Welcome to SecTor – Canada's Premier IT Security Conference!

May 01, 2018

Well, it’s finally That Month. On May 25th, the General Data Protection Regulation (GDPR) will come into effect. Guess what? Hardly anyone is ready for it. GDPR is set to be the most stringent privacy…

Apr 24, 2018

You spend time paying down your credit card and mortgage debt at home, but are you up to date on your security debt? Security debt is an offshoot of another term, known as technical debt.…

Mar 13, 2018

It’s 2018, and companies are still fighting governments over how to handle data breaches. Verizon just lost a bid to stop users from suing it over several data breaches at its Yahoo! online property. The…

Feb 16, 2018

Cryptojacking has been in the news lately as hackers infected thousands of web sites around the world with software that turned their computers into unauthorized cryptocurrency miners. At the same time, respected news and opinion…

Jan 26, 2018

Picture this: You’re a law enforcement agent, and you collared a terrorist who said that there will be an attack on a major city in the next 24 hours. Thousands might die. He doesn’t know…

Jan 18, 2018

Each year, the guardians of the English language over at Merriam-Webster must accommodate new words in a changing world. We revel at the thought of conservative editors sitting in a dusty office, wincing as they…

Jan 11, 2018

The cybersecurity industry is on fire. As attackers innovate, defenders are relying on new technologies to given them an advantage. What technologies are most promising in the battle to protect our networks and data? SecTor…

Jan 03, 2018

2018 is here, and it’s time to take stock and look for areas of self-improvement. That goes not just for companies looking at their own security, but also for vendors tackling the cybersecurity market in…

Dec 27, 2017

2017 has been a roller coaster year. Data breaches continued to get larger and more severe. Equifax dropped the personal details of up to 145m people, while leaving millions of citizens’ personal data unencrypted on…

Dec 18, 2017

Something murky is going on again under the sea. In the UK, defence staff chief Sir Stuart Peach has warned that Russia has been operating ships near the undersea cables that digitally connect the US,…

Nov 23, 2017

‘Tis the season for retailers, who face their busiest time of the year in terms of online and offline sales. This week’s US Thanksgiving shopping spree kicks off a bumper season that takes in Black…

Nov 15, 2017

Whenever a new technology comes along, it isn’t long before someone works out how to use it for nefarious purposes. The latest is the blockchain underpinning Ethereum, which is a next-generation network for running decentralized…

Nov 08, 2017

Allison Miller didn’t start as a cybersecurity expert. The product manager for privacy and security at Google originally studied business and economics, before working in ecommerce and finance. When she takes the stage to keynote…

Nov 01, 2017

One of the unfortunate side effects of building a successful conference is that it draws the scammers out of the woodwork. If someone contacts you and you can’t validate what they tell you by referring…

Nov 01, 2017

Isaac Asimov’s three laws of robotics are safe, sensible rules. First laid out in 1942, rule number one prevents a robot from harming a human being. The second forces it to obey orders given it…

Oct 12, 2017

Where have all the grey hat hacker forums gone? Grey hats were always a valuable part of the hacker community. They may sometimes cross ethical lines, but unlike black hats they’re in it to learn,…

Sep 25, 2017

Companies across north America are facing more cybersecurity pressures and can’t find the staff to help them. Now, a group of experts is exploring an overlooked segment of the population to help: those on the…

Aug 29, 2017

Times are good for online criminals. Phishing has been a problem for years, but thanks to the booming online criminal economy, it has never been easier or cheaper for black hats to harvest account details…

Aug 11, 2017

US Senators just introduced new legislation to regulate the purchase of Internet of Things (IoT) devices. Why did they do it, and what chance is there of success? On August 1. the Internet of Things…

Jul 24, 2017

For years, email has been an ideal way for attackers to get into an organization. A decade ago, phishing was a simple way to harvest login details from consumers and employees alike. These days, the…

Jul 20, 2017

If you’re a startup developing native cloud apps, then resources like Amazon Web Services are a great way to test your assumptions and then scale your business. Used improperly, though, they’re also an excellent way…

Jul 17, 2017

Apple has had its fair share of privacy and security controversies in the last few years. There was ‘Celebgate’, in which celebrities had their iCloud accounts hacked, causing Apple to hurriedly revamp its authentication process.…

Jul 03, 2017

Proving your identity and stopping others from impersonating you has always been a difficult problem to solve, both online and off. We haven't cracked the problem yet. That’s why 6.6% of ID theft in the…

Jun 12, 2017

Dealing with a security incident is difficult to do well, but easy to do badly. The headlines are filled with examples of bungled security incidents. There’s the fudging: UK telco TalkTalk initially confused customers with…

Jun 02, 2017

Josh Zelonis is irritated. The senior analyst at Forrester Research got more frustrated every day that he read coverage of WannaCry, the ransomware strain that ravaged the Internet last month. Much of the public conversation…

May 12, 2017

This month, Verizon released its Data Breach Investigations Report (DBIR) for 2017. One thing stood out: the rise in cyber-espionage. Spies take many different forms, but they're all after corporate information. How can you stop…

Apr 28, 2017

Cybersecurity strategists love quoting ancient Chinese military strategist Sun Tzu, who wrote the book on warfare. “If you know others and know yourself, you will not be imperiled in a hundred battles,” he said. “If…

Apr 21, 2017

In May 2018, the most significant privacy regulation ever will take effect. The General Data Protection Regulation (GDPR) is an EU measure, but US and Canadian companies who think it doesn’t affect them are in…

Apr 13, 2017

Note: Story updated on April 17 to reflect second dump of Shadowbrokers files. The ShadowBrokers hacking group made two more splashes this month, resulting in both a ripple and a wave. Firstly, it released the password…

Apr 06, 2017

What happens if you’re a vendor that’s slow to patch a known flaw? It’s possible that someone else may step in and do it for you. That’s what has been happening for the past few…

Mar 31, 2017

A former Canadian hacker is back in the limelight – this time, with a documentary preaching cybersecurity, and a top film festival slot. So how did Michael Calce get from there, to here? Back in…

Feb 24, 2017

In the future, your data may be secured not by some central gatekeeper, but by a vast, distributed set of participants, each holding some or all of it. Blockchain technology is the new frontier of…

Feb 09, 2017

User awareness training isn’t working. It hasn’t worked for a while. There are good reasons for this, and as cybersecurity threats mount, it would be good for security pros to understand them. SecTor sat down…

Feb 02, 2017

There are, at the time of writing, 331 days until the new year. That’s’ a lifetime in cybersecurity. What major goals are you hoping to achieve in your cybersecurity practice before then? SecTor sat down…

Jan 26, 2017

Your next major cybersecurity threat may come not from ransomware or an open telnet port, but from a paper cup. In the wrong hands, it can become a deadly weapon. The latest in our SecTor…

Jan 19, 2017

  What makes a successful Chief Information Security Officer (CISO)? It’s a job title that has only existed for a relatively short time. At SecTor 2015, keynote speaker Trey Ford mentioned that many CISOs were…

Jan 16, 2017

Should information be treated like weaponry? The world isn't sure - and it's causing cybersecurity companies and researchers real headaches. Hopes for a key resolution on export controls were dashed after annual talks concluded in…

Jan 12, 2017

From IoT to dealing with data at scale, the challenges for security pros in 2017 will be as daunting as ever. Last year at the tenth annual SecTor conference, security experts revealed what they thought…

Dec 22, 2016

It’s the end of the year and the 2017 predictions are flooding in. From the mundane to the mad, companies are falling over themselves to tell us what will happen in the coming year. Here…

Dec 14, 2016

Another day, another large corporate hack. Companies continue to lose our data, through a combination of poor funding and misjudged security measures. None of them want it to happen, but do they have enough incentives to prevent it?…

Nov 21, 2016

The battle between black hats and white hats will never end, but do we need some kind of Geneva Convention for how it’s waged? Security pros must often engage black hats, either directly or indirectly,…

Nov 07, 2016

  For years, researchers have developed ways to bypass biometric scanners and impersonate other people. Now, there’s a new technique: disguising yourself as Elvis Costello to fool a facial recognition system. Late last month, researchers…

Oct 18, 2016

Your phone might be telling the world more than you think – and Solomon Sonya is listening. The US Air Force trainer, who speaks today at SecTor 2016, will be unveiling a tool that can…

Oct 07, 2016

Some of the music industry’s best hits came from B-sides. Gloria Gaynor’s I Will Survive was a B-track, as was the Red Hot Chilli Pepper’s most successful single ever, Soul To Squeeze. Vanilla Ice’s US…

Sep 29, 2016

Analyzing malware has always been a little like working in a digital virology lab. Researchers have to organize virus and worm samples, and keep them in a protected environment that won’t risk infecting anyone else.…

Sep 17, 2016

Chris Pogue has a special interest in last year’s US Office of Personnel Management data security breach – his details were among those that were stolen. Pogue, chief information security officer at Nuix, spent several years in…

Sep 09, 2016

The sharing economy enables people to unlock the latent value in their time and property. Renting your apartment to someone for a weekend is good for the wallet. Letting someone stay in it for free…

Aug 31, 2016

A message from Brian Bourne, director and co-founder of Black Arts Illuminated. For every proposed talk that makes it into the SecTor conference, there are many others that don’t make the cut. We decided to…

Aug 29, 2016

What should Canada’s next cybersecurity strategy look like? The federal government is asking the country how it should the harden private and public sector against attack. Public services minister Ralph Goodale announced the three-month consultation…

Aug 22, 2016

Roger Grimes gets angry when stories like this one, about Microsoft’s UEFI security snafu, emerge – and not just because he works for Microsoft. “It’s so complicated to pull off, it’s going to be fixed…

Aug 10, 2016

What have modern policing and cybersecurity got in common? Both sometimes suffer from a lack of perspective and alienate the public that they’re supposed to serve, according to Brendan O’Connor. As a lawyer working in…

Jul 29, 2016

Why are most cybersecurity professionals men? Laura Payne has an idea or two to share, and she’ll be presenting them at SecTor this October. Payne, a senior information security advisor at BMO, will be addressing…

Jul 22, 2016

Chris Maddalena’s programming skills have come a long way in the past year. An information security consultant at eSentire, he relies heavily on other peoples' open source ethical hacking tools for his practice, but recently…

Jul 14, 2016

Last month saw an important anniversary for Edward Snowden. In June 2013, he broke the biggest state surveillance scandal in history. Where has it left us three years on, and what have we learned? Snowden…

Jul 12, 2016

The commercial Internet has always been a diverse dangerous neighbourhood, with its fair share of malicious actors and dangerous characters. In recent years, though, it has gained a new voice – an anti-western version of…

Jun 28, 2016

What would happen if cryptography stopped working tomorrow? For one thing, the Internet would effectively stop working. Signed software updates would no longer be possible. No one would be able to prove their identities online.…

Jun 17, 2016

That Internet-connected Barbie that listens to your kid is hackable. Your ex could stalk you in your car even if it wasn’t designed to be a connected vehicle, and someone could alter your medical dose remotely…

Jun 11, 2016

John Seymour believes that machines can do a better job of classifying an ocean of malware – if we can just teach them properly. Seymour, a data scientist at social media threat intelligence firm ZeroFOX,…

Jun 03, 2016

Calling all security pros and IT managers bogged down by compliance and governance paperwork: Toronto-based cybersecurity expert Ben Sapiro wants to make your job easier. And this year at SecTor 2016, he’ll unveil a tool…

May 31, 2016

It is sixty years since scientists gathered for their historical meeting about artificial intelligence at Dartmouth College in New Hampshire. It was a month-long brainstorming session during which scientists they explored the possibilities of thinking…

May 25, 2016

For a person who just found the personal details for most of the adult Mexican population sitting in a publicly accessible database, Chris Vickery is remarkably self-effacing. His security research is mostly part-time, he’s entirely…

May 17, 2016

In a few decades, your computers may be mostly bug-free because programmers won’t be writing your code, according to Mikko Hyponnen. The chief research officer for F-Secure always has something controversial to say, which is why Black…

May 11, 2016

It's been ten years since SecTor first began. The conference launched as a no-nonsense, fact-filled event designed to help security professionals protect themselves against attack. The organizers created it because Canada needed it back then, and we…

Apr 20, 2016

Mathematical algorithms might be able to predict exactly how your network will act. Is it possible to prove, beyond all shadow of a doubt, that your network is secure? SecTor has talked about how security alerts are…

Apr 09, 2016

Everyone is curious about your IT systems. They are being probed, prodded and profiled by people on the Internet all the time, which creates lots of traffic. Many of these events metastasize into incidents that…

Apr 01, 2016

The US government wants to improve the quality of open source software by making it easier to find vulnerabilities in it. The Department of Homeland Security hopes that better code reviews and bug bounties will…

Mar 28, 2016

The world is full of foolish users who click on things without knowing better, but it is also filled with badly-designed products that don’t do a good enough job of warning them about the dangers…

Mar 17, 2016

Another day, another problem with antivirus software. Antivirus tools are designed to protect your computers, but events over the years suggest that they can end up causing their own problems. Antivirus firms have had their…

Feb 12, 2016

Oh, Canada! Fake IDs and stolen logins? Is that all you're doing? Canadians might just be too polite for more violent forms of cybercrime. We’re involved in online crime to a certain extent, buying and…

Jan 27, 2016

Get in on the ground floor Today is a big day for Black Arts Illuminated, SecTor’s parent company. Early bird registration for its new conference, IT Futures, opens today, in co-ordination with a brand new…

Jan 11, 2016

Most Canadian firms aren't, according to industry figures. How much should your organization be spending on security? According to analyst figures, about 14% of the IT budget - but less than a quarter of companies…

Dec 30, 2015

Passwords aren't secure. So what's the alternative? Google is testing its own anti-password login mechanism using mobile phones as two-factor authentication (2FA) devices, following hard on the heels of Yahoo, whichlaunched a password-free login system…

Dec 21, 2015

Not all insiders work at a desk in your company. Insider threats don’t always come from your office. Are you prepared to manage those that don’t?We all understand the classic insider threat: a malicious employee,…

Dec 07, 2015

How do malware writers create and test their malicious code? They lurk all over the world, from basements to offices, trying to take down your machines from afar. Malware writers have produced some devious code,…

Nov 27, 2015

Consumer IoT devices are coming to your company, whether you want them or not. When it comes to technology, what finds its way into the home will eventually worm its way into the office.  We…

Nov 26, 2015

Ann Cavoukian has a plan to shore up privacy in a ubiquitously connected world Ann Cavoukian is interested in your privacy, especially in a world where everything is connected to everything else. If you thought…

Nov 25, 2015

IoT Security: Assessing the Hidden Risks Imagine a scifi novel, set 50 years into the future. In it, someone is confronted by a forest of Internet-connected devices. Dusty, with faded colours and logos that no…

Nov 24, 2015

Tripwire's IoT Hack Lab team warn about IoT botnets and homes that might be too smart for their own good. What’s the only real way to render an Internet of Things device safe? Unplug it,…

Nov 23, 2015

How your phone is becoming the next battleground for attackers The war against malware will increasingly be fought via mobile platforms in the next few years. So says Kevin McNamee, director of motive security at…

Nov 09, 2015

Norse Corp expert explains how darknet sites are being used to sell exploits and exploited machines The Internet is a kind of inverted iceberg. At the top is the visible part - a huge, ever-changing…

Nov 06, 2015

The second in our four-part series on cyberthreats explores emerging trends in malware You can’t teach an old dog new tricks, or so the saying goes – but maybe you don’t need to. Malware writers…

Nov 05, 2015

SecTor spoke to the retail security expert in part one of our four-part cyberthreat series When it comes to cyberthreats, retailers are among the most heavily targeted. Companies like Target, Home Depot and TJ Maxx…

Oct 29, 2015

Malware protection must innovation beyond signatures, says IBM expert Is anti-virus software dead? Experts have declared its demise in the past - most notably Symantec, which declared it so in a Wall Street Journal interview last year.…

Oct 23, 2015

Kris Lovejoy says that security pros should have a physician's eye Kris Lovejoy is on a mission to transform the way that CSOs deal with business. The former IBM CISO, who worked her way up…

Oct 22, 2015

Trey Ford talks about what today's CISOs can learn from yesterday's pilots Trey Ford learned to fly to get to know his dad better. The security pro and SecTor keynote speaker started learning in a…

Oct 20, 2015

A new event from the creators of SecTor Most years, the SecTor conference is about exploits, vulnerabilities, and security strategy. This year, though, there was one significant difference. This morning at SecTor 2015, co-organiser Bryan…

Oct 16, 2015

Are you fully prepared for SecTor 2015? Here are some last minute things to look out for. We’re down to the wire. It’s the last weekend before one of the most important Canadian security events…

Oct 09, 2015

SecTor interviews The White Team vigilante group Hundreds of thousands of routers around the world have been infected by a botnet. Instead of bitcoin mining or redirecting DNS queries to malicious sites, though, it has…

Oct 06, 2015

How attitudes to cybersecurity vary between countries Will emerging economies ever see eye to eye with developed countries on cybersecurity? The Chinese president, Xi Jinping, seems to hope so. He recently visited the White House…

Sep 29, 2015

You'd better hope so. Ann Cavoukian knows a thing or two about privacy. For 17 years, she served as Ontario’s provincial Information and Privacy Commissioner and was outspoken on a variety of topics, ranging from…

Sep 28, 2015

Proper cybersecurity measures take insight and forethought. All that glitters is not gold. Sometimes, shiny new security products can make matters worse, rather than better. That’s the premise of a recent article by SecTor co-founder…

Sep 23, 2015

How the US DHS tracks down international cybercriminals When Jason Brown takes the stage for his keynote address at SecTor next month, there won’t be any cameras or recording devices in the room. He won’t…

Sep 15, 2015

What happens when clients pay you to hack them When Adrien de Beaupré is having a good day at work, you’ll often find him giggling. The independent senior information security consultant specializes in penetration testing…

Sep 08, 2015

The best form of defence is common sense, says Tim Rains Attackers are working faster, but not necessarily much smarter, Microsoft security guru Tim Rains will reveal at SecTor next month. The chief security advisor…

Sep 01, 2015

"Was it North Korea, in the drawing room, with the poker?" When a hacking scandal engulfs a company or government, it typically brings two things: newspaper headlines shaming the victim for their incompetence, and public…

Aug 25, 2015

Sharing is caring, but it's also a tricky business. Last week, Facebook announced that over 90 companies are sharing cybersecurity information with each other through its systems. They’re collaborating via ThreatExchange, the API-accessible community that…

Aug 17, 2015

Jessica Ireland will teach you how to gauge your security capability. “If you cannot measure it, you cannot improve it”. That was the view of Lord Kelvin, who discovered the theory of absolute zero, and…

Aug 10, 2015

For many companies, the first step is to get a clue. The MAD magazine cartoon, Spy vs Spy, is 54 years old this year. In it, the blackhat spy and the whitehat spy both tussle,…

Aug 03, 2015

How Ken Westin jailed at least two dozen people using software, social media, and a few snappy search tools Ken Westin is an online stalker. He follows people through social media sites, Internet community forums,…

Jul 27, 2015

Cybersecurity and lock picking have more in common than mere puzzle solving. This October, Schuyler Towne will once again drive the nine hours north from Massachusetts to Toronto, to attend the SecTor conference. He drives…

Jul 14, 2015

SecTor will feature a new IoT Village this year. Here's what to expect, and why it's important. The headlines are swimming with stories about the security challenges surrounding the Internet of Things. For many, though,…

Jul 06, 2015

How to get your first foothold in a security role Eager to break into a cybersecurity career? Competition is tough, but demand for skilled professionals is also high. How can you best position yourself for…

Jun 29, 2015

The Cloud Security Alliance wants to see more privacy in the cloud The Cloud Alliance wants to raise the bar when protecting customer privacy in the cloud. That’s the message from its CEO Jim Reavis,…

Jun 24, 2015

Become like water when learning how to fight off attackers. If you don’t adapt, you don’t survive. It's just as true in business as it is in nature - and it's particularly true in cybersecurity,…

Jun 22, 2015

The stakes are rising for Canadian and US firms alike. Cyber threats are on the rise, and companies do their best to protect against them. But it is also possible to insure yourself against the…

Jun 15, 2015

Before buying expensive cybersecurity tools, consider honing your IT operations. Another budget cycle, another upgrade. It’s time for a new firewall/SIEM tool/UTM appliance. Why? Because the new one has the latest next-generation fluid threat analysis…

Jun 06, 2015

Cybersecurity projects are just one way for the NSA to gather bulk data. This week was a big one for anyone concerned with privacy and cybersecurity in the US. After a great deal of wrangling,…

May 28, 2015

In 2015, we're still making the same mistakes. Plus a few new ones. Cybersecurity pros often suffer from a condition that we’ve come to call volarfaciem. This name comes from the volar, meaning the fleshy…

May 25, 2015

We revisit our predictions from SecTor 2014 to find out how they are unfolding. It has been over six months since the last SecTor security conference. At that event, there was a Predictions panel, in…

May 15, 2015

Advanced Persistent Threats (APTs) are in the news again, as security researchers track the Naikon APT, a sustained cyberattack on geopolitical targets in Asia. These persistent, sophisticated attacks keep CISOs awake the world over. After…

May 14, 2015

  TORONTO, ON, MAY 14, 2015 – SecTor, Canada’s premier conference on IT security, will kick off this October with a keynote presentation by Kris Lovejoy, IBM’s Chief Information Security Officer. Now entering its ninth…

May 11, 2015

58 cents or $200 - how much does a lost record cost? Just how accurate can you be when estimating the cost of a lost record in a data breach? A spat between Verizon and…

May 01, 2015

Should IoT devices tell you how they're messing with your privacy? Or is privacy an illusion anyway? IBM has formed an entire business unit around it, Cisco says that there will be 50 billion devices…

Apr 24, 2015

When SecTor opens its doors this October, it will once again be cybersecurity awareness month, as dictated by the Canadian government. Cybersecurity awareness is certainly a serious issue, but are we getting it right? And…

Apr 17, 2015

We're getting more vulnerabilities these days, but are we disclosing them responsibly? And what does that mean, anyway? The National Vulnerability Database - a NIST site that documents security flaws as they emerge - added…

Mar 22, 2015

A decade on, TASK is more important to its members than ever. It has been ten years since the Toronto Area Security Klatch (TASK) first started. We formed it because we wanted to create a…

Mar 22, 2015

Canada has no shortage of data breaches. Last year, it suffered 276,000 record breaches across 57 incidents – and that number is artificially low, claim some, because these are only the publicly reported breaches. Companies…

Mar 09, 2015

Held at the Metro Toronto Convention Centre in downtown Toronto, the SecTor conference runs two full days, October 20th and 21st, with an optional training day October 19th. Featuring Keynotes from North America's most respected…

Mar 04, 2014

We are pleased to announce our new website has launched!  To help us celebrate this event. the 2014 call for speakers is now open!

Mar 04, 2014

Online registration has opened for our 2014 conference. Early Bird Pricing is in effect until May 16th, you can now save 36% off Final Prices.  Register Today!