Session: Finding Factors not Fault: Building Cyber Resilience for Credit Unions

Bio: Mark Sangster is Vice President, Chief of Strategy at Adlumin Inc., a cybersecurity technology firm that focuses on revolutionizing how corporate institutions secure sensitive data and intellectual property while achieving compliance objectives through its managed security services platform.

Before joining Adlumin, Sangster established his 25-year InfoSec career at industry giants like Intel Corporation, BlackBerry, and Cisco Systems. His experience unites a strong technical aptitude and an intuitive understanding of regulatory agencies. During his time at BlackBerry, Sangster worked on the first secure devices for government agencies. Since then, he has continued to build mutually beneficial relationships with regulatory agencies in key sectors.

In addition to his industry experience, Sangster is the author of No Safe Harbor: The Inside Truth about Cybercrime and How to Protect Your Business. His thought-provoking work and perspective on shifting risk trends have influenced industry thought leaders.

Sangster has spoken at international conferences and prestigious stages as an award-winning speaker, including the Harvard Law School and RSA Conference. He has appeared on CNN News Hour to provide expert opinions on international cybercrime issues. He is a go-to subject matter expert for leading publications and media outlets, including The Wall Street Journal and Forbes, covering major data breach events.

He holds a bachelor’s degree in psychology from the University of Western Ontario and a Business Diploma from Humber College in Toronto, Canada.

1:00 – 1:30 PM:  Mark Trinidad, Field CTO at Allure Security – Web of Deceit 2024: Trends in Online Brand Impersonation for Credit Unions & Taking Back Control

Description:  As online financial services boom, cybercriminals exploit members’ trust in their credit union by impersonating credit union brands online. When members fall victim, the impersonated credit union bears the brunt of the blame (whether deserved or not). Unfortunately, traditional methods of detecting deceptive websites, social media profiles, and apps based on name similarity alone miss about 70% of impersonation attacks – an alarming failure rate. But there’s hope!

In this insightful session, Allure Security will delve into its latest research on trends in online brand impersonations of credit unions for 2023 and beyond. You’ll learn the latest tactics, techniques, and procedures deployed by scammers against credit unions and the crucial role played by AI in stopping these scams. But most importantly you’ll come away with actionable steps you can take to protect your brand and members online once you return back to your daily duties.

1:30 – 1:45 PM:  Transition Time

1:45 – 2:15 PM: Samantha Torrez-Hidalgo, Software Specialist at CoNetrix Tandem – The Ins & Outs of Your Annual Report to the Board

Description:  Each year, your organization is tasked with creating and presenting a report to your board about your information security program. But what should be included in this report? What is most important to focus on to have an efficient and effective meeting? Join Samantha as she discusses the ins & outs of your annual report to the board and how to make the process easy to complete each year.
3 Key takeaways the audience will gain from the presentation: Learning about your board and their background, how to identify what’s important to include in this report, and establishing clear communication with your board about your information security program.

2:15 – 2:30 PM:  Transition Time

2:30 – 3:00 PM:  Lynn Boyd, Vice President Sales, Americas, Cradlepoint by Ericsson – Generative AI and Credit Unions: Safeguarding Your Intellectual Property

Description:  Generative AI platforms, like ChatGPT, Bard, and their counterparts, are making significant inroads in the credit union industry. Their capabilities in distilling complex financial data, drafting reports, and streamlining operations are undeniable. However, these advantages do not come without concerns. There’s a risk that sensitive credit union data, if inadvertently input, might become a part of the AI’s training set, posing potential exposure in future outputs. In this session, we’ll delve into the pros and cons of Generative AI in the credit union environment and share strategies on preserving the confidentiality of your institution’s proprietary data.

You’ll learn:

• Generative AI in the Financial Landscape: Get a comprehensive overview of how AI platforms, like ChatGPT and Bard, are revolutionizing credit unions.
• Data Distillation Techniques: Understand the intricate processes these platforms utilize to break down and interpret complex financial datasets.
• Report Drafting Capabilities: Discover the prowess of Generative AI in drafting comprehensive and accurate financial reports, streamlining the documentation process.
• Operational Efficiency: Learn how these tools enhance operational workflows, leading to improved productivity and member service in credit unions.
• Risks and Mitigation: Delve into the potential pitfalls, especially around data security, and the proactive measures to mitigate risks.

Arm yourself with a deeper understanding of Generative AI’s role in the credit union sector, and leave the session equipped with the knowledge and tools needed to harness its potential while ensuring the security of proprietary data.

3:00 – 3:30 PM:  Break & Sponsor Exhibits

1:00 – 1:30 PM:  Gordon Flammer, President & CEO, Datava – Why Credit Unions Need an ERP: The only way to be Data-Driven and Member Focused

Description:  Discover the perfect synergy between Credit Unions and an Enterprise Resource Planning (ERP) system in achieving data-driven decision making and a member-centric focus. Join us to explore how ERPs empower Credit Unions to harness data effectively, foster seamless member experiences, enhance operational efficiency, and drive explosive growth and ROI. Leave fully prepared to elevate your credit union to the next level.

1:30 – 1:45 PM:  Transition Time

1:45 – 2:15 PM:  Jonathan Davis, Director of Field and Product Strategy, Silverfort – How credit unions are eliminating the blind spots of Active directory

Description: We will discuss how attackers are using the weakness of Active directory and exploiting common admin interfaces and service accounts to move laterally in your network and how addressing identity security is key to stopping this.

2:15 – 2:30 PM:  Transition Time

2:30 – 3:00 PM: Open session (see other breakouts)

 

1:00 – 1:30 PM:  Elizabeth Houser, Director, Cyber Defense, DefenseStorm – Building Cyber Resilience: Turning Data into Action

Description:  

Join Elizabeth Houser, DefenseStorm Director of Cyber Defense, to explore the critical components of cyber resilience, focusing on the role of tabletop exercises and reliable data to enhance your credit union’s proactive response to cyberthreats. You’ll reduce risk, become more efficient, and lower operational expenses! During this educational session, you will learn practical applications for your credit union, including:

• The meaning and importance of cyber resilience
• The critical role of tabletop exercises in improving Incident Response Plans (IR)
• How to leverage reliable data to prioritize cybersecurity initiatives and improve your cyber risk management program

 

1:30 – 1:45 PM:  Transition Time

1:45 – 2:15 PM: Jon Nussbaum, Staff Sales Engineer and Choo Kim-Isgitt, Director, GTM Plans & Programs at Splunk – Integrating Threat Intel into your Cyber-Risk Management Processes

Description:  Cyber risk is becoming increasingly critical for all businesses, but especially businesses that manage customer finances. Learn from a practitioner and a business leader with experience in the field how to use current threat intelligence, both premium and open-source, as well as a wealth of data through NCU-ISAO, to reduce your cyber-risk.

2:15 – 2:30 PM:  Transition Time

2:30 – 3:00 PM:  Brian Hinze, VP, Member Services & Operations at NCU-ISAO – A Collaborative Approach to Fighting Online Banking Account Takeover

Description: Credit Union member accounts have been under attack for years; and the latest tactics used by fraudsters combine impersonated websites and convincing SMS lures to scare members and ultimately collect member online login credentials.  These compromised members accounts can lead to monetary losses and possible reputational risk.

In this session, we’ll discuss how one credit union is leveraging a combination of trends in information sharing intelligence from NCU-ISAO, additional partner intelligence and resources from our community, and working with their digital banking partners to identify these attacks as they emerge.

We’ll also discuss how credit unions can use these strategies to protect their brand, while also discussing NCU-ISAO member resources that may make this process a bit easier for organizations of all sizes.

3:00 – 3:30 PM:  Break & Exhibits

3:00 – 3:30 PM:  Break & Sponsor Exhibits

3:30 – 4:30 PM:  Steve Koinm, VP Professional Services at Pure IT CUSO & Gene Fredriksen, President at NCU-ISAO – Key Principles in Incident Response

Description: This session delves into essential strategies for managing and mitigating cybersecurity incidents effectively. This session outlines fundamental principles that guide organizations in crafting robust incident response plans, emphasizing timely detection, swift containment, and thorough recovery. Attendees will gain insights into orchestrating coordinated responses, minimizing damage, and fostering resilience against evolving cyber threats.

Ernest Chambers, Division Director, Critical Infrastructure at NCUA

Todd Finkler, Cybersecurity Advisor & Coordinator at NCUA

Keynote Session: Federal Regulatory & Exam Program, Cybersecurity Update

Bio:  All federally insured credit unions receive an NCUA examination on a periodic basis.1To ensure both compliance with applicable laws and regulations, and safety and soundness, a review of the credit union’s information security program is performed at each examination. The NCUA uses a risk-focused approach to examine credit unions’ information security to provide examiners flexibility to focus on areas of material current or potential risk relevant to each credit union’s unique business model. The objectives of an information security examination include:

• Evaluating management’s ability to recognize, assess, monitor, and manage information systems and technology-related risks.

  Assessing whether the credit union has sufficient expertise to adequately plan, direct, and manage information systems and technology operations.

  Determining whether the board of directors has adopted and implemented adequate information systems and technology -related policies and procedures.

  Evaluating the adequacy of internal information systems and technology controls and oversight to safeguard member information.