Featured Exhibitors:

NAFCU 2010 Technology & Security Conference

February 23-25, 2010
Caesars Palace
Las Vegas, NV

Quick Links 

Insight into Innovative Technology and Security Solutions

NAFCU non-members welcome! 

Credit union technology and security professionals will gather for the interactive and informational NAFCU 2010 Technology & Security Conference— ideal for staff responsible for supervising, planning or auditing technology and security processes. This popular event will address the most critical credit union technology issues, including online threats, physical security, compliance and disaster preparedness/continuity. Participants will learn from top technology and security experts who understand the needs of credit unions. Students will leave equipped to tackle the specific technology challenges their credit union faces.

Back to Top

Agenda At-A-Glance

Onsite Registration begins Tuesday, February 23, 2010 at 7:30 a.m.; Sessions begin at 8:30 a.m.

Tuesday, February 23  

·        Cloud Computing – Legal and Security Challenges

·        Technology Risk vs. Reward: Balancing Enhanced Member Convenience with CU Risk

·        Your Credit Union’s Future is Literally in Your Members’ Hands

·        PCI – The Evolution of Payment Security & Functionality

·        Card Fraud Mitigation Opportunities

·        Welcome Reception at the Technology Innovation Showcase

Wednesday, February 24

·        Online Fraud and Identity Theft 2010

·        Hacking the Mind: Defending Against the Social Engineering Threat

·        Achieving NCUA and FFIEC Compliance for Disaster Recovery and Business Continuity Planning

·         Social Networks – Hackers Love Them Too

·        Preventing Member Info Leaks 2.0 & Next Generation Email Encryption

·        Engaging Your Members after a Breach

Thursday, February 25

·        Risk Mitigation and eDisaster Planning Best Practices

·        User Privilege Management

·        Vendor Due Diligence: More than a SAS 70

Conference finishes on Thursday, February 25, 2010 at Noon.

Back to Top

Session Descriptions

Cloud Computing – Legal and Security Challenges

Credit Unions and others are increasingly examining whether Cloud Computing will help them reduce costs, increase flexibility, and allow them to provide new products and services to their customers.  The ability to stand up an online banking environment that is scaleable, flexible, and can handle surges in demand is appealing to most institutions.  However, associated with this silver lining are dark clouds.  Can the cloud be made secure?  Can cloud computing be effectively audited?  How do you handle regulatory compliance issues within the cloud?  What are the legal issues when you outsource cloud computing to third parties?  What kinds of things should you have in a Service Level Agreement (SLA) with your cloud provider?  Is it all worth it?  This session will focus on the definition of cloud computing, its history and future, and some of the security, audit and legal issues associated with this new wave of computing.  It will also provide practical lessons for Credit Unions to consider.

Presented by Mark Rasch, Principal, Secure IT Experts

Technology Risk vs. Reward: Balancing Enhanced Member Convenience with CU Risk

Today, credit unions strive to deliver higher standards of convenience and secure member loyalty via technology with services such as one click loans, instant messaging, mobile banking, automated credit scoring, VOIP and digital document vaults. Yet too often credit unions fail to weigh or mitigate the specific risks that new technology can have on their members and themselves. This session is an interactive tour of institutions that have successfully managed the technology risk /reward ratio, as well as examples of some spectacular technology related failures, and the steps your credit union can take to avoid them while effectively serving your members.

Presented by Tim Lerew, President, Tim Lerew & Associates

Your Credit Union’s Future is Literally in Your Members’ Hands

This session is about far more than biometric fingerprints. Explore real examples of handheld technologies that will shape your member’s financial services expectations in the near future. You will experience live handheld video Skype conferences; embedded near field financial transactions via cell phones, real-time, collaborative office productivity and communications with Google ‘Wave’ web software; and much more. By bringing new standards of convenience and speed to your members’ lives, these handheld technologies will also influence their choice of service and product vendors. We’ll also take a look at institutions globally which are in the forefront of adopting and integrating these ‘personal’ technologies of tomorrow.

Presented by Tim Lerew, President, Tim Lerew & Associates

PCI – The Evolution of Payment Security & Functionality

Join us for an overview of the Payment Card Industry (PCI) standard guidelines and critical timelines. You will gain an understanding of payment security at the product level and learn how the next generation of solutions will advance your credit union’s security and functionality. You will also learn about what changes you should prepare for starting in July, 2010.

Presented by Rob Bertke, SVP, Product Management, Sage Payment Solutions

Card Fraud Mitigation Opportunities          

Learn practical strategies for mitigating your credit card fraud risk. Benefit from a review of fraud market trends, global vs. domestic fraud, volume trending, industry bench marks, emerging tactics by fraudsters, issuer best practices and the future of fraud prevention.

Presented by Dan Williams, Vice President & Product Manager of Fraud & Infrastructure Products, Fifth Third Processing Solutions

Online Fraud and Identity Theft 2010         

This session will give you a comprehensive approach to combating phishing, malware and other identity theft schemes. You will explore real-world trends and examples of online fraud and theft, and see how standard processes, consumer education and vigilant monitoring of the Internet, including the “hidden” Internet, can ensure long-term consumer confidence in online commerce. In addition, you will hear about intelligence gathering, detection methods and recovery strategies.

Presented by James Brooks, Director of Product Management, Cyveillance, Inc.

Hacking the Mind: Defending Against the Social Engineering Threat

As the security of credit union Internet-facing networks becomes more effective and impenetrable, hackers are refocusing their efforts on the weakest link in the security chain – the credit union employee. Using increasingly sophisticated attack vectors, social engineers are continuing to have success in bypassing technological defenses by tricking unwitting users into divulging sensitive information, granting access to restricted areas and installing backdoors into internal computer systems. This presentation will discuss some of the most common and most recent tactics social engineers are using and what your credit union can do to stop them.

Presented by Mark Bell, CISSP, CISA, Executive Vice President, Operations, Digital Defense, Inc.

Achieving NCUA and FFIEC Compliance for Disaster Recovery and Business Continuity Planning

The session will cover the requirements for completing a Business Impact Analysis (BIA), including its resulting recovery objectives as well as the dependency and resource mapping requirements for operations/processes; publishing a Business Continuity Plan (BCP), including the topics and information required for this preparedness document; and maintaining a Business Continuity Management (BCM) program, including the ongoing efforts required to maintain compliance.

Presented by Tom Abruzzo, President & CEO and Bill Pepino, Vice President, TAMP Systems

Social Networks – Hackers Love Them Too          

Facebook, Twitter, MySpace and LinkedIn all provide an excellent means for institutions to connect with their membership. However, improperly implemented and controlled, these same venues provide hackers a unique way to reach out and touch not only your members, but your staff and networks as well. This presentation will focus on how these networks are being used by attackers today and what your institution can do to protect itself while still gaining the benefit of easily reaching your community through their use.

Presented by Tom DeSot, IAM, Executive Vice President and Chief Compliance Officer Digital Defense, Inc.

Preventing Member Info Leaks 2.0 & Next Generation E-mail Encryption

Credit union customer representatives have a mission to provide excellent service but in their continuous efforts to excel their assistance, they may be putting your organization at risk. They may be encouraged to reply to member emails via webmail programs, or they may interact with members on social media sites like Facebook or Twitter. In this discussion you will learn how data loss prevention (DLP) systems can monitor Web 2.0 traffic for member information and what controls are available to remediate potential information leaks. 

Presented by Chris Leffel, Product Manager, Code Green Networks

Engaging Your Members after a Breach

When a credit union’s database is hacked by a nameless, faceless intruder, where does the data go and how can a credit union react in a way that will help keep members’ trust? Research suggests that immediate and definitive action can not only help your institution retain your members, but also build member engagement. This session will further educate you on the damaging effects of a data breach and give you an insider’s perspective on what happens to hacked data once it leaves the server. The session will demonstrate the complex nature of the black market for personally identifiable information and give you the facts and figures that every CU should know about ID theft. You will also learn a proven methodology for dealing with a breach that can minimize the impact of the breach while retaining members, and potentially build more loyalty and engagement.

Presented by Wayne Conte, Executive Vice President of Business Development and Strategic Marketing, Affinion Group

Risk Mitigation and eDisaster Planning Best Practices    

Acquire a detailed review and explanation of cyber security risk, including: appropriate disaster planning considerations; blueprinting and implementation of your plan to address internal and external communications and member privacy; and the first steps you should take following a data breach. This session will also delve into building a plan which incorporates insurance policy coverage, and shows you where potential losses and breaches most commonly arise.

Presented by Jon Martin, Regional Vice President, Allied Solutions

User Privilege Management

United Nations Federal Credit Union has developed a User Privilege Management (UPM) process and custom web based tool which tracks access to their facilities, systems, data, assigned equipment and other resources, to execute their processes and day- to-day responsibilities. This presentation will explore the UPM tool, and show how it is integrated into the existing helpdesk work order management system to allow UNFCU’s IT department to adhere to service level agreements (SLA), save their managers valuable time and produce significant cost savings for the organization.

Presented by Prasad Surapaneni, Chief Information Officer, United Nations Federal Credit Union

Vendor Due Diligence: More than a SAS 70          

This session will give you a brief overview of what vendor due diligence consists of and some of the more important aspects that should be taken into consideration when selecting/evaluating a vendor. Then you’ll examine the significant regulatory requirements for Service Provider Due Diligence, receive tools that will help you through the vendor evaluation process and find out what NCUA requires for Vendor Due Diligence Reviews.
Presented by Ray Murphy, Information Security Program Manager, Navy Federal Credit Union

Back to Top

Industry-Leading Presenters

Tom Abruzzo, President & CEO, TAMP Systems

Tom Abruzzo is the president and founder of TAMP Systems, which is a DRI Certified Business Continuity Vendor (CBCV). He has been specializing in disaster recovery, business continuity and contingency planning for more than 30 years and is the original developer of the planning software product named the Disaster Recovery System (DRS™).

Tom and his company are currently providing solutions for the continuity of business and technical operations in a wide variety of industries.

Mark Bell, CISSP, CISA, EVP of Operations, Digital Defense

Mark is responsible for management of information security and client support operations including, delivery of vulnerability assessments, penetration testing, policy, and risk assessments. Mark has also successfully led a team of security analysts in providing information security services to Digital Defense’s client base.

Rob Bertke, SVP, Product Management, Sage Payment Solutions
Rob has been in the commercial payments and B2B electronic commerce industry for over 13 years. He has helped some of the largest financial institutions in the country launch commercial card products and e-commerce.

James Brooks is Director of Product Management, Cyveillance, Inc.,

James is responsible for the strategic direction of the company’s products and services. James has over 14 years experience in the security products and services industry. He has served in a wide range of functions and possesses a thorough understanding of the most current security technologies, network and Internet environments and cyber intelligence strategies.

Wayne Conte, Executive Vice President of Business Development and Strategic Marketing, Affinion Group

With more than 20 years of finance and management experience, Wayne has worked with many financial institutions in both the U.S and Canada. He joined Affinion Group in March 2006, after being the vice president for national sales at American Express and Transamerica.

Tom DeSot, IAM, EVP and Chief Compliance Officer, Digital
Defense, Inc.

Tom is charged with developing and maintaining relationships with key industry and market regulators; functioning as the “face of DDI” through public speaking initiatives, and serving as the prime regulatory compliance resource for external and internal contacts. Tom also serves as the company's internal auditor on security-related matters.  Tom gained much of his controls experience during his 16 years in the financial industry.

Chris Leffel, Product Manager, Code Green Networks

Chris Leffel has more than 15 years experience in building and managing market leading security products. He’s focused on information security and product strategy. Chris has spoken at many industry events including Symantec Vision, TechWave, and regional credit union events.

Tim Lerew, President, Tim Lerew & Associates

Tim is an extremely energetic speaker who has developed customized curriculums for CU leadership forums, marketing universities and lending universities. He has served on the management team of West One Federal Credit Union and as Marketing Director of CTEL Financial, a securities and investment CUSO.

Jon Martin, Regional Vice President, Allied Solutions

Jon has been in the insurance industry since 2001, spending the majority of that time on the agency side, but also serving as an Executive Liability Underwriter for a national carrier. His experience includes small and mid-size commercial clients, as well as multi-national clients with exposure in multiple countries.   His unique work has included risk retention pools, self-insured Workers’ Compensation funds and bonding for significant judicial trusts, as well as various insurance programs for CUSO’s. 

Ray Murphy, Information Security Program Manager, Navy Federal Credit Union

Ray helps to protect the personal information of more than 3 million NFCU members whose assets exceed $40 billion. Ray has more than 25 years of information technology experience combined from his current role at Navy Federal Credit Union and former positions at Mobil Corporation and MCI Communications Corporation.

Bill Pepino, Vice President, TAMP Systems

William (Bill) Pepino is a vice president and senior level disaster recovery and business continuity planning professional with TAMP Systems, which is a DRI Certified Business Continuity Vendor (CBCV). Bill has more than 20 years of business continuity management experience, and has provided planning solutions for numerous large and small companies such as, Bloomberg, LP, PriceWaterhouseCoopers, Publishers Clearing House, Harper Collins Publishers, Intralot, Allied Insurance Solutions, Weston and many others.

Mark Rasch, Principal, Secure IT Experts

Mark is an attorney and information security and privacy consultant. He has worked with major companies on data breach and data breach disclosure investigations. He has also developed data breach disclosure policies and procedures for members of the Direct Marketing Association and developed information security and incident response policies and plans for Fortune 50 companies as well as major financial institutions Mark has written and lectured extensively on computer crime, privacy, trademark, and trade secret issues on the Internet. 

Prasad Surapaneni, Chief Information Officer, United Nations Federal Credit Union

Since 2004, Prasad has been in charge of protecting member information at the 3 billion dollar United Nations Federal Credit Union which is headquartered in New York with representative offices in Vienna, Geneva, Nairobi and Rome. His wide range of expertise includes infrastructure, systems development and implementation, project management, core system management and quality assurance.

Dan Williams, Vice President and Product Manager, Fraud and Information Access

Dan is responsible for the company’s fraud and infrastructure products. He manages a range of card fraud solutions for over 1 billion annual debit transactions that span large and small financial institutions. He also manages Fifth Third Direct, the primary online tool used by Issuers who process with Fifth Third.

Back to Top

Technology & Innovation Showcase

Take advantage of this unique opportunity to access cutting-edge solutions to meet your credit union’s IT and security needs. Make your plans today to join other credit union IT professionals at this must-see display and demonstration exhibit.

Back to Top

Accommodations & Travel

Caesars Palace
3570 Las Vegas Blvd S
Las Vegas, NV 89109

From the moment you walk through the doors of  Caesars Palace, you know you've arrived at one of the most prestigious resorts in the world. With impeccable service, all the little details that make the difference between an ordinary visit and a spectacular experience are yours.

Reserve your room through our online reservation system to receive your negotiated rate!

Room Reservation Deadline:

January 29, 2010*

Room Rates:

Deluxe Room- $130/per night plus tax**

*Rooms reserved after the deadline will be confirmed subject to availability.

**Federally chartered credit unions are exempt from tax, if payment is made by the credit union’s official check or credit card and you must present a tax-exempt form upon arrival.

The nearest airport is McCarran International Airport (LAS).

Please refer to http://www.mccarran.com/03_index.asp for ground transportation.

Car Rental:
Special discounted rates are available for all NAFCU conference attendees through AVIS and Budget rental car companies. For AVIS, call (800) 331-1600 or visit www.avis.com and specify NAFCU code B469200. For Budget, call (800) 772-3773 or visit www.budget.com and specify NAFCU code Y305000

Back to Top

Registration Fees

Call NAFCU's Member Service Center at 800-344-5580 for more information or to register via phone today!

Continuing Education Credits

NCCOs will receive 15.25 credit hours towards recertification.

Back to Top

NAFCU reserves the right to change dates, cities, venues or speakers should circumstances warrant. NAFCU’s conference delegates will be apprised of any such changes.