April 4, 2017
8:00am – 1:45pm
Wall St. firms are no strangers to cyberattacks. Virtually every major firm has experienced its share of attacks, and these days most firms are among the most sophisticated organizations on the planet when it comes to defense. That said, a solid defense is no longer enough. Effective cybersecurity initiatives select from a solid portfolio of cybersecurity response solutions, including advanced analytics, automation, and next-generation threat intelligence. Share ideas with your peers, and pick up best practices from thought leaders among the vendor, analyst, and financial community to ensure your cybersecurity response is at the pinnacle of timeliness and effectiveness.
Join the conversation! Tweet us @WSTAORG and use #WSTAcybersecurity
Sponsorships are available – Contact email@example.com or call (732) 530-8808
8:00-8:30AM Registration and Breakfast (Breakfast sponsored by Verizon)
8:30-8:35AM WSTA Introductions: Raja Chris, Director, Head of Infrastructure, Annaly Capital Management, Inc. and a WSTA Director
8:35-9:20AM Keynote Presentation: “Next-Generation Cybersecurity for Next-Generation Threats”
Bio | Abstract
Johna Till Johnson, CEO & Founder, Nemertes Research
Johna Till Johnson is CEO and Founder of Nemertes Research, where she sets research direction and works with strategic clients. She has decades of experience in technology design, deployment, and operations. Under her leadership, Nemertes has emerged as a leading trusted advisor to Fortune-50 and other world-class organizations.
Ms. Johnson specializes in emerging technology, innovation, operational transformation, and security and risk management. She has worked with many Wall St and other financial organizations to craft technology and business strategies that balance the risks and benefits of emerging technology. Her experience with information security begins back in the 1980s, where she was an early adopter of the Internet (then Arpanet) as a graduate student in particle physics. Since then, she has worked with major organizations–including Fortune-50 enterprises and carriers–to craft and implement security strategies, protect strategic assets, manage risk, and enable business success.
Ms. Johnson draws upon diverse experience prior to founding Nemertes in 2002. She served as chief technology officer (CTO) at Greenwich Technology Partners, an infrastructure consulting and engineering firm; headed the Global Networking Strategies Service business unit of META Group; and oversaw the lab-testing program at Data Communications magazine. She also has designed and developed security, speech-synthesis, and free-space laser products at companies including Mosler Security Systems and Digitus Corp.
Ms. Johnson holds a bachelor of science degree in electrical engineering/computer science (BSEE/CS) from The Johns Hopkins University, has conducted graduate work in nuclear and particle physics at the University of Rochester, speaks three languages, and has published a science fiction novel. In her spare time, Ms. Johnson is an avid urban kayaker.
New threats—and new types of threats–are emerging at an accelerating rate. Yesterday’s best practices are today’s obsolete technologies and processes. To keep pace with the changes in the threat environment, infosec professionals at financial services firms need to revisit security from the ground up. This keynote address presents Nemertes’ key findings on what leading-edge firms are doing with:
• Bellwether cybersecurity technologies, including analytics, machine learning, and endpoint security
• Architectures, strategies, roadmaps and frameworks
• Operational practices, including incident response
• Security procurement
• User awareness and professional training
• Skills and staffing
Attendees will walk away with a blueprint for positioning their cybersecurity initiatives to address the rapidly-expanding universe of threats.
9:20-9:45AM Premier Sponsor Presentation: “Criminal AI: A Rising Threat to Web & Mobile Apps”
Bio | Abstract
Shuman Ghosemajumder, Chief Technology Officer, Shape Security
Shuman Ghosemajumder is Chief Technology Officer at Shape Security, which has created a new class of technology to defend web and mobile applications against sophisticated cybercriminal attacks. Shuman previously led product management for click fraud at Google, protecting their $23 billion annual revenue pay-per-click AdWords business. Prior to that, he helped launch Gmail and received two Google Founders’ Awards for significant entrepreneurial accomplishments. He is the co-author of “CGI Programming Unleashed” as well as co-founder of TeachAIDS.
The development and application of AI to enable advanced products and services is not limited to the world of consumers; AI is being equally applied in the cybercriminal world. Shuman Ghosemajumder will explore the evolving criminal ecosystem, demonstrating how cybercriminals are leveraging automation to perform large scale attacks that mimic human behavior and evade traditional application defenses. Finally, he will close with a framework for building a strong web and mobile application defense against the emerging threat from automation.
9:45-10:10AM Luncheon Sponsor Presentation: “Simplify the Monitoring and Ensure Security of Data Across the Enterprise”
Bio | Abstract
Michele Krom, Customer Solution Director, Capital Markets, SAP
Michele Krom is a Customer Solution Director in Capital Markets at SAP after spending 4 years as a Principal Solution Engineer evangelizing HANA as an innovative platform for the next generation of business applications and intelligence. She has been in the technology field for over 20 years with over 15 years focused on Data Warehousing and Business Intelligence. Before joining SAP, she managed the Data Warehousing Team for a large Insurance Company consisting of Logical modelers, Physical designers and DBA’s. She joined SAP in 2011 because of the simplification and innovation capabilities of SAP HANA. She is focused on leveraging expert teams within and outside of SAP to assist Financial Services firms in understanding the benefits of how they can gain competitive advantage leveraging SAP solutions. Michele is a thought leader and evangelist by day and a mother to 6 children by night. She and her husband live in CT and are very involved in their community. Her hobbies include investing, running and cooking.
Cybersecurity is a top concern for companies across the financial services industry, particularly in the capital markets space. With internal and external threats increasing, ranging from trade fraud to external data breaches banks must have the ability to not only protect their data but be able to understand in real-time what happened should an incident occur, and to provide this real-time insight in a scalable elastic fashion. Attend this session and learn how you can leverage the power of an elastic data management framework without disruption to gain instant visibility and insight into potential threats or protect against fraudulent behavior before it occurs.
10:10-10:35AM Break and Demo Area Visit (Break sponsored by Vera)
10:35-11:00AM Breakfast Sponsor Presentation: “Data Breach Investigations Report”
Bio | Abstract
David Ostertag, Global Investigations Manager, Investigative Response, Verizon
Dave Ostertag is the global investigation manager for the investigative response unit at Verizon and has more than 40 years of investigative experience in the government and security arenas. Dave coordinates the forensic investigations conducted by the investigative response unit worldwide. Dave has taken the lead on many of the highly publicized large data compromise investigations over the past few years. In addition, Mr. Ostertag is considered a leader in criminal and civil investigative techniques, is a certified expert witness and is a frequent instructor and speaker on the topics of data compromise investigation and international criminal organizations.
Mr. Ostertag worked as a retail regional investigator prior to going into police work. Mr. Ostertag spent 14 years as a police detective sergeant and four years as a State’s Attorney investigator. Ostertag was the global manager of field investigations for Discover Financial for over ten years prior to joining Verizon. He serves on the board of advisors for the International Association of Financial Crimes Investigators.
Mr. Ostertag has worked extensively with law enforcement in the investigation, identification, arrest and prosecution of individuals and groups involved in international organized criminal data compromise and fraud.
When a breach happens, the difference between disaster and survival is preparation. Prepare your organization by attending this session on the latest Verizon Data Breach Investigation Report (DBIR) presented by a Verizon Forensic Investigator. The DBIR covers information collected by over 70 participating organizations around the world including thousands of security incidents and data breaches. The information covers threat actors, motivation, vulnerabilities and methodologies used to attack the financial services industry. This year’s report contains 16 new cybercrime case studies. Session attendees will receive an electronic copy of the report for use when they return to the office.
11:00-11:25AM “The Malware Problem- Prevention via Artificial Intelligence”
Bio | Abstract
Dave Alfaro, Worldwide Managing Director, ThreatZERO, Cylance
As the managing director for TZ. Mr. Alfaro drives Product related services operations, services development, practice growth and strategy, as well as strategic reporting initiatives. He serves as a liaison between several different departments including customer success management, Support, product management, product development, and executives to drive synergy between pre and post sales.
Mr. Alfaro is a seasoned network and security engineer with over 18 years in the industry. As a subject matter expert, natural speaker, and leader, he developed and delivered training and speaking engagements worldwide. As a career consultant, he performed many aspects of security and network engineering ranging from penetration testing, firewall design and implementation, enterprise security architecture, policy development, compliance, and day-to-day system administration. Strong expertise in enterprise vulnerability management, privileged identity management, Active Directory, general security practices, application security, perimeter security design and implementation, host based security disciplines including IPS, Anti-Virus/Anti Malware, and host based firewalling. Mr. Alfaro has led Support, Sales engineering, and Professional services teams in the security industry for the last 8 years.
During this session, Mr. Dave Alfaro, Managing Director for Cylance Consulting, will discuss some of the problems encountered with traditional antivirus solutions and the use of more current approaches such as sandboxing and EDR. The session will cover exploring strategies to address them, specifically using artificial intelligence to map the DNA of the problem. Topics addressed will include well-known malware and ransomware and how it was often defeated well in advance of human discovery. He will also discuss how ridiculously easy it is for any kid with laptop to set up a highly profitable, zero-day, ransomware campaign literally from anywhere, including mom and dad’s basement. Lastly, Mr. Alfaro will review prevention based approaches using revolutionary AI based service and product solutions to keep your environment one step ahead of the attackers.
11:25-11:50AM “Network Threat and Visibility Platform”
Bio | Abstract
Jason Harris, Managing Principal Consultant – Security, Dimension Data
Jason Harris leads Dimension Data’s Cybersecurity consulting business in the Americas. He has over 15 years Cybersecurity experience in the UK, Australia and North America across all industry verticals and has been instrumental in developing several of Dimension Data’s global Cybersecurity consulting services.
Two of the key services that Jason has been instrumental in developing are the Incident Response Service and the Network Threat and Visibility Assessment. The latter gives organizations a holistic view of the level of risk across all aspects of their environment in real time for clients without a comprehensive security architecture.
Jason is recognized as a trusted advisor by some of the largest North American based multinational and global organizations.
Due to the increasing size and complexity of enterprise IT environments, it is increasingly difficult to implement and maintain a security architecture that has full visibility of Next-Generation Threats across an entire environment and provide actionable intelligence.
Being able to rapidly deploy a comprehensive Network Threats and Visibility platform is critical in rapidly reacting to Next-Generation Threats and acting before you are hit.
During this session, we will discuss the methodology and tool set that we believe is most effective to use for M&A’s and Incident Response activities.
11:50-12:30PM Luncheon and Demo Area Visit (Luncheon sponsored by SAP)
12:30-12:55PM “Secure Delivery – Ensuring Compliance and Control for Application Pipelines”
Bio | Abstract
Jon Thomas, Principal Product Manager, BMC Software, Inc.
Jon is a Product Manager for BMC’s DevOps portfolio. He has more than 10 years in Enterprise IT software working across a number of roles, including engineering, sales, services, marketing, and product management. His specializations include Cloud Computing, DevOps, and IT Process Automation.
As development models and practices evolve, integrating security and compliance into the application pipeline process becomes even more challenging. Learn how to embed policy checks into your CI/CD process and discover, log, and remediate violations before they creep into your production environment where they can significantly increase your risk of a security or compliance incident. In this session, we will walk through a real-life example of integrating BMC’s new policy service into a modern software delivery process using Rest APIs, and synchronous policy evaluation to drive automated release gateways.
12:55-1:20PM “Meaningful Alerting, Monitoring, Offense Management, and Reporting from Security Ecosystem
‘Best of Breed’ Products”
Bio | Abstract
George is a Principal Engineer at Nexum with over a decade’s experience with core network security-related systems including Application Delivery Controllers (ADCs); content caching and proxy; DNS, DHCP & IPAM (DDI); next generation firewalls; and time services. With a background in global financial institutions, George has been awarded two CIO Awards and invited twice to write manufacturer professional examinations as a subject matter expert. He has beta-tested new features and products valuable to enterprise clients. Fluent in a myriad of programming languages, George also possesses the ability to script middleware for integration of various manufacturer technologies via open APIs. In addition to working with clients, he is a manufacturer-certified instructor, bridging course materials and field experience for solutions for real-world enterprise concerns.
Security vendor ecosystem complexity is on the rise with tighter integration of existing technologies and new products added to the portfolio by means of acquisitions. However, it is imperative to distinguish and identify “best of breed” products and avoid the common pitfall of bundling simply to reduce security capital costs. While it may be tempting to utilize native manufacturer management systems, these are often not the best solution as there is no “one size fits all.”
Of course, the issue of system integration is always at the security forefront to enhance visibility and the ability to execute controls, whether preventative or post-breach. How does one extract data from “best of breed,” disparate application delivery controllers, IP address management systems, and firewalls to third party alerting, monitoring, offense management, and reporting systems? The key solution is automation scripting with APIs to integrate select security components from various security vendor ecosystems. This approach reduces single security vendor lock-in while ensuring appropriate knowledge sharing of information for appropriate and immediate action.
1:20-1:45PM “Move to the New World of Digitally Driven Financial Services — with Confidence”
Bio | Abstract
Anthony Golia, Chief Solutions Architect, Financial Services, Red Hat
Anthony is a 17-year technology veteran and serves as Red Hat’s Chief Solutions Architect within the Financial Services Industry. He is passionate about partnering with clients to ensure open source and emerging technologies bring them value and competitive advantage in today’s fast-changing industry landscape.
Prior to coming to Red Hat, Anthony served as a Managing Director at a Fortune 500 bank. In that role he led the development of innovative infrastructure platforms supporting enterprise software development and deployment. This included hybrid cloud architecture, recommendation engines, and a low latency market data plant. Anthony is credited with inventing a fault tolerant network architecture that ensures uninterrupted connectivity, across multiple locations.
“My goal is to be a strategic partner and trusted adviser to my clients, which means investing a lot of time listening to their needs and specific concerns. I act as their champion in the open source community and ensure Red Hat’s product roadmaps reflect their interests.”
No one can solve IT security issues alone. Connecting with a community and solving problems together is the future of security in the financial services industry. Hear how open source technology can enable the security posture financial institutions trust, including topics like:
• How to securely build and deploy applications using containers
• How to manage security at each stage of the development lifecycle
1:45PM Seminar Concludes
Agenda, Speakers and Times Subject to Change
WSTA Corporate and Individual members receive complimentary admission to WSTA Seminars. To see if your financial firm is currently a WSTA member, click here. For information about joining the WSTA as a Corporate or Individual Member, please visit our membership page.
To Cancel your Registration, click here.
Not quite ready to commit to membership but would like to attend this event?
We invite you learn about our organization, its educational programs, and networking opportunities by registering as a community member. You will receive discounted admission to this event plus receive WSTA Digital News monthly newsletter and notifications of upcoming educational seminars/panel discussions. This is only open to technology professionals employed at financial firms (banks, brokerages, hedge funds, insurance companies, credit unions).
The Yale Club of New York City
50 Vanderbilt Avenue
New York, NY