CISO Boston schedule

During this 5-minute networking session, the aim of the game is to go and meet two people you don't already know.  

• How can sleepless nights, board politics, and regulator heat be managed without burnout? 

• Which AI-driven threats and hybrid risks are keeping CISOs awake in 2026? 

• When speed clashes with security and compliance with agility, how can the trade-offs be survived? 

• What do CISOs wish had been known before stepping into the role? 

Moderator: Mo Jamous, EX Chief Information Officer, Consumer & Business Banking – U.S. Bank

Matthew Presson, CISO for the Americas – Bullish

Paul Pak, Chief Information Security Officer, Head of Information Governance - Jennison Associates

Scot Miller, SVP, Information Security - Rocket (Advisory board member)

Christopher Russell, CISO & Head of Tokenization – TZERO GROUP

From ramp and dump schemes (pig butchering) to executive assassinations/executive cyber stalking, why you need to have a Brand and Executive Protection Program in the world of AI and why you need one now. 

An informal, interactive session where the audience will ask questions live, on the spot.

Speakers respond in real time to questions on AI risk and security, regulatory challenges (SEC, NYDFS, DORA), board-level communication, and building resilient cyber teams.

Moderator: Alexander Abramov, Head of Information Risk -Financial Services

Jessica Wilson, Business Information Security Officer – Bank of America

Mo Jamous, EX Chief Information Officer, Consumer & Business Banking – U.S. Bank

Robert LaRosa, Information Security Engineer – GELLER

Johanthan Sander, Field CTO- Astrix Security

Speaker and topic to be announced 

• How can deepfake fraud, model poisoning, AI-powered phishing, and AI in credit or lending decisions be stopped? 

• Who owns AI risk, and which frameworks or guardrails keep innovation safe? 

• Who carries the liability when AI fails in FS? 

• How is AI risk best reported in board language? 

• What playbooks work for AI-specific incidents like data leakage or model poisoning?

The moderator throws out a statement, and you raise your hand: yes, no, or maybe.  

Topics include third-party risk, overlapping compliance, board metrics that miss the point, and whether resilience plans would hold up.  

Julia Cherashore, Senior Fellow- DATA Foundation 

What risks come with AI-on-AI escalation between defenders and adversaries?

• How can effective oversight frameworks be built for AI-augmented SOCs?
• What early wins, and early fails are showing up in adopting agentic AI for security?
• How can human analysts stay in the loop when machines move first?

Ellis Wong, Chief Information Security Officer - JST Capital

• Which pipeline controls are best enforced through policy-as-code? 

• How can security checks be safely delegated to dev teams in regulated contexts? 

• What metrics demonstrate DevSecOps reducing audit findings? 

• Where does human review still outperform automated tools in Financial Services? 

Ellis Wong, Chief Information Security Officer - JST Capital  

Every week there’s another “must-have” tool. In this session we run through common practices — IaC scanning, SAST/DAST, secrets management, SBOMs, automated checks, and more. For each one, you vote: real value or just noise. A few volunteers share why. 

Jessica Wilson, Business Information Security Officer – Bank of America 

• How do you embed post-quantum readiness into cloud strategy?
• How can you secure serverless and containers without slowing delivery?
• What AI analytics improve cloud threat detection accuracy?
• Which cloud security capabilities will be baseline by 2028?

Manoju Thalari, GCP Data Engineer – UBS

• Who owns AI risk when models impact lending, underwriting, or fraud detection? 

• How do organisations embed AI monitoring into existing cyber and risk management frameworks? 

• What guardrails help prevent AI misuse without stifling innovation? 
• How should firms prepare for AI-specific incidents such as data leakage or model poisoning? 

Moderator: Neil Cohen, Head of Marketing - Portal26

Robert LaRosa, Information Security Engineer - GELLER

• Where do compliance frameworks overlap across borders, and how can the duplication be cut? 

• What makes a compliance budget credible as resilience spending? 

• When does compliance move from obligation to competitive advantage? 

• Which signals of audit readiness build market trust? 

Moderator: Alexander Abramov, Head of Information Risk -Financial Services 

Nishit Mehta, Vice President, Analytics Solutions Manager – JPMorganChase  

Robert LaRosa, Information Security Engineer - GELLER  

• What SAB 122 changes for CISO accountability and audit scrutiny
• How “probable loss” is being interpreted, measured, and defended in practice
• The evolving institutional threat landscape once banks hold the keys
• How existing security, identity, and governance models must adapt conceptually

Experts go head-to-head, using real incidents and risks from the field. We’ll start with a live poll to see where the room stands, then run it again at the end to track if minds have shifted. 

The debate centers on one tough question: should we ever let technology act on its own during a live cyber incident in financial services? 

The audience is part of it too so ask your questions, share your views, and see how your take stacks up against your peers. 

Jessica Wilson, Business Information Security Officer – Bank of America

John Decker, Chief Technology Officer -Trian Partners

Mo Jamous, EX Chief Information Officer, Consumer & Business Banking – U.S. Bank