Over the past quarter century, FS-ISAC has been instrumental in helping to protect the global financial system. Our work empowers our members to advance cybersecurity and resilience in a complex and interconnected financial sector. Our community now comprises 20,000 users at 5,000 financial firms worldwide. But it all started with a handful of CISOs in a conference room.
25th FS-ISAC Anniversary
Our community reflects on FS-ISAC's evolution
As the leader of a fairly new red team interested in looking for ways to grow and improve our service
I was thrilled to attend a session at FS-ISAC a few years back detailing the Red Team Maturity Model. I introduced this tool to my team upon return from the conference and we've been able to utilize it to help determine focus areas and opportunities for growth across our organization in relation to Red Team. Rarely do I attend conferences where I walk away with a resource to bring back to my team and get immediate value. ”
I was thrilled when FS-ISAC started the CISO Congress, and I made an attempt to attend as many meetings as I could.
I was highly impressed with how the CISOs went out of their way to be helpful to each other. The CISO Congress continues that spirit today. It is one of a kind. ”
I worked for several years in a large financial services organization where we were members of FS-ISAC.
After leaving the financial services industry for a few years, I joined my current employer, a specialty insurer. I specifically recall the first thing I requested was approval to join FS-ISAC. While I value staying informed about developments across all industries, the “birds of a feather” nature of collaborating with peers in the same industry is invaluable.”
I vividly remember sitting in a meeting and receiving a phone call from Bill Nelson, then-CEO of FS-ISAC. I couldn’t take the call, but curious, I stepped out of the meeting to listen to the voicemail.
Bill requested I call back on an urgent matter, do I did. Bill alerted me that my company was going to be DDoS’ed momentarily. I was able to alert the network team and they began their mitigation response. At the time our company was receiving a six month free trial membership. We’ve been paying members ever since! ”
During lunch at the Spring 2022 Summit in Orlando, I met an Information Security Analyst that worked for another financial institution.
Over the course of the past couple of years, we stayed connected via LinkedIn and met again during the Spring 2024 Summit in San Diego. A couple of months later, a job opening was made available at my current employer and I am excited to welcome him as an Information Security Program Manager. I am a testament to the power of valuable connections that can only happen when we step out of our routine and connect with our peers in the valuable community of FS-ISAC.”
There is no undue influence of vendors nor lobbying with governance bodies that makes it a safe platform for information sharing.
I was 23 years old when I attended my first FS-ISAC conference in Baltimore (Fall 2017).
that conference is where I realized cybersecurity was my passion - especially from a GRC perspective. I continued to be involved with the FS-ISAC, attended the 2018 spring summit, and the Spring summit in 2019. After the 2019 summit I joined the measurements and metrics working group of the FS-ISAC (M2WG) to help build cybersecurity metrics that were effective for monitoring program strength. This was a fantastic milestone in my personal development.
made a job change in 2021 where I became the Chief Information Security Officer for a community bank with $2B in assets - I remember one of my questions while interviewing was "are you a member of the FS-ISAC".
I've looked back and thought about everything the connections and community at FS-ISAC have done for me. I've spent a lot of time with local colleges and other young alumni to help share my story and to get people interested in the benefits of joining an organization of professionals like the FS-ISAC. ”
Great community bringing a lot of cyber threat information to my company. I say before you want to buy IT provider - become a member of FS-ISAC
Member Forum at EY Wavespace in Malaysia on 28 May 2024
It was my first time attending an FS-ISAC event in person, and the opportunity to engage with industry experts was truly eye-opening. what made this experience particularly memorable was the unexpected personal connections I made during the event. To my surprise, I bumped into two acquaintances from my former employment. It was a moment that reinforced the concept of a "trusted community," where professional and personal networks intersect in ways that drive collaboration and growth. This experience at the Member Forum not only broadened my professional knowledge but also deepened my appreciation for the FS-ISAC community. It inspired me to continue learning, sharing, and connecting with this extraordinary group of professionals who are all committed to advancing the field of cybersecurity."
As the VP of IS for a small credit union, we are always challenged with keeping up with the ever-changing cybersecurity threat landscape.
Conversing and sharing ideas with those both more and less experienced than me has helped strengthen our Information Security Program in tangible ways"
Being a small sized firm in the Midwest, it is very difficult to stay compliant and safe with a two man IT department.
I have found multiple answers to problems that arose here at our firm within the FS-ISAC platform. Every year the CFO & CEO ask if the fee is worth it. My response is "Absolutely".
Immense value of exchanging and receiving critical cybersecurity insights within the organization's vibrant community
The timely and actionable intelligence derived from FS-ISAC proved instrumental in fortifying our bank's defenses and protecting our valued customers.
The opportunity to share my FS-ISAC story extends beyond mere personal reflection; it represents a testament to the organization's profound impact on the financial services landscape. FS-ISAC's unwavering dedication to fostering a culture of collaboration and open communication has undoubtedly strengthened the collective resilience of the industry against the ever-evolving cyber threat landscape. ”
FS-ISAC’s expertise in cyber intelligence has been invaluable to our company. The quality and relevance of the information provided allowed us to make strategic and more assertive decisions, and with this we were able to significantly strengthen our security posture
In the past, our Security Operations Center (SOC) team relied on gathering threat information from various online sources like RSS feeds and social media.
This approach had a significant limitation: the information was often out-of-date. By the time we identified a threat, it could have already caused damage to our systems. This meant we were constantly reacting to incidents, which wasn't ideal. FS-ISAC has significantly improved our SOC's capabilities. It provides us with up-to-date threat intelligence relevant to the EMEA region and beyond. This allows us to be proactive in our defences, anticipating potential attacks before they occur ”
FS-ISAC events has always been a source of inspiration
These gatherings offer opportunities to learn from industry leaders, share experiences, and connect with peers. One event, in particular, featured a keynote speech that profoundly impacted my perspective on cybersecurity's future and the importance of continuous learning and adaptation.”
There is no undue influence of vendors nor lobbying with governance bodies that makes it a safe platform for information sharing. ”
An early example of open sharing between members was the all hands effort around the emergence of commercial malware and corporate ATO in the mid 2000's
While each FI ended-up approaching the risk mitigation as it fit their operations, the work done by the community to define the issue and options proved foundational. - Response to the DDoS attacks in mid 2010's. Active, many times up to the minute data sharing, ensured the good guys won and without it the outcome would have been a lot worse for many FIs. ”
We find that the summits always provide ample opportunity to discuss the current and future threat landscape with industry peers and learn from attendees and vendors on how they counter the latest threats, in an impressively large-scale collaboration. We hope that sharing our own research with the membership further enhances the resilience of the financial sector”
FS-ISAC has a really important role in helping increase the number of diverse persons within the cybersecurity field because it focuses on these early incubation programs, like the scholarships.
That really helps ensure that there's an opportunity for talent to find their way into the institutions that make up the membership. One of the Women in Cyber Scholarship awardees actually ended up coming to us, and said that if it wasn't for this program, she never would have felt confident enough to apply for that job at Citi. FS-ISAC programs give people the confidence to say ‘I am qualified, I am ready’ and able to apply for some of these roles that previously they felt were a little bit beyond their abilities. I think breaking down those barriers is so important in our field, and I think FS-ISAC has really done a great job to help do that."