CISO Financial Services schedule

During this 5-minute networking session, the aim of the game is to go and meet two people you don't already know.  

• How can sleepless nights, board politics, and regulator heat be managed without burnout? 

• Which AI-driven threats and hybrid risks are keeping CISOs awake in 2026? 

• When speed clashes with security and compliance with agility, how can the trade-offs be survived? 

• What do CISOs wish had been known before stepping into the role? 

Moderator: Mo Jamous, EX Chief Information Officer, Consumer & Business Banking – U.S. Bank

Matthew Presson, CISO for the Americas – Bullish

Paul Pak, Chief Information Security Officer, Head of Information Governance - Jennison Associates

Scot Miller, SVP, Information Security - Rocket (Advisory board member)

Christopher Russell, CISO & Head of Tokenization – TZERO GROUP

From ramp and dump schemes (pig butchering) to executive assassinations/executive cyber stalking, why you need to have a Brand and Executive Protection Program in the world of AI and why you need one now. 

An informal, interactive session where the audience will ask questions live, on the spot.

Speakers respond in real time to questions on AI risk and security, regulatory challenges (SEC, NYDFS, DORA), board-level communication, and building resilient cyber teams.

Moderator: Alexander Abramov, Head of Information Risk -Financial Services

Mo Jamous, EX Chief Information Officer, Consumer & Business Banking – U.S. Bank

Robert LaRosa, Information Security Engineer – GELLER

Johanthan Sander, Field CTO- Astrix Security

Financial services organizations face a uniquely complex attack surface – one where cybercriminals exploit exposed consumer identities, often without detection. At the center of this threat: infostealer malware, silently exfiltrating identity data including authentication cookies, credentials, and session tokens to bypass MFA and expose critical access points.

In this session, we’ll share our findings on how malware infections are fueling fraud, money laundering, and platform abuse across banks, insurers, and payment service providers. We’ll walk through a few real-world examples revealing how security and fraud teams are leveraging recaptured darknet data to detect the intersection of legitimate accounts with criminal marketplaces – surfacing hidden exposures before damage is done.

Whether it’s a single infected consumer device linked to fraudulent activity and 30+ suspicious accounts, or credentials surfacing on Telegram, these threats are happening now. Join us to better understand the lifecycle of malware-based threats and how leading financial institutions are using identity-centric strategies to prevent attacks using recaptured data.

Kelly Shortridge, Chief Product Officer -Fastly

• Potential fraud patterns targeting financial services through agentic AI
• Strategic principles for adaptive trust in authentication and transaction flows
• Decision criteria for evolving your security architecture beyond traditional bot detection

Experts go head-to-head, using real incidents and risks from the field. We’ll start with a live poll to see where the room stands, then run it again at the end to track if minds have shifted.

The debate centers on one tough question: should we ever let technology act on its own during a live cyber incident in financial services?

The audience is part of it too so ask your questions, share your views, and see how your take stacks up against your peers.

John Decker, Chief Technology Officer -Trian Partners

Mo Jamous, EX Chief Information Officer, Consumer & Business Banking – U.S. Bank

What risks come with AI-on-AI escalation between defenders and adversaries?

• How can effective oversight frameworks be built for AI-augmented SOCs?
• What early wins, and early fails are showing up in adopting agentic AI for security?
• How can human analysts stay in the loop when machines move first?
  

Moderated by Valery Milman - Sr. Manager, Systems Engineering - ForeScout

Ellis Wong, Chief Information Security Officer - JST Capital

Scot Miller, SVP, Information Security - Rocket (Advisory board member)

Mahesh Addanki, Cyber Security Engineer - BlackRock

• Which pipeline controls are best enforced through policy-as-code?
• How can security checks be safely delegated to dev teams in regulated contexts?
• What metrics demonstrate DevSecOps reducing audit findings?
• Where does human review still outperform automated tools in Financial Services?

The moderator will share a series of real-world statements, with the audience voting yes / no / maybe before opening the discussion. The focus is on how security, development, and operations actually work together in practice.

Topics include managing third-party risk in fast-moving cloud environments, navigating overlapping compliance requirements, measuring what really matters for boards, and whether current resilience and incident-response plans would stand up in a real event.

Julia Cherashore, Senior Fellow - Data Foundation / Adjunct Professor - Fordham University

• What SAB 122 changes for CISO accountability and audit scrutiny
• How “probable loss” is being interpreted, measured, and defended in practice
• The evolving institutional threat landscape once banks hold the keys
• How existing security, identity, and governance models must adapt conceptually

Companies that have developed world-class information security programs have achieved their goals by focusing on security within a risk-mitigation framework.

This session will reveal the five main habits shared by the most secure organizations. By focusing on these habits, organizations can spend much less on security while gaining a significant level of security.

AI is changing the nature of insider risk, amplifying the impact of trusted users and blurring the boundary between productivity and threat. As identities gain more power and controls struggle to keep pace, organisations must rethink insider risk through behaviour, context, and AI-driven defence.

• Who owns AI risk when models impact lending, underwriting, or fraud detection? 

• How do organisations embed AI monitoring into existing cyber and risk management frameworks? 

• What guardrails help prevent AI misuse without stifling innovation? 
• How should firms prepare for AI-specific incidents such as data leakage or model poisoning? 

Moderator: Neil Cohen, Head of Marketing - Portal26

Robert LaRosa, Information Security Engineer - GELLER

• Where cloud security breaks in real operating environments
• Where DevSecOps enables delivery, and where it introduces friction
• Which signals drive action versus noise during cloud incidents
• What leaders would simplify or remove from today’s cloud security stack

Moderator: Julia Cherashore, Senior Fellow - Data Foundation / Adjunct Professor - Fordham University

Mahesh Addanki, Cyber Security Engineer - BlackRock

Aaron Katz, Chief Information Security Officer-THE TCW GROUP

• Where do compliance frameworks overlap across borders, and how can the duplication be cut?
• What makes a compliance budget credible as resilience spending?
• When does compliance move from obligation to competitive advantage?
• Which signals of audit readiness build market trust?

Moderator: Alexander Abramov, Head of Information Risk -Financial Services

Nishit Mehta, Vice President, Analytics Solutions Manager – JPMorganChase

Robert LaRosa, Information Security Engineer - GELLER