Cybersecurity in a Risky World

Ken DeGiglio is the chief information officer of EquiLend and a member of the firm’s executive team. As CIO, he is responsible for aligning EquiLend’s technology vision with business strategy; integrating company processes with the appropriate technologies; and developing and implementing technology initiatives within the organization. He manages a senior team of IT professionals and works closely with product owners and other internal stakeholders. DeGiglio’s career in financial technology spans nearly 30 years at firms including TD Ameritrade, Morgan Stanley, Robertson Stephens and J.P. Morgan; he also was a founder of Renaissance Trading Technologies. He has a bachelor’s degree with high honors in computer science, systems planning and management from the Stevens Institute of Technology.

Johna Till Johnson is the CEO & Founder of Nemertes Research, an 18-year old research-advisory firm specializing in the business impact of emerging technologies. Ms. Johnson spearheads Nemertes’ security and risk management practice, where she works with Fortune 200 financial services, manufacturing, utility, and other leading organizations.

Ms. Johnson’s career in information security began more than 25 years ago when, as a young engineer, she developed security products for Mosler Security Systems. In the early 1990s, she ran the lab-testing program at Data Communications Magazine, which uncovered vulnerabilities in the then-novel RSA two-factor authentication system. In the mid-1990s, Ms. Johnson ran the Global Networking Strategies Service at the META Group, which included META’s security and risk management offering. Subsequently, she served as the Chief Technology Officer overseeing the security practice for Greenwich Technology Corp., a global consulting and engineering firm that developed and implemented leading-edge security architectures for financial services firms and other global organizations.

Cybersecurity professionals in financial services firms can be forgiven for thinking the universe is bad and getting worse. From nation-state attacks to state and federal regulations, cybersecurity gets more complex each year. What are leading-edge firms doing to strategize, prioritize, and cope with the overload? Industry analyst (and former CTO) Johna Till Johnson explains.

Hanif Keane is a Global Solutions Architect at Imperva.  He is responsible for driving adoption of Imperva’s reference architecture across their customer base, as well as ensuring customers get the most value from Imperva’s products and services.

Hanif’s more than 20 years of experience in architecting solutions span Cloud Automation, Big Data and AI/ML and served many business units across financial services, including Retail, Risk, Compliance, Commercial Banking and Private Banking. 

Security teams with limited resources and tools always report that it is challenging to protect sensitive data and stay compliant. The technology landscape is constantly expanding and becoming increasingly complex with the shift to API first, cloud native application design, the adoption of data lakes, and public cloud platforms with modern data stores.

Neal Maguire is a Principal Consultant with Verizon’s Cyber Security Consulting Services. In this role, Neal is chiefly responsible for managing the conduct of computer forensic investigations, analysis, data recovery, case-load intelligence and IT investigative work related to delivery of the team’s book of business and providing advisory consulting services to client senior management and the C-suite.

Neal is an active public speaker, discussing various topics ranging from high-level best practices to C-suite executive briefings. He has been a contributing author to the Verizon Data Breach Investigations Report and routinely presents the report and its findings to audiences and at conferences on a global basis.

Just as our federally elected leadership requires physical and digital bodyguards, so do the executives of any financial services firm. Threat actors attack individuals as easily as they attack organizations. In this session, you will hear about examples of how threat actors personally target individuals – often senior executives and board members. You’ll also learn some of the best practices  that you and your organization can implement to reduce individual digital footprints. 

30 years of comprehensive experience as an Executive, Entrepreneur, Mentor and Security Consultant for companies within information security across all industries. In his current position at Fortinet he is responsible for all aspects of FortiGuard Security Consulting Services including P&L, advising on marketing activities, service delivery and new service development globally. He has presented, trained and mentored on various security concepts and strategies at many conferences and trade shows such as BlackHat, the Gartner Security Summit, HIMSS15 and ISMG Data Breach Summit and media outlets including a weekly appearance on KHON2-TV morning news “Tech Buzz” segment and Technology News Bytes on OC16, providing monthly security advice among others.​

Organizations continue to struggle with clearly understanding the effectiveness of their threat detection and protection capabilities.  This talk will highlight the types of advanced persistent and financially-motivated threats. Lessons learned on typical threat actor tactics, techniques and procedures will be discussed. With these in mind, FortiGuard Labs will provide the framework to assist organizations with prioritizing their security efforts.

David Den Bleyker is the North America Enterprise Leader at Uptycs. David joins us from Rapid7 after the acquisition of Divvy Cloud. He built and managed a team of Cloud Security Specialists to support the Rapid7 Cloud Security Organization for North America.

Your developer’s laptop is just a hop away from cloud infrastructure. Attackers don’t think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops and servers? In this session, we will explore ways to secure the attack surfaces and reduce Cybersecurity risk.

Dan Petrillo is the Director of Product Marketing for Akamai’s Zero Trust portfolio. Dan’s years of experience in cybersecurity strategy began when he was the Product Manager for an Industrial IoT company in charge of ensuring the security of smart lighting and building automation systems. He then spent time leading Product Marketing for Cybereason and then Morphisec before joining Guardicore. Dan attended Northeastern University for his bachelor of science degree in Electrical Engineering with a minor in cinema studies.

Financial institutions can effectively mitigate risk, protect customer data, and comply with regulatory requirements. In this session you’ll learn how to use MITRE, a not-for-profit organization dedicated to making the world a safer place, and it’s framework and data, which are entirely free to the public, to strengthen your cybersecurity posture and determine exactly which threats financial institutions are facing and ultimately how to combat them.

Stephen Gyarmati is a Field Technical Director at Cohesity responsible for the Northeast region. In his current role, he interfaces with global and enterprise financial industry professionals to accelerate their adoption of the Cohesity data security and management platform. Stephen has also worked in Systems Engineering roles in the New York City metro area, including at both Cohesity and Commvault. Stephen has 10 years of experience in data protection and storage technologies, and he holds an MS in Information Systems degree from Drexel University.

This presentation will focus on how organizations can strengthen their data security posture and what criteria they need to use when evaluating vendors (like Cohesity) in the space. This then dovetails into our DataHawk capabilities at the end of the presentation.

Joshua Stenhouse has 10 years of experience in designing, implementing, automating, and advising on data protection and DR solutions for virtualized environments. From the IT helpdesk to 2nd and 3rd line support to professional services for the channel, Joshua has extensive knowledge of the entire virtualization stack along with the infrastructure services and applications that depend on it.

The increase in digital threat surfaces between financial organizations and their customers has led to an alarmingly increased rate of ransomware attacks. Attacks against banks were up a staggering 1,318% from 2020 to 2021^1* and according to FS-ISAC, ransomware will remain a large concern with increased attacks predicted for the years to come.²

Evolving cyber threats like ransomware have garnered additional scrutiny from regulators due to their potential impacts on the financial system. Heightened requirements will provide regulators with increased awareness of the number and severity of these growing attacks and help them plan for systemic impacts. However, it may also increase the costs of cyber risk management for organizations as they are forced to disclose incidents earlier than they would have otherwise.

In this session you will learn how organizations can comply with new requirements without significant increases in cyber risk management costs via a zero trust data security approach.

¹ZDNET, The state of ransomware: national emergencies and million-dollar blackmail Sept 2021
*Data to be updated, if available.
²Bloomberg, Banks, Financial Industry Hit by Rising Ransomware Attacks March 2023

This panel of industry experts addresses how to measure and improve cybersecurity. We discuss key cybersecurity metrics and share effective approaches to technology architecture, cybersecurity operations, and the integration of cybersecurity into every element of enterprise operations.

Johna Till Johnson is the CEO & Founder of Nemertes Research, an 18-year old research-advisory firm specializing in the business impact of emerging technologies. Ms. Johnson spearheads Nemertes’ security and risk management practice, where she works with Fortune 200 financial services, manufacturing, utility, and other leading organizations.

Ms. Johnson’s career in information security began more than 25 years ago when, as a young engineer, she developed security products for Mosler Security Systems. In the early 1990s, she ran the lab-testing program at Data Communications Magazine, which uncovered vulnerabilities in the then-novel RSA two-factor authentication system. In the mid-1990s, Ms. Johnson ran the Global Networking Strategies Service at the META Group, which included META’s security and risk management offering. Subsequently, she served as the Chief Technology Officer overseeing the security practice for Greenwich Technology Corp., a global consulting and engineering firm that developed and implemented leading-edge security architectures for financial services firms and other global organizations.

Eddie communicates with international leaders in cyber security, cyber forensics and cyber law enforcement, across the world & is an active delegate of the World Economic Forum’s Trusted Digital Agency committee. Taking best-practices for threat mitigation from the industry’s finest CISOs and from police and military cyber command, Eddie’s responsibilities include sharing cyber defense tactics with media, government agencies and enterprise corporations, via keynotes, panel discussions & as the editor of the blog CyberTalk.org

Eddie’s unconventional background in education allows him to clearly explain technical topics to a diverse audience. With over 20 years of cyber security experience, Eddie holds a unique understanding of the security risks and challenges that organizations must overcome.

Khalil Jackson leads the Information Security Function and is responsible for setting the information security strategy and managing cyber risk at the Federal Reserve Bank of New York, which includes the protection of mission-critical applications that support payment systems, market operations, services to domestic and international financial organizations, the supervision of financial institutions, internal Bank operations, and services to the U.S. Treasury Department.

Khalil holds a M.S. in Cybersecurity, Risk, and Strategy, as well as a B.A. in Social Sciences from New York University (NYU). As a Wall Street veteran, his 20+ years as a technology executive spans multiple roles at Morgan Stanley and Bank of America. He also is a combat veteran and a commissioned officer in the US Army Reserve, focusing on national security, cyber, and innovation initiatives across the Department of Defense. His work as the principal cyberwarfare advisor contributed to the establishment of the Joint Headquarters for the US Army Cyber Command. Additionally, his published academic works include a novel framework for writing Cybersecurity legislation, which he uses to teach lawmakers at The Woodrow Wilson Center.

Mick Leach is Head of Security Operations at Abnormal Security where he is responsible for threat monitoring and detection, incident response and handling, vulnerability management, and identity and access management. A cornerstone to his mission is ensuring that Abnormal employees stay safe from email attacks using, you guessed it—Abnormal. He has led security operations and engineering teams at Alliance Data and Nationwide Insurance and spent over 8 years serving in the US Army’s famed Cavalry Regiments. Mick has seven active certifications from SANS/GIAC. When not digging through logs or discussing operational metrics, Mick can be found coaching soccer for one of his 13 children.

Brian McHenry leads product management for Web Application & API Security on all F5 data planes – BIG-IP, NGINX, and Distributed Cloud. In this role, he leads strategy for the growing security portfolio including BIG-IP Advanced WAF, XC WAAP, and NGINX App Protect product lines. McHenry takes pride in enabling F5’s customers to be successful as well as in improving their security postures to make the Internet a safer place. He is a co-founder of Security B-Sides NYC, and committed to giving back to the Infosec community.

Lenworth is a technology executive with over 25 years industry experience specializing in several technology disciplines including implementing, deploying and managing next gen technology infrastructure, private clouds, platform optimization, business continuity, IT Security, etc. Lenworth has extensive experience and skills with implementing Global IT Security Programs, Virtualization and Hyper-Converged technologies.

Lenworth is currently the Head of the Global: Infrastructure, Operations and Security teams for EquiLend Holdings LLC, which is responsible for providing the business with innovative, reliable, cost-effective and secure technology solutions across all core infrastructure services.

Prior to joining EquiLend, Lenworth served as the EVP and Head of IT, Warehouse and Logistics for Lloyd’s Manufacturing Inc., a foods and beverages retail manufacturer in Jamaica, W.I. There he led the firm’s datacenter re-architecture, which successfully reduced costs and decreased complexity, while also providing improved disaster recovery for the firm’s critical systems.

Over the years Irina mastered multiple careers as a developer, business intelligence analyst, solutions architect, and cyber security professional. With a background in development and many years of experience in security, much of her work is focused on helping organizations create software more securely.

Moving forward with cybersecurity in a risky world isn’t easy. In this interactive fireside chat, Johna Till Johnson and Will LaSala discuss what they’ve learned from the event, share their perspectives on what resonated and why, and provide participants with a chance to ask questions. We wrap up with actionable recommendations for CISOs and security practitioners,  and our reasoning behind why these actions matter now.

Johna Till Johnson is the CEO & Founder of Nemertes Research, an 18-year old research-advisory firm specializing in the business impact of emerging technologies. Ms. Johnson spearheads Nemertes’ security and risk management practice, where she works with Fortune 200 financial services, manufacturing, utility, and other leading organizations.

Ms. Johnson’s career in information security began more than 25 years ago when, as a young engineer, she developed security products for Mosler Security Systems. In the early 1990s, she ran the lab-testing program at Data Communications Magazine, which uncovered vulnerabilities in the then-novel RSA two-factor authentication system. In the mid-1990s, Ms. Johnson ran the Global Networking Strategies Service at the META Group, which included META’s security and risk management offering. Subsequently, she served as the Chief Technology Officer overseeing the security practice for Greenwich Technology Corp., a global consulting and engineering firm that developed and implemented leading-edge security architectures for financial services firms and other global organizations.

Will joined the company in 2001 and brings over 25 years of software and cybersecurity experience. Since joining OneSpan, Will has been involved in all aspects of product implementation and market direction within financial institutions as well as top Fortune 500 organizations for enterprise security, healthcare, U.S. government, online gaming and mobile application development.  Will currently empowers the markets and OneSpan’s largest clients with direct communication of new products and features and security changes. A security evangelist on mobile application development and authentication, Will is frequently quoted in the media and a frequent speaker at industry events.