CSA Summit at SecTor

The fifth annual Cloud Security Alliance (CSA) Summit at SecTor will take place on Monday, October 1, 2018 at the MTCC in Toronto as part of our pre-conference activities.

The CSA Summit at SecTor is Canada’s preeminent cloud security event. It is an invaluable opportunity for information security professionals to engage with industry leaders to discuss, debate and define the future of cloud security.

Built on a training platform like SecTor, the 2018 Summit will feature keynote speakers, panel discussions and sponsored sessions. Continental breakfast, lunch and light refreshments will be provided along with an onsite Networking Reception following the event.

The Details

Date: Monday October 1, 2018.

Price: $50

Registration: To register for the 2018 CSA Summit at SecTor visit sector.ca/register and add CSA Summit to your SecTor conference registration.

SecTor 2018: Conference Sessions take place on Tuesday October 2 and Wednesday October 3, 2018. The full conference schedule will be released after the second-round speaker announcement in August.

Venue: The CSA Summit at SecTor will be held on Level 700 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto. More information on how to get there is available at sector.ca/travel.




09:00 – 10:00 Doors open. Continental breakfast and networking
10:00 – 10:15 Welcome
10:15 – 11:00 Keynote #1: David Senf, “Rethinking Your Security Operations in a Cloud Reality”
11:00 – 11:45 Panel #1: “From Federation to CASB; Choosing the Right Identity Solution”
11:45 – 12:15 CSA Global Update: J.R. Santos
12:15 – 13:00 Lunch and networking
13:00 – 13:45 Keynote #2: Bob Gourley, “The Cyber Threat: What it Means for your Cloud Transition”
13:45 – 14:05 Sponsor Session: Bell, “Securing Digital Transformation – Protecting Your Business Online”
14:05 – 14:25 Sponsor Session: Scalar, “Securing Public Cloud: Prioritizing Your Security Strategy”
14:25 – 14:55 Afternoon Break
14:55 – 15:40 Panel #2: “DevOPs Dos and Don’ts; Tips from the Trenches”
15:40 – 16:25 Keynote #3: Mike Rothman, “Cloud Security Trends for 2019”
16:25 – 16:30 Closing Remarks
16:30 – 19:00 Networking Reception

*Timing and content subject to change

Who is the Cloud Security Alliance?

The Cloud Security Alliance is a global member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. Go to cloudsecurityalliance.org to find out more.


Speakers, Sessions, Bios

Below is the schedule for the CSA Summit at SecTor 2018. Expand each one to read more about each speaker and session. You can also watch the full library of 2015, 2016 and 2017 CSA Summit at SecTor sessions here.

Cloud is fundamentally reshaping the roles of security professionals, security budget allocation, security risk planning and security technology purchases. But how do you know if the changes you are making are the right ones, and what impact they will have on your cybersecurity posture? David Senf, founder of Cyverity, leverages in-depth research and analysis, plus guidance from the five functions of the NIST Cybersecurity Framework and four security maturity levels, to help organizations measure the success (or not) of change. In this interactive session, he will share key findings from his work and arm you with benchmarks you can use to evaluate your environment.

David SenfDavid Senf – Founder, Cyverity

David Senf is an IT research and advisory thought leader and executive with a particular focus on cybersecurity. He has spent close to two decades analyzing and delivering vendor, provider, channel and end-user success. He examines security within the larger context of technology adoption from containers to cloud and from DevOps to devices. He founded Cyverity to promote cybersecurity risk awareness, solutions selection, and operations benchmarks and best practices.

Previously he was a VP at IDC where he worked with and presented to countless organizations – and much of the IT vendor community. He enjoys hundreds of press appearances in a variety of publications, including The Globe and Mail, CBC, The Star, Wall Street Journal, and Wired.


Identity is at the core of any secure infrastructure, especially in the cloud world. The challenge is that there is a plethora of solutions out there and it’s not always obvious how to choose the right one. In this session, our panel of experts will bust myths around cloud identity and provide recommendations on how to evaluate and choose the right solutions.

Krystal WangKrystal Wang – Senior Security Solution Manager , OKTA

As a Senior Security Solutions Manager at Okta, Krystal works closely with customers and product teams to deliver security-focused identity solutions. Prior to Okta, Krystal worked in product and evangelist roles at leading cybersecurity firms in areas of threat prevention, email and web security, and network security. Krystal has over a decade of experience in the security space and holds a bachelors in Information Science.



Peter SchefflerPeter Scheffler – Cyber Security Solutions Architect, F5

Peter has over 25 years of experience in the software industry with nearly another 10 years before that as an amateur programmer. Peter has spent the last 15 years in the world of web application development and application security. As an independent consultant, Peter spent time developing solutions for securing network and application access for Fortune 1000 and security conscious government organizations. Peter currently works with F5 Networks as a Cyber Security Solutions Architect where he focuses on security opportunities across North America, specializing in DDoS, SSL Intercept/Visibility and Web Application Firewall cases.

In this session Luciano (J.R) Santos will provide an update on the Cloud Security Alliance and their activities in Canada and across the globe.

Luciano (J.R) SantosLuciano (J.R.) Santos – Executive Vice President of Research, Cloud Security Alliance 

J.R. Santos is the Executive Vice President of Research for the Cloud Security Alliance. He oversees the Cloud Security Alliance’s research portfolio that covers a diverse range of cloud security topics such as IoT, quantum security, big data, artificial intelligence and application containers and micro-services. He is responsible for the execution of the research strategy worldwide. In addition, he advises over 30+ working groups that develop industry-leading security practices, education and tools. J.R. has over 19 years of experience working in information security in a variety of industry sectors including finance, healthcare, aerospace, retail, and technology. J.R. is an active professional in the security industry and has served on various boards and committees throughout his career. J.R. holds various professional certifications and a bachelor’s degree from the University of Washington.

Session information will be posted shortly.

Bob GourleyBob Gourley – publisher of CTOvision.com and author of The Cyber Threat

Bob Gourley is the founder and Chief Technology Officer (CTO) of Crucial Point LLC, a technology research and advisory firm. He is the publisher of CTOvision.com and ThreatBrief.com and is the author of The Cyber Threat.

At Crucial Point, Bob provides CTO Services and Due Diligence Consulting.

Bob’s first career was as a naval intelligence officer, which included operational tours in Europe and Asia. Bob was the first Director of Intelligence (J2) at DoD’s cyber defense organization JTF-CND where he pioneered concepts of cyber threat intelligence. Following retirement from the Navy Bob was an executive with TRW and Northrop Grumman, and then returned to government service as the Chief Technology Officer (CTO) of the Defense Intelligence Agency (DIA).
Bob was named one of the top 25 most influential CTOs in the globe by Infoworld. He was selected for AFCEAs award for meritorious service to the intelligence community, and was named by Washingtonian as one of DC’s “Tech Titans.” The blog he founded and publishes, CTOvision, is now ranked among the top 50 federal technology blogs.

Bell will share its security experience in its journey through digital transformation. With our experience in operating the largest network in Canada and protecting organizations of all sizes, we see organizations are facing similar challenges such as fast moving markets, cloud adoption, increasingly reliance on on-line model and increasing value of digital assets. Based on our experience we will present an approach to help your organization embrace digital transformation in an ever-evolving threat landscape.

Vivek KhindriaVivek Khindria – Director, Information Security, Bell

Vivek is the Director of Information Security for Bell responsible for company-wide Information Security Strategy. Prior to his role in Telecommunications Vivek spent more than 15 years in pivotal roles to provide technology leadership and security in several of Canada’s largest financial institutions. Vivek is an active member of the global information security organization called Information Security Forum and the Secretary and active founding member of the Canadian Cyber Threat Exchange. Vivek has a B.Sc. in Physics and is certified to both CISM and CISSP.

Matt BrodaMatt Broda – Technical Fellow – Security, Bell

Matt Broda is a Technical Fellow in Security at Bell. Matt is responsible for Bell’s strategic security direction focused on business markets. Matt has devoted the last 19 years of his career to making cyberspace a safer place. In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection. Before joining Bell, Matt held leadership positions focused on security with Nortel’s Chief Technology Office, Microsoft’s Trustworthy Computing and as an entrepreneur and advisor. Matt holds an MBA from Ottawa.

Enterprises continue to struggle with where to start when it comes to public cloud security. Come hear from Rene Heroux, Chief Technology Officer – Cloud at Scalar Decisions, on the key areas to prioritize to ensure your adoption of public cloud is secure

Rene HerouxRene Heroux – Chief Technology Officer – Cloud, Scalar Decisions

As the Chief Technology Officer, Cloud at Scalar Decisions, Rene focuses on building Scalar’s Cloud practice to be the best in the industry. With 15+ years experience, he leads a team of highly skilled and respected Cloud SAs and DevOps Engineers at Scalar, all working to make sure Scalar’s customers are choosing the correct technologies and products in the Cloud space that will help them achieve their business goals and differentiate them in their prospective markets.

Have you heard the one about the developer who built granular permissions to a critical app, only to have the Ops person grant admin access to everyone? Or the Dev that chose to use an open source module with known vulns that undermined the network security because it was easier…

Collaboration and communication between software developers and other IT professionals is critical to securing systems. In this session, our panel of experts will share tips and tricks to help you implement and run a successful DevOps program.

Peter Cresswell – Senior Systems Engineer, Trend Micro

Peter Cresswell, CISSP, ISSAP, CISA, CISM – Trend Micro consultant, architect and sales engineer – has over 25 years of diverse IT experience covering many complex implementations of security solutions for small, medium and large enterprise customers across Canada. From building a security practice within a Citrix consultancy to exploring virtualization solutions with one of Canada’s large telecommunications providers, Peter has an extensive background designing and applying security controls to virtual environments. With Trend Micro, Peter uses this expertise to solve our customer’s evolving security and compliance issues in the virtual datacenter.

John Delaroderie – Security Solutions Architect (SME) | Web Application Scanning OSCP GWAPT GPEN CISSP, Qualys

John Delaroderie is a Web Application SME and Security Solutions Architect for Qualys. He is a United States Naval Academy graduate and has a Master’s Degree in Computer Science from the Naval Postgraduate School with a focus in cyber security and artificial intelligence. He has worked in both the defense and financial industries before joining Qualys in early 2018. John currently resides in Tampa, Florida, with his wife and 3 children.


Adam Bell – Principle Software Engineer, Tenable, Inc.

Adam Bell has spent 14+ years in the trenches as a software developer solving hard problems in short timeframes, with extensive experience and knowledge around DevOps best practices.

As Principle Software Engineer at Tenable, Bell is blazing a trail by incorporating security best practices into a Continuous-Deployment/DevOps/Containerized World. He is a member of the CSA’s Application Containers & Micro-Services Working Group and hosts a podcast on best practices in software development (http://corecursive.com).

Bell lives in Peterborough, Ontario with his wife and cats.

The evolution and adoption of the cloud continues to astound even the most aggressive of prognosticators. The challenge is not just in figuring out how to migrate to the cloud securely but also to keep track of the continuous innovations on the part of the cloud providers and security companies catering to the cloud that force you to revisit architecture and design decisions seemingly daily. In this session Securosis analyst Mike Rothman will break out the crystal ball and give you a sense of the key areas of innovation in 2019, what to do right now to be ready, and also how to avoid the inevitable pitfalls of leveraging fast moving cloud technologies.

Mike Rothman – President, Securosis

Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.

2018 CSA Summit Sponsors












Sponsorship opportunities for the 2018 CSA Summit are now available. If you’re interested in becoming a sponsor, please email sponsorship@sector.ca.