Skip to main content


{Virtual Conference} Cyber Risk NOW: ISO Edition

Held Wednesday, August 26, 2020  | 8:30 AM - 4:00 PM CT  |  Fee: $249
Recording available.


This virtual conference is designed to provide interactive training on evolving cybersecurity threats and the responsibilities that an Information Security Officer (ISO or CISO) has to ensure the security of the organization, customer information, and people.  CyberRiskNOW: ISO Edition will cover the numerous operational and tactical responsibilities of an ISO, including IT Risk Assessment, Vendor Management, Business Impact Analysis/Business Continuity Management, Security Awareness, IT Audit oversight/remediation, and more. 

Not only will this virtual conference include live video from our presenters, but you’ll be able to interact with other attendees and with event moderators through our Virtual Lobby in Discord, as well as share information, best-practices, and tools you’re using at your organization. An invitation to join our CyberRiskNOW Discord server will be sent to all attendees prior to the conference. 

This event will also be recorded for later viewing in case you’re not able to attend live all-day or on the date. 


Central Time
8:30 AM - Event Lobby Opens
8:50 AM - Welcome & Housekeeping
9:00 AM - (C)ISO Roles, Responsibilities, Reporting, and Oversight
9:50 AM - 10 Minute Break
10:00 AM - 5 Steps to Better IT Risk Management
10:50 AM - 10 Minute Break
11:00 AM - What Should Vendor Management Look Like in 2020?
12:00 PM - 60 Minute Lunch Break
1:00 PM - Cybersecurity Culture and Security Awareness Training
1:50 PM - 10 Minute Break
2:00 PM - What Goes Into a Valuable Business Impact Analysis?
2:50 PM - 10 Minute Break
3:00 PM - Guest ISO Panel Discussion + Q&A
3:30 PM - Event Concludes
4:00 PM - Event Lobby Closes




Customer Testimonial

Hear from past event attendees!

"I love the format, it would be great even in "normal" times because of the flexibility and reduced travel time/cost that a remote conference can provide. This really has enduring benefits and is easier on the training budget." - Banker from Pennsylvania

"The contents were all relevant, easy to understand, and include great examples. All presenters were knowledgeable and have good presenting skills. Poll questions were good and a great way to interact with the audience.​" - Banker from Texas

"Lots of new information and a great review of known information. It also inspired thoughts and ideas that may not have been directly related to the topic at hand. The presentation topics and presenters were engaging and kept interest. The open communication with SBS staff in Discord and Q&A after each session was nice." - Banker from North Dakota

"Perfectly executed, excellent presenters and content." - Banker from Pennsylvania​



Jon Waldman Chad Knutson Cody Delzer

Jon Waldman

Chad Knutson

Cody Delzer

Executive Vice President, IS Consulting
and Co-founder
SBS CyberSecurity

SBS Institute

Read Bio

President, CISO, and Co-founder
SBS CyberSecurity

Read Bio

Vice President, Information Security Consultant/Regional Director
SBS CyberSecurity

Read Bio


Full Topic Descriptions

ISO Roles, Responsibilities, Reporting, and Oversight (Chad Knutson)  

Being the Information Security Officer for a financial institution is a big responsibility in today’s world of cyber threats and data breaches. This presentation is for those who are new to the role or have been the ISO for some time but want to review what is expected and how to be successful. As the ISO, part of your responsibility is building and maintaining the Information Security Program. While an ISP has many important elements, there are really 3 basic components: Risk Assessment, ISP Policies and Procedures, and Audit. The Risk Assessment will help you make decisions, the Policies and Procedures document the decisions for your institution to implement, and Audit verifies that they have been completed and are adequate controls to protect your institution.   

Building a strong Information Security Program is a fundamental component to a successful ISO. We will review various regulatory guidance that outlines ISO responsibilities and reporting structures. Additionally, various educational paths that can help develop your skills in the future.   

This presentation will cover the following areas/topics:  

  • FFIEC Roles and Responsibilities of the ISO 

  • Educational and Certification Paths  

  • Strong Risk Assessment Methodology  

  • Creating your ISP with Policies and Procedures 

  • Board Reporting 

  • Audit Oversight – what to report upstream 


5 Simple Steps to Better IT Risk Management (Jon Waldman)

IT Risk Assessment is the cornerstone of a strong Information Security Program. Knowing what IT systems and assets are most valuable to your organization, identifying reasonably foreseeable internal and external threats to those IT assets, and making the right decisions about which controls to implement should be the drivers for good security at your organization. This session will demonstrate a step-by-step process to complete an IT risk assessment that safeguards your financial institution’s sensitive customer and financial information.  

Some of the key messages we'll discuss include: 

  • IT Risk Assessment and regulatory compliance 

  • The formula for performing a measurable IT Risk Assessment 

  • Identifying your most important and risky IT systems and assets 

  • Risk Appetite - make better decisions from the IT Risk Assessment 

  • Using your IT Risk Assessment to drive value to your bottom line 


What Should Vendor Management Look Like in 2020 (Cody Delzer)

The fundamentals of compliance-based Vendor Management have been around since 2004’s FFIEC Outsourcing of Technology Services booklet was released. While VM has evolved a bit over the years, the process is essentially still the same. We gather documentation, review it, and try to decide whether we keep doing business with this company or not. Analyzing vendor documentation is important, but the real question we need to ask is this: how do we understand if our vendors are really protecting your data?  

This presentation will cover the following areas/topics:  

  • Regulatory Vendor Management Guidance over the years  

  • Requirements for compliance-based Vendor Management today  

  • Other ways to manage Vendor Risk  

  • Other tools to review Vendor security  

Cybersecurity Culture and Security Awareness Training (Chad Knutson)

The human element of information security is an increasing target for cybercriminals and generally considered the weakest area in information security. Security awareness and training on proper protocols is an essential element of good security and regulatory compliance but moving from reactive training to proactive training is the hard part. 

We will discuss many methods of constructing an adequate security awareness and training program for both employees of your bank and customers of your online products and services, including awareness to cybersecurity issues, training on what is expected, and clear accountability for employees and management responsible for protecting customer information. These elements can help establish a lasting culture that includes a passion for protecting customer information and a desire to be successful against cybercrime. 

In this session, we’ll break down some of best practices to follow when providing training to employees and building a culture of cybersecurity, including: 

  • People, Process, and Technology 

  • Why People break rules 

  • Training topics and tactics 

  • Accountability for Security Awareness Training tests 

  • Building a Culture of Cybersecurity 


What Goes Into a Valuable Business Impact Analysis (Jon Waldman)

It is no secret that a Business Continuity Plan (BCP) is an important document to have in your arsenal, especially when responding to events, such as natural disasters or cyber-attacks, that may interrupt or halt business operations. As with other critical areas of Information Security, to build a valuable BCP, you need to start with a risk assessment. In the case of BCP, that risk assessment is called a Business Impact Analysis (BIA). 

A good BIA helps you to make important recovery decisions, specifically which business processes should you restore first (and in what order), and what is needed to restore those business processes. So how do you build such a valuable BIA? 

This presentation will cover the following areas/topics: 

  • Regulatory Requirements of BCP and BIA 

  • Components of a valuable BIA 

  • Impacts 

  • Timeframes 

  • Dependencies 

  • Creating a Recovery Priority Rating for Business Processes 

  • Using your BIA to drive your BCP 


Panel Discussion + Q&A  (Guest CISO Presenters)

In CyberRiskNOW – ISO Edition, we’ve invited four (4) of the best information security professionals we know to share their stories and experiences with you, as well as answer any questions you have about the (C)ISO role.  

Our all-new CISO Guest Panel includes: 

  • Kym Patterson – Information & Cyber Security Officer – Centennial Bank (Conway, AR) 

  • Ginger Devine – SVP, Risk Management Officer – Citizens First Bank (The Villages, FL) 

  • Jamie Saker – CISO – Northwest Financial Corporation (Spirit Lake, IA) 

  • Marc Spellman – Director of Information Technology – Orizon Aerostructures (Kansas City, MO) 



Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Posted: Monday, August 3, 2020
Categories: Blog, Webinar