4thANNUAL
CYBERSECURITY FOR FINANCIAL SERVICES

INSIDER INSIGHT FOR COMPLIANCE AND IT PROFESSIONALS

Monday, January 23, 2017
The Harvard Club New York City

Full Agenda

Monday, January 23, 2017

7:30 a.m. – 8:30 a.m.

Registration & Continental Breakfast


8:30 a.m. – 9:00 a.m.

Keynote Address: Shawn Henry, President, CrowdStrike Services and CSO

When it comes to cybersecurity, Shawn Henry has seen it all - denial-of-service attacks, ransomware, bank and corporate breaches, state-sponsored intrusions and more. As an executive assistant director of the FBI, Henry is credited with boosting the agency’s computer crime and cybersecurity investigative capabilities. Henry, who now serves as President of CrowdStrike Services, is a dynamic speaker who has appeared on “60 Minutes,” “CBS Evening News,” “Good Morning America,” “The Today Show,” and “Dateline.”

Speaker: Shawn Henry, President, CrowdStrike Services and CSO, Washington, D.C.


9:00 a.m. – 10:00 a.m.

The Regulatory Landscape: SEC Initiatives in the Cyber Arena

“Cyber treats are a constant threat to our markets.” That quote from SEC Chair Mary Jo White resonates throughout the Commission and has led the agency to engage with market participants concerning the latest cyber developments and to assess broad-based market risk. The SEC’s “Phase 2” cyber exam sweep letter asks targets to deliver in advance or make available on-site over 60 cyber-related items. Would your firm be ready to answer such an in-depth request? Hear an overview of the SEC’s cybersecurity program, industry trends, exam insights and much more.

Speakers: Norm Champ, Partner, Kirkland & Ellis, New York; Todd Cipperman, Managing Principal, Cipperman Compliance Services.


10:00 a.m. – 11:00 a.m.

The Current Threat Environment: Assessing Your Firms Key Risks and Vulnerabilities

An industry survey has revealed that the average cost of a data breach in the U.S. in 2016 was over $7 million. Financial services firms have the most costly data breaches due to fines and the higher-than-average rate of lost business and customers. Assessing your firm’s cyber risks is of paramount importance. OCIE director Marc Wyatt has said examiners would “expect you to know the key risks” cybersecurity poses to your firm and that you should be able to prioritize these risks. In its cyber sweep, the SEC was asking for the month and year of a firm’s last cybersecurity risk assessment, along with "the scope of the review". Hear key best practices for conducting initial and ongoing risk assessments.

Speakers: Kurt Wachholz, CCO, Wellspring Wealth Management, Atlanta; Michael Corcione, Managing Director, Cordium US, New York; and Lisa Toth, U.S. Head of Risk, Compliance and Regulation, Hatstand, New York.

BONUS:Your take-home materials include an example of a cybersecurity framework and a list of the 11 elements that make for a good risk assessment.

11:00 a.m. – 11:15 a.m.

Refreshment Break – Network with Peers & Our Exhibitors


11:15 a.m. – 12:15 p.m.

P+Ps: Real-World Lessons Learned on What to Include (And What to Avoid!)

By now, you should have written cybersecurity P&Ps in place – or risk exam deficiencies. OCIE has made clear that policies and procedures should guide your cyber efforts. Our panel outlines the types of P&Ps you should have in place, and provides pointers for how to craft them to best protect your firm against cyber bad guys. Plus, gain guidance on how to test your cyber P&Ps to know if they remain adequate in the fast-changing cyber world.

BONUS: Score a list of cybersecurity P&Ps you should possess, plus get an actual P&P.

Speakers: Tim Villano, President/CIO, Artemis Global Security, Lakeville, Conn.; Aaron De Angelis, CPA/CCO, Spring Mountain Capital, New York; and Steven Weiss, General Counsel/CCO, Roosevelt Investment Group, in New York.


12:15 p.m. – 1:15 p.m.

Lunch: Make New Industry Contacts and Expand Your Network


1:15 p.m. – 2:15 p.m.

Vendor Oversight: The CCO’s Role in Casting a Wider Cybersecurity Net

You’ve locked down your network tight. Yet, a cyber mole has burrowed its way in. How? So many cyber incidents begin with a vendor who lacks adequate controls. This session shares winning approaches to monitoring vendors to ensure they’ve taken the necessary steps to deter cyber thieves - to protect them, and you! Hear a range of options for assessing if your vendors are up to the task - and what you can do to compel them to act, as well as to confirm that they’re doing what they claim.

BONUS: Go home with a checklist of cyber issues to raise with your vendors.

Speakers: Adam Reback, CCO, J. Goldman & Co., New York; Trey Cordle, CCO, BMO Harris Financial Advisors, Chicago; and Bart Aronson, GC/CCO, New Vernon Capital, New York.


2:15 p.m. – 2:30 p.m.

Refreshment Break – Network with Peers & Our Exhibitors


2:30 p.m. – 3:30 p.m.

Training: Top Techniques to Secure Firm-Wide Buy-In

It’s widely reported that your biggest cybersecurity threats come from a firm insider - whether it’s a malicious act or an inadvertent mistake. Human error can ultimately be a major factor in a breach. Training to minimize the potential for risky mistakes and to gain across the board buy-in on the importance of cybersecurity is critical. And regulators are watching. In its cyber “Phase 2” exam sweep, the SEC asked firms to “please identify the dates, topics, and groups of participating employees for these training events” along with “any written guidance or training materials provided to staff.” Learn what your compliance peers and cyber experts are doing when it comes to the critical aspect of training.

BONUS: Secure a sample memo designed to educate staff about cybersecurity and a bring-your-own-device acceptable use standard.

Speakers: David Edwards, President, Heron Financial Group, New York; Craig Watanabe, Senior Compliance Consultant, Core Compliance & Legal Services, San Diego; and Raj Goel, CTO/Co-Founder, Brainlink International, Inc., New York.


3:30 p.m. – 4:30 p.m.

Incident Response: A Plan of Action You Hope You’ll Never Need

You won’t have much time to act when you discover a cyber breach. And the law may require you to notify clients. So that’s not the time to develop your incident response plan. This session hands you a blueprint for how to respond to a breach. Our panel covers IT responsibilities and compliance’s role. Plus, you hear a multi-component plan that includes effective public outreach to give clients and others the right message at the right time.

BONUS: Gain a preemptive strategic plan outline so you’re confident your response plan will work.

Speakers: Fred Shane, Chief Risk Officer, Commonwealth Financial Network, Waltham, Mass.; Charlotte Allen, Supervisor, Enterprise Risk Management, Commonwealth Financial Network, Waltham, Mass.; and Anne Green, President, CooperKatz & Company, New York.


4:30 p.m.

Adjourn