No matter what anyone tells you, no investigation is complete or comprehensive if it only includes host-based forensic analysis. The fact is the host never has all of the relevant information, and there are way too many techniques for ensuring that no incriminating evidence is ever left on the disk. Because of this reality, it […]
Many security professionals think of locks as curiosities or puzzles, and are well acquainted with the idea that “locks keep honest people honest.” However, physical security has a rich history and our modern relationship to locks is very different than it was even a hundred years ago. In this talk we’ll put modern physical security […]
Despite the complexities of modern malware and the stealthiness of targeted infiltrations, the remote command and control of victim devices is heavily dependent upon a clear-text protocol. Using new techniques in the big data analysis of streaming DNS traffic and the application of innovative machine learning systems, it is possible to automatically identify domain names […]
In this session, CSA will present the key security problems of Cloud Computing that are being faced by the industry. They will provide information about activities in the public and private sector around the world to develop standards, guidelines and innovation for cloud security. They will also provide an overview of key tools and best […]
Dave Millier from Sentry Metrics will discuss the challenges facing many organizations around “audit fatigue”, and talk about various methods of automating the collection, reporting and validation of overall compliance for organizations. The talk will focus not only on regulatory compliance, but also drill into more mundane testing and validation, and look at measuring against […]
One of the most successful drive-by attack toolkits available to cyber criminals, Black Hole is dominating the criminal marketplace. In this talk, we will explore how the exploit kit is sold, kit features, how attackers are using it to ensnare victims and the speed with which new vulnerabilities are being exploited. Techniques for defending against […]
Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is exposed. Is there really a […]
Near Field Communication (NFC) has been used in mobile devices in some countries for a while and is now emerging on devices in use near you. This technology allows NFC enabled devices to communicate with each other within close range, typically a few centimeters. It is being rolled out as a way to make payments, […]
The Digital Revolution is enabling business to provide their customers with new, innovative products and services, thus exposing corporate networks and data to greater risks from cyber threats. These threats are increasingly sophisticated. Existing firewall strategies combined with old fashioned mentality are no longer are able to offer business the security and protection they need. […]
Have you ever wondered what SQL injection was, and how it worked? Couldn’t figure out how someone could take over your web browsing and redirect you to another site entirely, or intercept and replace legitimate web traffic with some nasty malware? Dave Millier and Assef G. Levy will give you an overview of web application […]
This talk will focus on attacking .NET Desktop Applications(EXE/DLL/Live Memory) Both WhiteHat and BlackHat hacking will be shown on common security concerns such as intellectual property protection systems and licensing systems. This presentation will have a New Drop of forensic info on what can be accessed about a .NET application, with basic info targeted at […]
In February 2012, the Canadian government introduced “lawful access” legislation that granted new powers to law enforcement to access private communications and require telecommunications providers to install new surveillance capabilities. The bill generated a massive public backlash as Canadians loudly rejected the bill and pressured the government to reconsider its surveillance plans. Michael Geist played […]
Today’s threat landscape is evolving radically and BYOD (Bring Your Own Device) is all the rage. In 2011 alone, Symantec detected and blocked 5.5 billion malicious attacks, an increase of more than 81 percent from the previous year. Social networks and mobile computing are opening up new security vulnerabilities and personal sites and blogs were […]
Over the past year, Trustwave’s SpiderLabs malware team has been continually reminded why we love our jobs – we get to play with malware. But not just any malware, no, we get to reverse engineer and analyze malware from targeted incident response cases. This opportunity allows us to see what criminals are doing at a […]
“Hunting Carders for fun and profit” describes the rise in E-commerce breaches over the last year. The talk touches on the reasons cardholder data is so valuable on the black market, the three most common attack vectors, examples of malware discovered during actual investigations, the wrong way to encrypt databases and examples of how several […]
Join Kellman for a critique of the LucasFilm epic, from the perspective of a security audit. He will review the security procedures and practices of the Galactic Empire, and see what they did well, but more importantly, learn from the mistakes they made. Prepare for a discussion on security policies and procedures, applied during the […]
The kinds of web services developed and deployed to support Service Orientation over the first decade of the new millennium are not compatible with the applications being developed for mobile devices. In this talk, you will learn about the “Web APIs” favored by mobile developers, how they differ from the Web Services deployed in SOAs, […]
Most computer forensic examinations focus on system forensics – live system and memory data, and the data remaining on storage devices. These investigations neglect the significant amount of network data (moving packets, event logs, and specialized tools such as honeypots). During this session, you will learn proactive and post-response techniques for collecting and analyzing network […]
But, here’s your password. Reset it, maybe? Everyone thinks they know about the Man in the Middle. Most places think as long as they have SSL, they’re immune. Attackers know better. We’ll demonstrate implications of Man in the Middle vulnerability that go beyond the 101. We’ll show how layer 2 weaknesses can be turned into […]
Malware and targeted attacks are an extremely serious threat to the security of SMBs and large enterprises. Targeted attacks generally follow predefined strategies and one of the possible vectors is to attack via a mobile device. A successful targeted attack can seriously damage a company’s intellectual property, confidential information and reputation. Attendees will learn about […]
You want it all. But you’re scared. You don’t want to put on a suit and watch your soul shrivel. There is another way. In this session, you will learn: – why you want to do this to yourself – how to get the first job (which will suck) – how to turn the first […]
How many times have you wondered what really gets fixed inthe security patches released by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that anyone can use to read what exactly gets fixed in patches. These techniques can […]
This session explores the concept of network forensic investigations using HP ArcSight ESM, and how security analysts can use it to assist HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile devices, the need for well-defined workflow and the use of industry-accepted […]
How many breaches occurred in Canada last year? And how many might there be by 2015? How much personal confidential Canadian data will be lost next year? Join this session to learn which types of firms are losing data and how. He won’t name names, but Dave will quickly walk you through a cool model […]
Open-source Intelligence has picked up quite a hype lately and everyone talks about its importance within a security program to protect organizations against present and emerging threats. With the advent of social media, monitoring all these sources has become even a bigger challenge. Despite its importance, no one has provided specific guidance on how exactly […]
This presentation was designed to provide a glimpse into the curious world of Social Engineering, and it’s serious impact being felt within businesses and homes around the world. Robert helps to shed light on many of the low tech techniques successfully being used defeat today’s highest-tech security solutions. With a focus on the human elements […]
The Microsoft Security Response Center has been responding to security vulnerabilities and incidents for more than 10 years, and we’ve learned a few things along the way. In this presentation, we’ll pull back the curtain and walk you through the formal processes and informal guidelines that we use to handle hundreds of vulnerability reports every […]
As companies increase funding for Network Security and get mature in that space, the attackers are shifting their methodologies and attack vectors as well. Targeted malware is not the exception but a norm these days. “Data in Transit” is becoming the new goldmine as the data in database gets ample encryption treatment these days. Parsing […]
This presentation will review some of the reasons that web application security is so important – citing data from the Verizon Data Breach Investigations Report which identified web applications as one of the primary attack and data loss vectors. Next, an overview of a conventional scanning program will be outlined as well as how a […]
Mobile security is the hottest topic for senior security professionals as organizations struggle with how to support smartphones and other consumer-grade devices connecting to the network. This session will present a process to evaluate the risk of these devices, define appropriate policies, and control the use of these devices. We’ll also discuss (at a high […]
A new development of 2012, targeted attacks (APTs) against human rights now often include malware specifically designed to compromise Macs. Mac users have long thought they’re safe, for a variety of reasons including: “nobody ever targets us” (not anymore!), “Macs are based on Unix so have additional security” (not if new vulnerabilities are found, or […]
Many organizations face common challenges of fully leveraging their Enterprise Monitoring tool to give a holistic and cross-sectional view of the health and performance of core infrastructure and distributed applications. This presentation provides its audience a greater understanding of how to operationalize Microsoft’s System Center Operations Manager (SCOM 2007 or 2012) based on the key […]
Want to get better at security? Improve your ops and improve your dev. Most of the security tools you need aren’t from security vendors, they don’t even need to be commercial. You need tools like chef & puppet, jenkins, logstash + elasticsearch & splunk or even hadoop to name but a few. The key is […]
The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years. […]
In this session, “Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches,” Rapid7 will discuss what we can learn from recent high profile breaches including LinkedIn and Global Payments.
An overview of the risks and mitigations encountered in planning the outsourcing of the United States Mint’s $700 Million a year numismatic ecommerce site. The presentation focuses on how to assess your cloud vendor and specific information and access to request to make sure your data is secure. Many of the mitigations discussed in the […]
Aggregating and correlating open-source intelligence (OS-INT) is an important aspect of both attack and defense. When on the offensive, OS-INT provides critical reconnaissance information. Whether sucking down data from corporate directories, gathering information from social networking sites, or combing Pastebin for stolen credentials, the relationships among associated data sets paint a critical picture highlighting potential […]
Why technology and process don’t solve the problem alone and how to make security part of the normal pattern of behaviour for your organization. Instead of assuming that “humans are the weakest link” this talk will show how to make people the first line of defence and make them an asset, instead of a liability.
This session will highlight the link and differences between security efforts and criminal interdiction. Cybercrime continues to be a significant concern to industry and the public in Canada. This session will highlight some of the important activities now underway to address this criminal threat. Attendees will become aware of crime trends and priority threats. Industry […]
Unless you’ve been living under a rock you’ve heard that Hadoop is regarded as the miracle solution for the big data needs of business. It is not uncommon for Hadoop clusters to store and process terabytes of sensitive information. Hadoop’s enormous data stores and inherit security issues make it the perfect storm of risk for […]
As the trusted security advisor to 65 of the Fortune 100, Accuvant is in a unique position to understand the current and emerging security challenges of these organizations. Many of these organizations over the past couple of years have been struggling with the challenges of “Modern Malware”, “Mobile Device Management and Security” and how to […]
By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, I’ll demonstrate which dictionary attacks are the most effective. I will also demonstrate the building of passphrase dictionaries, an analysis of their effectiveness, and demonstrate a tool for building passphrase dictionaries. The password and passphrase […]
The ugly bastard child of FAIL Panel, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you (we may bring chocolates and super secure LiquidMatrix USB keys – as seen as DEFCON). Vendor and […]
The more things change the more they stay the same. There have been numerous advances in the security field over the last 15 years yet many corporate networks are still plagued with the same vulnerabilities they were over a decade ago. If a hacker from the late 1990’s had a time machine, how successful would […]
SIEM and feeds intelligence are common words found in the information security industry. We see them popping up in areas ranging from application, business, situation and threat intelligence. Whether the meaning is automated log analyses or manually generated reports of OSINT, threat intelligence is quickly becoming a must have item in any companies security arsenal. […]
But, here’s your password. Reset it, maybe? Everyone thinks they know about the Man in the Middle. Most places think as long as they have SSL, they’re immune. Attackers know better. We’ll demonstrate implications of Man in the Middle vulnerability that go beyond the 101. We’ll show how layer 2 weaknesses can be turned into […]
Does using VMware ThinApp isolation trim your risk? This presentation uses known vulnerabilities in popular software products like Firefox, Internet Explorer, Java, and Flash to compare the security implications of native installations and the three ThinApp Isolation modes to determine the viability of ThinApp as a means of using archaic/legacy software. The end result will […]
Zack Fasel brings a New Tool along with New methods to obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60 seconds or less on a fully patched and typically secured windows environment. The Grand […]
Intrusion defense mechanisms have been around for approximately two decades. However, slippery assailants continue to evade even state-of-the-art mechanisms. We have more technology than ever but few approaches that work reliably, especially given with the explosion of attack vectors. The problem of accurate and consistent attack detection and defense amid a sea of noise appears […]
A few years ago Alex Hutton coined the term Security Mendoza Line. It was in reference to Mario Mendoza the baseball player often used as a baseline for how well a player must hit in order to stay in the major leagues and not be demoted. Keeping up with the attacks automated within Metasploit can […]
Jason Mical is a network forensic specialist for AccessData. In this role Jason is responsible for the global management of AccessData's Network Forensic solutions and assists AD's customers with the assessment of IT risk reduction in such areas as electronic intercepts, intrusion analysis, virus detection, incidence response, privacy, asset management, policies, standards and guidelines. Jason also offers his expertise and consulting services to customers and other audiences on issues of electronic, computer, and physical security investigations. Jason has over 19 years experience in telecommunications fraud prevention, physical security management and [...]
Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.
Gunter Ollmann has a long-held passion for threat research and currently serves as Vice President of Research at Damballa, where he is focused on inventing new crimeware mitigation technologies and the identification of criminal operators behind botnets and other advanced persistent threats. Prior to joining Damballa, he held the role of Chief Security Strategist at IBM, was responsible for predicting the evolution of future threats and helping guide IBM's overall security research and protection strategy, and was the key IBM spokesperson on evolving threats and mitigation techniques. Ollmann also served [...]
Co-founder and Executive Director of CSA. Jim Reavis is the Executive Director of the CSA, and was recently named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com. Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, large enterprises and other organizations on the implications of new trends and how to take advantage of them. Jim has previously been an international board member of the ISSA and formerly served as the association's Executive Director. Jim currently serves in an advisory capacity for many [...]
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
Chester "Chet" Wisniewski is a Senior Security Advisor at Sophos with more than 15 years experience in the security industry. In his current role Chester conducts research into computer security and online privacy with the goal of making security information more accessible to the public, media and IT professionals. Chester frequently writes articles for the award winning Naked Security blog, produces the weekly podcast "Sophos Security Chet Chat" and is a frequent speaker at conferences and in the press.
Parth holds a Masters in Networking & Security from San Jose State University in 2008, and ever since has been working in the field of Security with companies in SF Bay Area. He designed and developed the 'Secure Tap Transfer Protocol' while working with 'Ricoh Innovation Inc. - California Research Lab', which allows handheld devices to establish a secure communication. Parth also worked with 'Connexed Inc' to harden the security of their Surveillance Camera infrastructure. For the past 3 years working with 'Qualys Inc.', Parth has been in charge of [...]
Charlie Miller is Principal Research Consultant at Accuvant Labs. He was the first with a public remote exploit for both the iPhone and a phone running Android. He won the CanSecWest Pwn2Own competition for the last four years. He's hacked Second Life and Batteries. He has authored two (and a half) information security books and holds a PhD from the University of Notre Dame.
Jason Macy is the Chief Technical Officer responsible for innovation and product strategy for global operations. Jason has been on the front-lines of the SOA security and testing industry for over 10 years and consistently brings real-world solutions to the sustained engineering initiatives ensuring that the product technology continues to lead the industry and provide out-of-the box product technology solutions to hundreds of industry use-cases. With experience from virtually every vertical industry sector, Jason has helped to evolve the product technology platform to be the global leader in FIPS 140-2 [...]
Jon McCoy is a .NET Software Engineer that focuses on security and forensics and the founder of DigitalBodyGuard.com. He has worked on a number of Open Source projects ranging from hacking tools to software for paralyzed people. With a deep knowledge of programming under the .NET Framework he has released new attacks on live applications and the .NET Framework itself. He provides consulting to protect .NET applications.
Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. He has obtained a Bachelor of Laws (LL.B.) degree from Osgoode Hall Law School in Toronto, Master of Laws (LL.M.) degrees from Cambridge University in the UK and Columbia Law School in New York, and a Doctorate in Law (J.S.D.) from Columbia Law School. Dr. Geist is the editor of many books including Law, Privacy and Surveillance in Canada in the Post-Snowden Era (2015, University of [...]
Sangameswaran Manikkayam Iyer is a Sr. Security Specialist with Symantec Canada. He brings with him over 15 years of industry experience in Information Security and Risk in large projects involving infrastructure software and emerging security technology solutions. He has designed IT solutions targeted in the arena of enterprise security, vulnerability assessment, end-point security enforcement & GRC. He has worked with customers across the globe in diverse verticals including: DoD, government, law enforcement agencies, telecom, banking & finance, transportation, energy and education. Sangameswaran is a symantec veteran for more than a [...]
As a malware researcher, Josh has spent the past 4 years investigating, and oftentimes battling Point of Sale malware. He has tracked malware families, made attempts at uncovering the authors behind malicious campaigns, and has had more than a few sleepless nights attempting to gain further insight and understanding behind a particular PoS malware sample. In short, Josh loves reversing malware, and PoS malware is his favorite. When he is not lost in assembly, or attempting to identify and subsequently replicate some cryptographic routine, Josh will often find himself throwing [...]
Ryan Merritt is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has sixteen (16) years of industry experience and has performed security research and presented talks on security topics for the Chicago Fed, Illinois Bankers Association, and BGSU. Prior to Trustwave he was a Senior Security Consultant for a Chicago based firm focusing on penetration testing, social engineering, and security architecture assessments. Ryan holds a Bachelor of Science in Computer Science [...]
Grayson Lenik is Director of Digital Forensics and Incident Response, part of Nuix’s Cyber Threat Analysis Team. He has worked in information security and digital technology for more than 20 years. Grayson has researched and presented on anti-forensics, cybercrime operations, and incident response methodology at conferences including DEFCON, SecTor, NetDiligence Cyber Risk Forum, International Association of Financial Crimes Investigators, and Electronic Crimes Special Agent Program. Grayson regularly instructs law enforcement and private organizations in incident response and digital forensics. He was the primary instructor for the United States Secret Service [...]
Global Security Manager - Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]
Greg Kliewer is the Senior Principal Consultant for Layer 7 Technologies in Canada. In this role, Greg consults on the architecture, design, and delivery of strategic API Management platforms for key CA Technologies accounts nationwide. Greg joined CA when Layer 7 was acquired in 2013. With over 15 years of experience delivering secure web services and APIs for Canadian banks, insurance companies, and government ministries and agencies, Greg understands what it takes to effect comprehensive change in large organizations.
Robert Beggs breaks into computers and data networks. As an ethical hacker and incident responder, he identifies and closes the vulnerabilities that could be exploited to create a security breach. He has been responsible for the technical leadership and project management of multiple successful responses to data loss. His experience has driven the development of the AIM methodology, used to effectively respond to a breach. His clients range from banks and insurance companies to small and medium enterprises. Robert holds an MBA in Science and Technology from Queen's University and [...]
Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]
Veteran security reporter Dennis Fisher has a decade of experience reporting on security industry news and issues. In his role as Threatpost's Editor-in-Chief, Dennis provides analysis on fast-breaking industry news, writing original in-depth features that cover malware attacks and cybercrime for end-users, business and IT professionals.
James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as [...]
Bharat Jogi is a Security Professional with over eight years of experience, including research on vulnerabilities, malware, protocol analysis, evolving attack vectors and signature development. He is currently a Senior Manager of Vulnerability Management Signatures at Qualys, where he leads a team of researchers that identify vulnerabilities in various products, reverse engineer binaries and malware and develop signatures for these threats. He holds a Masters degree in Computer Science from the University of Southern California and has been quoted extensively in mainstream media.
Speaker details not currently available.
David Senf is IDC Canada's Program Vice President, Infrastructure Solutions Group. His team forecasts and tracks the markets and competitors in the cloud, servers, storage, networking, security, software tools, and virtualization. He works with vendors, the channel, CIOs and IT professionals to form a complete picture of buying patterns. In the decade prior to joining IDC, he sold, managed and implemented IT consulting initiatives ranging from Web portals to online presence. His accumulated understanding of technology trends from a business strategy and IT "nuts and bolts" perspective enriches his research [...]
Kevvie Fowler is a partner in KPMG Canada's forensic practice and is an information security and data analytics specialist. As author of SQL Server Forensic Analysis and contributing author to several security and forensics books Kevvie is a recognized advisor who supports organizations across Canada and abroad. Kevvie also teaches database forensics to law enforcement agencies across North America and sits on the SANS GIAC Advisory Board where he guides the direction of emerging security and forensics research. Prior to joining KPMG, Kevvie Fowler managed his own professional services company [...]
Naveed Ul Islam (BEE Telecom/DSP, CISSP, GCFA, MCSE, CCNA) is a Sr. Security Analyst at TELUS and the Security Intelligence architect within the TELUS Intelligent Analysis team. Naveed's other interests are in application forensics and security. Previous to TELUS, Naveed was a security consultant for Microsoft USA where he performed security and privacy audits of Microsoft's core-business related websites and has secured several key sites such as Microsoft XBOX 360 host web site and Microsoft's internal auction site known as Micronews
Robert Falzon is currently the Canadian Security Engineering Manager for Check Point Software Technologies Inc., the worldwide leader in securing the Internet. His background includes over 17 years of experience in large scale network security architecture, design, and deployment projects for government and business organizations spanning the globe. Other past engineering responsibilities have included operational, management, and developmental duties for major accounts within EDS Canada's network security team, and lead engineer for many major European Telco accounts with Alcatel in Paris France. While with Alcatel, Robert worked to assist those [...]
Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he was responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability.
Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force. Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, [...]
Jibran Ilyas is a Senior Forensic Investigator at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, application security and security research. He has investigated some of the nation's largest data breaches and is a co-author of Trustwave's annual Global Security Reports, which provide data breach statistics and highlight latest hacker techniques. Jibran has presented talks at several global security conferences such as DEFCON, Black Hat, SecTor and SOURCE Barcelona, in the area of Computer Forensics and Cyber Crime. Jibran [...]
Will Bechtel, Director of Product Management, Qualys. He has over 25 years of information security and software development experience that spans industries such as financial services, high-tech, utilities, healthcare and defense. At Qualys, Will is the Director of Product Management for the Web Application Scanning and Malware Detection Services. Prior to Qualys, Will was the Application Security Practice Lead for AT&T's Security Consulting and a Sr. Consulting Manager in the Application Security Practice with VeriSign's Global Security Consulting where he lead application security assessments for fortune 500 clients. In previous [...]
Mike Rothman is President of Securosis and the author of “The Pragmatic CSO.” He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. After 20 years in security, he's one of the guys who "knows where the bodies are buried.” Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike held senior positions at SHYM Technology, CipherTrust, TruSecure and eIQnetworks. After getting fed up with vendor life, [...]
Seth Hardy is a Senior Security Analyst at the Citizen Lab, Munk School of Global Affairs, University of Toronto. Prior to the Citizen Lab, he worked for a large anti-virus vendor. Seth has worked extensively on analysis of document-based malware and AV evasion methods. His other areas of experience include provably secure cryptography, random number generators, and network vulnerability research. Seth has spoken at a number of security conferences including Black Hat, DEF CON, SecTor, and the CCC. He holds degrees from Worcester Polytechnic Institute in Mathematics and Computer Science.
Rodney Buike is a Solution Architect at CMS Consulting Inc. with over 14 years of experience with customers of all sizes. Rodney has spent 4 years at Microsoft as a Technology Evangelist sharing knowledge and experience on core Microsoft technologies. Rodney's current focus is Microsoft Virtualization and cloud solutions and was awarded Microsoft MVP status in System Center Private Cloud and Datacenter Management. Rodney maintains connections to the Toronto technology community by participating in local technology community groups and events.
David Mortman runs Security for enStratus and is a Contributing Analyst at Securosis. Previously he was responsible for operations and security for C3, LLC Formerly the Chief Information Security Officer for Siebel Systems, Inc., Before that, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Blackhat, Defcon and SourceBoston as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, [...]
Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations. Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol [...]
Ross C. Barrett, MSc, Senior Manager of Security Engineering, Rapid7, Inc. is a software engineer and security professional with a focus on vulnerability management and configuration assessment tools. At Rapid7 Ross is responsible for scanning and data collection for vulnerability, controls and compliance assessment. Previous roles include vulnerability researcher with several teams in the vulnerability management industry and roving IT fixer. Ross is frequently quoted in the press on the subject of vulnerability management and trending issues in security.
Chris Carpenter is an information security professional with over fifteen years' experience. He has worked in the US Intelligence community performing incident response, penetration testing and security assessments. He has recently given up most of his hands on activities and currently serves as the Chief Information Security Officer (CISO) for the United States Mint. In this role he is responsible for all aspects of security operations and compliance activities for the Mint. This includes penetration testing, incident response, network monitoring, PCI compliance and FISMA compliance. He still likes to participate [...]
Mike Geide is a senior security researcher at Zscaler, Inc. - a cloud computing, security software as a service (SaaS) provider. He is responsible for researching, analyzing, and developing mitigation strategies for security threats - particularly threats to Zscaler's cloud and web-based threats to its customers. He has spoken at several security conferences, including RSA, CanSecWest, and SANS; and his research has been cited in the media, including USA Today, The Register, and Dark Reading. Prior to joining Zscaler, Geide worked in the Federal Government for DHS/US-CERT and then the [...]
John Proctor is Director of Cyber Resilience for CGI, the 32,000 person Canadian company's national cyber security practice. John's team provides Consultant Enterprise Security Services, Enterprise Security Health Checks, Vulnerability Assessments and Penetration Tests, Cyber Forensics, Threat and Risk Assessments, Privacy Impact Assessments and managed security services. The team is based at CGI's secure facility in Ottawa and supports all of CGI's business units and clients, in Canada and abroad. John has provided security services to a number of Canada's major financial institutions, Federal, Provincial and Municipal government departments and [...]
Dave Black, has been a civilian member of RCMP for over 29 years. He joined the RCMP in the pre-internet / pre-cybercrime era and has transitioned into management of the RCMP's Cybercrime Fusion Centre (CCFC) in Ottawa's Technological Crime Program. Dave is a member of the RCMP Cybercrime Council, and an active participant in Public Safety Canada's inter-agency Cyber Security Workgroups. His duties include strategic assessment of cybercrime trends, development of policy for cyber incident triage and guidance to Canadian federal departments on security standards, incident response plans and Industrial [...]
Elvis Gregov is an experienced Security Solutions Architect and has been a key technical resource in the IT Security sector here in Canada for over 10 years. Elvis started his IT security career with Hewlett Packard Canada back in 2002 as a Network Security Analyst and from there progressively moved up the ranks within organizations such as Emergis, TELUS and Forsythe, where he was the senior Security Solutions Architect. As a Senior Solutions Engineer now for Accuvant Canada, Elvis spends his time articulating the Accuvant value-proposition and sharing the value [...]
William Tysiak has been focused on launching predominantly U.S.-based IT Security companies into Canada, dating back to 1998. William was the first card carrying employee of Network Associates (NAI) in Canada, the Santa Clara, California merger between McAfee and Network General, and he helped build their enterprise client base and channel. From there William launched Texas-based Intrusion.com, an IDS and firewall appliance manufacturer into Canada as their Country Manager. William's next project was launching Atlanta-based Ciphertrust, the manufacturer of IronMail (the World's first email firewall and arguably the top anti-spam [...]
Steve Werby is an independent information security consultant and researcher. He was formerly the Chief Information Security Officer at the University of Texas at San Antonio, as well as enterprise information security officer for the Virginia Department of Corrections and Virginia Commonwealth University. Before making the shift to information security program management in 2006, he operated an information security consultancy with an international client base, served as COO for a web development firm, and held engineering roles in a Fortune 500 manufacturing company. He has an industrial and systems engineering [...]
Ben Sapiro is the Senior Director of Security, Privacy and Compliance at Vision Critical (a SaaS company) and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school. Other than that, he’s a typical middle-aged Canadian who has worked at $companies doing $work to earn Canadian pesos. Ben is a regular contributor on LiquidMatrix Podcast (whenever we get around to recording it) and helps run BSidesTO.
Global Security Advocate
Dave has over two decades of industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies . He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for Forbes and Huffington Post.
Independent Security Consultant
Jamie Gamble started his professional career as a programmer before joining the research team at nCircle, where he worked on automating detection of web and network based vulnerabilities. He then began working for security centric consulting companies specializing in auditing complex applications and performing red team assessments. His experience also includes malware analysis and proactive adversary hunting. Jamie is deeply involved in the security community and is a co-organizer of the international security conference REcon which focuses on advanced security research and reverse engineering. He is a co-founder of Bsides [...]
Space Rogue is widely sought after for his unique views and perceptions of the information security industry, he has testified before Congress and has been quoted in numerous media outlets. Space Rogue was an early member of the security research think tank L0pht Heavy Industries and helped co-found the Internet security consultancy @Stake. He created the widely popular Hacker News Network, which, not once but twice, became a major resource for information security news. He currently works as the Threat Intelligence Manager for Trustwave SpiderLabs.
Tyler Reguly, Manager of Security Research & Development, and Jordan Powers, Research Engineer from nCircle, have done the research for this paper. nCircle is the leading provider of automated security and compliance auditing solutions. Tyler is a key member of nCircle's Vulnerability and Exposure Research Team where he focuses on web application security and vulnerability detection. Tyler has lent his expertise to various projects including reverse engineering and OS X vulnerability detection and is involved in several industry initiatives such as CVSS-SIG and WASSEC. Tyler is a frequent speaker at [...]
Jordan Powers is currently a Security Analyst at one the of world's largest financial institutions. He is currently performing gap analysis on polices and procedures and has created, deployed and maintained virtual applications to hundreds of users. Previously he was at nCircle as a security researcher where he applied research into local application analytics on Mac OS X, while also maintaining the virtual infrastructure."
Zack Fasel is a seasoned Penetration Tester and Security Consultant with diverse experience serving clients ranging in Fortune 1000s, Enterprises, and SMBs in varying industries. He has delivered hundreds of network, wireless, and social penetration tests and subsequently driven strong defensive remediation strategies as a result. Zack tries to stay closely connected to the local security community in Chicago as the lead for dc312[.org] and as a Co-Founder of THOTCON[.org], Chicago's local Hacking con. When not focusing his efforts on Infosec, Zack can be found playing the untz untz wubs, [...]
Founder and Chief Security Strategist, eSentire
In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now, with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.
Ed is the CEO of Risk I/O a vulnerability management Software as a Service that centralizes, correlates and automates the entire stack of security vulnerabilities and remediation workflow. Prior to Risk I/O, Ed served as the Chief Information Security Officer for Orbitz, the well-known online travel agency where he built and led the information security program and personnel for over 6 years. Ed has 20 years of experience in information security and technology. He is a frequent speaker at information security events across North America and Europe. Past talks have [...]