2024 OBL Security & Tech Conference Brochure

In today’s uncertain world, bank security - both physical and cyberremain of utmost importance to an institution’s customers, employees and community. The Ohio Bankers League once again offers its information-packed, combined Security and Technology Conference.

This program features two tracks that can be attended individually or together. A bank may also share a seat at the program to save valuable dollars.

WHO SHOULD ATTEND

This program is designed for those who are responsible for physical security, cybersecurity, fraud, IT planning, network administration, information security and operations, as well as any others who are responsible for making technology decisions at your institution, including senior level management.

THANK YOU TO OUR SPONSORS

KEYNOTE

SBS CyberSecurity

Virtual Innovations

PRESENTING

OBL BankServices

WIFI

Plante Moran

BREAK

Security Track

April 10

Tech Track

April 11 & 12

Questions?

Susan Poling Jones

614-340-7611 spoling@ohiobankersleague.com

Registration Assistance?

Megan Peiffer mpeiffer@ohiobankersleague.com

2024 OBL SECURITY & TECHNOLOGY CONFERENCE AGENDA

SECURITY TRACK - APRIL 10

8 – 8:30 a.m. Registration & OBL BankServices Expo

8:30 – 9:30 a.m. Welcome and Trends and Indicators Impacting Your Bank’s Security

9:30 – 9:45 a.m. OBL BankServices Expo & Break

9:45 – 10:45 a.m. Trends in Organized Check Fraud: Know Your Adversary

10:45 – 11 a.m. OBL BankServices Expo & Break

11 a.m. – 12 p.m. Anatomy of a Robbery

12 – 12:45 p.m. Lunch & OBL BankServices Expo

12:45 – 1:45 p.m. Tips to Prune and Sculpt Your Fraud Mitigation Program for Maximum Effectiveness

1:45 – 2:15 p.m. OBL BankServices Expo & Break

2:15 – 3:45 p.m. Security Strategies That Won’t Break the Bank

3:45 – 4 p.m. OBL BankServices Expo & Break

4 – 5 p.m. Ask Me Anything Panel

TECH TRACK DAY 1 - APRIL 11

8–8:30 a.m. OBL BankServices Expo

8:30–9:45 a.m. Welcome/Welcome Back & CyberSecurity Mindset: How to Move from Reactive to Proactive

9:45 - 10 a.m. OBL BankServices Expo & Break

10 – 11 a.m. Cyber 201: Four Basic Truths of Information Security

11 – 11:15 a.m. OBL BankServices Expo & Break

11:15 a.m. – 12 p.m. Concurrent Breakout Sessions

12 – 1:15 p.m. Converse & Connect & Lunch

1:15 – 2 p.m. Concurrent Breakout Sessions

2 – 2:30 p.m. OBL BankServices Expo & Break

2:30 - 4 p.m. Regulator Panel Discussion

JOIN US! Thursday, April 11

4:30 - 6 pm

Networking Reception - Embassy Suites

Attend this casual networking reception, which includes light hors d’oeuvres and complimentary beverages.

TECH TRACK DAY 2 - APRIL 12

VIRTUAL TRADE SHOW EXHIBITORS

Visit with exhibitors to become aware of tools, products and resources to more effectively

• Aasys Group, Inc.

• Bytespeed

• COCC, Inc.

• Community Banc Consulting

• Edge One

• EndeavorIT

• Harbour Technology

• Ideal Integrations

• infotex

• QSI, Inc.

• SBS CyberSecurity

• SEI Sphere

• Virtual Innovations

• Young and Associates, Inc

8–8:30 a.m. OBL BankServices Expo

8:35 – 9:20 a.m. Your Liability as an ISO

9:20 – 9:40 a.m. OBL BankServices Expo

9:40 – 11 a.m. Open Forum Discussion

11 – 11:15 a.m. OBL BankServices Expo & Break

11:15 a.m. –12:15 p.m. Unraveling the Digital Maze: Insights from Incident Response Cases

12:15 – 1:30 p.m. Lunch, Prizes & Closing Keynote Session –Leading for the Future: AI in Banking

TRACK –

GENERAL SESSIONS

When the Crystal Ball Shatters: Trends and Indicators Impacting Your Bank’s Security

Jim Rechel, Owner, The Rechel Group, Inc.

Many business leaders find themselves confronted with difficult decisions and lament the fact that they don’t have a crystal ball to see the future. But often the signs of “what the future holds” are right in front of us. This session will provide insight into current trends and societal changes, and their impact on criminal activity and bank security. Many of the indicators predict more difficult challenges for your bank, and some of these societal changes threaten to shatter long-held principles that underpin your security strategies. Hear ideas, concepts, and information from a perspective you may not have considered.

Trends in Organized Check Fraud: Know Your Adversary

Jim Rechel, Owner, The Rechel Group, Inc.

Take a look inside at various national and international organized crime groups that are currently active in the Midwest. From South American Theft Groups to Homeless Check Cashing rings, to the never-ending Felony Lane Gang and more, this session will describe the patterns and the efforts that law enforcement is using to address the perils and how banks can collaborate with local, state and Federal law enforcement to stem their losses.

Anatomy of a Robbery: How One Bank Dealt with Being the Target of an Organized Ring

When a highly organized group of robbers targeted banks in the Columbus area, no one knew the extent of their planning and the impact it would have on bank employees and law enforcement. This session will reveal a look inside the real time impacts of bank robbery events and lessons learned from a targeted local bank.

Tips to Prune and Sculpt Your Fraud Mitigation Program for Maximum Effectiveness

Elissa Brewer, Senior Risk Management Consultant, Abrigo Advisory Services

All institutions have to deal with fraud. Your fraud program should be unique to your institution. Join us for a session packed with proven suggestions for mitigating fraud at your institution. Session takeaways include:

• Automated vs. manual monitoring tactics;

• Current trends and how they work;

• Ways to identify and mitigate fraud related to elder financial exploitation, check fraud, and more

Security Strategies That Won’t Break the Bank

Carol Dodgen, Principal, Dodgen Security Consulting, LLC

Security can be a hard sell. It can be expensive and its effects difficult to measure. In this session, attendees will learn costeffective techniques to maximize branch security and make your bank a less attractive target to criminals. The instructor will examine ways of supplementing necessary technology with less expensive methods of crime prevention to create a safer environment for both employees and customers. Attendees will learn how to recognize critical weaknesses and patterns of behavior that can be exploited, and methods of mitigating risk. Plus, learn how to conduct physical risk assessments to identify vulnerabilities, and the importance of an overlapping and consistent approach to physical security, policies, procedures, and training. Highlights include:

• Crime Prevention Through Environmental Design

• How and when to conduct assessments

• Combatting problematic design features

• Using landscaping to your advantage

• Altering behavior by changing the environment

• Thinking like a criminal

• Current case studies and more

Join Security Track presenters for an open Q&A session to end the day, facilitated by Jim Rechel. Questions can be submitted throughout the conference or asked live during the session. The discussion also provides a unique opportunity for peer and best practices sharing.

TECH TRACK – DAY 1 – THURSDAY, APRIL11

GENERAL SESSIONS

CyberSecurity Mindset: How to Move from Reactive to Proactive

IS Consulting/

The responsibility for managing and overseeing any organization today is massive and has evolved greatly over the last 10 years to include investments in technology and cybersecurity. The Board of Directors and senior management are held accountable to the organization’s shareholders, employees, customers, the community they serve, and (in many cases) regulators. However, while more organizations work hard to be proactive with finances and operations, oversight of technology and cybersecurity tends to yet be very reactive. Funding and resources are typically very limited until an incident occurs that jeopardizes the operations of the business. This presentation will cover the benefits of moving from a reactive to proactive cybersecurity mindset, including:

• Differences between a reactive and proactive cybersecurity mindset;

• Results of a proactive cybersecurity mindset;

• Tactical advice for being proactive; and

• Creating a culture of cybersecurity solutions.

Cyber 201 - Four Basic Truths of Information Security

Dan Hadaway, Founder, infotex

In a landscape where complex risks emerge daily, revisiting the basics can help. But how? This session is not just a refresher; it’s a fresh lens on familiar principles, correlating them to four foundational truths. Operations, security, fraud, and the board – the management team – needs an understanding of technology risk that goes beyond the basic user controls we teach every year. What are the component parts of an information security system that management should know? How do we teach them? Looking at our information security program through the perspective of four basic truths will prepare us to arm our team.

IT REGULATORY PANEL

This session includes need-to-know information about your next IT examination as regulators join us for presentations and dialogue. Panelists include:

• Arfan Ali, IT Examiner, ODFI

• Nayan Patel, Bank Information Technology Lead Expert, OCC

• Wendy Posewitz, IT Examiner, FDIC

• Matt Tolbert, Senior Cybersecurity Specialist, Federal Reserve Bank of Cleveland

CONCURRENT BREAKOUT SESSIONS

11:15 a.m. -12:00 p.m.

XDR, SOAR or SIEM? A Lot of Letters. A Lot of Value?

Paul Elder, EVP, Chief Compliance Officer, Community Bank Consulting Auditors and examiners are often recommending or requiring that the bank implement XDR, SOAR, or SIEM technology. Why? This session will discuss these technologies, their differences and what it actually means, what CAT statements and FFIEC requirements it satisfies, and more importantly, the scope of implementing this technology and how to prepare for it. Attendees will:

• Learn why a bank will be required to have it in the near future, how to prepare for implementation, and how it should be deployed.

• Find out the financial, labor and time impacts; and

• Discover how XDR, SOAR, or SIEM helps the bank protect information.

Vendor Management: Are You “Really” Managing Your Vendors or Are You Just “Checking a Box?”

Colin Taggart, Cybersecurity Principal, Plante Moran

Vendor management can be an overwhelming task and can unfortunately turn into a “check the box” activity that fails to address the biggest risks to banks. While regulators continue to raise the bar on vendor management requirements, management should evaluate the right types of vendors at the right time via the right means. This session will highlight best practices in vendor risk management, including evaluating SOC Reports, the pros and cons of vendor risk management tools, and building a program that provides value to management. This session will include:.

• Key highlights when reviewing SOC reports.

• Considerations to evaluate internal developed vs. vendor tools to support vendor management.

• Advice for how IT should play a role in vendor management, but not be the overall program owner.

CONCURRENT BREAKOUT SESSIONS

1:15 p.m. -2:00 p.m.

Is it Time to Switch to the Cloud?

Jon Waldman, Chief People Officer/EVP IS Consulting/President, SBS Institute

Many businesses are moving from traditional on-premise networking architectures to cloudhosted networking solutions. From the best next-gen security controls to more flexibility around remote users and devices, the reasons for exploring cloud-hosted networks are plentiful. Learn the pros, cons, risks and rewards of cloud-hosted environments, and what you need to know if you’re looking to shift to the cloud, including:

• Today’s Cloud Computing Environments;

• Pros and Cons of moving to the Cloud;

• Cloud Risk Mitigations; and

• Must-Have Cloud Configurations and Documentation

IT Audit & Exam Findings

Adam Reynolds, Senior Staff Auditor, infotex

As part of IT auditing, past IT audit and relevant examination findings are reviewed to ensure proper tracking and mitigation efforts. Over the course of the year, these findings provide an overview of common (and uncommon) recommendations we have or see to address IT deficiencies. Hear what infotex has seen in the past year to make you aware of what issues your peers are facing, as well as provide insight into areas you may want to investigate at your institution help prepare for your next IT audit or examination. Attendees will:

• See the biggest compliance issues seen as an audit firm.

• Gain an awareness of the types of recommendations that have been seen on findings.

• Leave with a better idea of the findings that may come up and how to mitigate them.

GENERAL SESSIONS

Your Liability as an ISO

Tim Wolfgang, Manager, Risk Advisory Services, and Stephen Bish, Lead Cybersecurity Strategist, Schneider Downs & Co., Inc.

Cybersecurity can no longer be overlooked as a core risk management domain within many organizations. Boards are being pressed to demonstrate oversight of cybersecurity risk management programs by regulatory changes and the impact cyber events can have on a company’s financial performance, reputation and strategic plans. This session will dive into the details of why SolarWinds’ former CISO is being held personally accountable for recent breaches, what types of information boards of directors need to have put in front of them, and how attackers are already using cybersecurity governance and reporting regulations against their targets. Attendees will:

• Understand the current regulatory landscape and recent events around Cybersecurity governance;

• Review how the regulatory landscape is shaping new responsibilities for Corporate Boards of Directors and ISOs; and

• Learn what information boards need to evaluate the adequacy of cybersecurity risk management.

Open Forum Discussion

Join OBL IT Forum facilitators Jon Waldman and Dan Hadaway for a lively discussion as attendees pose questions to the instructors and fellow attendees. Diver deeper into conference topics, peer share, or bring up new topics of interest. Topics and questions may also be submitted in advance of the session.

Unraveling the Digital Maze: Insights from Incident Response Cases

Tyler Hudak, Practice Lead, Incident Response, TrustedSec

Jump into the stories of real-life cyber incidents during this session. The presenter will uncover how each incident started, perform a deep dive into the investigation, what the outcome of the case was, and what could have been done to prevent the incident. Learn reallife lessons about cybersecurity, what digital forensic investigations can and cannot determine, and the mistakes to be avoided during an incident.

Leading for the Future: Artificial Intelligence in Banking

Tim Shangle, VP of Treasury Sales & Digital Strategy, ChoiceOne Bank

While banking has long been technology-dependent and data-intensive, new data-enabled AI technology has the capability to drive business outcomes further and faster than ever before. This demonstrative session will help you better understand the evolving landscape of opportunities and how to strategically deploy and leverage technologies to remain relevant.

GENERAL INFORMATION

REGISTRATION

Registration prices below include all conference sessions and materials, as well as meals and reception as outlined on the program agenda.

3-DAY SECURITY & TECHNOLOGY CONFERENCE

$895 per OBL member

$1,790 per nonmember banker

SECURITY TRACK ONLY (APRIL 10)

$395 per OBL member

$790 per nonmember banker

TECH TRACK ONLY (APRIL 11 & 12)

$595 per OBL member

$1,190 per nonmember banker

OBL IT FORUM (INCLUDES 3-DAY SECURITY & TECHNOLOGY CONFERENCE)

$1,995 per OBL member

$3,990 per nonmember banker

CANCELLATION POLICY

Cancellations received in writing at least seven business days prior to the meeting will be refunded minus a $75 processing fee. No refunds will be available after March 27. Substitutions are welcome at any time.

HOTEL ACCOMMODATIONS

The 2024 OBL IT Forum offers real-world scenarios and real-world solutions to common cyber issues. The program aims to give IT professionals a better understanding as to how cybersecurity fits into their information security program in order to promote confidence in their daily responsibilities and set them up as cybersecurity experts.

Membership includes the full 3-day Security & Technology Conference, as well as programs on May 30, August 20 & November 19. Contact Susan Poling Jones at 614-340-7611 for more details.

www.ohiobankersleague.com

the QR code for registration information about the 2024 IT Forum.

This program will be held at The Embassy Suites Columbus Airport, 2886 Airport Drive, Columbus, OH, 43219, Columbus, OH, 43231. To make an overnight reservation for $149/night within the OBL Room Block, call 1-800-EMBASSY and reference code “OBL” to make a reservation by end of day, Tuesday, March 26. Reservations received after March 26 will be accepted on a space or rate available basis.