<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">

Our community reflects on FS-ISAC's evolution

As the leader of a fairly new red team interested in looking for ways to grow and improve our service

I was thrilled to attend a session at FS-ISAC a few years back detailing the Red Team Maturity Model. I introduced this tool to my team upon return from the conference and we've been able to utilize it to help determine focus areas and opportunities for growth across our organization in relation to Red Team. Rarely do I attend conferences where I walk away with a resource to bring back to my team and get immediate value. ”

I was thrilled when FS-ISAC started the CISO Congress, and I made an attempt to attend as many meetings as I could.

I was highly impressed with how the CISOs went out of their way to be helpful to each other. The CISO Congress continues that spirit today. It is one of a kind. ”

I worked for several years in a large financial services organization where we were members of FS-ISAC.

After leaving the financial services industry for a few years, I joined my current employer, a specialty insurer. I specifically recall the first thing I requested was approval to join FS-ISAC. While I value staying informed about developments across all industries, the “birds of a feather” nature of collaborating with peers in the same industry is invaluable.”

I vividly remember sitting in a meeting and receiving a phone call from Bill Nelson, then-CEO of FS-ISAC. I couldn’t take the call, but curious, I stepped out of the meeting to listen to the voicemail.

Bill requested I call back on an urgent matter, do I did. Bill alerted me that my company was going to be DDoS’ed momentarily. I was able to alert the network team and they began their mitigation response. At the time our company was receiving a six month free trial membership. We’ve been paying members ever since! ”

During lunch at the Spring 2022 Summit in Orlando, I met an Information Security Analyst that worked for another financial institution.

Over the course of the past couple of years, we stayed connected via LinkedIn and met again during the Spring 2024 Summit in San Diego. A couple of months later, a job opening was made available at my current employer and I am excited to welcome him as an Information Security Program Manager. I am a testament to the power of valuable connections that can only happen when we step out of our routine and connect with our peers in the valuable community of FS-ISAC.”

I was 23 years old when I attended my first FS-ISAC conference in Baltimore (Fall 2017).

that conference is where I realized cybersecurity was my passion - especially from a GRC perspective. I continued to be involved with the FS-ISAC, attended the 2018 spring summit, and the Spring summit in 2019. After the 2019 summit I joined the measurements and metrics working group of the FS-ISAC (M2WG) to help build cybersecurity metrics that were effective for monitoring program strength. This was a fantastic milestone in my personal development.
made a job change in 2021 where I became the Chief Information Security Officer for a community bank with $2B in assets - I remember one of my questions while interviewing was "are you a member of the FS-ISAC".
I've looked back and thought about everything the connections and community at FS-ISAC have done for me. I've spent a lot of time with local colleges and other young alumni to help share my story and to get people interested in the benefits of joining an organization of professionals like the FS-ISAC. ”

Great community bringing a lot of cyber threat information to my company. I say before you want to buy IT provider - become a member of FS-ISAC

Member Forum at EY Wavespace in Malaysia on 28 May 2024

It was my first time attending an FS-ISAC event in person, and the opportunity to engage with industry experts was truly eye-opening. what made this experience particularly memorable was the unexpected personal connections I made during the event. To my surprise, I bumped into two acquaintances from my former employment. It was a moment that reinforced the concept of a "trusted community," where professional and personal networks intersect in ways that drive collaboration and growth. This experience at the Member Forum not only broadened my professional knowledge but also deepened my appreciation for the FS-ISAC community. It inspired me to continue learning, sharing, and connecting with this extraordinary group of professionals who are all committed to advancing the field of cybersecurity."

As the VP of IS for a small credit union, we are always challenged with keeping up with the ever-changing cybersecurity threat landscape.

Conversing and sharing ideas with those both more and less experienced than me has helped strengthen our Information Security Program in tangible ways"

Being a small sized firm in the Midwest, it is very difficult to stay compliant and safe with a two man IT department.

I have found multiple answers to problems that arose here at our firm within the FS-ISAC platform. Every year the CFO & CEO ask if the fee is worth it. My response is "Absolutely".

Immense value of exchanging and receiving critical cybersecurity insights within the organization's vibrant community

The timely and actionable intelligence derived from FS-ISAC proved instrumental in fortifying our bank's defenses and protecting our valued customers.
The opportunity to share my FS-ISAC story extends beyond mere personal reflection; it represents a testament to the organization's profound impact on the financial services landscape. FS-ISAC's unwavering dedication to fostering a culture of collaboration and open communication has undoubtedly strengthened the collective resilience of the industry against the ever-evolving cyber threat landscape. ”

FS-ISAC’s expertise in cyber intelligence has been invaluable to our company. The quality and relevance of the information provided allowed us to make strategic and more assertive decisions, and with this we were able to significantly strengthen our security posture

In the past, our Security Operations Center (SOC) team relied on gathering threat information from various online sources like RSS feeds and social media.

This approach had a significant limitation: the information was often out-of-date. By the time we identified a threat, it could have already caused damage to our systems. This meant we were constantly reacting to incidents, which wasn't ideal. FS-ISAC has significantly improved our SOC's capabilities. It provides us with up-to-date threat intelligence relevant to the EMEA region and beyond. This allows us to be proactive in our defences, anticipating potential attacks before they occur ”

FS-ISAC events has always been a source of inspiration

These gatherings offer opportunities to learn from industry leaders, share experiences, and connect with peers. One event, in particular, featured a keynote speech that profoundly impacted my perspective on cybersecurity's future and the importance of continuous learning and adaptation.”

There is no undue influence of vendors nor lobbying with governance bodies that makes it a safe platform for information sharing. ”

An early example of open sharing between members was the all hands effort around the emergence of commercial malware and corporate ATO in the mid 2000's

While each FI ended-up approaching the risk mitigation as it fit their operations, the work done by the community to define the issue and options proved foundational. - Response to the DDoS attacks in mid 2010's. Active, many times up to the minute data sharing, ensured the good guys won and without it the outcome would have been a lot worse for many FIs. ”

We find that the summits always provide ample opportunity to discuss the current and future threat landscape with industry peers and learn from attendees and vendors on how they counter the latest threats, in an impressively large-scale collaboration. We hope that sharing our own research with the membership further enhances the resilience of the financial sector”

FS-ISAC has a really important role in helping increase the number of diverse persons within the cybersecurity field because it focuses on these early incubation programs, like the scholarships.

That really helps ensure that there's an opportunity for talent to find their way into the institutions that make up the membership. One of the Women in Cyber Scholarship awardees actually ended up coming to us, and said that if it wasn't for this program, she never would have felt confident enough to apply for that job at Citi. FS-ISAC programs give people the confidence to say ‘I am qualified, I am ready’ and able to apply for some of these roles that previously they felt were a little bit beyond their abilities. I think breaking down those barriers is so important in our field, and I think FS-ISAC has really done a great job to help do that."

At FS-ISAC and in cybersecurity, we don't compete against each other. We work together as a team to defend the industry, because a bad day for one of my peers is a bad day for me. Our industry is highly competitive, but this is a place where you pause that competition for the greater good of the sector, of the industry, of the world, of the global economy. And that to me is magical."

FS-ISAC’s enriched intelligence data for cyber or related domains is like our market data.

It is like Reuters and Bloomberg for cyber. No one in certain parts of financial services wants to be without their Bloomberg terminal. In the cyber realm, no one wants to be without their FS-ISAC feed."

FS-ISAC is on a journey into building out capabilities in supporting resilient organizations and driving towards operational resiliency based on cybersecurity knowledge.

I think that is definitely what you see going on in Europe. You look at DORA, it's all about operational resilience, no matter what type of incidents you have. I think FS-ISAC’s journey is a very good direction forward."