June 5-6

Westin Gaslamp Quarter Hotel, San Diego

Speakers

David Anderson

David Anderson is a manager and information security consultant for CliftonAllenLarson, with seven years of experience in the Information Technology field.  He has experience in networking, Linux, and managing a Microsoft Windows domain.  Currently, he performs, and provides project management for, network penetration testing, internal vulnerability assessments, and social engineering engagements within a wide range of industries. He has firsthand knowledge and experience using leading edge hacking/testing methods, including in external and internal network penetration designed to gain access to high value targets; Social Engineering Techniques designed to assess all aspects of company security “People, Rules, and Tools;” Techniques for email Phishing that result in remote access to company networks, bypassing improperly configured firewalls and proxy systems; Domain and network management.


Jerry Beasley

Jerry Beasley is a veteran information technology and security specialist with 30 years of performance in the IT field. Early in his career, Jerry managed information technology resources and developed information technology solutions for the United States Air Force. Later, he consulted for the Department of Defense as a Senior Information Assurance Analyst. Over this time, he has had a career concentration in Information Assurance (IA) Management with emphasis on Information Security controls, federal regulatory compliance, as well as system/software risk assessment. As an expert consultant in risk management, Jerry pioneered development of asset-based risk assessment methodology aligned with the NIST Cybersecurity Framework.


Chad Carrington

Chad Carrington is currently vice president for IT, Cybersecurity, and Facilities for Golden 1 Credit Union. He has been practicing IT and information security for the past 16 years. He started his technology career as a technical business analyst defining software requirements for enterprise systems at Intel, progressing into software architecture and development, then management over enterprise software development for Intel. In 2008, he started with Golden 1 and was responsible for IT Infrastructure. Over the years, he has led complex hardware and software environments, large scale system upgrades, all while keeping a very close eye on information security. He applies a practical, business first risked based approach to all IT and security related activities.


Mauriceo Castanheiro

Mauriceo Castanheiro, Director of Fraud Analytics at Verafin, has more than 15 years of experience in fighting fraud. In his previous role at Royal Bank of Canada (RBC), one of Canada’s largest banks and one of the largest banks in the world based on market capitalization with operations in 41 countries, he held key positions within Fraud Management including Operations, Analytics and National Office Strategy.  He represented RBC on the Interac Risk Management Group which is Canada’s national debit card network. He was responsible for various portfolios at RBC including debit card and account fraud, loan fraud and insurance fraud. He led various initiatives that resulted in hundreds of millions in savings within RBC and across the industry. In his role at Verafin, he is responsible for the overall Analytics strategy and assisting in bringing new solutions to market.


Jonathan Cohen

Jonathan Cohen is a founding partner of Joseph & Cohen and its Head of Litigation. An AV peer review rated attorney with more than 20 years of experience, he is a skilled trial lawyer with extensive experience in complex commercial disputes, banking, insurance coverage, and employment law. He represents a wide variety of clients including banks and financial service companies in corporate and litigation matters, including IT outsourcing, contractual disputes, insurance coverage for data breaches, and other operational matters, including cybersecurity. He has represented financial institutions; publicly traded companies in connection with employment agreements, clawback issues, indemnification, separation agreements and non-compete provisions; and technology companies in unfair competition and trade secret litigation.

ABOUT JOSEPH & COHEN: Joseph & Cohen is an AV® rated law firm based in California that emphasizes complex banking, corporate, regulatory, securities, litigation, employment and transactional matters.  It is known for sophisticated expertise, extraordinary commitment to clients, relationship-based services, and a range of specialized capabilities typically found only in the largest American law firms. Learn more at: http://josephandcohen.com/


Rob Fraser

Robert Fraser is a senior sales specialist for CUNA Mutual Group. In this role, he is responsible for ensuring high quality, proactive support in the sale and retention of Corporate Property & Casualty products. He works with credit unions with assets greater than $3 Billion. He joined CUNA Mutual Group in 2016; before that, he held positions at Executive Risk, Aon Corporation, and Travelers. His roles ranged from underwriting, to executive and professional liability brokering, to overseeing a regional management liability book of business.


Gene Fredriksen

Gene Fredriksen is the Chief Information Security Officer for PSCU. In this role he is responsible for the development of information protection and technology risk programs for the company. With more than 30 years of IT experience, the last 20 focused specifically in the area of information security, he has been heavily involved with all areas of audit and security. He is a Distinguished Fellow for the Global Institute for Cyber Security and Research, headquartered at the Kennedy Space Center. The Institute is a partner with the Department of Homeland Security, other agencies, academia, private industry and organizations focusing on the advancement of Cyber Security. He is also the CEO and Executive Director for the National Credit Union – Information Sharing and Analysis Organization (NCU-ISAO).  The organization is a not for profit entity dedicated to the sharing and analysis of Cyber and Operational Intelligence specific to the Credit Union Sector.

ABOUT NCU-ISAO: The mission of the NCU-ISAO is to enable and sustain Credit Union critical infrastructure cyber resilience and preserve the public trust by advancing trusted security coordination and collaboration to identify, protect, detect, respond and recover from threats and vulnerabilities. See more at: www.NCUISAO.org


Matt Froning

Matthew Froning is CIO of Security Compliance Associates. He is a TS-SCI with Full Scope Polygraph cleared Information Technology / Information Security Analyst credentials with Security Compliance Associates (SCA). Having spent the past 21+ years supporting the United States Air Force, as both an active duty member and federal contractor, Matt led technical assessments, evaluations and integration of multiple complex Network Warfare products, identifying shortfalls, gaps and capabilities critical to the Air Force’s network operation mission. After active duty, Matt was the Regional Manager, Cyber Operations Division for ManTech International Corporation, where he led the daily operations of a nearly $8 million government contract, while also conducting vulnerability assessments for several Fortune 500 corporations & providing critical information on vulnerabilities and solutions to ensure the integrity and security of their networks.

ABOUT SCA: Security Compliance Associates specializes in delivering world-class information security assessments to credit unions across the country. In a little over 12 years, we have completed 1,000+ credit union information security engagements, helping protect multiple billions of dollars in assets and countless member records. Learn more at http://www.scasecurity.com/


Remi Gonzalez

Remi Gonzalez is a senior vice president with Public Communications Inc. in Chicago. She has more than 20 years of experience in communications, including journalism, issues management and crisis communications, media relations, media training, and digital and social media strategy. At PCI, she works with a diverse group of clients in fields including business-to-business, law, retail, healthcare and nonprofit, earning more than 20 awards along the way. She has extensive experience with crisis management situations, including cybersecurity breaches, reputation issues, corporate reorganizations and reductions in force, and more. She has more than 15 years’ experience leading sessions for senior executives and staff on how to communicate effectively with customers, reporters and other important audiences during crises, as well as during positive events.

ABOUT PCI: Public Communications Inc. is a national communications firm that specializes in crisis management, including the unique challenges of cybersecurity incidents. We provide preventive measures such as communications planning before an incident, and response after an incident occurs. Our senior counselors help clients assess issues, gain control and maintain public confidence. Learn more at http://www.pcipr.com/


Mike Hepple is a Principal Cyber Security Consultant for BAE Systems Applied Intelligence, a practitioner with over 10 years of experience working with Government and Financial clients to analyze, secure and exploit intelligence. Mike now uses these same techniques with Credit Unions across the country performing penetration tests, social engineering, incident response and vulnerability management. Harnessing BAE System's world class threat intelligence team, Mike and his team tracks criminal techniques and ensures their clients are protected from the very latest threats.


Jeffrey Korte

Jeffrey Korte is a security practitioner possessing over 24-years’ experience in the financial services sector and ten security domains. As a former community Bank Security & Information Security Officer, he specialized in developing loss prevention & cyber security programs, identifying, designing and executing new initiatives optimizing operations, while reducing financial loss through full-bodied cross channel, layered security fraud, loss prevention and physical security safeguards.

ABOUT FS-ISAC: The Financial Services Information Sharing and Analysis Center, launched in 1999, was established by the financial services sector in response to 1998's US Presidential Directive 63. That directive - later updated by 2003's US Homeland Security Presidential Directive 7 - mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure.


Bob Lipot

Robert “Bob” Lipot began his banking career nearly 40 years ago, working both in commercial banking and federal and state banking supervision. After working in commercial banking, he joined the FDIC in 1984 and became an IT examiner in 1989. He worked with the FFIEC on IT Handbook updates, was the FDIC’s liaison for the Visa entities, and became a lead instructor for the FDIC’s Technology Course. His first retirement (from the FDIC, after 22 years of service) was in 2006. The following year, he joined the California Department of Business Oversight (DBO), to initiate and run an IT examination program for banks and credit unions. In that capacity he developed the guiding documents, and the training and mentoring programs.  He has trained and mentored several bank and CU examiners, and is working with other DBO divisions to train their staff in IT reviews.


Rick Metsger

Rick Metsger is a member of the NCUA Board, a position he assumed after being chairman of the board from April 2016 to January 2017. Previously, he served as a board member since 2013 (and vice chairman since 2014). As chairman, he pursued a review of the agency’s exam and supervision process via the “Exam Flexibility Initiative,” which recommended changes to the board last fall. As a board member, he continues to watch over implementation of the changes. Prior to joining the NCUA Board, he owned his own strategic communications consulting firm focused on the areas of financial services, capital construction, energy and transportation. He served for 12 years in the Oregon State Senate, where he chaired the Business and Transportation Committee and was elected President Pro Tem in 2009. He worked extensively in areas of financial services, taxation, and consumer protection policy, and served on the Oregon State Treasury Debt Policy Advisory Commission. In addition to consulting and public service, he has worked as a teacher and a radio and television journalist. From 1993 to 2001, he served on the board of directors of the Portland Teachers Credit Union.


Chad Nordstrom

Chad Nordstrom is Manager in the Information Security Services Group for CliftonLarsonAllen. He is part of a team of technology and industry specialists providing IT audits, security assessments, and incident response for clients in a wide range of industries and diverse operating environments. He is responsible for the continuing development of the tools, applications, and techniques used in security audits, incident response, and forensics. He is actively involved in the information security and forensics industry.  For several years he has been a part of the Defcon Speaker Operations team, was a prior president of the Minnesota High Technology Crime Investigation Association (HTCIA), SANS training event facilitator, and recently was a member of the International Association of Computer Investigative Specialists’ (IACIS) accreditation subcommittee and was tasked with developing a position paper in response to the Department of Justice’s Recommendation on Digital and Multimedia FSSP Accreditation.


Randy Romes

Randall Romes is a principal in the Financial Institutions and Information Security Services group at CliftonLarsonAllen, where he leads a team of technology and industry specialists providing IT audits and security assessments for clients in a wide range of industries and diverse operating environments and has provided independent security assessments and IT audits for credit union clients for more than 17 years. He is responsible for the continuing development of the open-source, Unix, and Windows applications used in all of the security audits, and he leads the firm’s PCI-QSA audit practice. He teaches IT Security Risk Management at the Graduate School of Banking at the University of Colorado in Boulder. 


Pete Sedgwick

Pete Sedgwick is an Information Security and Technology leader in the Credit Union industry. At Baxter Credit Union, he served as the Director of Cloud & Information Security leading their movement to the Cloud and Information Security strategy. He has over 4 years’ experience securely migrating business solutions to Azure and reduced BCU’s data center footprint by over 41%. Pete is passionate about building security programs focused on employee education, policy, procedures, technology and incident response. He brings with him 17 years of experience in information systems and is CISSP certified.


Tim Segerson

Tim Segerson is Deputy Director of the Office of Examination and Insurance (E&I) with the National Credit Union Administration, where he is responsible for overseeing the day to day operations of E&I and assisting the Director with the implementation of National policy relating to examination, supervision, insurance and guaranty fund risk management.

 


Patrick Sickels

Patrick Sickels of CU*Answers began his career as an attorney, and quickly branched out into the technological services industry, where he used his legal skills to help companies manage their compliance requirements. He used these skills to develop into a classically trained auditor and risk manager. He is a Certification Information Systems Auditor (CISA) and also has the Certified in Risk and Information Systems Control (CRISC) designation. He has done extensive work in designing risk models and control frameworks for a vast array of commercial, manufacturing, and financial firms. His specialty is the design of compliance models which meet legal standards at the lowest possible cost for the organization.


Eric Scales

Eric Scales is a Director in Mandiant’s Denver office with more than 17 years of experience in consulting services and information security.  His primary role is to lead Mandiant engagements and to direct the activities of the Denver consulting team. He has expertise conducting enterprise-wide incident response, red team operations and penetration testing, and strategic corporate security development.  He has significant experience working with the healthcare industry, technology industry, and Fortune 500 companies. He performs incident response and forensic analysis for global companies with hundreds of thousands of systems throughout the world, and has led incident response teams in multiple Advanced Persistent Threat compromises across a broad range of threat groups.


Jim Stickley

Jim Stickley of Stickley on Security is the 2017 Keynoter. One of the premiere cybersecurity experts in the nation, Jim has more than 20 years’ experience in the cybersecurity field. He’s CEO of Stickley on Security, a firm focusing on cybersecurity education and awareness solutions. Over the course of his career, he notes that he has been involved in “thousands of security services for financial institutions, Fortune 100 corporations, healthcare facilities, legal firms, and insurance companies,” according to his website. Additionally, he has been a consultant for Fox News, CBS and NBC networks, as well as the Associated Press. His views and commentary on cybersecurity have also been featured in stories and items in such publications as Time, Business Week, Fortune, the New York Times, PC Magazine and more.