(ISC)2 Toronto Security Nexus

Focused on Defining Cybersecurity, join us at (ISC)² Toronto Security Nexus to equip you, our security leaders, with the knowledge and tools necessary to tackle today’s threats, protect your organizations, and advance your career.

(ISC)2 TORONTO SECURITY NEXUS will feature these four topics:

  • Defining the Profession
  • Defining Threats
  • Defining New Technologies
  • Defining Industrial Control Systems and IoT

Why You Should Attend
Here’s your chance to take advantage of educational sessions, keynotes and networking with cybersecurity leaders in government, industry and academia. These tactical, focused learning opportunities will complement your broad understanding of cybersecurity strategies and principles, enabling you to become a more well-rounded, focused and effective practitioner. Learn from the most experienced in our profession while strengthening your organization’s security posture.

The Details

Date: Monday October 7, 2019.

Price: $60 for members and $120 for non-members

Registration: To register for the (ISC)2 Toronto Security Nexus at SecTor visit sector.ca/register and add (ISC)2 Toronto Security Nexus to your SecTor conference registration.

SecTor 2019: Conference sessions take place on Wednesday October 9 and Thursday October 10, 2019. The full conference schedule is now available on our Schedule page.

Venue: The (ISC)2 Toronto Security Nexus at SecTor will be held on Level 700 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto. More information on how to get there is available at sector.ca/travel.

Who is the (ISC)²

(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 130,000 certified members strong, we empower professionals who touch every aspect of information security. Go to www.isc2.org to find out more.


10:00 – 10:10 Opening Remarks
10:10 – 10:40 Session #1: Adventures in Cyber Course Creation
10:40 – 11:00 Break
1100 – 11:30 Session #2: Cybercrime – Trends & Investigations
11:30 – 12:15 Session #3: Cyber Security: How Much Is Enough?
12:15 – 13:15 Lunch Sponsored by Forescout
13:15 – 13:50 Session #4: An Object-Oriented Approach to Information Security Policy Management Development
13:50 – 14:30 Session #5: Y2Q Problem and its Security and Operational Implications for the Enterprises
14:30 – 15:00 Session #6: Beyond Trust
15:00 – 15:15 Break
15:15 – 17:00 Session #7: CISO Panel: Ajay Sood, Edward Kiledjian, Jeff Stark, Bob Gordon
17:00 Closing Remarks

*Timing and content subject to change

Speakers, Sessions, Bios

Stay tuned for 2019 details. Below is the line-up from the (ISC)2 Secure Toronto event at SecTor 2018. Expand each one to read more about each speaker and their session.

A behind the scenes look at (ISC)2’s Professional Development Institute which aims to provide relevant continuing education opportunities post certification. In this session, we will review member survey findings on trending, and most sought after topics and the identified training needs from our membership. Get an inside look at (ISC)2’s development model, course types, current and future course offerings, as well as our approach to professional development. Finally, learn how you can contribute to our industry’s body of knowledge as we guide you through the course development process and how to get involved. Stacy Mantzaris, Continuing Professional Education Lead, (ISC)2

This talk will be like the short address given at TPS HQ on July 24th. I will go into a bit more detail on the prevailing trends in cyber incidents being reported to law enforcement and the collaborative approach being taking to investigate and prosecute them. I will also provide some high level case study information and supporting statistics from the law enforcement perspective. I will also focus on the need for law enforcement engagement in the effort to be successful in the cybercrime investigations and also address the knowledge and skills gap while also touching on the need for improved cyber hygiene. This will dovetail into the CyberCOPS and Kids program and partnership with the Centre for Cyber Safety and Education and getting the information and material into the schools and into the hands of the youth in the community. This presentation will cover both best practices and technical information allowing it to resonate with a wide range of audience participant. Alpha Chan,Co-Ordinated Cyber Centre, Toronto Police Services

Advice on costs and benefits of cyber security programs for industrial automation and critical infrastructure has become confusing and contradictory. For example, experts on a recent panel were heard to observe all of: “Security is pure cost,” “there has to be an ROI for every one of our security investments, so we use a risk-based approach, but none of the risk calculations are quantitative,” and “it all depends on the risk appetite of your board and executive.” Even more confusing to business leaders: it is always possible to be more secure, or less secure. We know that for every security defense, there is an offense that will succeed. How then, should we evaluate cyber security funding requests? How can anyone ever know how much is enough? We explore the question “how much is enough” and draw some simple conclusions. We discuss how classic “natural disaster” risk models and other IT-centric security risk models that attempt to quantify the likelihood of attacks are poor fits to physical or cyber-physical security challenges. A good understanding of the characteristics of control system networks, industrial processes, safety systems, protection systems, security systems and attack capabilities are all prerequisites to an effective risk assessment. Assembling all this knowledge and these costs into a simple matrix for business leaders to understand and evaluate is very much possible. Join us to review approaches to risks, calculations, costs, and understand how to communicate these to business decision-makers. Mike Firstenberg, Director, Industrial Security at Waterfall Security Solutions Ltd

An Object-Oriented Approach to Information Security Policy Management Development and management of a security policy framework is difficult. Lengthy documents are often not the best way to convey the message effectively and assure policy compliance. This session will explore the challenges of developing and enforcing a security policy framework, and how moving into a lightweight, object-oriented approach can help to overcome these challenges. Learning Objectives: 1: Understand the challenges of developing and managing a security policy framework. 2: Learn how object-oriented design concepts can help with some of these challenges. 3: Take away a template for information security policy framework you can adapt and use. Pre-Requisites: Understanding of information security governance and policy framework development. Cuneyt Karul, Director of Information Security and Compliance at BlueCat

Quantum computing is an emerging technology that will present significant challenges for information security. Unfortunately, our understanding surrounding this new technology can be foreign and complex for those who are not experts in computer science, engineering, and/or quantum physics. This presentation is based on a knowledge translation project. The objective is to provide a practical introduction to the quantum threat in a clear and understandable manner. The project has three parts: the situation, analysis, and security roadmap. Part one explains what quantum computing is, the quantum threat, the impact on security, some quantum definitions and where quantum development is situated. Part two includes an analysis of attack scenarios and mitigations and an examination of quantum key distribution, one of many positive impacts quantum computing. Part three is a roadmap that outlines important considerations for information security personnel when dealing with pending quantum threat. Atefeh Mashatan, School of Information Technology Management of Ryerson University

  • Ajay Sood, VP Symantec Canada
  • Edward Kiledjian, OpenText CISO
  • Jeff Stark, IGM Financial CISO
  • Bob Gordon, Executive Director CCTX