Cloud Security Summit

The sixth annual Cloud Security Summit at SecTor will take place on Tuesday, October 8, 2019 at the Metro Toronto Convention Center (MTCC) in downtown Toronto.

The Cloud Security Summit is Canada’s leading cloud security event and is an invaluable opportunity for security professionals to engage with leaders and discuss the future of cloud security.

This year’s Summit will feature keynote speakers and panel discussions. Continental breakfast, lunch and light refreshments will be provided along with an onsite Networking Reception following the event.

The Details

Date: Tuesday October 8, 2019.

Price: $50

Registration: To register for the 2019 Cloud Security Summit at SecTor visit and add it to your SecTor conference registration.

SecTor 2019: Conference sessions take place on Wednesday October 9 and Thursday October 10, 2019. The full conference schedule will be available on our Schedule page after our round-two speakers are announced.

Venue: The Cloud Security Summit at SecTor will be held on Level 700 in the South Building of the MTCC. More information on how to get there is available at




09:00 – 10:00 Doors open. Continental breakfast and networking
10:00 – 10:15 Welcome
10:15 – 11:00 Keynote #1: Charlie Kaufman, ‘Real World Security Issues Operating a Public Cloud Service’
11:00 – 11:45 Panel #1: Mythbusting Security AI: What You Really Need to Know
11:45 – 12:15 Community Update
12:15 – 13:00 Lunch and networking
13:00 – 13:45 Keynote #2: Rich Mogull, ‘Lift and Shift, Don’t Lift and Pray: Cloud Migration Strategies’
13:45 – 14:30 Panel #2: Incident Response in the Cloud
14:30 – 14:55 Afternoon Break
14:55 – 15:40 Keynote #3: Brian Bourne, ‘Cloud Native vs. Run What Ya Brung’
15:40 – 16:25 Keynote #4: Kellman Meghu, ‘What Did You Do So Wrong, You Thought You Needed a Firewall in the Cloud?’
16:25 – 16:30 Closing Remarks
16:30 – 19:00 Networking Reception

*Timing and content subject to change

Speakers, Sessions, Bios

Below is the lineup for the Cloud Security Summit at SecTor 2019. Expand each one to read more about each speaker and their session. You can also watch the full library of 2015, 2016, 2017 and 2018 CSA Summit at SecTor sessions here.

While most of the world focuses on how to secure their application when migrating it to the cloud, public cloud providers face their own challenges in maintaining a secure cloud. This talk describes the variety of security problems that security experts consider when designing a public cloud. It also includes a case study of actual problems found after deploying a public cloud, and these were very different.

Charlie KaufmanCharlie Kaufman – Security Architect, Dell/EMC

Charlie Kaufman, security architect for the Next Generation Midrange Storage Business Unit at Dell/EMC, works on securing the current and future generations of midrange storage arrays. He has been involved with computer networking and security issues for over 25 years and holds over 50 patents in those fields. At Microsoft, he was the security architect for Windows Azure – Microsoft’s Public Cloud offering – where he was involved with all aspects of cloud security from design through responding to ongoing attacks. At Lotus, he was chief security architect for Lotus Notes and Domino and later the entire Lotus product suite. At Digital, he was the Security Architect for their networking group and later for Digital’s UNIX offering.

He has contributed to several IETF standards efforts including IPsec, S/MIME, and DNSsec and served as a member of the Internet Architecture Board. He is co-author of the popular textbook “Network Security: Private Communication in a Public World” and served on the National Academy of Sciences expert panel that wrote the book “Trust in Cyberspace”.

Does AI really make everything better? In security terms, the ability to spot anomalies in vast amounts of log data or look for patterns of behavior in systems can be extremely useful. However, AI isn’t necessarily the solution to all security challenges. In this panel session, our experts will outline both the real world uses for AI, and separate fact from fiction.

David MassonDavid Masson – Director of Enterprise Security, Darktrace

David Masson is Darktrace’s Director of Enterprise Security and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. Dave is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major media outlets in Canada where he is based, including CBC and The Globe and Mail. He holds a master’s degree from Edinburgh University.

Stewart CathrayStewart Cawthray, CISSP, CISM, CRISC, CEH – Associate Partner – North American Security Services, IBM

An experienced security professional, having supported security operations, threat hunting and security architecture for enterprise customers for over 15 years. Stewart currently leads IBM’s security service practice for financial services customers in Canada. Stewart assists financial services customers to securely modernize applications, move operations to the cloud and introduce efficiencies to their security program through AI and Machine Learning capabilities.

Sure, there are plenty of sessions out there on the latest and greatest cloud native architectures, but the practical reality is most organizations first start their cloud journey by migrating… really old stuff. This pragmatic session focuses on the often-painful reality of lifting and shifting existing workloads to the cloud. Based on nearly a decade of hands-on experience we’ll cover the recommended architecture and technologies to reduce the pain and increase your odds of success.

Rich MogullRich Mogull
Rich has twenty years of experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having started working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he’s happy to speak for free — assuming travel is covered).

Cloud services add new dimensions that can have a huge impact on planning for and executing on incident response. For example, do you know where the service logs files are located, and what is in them? Did you subscribe to the correct options for storage, or are your SIEMs successfully collating activity across all your services? Our experts in this panel will use their experience to walk you through the do’s, don’ts, and gotchas often associated with successfully (or unsuccessfully) handling incidents in a cloud world.

Daryl NovakDaryl Novak – Director of Information Security, New Signature
Daryl is currently Director of Information Security for New Signature, where he is building a better managed security service provider. Prior to that, he spent nearly a decade in the mining industry, working on everything from secure messaging systems to cryptotech, often in unusual places. Daryl graduated from Herzing University in 2003 with a diploma in Network Systems Technology and has been seeking out new and interesting applications of cryptography for good and for evil ever since.


Graham Thompson – Principal Security Architect
Graham Thompson is a Principal Security Architect with over 25 years of Information Technology experience assessing, recommending, designing and implementing secure system and network solutions. Since 2010, Graham has been exclusively focused on cloud security. He is an authorized CCSK and CCSP trainer, is a contributing author of the CCSP CBK and is the author of the upcoming CCSK All-in-One Exam Guide by McGraw-Hill. In addition to education and training, Graham continues to work with large enterprises and government agencies on secure cloud services, ranging from governance, assessment through to implementation. Graham holds his CISSP, CCSK, CCSP and an embarrassingly long list of designation letters that may or not be retired by now.

Mike JonesMike Jones – Director of Product Management, Agari

Mike Jones is the Director of Product Management for Agari, where he is responsible for the strategy, roadmap and feature definition of the Agari platform. Mike has represented Agari in the working group and as a Co-Chair of the OTA Email Security Committee. Prior to Agari, he was Technical Director of Anti-Spam Operations at AOL and served on the board of directors for Messaging Anti Abuse Working Group (MAAWG). Mike holds a Bachelor of Science degree in Chemical Engineering from the University of Arizona, and a Master of Science degree in Management of Information Technology from the University of Virginia.

The major cloud vendors have all invested heavily in security technology over the last few years. Security functionality built into base product is increasingly robust, and the cloud vendors have created security specific products to compete in the various security tooling segments; Firewalls, SIEMs, HSM’s, WAF’s, identity solutions, threat detection, etc. Over time many organizations have invested in tools for their on-prem solutions that follow them into the cloud. This talk will take a look at solutions from Amazon, Microsoft and Google, when you might want to go cloud native, and when you might want to stick with your current solution, or go shopping for another.

Brian BourneBrian Bourne – Director and Co-Founder, Black Arts Illuminated Inc.

Brian has a passion for security and has been an active member of the IT security community for over 25 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor as part of Black Arts Illuminated.

Brian was the founder of CMS Consulting Inc. and Infrastructure Guardian Inc. which became part of New Signature. The two organizations (professional services and managed services respectively) provided deep Microsoft expertise working with mid to large enterprise customers. After handing over the reins, he left New Signature.

Brian is currently spending his time angel investing and working with a variety of organizations from start-ups to large enterprise seeking to leverage his diverse experience working with enterprise technology.

I used to think the cloud was a marketing term for someone else’s computer, and that I knew my place in the world, doing what I loved to do. Now imagine realizing that your whole approach to security and computers, was now wrong. That you had been invalidated by the rapid change of information technology, and a strategy for security that despite being successful, was an impending failure. I made a horrible mistake. I took pride in helping people protect their business, but now I will take ownership for mistakes about to be made. I feel like I forgot the technology was there to serve the needs of the customer and started to think the customer needed the technology. It’s backwards, and we need to go back to delivering services that enable the business goals, including reduction of costs, before we end up bankrupting the whole thing under crippling IT costs. And if that means I need to change everything I worked so hard to build, well so be it.

What to Expect: You will be challenged to think differently about technology and be exposed to transformative IT concepts as related to the cloud. This session aims to be disruptive, and arguments are encouraged.

Kellman Meghu

Raised my children with a firewall; shamed a large airline into using SSL for check-in; front line for the security as some of the biggest corporations went online for the first time; 20 years of helping every sector define, deploy, and defend their infrastructure; thinks learning a new programming language is a great way to relax on holiday; dreams in key/value pairs; obsessed with putting everything in containers; loving every minute of it.

2019 Cloud Security Summit Sponsors












Sponsorship opportunities for the 2019 Cloud Security Summit are now available. If you’re interested in becoming a sponsor, please email