Day 1- Sunday, June 25th

11:00 AM - 11:45 AM Registration

11:45 AM - 12:00 PM Orientation

12:00 PM - 12:15 PM Ice Breaker


Jason Harrell

Head of TRM Risk Analysis and Reporting
Depository Trust and Clearing Corporation (DTCC)

Plenary Session

12:20 PM - 12:55 PM Fifty Shades of Grey- Ethical Challenges of Today’s CSO

Vincent Grimard, Chief Security Officer, Nelnet
This session is designed to highlight the challenges of today’s security executive AND practitioner. Today's control standards are all subject to interpretation which allows for different qualities of 'solutions' that may meet compliance but not security. Likewise, businesses today will tend to spend enough to become compliant but not necessarily secure. Challenges between truly secure and a publicly defensible position abound.


Vincent Grimard

Chief Security Officer
This is a fast-moving, multi-topic session comprised of a series of Quick Fire presentations. Each speaker has a total of ten minutes to get through up to 10 slides. Each individual presentation will focus on one specific challenge that cyber security executives are facing; and will provide actionable solutions that can be used to effectively overcome these challenges.

A. Pre-empting Executive Cyber Attacks Through Digital Privacy, Speaker: Rich Matta, CEO, ReputationDefender

B. Rethink the Interplay of Cyber and Physical Security Roles, Speaker: John Lee, Director of Corporate Partnerships, SureID


John Lee

Director of Corporate Partnerships

Rich Matta

Chief Executive Officer

Vendor Session

1:20 PM - 1:50 PM Say Goodbye to Vulnerabilities and Zero Day Exploits, Introducing Autonomous Application Protection

Kunal Anand, CTO, Prevoty
Knowing is half the battle when it comes to protecting applications and their sensitive data.

Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality — not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.

This session will review real-life case studies about enterprises that are adopting a savvy, new approach to protecting sensitive data and mitigating threats real-time. Explore available game-changing tools that are placed at the front of the line—directly in the application’s operating environment—to immediately lower risk and act as a compensating control at runtime.
In the case studies, explore ways to improve forensics, see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Through a demonstration observe live production attacks and generation of real-time security event logs and reports. Security teams can then correlate pre-production vulnerability scan results with runtime attack logs to go back, remediate based on actual risk—not just hypothetical threats. The result? Improved forensics.


Kunal Anand


1:50 PM - 2:05 PM Networking Break

2:05 PM - 2:35 PM Business Meetings

2:35 PM - 3:05 PM Business Meetings

3:05 PM - 3:35 PM Business Meetings

Master Class A

3:40 PM - 4:25 PM Best Practices and Future Direction of Security Awareness Training

Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4
Why do cybercriminals target Financial Services organizations? “It’s where the money is!”

Leverage effective security awareness and behavior management practices to strengthen your human firewall and gain greater organizational resilience.
Ignoring the human side of cybersecurity will leave your organization and customers vulnerable. Reported numbers may fluctuate from industry study to industry study, but they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Employees are often the last line of defense between a sophisticated cyber-scam and your systems, data, and customers.

Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start. This session will provide practical security awareness and behavior management tips, outline how and where tools are helpful, and discuss emerging industry trends.


Perry Carpenter

Chief Evangelist and Strategy Officer

BrainWeave A

3:40 PM - 4:25 PM When Shrinkage is Good – Reduce Incident Response Times from Hours to Minutes

Paul Oshan, VP Global Sales, Demisto
Is your security team challenged with alert fatigue, a shortage of skilled staff, and maximizing the company’s product arsenal investment?

Solving such challenges isn’t easy and requires a delicate balance of people, processes, and tools. Investing in a comprehensive platform that enables security operation teams to reduce MTTR, create consistent and audited incident management process and increase analyst productivity is a step in the right direction.

Attend this round table to learn how a security orchestration platform can automate manual-intensive tasks and reduce response times from hours to minutes. See how the product’s machine learning suggestions can help your team become smarter with every incident and resolve complex threats faster and more accurately.

Benefits from shrinking your time to respond for every incident include:
•Improve your overall security posture,
•Enhance analyst productivity (from Tier 1-3), and
•Future-proof security operations.


Paul Oshan

VP Global Sales

4:30 PM - 5:00 PM Business Meetings

5:00 PM - 5:30 PM Business Meetings

5:30 PM - 6:00 PM Business Meetings

The Chief Information Officer serves as a “translator” between the business and technology divisions of the enterprise. The executive’s role is becoming more risk focused and is much more business-oriented than solely Information Technology. The CISO within financial services has the added task of meeting regulatory compliance while achieving corporate security requirement.

The CISO must be able to talk in business lingo and go back to talking competently on technical issues.

•Navigating changing regulations and legislation and gauging impact on business
•Assessing current threats, common vulnerabilities, emerging technologies and impact within specific environment


Karl Schoen-Rene

Knights of Columbus

Nashira Layade


Jeff Brown

Business CISO and Senior Risk Officer (CSIRO)
BNY Mellon Investment Management

Mignona Cote


Genady Vishnevetsky

Stewart Title

6:45 PM - 7:45 PM Networking Reception with Buffet