CISO Financial Services schedule

During this 5-minute networking session, the aim of the game is to go and meet two people you don't already know.  

• How can sleepless nights, board politics, and regulator heat be managed without burnout? 

• Which AI-driven threats and hybrid risks are keeping CISOs awake in 2026? 

• When speed clashes with security and compliance with agility, how can the trade-offs be survived? 

• What do CISOs wish had been known before stepping into the role? 

Albert Laweh Tetteh, Chief Information Officer - GCB Bank Limited 

Alex Dickson, Chief Information Security Officer - GCM Grosvenor (Advisory board member) 

Matthew Presson, CISO for the Americas - Bullish 

An informal, interactive session where attendees ask questions directly to a panel of veteran CISOs and cybersecurity leaders. The session is designed to foster candid discussion around today's most urgent topics- real insights in real time. 

Focus Areas: AI risk and security, regulatory complexity (SEC, NYDFS, DORA), board-level communication, and building resilient cyber teams.  

Moderator: Alexander Abramov, Head of Information Risk -Financial Services 

Jessica Wilson, Business Information Security Officer – Bank of America 

Robert LaRosa, Information Security Engineer - GELLER 

• How can deepfake fraud, model poisoning, AI-powered phishing, and AI in credit or lending decisions be stopped? 

• Who owns AI risk, and which frameworks or guardrails keep innovation safe? 

• Who carries the liability when AI fails in FS? 

• How is AI risk best reported in board language? 

• What playbooks work for AI-specific incidents like data leakage or model poisoning?

The moderator throws out a statement, and you raise your hand: yes, no, or maybe.  

Topics include third-party risk, overlapping compliance, board metrics that miss the point, and whether resilience plans would hold up.  

Julia Cherashore, Senior Fellow- DATA Foundation 

Speaker and topic to be announced 

• • “Never trust, always verify” sounds good, so why does it stall in practice and slow workflows? 
  • How can sysemic risk from multi-cloud reliance be contained before it cascades? 
  • Regulators are demanding proof - what evidence convinces them that Zero Trust works? 
  • Can airtight access controls and smooth user experience ever succeed at the same time? 

• Which pipeline controls are best enforced through policy-as-code? 

• How can security checks be safely delegated to dev teams in regulated contexts? 

• What metrics demonstrate DevSecOps reducing audit findings? 

• Where does human review still outperform automated tools in Financial Services? 

Ellis Wong, Chief Information Security Officer - JST Capital  

Every week there’s another “must-have” tool. In this session we run through common practices — IaC scanning, SAST/DAST, secrets management, SBOMs, automated checks, and more. For each one, you vote: real value or just noise. A few volunteers share why. 

Jessica Wilson, Business Information Security Officer – Bank of America 

Speaker and topic to be announced 

• What an end-to-end autonomous AI security workflow really looks like — from threat intel to risk remediation 

• Which best practices and open-source tools are delivering value (and which are mostly hype) 

• Where human-in-the-loop is non-negotiable — and where automation genuinely speeds things up 
• Practical use cases for both security defenders and compliance teams 

• Where does privileged access and hybrid work create fraud blind spots? 

• Can behavioral analytics catch risk early enough to stop escalation? 

• How can HR, legal, compliance, and the CISO work from one playbook? 

• What builds trust culture without slipping into surveillance overkill? 

Albert Laweh Tetteh, Chief Information Officer - GCB Bank Limited  

• Who owns AI risk when models impact lending, underwriting, or fraud detection? 

• How do you embed AI monitoring into cyber risk management? 

• What guardrails prevent AI misuse without stifling innovation? 

• How do you prepare for AI-specific incidents like data leakage or model poisoning? 

Matthew Hyland, Executive Director, Cloud Security Risk Management – WELLS FARGO 

Robert LaRosa, Information Security Engineer - GELLER 

• What risks come with AI-on-AI escalation between defenders and adversaries? 

• How can effective oversight frameworks be built for AI-augmented SOCs? 

• What early wins, and early fails are showing up in adopting agentic AI for Financial Services security? 

• How can human analysts stay in the loop when machines move first? 

Ellis Wong, Chief Information Security Officer - JST Capital  

• • How do you catch misconfigurations, leaked secrets, and insecure patterns at AI speed? 
  • What guardrails stop GenAI code assistants from introducing vulnerabilities? 
  • Which parts of threat modeling and secure code review can be safely automated? 
  • How do you prevent hallucinations, false positives, and “AI-led security drift” without slowing delivery? 

• • How can Zero Trust be implemented across hybrid and multi-cloud environments? 
  • What evidence of resilience does regulators expect to see? 
  • How can systemic risk from single-cloud dependence be avoided? 
  • Can customer experience be protected while workflows are locked down? 

  Zafor Iqbal, Cyber Security Analyst – BlackRock 

• How do you embed post-quantum readiness into cloud strategy? 

• How can you secure serverless and containers without slowing delivery? 

• What AI analytics improve cloud threat detection accuracy? 

• Which cloud security capabilities will be baseline by 2028? 

Manoju Thalari, GCP Data Engineer – UBS

• Where do compliance frameworks overlap across borders, and how can the duplication be cut? 

• What makes a compliance budget credible as resilience spending? 

• When does compliance move from obligation to competitive advantage? 

• Which signals of audit readiness build market trust? 

Moderator: Alexander Abramov, Head of Information Risk -Financial Services 

Nishit Mehta, Vice President, Analytics Solutions Manager – JPMorganChase  

Robert LaRosa, Information Security Engineer - GELLER 

Experts go head-to-head, using real incidents and risks from the field. We’ll start with a live poll to see where the room stands, then run it again at the end to track if minds have shifted. 

The debate centers on one tough question: should we ever let technology act on its own during a live cyber incident in financial services? 

The audience is part of it too so ask your questions, share your views, and see how your take stacks up against your peers. 

Jessica Wilson, Business Information Security Officer – Bank of America 

Felipe Giraldo, Cyber Security Engineer –HELABA 

Which crisis hurts FS most today: AI fraud, regulator-pressure ransomware, or an insider leak? Pick one and solve it. Split into three teams (Technical, Board & Regulators, Communications & Customers). Each team has 8 minutes to agree on their top two actions in the first 24 hours, followed by quick share-backs and audience reactions.

Matthew Presson, CISO for the Americas - Bullish