CSA Summit

The fourth Cloud Security Alliance (CSA) Summit will take place Monday, November 13, 2017 at the MTCC in Toronto as part of SecTor’s pre-conference activities.

Set to unravel the issues defining the future of cloud computing in Canada while discussing the changing face of global compliance regulations, the CSA Summit is an invaluable opportunity for cloud security professionals to network with peers and engage with and learn from industry leaders.

Built on a training platform like SecTor, this year’s Summit will feature keynote speakers, panel discussions and sponsored sessions. Lunch and light refreshments are provided and new for 2017, an onsite Networking Reception will follow the event.

Register Today

The Details

Date: Monday November 13, 2017.

Price: $60 ($35 with the purchase of a SecTor 2017 full conference pass).

Registration: To register for the 2017 CSA Summit visit sector.ca/register and add CSA Summit to your SecTor full conference or expo only conference registration.

SecTor 2017: Conference Sessions take place on Tuesday November 14 and Wednesday November 15, 2017. The full conference schedule will be released after the second-round speaker announcement in September.

Venue: SecTor and the CSA Summit will be held on Levels 700 and 800 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto for. More information on how to get there is available at sector.ca/travel.



10:00 – 10:15 Welcome
10:15 – 11:00 Keynote #1: John DiMaria, “Evolution of privacy requirements: a global update”
11:00 – 11:45 Panel #1: “Shared Responsibility – what does it actually mean”
11:45 – 12:15 CSA Update: John Yeoh
12:15 – 13:15 Lunch and networking
13:15 – 14:00 Keynote #2: Rich Mogul, “DevOps and Security – practical guidance on collaboration”
14:00 – 14:30 Sponsor session: Scalar, Rene Heroux, “Automating Cloud Security”
14:30 – 15:00 Sponsor session: Centrify, Wade Tongen
15:00 – 15:15 Afternoon Break
15:15 – 16:00 Panel #2: “Security response in a cloud world – where do I start?”
16:00 – 16:45 Keynote #3: Anil Karmel, “Containers and Microservices”
16:45 – 17:00 Wrap-Up: Bruce Cowper
17:00 – 19:00 Networking Reception

Who is the Cloud Security Alliance?

The Cloud Security Alliance is a global member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. Go to cloudsecurityalliance.org to find out more.


Speakers, Sessions, Bios

The schedule for the CSA Summit along with the detailed agenda is currently being organized.  We will be posting detailed speaker profiles and session abstracts as they become available.

The list of speakers and their session for the 2017 CSA Summit can be seen below. Click here for the library of 2015 and 2016 CSA Summit sessions.

Whether you noticed or not, Privacy is very much back on the agenda globally. From the European General Data Protection Regulation (GDPR), to Qatar’s new personal data privacy law, and everything in between, when doing business globally, privacy is an increasingly important consideration. During this keynote, we will take you through the major changes around the world, delve in to GDPR and how it may impact you, and provide some predictions of upcoming trends. Closer to home, we will discuss the current privacy landscape in Canada and why PIPEDA’s “adequacy” remains the overwhelmingly relevant question, and what the Trump administration has recently changed.

John DiMariaJohn DiMaria – Global Product Champion for Information Security and Business Continuity, BSI Group

John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, is the Global Product Champion for Information Security and Business Continuity for BSI Group, a Cloud Security Alliance (CSA) Research Fellow, AMBCI and Certified Enterprise Resilience Practitioner. He has 30 years of successful experience in Standards and Management System Development, including Information Systems, ISMS, Business Continuity and Quality Assurance. John was one of the key innovators of CSA STAR Security Certification for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook and a working group member and key contributor to the NIST Cybersecurity Framework. He currently serves on international standards and industry committees that influence legislation and drive international harmonization.

John is an author and keynote speaker internationally, and featured in many publications concerning various topics regarding security, quality and business continuity. He is a Business Continuity Institute award winner and BSI Innovation award winner.

Most vendors talk about security in the cloud world as a “shared responsibility”, but what does it actually mean? Cloud providers all ask you to trust them, but how far… In this panel discussion we will look at where the cloud vendor’s security responsibility starts and ends, and how to get the assurances you need.

Mark GaudetMark Gaudet – Product and Business Develpment Manager, CIRA
Mark Gaudet is a product and business development manager at the Canadian Internet Registration Authority (CIRA). In this role, he leads CIRA’s DNS and domain name security product offerings that are complementary to its core .CA registration service. Mark holds a B.Sc. in Engineering Physics from Queens University and a Master of Business Administration from the University of Ottawa. Mark’s extensive experience in DNS management began as one of the founders of a start-up that developed NetID, one of the first enterprise DNS, DHCP and IP address management products. He also sits on the board of directors for the Halifax IXP.


Krishna NarayanaswamyKrishna Narayanaswamy – Co-Founder and Chief Scientist, Netskope
Krishna has over 25 years of experience in the areas of security and data networking and is an expert in deep packet inspection and behavioral anomaly detection technologies. Prior to Netskope, Krishna was a Distinguished Engineer in the Security business unit at Juniper Networks leading the NGFW architecture. Before that, he was a co-founder and system architect at Top Layer Networks where he was instrumental in delivering multiple products in the areas of security and load balancing to the market. He has also held senior engineering roles at FORE Systems and Digital Equipment Corporation. He has been awarded 20 patents covering a broad set of technologies and has a dozen more pending patent applications.


Peter CresswellPeter Cresswell – Trend Micro
Peter Cresswell has been working in IT and Security for over 25 years, joining Trend Micro seven years ago. Peter works with Trend Micro’s largest customers to help design and deliver reliable, secure infrastructure in support of their business goals. The past few years have seen a focus on taking advantage of virtual and abstracted (cloud) environments to achieve security objectives in new and dynamic ways. With Trend this has especially focused on the Canadian built Deep Security solution. Peter holds several security certifications including CISSP, ISSAP, CISA and CISM.

In this session John Yeoh will provide an update on the Cloud Security Alliance and their activities in Canada and across the globe.

John_YeohJohn Yeoh – CSA Global

With over 15 years of experience in research and technology, John provides executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incident response, and business development within multiple industry sectors, including government. His thought leadership has been presented in SC Magazine, USA today, Information Week, and others.

John’s contributions continue with involvement in professional organizations such as CSA, IAPP, ISSA, ISC2, and ISACA. John sits on numerous technology committees in government and industry with the FCC, NIST, ISO, CSA, IEEE, and CIS.

Rich MogullRich Mogull – Analyst & CEO, Securosis

Rich has twenty years experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading, and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica (where he’s happy to speak for free – assuming travel is covered).

Prior to his technology career, Rich also worked as a security director for major events such as football games and concerts. He was a bouncer at the age of 19, weighing about 135 lbs (wet). Rich has worked or volunteered as a paramedic, firefighter, and ski patroller at a major resort (on a snowboard); and spent over a decade with Rocky Mountain Rescue. He currently serves as a responder on a federal disaster medicine and terrorism response team, where he mostly drives a truck and lifts heavy objects. He has a black belt, but does not play golf. Rich can be reached at rmogull (at) securosis (dot) com.

Join Rene Heroux, Chief Technology Officer – Cloud at Scalar Decisions, for a keynote discussing the importance of automating your cloud security architecture. As organizations migrate or deploy greenfield applications to public and private cloud environments, the need to properly secure these applications becomes more paramount than ever.

Rene HerouxRene Heroux – CTO, Scalar Decisions

As the Chief Technology Officer, Cloud at Scalar Decisions, Rene focuses on building Scalar’s Cloud practice to be the best in the industry. With 15+ years experience, he leads a team of highly skilled and respected Cloud SAs and DevOps Engineers at Scalar, all working to make sure Scalar’s customers are choosing the correct technologies and products in the Cloud space that will help them achieve their business goals and differentiate them in their prospective markets.

Wade TongenWade Tongen – Regional Vice President, Systems Engineering, Centrify

The last thing you need in a crisis is uncertainty. However, when it comes to the cloud, how do you differentiate between an outage and a DDoS attack? When the brown smelly stuff hits the whirly thing, who do you call, and when? In this panel discussion, our experts will be providing tips and tricks on gaining insights in to the status of your cloud services, response best practices and planning techniques.

Jonathan TrullJonathan Trull – Global Chief Security Advisor, Microsoft

As Global Chief Security Advisor for the Microsoft Enterprise Cybersecurity Group, Jonathan leads Microsoft’s team of worldwide Chief Security Advisors to provide thought leadership, strategic direction on the development of Microsoft security products and services, and deep customer and partner engagement around the globe.


Jonathon PolingJonathon Poling – Principal Consultant, Incident Response & Forensics, SecureWorks

Jonathon Poling has over a decade of experience in Network Security Monitoring, Digital Forensics, and Incident Response. Serving in a variety of roles within the government, contractor, and private sectors, he has built and honed his DFIR expertise in all the major operating systems, most recently focusing on AWS. He is most at home on the *nix command line, performing the large majority of DFIR using solely FOSS tools.

Anil KarmelAnil Karmel – Founder and CEO at C2 Labs, Inc.

Anil Karmel is the Founder and CEO of C2 Labs, Inc. C2 Labs designs solutions addressing key cyber security, policy, operational and architectural concerns, allowing IT to Take Back Control through our innovative product and services. Formerly, Anil served as the National Nuclear Security Administration (NNSA) Deputy Chief Technology Officer and RightPath Chief Architect. RightPath is a lean and agile methodology employed via a partnership between the Department of Energy (DOE) Office of the Chief Information Officer and NNSA, delivering IT transformation to DOE by focusing on the key areas of people, process and technology.

2017 CSA Summit Sponsors











Sponsorship opportunities for the 2017 CSA Summit are now available. If you’re interested in becoming a sponsor, please email sponsorship@sector.ca.