2017 Sessions | SecTor 2023

2017 SESSIONS At A Glance

SecTor Management and the Advisory Committee look forward to once again bringing the world’s best speakers in the field of IT Security to Toronto.

Some of your feedback requested a simple list of sessions where you could scan what’s happening at a glance, like the format in years past. Below you will find just that.

Please visit the schedule page for a complete breakdown of when each session will occur, along with a more comprehensive filtering feature. The schedule is also available in timetable format.

The Expo Hall is open to attendees between the hours 8am to 5pm Tuesday, November 14, and 8am to 4pm Wednesday, November 15. Please note Expo Only Attendees are limited to the Sponsor, Tools and Career tracks. Find out more at our new Expo Page.

Legend:

Full Conference Pass

Expo Conference Pass

Keynote

Planning for Sunny Days - James Arlen

The Future of Cryptography - Dr. Whitfield Diffie

Tech

10th Anniversary FAILtacular! - James Arlen

A Diamond is an Analyst’s Best Friend: The Diamond Model for Influence Operations Analysis - Charity Wright

A Hermit Out of Its Shell - Christoph Hebeisen, Paul Shunk

Adventures in the Underland: Uncommon Hacker’s Persistency Methods and Countermeasures - Paula Januszkiewicz

Anti-Abuse Operations and the Abuse Bestiary - Allan Stojanovic

Defrauding Merchants like it’s Y2K - Craig Barretto, Yuk Fai Chan

Food Production is Critical Infrastructure - Seth Hardy

GitHub Actions: Vulnerabilities, Attacks, and Counter-measures - Magno Logan

New Memory Forensics Techniques to Defeat Device Monitoring Malware - Andrew Case

New Minimum Cybersecurity Requirements for Cyber Insurance - Danny Pehar

Purple RDP: Red and Blue Tradecraft Around Remote Desktop Protocol - Olivier Bilodeau

The COW (Container On Windows) Who Escaped the Silo - Eran Segal

The Development of a Completely Unsupervised Machine Learning Pipeline for Security Analytics – from Ingestion to Analytics - Jeff Schwartzentruber

The Evolution of Ransomware - Fernando Montenegro

Tokenizing the Dark Web: Applying NLP in the Context of Cyber Threat Intelligence - Olivier Michaud, Francois Masson

Under the Hood of Wslink’s Multilayered Virtual Machine - Vladislav Hrčka

Understanding, Abusing and Monitoring AWS AppStream 2.0 - Rodrigo Montoro

What is Linux Kernel Keystore and Why You Should Use It in Your Next Application - Ignat Korchagin

Zhadnost – Finding and Tracking a GRU-controlled Botnet - Ryan Slaney

Management

“What do you Mean Moose Meat?” Advancing Resilience Through Preparing for the Unexpected. - Kevin Sandschafer

A Transformation Blueprint for Developer-First Security - Larry Maccherone

FAIR STRIDE – Building Business Relevant Threat Models for AppSec - Arthur Loris

Innovation and Evolution – How Medical Device and IoT Profiles Have Evolved – But So is Your Attack Surface - Mohammad Waqas

OPSEC is Not a Buzzword - Tim Dafoe

The Vastaamo Data Breach - Antti Kurittu

Vulnerability Management: Try Fixing Less to Reduce More Risk - Mitch Dollin

SECurity FUNdamentals

Advanced Bot Landscape - Yohann Sillam

AI in a Minefield: Learning from Poisoned Data - Johnathan Azaria

Azure AD and Microsoft 365 Security Fundamentals - Peter Carson

Build More Secure Apps by Harnessing the Power of OWASP SKF & ASVS on Kubernetes - Farshad Abasi-Jahromi, Kurt Hundeck

De-Escalate the Overly-Permissive Cloud IAMs - Jay Chen

Evasive Manoeuvres: Analysing the Past to Predict the Future of Malware Evasion Techniques - Stefano Zanero

Security Architecture Review for Cloud-based Applications – Where to Start and How to Shift Left? - Bernardo Wernesback

Trust or Dare: Supply Chain Risks in Aviation - Manon Gaudet

Sponsor Track

A Data Product Approach to Reducing Security Debt - Carson Pickens

BlackBerry XDR: Even the Odds - Anthony Toric

Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories - Dustin Childs

Correctly Configure All the Clouds - Steve Riley

Cybersecurity Insurance: Where to Start & How to Qualify - Christopher Hills

Decision Making in Uncertain Times: Key teachings from Executive Exchanges - Rafi Wanounou

Defending Ukraine: Early Lessons from the Cyber War - John Hewie

Effective Response in the Face of Zero Day Threats and Vulnerabilities - Karl Klaessig

From the Field – Stories of Successfully Detecting Cyber Attacks - Stephan Jou, Paul Reid

How 2FA is Circumvented - Ahmad Alsabagh

How AI Can Think Like an Attacker - David Masson

How Safe is Your Cloud? Deciphering Cloud Threats and Security Models - James Spiteri

Impact of the Russia – Ukraine Conflict on Your Cybersecurity - David Poellhuber

Indicators Everywhere! How SOCs Can Maintain Efficiency Against Any Attack - Andrew Mundell

Into the Abyss: Cybersecurity Tool Selection, Rationalization, and Decommissioning - Jeff Schmidt

Is Your Defensive Stack Ready for a Targeted Attack? - Stephen Tutterow

Leave No Stone Unturned: The Elements of Security Visibility - Christopher Fielder

Master of Audits – Vulnerability and Risk Management in 2022 - Nathan Harrison

Mobile Security – The Hackers Next Frontier - Robert Falzon

Navigating Enterprise Security in a Post-Compromise Reality - Kanen Clement

Neither Pointless nor Boring: Pop it and Lock it Down with CIS Controls - Matt Jerzewski

Preparing SRM Leaders to Communicate the Relationship Between the Cyber Risks and Physical and Human Systems - David Ortega

Protecting Your Critical Data and Enhancing Cyber Recovery - Jessica Hetrick

Ransomware IR Playbook to Remember & an Art of Building Resilience - Raheel Qureshi

Report: Protecting Customer Identity and Access Management (CIAM) Services Against Online Threats - Matt Duench

Researching Risk: The Qualys Approach to Identifying and Reducing Risk - Travis Smith

Scaling Security Operations: The Answer To The Challenge of Threat Inflation - Augusto Barros

Securing Your Operational Technologies - Gaétan Houle

Seize the Breach: Protect Your Organization With Behavior-based Security Intelligence - Steven Flowers

Smarter XDR Demands Email Security - Neil Clauson, Andrew Williams

Software Supply Chain Security: Knowing What You Don’t Know - Mallory Woods

State of Cloud Security in Canada: How Does Your Organization Measure Up? - Dave Senf

The (Hard) Key to Stop Phishing: How Cloudflare Stopped a Targeted Attack and You Can Too - John Engates

The Agent of Influence - Charity Wright

The Compelling Case for Zero Trust: Bridge the Gap Between Cybersecurity and Business - Ram Vaidyanathan

The Unsung Hero of Cybersecurity: Taking Your Vulnerability Management Program (VMP) from Good to Great - Kim Schreader

ThreatConnect & The Decisive Group Q&A - Lara Meadows, Devin Somppi

Time to Re-evaluate Your Security Layers - Elie Nasrallah

Top 10 Cyber Security Actions for Canada - Victor De Luca

Two Years of Accelerated Cybersecurity and the Demands Being Placed on Cyber Defenders - Tony Anscombe

What Log4Shell Taught Us About the Software Supply Chain, that Other Vulns Didn’t - Jobert Abma

Why Do We Accept Gaps in Our Data Protection Practices? - Terry Ray

Will Your Backups Help You Recover from Ransomware? - Nyron Samaroo

Career

Career Panel and Career Fair 2022 - Max Cizauskas, Roy Firestein, Andrea Stapley, Tom Tran, Afeerah Waqar

Tools

Deep Dive into SBOMs and Microsoft’s SBOM Tool - Adrian Diglio

DIY Tooling for Incident Responders - Peter Morin

Extend Falco with Plugins, Detect and React to Security Incidents from Any Stream of Events - Michele Zuccala

Java Crypto: Don’t Just Get it Working, Use it Securely - Mansi Sheth

Leverage AI in Threat Management - Ida Siahaan

The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico - Tyler Reguly

The State of Packet Capture in a Hybrid Infrastructure: The More You Know - Chris Boucek