2021 Sessions | SecTor 2022

2021 SESSIONS At A Glance

SecTor Management and the Advisory Committee look forward to once again bringing the world’s best speakers in the field of IT Security to Toronto.

Some of your feedback requested a simple list of sessions where you could scan what’s happening at a glance, like the format in years past. Below you will find just that.

Please visit the schedule page for a complete breakdown of when each session will occur, along with a more comprehensive filtering feature.

Legend:

Full Conference Pass

Expo Conference Pass

Keynote

Planning for Sunny Days - James Arlen

The Future of Cryptography - Dr. Whitfield Diffie

Tech

10th Anniversary FAILtacular! - James Arlen

A Diamond is an Analyst’s Best Friend: The Diamond Model for Influence Operations Analysis - Charity Wright

A Hermit Out of Its Shell - Christoph Hebeisen, Paul Shunk

Adventures in the Underland: Uncommon Hacker’s Persistency Methods and Countermeasures - Paula Januszkiewicz

Anti-Abuse Operations and the Abuse Bestiary - Allan Stojanovic

Defrauding Merchants like it’s Y2K - Craig Barretto, Yuk Fai Chan

Food Production is Critical Infrastructure - Seth Hardy

GitHub Actions: Vulnerabilities, Attacks, and Counter-measures - Magno Logan

New Memory Forensics Techniques to Defeat Device Monitoring Malware - Andrew Case

New Minimum Cybersecurity Requirements for Cyber Insurance - Danny Pehar

Purple RDP: Red and Blue Tradecraft Around Remote Desktop Protocol - Olivier Bilodeau

The COW (Container On Windows) Who Escaped the Silo - Eran Segal

The Development of a Completely Unsupervised Machine Learning Pipeline for Security Analytics – from Ingestion to Analytics - Jeff Schwartzentruber

The Evolution of Ransomware - Fernando Montenegro

Tokenizing the Dark Web: Applying NLP in the Context of Cyber Threat Intelligence - Olivier Michaud, Francois Masson

Under the Hood of Wslink’s Multilayered Virtual Machine - Vladislav Hrčka

Understanding, Abusing and Monitoring AWS AppStream 2.0 - Rodrigo Montoro

What is Linux Kernel Keystore and Why You Should Use It in Your Next Application - Ignat Korchagin

Zhadnost – Finding and Tracking a GRU-controlled Botnet - Ryan Slaney

Management

“What do you Mean Moose Meat?” Advancing Resilience Through Preparing for the Unexpected. - Kevin Sandschafer

A Transformation Blueprint for Developer-First Security - Larry Maccherone

FAIR STRIDE – Building Business Relevant Threat Models for AppSec - Arthur Loris

Innovation and Evolution – How Medical Device and IoT Profiles Have Evolved – But So is Your Attack Surface - Mohammad Waqas

OPSEC is Not a Buzzword - Tim Dafoe

The Vastaamo Data Breach - Antti Kurittu

Vulnerability Management: Try Fixing Less to Reduce More Risk - Mitch Dollin

SECurity FUNdamentals

Advanced Bot Landscape - Yohann Sillam

AI in a Minefield: Learning from Poisoned Data - Johnathan Azaria

Azure AD and Microsoft 365 Security Fundamentals - Peter Carson

Build More Secure Apps by Harnessing the Power of OWASP SKF & ASVS on Kubernetes - Farshad Abasi-Jahromi, Kurt Hundeck

De-Escalate the Overly-Permissive Cloud IAMs - Jay Chen

Evasive Manoeuvres: Analysing the Past to Predict the Future of Malware Evasion Techniques - Stefano Zanero

Security Architecture Review for Cloud-based Applications – Where to Start and How to Shift Left? - Bernardo Wernesback

Trust or Dare: Supply Chain Risks in Aviation - Manon Gaudet

Sponsor Track

A Data Product Approach to Reducing Security Debt - Carson Pickens

BlackBerry XDR: Even the Odds - Anthony Toric

Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories - Dustin Childs

Correctly Configure All the Clouds - Steve Riley

Cybersecurity Insurance: Where to Start & How to Qualify - Christopher Hills

Decision Making in Uncertain Times: Key teachings from Executive Exchanges - Rafi Wanounou

Defending Ukraine: Early Lessons from the Cyber War - John Hewie

Effective Response in the Face of Zero Day Threats and Vulnerabilities - Karl Klaessig

From the Field – Stories of Successfully Detecting Cyber Attacks - Stephan Jou, Paul Reid

How 2FA is Circumvented - Ahmad Alsabagh

How AI Can Think Like an Attacker - David Masson

How Safe is Your Cloud? Deciphering Cloud Threats and Security Models - James Spiteri

Impact of the Russia – Ukraine Conflict on Your Cybersecurity - David Poellhuber

Indicators Everywhere! How SOCs Can Maintain Efficiency Against Any Attack - Andrew Mundell

Into the Abyss: Cybersecurity Tool Selection, Rationalization, and Decommissioning - Jeff Schmidt

Is Your Defensive Stack Ready for a Targeted Attack? - Stephen Tutterow

Leave No Stone Unturned: The Elements of Security Visibility - Christopher Fielder

Master of Audits – Vulnerability and Risk Management in 2022 - Nathan Harrison

Mobile Security – The Hackers Next Frontier - Robert Falzon

Navigating Enterprise Security in a Post-Compromise Reality - Kanen Clement

Neither Pointless nor Boring: Pop it and Lock it Down with CIS Controls - Matt Jerzewski

Preparing SRM Leaders to Communicate the Relationship Between the Cyber Risks and Physical and Human Systems - David Ortega

Protecting Your Critical Data and Enhancing Cyber Recovery - Jessica Hetrick

Ransomware IR Playbook to Remember & an Art of Building Resilience - Raheel Qureshi

Report: Protecting Customer Identity and Access Management (CIAM) Services Against Online Threats - Matt Duench

Researching Risk: The Qualys Approach to Identifying and Reducing Risk - Travis Smith

Scaling Security Operations: The Answer To The Challenge of Threat Inflation - Augusto Barros

Securing Your Operational Technologies - Gaétan Houle

Seize the Breach: Protect Your Organization With Behavior-based Security Intelligence - Steven Flowers

Smarter XDR Demands Email Security - Neil Clauson, Andrew Williams

Software Supply Chain Security: Knowing What You Don’t Know - Mallory Woods

State of Cloud Security in Canada: How Does Your Organization Measure Up? - Dave Senf

The (Hard) Key to Stop Phishing: How Cloudflare Stopped a Targeted Attack and You Can Too - John Engates

The Agent of Influence - Charity Wright

The Compelling Case for Zero Trust: Bridge the Gap Between Cybersecurity and Business - Ram Vaidyanathan

The Unsung Hero of Cybersecurity: Taking Your Vulnerability Management Program (VMP) from Good to Great - Kim Schreader

ThreatConnect & The Decisive Group Q&A - Lara Meadows, Devin Somppi

Time to Re-evaluate Your Security Layers - Elie Nasrallah

Top 10 Cyber Security Actions for Canada - Victor De Luca

Two Years of Accelerated Cybersecurity and the Demands Being Placed on Cyber Defenders - Tony Anscombe

What Log4Shell Taught Us About the Software Supply Chain, that Other Vulns Didn’t - Jobert Abma

Why Do We Accept Gaps in Our Data Protection Practices? - Terry Ray

Will Your Backups Help You Recover from Ransomware? - Nyron Samaroo

Career

Career Panel and Career Fair 2022 - Max Cizauskas, Roy Firestein, Andrea Stapley, Tom Tran, Afeerah Waqar

Tools

Deep Dive into SBOMs and Microsoft’s SBOM Tool - Adrian Diglio

DIY Tooling for Incident Responders - Peter Morin

Extend Falco with Plugins, Detect and React to Security Incidents from Any Stream of Events - Michele Zuccala

Java Crypto: Don’t Just Get it Working, Use it Securely - Mansi Sheth

Leverage AI in Threat Management - Ida Siahaan

The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico - Tyler Reguly

The State of Packet Capture in a Hybrid Infrastructure: The More You Know - Chris Boucek