CU Intersect 2022 Conference Agenda

Gene Fredriksen, President, NCU-ISAO

Description: To understand where we are and where we are going requires an understanding of where we’ve been, and what got us here.  This session will survey recent significant events in the world of security to highlight key lessons learned and how they have both transformed our operating environment, as well as how these lessons can be applied in today’s modern security strategy.

See adjacent breakout-specific agenda pages for session topics and times

See adjacent breakout-specific agenda pages for session topics and times

Success Stories in Emerging Technology

Facilitated by: Jack Smith, CEO, Pure IT CUSO

Panelists: John Ainsworth, CEO, Bonifii CUSO

Jim Daly, CIO, Diamond Credit Union

Darius Wise, Interim CEO, Red Rocks Credit Union

Libby Calderon, President/ COO, Envisant

Description: We all know technology is evolving at a rapid pace, and security technology is no different.  Join this facilitated discussion to learn about some of the types of solutions that have been successfully deployed by credit unions in recent years, and how those technologies solved real-world challenges for IT and Security Teams.

Join your peers for this great networking opportunity and let loose with drinks, hors d’ouvre, and music as we wrap up a successful first day of CU Intersect!

Gene Fredriksen, President, NCU-ISAO & CISO Consultant

Description:  Today’s Boards have many duties in addition to the new focus on cyber. Additionally, today’s Boards can sometimes lack deep cyber security experience. As a result, the cyber security function may have to take the lead in developing the communications and measures. The design of meaningful, easily understood metrics that connect to the CU is foundational to building a strong partnership. This session discusses the strategies and measurements a cyber security group should establish for Board communications. We will discuss strategies in use by CU’s today, that bring strong results and meet business and regulatory needs.

Scott Jordan, Agile GRC Solutions

Jonny Hay, Acuity Risk Management

Description:  Session Objectives:
• Understand the capabilities of integrating the GRC lifecycle with Credit Union regulatory requirements.
• Provide a better understanding of digitizing a 360-degree view into your organization’s risk and compliance posture.
• Articulate the “art of the possible” around Data Governance and how various GRC technologies and processes can mitigate your organization’s risk exposure.
• Discuss the benefits of combining industry best practices with leading technologies can address your organization’s regulatory risk.

See adjacent track-specific tabs for presenters, topics and times.

Evolving Vendor Due Diligence

Facilitated by: Kyle Stutzman, CRO & Co-Founder, Pure IT CUSO

Panelists:

Idrees Rafiq, VP, Information Security & Risk Management Consulting

Stephenie Southard, CISO, Baxter Credit Union

Ben Corman, Director of Information Security & Governance, Digital Credit Union (DCU)

David Whitwell, GVP, Strategic Advisory, Splunk

Description: Effective risk management through due diligence in today’s world now requires an understanding beyond just two parties.  Inherent risk through supply chain and a vendor partner’s own suppliers has changed how relationships are evaluated.  In this session, you’ll hear how credit unions are evolving their policies and procedures to deepen their understanding of risks born from credit union to vendor partnerships.

Brian Hinze, VP Member Services & Operations, NCU-ISAO

Description:  The NCU-ISAO works to support resilience of the credit union sub-sector of financial services through information sharing of cyber and fraud threats, regulatory compliance and operational best practice.  Learn how this information flows to and from ISAO members to support organizational resilience, and how the power of information sharing works to support the credit union industry.

Let’s cap off Day 2 with another great networking event featuring networking, drinks and hors d’ouvres!  Presented by ObserveID.

Ernest Chambers, Director, Critical Infrastructure Division, NCUA

Wayne Trout, Regional Information Systems Officer, NCUA

Amber Gravius, Acting Director of Business Innovation, NCUA

Description:

o Current Cyber Threatscape
o Supervisory Priorities and Exam Scope
o MERIT Examination Program & Modernization Effort
o ISE (InfoSec Exam) Program
o Resources & Best Practices (Tour de’ Table)
o Questions and Answers

Illena Armstrong, President, Cloud Security Alliance

Session Description:  Cloud underpins everything we do and is indeed being fast-tracked as the foundational element of all our future powers of compute. But with the many benefits of cloud services, come myriad challenges that must be managed and solved. This session explores just some of the issues that are coming to the fore as more and more organizations have decided to accelerate their journeys to the cloud — especially during these last two to three years —and shares some of the tools that can help cloud, cybersecurity and executives teams tackle them.

Steve Koinm, VP, Professional Services, Pure IT CUSO

Description: “Resilience” may be a buzzy word, but security resilience is driven by real concepts driven by real industry trends.  This session will discuss these topics and provide actionable advice on building a resilient security program.

Brian Hinze & Gene Fredriksen, NCU-ISAO

Description: As we wrap up CU Intersect 2022, this session will serve to tie the overarching themes of the conference and discuss the next step of putting things into action at your credit union.

Randy Lindberg, Founder and CEO, Rivial Data Security

Description: If you struggle with the challenges of managing a cybersecurity program, or if you want to catch up on the latest practices, join us to learn new techniques for making IT risk and compliance easier than you thought possible.

Attendees will learn how to:

• Master the complexity of cybersecurity
• Comply with regulatory guidance
• Gain confidence in your cybersecurity program
• Present the right information to executives
• Stop worrying about security

Michael Crofts, President, Maple Street

Description:  This session will provide attendees a comprehensive overview of the vendor management process, from the current trends in the industry to selecting and evaluating potential vendors with a risk-based lens.  Learn the key components of a modern vendor management system, objective assessment of future partners, the contract process, and how to effectively measure their performance.

Kevin O’Connor, Director of Threat Research, Adlumin

Description: The key to success is knowing what your SIEM’s capabilities are and how they can better serve your organization. We will start with the type of data a financial institution ingests and how that would be different with a SIEM.  We will discuss what you should expect from your current Security Information and Event Management (SIEM), or demand if you’re buying a new SIEM. We will also cover the types of on-demand reports you should require in the platform and how you can comply with FFIEC CAT requirements. What you will learn:

-Live Monitoring: You should have real-time visibility and analysis into every identity and system within the enterprise.

-World-Class Artificial Intelligence: Any SIEM you purchase should have Artificial Intelligence and Machine Learning.  User & Entity Behavior Analytics (UEBA) constantly hunts a network for anomalous and malicious behavior to discover attacks that you have never even considered.

-PCI Compliance: In seconds, should allow you comply with the hardest parts of PCI DSS compliance.

-Federal Financial Institutions Examination Council (FFIEC) FFIEC CAT Compliance: Your SIEM should allow you to quickly analyze and answer FFIEC CAT Inherent Risk Profile and Cyber Maturity Risk Questions, becoming your System of Record for FFIEC CAT Compliance.  Your SIEM should give you the ability to print off reports that match the exact log requirements that your financial auditor is asking you to provide to them.

Donald Monistere & Jason James, General Informatics

Description:  De-risking in 2014 was often looked at as de-banking with concerns of anti-inclusionary practices, but what is the right approach to risk in this predatory type of environment? We will discuss how Credit Union’s should be approaching Risk.

Buck Strasser, Founder, Clear Core

Description:  As credit unions continue their technology maturity journey key areas of business that are often left un-transformed are: security and risk management. Come learn how to use, and hear real-world stories about, the latest in technology and data analytics to help your credit union address risk and mitigate threats to your member’s data and your institution’s reputation. Want to remove the complexity from using data and technology to proactively protect your critical data infrastructure? Easy: Join us!

Camilo Ruiz, Information Security Manager, Dupaco Community Credit Union

Description:

This is a non-technical session for information security leaders from small- and medium-size Credit Unions with just a few security analysts. Today, many companies are adopting Adversary Emulation as part of their detection and response programs to respond to security incidents faster, efficiently and consistently.

This session will provide participants with strategies to help Credit Unions implement a Purple Team framework effectively. Some of the topics for this session are:

• Offensive Security Maturity Model.
• What is Purple Team?
• Assuming Breach with Purple Teaming.
• The use of tools before and after Purple Team.
• Roles and Responsibilities
• How implementing a Purple Team framework benefits Credit Unions regardless of the size.
• Budgets and Sr. Management buy-in.

Todd Hillis, International Association of Certified ISAOs

Description: This session will discuss key issues credit unions face to keep their networks, employees, and members safe.  Join this session for more on the human factor of information security, key issues and strategies on vulnerability management, and simplifying your approach to network defense.

Robbie Wright, Pure IT CUSO with Joey Badalament of Ingram Micro/Microsoft

Description:  How are you planning to move your credit union into the Cloud? During this interactive conversation, Robbie Wright, Senior Solutions Architect of Pure IT, joins Joey Badalament of Ingram Micro to offer leading industry best practices with the innovative Modern Mobility approach. This technology strategy ensures a secure, compliant, and efficient cloud roadmap exclusively for the credit union environment. From keeping your systems secure, to reducing the burden on your local staff, Modern Mobility offers a technology plan that is simple, logical, and cost-efficient. Alleviate common Cloud pain points as Modern Mobility leaves your credit union armed to answer:

• Overspending or Waste in your Technology Budget
• Security & Compliance Concerns
• Issues with on-prem servers
• Not wanting to deal with servers and backups
• Surprise Technology Costs
• Loss of IT personnel
• Frustrations with IT providers
• Challenges with Existing IT Vendors

Hayden Wood, Cybersecurity Executive, Darktrace

Description:  In this new era of cyber-threats, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing – and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data and people are protected, wherever they are. Today’s Autonomous, Self-Learning defenses are capable of identifying and neutralizing security incidents in seconds, not hours – before the damage is done.

Bryson Medlock, Perch Security / ConnectWise

Description:  What is Cyber Threat Intelligence (CTI) and what do you do with it? Today you can find CTI in the form of bad IPs, domains, and hashes (Indicators of Compromise or IOCs) from countless organizations that offer both public and private feeds. You can also find daily lists of IOCs on Twitter.

This talk will go through different types of CTI beyond simply IOCs and then discuss what can you do with this information from a practical standpoint. There’s so much more that you can do than simply adding bad IPs to your firewall blocklist. We’ll look at improvements you can make to your defenses from blocking to detection, and then how do you test your defenses and controls with full on adversary emulation.

Graham Westbrook, Technical Accounts

Curtis Gartenmann, Risk Intelligence Strategy at Flashpoint Intelligence

Description: An interactive, informal session by two former intelligence practitioners discussing their time in the US Intelligence Community (IC), DoD, Healthcare & Finance Industries. It’s a storytelling, ask-me-anything (AMA) event geared toward helping credit union security teams (cyber/fraud/physical) establish intelligence collections, build high-performing, intelligence-led programs and prepare for the next threat, not the last one.

Gene Fredriksen, President, NCU-ISAO

Steve Koinm, VP, Professional Services, Pure IT CUSO

Description: From our fiduciary responsibility

• Today’s Environment
• What are other Boards doing today?
• How serious is cyber-crime?
• What do we have that a criminal would want?
• What is the Board’s role?
• A framework approach
• What regulatory and legal responsibilities does the Board have?
• NCUA and regulatory expectations

The bad actors are organized.  They are taking risks but they reap great rewards.  Often funded by nation-states.​  The credit union board needs to determine what the risk profile is.   That profile then translates down to what actions are taken.  If it’s too big a problem, take the losses.  If the losses are too much, tighten up the controls.  But it is the board’s job to determine that.​

There is a lack of understanding of what you could do, what you should do, etc.  There are now tools to help guide that, but you then have to make a decision about whether you want to meet the minimum or be somewhere better.  Do you want to be known as the baseline, mediocre, or the best?​​

There is not usually a committee within the Board to handle and deal with technology.  And even more so, to deal with cyber issues.

Michael S. Edwards, Attorney-at-Law

Description: New data privacy rules are setting stricter compliance requirements for credit unions throughout the United States as data breaches at major corporations like Facebook and Marriott Hotels increasingly make national news.  The California Consumer Protection Act and similar state data privacy laws, as well as the European Union’s General Data Protection Regulation, set data protection and data breach notification requirements that likely apply to your credit union if any of your members live in one of those jurisdictions.  Many other states are considering following the California and European data privacy models.

In this session you will learn key data privacy requirement that your credit union should know, including:

•What new data privacy rules apply to your credit union;

•The key compliance requirements of the California Consumer Protection Act and other recent data privacy laws;

•How new data privacy laws relate to CFPB Regulation P and the federal Gramm-Leach-Bliley Act;

•Reputational and cybersecurity risks; and

•Data privacy best practices.

Sundeep Bhasin, Principal Security and Compliance Specialist, Amazon Web Services

Description:   Credit Unions are subject to a high bar from a regulatory compliance perspective. As CUs continue to adopt cloud to drive business and strategic objectives, security and compliance is a top priority. This discussion will help CUs gain confidence to securely develop cloud enabled workloads and exceed internal and external regulatory obligations.

Greg Schaffer, vCISO Services

Description:   Optimization is more than a buzz word, and for your credit union, ensuring that you are maximizing the value of your security leadership is critical. From accomplishing your business goals, to protecting your staff and members, discover how to unlock the full potential of your vCISO partnership.

Jeff Dent, Corelation

Description:  This session will begin with an overview of Corelation and their KeyStone core system and KeyBridge API’s. From there, attendees will hear a use case in which a credit union user’s role and permissions change based on their network location in order to better understand how modern core and technology solutions support the modern credit union model.