Cyber Risk Agenda

Cyber Risk Agenda

Cyber Risk Summit

09:2009:30

Chair's opening remarks

09:20 - 09:30

Michael Barton

Senior director of quantitative assessments

United Health Group

Michael Barton is the Director of Operational Risk Quantification and Scenario Analysis at AIG.  In his role, he leads the development and implementation of operational risk stress testing, economic capital estimation, and allocation of those estimates to the business lines, as well as supporting the development of and quantification of operational loss scenarios for the organization.  In this role, Michael has worked extensively with cyber and business professionals around identifying and quantifying cyber risk.  Before working at AIG, Michael was the Head of the Regulatory Solutions Quantification group in U.S. Bank’s Corporate Treasury department.  In this role, he was responsible for CCAR/DFAST and Regulatory Capital modeling for Operational Risk as well as setting up a governance framework for models and analytical tools in the Corporate Treasury department.  Previous to those roles, Michael worked in an actuarial capacity at Sun Life Financial in Boston handling variable annuity reserving, fixed and variable annuity lapse study estimations, and retirement product pricing.  He held a similar variable annuity reserving role in Security Benefit Corporation in Topeka, KS before that.  Michael has a Bachelor’s Degree in Mathematics with an Actuarial Emphasis, and a Master’s Degree in Theology.

09:3010:30

Cybersecurity Metrics 

09:30 - 10:00

Thumbnail

 

Cybersecurity risk is a known concern, but the current decision making process is not decreasing the number of breaches.  59% of organizations experienced a significant or material breach in the last 12 months.  The role of the CISO is often still viewed as compliance-driven, the role needs to change from mandate driven (compliance) to mission driven (agent of change).  Boards are increasingly involved in cybersecurity, but require additional insight as well as responsibility in the process.  To fulfill their oversight role and make informed decisions, they seek richer communications in terms they can understand.  This session will discuss how metrics can be used to address these challenges, drive value to the business, improve the cybersecurity posture of an organization and provide clear returns of investments on security initiatives on which to make decisions as well as establish a partnership between the CISO and Board.  Topics will include what metrics to report, how to tell a forward facing story driven by underlying metrics for clear decision-making and pitfalls to avoid.

Steve Ingram

Managing director cyber security technology consulting New York

EY

Steve is EY’s Financial Services  (FSO) Cyber Security and Privacy Leader for the Americas. Steve brings more than 30 years of experience in Consulting, Banking, Cyber and FinCrime.

•Steve’s team deliver Cyber and Privacy services in each of the Banking Capital Markets, Insurance, and Wealth & Asset Management sectors
•Formerly the Asia-Pacific Cyber Lead and Leader of the Australian Risk Management Practice for another Big-4, Steve was also formerly a General Manager with the Commonwealth Bank of Australia (CBA)
•He has helped clients in 28 countries design their cyber strategy, transform and deliver security operations and governance, manage incidents and breaches, prepare and respond to regulatory matters, and assist with Board member training and development.

Kevin Zerrusen

Managing director cyber security technology consulting New York

EY

With a background in Banking as well as the Regulatory and Intelligence communities Kevin provides cybersecurity services to the financial sector and is responsible for developing EY’s Cyber Metrics for Boards and CISO Dashboard offerings. 

•Kevin’s role immediately before EY was Senior Advisor for Cybersecurity Policy for the Chairman of the SEC
•Prior to the SEC, Kevin was a Managing Director at Goldman Sachs (GS) where he led initiatives to strengthen the technology risk governance, incident management, and insider threat program. 
•Kevin also led a 2,000+ person cyber center at CIA, where he was responsible for collecting, analyzing, and evaluating and countering foreign cyber threats.

10:3011:00

Coffee break and virtual meet-ups

14:45 - 16:30

Take advantage of our AI powered networking tool! Match-make with like-minded firms, vendors, academics, consultants and specialists. Benchmark with your colleagues, grab a coffee with a consultant or a tech vendor, visit our exhibition area or join one of our chat groups.

11:0012:00

How are firms quantifying cyber risk in the current landscape?

11:00 - 12:00

Milliman CRS

 

  • Cyber quantification: how is this impacting monitoring models for fraud and aml?
  • What can be said of third parties and  the global supply chain?
  • How can organizations identify where exposures lie, what the potential costs of a cyber loss could be and how best mitigate risk and potential reputational damage.

Chris Beck

Executive risk consultant

Milliman

Chris is a member of Milliman’s Cyber Risk Solutions (CRS) practice group.  The practice delivers a portfolio of risk consulting services, such as enterprise risk design, cyber risk assessment and quantification, test and build projects, operational risk assessments, enterprise risk management (ERM) education and training, and ERM technology evaluation. The CRS practice uses diagnostic consulting strategies to understand an organization’s enterprise risk goals and challenges and then customize solutions to deliver required business results. 

EXPERIENCE

Chris has 15 years of professional experience.  His experience includes work in the banking, insurance, capital markets and card sectors helping clients assess and mitigate risk. 

Prior to joining Milliman, Chris was a Senior Manager in Accenture’s Finance and Risk Management Consulting practice, delivering work for global financial service clients.   Additionally, Chris served as an active duty Naval Officer and has multiple overseas deployments. 

Professional experience and subject matter advisory includes: 

  • Cyber Security metrics and governance
  • Financial Service Regulatory and Compliance initiatives
  • Risk Management 
  • Corporate and Risk Governance
  • Surveillance 
  • Financial Services operating model and cost reduction
  • Regulatory remediation and responses
  • Legal department risk and optimization
  • Leading large cross functional projects and teams

EDUCATION

  • BS Political Science, University of Wisconsin–Madison
  • MBA, University of Chicago – Booth School of Business

Sophia Kazinnik

Quantitative research

Federal Reserve Bank of Richmond

Michael Barton

Senior director of quantitative assessments

United Health Group

Michael Barton is the Director of Operational Risk Quantification and Scenario Analysis at AIG.  In his role, he leads the development and implementation of operational risk stress testing, economic capital estimation, and allocation of those estimates to the business lines, as well as supporting the development of and quantification of operational loss scenarios for the organization.  In this role, Michael has worked extensively with cyber and business professionals around identifying and quantifying cyber risk.  Before working at AIG, Michael was the Head of the Regulatory Solutions Quantification group in U.S. Bank’s Corporate Treasury department.  In this role, he was responsible for CCAR/DFAST and Regulatory Capital modeling for Operational Risk as well as setting up a governance framework for models and analytical tools in the Corporate Treasury department.  Previous to those roles, Michael worked in an actuarial capacity at Sun Life Financial in Boston handling variable annuity reserving, fixed and variable annuity lapse study estimations, and retirement product pricing.  He held a similar variable annuity reserving role in Security Benefit Corporation in Topeka, KS before that.  Michael has a Bachelor’s Degree in Mathematics with an Actuarial Emphasis, and a Master’s Degree in Theology.

Steve Bishop

Head of risk information & insurance

ORX

Steve Bishop is responsible for developing and implementing the strategy for risk information activities within the ORX, the world’s largest operational risk association. He also leads the ORX insurance service, including managing the global insurance loss data service, and running working groups and events specifically tailored for insurance firms. Risk information includes responsibility for ORX Scenarios – a service that supports organisations with effective scenario development; data standards; developing the ORX Reference Taxonomy; the ORX quality assurance framework (governing loss data services); and the development of ORX services to support the management of material risks, for example the ORX Cyber service that Steve and his team are in the process of launching. Steve has been at ORX for three and a half years and prior to joining held a number of risk management positions in both banking and insurance.  

Ben Desjardins

Vice president of marketing

Archer

Ben Desjardins is Vice President of Marketing at Archer, a leading provider of integrated risk management solutions for global enterprises. In this role, Ben guides the market-driven strategies that ensure that the Archer portfolio is addressing the most pressing needs of customers as they look to evolve their Risk Management function in conjunction with business transformation. He also leads the market and customer research efforts of Archer, spending extensive time with customers discussing how  their needs are evolving as they extend their use of technologies across all aspects of their operations.

Ben has over 20 years of experience across a wide array of risk and security technologies and disciplines, including regulatory compliance, GDPR/privacy regulations, business continuity management, Identity management, Threat/Vulnerability Management, and various risk and security domains specific to digital business. Additionally, Ben has led global go-to-market efforts across many industries including retail, Ecommerce, financial services, manufacturing, public sector and healthcare/life sciences.

12:0012:30

Chair's summary and e-networking

12:00 - 12:30

09:0010:00

Cloud Security: rethinking cybersecurity, risk and audit processes

13:45 - 14:30

Thumbnail

 

Cloud and containers are forcing organizations to rethink their cybersecurity, risk and audit processes. In this workshop we will address the main challenges that organizations are facing in their secure Cloud adoption. We will have a fireside chat with one of our cloud security partners leading the cloud security for a client migrating applications to cloud technologies. The fireside chat will be managed as a two-way interview sharing our experiences and thoughts on topics like CISO cloud security programs and the need for new cyber management processes that are driven by the Cloud philosophy. We will discuss the security challenges that organizations are facing in their Cloud adoption journey. Our topics will include hybrid cloud and multi-cloud architectures addressing the role of cloud-native security tooling for the zero-trust model implementation. We hope that this discussion will drive improved cloud security and risk management towards the enablement of secure and trusted Cloud environments.

Alex Shulman-Peleg, PhD,

Cloud Cybersecurity Consulting

EY

Alex Shulman-Peleg, PhD, is leading Cloud Cybersecurity Consulting services in the Americas. She is supporting multiple clients in their secure enablement of public clouds and container technologies, addressing all of the involved cybersecurity and regulatory requirements. In her previous role, she was a director of cloud security at Citibank, where she has established and led a CISO cloud security program, as well as cloud-native security engineering. In her role, she was responsible for the cloud and container security solutions, processes and architectures, delivering protection, detection and auto-remediation in public and private clouds.  She has over 20 years of technological leadership, 12 of which focus specifically on Cloud security. She holds PhD, MSc and BSc degrees in Computer Science from Tel-Aviv University. She has multiple patents and more than 30 scientific publications having thousands of citations.

Brendan Hannigan

CEO

Sonrai Security 

 

 


Brendan is co-founder and CEO of Sonrai Security a public cloud governance and security provider.  Brendan most recently served as Chairman of Twistlock, the container security pioneer, until its successful acquisition by Palo Alto Networks.  Previously, Brendan was the general manager of IBM Security which grew to be a $2B business under his leadership.  Before that he was president and CEO of Q1 Labs, a pioneer and leader in the security intelligence and analytics market.  Brendan also serves on the boards of Tausight (healthcare security) and Flashpoint (risk intelligence).

10:0010:30

Coffee break and virtual meet-ups

14:45 - 16:30

Take advantage of our AI powered networking tool! Match-make with like-minded firms, vendors, academics, consultants and specialists. Benchmark with your colleagues, grab a coffee with a consultant or a tech vendor, visit our exhibition area or join one of our chat groups.

10:3011:15

Data governance during crisis: managing controls, third parties and resilience

10:30 - 11:15

  • With the dynamic shifts given the pandemic, how is your organization seeing and managing this change?
  • Best practices and what firms should look to next - Business resilience, playbook, operational / technical frameworks, etc
  • What are some of the investments and areas that your organization are currently positioning? from investment and risk perspective

 

Eric Lui

Professor

New York University

Bridging social innovation and education using emergent technologies, entrepreneurship, diversity and inclusion for next generational impact
Eric Lui is a senior executive/board advisor, emergent technology innovator/entrepreneur, angel investor and transformational thinker with over 20 years of experience in the financial services, technology, academia, and public sectors. Eric has served over two dozens clients globally within the Financial Services, Healthcare, Supply Chain, Technology areas, internationally recognized and is involved in numerous social impact initiatives with organizations like the United Nations’ via the Global Summit, Sustainability Development Goals (SDG2030) Forum; Science Technology and Innovation (STIC) Forum, Brookings Institute, and US Chamber of Commerce. He has also contributed thought leadership and articles around Finance, Technology & Innovation, Risk Management and has spoken, keynoted, paneled, and published in CIO, Leadership Council, Waters Technology, RiskUSA, Professionals Risk Management Association, Asian American Business Development Council, Sino-Asian Pharma Association, US-China Foreign Relations and many more prominent events/institutions. 
Eric is a distinguished professor at New York University and City University of New York’s Baruch College where he teaches Business Strategy, Innovation, and Organizational Ethics. He has been recognized as the Global Outstanding 50 Asian Americans for his accolades and contributions to business, academia and social communities. He was also nominated for OnTechnology’s Global Disruptor and Innovator Award and FinExt Excellence Award in Finance in 2019. Through his involvement, he has been invited to across local and international colleges to speak with students, student organizations, and industry associations on mentoring, career inspiration, and diversity and inclusion. He has mentored and lectured to over thousands of next generational leaders/students, new workforce employees, employee resource groups on:  
•    4th Industrial Revolution – “Innovation as a culture and how organizations embrace 4IR”
•    Workplace Innovation – “Development & Training, Innovation Labs and Inclusive Innovation”
•    Diversity & Inclusion – “How D&I is changing the culture and conduct landscape”
•    Mentoring – “Importance of mentorship, where to find and how to ask for one”
•    Entrepreneurship – “Taking control and making your own luck” 
•    Organizational Behavior & Ethics – “Your role as an ethical practitioner when organizations are disrupted” 
•    Technology – “Acknowledge it. Understand It. Embrace It.” 
•    Upskilling/Re-skilling – “How to transform yourself when the robots invade”
•    Social Impact Innovation for the greater good – “Investing the next billion dollars for the billions in society”

Bala Ayyar

MD, chief data officer - Americas

Societe Generale

Born and brought up in Mumbai India, Bala Ayyar has worked in the field of Finance & Accounting and Banking for more than thirty years. Bala holds professional accounting qualifications from both India and the United States. He has an undergraduate degree in mathematics from the University of Mumbai.

Since joining SG in 2009, he has held a range of positions. Currently, he is the Chief Data Officer, SG Americas, with responsibility for data management and governance within the Region. This function is responsible for implementing the requirements of BCBS 239, establishing sound data governance framework that meets Group needs and local supervisory expectations and creating a solid platform for the data to be leveraged for strategic business decisions. Prior to that, he headed up the Project Management Office for the SG US Transformation project. Roles before that included Head of Finance Offshoring in SG Bangalore and Deputy CFO of the Americas Region of their Corporate & Investment Bank.

Prior to joining SG, Bala was with the Imperial Bank of Commerce (CIBC) for fourteen years in a range of positions in Toronto and New York. As Senior Vice President of the Wholesale North America Finance, he headed up the controllership function for CIBC's World Markets and Treasury & Risk Management Strategic Business Units within North America. With a total team of about 175 individuals across Toronto and New York, he was responsible for establishing a SOX-compliant industry-leading Finance control environment as well as supporting the efficient execution of business initiatives and managing the Finance related US regulatory relationships during a very demanding period. Prior to that, he also had stints as the business-line controller for the Bank's US origination businesses (Corporate Lending, Investment Banking, Merchant Banking, Structured Finance and High Yield), as well as the 2/ic to the Chief Accountant, with responsibility for consolidated financial, management and regulatory reporting at the corporate level.

Prior to CIBC, he was with the public accounting firm of KPMG for 10 years, mostly in Bahrain in the Middle East. He held a range of positions culminating in Senior Manager. Responsible for assurance and consulting engagements for offshore banks, focused on technical excellence, customer satisfaction and practice profitability. He was the Engagement Senior Manager for the region's second-largest bank and also played a key role in setting up a Treasury consulting specialization within KPMG Bahrain.
Bala Ayyar lives in Basking Ridge, New Jersey, is married with two children and enjoys long-distance running.

Michael Kenney

Vice president operational risk asset management and operations multi-family

FreddieMac

As Vice President of Operational Risk, Michael leads the first line of defense risk management for financial crimes, privacy and information security, business resiliency, vendor management and compliance with regulatory requirements. Mike and his team establishes the risk direction by aligning the Multifamily Governance Framework with the business operating model. He continually improves governance by understanding the multifaceted drivers that effect risk environment.

Our Cyber Risk Summit partners

EY is a leader in serving the financial services industry

We understand the importance of asking great questions. It’s how you innovate, transform and achieve a better working world. One that benefits our clients, our people and our communities. Finance fuels our lives. No other sector can touch so many people or shape so many futures. That’s why globally we employ 26,000 people who focus on financial services and nothing else. Our connected financial services teams are dedicated to providing assurance, tax, transaction and advisory services to the banking and capital markets, insurance, and wealth and asset management sectors. It’s our global connectivity and local knowledge that ensures we deliver the insights and quality services to help build trust and confidence in the capital markets and in economies the world over. By connecting people with the right mix of knowledge and insight, we are able to ask great questions. The better the question. The better the answer. The better the world works.


Milliman is an independent, privately owned, global professional services firm. Our legacy is actuarial science; we have become a global leader in actuarial services, risk and predictive analytics. Our background and business model is driven by our client focus using rigorous quantitative techniques applied to risk assessments and modeling.

Milliman’s Cyber Risk Solutions (CRS) is composed of a cross-functional team with complementary skills sets:

  • Enterprise Risk Management and Operational Risk
  • Emerging threat detection and modeling
  • Consumer behavioral data and time series analytics
  • Data sciences, including predictive modeling
  • Regulatory remediation
  • Actuarial science

Milliman CRS understands the quantification of operational risks such as conduct, vendor, cyber, reputational, climate, disgruntled employee, etc. is becoming ever more important. We understand where models that quantify risk are beginning to fail and how decision makers can take actionable steps to mitigate financial losses.