SecTor Management and the Advisory Committee look forward to once again bringing the world's best speakers in the field of IT Security to Toronto.
SecTor is all about the meat -- The content that matters to Canadian IT Security Professionals today. Of course we'll have fun and celebrate having the world's best in Toronto, but the key to SecTor's success, and thus the primary objective of the Management Committee and Advisory Committee, is quality content and presentation for attendees. The 2017 Call for Speakers is now closed. Stay tuned for our final speaker announcement, and be sure to consider submitting a topic for consideration when CFP opens again in early 2018.
2017 Submissions Are Now ClosedSecTor attendees spend a lot of time in the expo area with sponsors learning about and discussing their latest products and services. Be sure to bring your best and brightest to have those in-depth discussions and to uncover the next business opportunity. There are three levels of Expo area sponsorship available at SecTor. Contact us today so you don’t miss out on representing your company at Toronto’s newest innovation conference .
Become a Sponsor
A Look Inside the Phishing Business
Times are good for online criminals. Phishing has been a problem for years, but thanks to the booming online criminal economy, it has never been easier or cheaper for black hats to harvest account details…
Read more
Is It Time To Regulate the IoT?
US Senators just introduced new legislation to regulate the purchase of Internet of Things (IoT) devices. Why did they do it, and what chance is there of success? On August 1. the Internet of Things…
Read more
How To Fight Business Email Compromise
For years, email has been an ideal way for attackers to get into an organization. A decade ago, phishing was a simple way to harvest login details from consumers and employees alike. These days, the…
Read more
Avoiding Cloud Developer Security Mistakes
If you’re a startup developing native cloud apps, then resources like Amazon Web Services are a great way to test your assumptions and then scale your business. Used improperly, though, they’re also an excellent way…
Read more
The Man Who Can Make iCloud Rain
Apple has had its fair share of privacy and security controversies in the last few years. There was ‘Celebgate’, in which celebrities had their iCloud accounts hacked, causing Apple to hurriedly revamp its authentication process.…
Read more
The Blockchain: Your New ID Card
Proving your identity and stopping others from impersonating you has always been a difficult problem to solve, both online and off. We haven't cracked the problem yet. That’s why 6.6% of ID theft in the…
Read more
How To Handle A Security Breach
Dealing with a security incident is difficult to do well, but easy to do badly. The headlines are filled with examples of bungled security incidents. There’s the fudging: UK telco TalkTalk initially confused customers with…
Read more
What We Learned from WannaCry
Josh Zelonis is irritated. The senior analyst at Forrester Research got more frustrated every day that he read coverage of WannaCry, the ransomware strain that ravaged the Internet last month. Much of the public conversation…
Read more
Cyber-Espionage: How To Spot It and Stop It
This month, Verizon released its Data Breach Investigations Report (DBIR) for 2017. One thing stood out: the rise in cyber-espionage. Spies take many different forms, but they're all after corporate information. How can you stop…
Read more
Purple Teaming: How To Play Cybersecurity War Games Properly
Cybersecurity strategists love quoting ancient Chinese military strategist Sun Tzu, who wrote the book on warfare. “If you know others and know yourself, you will not be imperiled in a hundred battles,” he said. “If…
Read more
North Americans: Get Ready For GDPR
In May 2018, the most significant privacy regulation ever will take effect. The General Data Protection Regulation (GDPR) is an EU measure, but US and Canadian companies who think it doesn’t affect them are in…
Read more
ShadowBrokers Go Out With A Whimper
Note: Story updated on April 17 to reflect second dump of Shadowbrokers files. The ShadowBrokers hacking group made two more splashes this month, resulting in both a ripple and a wave. Firstly, it released the password…
Read more
If Vendors Won’t Patch Their Software, This Firm Will
What happens if you’re a vendor that’s slow to patch a known flaw? It’s possible that someone else may step in and do it for you. That’s what has been happening for the past few…
Read more
The hacker who came in from the cold
A former Canadian hacker is back in the limelight – this time, with a documentary preaching cybersecurity, and a top film festival slot. So how did Michael Calce get from there, to here? Back in…
Read more
Security standards for the blockchain
In the future, your data may be secured not by some central gatekeeper, but by a vast, distributed set of participants, each holding some or all of it. Blockchain technology is the new frontier of…
Read more
Video: Cybersecurity training is broken. Here’s how to fix it.
User awareness training isn’t working. It hasn’t worked for a while. There are good reasons for this, and as cybersecurity threats mount, it would be good for security pros to understand them. SecTor sat down…
Read more
Video: Your Single Biggest Cybersecurity Improvement
There are, at the time of writing, 331 days until the new year. That’s’ a lifetime in cybersecurity. What major goals are you hoping to achieve in your cybersecurity practice before then? SecTor sat down…
Read more
Video: Why users are at war with their systems
Your next major cybersecurity threat may come not from ransomware or an open telnet port, but from a paper cup. In the wrong hands, it can become a deadly weapon. The latest in our SecTor…
Read more
Video: What Makes a Successful CISO?
What makes a successful Chief Information Security Officer (CISO)? It’s a job title that has only existed for a relatively short time. At SecTor 2015, keynote speaker Trey Ford mentioned that many CISOs were…
Read more
What The Wassenaar Arrangement means for cybersecurity pros
Should information be treated like weaponry? The world isn't sure - and it's causing cybersecurity companies and researchers real headaches. Hopes for a key resolution on export controls were dashed after annual talks concluded in…
Read more
Video: What are the biggest security challenges in 2017?
From IoT to dealing with data at scale, the challenges for security pros in 2017 will be as daunting as ever. Last year at the tenth annual SecTor conference, security experts revealed what they thought…
Read more
2016 predictions: how did the fortune tellers do?
It’s the end of the year and the 2017 predictions are flooding in. From the mundane to the mad, companies are falling over themselves to tell us what will happen in the coming year. Here…
Read more
Finding incentives for cybersecurity
Another day, another large corporate hack. Companies continue to lose our data, through a combination of poor funding and misjudged security measures. None of them want it to happen, but do they have enough incentives to prevent it?…
Read more
An ethical code for cybersecurity
The battle between black hats and white hats will never end, but do we need some kind of Geneva Convention for how it’s waged? Security pros must often engage black hats, either directly or indirectly,…
Read more
How to impersonate someone for 22 cents
For years, researchers have developed ways to bypass biometric scanners and impersonate other people. Now, there’s a new technique: disguising yourself as Elvis Costello to fool a facial recognition system. Late last month, researchers…
Read more
What Is Your Phone Broadcasting?
Your phone might be telling the world more than you think – and Solomon Sonya is listening. The US Air Force trainer, who speaks today at SecTor 2016, will be unveiling a tool that can…
Read more
B-Sides: A Grassroots Security Movement
Some of the music industry’s best hits came from B-sides. Gloria Gaynor’s I Will Survive was a B-track, as was the Red Hot Chilli Pepper’s most successful single ever, Soul To Squeeze. Vanilla Ice’s US…
Read more
Understanding Malware from the Inside Out
Analyzing malware has always been a little like working in a digital virology lab. Researchers have to organize virus and worm samples, and keep them in a protected environment that won’t risk infecting anyone else.…
Read more
The Key To Avoiding Another OPM
Chris Pogue has a special interest in last year’s US Office of Personnel Management data security breach – his details were among those that were stolen. Pogue, chief information security officer at Nuix, spent several years in…
Read more
Airbnb Renters: You May Already Be Pwned
The sharing economy enables people to unlock the latent value in their time and property. Renting your apartment to someone for a weekend is good for the wallet. Letting someone stay in it for free…
Read more
Why Wasn’t My SecTor Talk Accepted?
A message from Brian Bourne, director and co-founder of Black Arts Illuminated. For every proposed talk that makes it into the SecTor conference, there are many others that don’t make the cut. We decided to…
Read more
Rebooting Canada’s Cybersecurity Strategy
What should Canada’s next cybersecurity strategy look like? The federal government is asking the country how it should the harden private and public sector against attack. Public services minister Ralph Goodale announced the three-month consultation…
Read more
How to find your biggest security threats
Roger Grimes gets angry when stories like this one, about Microsoft’s UEFI security snafu, emerge – and not just because he works for Microsoft. “It’s so complicated to pull off, it’s going to be fixed…
Read more
Security Pros: Do Your Users Hate You?
What have modern policing and cybersecurity got in common? Both sometimes suffer from a lack of perspective and alienate the public that they’re supposed to serve, according to Brendan O’Connor. As a lawyer working in…
Read more
Why Only One In Ten Cybersecurity Pros Is A Woman
Why are most cybersecurity professionals men? Laura Payne has an idea or two to share, and she’ll be presenting them at SecTor this October. Payne, a senior information security advisor at BMO, will be addressing…
Read more
How To Build Your Own Hacking Toolkit
Chris Maddalena’s programming skills have come a long way in the past year. An information security consultant at eSentire, he relies heavily on other peoples' open source ethical hacking tools for his practice, but recently…
Read more
Snowden: Three Years On
Last month saw an important anniversary for Edward Snowden. In June 2013, he broke the biggest state surveillance scandal in history. Where has it left us three years on, and what have we learned? Snowden…
Read more
Tracking Terror Online
The commercial Internet has always been a diverse dangerous neighbourhood, with its fair share of malicious actors and dangerous characters. In recent years, though, it has gained a new voice – an anti-western version of…
Read more
Big Threats From Small Things
What would happen if cryptography stopped working tomorrow? For one thing, the Internet would effectively stop working. Signed software updates would no longer be possible. No one would be able to prove their identities online.…
Read more
Finding Flaws in IoT Devices
That Internet-connected Barbie that listens to your kid is hackable. Your ex could stalk you in your car even if it wasn’t designed to be a connected vehicle, and someone could alter your medical dose remotely…
Read more
How Machines Will Classify Our Malware
John Seymour believes that machines can do a better job of classifying an ocean of malware – if we can just teach them properly. Seymour, a data scientist at social media threat intelligence firm ZeroFOX,…
Read more
This Man Is About To Make Your Job Easier
Calling all security pros and IT managers bogged down by compliance and governance paperwork: Toronto-based cybersecurity expert Ben Sapiro wants to make your job easier. And this year at SecTor 2016, he’ll unveil a tool…
Read more
Can Artificial Intelligence Save Your Data?
It is sixty years since scientists gathered for their historical meeting about artificial intelligence at Dartmouth College in New Hampshire. It was a month-long brainstorming session during which scientists they explored the possibilities of thinking…
Read more
Chris Vickery: Finding the Crown Jewels Online
For a person who just found the personal details for most of the adult Mexican population sitting in a publicly accessible database, Chris Vickery is remarkably self-effacing. His security research is mostly part-time, he’s entirely…
Read more
Back to the Future with Mikko Hypponen
In a few decades, your computers may be mostly bug-free because programmers won’t be writing your code, according to Mikko Hyponnen. The chief research officer for F-Secure always has something controversial to say, which is why Black…
Read more
A Decade of Data Breaches
It's been ten years since SecTor first began. The conference launched as a no-nonsense, fact-filled event designed to help security professionals protect themselves against attack. The organizers created it because Canada needed it back then, and we…
Read more
Can Mathematics Prove That Your Network Is Secure?
Mathematical algorithms might be able to predict exactly how your network will act. Is it possible to prove, beyond all shadow of a doubt, that your network is secure? SecTor has talked about how security alerts are…
Read more
Finding a Needle in the Cybersecurity Haystack
Everyone is curious about your IT systems. They are being probed, prodded and profiled by people on the Internet all the time, which creates lots of traffic. Many of these events metastasize into incidents that…
Read more
Tackling Open Source’s Security Problem
The US government wants to improve the quality of open source software by making it easier to find vulnerabilities in it. The Department of Homeland Security hopes that better code reviews and bug bounties will…
Read more
Why Heed Security Warnings When They Mean Nothing?
The world is full of foolish users who click on things without knowing better, but it is also filled with badly-designed products that don’t do a good enough job of warning them about the dangers…
Read more
How Safe Is Your Antivirus Software From Attack?
Another day, another problem with antivirus software. Antivirus tools are designed to protect your computers, but events over the years suggest that they can end up causing their own problems. Antivirus firms have had their…
Read more
Canadian Cybercrime Just Isn’t That Dangerous
Oh, Canada! Fake IDs and stolen logins? Is that all you're doing? Canadians might just be too polite for more violent forms of cybercrime. We’re involved in online crime to a certain extent, buying and…
Read more
IT Futures Registration is Live
Get in on the ground floor Today is a big day for Black Arts Illuminated, SecTor’s parent company. Early bird registration for its new conference, IT Futures, opens today, in co-ordination with a brand new…
Read more
Are You Spending Enough On IT Security?
Most Canadian firms aren't, according to industry figures. How much should your organization be spending on security? According to analyst figures, about 14% of the IT budget - but less than a quarter of companies…
Read more
Moving Beyond The Password
Passwords aren't secure. So what's the alternative? Google is testing its own anti-password login mechanism using mobile phones as two-factor authentication (2FA) devices, following hard on the heels of Yahoo, whichlaunched a password-free login system…
Read more
When Insider Threats Come From The Outside
Not all insiders work at a desk in your company. Insider threats don’t always come from your office. Are you prepared to manage those that don’t?We all understand the classic insider threat: a malicious employee,…
Read more
Making Malware That Sticks
How do malware writers create and test their malicious code? They lurk all over the world, from basements to offices, trying to take down your machines from afar. Malware writers have produced some devious code,…
Read more
IoT Security: It’s Coming To The Office – Are You Prepared
Consumer IoT devices are coming to your company, whether you want them or not. When it comes to technology, what finds its way into the home will eventually worm its way into the office. We…
Read more
IoT Security: Navigating The IoT’s Data Ocean
Ann Cavoukian has a plan to shore up privacy in a ubiquitously connected world Ann Cavoukian is interested in your privacy, especially in a world where everything is connected to everything else. If you thought…
Read more
IoT Security: Assessing the Hidden Risks
IoT Security: Assessing the Hidden Risks Imagine a scifi novel, set 50 years into the future. In it, someone is confronted by a forest of Internet-connected devices. Dusty, with faded colours and logos that no…
Read more
IoT Security: Can You Trust Your Fridge?
Tripwire's IoT Hack Lab team warn about IoT botnets and homes that might be too smart for their own good. What’s the only real way to render an Internet of Things device safe? Unplug it,…
Read more
Cyberthreats: Kevin McNamee on the Evolving Dangers From Mobile Malware
How your phone is becoming the next battleground for attackers The war against malware will increasingly be fought via mobile platforms in the next few years. So says Kevin McNamee, director of motive security at…
Read more
Cyberthreats: Joe Pizzo on the Shadowy Corners of the Darknet
Norse Corp expert explains how darknet sites are being used to sell exploits and exploited machines The Internet is a kind of inverted iceberg. At the top is the visible part - a huge, ever-changing…
Read more
Cyberthreats: Microsoft’s Tim Rains on Putting Old Wine in New Bottles
The second in our four-part series on cyberthreats explores emerging trends in malware You can’t teach an old dog new tricks, or so the saying goes – but maybe you don’t need to. Malware writers…
Read more
Cyberthreats: R-CISC’s Wendy Nather on Retail Risks
SecTor spoke to the retail security expert in part one of our four-part cyberthreat series When it comes to cyberthreats, retailers are among the most heavily targeted. Companies like Target, Home Depot and TJ Maxx…
Read more
Is Anti-Virus Software Really Dead?
Malware protection must innovation beyond signatures, says IBM expert Is anti-virus software dead? Experts have declared its demise in the past - most notably Symantec, which declared it so in a Wall Street Journal interview last year.…
Read more
A Transformative Time for CSOs
Kris Lovejoy says that security pros should have a physician's eye Kris Lovejoy is on a mission to transform the way that CSOs deal with business. The former IBM CISO, who worked her way up…
Read more
Winging It
Trey Ford talks about what today's CISOs can learn from yesterday's pilots Trey Ford learned to fly to get to know his dad better. The security pro and SecTor keynote speaker started learning in a…
Read more
Announcing the IT Futures Conference
A new event from the creators of SecTor Most years, the SecTor conference is about exploits, vulnerabilities, and security strategy. This year, though, there was one significant difference. This morning at SecTor 2015, co-organiser Bryan…
Read more
It’s Nearly Time!
Are you fully prepared for SecTor 2015? Here are some last minute things to look out for. We’re down to the wire. It’s the last weekend before one of the most important Canadian security events…
Read more
Are Beneficial Botnets a Good Idea?
SecTor interviews The White Team vigilante group Hundreds of thousands of routers around the world have been infected by a botnet. Instead of bitcoin mining or redirecting DNS queries to malicious sites, though, it has…
Read more
Mixing Water and Oil
How attitudes to cybersecurity vary between countries Will emerging economies ever see eye to eye with developed countries on cybersecurity? The Chinese president, Xi Jinping, seems to hope so. He recently visited the White House…
Read more
Can Privacy and Big Data Coexist?
You'd better hope so. Ann Cavoukian knows a thing or two about privacy. For 17 years, she served as Ontario’s provincial Information and Privacy Commissioner and was outspoken on a variety of topics, ranging from…
Read more
All That Glitters is Not Gold
Proper cybersecurity measures take insight and forethought. All that glitters is not gold. Sometimes, shiny new security products can make matters worse, rather than better. That’s the premise of a recent article by SecTor co-founder…
Read more
A Look Inside the US Secret Service
How the US DHS tracks down international cybercriminals When Jason Brown takes the stage for his keynote address at SecTor next month, there won’t be any cameras or recording devices in the room. He won’t…
Read more
A Day in the Life of a Penetration Tester
What happens when clients pay you to hack them When Adrien de Beaupré is having a good day at work, you’ll often find him giggling. The independent senior information security consultant specializes in penetration testing…
Read more
How Microsoft Watches What Attackers Do
The best form of defence is common sense, says Tim Rains Attackers are working faster, but not necessarily much smarter, Microsoft security guru Tim Rains will reveal at SecTor next month. The chief security advisor…
Read more
Whodunnit? Why Cyberattack Attribution Is So Tricky
"Was it North Korea, in the drawing room, with the poker?" When a hacking scandal engulfs a company or government, it typically brings two things: newspaper headlines shaming the victim for their incompetence, and public…
Read more
Who Should You Share Your Cybersecurity Data With?
Sharing is caring, but it's also a tricky business. Last week, Facebook announced that over 90 companies are sharing cybersecurity information with each other through its systems. They’re collaborating via ThreatExchange, the API-accessible community that…
Read more
How To Measure Your Cybersecurity
Jessica Ireland will teach you how to gauge your security capability. “If you cannot measure it, you cannot improve it”. That was the view of Lord Kelvin, who discovered the theory of absolute zero, and…
Read more
How to Win The War Against Blackhats
For many companies, the first step is to get a clue. The MAD magazine cartoon, Spy vs Spy, is 54 years old this year. In it, the blackhat spy and the whitehat spy both tussle,…
Read more
Meet The Man Who Cyberstalks for Good
How Ken Westin jailed at least two dozen people using software, social media, and a few snappy search tools Ken Westin is an online stalker. He follows people through social media sites, Internet community forums,…
Read more
Unlocking History
Cybersecurity and lock picking have more in common than mere puzzle solving. This October, Schuyler Towne will once again drive the nine hours north from Massachusetts to Toronto, to attend the SecTor conference. He drives…
Read more
A Village for the Global Internet of Things
SecTor will feature a new IoT Village this year. Here's what to expect, and why it's important. The headlines are swimming with stories about the security challenges surrounding the Internet of Things. For many, though,…
Read more
Starting A Cybersecurity Career
How to get your first foothold in a security role Eager to break into a cybersecurity career? Competition is tough, but demand for skilled professionals is also high. How can you best position yourself for…
Read more
Building a More Private Cloud
The Cloud Security Alliance wants to see more privacy in the cloud The Cloud Alliance wants to raise the bar when protecting customer privacy in the cloud. That’s the message from its CEO Jim Reavis,…
Read moreBecome like water when learning how to fight off attackers. If you don’t adapt, you don’t survive. It's just as true in business as it is in nature - and it's particularly true in cybersecurity,…
Read more
Should You Insure Yourself Against a Cyberattack?
The stakes are rising for Canadian and US firms alike. Cyber threats are on the rise, and companies do their best to protect against them. But it is also possible to insure yourself against the…
Read more
Improve Your Cybersecurity With These IT Process Hacks
Before buying expensive cybersecurity tools, consider honing your IT operations. Another budget cycle, another upgrade. It’s time for a new firewall/SIEM tool/UTM appliance. Why? Because the new one has the latest next-generation fluid threat analysis…
Read more
US Surveillance Reform Only a Moderate Success for Privacy Advocates
Cybersecurity projects are just one way for the NSA to gather bulk data. This week was a big one for anyone concerned with privacy and cybersecurity in the US. After a great deal of wrangling,…
Read more
Five Cybersecurity Facepalms
In 2015, we're still making the same mistakes. Plus a few new ones. Cybersecurity pros often suffer from a condition that we’ve come to call volarfaciem. This name comes from the volar, meaning the fleshy…
Read more
Peering into the Cybersecurity Crystal Ball
We revisit our predictions from SecTor 2014 to find out how they are unfolding. It has been over six months since the last SecTor security conference. At that event, there was a Predictions panel, in…
Read more
The Four Secrets Of APTs
Advanced Persistent Threats (APTs) are in the news again, as security researchers track the Naikon APT, a sustained cyberattack on geopolitical targets in Asia. These persistent, sophisticated attacks keep CISOs awake the world over. After…
Read more
IBM’s Chief Information Security Officer Kris Lovejoy to open SecTor 2015, the 9th annual Security Education Conference Toronto
TORONTO, ON, MAY 14, 2015 – SecTor, Canada’s premier conference on IT security, will kick off this October with a keynote presentation by Kris Lovejoy, IBM’s Chief Information Security Officer. Now entering its ninth…
Read more58 cents or $200 - how much does a lost record cost? Just how accurate can you be when estimating the cost of a lost record in a data breach? A spat between Verizon and…
Read moreShould IoT devices tell you how they're messing with your privacy? Or is privacy an illusion anyway? IBM has formed an entire business unit around it, Cisco says that there will be 50 billion devices…
Read moreWhen SecTor opens its doors this October, it will once again be cybersecurity awareness month, as dictated by the Canadian government. Cybersecurity awareness is certainly a serious issue, but are we getting it right? And…
Read moreWe're getting more vulnerabilities these days, but are we disclosing them responsibly? And what does that mean, anyway? The National Vulnerability Database - a NIST site that documents security flaws as they emerge - added…
Read moreA decade on, TASK is more important to its members than ever. It has been ten years since the Toronto Area Security Klatch (TASK) first started. We formed it because we wanted to create a…
Read moreCanada has no shortage of data breaches. Last year, it suffered 276,000 record breaches across 57 incidents – and that number is artificially low, claim some, because these are only the publicly reported breaches. Companies…
Read moreHeld at the Metro Toronto Convention Centre in downtown Toronto, the SecTor conference runs two full days, October 20th and 21st, with an optional training day October 19th. Featuring Keynotes from North America's most respected…
Read moreWe are pleased to announce our new website has launched! To help us celebrate this event. the 2014 call for speakers is now open!
Read moreOnline registration has opened for our 2014 conference. Early Bird Pricing is in effect until May 16th, you can now save 36% off Final Prices. Register Today!
Read moreDon’t miss out on your chance to be a part of SecTor 2017. Sign up before the Standard Rate increases to Last Call rates on September 10, 2017.
$1199 Price goes up 11:59PM September 9th Buy NowOne for the risk takers, with limited spaces you may or may not get the chance to attend the full SecTor conference. Register now, Last Call is valid September 10 to November 15th, or until tickets sell out.
$1399 Expires midnight November 15, 2017 Buy NowCan't attend the full conference? Consider registering for the Expo - Registration is $50, or free until November 13, 2017 with discount code.
Details See full registration options. Buy Now
30 minutes ago
#DerbyCon #IoT fans - find out what #sectorca speaker @obilodeau learned hunting IoT #malware. https://t.co/pCh66zMXEy
2 hours ago
The dangers of blindly copying code from Stack Overflow. The moral: Read and understand all code sources!… https://t.co/N8iJ8jfqAN
2 hours ago
#DerbyCon, that #pentesting talk must have piqued your interest. Learn about a pentester's life at #sectorca. https://t.co/cYPtfsYvJd
4 hours ago
A nice little helpdesk #hack here, using nothing but a loophole in business logic. https://t.co/55PaCuIac4
