Career Panel and Career Fair 2022

Whether you’re just starting out in Cybersecurity, looking for a job change or seeking professional development advice, this year’s Career Panel will be a valuable investment in your time. We’ve put together a panel of seasoned industry experts who we guarantee will represent an experienced cross-section of career paths. You will walk away with advice, […]

Read more

Planning for Sunny Days

It’s 2022 and we’re in an “all cloud all the time” environment – even traditional enterprises are heavily invested in hybrid cloud environments and Software as a Service. But what happens when it’s a sunny day (you know… with no clouds) and you need to figure out how to keep things running and how to […]

Read more

ThreatConnect & The Decisive Group Q&A

In this Q&A ThreatConnect will cover the evolution of security operations and the increasing importance of threat intelligence operations to help enterprises become more proactive in defending their increasing attack surface.

Read more

Leverage AI in Threat Management

As adversaries become more advanced with their techniques and tactics, security professionals must draw on effective tools, processes, and emerging technologies to mount a successful defense. In this talk, we will review the challenges and the current state of threat management and threat intelligence sharing. We will also discuss how AI-based threat management can help […]

Read more

The State of Packet Capture in a Hybrid Infrastructure: The More You Know

Digital Forensics, Incident Response, Troubleshooting, Compliance, and Deep Packet Inspection are important use cases for packet capture. However, as environments continue to adopt virtualized, cloud-based infrastructure, network security practitioners will find it necessary to understand the specific tactics and protocols available for use in each environment. This paper catalogs and details the state of packet […]

Read more

Security Architecture Review for Cloud-based Applications – Where to Start and How to Shift Left?

Application security architecture reviews are used to identify and assess security weaknesses due to architectural flaws in an application. This effort results in specific mitigation or remediation advice meant to strengthen the security posture of the application and reduce risk to the organization. As organizations increase their cloud adoption and innovate at an ever-increasing pace […]

Read more

Will Your Backups Help You Recover from Ransomware?

Most Canadian organizations have a backup and recovery plan for disasters such as blackouts or flooding, but surprisingly few are prepared for an arguably greater – and more likely – threat to their livelihood: cyberattacks. While 90 percent of Canadian organizations reported falling victim to cyberattacks such as ransomware over the past year, according to […]

Read more

From the Field – Stories of Successfully Detecting Cyber Attacks

We often hear the attackers are successful, the company has been breached and data has been stolen or held ransom. We hear when the defends beat the attackers! In this session hear from two leaders in Cyber Security talk real world examples of the defenders defeating the attackers. You will hear from Stephan Jou, CTO […]

Read more

Navigating Enterprise Security in a Post-Compromise Reality

Every organization gets compromised – it’s how fast you detect and respond to an incident that counts. This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the […]

Read more

The (Hard) Key to Stop Phishing: How Cloudflare Stopped a Targeted Attack and You Can Too

In July 2022, Cloudflare was targeted in a sophisticated SMS phishing scheme in such a way that we believe most organizations would be likely to be breached. In this session we’ll detail the recent targeted phishing attack we saw at Cloudflare and more importantly, how we stopped it and steps you can take to protect […]

Read more

Impact of the Russia – Ukraine Conflict on Your Cybersecurity

The Cyberconflict between Russia and Ukraine has spurred numerous “Shields up” warnings from CISA, Certs, our own CCCC, and other agencies. What is the real risk for Canadian businesses? This talk presents the current state of affairs on the cyberwar and some of the tools that can be used to mitigate this new elevated risk.

Read more

The Agent of Influence

In a world of media chaos and disinformation, how do you differentiate truth from lies? How do you choose your sources of information? Never before have nation-states had a tool as far-reaching as the internet to tell stories, spread messages, and deceive friends and foes alike. Today, over 95% of Canadians and Americans are connected […]

Read more

The Evolution of Ransomware

Ransomware has evolved from a relatively minor annoyance with negligible costs into a multi-billion-dollar international criminal economy. With the advent of nation-state sponsored support for these evolving campaigns, it’s important to understand the various mitigation options so you never have to rely upon the “honour amongst thieves” in order to recover your data. Based on […]

Read more

Ransomware IR Playbook to Remember & an Art of Building Resilience

The rise of ransomware and other tactics for cyber criminals over the past few years is an ever-growing problem that has quickly become an extremely lucrative criminal enterprise. Targeted organizations often believe that paying the ransom is the most cost-effective way to get their data back — and, unfortunately, this may also be the reality. […]

Read more

A Data Product Approach to Reducing Security Debt

Securing code at each point in the software development lifecycle is never-ending work. Development and security teams need a way to determine what’s vulnerable, understand how to fix it and be able to scale that work as their threat landscape evolves. But what does that really mean in a world where software development moves at […]

Read more

Report: Protecting Customer Identity and Access Management (CIAM) Services Against Online Threats

Today’s companies must enable their customers to engage with their apps or services at any time, from any device, in a secure and safe manner. While the importance of identity within an organization’s security posture has been clear for many years, the digital rush has accelerated timeframes by dissolving security perimeters with unprecedented swiftness. As […]

Read more

Is Your Defensive Stack Ready for a Targeted Attack?

A key challenge for organizations is determining if the investment in detection and response tools are performing and meeting their objective. Security teams struggle with red team and security validation processes performed in a continuous and efficient manner. How can security teams remove assumptions and shift their organization’s security program to one centered around the […]

Read more

Software Supply Chain Security: Knowing What You Don’t Know

Attackers know that the majority of modern application code is composed of open source software. Today, Checkmarx researchers witness, in real-time, attackers planting packages with malicious code into open source software supply chains. As a result, as application developers perform builds, malicious code becomes part of the applications you are publishing. Making matters even worse, […]

Read more

Vulnerability Management: Try Fixing Less to Reduce More Risk

For over 20 years, Vulnerability Management has gone completely unchanged; sure, we have new ways to scan, detect, and report, but the ineffective process has stayed the same. What this means in today’s organizations is a flood of tickets, slow remediation, missed SLAs and constant conflict between IT and Security teams. Meanwhile, common vulnerabilities remain […]

Read more

Researching Risk: The Qualys Approach to Identifying and Reducing Risk

In recent years the number of vulnerabilities, threat actors, tools, tactics, and techniques has grown exponentially. Keeping track of what is important is a daunting task for an organization of any size. At Qualys, the research team is looking at the threat landscape around the clock to prioritize what is important for our customers. This […]

Read more

Indicators Everywhere! How SOCs Can Maintain Efficiency Against Any Attack

Security Operations Center (SOC) teams are being stress-tested today like never before. With increasing pressure to respond to a variety of signals demanding their attention, optimizing a security operations center has proven to be increasingly challenging. The SOC strategy you implement can not only help to prevent threats from causing harm, but it can also […]

Read more

New Memory Forensics Techniques to Defeat Device Monitoring Malware

Malware that is capable of monitoring hardware devices poses a significant threat to the privacy and security of users and organizations. Common capabilities of such malware include keystroke logging, clipboard monitoring, sampling of microphone audio, and recording of web camera footage. All modern operating systems implement APIs that provide hardware access to processes and all […]

Read more

Top 10 Cyber Security Actions for Canada

In 2021, the Canadian Center for Cyber Security released the top 10 mitigating actions that organizations should take to protect its Internet-connected networks and sensitive information from cyber security threats. Together, we will understand what these 10 actions are and validate what their impact could be on the protection of your most critical assets. This […]

Read more

Two Years of Accelerated Cybersecurity and the Demands Being Placed on Cyber Defenders

In the last few years cybercriminals have, upped their monetization demands, attacked critical infrastructure, utilized supply chain attacks, and continued to inflict untold damage on businesses and consumers. The woes don’t stop there, the conflict in Ukraine has seen attacks on power grid infrastructure and destructive data wipers, causing heightened potential cyber-attack alerts to be […]

Read more

Seize the Breach: Protect Your Organization With Behavior-based Security Intelligence

No organization can ever be complacent and think that their cybersecurity strategies are impenetrable. Regardless of how thorough the precautions, establishing a perimeter and defending it is never enough. Cyberattacks are growing in number and sophistication, with adversaries becoming more experienced at bypassing even the most sophisticated measures. Waiting for a “You’ve Been Breached Notification” […]

Read more

Neither Pointless nor Boring: Pop it and Lock it Down with CIS Controls

As part of a vendor security research team, a lot of time is spent reading up on documents released by various standards bodies. These standards are useful guides to securing the environment, but they often become the driving force behind “checkbox security.” This happens, in part, because these documents are looked down upon as boring […]

Read more

Defending Ukraine: Early Lessons from the Cyber War

Microsoft’s efforts to aid Ukraine’s response to Russia’s attacks are tied to our commitment to security, defence of democracy, and protecting people. Join us for this session to learn how our threat intelligence and security teams are working closely with the government of Ukraine and other partners to protect organizations and citizens. Protection against cyber-attacks […]

Read more

Into the Abyss: Cybersecurity Tool Selection, Rationalization, and Decommissioning

The information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? How can we minimize overlap within the highly dynamic toolset we already own, rationalize vendor relationships, and decommission tools that overlap or no longer […]

Read more

How Safe is Your Cloud? Deciphering Cloud Threats and Security Models

The cloud is here and growing. Securing the cloud isn’t the same as securing on-premise deployments. According to recent Elastic research, 1-in-2 CISOs expect misconfigurations to be a leading cause of breaches, while an ESG research highlights that 89% of negative outcomes occur between detection and investigation. In this session James Spiteri, Product Marketing Director […]

Read more

How AI Can Think Like an Attacker

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately […]

Read more

Deep Dive into SBOMs and Microsoft’s SBOM Tool

Software Bill of Materials (SBOMs) provide numerous security benefits such as software transparency, software integrity, and software identity. SBOMs are being included in a lot of regulatory requirements, such as the U.S. Presidential Executive Order 14028 and the U.S. Food and Drug Administration (FDA) for medical devices. Come learn about the specific benefits SBOMs provide, […]

Read more

Defrauding Merchants like it’s Y2K

In 2022, most of us have bought goods and services online or using mobile apps, for convenience, for safety (e.g., pandemic) or as a matter of personal preference. As mobile payments and integrations with third-party payment processors become more and more prevalent, common AppSec mistakes from the past reappear under new forms. Merchants who overlook […]

Read more

Mobile Security – The Hackers Next Frontier

At the intersection between business and pleasure, mobile social applications access the most sensitive information about us and the world we live in. Hackers are focused on Mobile attacks now more than ever, as they represent the next frontier for security risk.

Read more

The Future of Cryptography

We are reliant upon cryptography for so much, yet new and exciting technologies are poised to up-end the world we know. The most celebrated current issue in the use of cryptography is quantum computing but this is only one of many. To be successful, it is important that we understand what quantum computing, quantum key […]

Read more

Why Do We Accept Gaps in Our Data Protection Practices?

For years, organizations have struggled to meet the requirements of regulatory compliance, incident response, security, and best practice for their critical data. And now, with the huge upsurge in the number of innovative fintech applications in use and the pressure to migrate to the cloud or to manage a hybrid solution, data security and compliance […]

Read more

Preparing SRM Leaders to Communicate the Relationship Between the Cyber Risks and Physical and Human Systems

By effectively communicating the association between cyber and physical and human systems, SRM leaders effectively improve senior stakeholders’ awareness, gain buy-in and get their risk management initiatives funded to better protect human and physical systems. As our networks continue to become more hybrid and the number of endpoints increases logarithmically due to the explosion of […]

Read more

State of Cloud Security in Canada: How Does Your Organization Measure Up?

Cloud security requires different tools, processes and skills than on-prem. How are organizations progressing in their security capabilities along this cloud transition? To find out, we collaborated with research firm IDC on a Canada-wide study to benchmark cloud security activity and outcomes. During this session we will discuss the security gaps that can appear as […]

Read more

Time to Re-evaluate Your Security Layers

The layers of security we’ve deployed over the last 30 years must be re-evaluated since many organizations have fallen victim to cyber-attacks. How will today’s cyber security solutions solve the many business problems? This discussion highlights the pros and cons of the past solutions vs the present.

Read more

Protecting Your Critical Data and Enhancing Cyber Recovery

Businesses today rely heavily on technology and data. Though most organizations have developed strategies to access critical data during an outage caused by natural disasters or power disruptions, these strategies have proven to be ineffective during a cyber-attack. Interconnected users, servers, cloud devices, and continuous web access results in an environment that is open for […]

Read more

What Log4Shell Taught Us About the Software Supply Chain, that Other Vulns Didn’t

The discovery of the Log4Shell vulnerability was a wake-up call for many organizations. It was an opportunity not only for criminals, but also for hackers who look to help organizations uncover vulnerabilities before they can be exploited. Log4Shell forced many organizations to address how they use third-party and open-source software. Most organizations have recovered from […]

Read more

Effective Response in the Face of Zero Day Threats and Vulnerabilities

Today, all companies are susceptible to cyberattacks. Despite the presence of SOC teams monitoring for zero day threats, vulnerabilities, and unusual activities 24/7. So what can you do to help your team accelerate incident response? Join me to discuss how you can: Quickly assess your risk exposure to identify CIs in zero day vulnerabilities, such as […]

Read more

The Unsung Hero of Cybersecurity: Taking Your Vulnerability Management Program (VMP) from Good to Great

Feedback from Canadian organizations in the 2022 TELUS Canadian Ransomware Study highlighted the importance of having a comprehensive Vulnerability Management Program (VMP) in order to defend against ransomware. Today, approximately 50% of Canadian organizations have a formal VMP in place, but how can these organizations take their programs from good to great? Join Kim Schreader, […]

Read more

Decision Making in Uncertain Times: Key teachings from Executive Exchanges

Global and technological uncertainty is being weaponized by adversaries.  Digital Transformation, Global Supply Chain issues, Mandated Lockdowns, and State Sponsored attacks are creating windows of opportunities for adversaries to exploit. We will discuss evolving attack trends and how defenders can employ core security pillars to mount a rigorous defense. Rigid defenses are obsolete and easily […]

Read more

The Compelling Case for Zero Trust: Bridge the Gap Between Cybersecurity and Business

At a time when work was still a place to go to, apart from a thing to get done, organizations could afford to protect their most sensitive data using firewalls, IDS and IPS systems, and VPNs. But today, when there are no corporate network boundaries, and data can be stored and accessed from anywhere, traditional […]

Read more

Correctly Configure All the Clouds

Even though cloud computing isn’t all that new anymore, learning how to use it effectively can be overwhelming. It’s unfortunately very easy to make mistakes. The vast majority of cloud security failures are configuration mistakes of some kind or another, so developing the discipline of correct configuration is the best thing companies can do to […]

Read more

Leave No Stone Unturned: The Elements of Security Visibility

With each passing year, the number of cybersecurity events continues to increase despite record breaking spend on cybersecurity tools. So why do threats continue to be successful even if we are investing heavily in detecting them? The answer is simple, we are not always monitoring in the correct places. This session will discuss the 5 […]

Read more

Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories

Compliance with industry standards as well as various government regulations also requires a robust servicing and patching strategy. Beyond compliance, you must understand the risk to your resources from poor servicing. To help with this effort, standards exist to help assess risk. However, vendors can manipulate these standards, which can lead to errors when enterprises […]

Read more

Cybersecurity Insurance: Where to Start & How to Qualify

The blistering pace and expanding scope of cyberthreats and ransomware attacks is forcing cyber insurance companies to steeply increase their rates and premiums, and even drop coverage for high-risk organizations. Underwriting requirements to be approved for cyber insurance are becoming more stringent. In this upcoming session with Chris Hills, Chief Security Strategist at BeyondTrust hear […]

Read more

Securing Your Operational Technologies

New Operational Technology (OT) systems support TCP/IP connectivity and are often interfaced with corporate IT networks. While this convergence brings many advantages from an operational perspective, it also exposes companies to considerable cyber risks if not managed properly.  In his presentation, the speaker will highlight the main differences between IT and OT systems, most of which […]

Read more

Scaling Security Operations: The Answer To The Challenge of Threat Inflation

Expressions such as “the growing threat landscape” are commonplace in cybersecurity conversations. In fact, organizations are living in a world where “threat inflation” is the reality and there is no reason to believe it will change anytime soon. How can we handle this without making our cybersecurity teams become the highest number in our budget? […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!