Monday, Aug. 1, 2016

8:15 - 9 a.m.: Registration, breakfast

9 - 9:15: Opening Remarks and Welcome -- Brian Knight, General Counsel, NASCUS; Chad Nordstrom, CliftonLarsonAllen

9:15 - 10:30: Status of InfoSec as of August 2016 -- Chad Nordstrom, CliftonLarsonAllen PRESENTATION: CLICK HERE

10:30 - 10:45: Break

10:45 - 11:30: Cybersecurity, Breaches and Litigation -- Bruce Jolly, Reed & Jolly; Rich Schulman, Esp Kruezer Cores, LLC; As breaches continue and costs increase, litigation among market place participants is increasing. This session will survey developments in cyber litigation. PRESENTATION: CLICK HERE

11:30 - 12:15 p.m.: The GLBA, the FCRA, the NCUA, and the State: Understanding the Laws Protecting your Members’ Information -- David Reed, Reed & Jolly; The overlapping statutory and regulatory framework governing the protection of your members’ information is reviewed in this timely session . PRESENTATION: CLICK HERE

12:15 - 1:15: Lunch

1:15 - 2:30:Choosing the Right Cybersecurity Risk Assessment Tool -- Michelle Misko, Tracesecurity; Credit unions have to conduct cybersecurity risk assessments. What tools should they use? This session will survey the features of the FFIEC tool, the NIST, and other assessment tools. PRESENTATION: CLICK HERE

2:30 - 3:15: Building a Cyber Threat Intelligence Capability -- Tim Segerson, NCUA; Increasingly, the discussion in Washington is about the need for banks and credit unions to build cyber threat intelligence capabilities. This session will focus on building a cyber intelligence capability. PRESENTATION: CLICK HERE

3:15 - 3:30: Break

3:30 - 4:15: The Cybersecurity Information Sharing Act -- Eugenia (Gina) Carter, Husch Blackwell LLP; Congress has authorized greater sharing of information between government and financial institutions, and between and among financial institutions themselves. With the information sharing comes greater risk. Understand the new law and the risks. PRESENTATION: CLICK HERE

4:15 - 5:15: Tying it all Together: Cybersecurity, Anti-Money Laundering, and Identity Theft Red Flags -- Jim Vilker, CU*Answers; You are focused on cyber, but don’t forget some of the compliance programs overlapping with cyber. PRESENTATION: CLICK HERE

5:15 - 5:30: Wrap-up and Day's Adjournment -- CliftonLarsonAllen

Tuesday, Aug. 2

8:00 - 8:30 a.m.: Breakfast

8:30 - 9:30: Lessons Learned by a Pen Tester -- David Anderson, Clifton Larson Allen PRESENTATION: CLICK HERE

9:30 - 10: Law Enforcement’s View of Cybercrime -- Det. Mark Solomon, Connecticut Financial Crimes Task Force, Greenwich Police Department; From fraud to extortion and cyber vandalism, law enforcement will share its perspective on the evolving cyber threat landscape. PRESENTATIONS: CLICK HERE -- Part 1 Part 2 CONSOLIDATED PARTS 1 AND 2 (Note: Very large file; will take some time to download)

10 - 10:15: Break

10:15 - 11: Fine Tuning: Six Things You Can Do Right Now to Improve Your Information Security -- Chad Carrington, Golden 1 CU; Whether your credit union, or the credit union you are examining, has a sound cybersecurity program, this session will give attendees six tricks and tips to fine tune the program. PRESENTATION: CLICK HERE

11 - Noon: Is it Safe?: Using the Cloud -- Kirk Drake, President & CEO, Ongoing Operations; As more entities embrace cloud based computing, they are realizing improved efficiencies and capacity, but also pushing their critical information technology center farther away from their control and protection. This session will focus on the security challenges presented by cloud based computing. PRESENTATION: CLICK HERE

Noon - 1:15 p.m.: Lunch

1:15 - 2:15: Conducting an Information Security Examination -- Tim Segerson, NCUA; Whether designing a self-audit, or seeking ideas to improve an exam program, this session will focus on all aspects of an exam program, from pre on-site policy review through writing a report. PRESENTATION: CLICK HERE

2:15 - 3: Time to Go!: Preparing a Vendor Exit Strategy -- Mick Kless, Compliance Education Institute PRESENTATION: CLICK HERE -- PART 1 | PART 2

3 - 3:15: Break

3:15 - 3:45:It’s Time to Talk to C-Suite: Communicating with Executive Management and the Board -- Chris Howard, Senior Vice President, Callahan & Associates; Cybersecurity is an enterprise-wide endeavor. However, in some cases, senior management and the board of directors lack the foundational understanding of cyber to fully appreciate the full scope of their role and why it matters. This session will focus on strategies to communicate cyber issues effectively to the board and senior management. PRESENTATION: CLICK HERE

3:45 - 4:20: Rightsizing the Cybersecurity Budget -- Panel discussion; JP Morgan Chase famously spent $250 million on cybersecurity and still suffered an extensive breach. Budgets must be balanced. How much is too much? Too little? This session will focus on evaluating budget allocations for cybersecurity.

4:20 - 4:45: Open Forum with Panel of Experts

4:45 p.m.:Final Wrap Up and Symposium Adjournment

* Agenda subject to change.


Registration: $895 (NASCUS,CUNA members)
Non-NASCUS/CUNA members: $1,095

For more information, contact NASCUS Vice President of Education Isaida Woo, either via email at, or by phone at 703.528.0796.

Course Update Policy

All NASCUS training is developed by subject matter experts. Courses contain the most recent information and are updated regularly as issues evolve. However, the information contained in NASCUS programs and materials does NOT represent legal advice and is in no way is intended to represent a formal determination made by any regulatory agency on any specific matter. Seek legal counsel or formal supervisory determination to guide any course of action.

Contact Information

For more information, please contact NASCUS General Counsel Brian Knight, at 703.528.8689, or

Additional Information

Cancellation Policy
A cancellation received in writing by 5 p.m. Eastern Time on or three weeks prior to the event will be refunded, minus a $75 processing fee. No refunds will be issued thereafter; substitutions of participants will be allowed. To change or cancel your registration, email In the event that NASCUS cancels the event, all payments will be refunded.