Whether you’re just starting out in Cybersecurity, looking for a job change or seeking professional development advice, this year’s Career Panel will be a valuable investment in your time. We’ve put together a panel of seasoned industry experts who we guarantee will represent an experienced cross-section of career paths. You will walk away with advice, […]
Read moreIt’s 2022 and we’re in an “all cloud all the time” environment – even traditional enterprises are heavily invested in hybrid cloud environments and Software as a Service. But what happens when it’s a sunny day (you know… with no clouds) and you need to figure out how to keep things running and how to […]
Read moreIn this Q&A ThreatConnect will cover the evolution of security operations and the increasing importance of threat intelligence operations to help enterprises become more proactive in defending their increasing attack surface.
Read moreAs adversaries become more advanced with their techniques and tactics, security professionals must draw on effective tools, processes, and emerging technologies to mount a successful defense. In this talk, we will review the challenges and the current state of threat management and threat intelligence sharing. We will also discuss how AI-based threat management can help […]
Read moreDigital Forensics, Incident Response, Troubleshooting, Compliance, and Deep Packet Inspection are important use cases for packet capture. However, as environments continue to adopt virtualized, cloud-based infrastructure, network security practitioners will find it necessary to understand the specific tactics and protocols available for use in each environment. This paper catalogs and details the state of packet […]
Read moreApplication security architecture reviews are used to identify and assess security weaknesses due to architectural flaws in an application. This effort results in specific mitigation or remediation advice meant to strengthen the security posture of the application and reduce risk to the organization. As organizations increase their cloud adoption and innovate at an ever-increasing pace […]
Read moreMost Canadian organizations have a backup and recovery plan for disasters such as blackouts or flooding, but surprisingly few are prepared for an arguably greater – and more likely – threat to their livelihood: cyberattacks. While 90 percent of Canadian organizations reported falling victim to cyberattacks such as ransomware over the past year, according to […]
Read moreWe often hear the attackers are successful, the company has been breached and data has been stolen or held ransom. We hear when the defends beat the attackers! In this session hear from two leaders in Cyber Security talk real world examples of the defenders defeating the attackers. You will hear from Stephan Jou, CTO […]
Read moreEvery organization gets compromised – it’s how fast you detect and respond to an incident that counts. This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the […]
Read moreIn July 2022, Cloudflare was targeted in a sophisticated SMS phishing scheme in such a way that we believe most organizations would be likely to be breached. In this session we’ll detail the recent targeted phishing attack we saw at Cloudflare and more importantly, how we stopped it and steps you can take to protect […]
Read moreThe Cyberconflict between Russia and Ukraine has spurred numerous “Shields up” warnings from CISA, Certs, our own CCCC, and other agencies. What is the real risk for Canadian businesses? This talk presents the current state of affairs on the cyberwar and some of the tools that can be used to mitigate this new elevated risk.
Read moreIn a world of media chaos and disinformation, how do you differentiate truth from lies? How do you choose your sources of information? Never before have nation-states had a tool as far-reaching as the internet to tell stories, spread messages, and deceive friends and foes alike. Today, over 95% of Canadians and Americans are connected […]
Read moreRansomware has evolved from a relatively minor annoyance with negligible costs into a multi-billion-dollar international criminal economy. With the advent of nation-state sponsored support for these evolving campaigns, it’s important to understand the various mitigation options so you never have to rely upon the “honour amongst thieves” in order to recover your data. Based on […]
Read moreThe rise of ransomware and other tactics for cyber criminals over the past few years is an ever-growing problem that has quickly become an extremely lucrative criminal enterprise. Targeted organizations often believe that paying the ransom is the most cost-effective way to get their data back — and, unfortunately, this may also be the reality. […]
Read moreSecuring code at each point in the software development lifecycle is never-ending work. Development and security teams need a way to determine what’s vulnerable, understand how to fix it and be able to scale that work as their threat landscape evolves. But what does that really mean in a world where software development moves at […]
Read moreToday’s companies must enable their customers to engage with their apps or services at any time, from any device, in a secure and safe manner. While the importance of identity within an organization’s security posture has been clear for many years, the digital rush has accelerated timeframes by dissolving security perimeters with unprecedented swiftness. As […]
Read moreA key challenge for organizations is determining if the investment in detection and response tools are performing and meeting their objective. Security teams struggle with red team and security validation processes performed in a continuous and efficient manner. How can security teams remove assumptions and shift their organization’s security program to one centered around the […]
Read moreAttackers know that the majority of modern application code is composed of open source software. Today, Checkmarx researchers witness, in real-time, attackers planting packages with malicious code into open source software supply chains. As a result, as application developers perform builds, malicious code becomes part of the applications you are publishing. Making matters even worse, […]
Read moreFor over 20 years, Vulnerability Management has gone completely unchanged; sure, we have new ways to scan, detect, and report, but the ineffective process has stayed the same. What this means in today’s organizations is a flood of tickets, slow remediation, missed SLAs and constant conflict between IT and Security teams. Meanwhile, common vulnerabilities remain […]
Read moreIn recent years the number of vulnerabilities, threat actors, tools, tactics, and techniques has grown exponentially. Keeping track of what is important is a daunting task for an organization of any size. At Qualys, the research team is looking at the threat landscape around the clock to prioritize what is important for our customers. This […]
Read moreSecurity Operations Center (SOC) teams are being stress-tested today like never before. With increasing pressure to respond to a variety of signals demanding their attention, optimizing a security operations center has proven to be increasingly challenging. The SOC strategy you implement can not only help to prevent threats from causing harm, but it can also […]
Read moreMalware that is capable of monitoring hardware devices poses a significant threat to the privacy and security of users and organizations. Common capabilities of such malware include keystroke logging, clipboard monitoring, sampling of microphone audio, and recording of web camera footage. All modern operating systems implement APIs that provide hardware access to processes and all […]
Read moreIn 2021, the Canadian Center for Cyber Security released the top 10 mitigating actions that organizations should take to protect its Internet-connected networks and sensitive information from cyber security threats. Together, we will understand what these 10 actions are and validate what their impact could be on the protection of your most critical assets. This […]
Read moreIn the last few years cybercriminals have, upped their monetization demands, attacked critical infrastructure, utilized supply chain attacks, and continued to inflict untold damage on businesses and consumers. The woes don’t stop there, the conflict in Ukraine has seen attacks on power grid infrastructure and destructive data wipers, causing heightened potential cyber-attack alerts to be […]
Read moreNo organization can ever be complacent and think that their cybersecurity strategies are impenetrable. Regardless of how thorough the precautions, establishing a perimeter and defending it is never enough. Cyberattacks are growing in number and sophistication, with adversaries becoming more experienced at bypassing even the most sophisticated measures. Waiting for a “You’ve Been Breached Notification” […]
Read moreAs part of a vendor security research team, a lot of time is spent reading up on documents released by various standards bodies. These standards are useful guides to securing the environment, but they often become the driving force behind “checkbox security.” This happens, in part, because these documents are looked down upon as boring […]
Read moreMicrosoft’s efforts to aid Ukraine’s response to Russia’s attacks are tied to our commitment to security, defence of democracy, and protecting people. Join us for this session to learn how our threat intelligence and security teams are working closely with the government of Ukraine and other partners to protect organizations and citizens. Protection against cyber-attacks […]
Read moreThe information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? How can we minimize overlap within the highly dynamic toolset we already own, rationalize vendor relationships, and decommission tools that overlap or no longer […]
Read moreThe cloud is here and growing. Securing the cloud isn’t the same as securing on-premise deployments. According to recent Elastic research, 1-in-2 CISOs expect misconfigurations to be a leading cause of breaches, while an ESG research highlights that 89% of negative outcomes occur between detection and investigation. In this session James Spiteri, Product Marketing Director […]
Read moreIn the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately […]
Read moreSoftware Bill of Materials (SBOMs) provide numerous security benefits such as software transparency, software integrity, and software identity. SBOMs are being included in a lot of regulatory requirements, such as the U.S. Presidential Executive Order 14028 and the U.S. Food and Drug Administration (FDA) for medical devices. Come learn about the specific benefits SBOMs provide, […]
Read moreIn 2022, most of us have bought goods and services online or using mobile apps, for convenience, for safety (e.g., pandemic) or as a matter of personal preference. As mobile payments and integrations with third-party payment processors become more and more prevalent, common AppSec mistakes from the past reappear under new forms. Merchants who overlook […]
Read moreAt the intersection between business and pleasure, mobile social applications access the most sensitive information about us and the world we live in. Hackers are focused on Mobile attacks now more than ever, as they represent the next frontier for security risk.
Read moreWe are reliant upon cryptography for so much, yet new and exciting technologies are poised to up-end the world we know. The most celebrated current issue in the use of cryptography is quantum computing but this is only one of many. To be successful, it is important that we understand what quantum computing, quantum key […]
Read moreFor years, organizations have struggled to meet the requirements of regulatory compliance, incident response, security, and best practice for their critical data. And now, with the huge upsurge in the number of innovative fintech applications in use and the pressure to migrate to the cloud or to manage a hybrid solution, data security and compliance […]
Read moreBy effectively communicating the association between cyber and physical and human systems, SRM leaders effectively improve senior stakeholders’ awareness, gain buy-in and get their risk management initiatives funded to better protect human and physical systems. As our networks continue to become more hybrid and the number of endpoints increases logarithmically due to the explosion of […]
Read moreCloud security requires different tools, processes and skills than on-prem. How are organizations progressing in their security capabilities along this cloud transition? To find out, we collaborated with research firm IDC on a Canada-wide study to benchmark cloud security activity and outcomes. During this session we will discuss the security gaps that can appear as […]
Read moreThe layers of security we’ve deployed over the last 30 years must be re-evaluated since many organizations have fallen victim to cyber-attacks. How will today’s cyber security solutions solve the many business problems? This discussion highlights the pros and cons of the past solutions vs the present.
Read moreBusinesses today rely heavily on technology and data. Though most organizations have developed strategies to access critical data during an outage caused by natural disasters or power disruptions, these strategies have proven to be ineffective during a cyber-attack. Interconnected users, servers, cloud devices, and continuous web access results in an environment that is open for […]
Read moreThe discovery of the Log4Shell vulnerability was a wake-up call for many organizations. It was an opportunity not only for criminals, but also for hackers who look to help organizations uncover vulnerabilities before they can be exploited. Log4Shell forced many organizations to address how they use third-party and open-source software. Most organizations have recovered from […]
Read moreToday, all companies are susceptible to cyberattacks. Despite the presence of SOC teams monitoring for zero day threats, vulnerabilities, and unusual activities 24/7. So what can you do to help your team accelerate incident response? Join me to discuss how you can: Quickly assess your risk exposure to identify CIs in zero day vulnerabilities, such as […]
Read moreFeedback from Canadian organizations in the 2022 TELUS Canadian Ransomware Study highlighted the importance of having a comprehensive Vulnerability Management Program (VMP) in order to defend against ransomware. Today, approximately 50% of Canadian organizations have a formal VMP in place, but how can these organizations take their programs from good to great? Join Kim Schreader, […]
Read moreGlobal and technological uncertainty is being weaponized by adversaries. Digital Transformation, Global Supply Chain issues, Mandated Lockdowns, and State Sponsored attacks are creating windows of opportunities for adversaries to exploit. We will discuss evolving attack trends and how defenders can employ core security pillars to mount a rigorous defense. Rigid defenses are obsolete and easily […]
Read moreAt a time when work was still a place to go to, apart from a thing to get done, organizations could afford to protect their most sensitive data using firewalls, IDS and IPS systems, and VPNs. But today, when there are no corporate network boundaries, and data can be stored and accessed from anywhere, traditional […]
Read moreEven though cloud computing isn’t all that new anymore, learning how to use it effectively can be overwhelming. It’s unfortunately very easy to make mistakes. The vast majority of cloud security failures are configuration mistakes of some kind or another, so developing the discipline of correct configuration is the best thing companies can do to […]
Read moreWith each passing year, the number of cybersecurity events continues to increase despite record breaking spend on cybersecurity tools. So why do threats continue to be successful even if we are investing heavily in detecting them? The answer is simple, we are not always monitoring in the correct places. This session will discuss the 5 […]
Read moreCompliance with industry standards as well as various government regulations also requires a robust servicing and patching strategy. Beyond compliance, you must understand the risk to your resources from poor servicing. To help with this effort, standards exist to help assess risk. However, vendors can manipulate these standards, which can lead to errors when enterprises […]
Read moreThe blistering pace and expanding scope of cyberthreats and ransomware attacks is forcing cyber insurance companies to steeply increase their rates and premiums, and even drop coverage for high-risk organizations. Underwriting requirements to be approved for cyber insurance are becoming more stringent. In this upcoming session with Chris Hills, Chief Security Strategist at BeyondTrust hear […]
Read moreNew Operational Technology (OT) systems support TCP/IP connectivity and are often interfaced with corporate IT networks. While this convergence brings many advantages from an operational perspective, it also exposes companies to considerable cyber risks if not managed properly. In his presentation, the speaker will highlight the main differences between IT and OT systems, most of which […]
Read moreExpressions such as “the growing threat landscape” are commonplace in cybersecurity conversations. In fact, organizations are living in a world where “threat inflation” is the reality and there is no reason to believe it will change anytime soon. How can we handle this without making our cybersecurity teams become the highest number in our budget? […]
Read more