Monday, June 5 (registration opens at 8:15 a.m.; lunch at noon; reception, 6 p.m.):
9 a.m. -- 5:30 p.m.
Opening Remarks and Welcome (Brian Knight, NASCUS & Tracy Blaske, CUNA; Randall Romes, CliftonLarsonAllen (CLA))
Cybersecurity: Thoughts from the NCUA Board (The Hon. Rick Metsger)
Keynote Address (Jim Stickley, Stickley on Security)
Jim Stickley is proof that cybersecurity education can be entertaining. Over a long career, Jim has stolen credit cards, breached bank security, broken into government facilities protected by armed guards and stolen countless identities. Lucky for everyone that Jim is not a criminal, but one of the good guys, testing security measures and finding the weakness before the bad guys do.
The Current State of Cybersecurity and Survey of the Threat Landscape (Randall Romes, CLA)
From the IoT attacks to expanded ransomware and phishing, threat vectors facing financial institutions continue to evolve. This session will survey the state of cybersecurity in 2017.
Cybersecurity on the World Stage: International Trends (BAE Systems)
This session will help attendees understand the global picture of cybersecurity developments by focusing on trends internationally and how they relate to US standards.
Beyond Fraud: Combating Cyber-Enabled Financial Crimes (Mau Castanheiro, Director of Fraud Analytics, Verafin)
Industry expert Mauriceo Castaneiro will discuss advisories from FinCEN on Cybercrime and Email Compromise Fraud, the impact of cyber-enabled crimes on financial institutions and their customers, and best practices to detect, investigate and report cyber-related financial crimes.
View from the Trenches: Panel Discussion (Chad Carrington, Golden 1 CU, others TBD)
Our panel of practitioners, both security officers and examiners, will lead a discussion of their views on cybersecurity.
View from Trace Security
Breaches – Incident Response-Forensic and Crisis Communication (Chad Nordstrom – IT/Forensics (CLA); Jon Cohen, Esq., Partner, Joseph & Cohen, PC; Remi Gonzalez, Senior Vice President, Public Communications Inc.)
After a cyber intrusion, IT is mitigating the breach while the legal and marketing/media/communication department prepares for the aftermath. IT, Legal, and Communications should understand how to work together to best protect the institution.
Wrap-up and Day's Adjournment
Tuesday, June 6 (Continental breakfast at 8 a.m.; working lunch at noon):
8:30 a.m. -- 4:45 p.m.
The View From NCUA (Tim Segerson, Deputy Director E&I, NCUA)
NCUA shares its views on cybersecurity preparedness and supervision and will provide insights into regulatory initiatives
Ethical Hackers Perspective – 10 Things that Make a Hackers Job Easy (David Anderson, CLA)
Hackers and organized crime have monetized their activities and created a lucrative and robust black market industry for stolen personal financial information and personal identifiable information. The session will include “live demonstrations” of email phishing and social engineering attacks.
This session will focus on cloud computing, exploring the benefits and vulnerabilities of moving processing and data to the cloud.
Threat Intelligence (Jeffery Korte, Director, FS-ISAC)
Cyber Risk Rating an Institution (Matt Froning, Security Compliance Associates Inc.)
A cybersecurity risk assessment is critical to understanding the vulnerabilities of an institution. This session will focus on practical lessons on conducting a risk assessment, including what mitigating factors to consider and how to calculate an overall rating.
View From CUNA Mutual
What’s New in Cybersecurity Litigation and Enforcement? (Patrick Sickels, CU Answers)
This session will focus on notable cyber litigation and enforcement actions, focusing on what important lessons should be learned from the mistakes of others
Do You Know Who you are Dealing With: How Authentication Affects Prevention, Detection, and Response? (Craig Hoffman, Partner, BakerHostetler; Marshall Heilman, Mandiant)
Attackers often leverage “legitimate” credentials during an attack. Almost all breaches require the investigation of credential usage, & unless you are prepared it may be difficult to distinguish between legitimate and unauthorized activity. This session will review real-life examples of authentication failures & provide practical advice to prevent, detect & investigate credential misuse.
*Subject to change