Speakers, Sessions, Bios

Dave Millier

Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 25 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave sold Uzado in 2019. Dave is currently the CSO of Quick Intelligence (https://www.quickintel.com), a boutique VAR and cybersecurity consulting company.

Bruce Cowper

A self-proclaimed IT security and privacy geek, Bruce is the co-founder of SecTor. He is also a founding member of the Toronto Area Security Klatch (TASK), and an active member of numerous other security and privacy related organizations across North America.

Bruce co-founded SecTor because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters where today he manages Microsoft’s security policies and standards program.

Aside from his passion for IT, Bruce is an avid traveler, scuba diver and award-winning craft-brewer.

Lessons learned supporting customers in the cloud – common pitfalls and risks moving from traditional architecture to software defined networks and services. Things you should avoid or at least consider, when moving to the cloud.

Kellman Meghu

Raised my children with a firewall ; shamed a large airline into using SSL for check-in ; front line for the security as some of the biggest corporations went online for the first time ; 20 years of helping every sector define, deploy, and defend their infrastructure ; Thinks learning a new programming language is a great way to relax on holiday ; Dreams in key/value pairs ; Obsessed with putting everything in containers ; Loving every minute of it.

Dave Millier

Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 25 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave sold Uzado in 2019. Dave is currently the CSO of Quick Intelligence (https://www.quickintel.com), a boutique VAR and cybersecurity consulting company.

Due to the fundamental difference between the cloud-native and on-premises IT infrastructure, existing ransomware will not be effective in cloud environments. The predominantly Windows-based ransomware will not work well in predominantly Linux-based cloud workloads. The file I/O operations that traditional ransomware relies on won’t be efficient in API-based cloud workloads. Ransomware actors will need new TTPs to achieve successful disruption and extortion.

What are the weaknesses that attackers are likely to exploit? What types of cloud resources are more susceptible to ransomware attacks? How may ransomware disrupt cloud workloads? This research aims to identify the possible TTPs using the knowledge of known ransomware and cloud security incidents. This talk will demonstrate various POC attacks that abuse a handful of APIs to quickly render a large amount of cloud-hosted data inaccessible.

Finally, we will show how well-architected infrastructure and certain cloud-native guardrails can effectively make cloud workloads much more resilient to ransomware attacks. The audience should leave with knowledge of ransomware’s risks, threats, and defense strategies in the clouds.”

Jay Chen

Jay Chen is a security researcher with Palo Alto Networks. He has extensive research experience in cloud-native, public clouds, and edge computing. His current research focuses on investigating the vulnerabilities, design flaws, and adversary tactics in cloud-native technologies. In the past, he also researched Blockchain and mobile cloud security. Jay has authored 20+ academic and industrial papers.

Laura Payne

Laura has built a career spanning nearly 20 years at one of Canada’s largest financial institutions, including over a decade working in information security. Her experience covers a variety of domains, including information security governance and risk, security operations and engineering, and security leadership. Laura is passionate about bringing people together to solve problems in today’s increasingly complex technical landscape. Outside of work, Laura is actively engaged in mentoring professionals seeking to join the Information Security field, while also volunteering on the advisory board of SecTor, Canada’s largest security conference. In addition, Laura chairs the program advisory committee for Seneca College’s School of Information Technology Administration & Security. Laura holds an Honours Bachelor of Applied Science in Systems Design Engineering from the University of Waterloo.

The delivery and consumption of cloud-based services in its many forms is here to stay. Security teams are now tasked with helping secure an environment and delivery model that is in some cases similar but, in others, radically different than before. Much has changed since the early days of trying to secure cloud, and innovations in how to do so come from different directions. This session explores some of the key trends and challenges in securing cloud, ranging from handling multi-cloud to the importance of cloud permissions management.

Fernando Montenegro 

Fernando is a Senior Principal Analyst on Omdia’s cybersecurity research team, based in Toronto, Canada. He focuses on the Infrastructure Security Intelligence Service, which provides vendors, service providers, and enterprise clients with insights and data on network security, content security, and more.

Fernando’s experience in enterprise security environments includes network security, security architecture, cloud security, endpoint security, content security, and antifraud. He has a deep interest in the economic aspects of cybersecurity and is a regular speaker at industry events.

Before joining Omdia in 2021, Fernando was an industry analyst with 451 Research. He previously held a variety of operations, consulting, and sales engineering roles over his 25+ years in cybersecurity, always focusing on enterprise security at organizations including vArmour, RSA, Crossbeam, Hewlett Packard, and Nutec/Terra. Fernando holds a Bachelor of Science in computer science and different industry