CSA Summit at SecTor

The fifth annual Cloud Security Alliance (CSA) Summit at SecTor will take place on Monday, October 1, 2018 at the MTCC in Toronto as part of our pre-conference activities.

The CSA Summit at SecTor is Canada’s preeminent cloud security event. It is an invaluable opportunity for information security professionals to engage with industry leaders to discuss, debate and define the future of cloud security.

Built on a training platform like SecTor, the 2018 Summit will feature keynote speakers, panel discussions and sponsored sessions. Continental breakfast, lunch and light refreshments will be provided along with an onsite Networking Reception following the event.

Did You Attend the 2018 CSA Summit? Be Sure To Submit Your Feedback!

The Details

Date: Monday October 1, 2018.

Price: $50

Registration: To register for the 2018 CSA Summit at SecTor visit sector.ca/register and add CSA Summit to your SecTor conference registration.

SecTor 2018: Conference sessions take place on Tuesday October 2 and Wednesday October 3, 2018. The full conference schedule is now available. Visit our Schedule page for more information.

Venue: The CSA Summit at SecTor will be held on Level 700 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto. More information on how to get there is available at sector.ca/travel.




09:00 – 10:00 Doors open. Continental breakfast and networking
10:00 – 10:15 Welcome
10:15 – 11:00 Keynote #1: David Senf, “Rethinking Your Security Operations in a Cloud Reality”
11:00 – 11:45 Panel #1: “From Federation to CASB; Choosing the Right Identity Solution”
11:45 – 12:15 CSA Global Update: J.R. Santos
12:15 – 13:00 Lunch and networking
13:00 – 13:45 Keynote #2: Bob Flores, “What do IoT and Cyber Threats Mean for your Cloud Transition?”
13:45 – 14:05 Sponsor Session: Bell, “Securing Digital Transformation – Protecting Your Business Online”
14:05 – 14:25 Sponsor Session: Scalar, “Securing Public Cloud: Prioritizing Your Security Strategy”
14:25 – 14:55 Afternoon Break
14:55 – 15:40 Panel #2: “DevOPs Dos and Don’ts; Tips from the Trenches”
15:40 – 16:25 Keynote #3: Mike Rothman, “Cloud Security Trends for 2019”
16:25 – 16:30 Closing Remarks
16:30 – 19:00 Networking Reception

*Timing and content subject to change

Who is the Cloud Security Alliance?

The Cloud Security Alliance is a global member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. Go to cloudsecurityalliance.org to find out more.


Speakers, Sessions, Bios

Below is the schedule for the CSA Summit at SecTor 2018. Expand each one to read more about each speaker and watch each session. You can also watch the full library of 2015, 2016, 2017 and 2018 CSA Summit at SecTor sessions here.

Cloud is fundamentally reshaping the roles of security professionals, security budget allocation, security risk planning and security technology purchases. But how do you know if the changes you are making are the right ones, and what impact they will have on your cybersecurity posture? David Senf, founder of Cyverity, leverages in-depth research and analysis, plus guidance from the five functions of the NIST Cybersecurity Framework and four security maturity levels, to help organizations measure the success (or not) of change. In this interactive session, he will share key findings from his work and arm you with benchmarks you can use to evaluate your environment.

David SenfDavid Senf – Founder, Cyverity

David Senf is an IT research and advisory thought leader and executive with a particular focus on cybersecurity. He has spent close to two decades analyzing and delivering vendor, provider, channel and end-user success. He examines security within the larger context of technology adoption from containers to cloud and from DevOps to devices. He founded Cyverity to promote cybersecurity risk awareness, solutions selection, and operations benchmarks and best practices.

Previously he was a VP at IDC where he worked with and presented to countless organizations – and much of the IT vendor community. He enjoys hundreds of press appearances in a variety of publications, including The Globe and Mail, CBC, The Star, Wall Street Journal, and Wired.

Identity is at the core of any secure infrastructure, especially in the cloud world. The challenge is that there is a plethora of solutions out there and it’s not always obvious how to choose the right one. In this session, our panel of experts will bust myths around cloud identity and provide recommendations on how to evaluate and choose the right solutions.

Dave LewisDave Lewis (moderator) – Global Security Advocate

Dave has over two decades of industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies . He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for Forbes and Huffington Post.



Krystal WangKrystal Wang – Senior Security Solution Manager, OKTA

As a Senior Security Solutions Manager at Okta, Krystal works closely with customers and product teams to deliver security-focused identity solutions. Prior to Okta, Krystal worked in product and evangelist roles at leading cybersecurity firms in areas of threat prevention, email and web security, and network security. Krystal has over a decade of experience in the security space and holds a bachelors in Information Science.



Peter SchefflerPeter Scheffler – Cyber Security Solutions Architect, F5 Networks

Peter has over 25 years of experience in the software industry with nearly another 10 years before that as an amateur programmer. Peter has spent the last 15 years in the world of web application development and application security. As an independent consultant, Peter spent time developing solutions for securing network and application access for Fortune 1000 and security conscious government organizations. Peter currently works with F5 Networks as a Cyber Security Solutions Architect where he focuses on security opportunities across North America, specializing in DDoS, SSL Intercept/Visibility and Web Application Firewall cases.


Charles KeaneCharles Keane – Security Specialist, Forcepoint

Charles is a 12-year veteran of the information security industry, and currently serves as a Security Specialist for Forcepoint’s User Entity and Behavior Analytics group. Charles is a recognized industry expert on data security and has worked extensively on solving complex security problems for both the public and private sector. Charles is an active participant in the security community, holding numerous certifications, including a CISSP, and has spoken in front of the UN Cybersecurity Sub-Council and the National Retail Federation. Prior to working with Forcepoint, Charles was part of Hewlett Packard Enterprise’s Security Products division where he managed a global team of sales and security architects and was the Chief Architect for Symantec’s Vontu DLP Division.


Charles KeaneNabil Zoldjalali – Sr. Cyber Technologist, Darktrace

Nabil Zoldjalali is a Senior Cyber Security Technology Manager at Darktrace, based out of the company’s Toronto office. Nabil has comprehensive technological experience with Darktrace’s Enterprise Immune System, the only AI technology capable of detecting and autonomously responding to early-stage cyber-threats. He advises Darktrace’s strategic Fortune 500 customers in North America on advanced threat detection, machine learning, and automated response. Nabil graduated from McGill University with a Bachelor of Engineering in Electrical and Electronic Engineering.

In this session Luciano (J.R) Santos will provide an update on the Cloud Security Alliance and their activities in Canada and across the globe.

Luciano (J.R) SantosLuciano (J.R.) Santos – Executive Vice President of Research, Cloud Security Alliance 

J.R. Santos is the Executive Vice President of Research for the Cloud Security Alliance. He oversees the Cloud Security Alliance’s research portfolio that covers a diverse range of cloud security topics such as IoT, quantum security, big data, artificial intelligence and application containers and micro-services. He is responsible for the execution of the research strategy worldwide. In addition, he advises over 30+ working groups that develop industry-leading security practices, education and tools. J.R. has over 19 years of experience working in information security in a variety of industry sectors including finance, healthcare, aerospace, retail, and technology. J.R. is an active professional in the security industry and has served on various boards and committees throughout his career. J.R. holds various professional certifications and a bachelor’s degree from the University of Washington.

We’ve all seen predictions of billions of interconnected devices that will be upon us soon. If you are moving to the cloud, does this really matter? This presentation will explore the existing and future cyber threats and provide actions you can take now to prevent a disaster.

Bob FloresBob Flores – Founder and CTO, Applicology Inc.

Bob Flores is the Founder and CTO of Applicology Incorporated, which specializes in cybersecurity risk assessments and cloud migration strategy. Bob is also a Founder of Cognito Corp, a management consulting company, and is co-chair of the Cloud Security Alliance Software Defined Perimeter (SDP) Working Group. Prior to starting Applicology, Bob spent 31 years at the Central Intelligence Agency where he held various positions in the Directorate of Intelligence, Directorate of Support, and the National Clandestine Service. Toward the end of his career at the CIA, he spent three years as the CIO’s Chief Technology Officer where he was responsible for ensuring that the Agency’s technology investments matched the needs of its mission. During this time Bob was also the Agency’s representative on several government-wide information sharing committees and councils. In addition to his senior level leadership and management positions, his career included assignments in applications programming, training and education, contract and project management, and both line and staff management roles at various levels of the CIA. He holds Bachelor and Master of Science degrees in Statistics from Virginia Tech.

Bell will share its security experience in its journey through digital transformation. With our experience in operating the largest network in Canada and protecting organizations of all sizes, we see organizations are facing similar challenges such as fast moving markets, cloud adoption, increasingly reliance on on-line model and increasing value of digital assets. Based on our experience we will present an approach to help your organization embrace digital transformation in an ever-evolving threat landscape.

Matt BrodaMatt Broda – Technical Fellow – Security, Bell

Matt Broda is a Technical Fellow in Security at Bell. Matt is responsible for Bell’s strategic security direction focused on business markets. Matt has devoted the last 19 years of his career to making cyberspace a safer place. In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection. Before joining Bell, Matt held leadership positions focused on security with Nortel’s Chief Technology Office, Microsoft’s Trustworthy Computing and as an entrepreneur and advisor. Matt holds an MBA from Ottawa.

Enterprises continue to struggle with where to start when it comes to public cloud security. Come hear from Rene Heroux, Chief Technology Officer – Cloud at Scalar Decisions, on the key areas to prioritize to ensure your adoption of public cloud is secure

Rene HerouxRene Heroux – Chief Technology Officer – Cloud, Scalar Decisions

As the Chief Technology Officer, Cloud at Scalar Decisions, Rene focuses on building Scalar’s Cloud practice to be the best in the industry. With 15+ years experience, he leads a team of highly skilled and respected Cloud SAs and DevOps Engineers at Scalar, all working to make sure Scalar’s customers are choosing the correct technologies and products in the Cloud space that will help them achieve their business goals and differentiate them in their prospective markets.

Have you heard the one about the developer who built granular permissions to a critical app, only to have the Ops person grant admin access to everyone? Or the Dev that chose to use an open source module with known vulns that undermined the network security because it was easier…

Collaboration and communication between software developers and other IT professionals is critical to securing systems. In this session, our panel of experts will share tips and tricks to help you implement and run a successful DevOps program.

Dave MillierDave Millier (moderator) – CEO, UZADO

Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado, a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave is also the CSO of Quick Intelligence, a boutique VAR and cybersecurity consulting company, and is the CEO of MIDAC Solutions, a Managed IT services provider.


Peter CresswellPeter Cresswell – Senior Systems Engineer, Trend Micro

Peter Cresswell, CISSP, ISSAP, CISA, CISM – Trend Micro consultant, architect and sales engineer – has over 25 years of diverse IT experience covering many complex implementations of security solutions for small, medium and large enterprise customers across Canada. From building a security practice within a Citrix consultancy to exploring virtualization solutions with one of Canada’s large telecommunications providers, Peter has an extensive background designing and applying security controls to virtual environments. With Trend Micro, Peter uses this expertise to solve our customer’s evolving security and compliance issues in the virtual datacenter.


John DelaroderieJohn Delaroderie – Security Solutions Architect (SME) | Web Application Scanning OSCP GWAPT GPEN CISSP, Qualys

John Delaroderie is a Web Application SME and Security Solutions Architect for Qualys. He is a United States Naval Academy graduate and has a Master’s Degree in Computer Science from the Naval Postgraduate School with a focus in cyber security and artificial intelligence. He has worked in both the defense and financial industries before joining Qualys in early 2018.

John currently resides in Tampa, Florida, with his wife and 3 children.


Adam BellAdam Bell – Principle Software Engineer, Tenable, Inc.

Adam Bell has spent 14+ years in the trenches as a software developer solving hard problems in short timeframes, with extensive experience and knowledge around DevOps best practices.

As Principle Software Engineer at Tenable, Bell is blazing a trail by incorporating security best practices into a Continuous-Deployment/DevOps/Containerized World. He is a member of the CSA’s Application Containers & Micro-Services Working Group and hosts a podcast on best practices in software development (http://corecursive.com).

Bell lives in Peterborough, Ontario with his wife and cats.

The evolution and adoption of the cloud continues to astound even the most aggressive of prognosticators. The challenge is not just in figuring out how to migrate to the cloud securely but also to keep track of the continuous innovations on the part of the cloud providers and security companies catering to the cloud that force you to revisit architecture and design decisions seemingly daily. In this session Securosis analyst Mike Rothman will break out the crystal ball and give you a sense of the key areas of innovation in 2019, what to do right now to be ready, and also how to avoid the inevitable pitfalls of leveraging fast moving cloud technologies.

Mike RothmanMike Rothman – President, Securosis

Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.

2018 CSA Summit Sponsors













Sponsorship opportunities for the 2018 CSA Summit are now available. If you’re interested in becoming a sponsor, please email sponsorship@sector.ca.