Cybersecurity
Financial Services
Summit: New York

AI to augment the SOC. Agents to augment humans. Frameworks to help govern the use of AI.

These topics are all top-of-mind for financial institutions headed into 2026. But what does AI success look like? Which AI-powered goals are realistic, and which ones might be deployed to impress the Board?

Our expert panelists share their experience w/AI in major financial service institutions and tackle questions on topics including:

• How to manage data security in the AI era
• AI-powered supply chain risk – how to get a handle on it
• How to cut through all the noise and sidestep AI FOMO

Moriah Hara
AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

×

Moriah Hara

Hardik Mehta
Global Head of Risk and Regulatory Compliance, JPMorganChase

×

Hardik Mehta

Businesses stand to benefit from AI in unprecedented ways, but only if IT and security leaders overcome transformation challenges.

This includes implementing a modern zero trust architecture to protect data and users, embracing AI while managing its risks, and handling the technical and financial implications of ever-expanding environments. A risk-based approach to security ensures CIOs and CISOs deliver a secure, phased transformation.

Join this session to:

• Understand how zero trust and AI together, unlike firewalls, provide the strongest cyber defense by stopping threat actors from lateral movement within networks
• Learn strategies for protecting AI applications developed internally for customers and employees, while preventing data leaks from public AI applications
• Discover how AI is being leveraged for better cyber defense, in areas like segmentation, data classification and agentic operations

Sanjit Ganguli
VP, CTO in Residence, Zscaler

×

Sanjit Ganguli

Eliminating passwords has the potential to improve customer experience and simultaneously take security to the next level.

The goal has been common to the financial industry for several years: What will it take to achieve it? This session will explore advances in biometrics, hard tokens, passkeys and also consider how these advances can improve – or impede – customer UX, and where more friction could be a requirement. Panelists will also discuss the implications of password-free security within financial organizations. 

Session highlights:

• Implications for the future of identity;
• Potential password-less attack;
• The role of data analytics and AI in supporting password-less security frameworks;
• Impact on insider threat detection and internal system management.

Vlad Brodsky
Chief Information Officer & Chief Information Security Officer, OTC Markets Group Inc.

×

Vlad Brodsky

Steve Lenderman
Head of Fraud Prevention, iSolved, CyberEdBoard Member

×

Steve Lenderman

Josh Cigna
Solutions Architect, Yubico

×

Josh Cigna

Join Veracode Co-Founder and Chief Security Evangelist, Chris Wysopal, for a breakdown of the Financial Services State of Software Security Report.

The report analyzed 1.3 million applications to find the most significant risks that this sector faces.

Highlights include:

• 57% of financial services apps have at least one security flaw, progress on reducing flaws has stagnated since 2021;
• Fixing issues takes 276 days on average—nearly a month longer than other industries;
• 77% of organizations carrying unresolved flaws over a year old, 63% of which are critical;
• Most of the critical security debt (82%) comes from open-source code;
• 45% of AI assisted code completion tasks generate a flaw that must be remediated.

Join us to learn more about the key findings, best practices to fix them, and a discussion on where the industry will go next.

Chris Wysopal
Chief Security Evangelist, Veracode

×

Chris Wysopal

Financial institutions are prime targets for advanced cyber attackers, yet the over-reliance on endpoint protection leaves critical blind spots that can jeopardize operational resilience and regulatory compliance.

As the attack surface continues to expand across cloud environments, OT devices, and third-party vendors, attackers have more opportunities to gain the initial access they need to launch attacks. Corelight’s NDR platform provides the essential telemetry and contextual intelligence required to identify and safeguard high-value assets, meet compliance demands, and empower security teams to detect and respond to sophisticated threats effectively in real-time.

Vincent Stoffer
Field CTO, Corelight, Inc

×

Vincent Stoffer

Insider threats both negligent and malicious pose serious risks to financial institutions.

This session explores how to detect, respond to, and recover from internal attacks. Learn how to strengthen your security posture with proactive monitoring, unified endpoint management, and resilient backup strategies that protect data, ensure compliance, and minimize damage from insider-driven incidents.

Chris Young
Cybersecurity Enterprise Account Executive, OpenText

×

Chris Young

Today, the real risk isn’t unauthorized tools, it's the speed at which competitors and threats move while your teams wait for approvals.

Next-gen security leads have flipped the script, becoming growth partners by creating controlled environments where high-risk work thrives, without limits. Learn proven patterns on how top orgs made the shift: enabling M&A in days not months, creating new product with dangerous data, and other examples turning security into a measurable business advantage.

Kristopher Schroeder
Founder & CEO, Replica Cyber

×

Kristopher Schroeder

In the evolving landscape of financial services, CISOs face a crucial mission: protecting critical systems like the mainframe, IBM i and others—now deeply interconnected with the broader infrastructure—while meeting the rigorous demands of New York State’s 23 NYCRR 500.

Join this session to address the unique challenges of critical system security within the framework of 23 NYCRR 500, including the latest November 1 deadline. We’ll break down each regulatory requirement, highlight why critical systems must be a central focus, and explore the tangible costs of non-compliance. From vulnerability management and penetration testing to MFA and surgical data recovery, we’ll provide actionable insights and a readiness checklist to help you take immediate steps toward compliance. 

You will learn: 

• How to align critical system security, like mainframe and IBM i, with 23 NYCRR 500 requirements;
• Phased approaches to minimize disruption and meet regulatory needs;
• Practical steps for vulnerability management, MFA, and more;

Don’t miss this opportunity to gain clarity, reduce noise, and take control of your critical system security strategy.

Tim Hill
VP, Software Engineering, Rocket Software

×

Tim Hill

The work never ends. Every year, we onboard more third parties—and every year, our assessment workload gets worse.

More resources? Not likely. Sound familiar? You’re not alone. We’ve been at this for years, yet the process continues to become more burdensome for your team and for the people in your company who rely on your third parties. It doesn’t have to be that way.

The newest risk exchange models are eliminating up to 80% of questionnaire requests by leveraging validated data. In this session, we’ll show you how to transform your third-party risk management program by incorporating smarter workflows and better data access.

What you’ll learn:

• How to instantly perform inherent risk analysis across your entire vendor portfolio;
• Ways to incorporate real-time risk data to reduce the number of questionnaires;
• How to map your questionnaires to industry-standard frameworks or threat profiles to ask fewer, more targeted questions;
• How to access assessment data on large, hard-to-assess third parties that don’t respond;
• How to monitor 100% of your third-party portfolio not just your critical vendors.

Sandeep Bhide
VP Product Management, ProcessUnity

×

Sandeep Bhide

The cyber risk conversation in financial services has shifted from data breach costs to full-spectrum liability.

Today, lawsuits can follow within days of a breach, insurers are tightening terms, and underwriters want proof of governance maturity and supply chain visibility — not just policies on paper.

This session explores how CISOs, legal teams, and insurers are redefining the economics of cyber risk. We’ll examine how financial institutions are quantifying exposures across data breaches, business interruption, privacy practices, and third-party dependencies — and how cyber insurance is evolving to keep pace with new forms of liability, litigation, and regulatory oversight.

We’ll discuss:

• What’s measurable and what remains unpredictable in cyber risk quantification
• The new wave of “non-breach” privacy and arbitration claims shaping insurance coverage
• How underwriters and CISOs are aligning around resilience, governance, and transparency
• The blurring lines between cyber, E&O, and crime coverage in financial institutions
• Communicating risk exposure and resilience to boards in business terms

Scott Tenenbaum
Head of Claims, North America, Resilience

×

Scott Tenenbaum

David Anderson, CIPP/US
Vice President, Cyber, Woodruff Sawyer – A Gallagher Company

×

David Anderson, CIPP/US

Kimberly Pack
Counsel, Thompson Hine LLP

×

Kimberly Pack

Join CyberEdBoard for this interactive tabletop exercise that places you at the center of a sophisticated insider threat scenario, driven by generative AI and psychological manipulation.

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection, and long-term defense.

What You Will Gain From This Experience:

• Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks;
• Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems;
• Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.

Seth Rose
Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

×

Seth Rose

Imran Khan
VP Cyber Security Transformation Lead, BNP Paribas

×

Imran Khan

In today’s financial institutions, cybersecurity strategies often focus on production systems—where customer transactions and core operations live.

But what about the other 80% of enterprise data that resides in non-production environments like development, testing, analytics, and AI/ML? These environments are rich with sensitive data, yet frequently underprotected, creating a massive blind spot for CISOs and cyber leaders.

Join Aaron Jensen, Director of Solutions Engineering at Delphix, as he unveils insights from the 2025 State of Data Compliance and Security Report, which found that 54% of organizations have already experienced data breaches in non-production environments, and 84% allow compliance exceptions that increase risk. With AI accelerating data sprawl and regulatory scrutiny intensifying, the stakes have never been higher.

This session will explore how Delphix helps financial institutions eliminate data risk without slowing innovation—using automated data masking, secure replication, and continuous compliance across hybrid and cloud environments. Learn how to secure the data that fuels development while meeting the demands of regulators, auditors, and your board.

Key Takeaways:

• Why non-production environments are the new frontier for cyber risk;
• How Delphix enables secure, compliant data delivery for DevOps and AI;
• Strategies to align data protection with speed, agility, and innovation.

Aaron Jensen
Director of Solutions Engineering, Delphix

×

Aaron Jensen

Recent breaches have underscored that a cybersecurity failure at one of your vendors – or even at their vendors – can cascade into a major incident for your own organization.

In this session, we address the critical challenge of third-party and supply chain risk management in the financial sector. We’ll explore real-world case studies and cover best practices for due diligence, continuous monitoring, and incident response planning.

Key Takeaways:

• Real-world impacts of supply chain breaches in finance• Methods to perform rigorous vendor due diligence and monitoring;
• Tactics for managing fourth-party risk and systemic concentration;
• Incident response considerations for third-party incidents.

Imran Khan
VP Cyber Security Transformation Lead, BNP Paribas

×

Imran Khan

Seth Rose
Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

×

Seth Rose

As financial institutions embrace AI to enhance operations and customer experiences, they also face new risks—from data exposure and model manipulation to unauthorized access across complex AI workflows.

Thales helps organizations achieve data immunity in the age of AI. Building on decades of leadership in financial data protection, Thales delivers encryption, tokenization, and advanced data masking to secure PCI, PII, transactions, and customer assets—even against AI-powered attacks.

In this session, discover how Thales secures sensitive financial data and AI models alike by protecting every stage of the AI lifecycle, from training and inference to analytics, ensuring resilience, compliance, and trust in every interaction.

Join Searchlight Cyber to uncover how ransomware groups exploit the growing Initial Access Broker (IAB) marketplace, and understand how the time between compromise and attack is rapidly shrinking.

Using a real-world case study, we’ll show how one ransomware group leveraged IABs to infiltrate a company’s network.

Drawing on our involvement in the BidenCash takedown, we’ll also share how Searchlight helped seize cryptocurrency linked to dark web marketplaces and present insights from our analysis of ransomware groups, including Cl0p, Play, Akira, and Qilin.

In this session, you’ll learn:

• How IABs operate and advertise corporate network access;
• What information about your organization is traded on the dark web;
• How attackers view and exploit your external attack surface;
• How correlating vulnerabilities with dark web activity helps prioritize real risk.