2019 Cloud Security Summit

The sixth annual Cloud Security Summit at SecTor will take place on Tuesday, October 8, 2019 at the Metro Toronto Convention Center (MTCC) in downtown Toronto.

The Cloud Security Summit is Canada’s leading cloud security event and is an invaluable opportunity for security professionals to engage with leaders and discuss the future of cloud security.

This year’s Summit will feature keynote speakers and panel discussions. Continental breakfast, lunch and light refreshments will be provided along with an onsite Networking Reception following the event.

2019 Signature Sponsor

The Cloud Security Alliance is a global member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. Go to cloudsecurityalliance.org to find out more.

The Details

Date: Tuesday October 8, 2019.

Price: $50

Registration: To register for the 2019 Cloud Security Summit at SecTor visit sector.ca/register and add it to your SecTor conference registration.

SecTor 2019: Conference sessions take place on Wednesday October 9 and Thursday October 10, 2019. The full conference schedule is now available on our Schedule page.

Venue: The Cloud Security Summit at SecTor will be held on Level 700 in the South Building of the MTCC. More information on how to get there is available at sector.ca/travel.




09:00 – 10:00 Doors open. Continental breakfast and networking
10:00 – 10:15 Welcome
10:15 – 11:00 Keynote #1: Charlie Kaufman, ‘Real World Security Issues Operating a Public Cloud Service’
11:00 – 11:45 Panel #1: Mythbusting Security AI: What You Really Need to Know
11:45 – 12:15 Community Update: Jim Reavis, ‘The Future of Cybersecurity will be found at the Intersection of Cloud and Blockchain’
12:15 – 13:00 Lunch and networking
13:00 – 13:45 Keynote #2: Rich Mogull, ‘Lift and Shift, Don’t Lift and Pray: Cloud Migration Strategies’
13:45 – 14:30 Panel #2: Incident Response in the Cloud
14:30 – 14:55 Afternoon Break
14:55 – 15:40 Keynote #3: Brian Bourne, ‘Cloud Native vs. Run What Ya Brung’
15:40 – 16:25 Keynote #4: Kellman Meghu, ‘What Did You Do So Wrong, You Thought You Needed a Firewall in the Cloud?’
16:25 – 16:30 Closing Remarks
16:30 – 19:00 Networking Reception

*Timing and content subject to change

Speakers, Sessions, Bios

Below is the lineup for the Cloud Security Summit at SecTor 2019. Expand each one to read more about each speaker and their session. You can also watch the full library of 2015, 2016, 2017 and 2018 CSA Summit at SecTor sessions here.

While most of the world focuses on how to secure their application when migrating it to the cloud, public cloud providers face their own challenges in maintaining a secure cloud. This talk describes the variety of security problems that security experts consider when designing a public cloud. It also includes a case study of actual problems found after deploying a public cloud, and these were very different.

Charlie KaufmanCharlie Kaufman – Security Architect, Dell/EMC

Charlie Kaufman, security architect for the Next Generation Midrange Storage Business Unit at Dell/EMC, works on securing the current and future generations of midrange storage arrays. He has been involved with computer networking and security issues for over 25 years and holds over 50 patents in those fields. At Microsoft, he was the security architect for Windows Azure – Microsoft’s Public Cloud offering – where he was involved with all aspects of cloud security from design through responding to ongoing attacks. At Lotus, he was chief security architect for Lotus Notes and Domino and later the entire Lotus product suite. At Digital, he was the Security Architect for their networking group and later for Digital’s UNIX offering.

He has contributed to several IETF standards efforts including IPsec, S/MIME, and DNSsec and served as a member of the Internet Architecture Board. He is co-author of the popular textbook “Network Security: Private Communication in a Public World” and served on the National Academy of Sciences expert panel that wrote the book “Trust in Cyberspace”.

Does AI really make everything better? In security terms, the ability to spot anomalies in vast amounts of log data or look for patterns of behavior in systems can be extremely useful. However, AI isn’t necessarily the solution to all security challenges. In this panel session, our experts will outline both the real world uses for AI, and separate fact from fiction.

Dave Lewis (Moderator)

Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.


Nabil ZoldjalaliNabil Zoldjalali – Senior Cyber Technology Manager, Darktrace

Nabil Zoldjalali is a Senior Cyber Security Technology Manager at Darktrace, based out of the company’s Toronto office. Nabil has comprehensive technological experience with Darktrace’s Enterprise Immune System, the only AI technology capable of detecting and autonomously responding to early-stage cyber-threats. He advises Darktrace’s strategic Fortune 500 customers in North America on advanced threat detection, machine learning, and automated response. Nabil graduated from McGill University with a Bachelor of Engineering in Electrical and Electronic Engineering.


Stewart CathrayStewart Cawthray, CISSP, CISM, CRISC, CEH – Associate Partner – North American Security Services, IBM

An experienced security professional, having supported security operations, threat hunting and security architecture for enterprise customers for over 15 years. Stewart currently leads IBM’s security service practice for financial services customers in Canada. Stewart assists financial services customers to securely modernize applications, move operations to the cloud and introduce efficiencies to their security program through AI and Machine Learning capabilities.


Matt BrodaMatt Broda – Technical Fellow – Security, Bell

Matt Broda is a Technical Fellow in Security at Bell. Matt is responsible for Bell’s strategic security direction focused on business markets. Matt has devoted the last 19 years of his career to making cyberspace a safer place. In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection. Before joining Bell, Matt held leadership positions focused on security with Nortel’s Chief Technology Office, Microsoft’s Trustworthy Computing and as an entrepreneur and advisor. Matt holds an MBA from Ottawa.

Alex-BermudezAlex Bermudez – Privacy Consulting Manager, OneTrust

Alex Bermudez serves as Privacy Consulting Manager of the Americas at OneTrust – the global leader in privacy management and marketing compliance software. In his role, Bermudez leads OneTrust’s team of Solution Consultants across the Americas, working with emerging and enterprise companies on data protection regulation solution implementations, focused on building and scaling global privacy programs.

Bermudez has presented on a variety of privacy and security topics, providing deep insight into regulatory issues and practical approaches to compliance. Additionally, he helps facilitate OneTrust’s PrivacyConnect workshops across North America. Prior to OneTrust, Bermudez spent several years at a leading Healthcare Information Technology services organization where he gained valuable experience working with national healthcare providers to implement HIPAA-compliant workflow solutions. Bermudez is a Certified Information Privacy Professional (CIPP/E, CIPM) and holds a B.S. from the University of South Carolina.

Cloud computing has recently surpassed traditional on-premise computing as the dominant IT system. Additionally, Cloud now forms the foundation of leading cybersecurity solutions and is the platform of choice to secure all forms of computing, including Internet of Things. In this presentation, Cloud Security Alliance discusses the challenges and opportunities ahead for a “Cloud first” cybersecurity strategy and the surprising role Blockchain will have in reshaping the cybersecurity industry. We will also provide a preview of CSA’s research roadmap convergence on Cloud and Blockchain.

Jim-ReavisJim Reavis – Co-founder and Chief Executive Officer, CSA
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.

Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame.

Sure, there are plenty of sessions out there on the latest and greatest cloud native architectures, but the practical reality is most organizations first start their cloud journey by migrating… really old stuff. This pragmatic session focuses on the often-painful reality of lifting and shifting existing workloads to the cloud. Based on nearly a decade of hands-on experience we’ll cover the recommended architecture and technologies to reduce the pain and increase your odds of success.

Rich MogullRich Mogull
Rich has twenty years of experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having started working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he’s happy to speak for free — assuming travel is covered).

Cloud services add new dimensions that can have a huge impact on planning for and executing on incident response. For example, do you know where the service logs files are located, and what is in them? Did you subscribe to the correct options for storage, or are your SIEMs successfully collating activity across all your services? Our experts in this panel will use their experience to walk you through the do’s, don’ts, and gotchas often associated with successfully (or unsuccessfully) handling incidents in a cloud world.

Laura Payne (Moderator)

Laura Payne is a Director of Information Security Services at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping.


Daryl NovakDaryl Novak – Director of Information Security, New Signature
Daryl is currently Director of Information Security for New Signature, where he is building a better managed security service provider. Prior to that, he spent nearly a decade in the mining industry, working on everything from secure messaging systems to cryptotech, often in unusual places. Daryl graduated from Herzing University in 2003 with a diploma in Network Systems Technology and has been seeking out new and interesting applications of cryptography for good and for evil ever since.


Graham-ThompsonGraham Thompson – Principal Security Architect, Intrinsec
Graham Thompson is a Principal Security Architect with over 25 years of Information Technology experience assessing, recommending, designing and implementing secure system and network solutions. Since 2010, Graham has been exclusively focused on cloud security. He is an authorized CCSK and CCSP trainer, is a contributing author of the CCSP CBK and is the author of the upcoming CCSK All-in-One Exam Guide by McGraw-Hill. In addition to education and training, Graham continues to work with large enterprises and government agencies on secure cloud services, ranging from governance, assessment through to implementation. Graham holds his CISSP, CCSK, CCSP and an embarrassingly long list of designation letters that may or not be retired by now.

Mike JonesMike Jones – Director of Product Management, Agari

Mike Jones is the Director of Product Management for Agari, where he is responsible for the strategy, roadmap and feature definition of the Agari platform. Mike has represented Agari in the DMARC.org working group and as a Co-Chair of the OTA Email Security Committee. Prior to Agari, he was Technical Director of Anti-Spam Operations at AOL and served on the board of directors for Messaging Anti Abuse Working Group (MAAWG). Mike holds a Bachelor of Science degree in Chemical Engineering from the University of Arizona, and a Master of Science degree in Management of Information Technology from the University of Virginia.

The major cloud vendors have all invested heavily in security technology over the last few years. Security functionality built into base product is increasingly robust, and the cloud vendors have created security specific products to compete in the various security tooling segments; Firewalls, SIEMs, HSM’s, WAF’s, identity solutions, threat detection, etc. Over time many organizations have invested in tools for their on-prem solutions that follow them into the cloud. This talk will take a look at solutions from Amazon, Microsoft and Google, when you might want to go cloud native, and when you might want to stick with your current solution, or go shopping for another.

Brian BourneBrian Bourne – Director and Co-Founder, Black Arts Illuminated Inc.

Brian has a passion for security and has been an active member of the IT security community for over 25 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor as part of Black Arts Illuminated.

Brian was the founder of CMS Consulting Inc. and Infrastructure Guardian Inc. which became part of New Signature. The two organizations (professional services and managed services respectively) provided deep Microsoft expertise working with mid to large enterprise customers. After handing over the reins, he left New Signature.

Brian is currently spending his time angel investing and working with a variety of organizations from start-ups to large enterprise seeking to leverage his diverse experience working with enterprise technology.

I used to think the cloud was a marketing term for someone else’s computer, and that I knew my place in the world, doing what I loved to do. Now imagine realizing that your whole approach to security and computers, was now wrong. That you had been invalidated by the rapid change of information technology, and a strategy for security that despite being successful, was an impending failure. I made a horrible mistake. I took pride in helping people protect their business, but now I will take ownership for mistakes about to be made. I feel like I forgot the technology was there to serve the needs of the customer and started to think the customer needed the technology. It’s backwards, and we need to go back to delivering services that enable the business goals, including reduction of costs, before we end up bankrupting the whole thing under crippling IT costs. And if that means I need to change everything I worked so hard to build, well so be it.

What to Expect: You will be challenged to think differently about technology and be exposed to transformative IT concepts as related to the cloud. This session aims to be disruptive, and arguments are encouraged.

Kellman Meghu

Raised my children with a firewall; shamed a large airline into using SSL for check-in; front line for the security as some of the biggest corporations went online for the first time; 20 years of helping every sector define, deploy, and defend their infrastructure; thinks learning a new programming language is a great way to relax on holiday; dreams in key/value pairs; obsessed with putting everything in containers; loving every minute of it.

2019 Cloud Security Summit Sponsors













Sponsorship opportunities for the 2019 Cloud Security Summit are now available. If you’re interested in becoming a sponsor, please email sponsorship@sector.ca.