CUNA Technology Council Security Summit

5th Annual CUNA Technology Council Security Summit

September 11-12, 2018 | San Francisco, CA

Meet with fellow CIOs and IT professionals in this face-to-face learning and networking event. 

Rates:  CUNA Members - $195  /  Non-CUNA Members - $520
            (no discounts apply to this event)

Registration: You may register for the Security Summit only, or it may also be added when registering for the 2018 CUNA Technology Council Conference

Please make your choice below:

Register for: Security Summit Only:  Register

Register for: Both Conference AND Security Summit:  Register


Downloadable Agenda

Day One

Tuesday, September 11, 2018

12:30 p.m. Registration for Security Summit
1:00 p.m. Introduction of Team and Agenda Review

Thomas Lea, VP- IT Infrastructure & Security, Royal CU
Bill Podborny, Chief IS Officer, Alliant CU
Mark Reed, VP IT Infrastructure, American Airlines CU
Pete Sedgwick, Consultant Cloud, Security and Infrastructure, Best Innovation Group

1:10 p.m. BlockChain 101

Pete Nohelty, CTO, Royal Credit Union

By now you’ve heard the buzz around blockchain and distributed ledger technologies. In this informative session, you will be introduced to the concept of blockchain and distributed ledger, and how it will be impacting our security, compliance and operational landscape. This session will start out with exposing this technology as it applies to the financial industry and will evolve to a more specific overview of what is happening in the Credit Union movement and with CU Ledger, Sovrin authentication, digital trust framework, verifiable claims, XDI, Hashgraphs and more!

2:00 p.m. Risk Appetite

Tim Wright, Business Continuity Manager, Alliant Credit Union and
Bill Podborny, CISO, Alliant Credit Union

Does your organization struggle with who accepts risk and what level of risk is tolerable to the Board, Executive Team, and the business? In this collaborative moderated tabletop exercise we will practice creating risk appetite statements that will help define your organization’s risk profile and tolerance levels, which will help you decide where to focus your efforts and at what level are controls considered effective. Once your risk appetite is defined, this interactive session will help define practical ways to implement controls to meet your risk tolerance.

3:30 p.m. Networking Break
3:45 p.m. Vendor Access Control

Mark Reed, VP IT Infrastructure, American Airlines CU

Panel discussion – This session will discuss how various CU’s are handling vendor access control. Learn how your peers are dealing with securing the enterprise without becoming an obstacle to system implementation and support. We will take a deep dive into granular access permissions, monitoring/reporting, session recording all with the goal of controlling vendor access. Today’s credit union’s usually have a variety of ways vendors connect and administer systems using a variety of tools (and usually vendor driven). Should this access be consolidated to one solution that is owned and operated by the credit union and not the vendor? Find out what your peers think in this technical vendor discussion.

4:45 p.m. Wrap-up of Day 1

Discussion of day’s learnings. Overview of various actionable items that CU’s can apply when they return to their organizations.

Day Two

Wednesday, September 12, 2018

7:00 a.m. Breakfast
8:00 a.m. Anatomy of a Ransomware attack

Chris Schatz, info@risk
Peter Misurek, Royal CU

In this mock Red/Blue team presentation, we will examine how ransomware works, how your organization can be impacted, and what you can do to monitor, control, and respond to a ransomware event. This presentation will cover a live demo of a system compromise and then go over multiple defensive strategies that will help identify and mitigate these attacks using strong passwords, ingress/egress network controls, process auditing, DNS Sinkholing, and other vendor neutral techniques and processes.

9:00 a.m. Insights from the NCUA on the new ACET exam process

Wayne Trout, NCUA, Regional Information Systems Officer

Presentation and open Q&A with a RISO from the NCUA on common gaps in baseline controls. Wayne will share his insights from the field on hurdles CU’s are facing with identifying and managing the identified gaps discovered during the ACET process. Attendees will all participate in this interactive session, so we can help solve real world issues.

10:00 a.m. Networking Break
10:15 a.m. Compensating Controls Roundtable

Security Summit Team

Are you facing financial, regulatory, or vendor-related challenges with implementing controls? What happens when a new risk is introduced, but the time, money, and effort to manage the risk is not reasonable or will take time to implement an effective control. This Interactive session will discuss some creative ways various organizations are managing risk when the standard controls are not an option.

11:30 a.m. Lunch
12:30 p.m. Legacy Systems Roundtable

Security Summit Team

Sometimes the business requires us to keep legacy systems around. In this roundtable we will discuss how organizations are dealing with risks posed by our existing business systems that create this unique challenge. We will hear from other experts on how they implement the necessary control structures to better secure these systems. From documentation to risk assessments, mitigation steps, hardening, and other control objectives we will discuss the optimal ways to understand the risks of legacy systems and how to mitigate the risk.

1:30 p.m. Enterprise Risk and Security Metrics

Ken Schaafsma, VP ERM, Alliant Credit Union

Presentation and PanelPresentation and Panel Discussion – Is your CEO and the Board worried about cyber security events and if their investment for security is helping to keep the organization safe? Hear from your peers on how they utilize security metrics to drive action and make security-based decisions, how to report your security program using metrics, and what is the right content for a varying audience. In this 2-part presentation and panel, you will hear some tips and insight into building and maintaining an Enterprise Risk Management Program and how to incorporate cyber risk and metrics into your ERM programs.

2:45 p.m. Conference Overview and Recap


3:15 p.m. CUNA Technology & Operations & Member Experience Council Conference begins