Day One- March 14, 2017


8:00 Registration and refreshments


Michael Woodson, Former Information Systems Security Director Adjunct Professor, NORTHEASTERN UNIVERSITY

*Interactive Audience Poll via
Vote live to generate real-time content #CYBERRISKNSA

8:55 KEYNOTE ADDRESS: Cyber risk- a clear and present danger

James Brenneman, Assistant to the Special Agent in Charge, US SECRET SERVICE

9:25 KEYNOTE ADDRESS: The buyside perspective: Cyber security risk identification and management

  • Cyber security response protocols
  • Emerging cyber threats: evaluating their magnitude and complexity
  • How to reverse stress test for cyber security

Robert Rupp, Executive Vice President and Chief Risk Officer, THE HARTFORD

9:55 SPOTLIGHT ON:The impact of cyber security breaches on business continuity

Janet Lerch, Chief Continuity and Technology Risk Officer, U.S. BANK

10.25 CISO PANEL: Preventing another Swift attack

  • How can banks avoid phishing and malware?
  • Which payments systems are likely to be targeted next and how to prepare for it
  • Regulatory probe into vulnerabilities, processes, encryption and technological controls
  • Evaluating remediation plans?
  • What metrics and data should be presented to the board/senior management?

Moderator: Michael Woodson, Former Information Systems Security Dir; Adjunct Professor, NORTHEASTERN UNIVERSITY
Michael Leking,
Business Information Security Officer, US BANK
Sheldon Cuffie,
CISSP, VP & Chief Information Security Officer, NORTHWESTERN MUTUAL
Peter Keenan,
Chief Information Security Officer (CISO), LAZARD
Shelbi Rombout,
Senior Vice President - Deputy Chief Information Security Officer, MASTERCARD

11:10 Morning coffee and networking break

11:40 PANEL DISCUSSION: Quantifying cyber risk exposure

  • Using factor analysis of information risk (Fair) VAR model for quantification and analysis
  • Putting a price tag on enterprise-wide loss exposure
  • Justifying the value of cybersecurity to management and the board

Moderator: Michael Woodson, Former Information Systems Security Dir; Adjunct Professor, NORTHEASTERN UNIVERSITY
Jack Freund, ‎
Senior Manager, Cyber Risk, TIAA-CREF
Jack Jones,
EVP Research & Development, RISKLENS
Henry Jiang,
Chief Information Security Officer (CISO), OPPENHEIMER AND COMPANY

12:20 PANEL DISCUSSION: Measuring the impact of cyber security breach and managing cyber risk

  • The cost of business interruption
  • Reputational damage and legal costs associate with theft of customer information
  • The growing trend of cyber liability insurance
  • Building robust business continuity and disaster recovery plans
  • What type of data is needed for managing this risk?

Moderator: Richard Van Horn, Author of patent for a new approach to Internet authentication and Technology Risk Expert
Henry Jiang, Chief Information Security Officer (CISO), OPPENHEIMER AND COMPANY
Ryan E. Bateman,
Thomas Reagan,
Cyber Practice Leader, MARSH

1:00 Lunch and networking break

2:00 PRESENTATION:Changing threat landscapes and new technology outlook

  • Identify today's cyber attack vectors, from IoT devices and insider threat to third-party service providers and cloud platforms
  • Evaluate applications of machine learning and AI technologies to advanced cyber defense
  • Discuss prioritization and visualization of threats as a tool for better resource allocation and lower risk
  • Examine real-world examples of detected threats that routinely bypass traditional controls

Nicole Eagan, CEO, DARKTRACE

2:35 LIVE INTERVIEW: Cyber as a subset of operational risk

  • Can information security use the same op risk framework? Will existing taxonomies and risk registers used to classify op risk losses suffice?
  • Moving away from unsupported legacy systems to established taxonomies that bridge the gap between technology specialists and risk professionals

Moderator: Neil Datta, Director- Head of Operational Risk, OPTIMA FUND MANAGEMENT
Mario D'Alicandro, Technology Risk Officer, AIG
Craig Spielmann,
Global Head of Enterprise Risk Management Strategy, FIRST DATA
Derek Baumer,
Managing Director, Enterprise Risk Management, STATE STREET

3:05 Afternoon coffee and networking break

3:30 GUEST ADDRESS: Cross industry operational and cyber risk learnings

  • How is risk culture embedded in the organisation?
  • What's your organisations approach for setting risk appetite?
  • What approach do you use to quantify operational/cyber risk?
  • Preventing reputational ruin

Franklin Donahoe, Chief Information Security Officer- Global Information Security Office, MYLAN

4:00 ALL-STAR PANEL: The "new normal": Convergence of operational and cyber security risk

  • Expanding operational risk to include cyber security risks
  • Revamping the ERM strategy: How can aligning fraud, IT, cyber security and operational risk management help join the dots?
  • Updating the three lines of defence to align board-level risk appetite
  • Crossing silos to foster knowledge sharing and cooperation

Moderator: Joshua Kotok, CFE, CISA, Chief Risk and Compliance Officer, FIRST SAVINGS
Ted Bruntrager, Global Head of Operational Risk Management, MANULIFE
Jodi Richard, Head of Op Risk, U.S BANK
John J. Doherty, Partner, Information Technology Advisory Services, EY
Randy Miskanic, Americas Regional Head, Group Information Security Office, UBS

*Audience Q&A
Submit your questions via

4:45 CHAMPAGNE ROUNDTABLES: From session to roundtable- Take the day's most contentious issues and fully engage with your peers in small interactive roundtable discussions to drill down, best practice share and take away diverse approaches to the same challenge from your fellow industry peers.


5:35 Networking drinks reception- Hosted by EY

>> See Day 2 of the program <<


Follow us
Lead Sponsor
Presentation Sponsor
Panel Sponsor
Hosted by