(ISC)2 Secure Summit Toronto

Lessons From the Cloud: The Evolution of Cloud Environments

Whether it’s Software as a Service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS), cloud computing has been with us long before the media had a catchy name for it. Join us for this session to learn how cloud security has evolved and what that means to varied environments. You’ll learn practical and actionable advice from the field that you can take back to your organization and begin using immediately, building on the collective experience of our profession.

The Details

Date: Monday October 1, 2018.

Price: $50 for members and $120 for non-members

Registration: To register for the (ISC)2 Secure Summit Toronto at SecTor visit sector.ca/register and add Secure Summit Toronto to your SecTor conference registration.

SecTor 2018: Conference sessions take place on Tuesday October 2 and Wednesday October 3, 2018. The full conference schedule is now available. Visit our Schedule page for more information.

Venue: The (ISC)2 Secure Summit Toronto at SecTor will be held on Level 700 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto. More information on how to get there is available at sector.ca/travel.

Who is the (ISC)²

(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 130,000 certified members strong, we empower professionals who touch every aspect of information security. Go to www.isc2.org to find out more.


10:00 – 10:10 Opening Remarks
10:10 – 10:40 The Way We Work has Changed. Has Your Security?
10:40 – 11:10 Break
11:10 – 12:00 The Lexicon Project, Risk Management, and You
12:00 – 1:00 Lunch on your own
1:00 – 1:40 Security Past the Perimeter: An Immune System for the Cloud
1:40 – 2:30 When Public Cloud Emerged, it was Suitable Exclusively for Born-in-the-Cloud Startups
2:30 – 2:45 Break
2:45 – 3:20 Virtualization is the Future of Security
3:20 – 4:00 Modern Information Security; Forget Cyber, it’s all about AppSec
4:00 – 4:45 Security and Operational Challenges and Considerations in a Multi-Cloud Environment
4:45 – 5:30 Top Ten Risks Impacting Cloud, Digital and Data
5:30 Closing Remarks

*Timing and content subject to change

Speakers, Sessions, Bios

Cyber Criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers’ infrastructure. Learn how detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats. Chris Parker-James, Consulting Systems Engineer, CISCO

This session will be conducted by (ISC)2’s very own Director for Cybersecurity Advocacy. It will cover important new initiatives at (ISC)2 to expand our association’s role in the cybersecurity profession, and provide critical new guidance and support for our membership. In addition to these exciting new programs, the session will also provide a detailed overview of risk management principles outlining why the Lexicon Project is so important. You will learn the underpinnings of our profession, and how elements such as risk, vulnerabilities, ad threat are mathematically related. Join us to get an in-depth look at how your association with (ISC)2 will be paying you even bigger dividends soon, John McCumber, Director of Cybersecurity Advocacy, (ISC)²

In an age of borderless networks, security for the cloud and security for the corporate network can no longer be separated. Security teams are now presented with the challenge of monitoring and controlling access to these cloud environments, as they represent yet another frontier for cyber-attacks. Complete visibility has never been more important—or more difficult. Powered by AI, Darktrace’s Enterprise Immune System technology is the only solution to offer real-time visibility and insight into all parts of a network, regardless of its configuration. By learning a ‘pattern of life’ for all networks, devices, and users, Darktrace can detect threats as they arise and autonomously respond in real time – all without impacting server performance. Dave Masson, Country Manager, Canada, Darktrace

However, as the technology has evolved and organizations have realized the importance of being agile and innovative, it has quickly become the enterprise ‘norm’. Despite this, cloud computing still suffers from confusion. IT leaders are often misinformed or misguided that moving to cloud alone solves challenges around security, performance and agility. Platforms fail, security breaches happen, resilience must be built in both the application and infrastructure design to handle these inevitabilities, regardless of the platform. Learn lessons from some unfortunate failings suffered by other organizations and discover how to leverage the best cloud has to offer by using universal design principles and concepts, without the risk of being ‘cloudwashed’. Bobby Singh – CISO & Head of Infrastructure

Traditional AV vendors see virtualization and cloud architectures as impediments to effective security. At Bitdefender, virtualization has opened the door to a new, more secure world. Today, we leverage virtualization to stop future exploit-based attacks. Tomorrow, we’ll be making virtual servers and workstations even more secure than what is possible today without heavy administrative overhead or poor user performance. Mike Gable, Bitdefender

This discussion will focus on how modern information security has evolved and the new approaches we will need to move into the 21st century. Perimeter security is dead. We need a new paradigm in security with a new diverse workforce that understands application security, the new frontier. Adrien de Beaupre

According to Forrester, a majority of companies (86%) describe their cloud strategy as multicloud. While there may be many good reasons for utilizing multiple cloud platforms, there are also many associated technical and operational challenges, including those in security. We’ll discuss these challenges, and what organizations can do to minimize the impact, and manage security across a hybrid, multi-vendor environment. Mike Cook, Security GRC Specialist (ISC)², Inc.

Most organizations today focus on new and innovative ways in support of client retention and growth strategies. A primary target area is through leveraging emerging technology. This objectives in this session is as follows: 1) It will provide an overview of the digital ecosystem to include the threat landscape and emerging risks facing this technology. 2) It will provide participants with the top ten security risks impacting current organizations. 3) It will strengthen foundational knowledge on this topic, provide focal areas when implementing security controls with a lens on current regulations and industry best practices. Tara Kissoon, CEO, Director, IT Risk & Security Advisory Services