2022 State-of-the-Field of Cyber Risks to Financial Stability
Conference Program and Agenda
The Third Annual State-of-the-Field Conference on Cyber Risk to Financial Stability facilitates robust discussion by convening experts across the financial and cybersecurity fields and government, academic, and private sectors. Moderated by members of Columbia University SIPA's CRFS Project and partners at the Federal Reserve Bank of New York, panels will draw on ongoing research, publications, and lessons learned from previous workshops to guide the conversations.
The conference will begin with a keynote by Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency. This will be followed by a panel discussion on “Geopolitical Cyber Risks to Financial Stability” which will consider the changing landscape ten years after Iran’s ‘Operation Ababil’. Day one will conclude with a fireside chat with Phil Venables, the Chief Information Security Officer for Google Cloud. Day two will focus on industry perspectives, commencing with a keynote by Tammy Hornsby-Fink, the Chief Information Security Officer for the Federal Reserve System. Followed by panel discussion on “What Are We Learning?” and “What Are We Doing?” when managing and mitigating cyber threats to financial stability.
28 April 2022
9:00 – 9:05am: Opening remarks by Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, Columbia University's School of International and Public Affairs
9:05 – 9:20am: Keynote by Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
- Introduced by Anna Kovner, Director of Financial Stability Research, Federal Reserve Bank of New York
9:20 – 9:30am: Break
9:30 – 10:25am: Geopolitical Cyber Risks to Financial Stability panel to reflect ten years after Iran’s Operation Ababil, and the risks presented by current geopolitical events to financial stability. (Under Chatham House Rule)
- Moderator: Jason Healey, Senior Research Scholar, Columbia University's School of International and Public Affairs
- Bill Woodcock, Executive Director, Packet Clearing House
- John Hultquist, Vice President, Intelligence Analysis, Mandiant
- Benjamin Flatgard, Executive Director, Cybersecurity, JPMorgan Chase & Co.
10:30 – 11:30am: Fireside Chat with Phil Venables, Chief Information Security Officer and Vice President, Google Cloud with Jason Healey, Senior Research Scholar, Columbia University's School of International and Public Affairs
29 April 2022
9:00 – 9:05am: Opening remarks by Jason Healey, Senior Research Scholar in the Faculty of International and Public Affairs; Adjunct Professor of International and Public Affairs
9:05 – 9:30am: Fireside Chat by Tammy Hornsby-Fink, Executive Vice President and Chief Information Security Officer, Federal Reserve System with Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, Columbia University's School of International and Public Affairs (Under Chatham House Rule)
9:30 – 10:40am: What are we learning? panel to present views by those who have recently written on the issue of financial stability and cyber risk. (Under Chatham House Rule)
- Moderator: Anna Kovner, Director of Financial Stability Research, Federal Reserve Bank of New York
- Jonathan Welburn, Operations Researcher, RAND; Professor, Pardee RAND Graduate School
- Marco Macchiavelli, Principal Economist, Federal Reserve Bank
- Rustam Jamilov, Post-Doctoral Fellow, University of Oxford
10:40 – 10:50am: Break
10:50 – 11:50am: What are we doing? panel to address public sector and private sector efforts to identify risk and build resiliency. (Under Chatham House Rule)
- Moderator: Stacey Schreft, Deputy Director for Research and Analysis, Office of Financial Research, U.S. Treasury
- Gianandrea Padovani, Cyber Strategy Lead at the Prudential Regulation Authority, Bank of England
- Todd Sullivan, Chief Risk Officer for Financial Services Sector, Analysis and Resilience Center for Systemic Risk
- Katheryn Rosen, Global Head, Tech & Cyber Regulatory Policy & Supervision and Head of Regional Information Security, JPMorgan Chase & Co.
11:50am: Closing Remarks by Anna Kovner, Director of Financial Stability Research, Federal Reserve Bank of New York
Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
Eric Goldstein serves as the Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA) as of February 19, 2021. In this role, Goldstein leads CISA’s mission to protect and strengthen federal civilian agencies and the nation’s critical infrastructure against cyber threats.
Previously, Goldstein was the Head of Cybersecurity Policy, Strategy, and Regulation at Goldman Sachs, where he led a global team to improve and mature the firm’s cybersecurity risk management program. He served at CISA’s precursor agency, the National Protection and Programs Directorate,from 2013 to 2017 in various roles including Policy Advisor for Federal Network Resilience, Branch Chief for Cybersecurity Partnerships and Engagement, Senior Advisor to the Assistant Secretary for Cybersecurity, and Senior Counselor to the Under Secretary.
At other points in his career, Goldstein practiced cybersecurity law at an international law firm, led cybersecurity research and analysis projects at a federally-funded research and development center, and served as a Fellow in Advanced Cyber Studies at the Center for Strategic and International Studies, among other roles.
He is a graduate of the University of Illinois at Urbana-Champaign, the Georgetown University School of Public Policy, and Georgetown University Law Center.
Executive Director, Cybersecurity, JPMorgan Chase & Co.
Ben Flatgard is an Executive Director with JPMorgan Chase & Co. He leads public policy development and advocacy, as well as partnership initiatives, to improve the cybersecurity of the firm, its customers and clients, and the broader digital ecosystem.
Executive Vice President and Chief Information Security Officer, Federal Reserve System
Tammy Hornsby-Fink works at Federal Reserve System as Executive Vice President and Chief Information Security Officer.
Vice President, Intelligence Analysis, Mandiant
John Hultquist is the Vice President of Intelligence Analysis at Mandiant. Prior to the acquisition of iSIGHT Partners by FireEye, John led iSIGHT’s cyber espionage practice and was responsible for creating the cyber espionage reporting line. He has over a decade of experience covering emerging threats in cyber espionage and hacktivism and working in senior intelligence analysis positions in the U.S. Before working in cyber security, he worked with information sharing and analysis centers and was involved in counterinsurgency operations in the U.S. Army.
Post-Doctoral Fellow, University of Oxford
Rustam Jamilov is a Post-Doctoral Research Fellow at All Souls College and Associate Member of the Economics Department, University of Oxford. His research interests include macroeconomics, finance, cyber security, monetary economics, and asset pricing. He holds a PhD in economics from London Business School.
Principal Economist, Federal Reserve Bank
Marco is a Principal Economist at the Federal Reserve Board in the Short Term Funding Markets section of Research and Statistics. He joined the Fed in 2015 after obtaining a Ph.D. in Economics from Boston College. Marco conducts empirical research in the field of financial intermediation, with a particular focus on financial crises and post-crisis regulations. He is also interested in the effects of climate change on credit and the impact of cyberattacks on corporations. His research has been published in the Journal of Financial Economics, Review of Financial Studies, Management Science, Journal of Financial and Quantitative Analysis, and Financial Management
Cyber Strategy Lead at the Prudential Regulation Authority (PRA), Bank of England
Gianandrea is the Cyber Strategy Lead at the Prudential Regulation Authority (PRA), Bank of England. He leads the Cyber resilience team with the mission of designing and deliver the PRA cyber risk and resilience strategy in the context of Operational Resilience.
Before joining the Bank, Gianandrea led the cyber-resilience services for different consulting firms and worked with UK CISOs, helping them transforming their organisation with the purpose of improving resilience, strengthening internal controls and helping to improve business performance.
Gianandrea built his experience and knowledge in different industry sectors (e.g. Financial Services, Insurance, Automotive, Retail, TELCO).
Managing Director, Global Technology, Global Head, Technology & Cybersecurity Regulatory Policy & Supervision and Head of Regional Information Security, JPMorgan Chase & Co.
Katheryn reports to JPMC’s Chief Information Security Officer and leads JPMC’s global efforts for Technology and Cybersecurity Policy and Partnerships, in addition to the full lifecycle of Global Technology regulatory policy including advocacy, Regulatory Intelligence, Regulatory Change Management, and Regulatory Exam Management. Katheryn also serves as Head of Regional Information Security in the 60-plus countries where JPMC operates. Externally, Katheryn chairs the Securities Industry and Financial Markets Association’s (SIFMA’s) Cybersecurity Committee and on the Management Committee of the Financial Services Sector Coordinating Council (FSSCC).
Over a 25-plus year career, Katheryn has been active in financial services in the public and private sectors and academia. In government, she served at the U.S. Department of the Treasury as Deputy Assistant Secretary for Financial Institutions Policy and Senior Advisor to the Assistant Secretary of Financial Institutions. Central to her portfolio were critical infrastructure protection, systemic risk, bank and non-bank regulatory reform, housing finance reform, and developing and executing the Treasury’s cybersecurity agenda. On Capitol Hill, she served as Senior Policy Advisor to House Financial Services Chairman Barney Frank, working primarily on the Dodd-Frank Act and housing finance reform.
Prior to her public service, Katheryn spent 14 years at JPMorgan’s Investment Bank. As a Managing Director, she led the Government Institutions Group where she was responsible for delivering the Firm’s full range of services and products to Government-Sponsored Enterprises (GSEs), US-based multilateral-lending institutions, and the US government. Prior to that role, Katheryn was a senior leader in Investment Grade Debt Capital Markets executing bond transactions for diversified industrials, managed healthcare insurers, real estate companies, and financial institutions .
Katheryn is an Adjunct Professor at Columbia University’s School of International and Public Affairs (SIPA) and led the creation of SIPA’s Cyber Risk to Financial Stability Project. She is a non-Resident Senior Fellow at the Atlantic Council’s Brent Scowcroft Center on International Security’s Cyber Statecraft Initiative and is also a member of the New York Cyber Task Force. Katheryn is active in UJA‑Federation of New York serving as a Board Member of the Crisis to Stability Committee.
Katheryn holds a Master of Arts degree in International Affairs from George Washington University and a Bachelor of Arts degree from Emory University in Art History and Economics.
Chief Risk Officer for Financial Services Sector, Analysis and Resilience Center for Systemic Risk
Todd Sullivan is an experienced Operations and Risk Management professional with over 20 years of experience leading global teams for major financial services organizations across multiple asset classes.
Prior to joining the ARC, Todd served as the Head of Business Unit Risk Management for the Fixed Income Sales and Trading business in the Americas for Morgan Stanley. He led a team responsible for First Line of Defense controls and supervision, Trade and Conduct Surveillance, Operational Risk Management, Audit and Regulatory Engagement, new product and business review and approval and Electronic Trading Risk Management. He served on the Conduct Risk Committee for Fixed Income, the Firm’s Americas Franchise Risk Committee, Operational Risk Oversight Committee, Enterprise Risk Oversight Committee and co-chaired the Residential Mortgage Risk Committee. Prior to his role in the Fixed Income Business, Todd was the global head of Securities Operations across the Institutional Securities Group. His teams were responsible for all operational support of the cash Equity, Fixed Income, Client and Firm Financing and Syndication businesses.
Todd joined Morgan Stanley in 2004 after almost 10 years in Operations at Lehman Brothers. Throughout his career, he has served in numerous leadership roles across the industry, serving as the firm’s lead representative on issues such as the redesign of the CDS contract, Central Counterparty Clearing, derivative portfolio compression and serving as the chair of numerous industry efforts through SIFMA/BMA, ISDA and the CUSIP Service Bureau. Todd Chaired the Corporate Credit Markets Operations group at the BMA, served on numerous SIFMA working groups and committees, chaired the Credit Implementation Group at ISDA and has served on the CSB board for more than 10 years (most recently as its Chair).
Todd holds a Master of Business Administration from New York University’s Stern School of Business with concentrations in Finance and Operations Management, and a Bachelor of Arts from Villanova University.
Chief Information Security Officer and Vice President, Google Cloud
Phil Venables is the Chief Information Security Officer and Vice President of Google Cloud. Prior to joining Google Cloud, he was a Partner at Goldman Sachs where he held multiple roles over a long career, initially as their first Chief Information Security Officer, a role he held for 17 years. In subsequent roles he was Chief Risk Officer for the firm’s operational risks, an Operating Partner in their private equity business and a Senior Advisor to the firm’s clients and executive leadership on cybersecurity, technology risk, digital business risk, and operational resilience. In addition to this, Venables was a Board Director of Goldman Sachs Bank (USA). He also serves on the Information Security and Privacy Advisory Board of NIST and is a member of the Council on Foreign Relations.
Jonathan William Welburn
Operations Researcher, RAND; Professor, Pardee RAND Graduate School
Jonathan Welburn is a RAND researcher in the fields of operations research and computational economics and teaches at the Pardee RAND Graduate School. His research explores the topics of systemic risk in economic systems, supply chain risks, cyber security, and deterrence with the central theme of elucidating the spread of risk in complex and interdependent systems and potential policy solutions. Ph.D. in decision science & operations research, University of Wisconsin – Madison; BSc in industrial & systems engineering and economics, University of Wisconsin – Madison.
Executive Director, Packet Clearing House
Bill Woodcock is the executive director of Packet Clearing House, the international non-governmental organization that builds and supports critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than two hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. In 1998 he was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation. Bill was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts. In 2002 he co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand ISPs around the world. And in 2007, Bill was one of the two international liaisons deployed by NSP-Sec to the Estonian CERT during the Russian cyber-attack. In 2011, Bill authored the first survey of Internet interconnection agreements, as input to the OECD’s analysis of the Internet economy. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure.
Senior Research Scholar and Adjunct Professor, School of International and Public Affairs, Columbia University
Jason Healey is Senior Research Scholar at Columbia University’s School of International and Public Affairs and Non-Resident Senior Fellow with the Cyber Statecraft Initiative of the Atlantic Council. Previously, he was vice-chairman of the Financial Services Information Sharing and Analysis Center and director for cyber policy at the White House.
Director of Financial Stability Research, Federal Reserve Bank of New York
Anna Kovner is the Director of Financial Stability Research. Her policy work focuses on financial stability including financial intermediation and systemic risk. Her research focuses on topics in corporate finance, including banking and venture capital. Her articles have been published in the Journal of Finance, Journal of Financial Economics, and the Journal of Financial Intermediation, among other journals. Prior to graduate school, she worked as a financial analyst. She received an AB in Economics from Princeton, an MBA from Harvard Business School where she was a Baker Scholar, and her PhD in Business Economics from Harvard University.
Director, MPA Program in Economic Policy Management and Senior Research Scholar, School of International and Public Affairs, Columbia University
Patricia Mosser is Senior Research Scholar at Columbia University’s School of International and Public Affairs and Director of the MPA in Economic Policy Management as well as the school’s Initiative on Central Banking and Financial Policy. Previously she was a senior official at the Federal Reserve Bank of New York and head of the Research and Analysis Center at the Office of Financial Research, U.S. Treasury.
Deputy Director for Research and Analysis, Office of Financial Research, U.S. Treasury
Stacey Schreft is Deputy Director of Research and Analysis at the U.S. Treasury’s Office of Financial Research (OFR) and is currently on assignment to the Federal Reserve Board of Governors. Her work in the public and private sectors has influenced policy discussions on topics including cyber risk, financial crises, monetary policy, and payment systems. At the Board, she is focused on cyber risk to financial stability. At the OFR, she leads a team that conducts research to support U.S. financial stability and the Financial Stability Oversight Council. Prior to the OFR, she held senior leadership roles in industry as chief economist at an asset manager and director of investment strategy at a registered investment advisory firm. In the latter role, she developed the patented Retirement Paycheck® strategy. Within the Federal Reserve System, she served as an officer and economist at the Federal Reserve Banks of Kansas City and Richmond. She has held academic appointments at the Wharton School of the University of Pennsylvania and Michigan State University. She holds a doctorate in economics from the University of Minnesota and a bachelor’s degree, also in economics, from Smith College.
The Cyber Risk to Financial Stability project is a partnership between
- Columbia University, Technology and Policy Initiative, Cyber Program
- Columbia University, Initiative on Central Banking and Financial Policy
This event is organized in partnership with the