The Digital Revolution is enabling business to provide their customers with new, innovative products and services, thus exposing corporate networks and data to greater risks from cyber threats. These threats are increasingly sophisticated. Existing firewall strategies combined with old fashioned mentality are no longer are able to offer business the security and protection they need. […]
Have you ever wondered what SQL injection was, and how it worked? Couldn’t figure out how someone could take over your web browsing and redirect you to another site entirely, or intercept and replace legitimate web traffic with some nasty malware? Dave Millier and Assef G. Levy will give you an overview of web application […]
This talk will focus on attacking .NET Desktop Applications(EXE/DLL/Live Memory) Both WhiteHat and BlackHat hacking will be shown on common security concerns such as intellectual property protection systems and licensing systems. This presentation will have a New Drop of forensic info on what can be accessed about a .NET application, with basic info targeted at […]
In February 2012, the Canadian government introduced “lawful access” legislation that granted new powers to law enforcement to access private communications and require telecommunications providers to install new surveillance capabilities. The bill generated a massive public backlash as Canadians loudly rejected the bill and pressured the government to reconsider its surveillance plans. Michael Geist played […]
Today’s threat landscape is evolving radically and BYOD (Bring Your Own Device) is all the rage. In 2011 alone, Symantec detected and blocked 5.5 billion malicious attacks, an increase of more than 81 percent from the previous year. Social networks and mobile computing are opening up new security vulnerabilities and personal sites and blogs were […]
Over the past year, Trustwave’s SpiderLabs malware team has been continually reminded why we love our jobs – we get to play with malware. But not just any malware, no, we get to reverse engineer and analyze malware from targeted incident response cases. This opportunity allows us to see what criminals are doing at a […]
“Hunting Carders for fun and profit” describes the rise in E-commerce breaches over the last year. The talk touches on the reasons cardholder data is so valuable on the black market, the three most common attack vectors, examples of malware discovered during actual investigations, the wrong way to encrypt databases and examples of how several […]
Join Kellman for a critique of the LucasFilm epic, from the perspective of a security audit. He will review the security procedures and practices of the Galactic Empire, and see what they did well, but more importantly, learn from the mistakes they made. Prepare for a discussion on security policies and procedures, applied during the […]
The kinds of web services developed and deployed to support Service Orientation over the first decade of the new millennium are not compatible with the applications being developed for mobile devices. In this talk, you will learn about the “Web APIs” favored by mobile developers, how they differ from the Web Services deployed in SOAs, […]
Most computer forensic examinations focus on system forensics – live system and memory data, and the data remaining on storage devices. These investigations neglect the significant amount of network data (moving packets, event logs, and specialized tools such as honeypots). During this session, you will learn proactive and post-response techniques for collecting and analyzing network […]
But, here’s your password. Reset it, maybe? Everyone thinks they know about the Man in the Middle. Most places think as long as they have SSL, they’re immune. Attackers know better. We’ll demonstrate implications of Man in the Middle vulnerability that go beyond the 101. We’ll show how layer 2 weaknesses can be turned into […]
Malware and targeted attacks are an extremely serious threat to the security of SMBs and large enterprises. Targeted attacks generally follow predefined strategies and one of the possible vectors is to attack via a mobile device. A successful targeted attack can seriously damage a company’s intellectual property, confidential information and reputation. Attendees will learn about […]
You want it all. But you’re scared. You don’t want to put on a suit and watch your soul shrivel. There is another way. In this session, you will learn: – why you want to do this to yourself – how to get the first job (which will suck) – how to turn the first […]
How many times have you wondered what really gets fixed inthe security patches released by vendors? Are you curious to find new vulnerabilities that could be introduced due to faulty patches? This talk will go over some basic reversing techniques that anyone can use to read what exactly gets fixed in patches. These techniques can […]
This session explores the concept of network forensic investigations using HP ArcSight ESM, and how security analysts can use it to assist HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile devices, the need for well-defined workflow and the use of industry-accepted […]
How many breaches occurred in Canada last year? And how many might there be by 2015? How much personal confidential Canadian data will be lost next year? Join this session to learn which types of firms are losing data and how. He won’t name names, but Dave will quickly walk you through a cool model […]
Open-source Intelligence has picked up quite a hype lately and everyone talks about its importance within a security program to protect organizations against present and emerging threats. With the advent of social media, monitoring all these sources has become even a bigger challenge. Despite its importance, no one has provided specific guidance on how exactly […]
This presentation was designed to provide a glimpse into the curious world of Social Engineering, and it’s serious impact being felt within businesses and homes around the world. Robert helps to shed light on many of the low tech techniques successfully being used defeat today’s highest-tech security solutions. With a focus on the human elements […]
The Microsoft Security Response Center has been responding to security vulnerabilities and incidents for more than 10 years, and we’ve learned a few things along the way. In this presentation, we’ll pull back the curtain and walk you through the formal processes and informal guidelines that we use to handle hundreds of vulnerability reports every […]
As companies increase funding for Network Security and get mature in that space, the attackers are shifting their methodologies and attack vectors as well. Targeted malware is not the exception but a norm these days. “Data in Transit” is becoming the new goldmine as the data in database gets ample encryption treatment these days. Parsing […]
This presentation will review some of the reasons that web application security is so important – citing data from the Verizon Data Breach Investigations Report which identified web applications as one of the primary attack and data loss vectors. Next, an overview of a conventional scanning program will be outlined as well as how a […]
Mobile security is the hottest topic for senior security professionals as organizations struggle with how to support smartphones and other consumer-grade devices connecting to the network. This session will present a process to evaluate the risk of these devices, define appropriate policies, and control the use of these devices. We’ll also discuss (at a high […]
A new development of 2012, targeted attacks (APTs) against human rights now often include malware specifically designed to compromise Macs. Mac users have long thought they’re safe, for a variety of reasons including: “nobody ever targets us” (not anymore!), “Macs are based on Unix so have additional security” (not if new vulnerabilities are found, or […]
Many organizations face common challenges of fully leveraging their Enterprise Monitoring tool to give a holistic and cross-sectional view of the health and performance of core infrastructure and distributed applications. This presentation provides its audience a greater understanding of how to operationalize Microsoft’s System Center Operations Manager (SCOM 2007 or 2012) based on the key […]
Want to get better at security? Improve your ops and improve your dev. Most of the security tools you need aren’t from security vendors, they don’t even need to be commercial. You need tools like chef & puppet, jenkins, logstash + elasticsearch & splunk or even hadoop to name but a few. The key is […]
The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years. […]
In this session, “Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches,” Rapid7 will discuss what we can learn from recent high profile breaches including LinkedIn and Global Payments.
An overview of the risks and mitigations encountered in planning the outsourcing of the United States Mint’s $700 Million a year numismatic ecommerce site. The presentation focuses on how to assess your cloud vendor and specific information and access to request to make sure your data is secure. Many of the mitigations discussed in the […]
Aggregating and correlating open-source intelligence (OS-INT) is an important aspect of both attack and defense. When on the offensive, OS-INT provides critical reconnaissance information. Whether sucking down data from corporate directories, gathering information from social networking sites, or combing Pastebin for stolen credentials, the relationships among associated data sets paint a critical picture highlighting potential […]
Why technology and process don’t solve the problem alone and how to make security part of the normal pattern of behaviour for your organization. Instead of assuming that “humans are the weakest link” this talk will show how to make people the first line of defence and make them an asset, instead of a liability.
This session will highlight the link and differences between security efforts and criminal interdiction. Cybercrime continues to be a significant concern to industry and the public in Canada. This session will highlight some of the important activities now underway to address this criminal threat. Attendees will become aware of crime trends and priority threats. Industry […]
Unless you’ve been living under a rock you’ve heard that Hadoop is regarded as the miracle solution for the big data needs of business. It is not uncommon for Hadoop clusters to store and process terabytes of sensitive information. Hadoop’s enormous data stores and inherit security issues make it the perfect storm of risk for […]
As the trusted security advisor to 65 of the Fortune 100, Accuvant is in a unique position to understand the current and emerging security challenges of these organizations. Many of these organizations over the past couple of years have been struggling with the challenges of “Modern Malware”, “Mobile Device Management and Security” and how to […]
By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, I’ll demonstrate which dictionary attacks are the most effective. I will also demonstrate the building of passphrase dictionaries, an analysis of their effectiveness, and demonstrate a tool for building passphrase dictionaries. The password and passphrase […]
The ugly bastard child of FAIL Panel, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you (we may bring chocolates and super secure LiquidMatrix USB keys – as seen as DEFCON). Vendor and […]
The more things change the more they stay the same. There have been numerous advances in the security field over the last 15 years yet many corporate networks are still plagued with the same vulnerabilities they were over a decade ago. If a hacker from the late 1990’s had a time machine, how successful would […]
SIEM and feeds intelligence are common words found in the information security industry. We see them popping up in areas ranging from application, business, situation and threat intelligence. Whether the meaning is automated log analyses or manually generated reports of OSINT, threat intelligence is quickly becoming a must have item in any companies security arsenal. […]
But, here’s your password. Reset it, maybe? Everyone thinks they know about the Man in the Middle. Most places think as long as they have SSL, they’re immune. Attackers know better. We’ll demonstrate implications of Man in the Middle vulnerability that go beyond the 101. We’ll show how layer 2 weaknesses can be turned into […]
Does using VMware ThinApp isolation trim your risk? This presentation uses known vulnerabilities in popular software products like Firefox, Internet Explorer, Java, and Flash to compare the security implications of native installations and the three ThinApp Isolation modes to determine the viability of ThinApp as a means of using archaic/legacy software. The end result will […]
Zack Fasel brings a New Tool along with New methods to obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60 seconds or less on a fully patched and typically secured windows environment. The Grand […]
Intrusion defense mechanisms have been around for approximately two decades. However, slippery assailants continue to evade even state-of-the-art mechanisms. We have more technology than ever but few approaches that work reliably, especially given with the explosion of attack vectors. The problem of accurate and consistent attack detection and defense amid a sea of noise appears […]
A few years ago Alex Hutton coined the term Security Mendoza Line. It was in reference to Mario Mendoza the baseball player often used as a baseline for how well a player must hit in order to stay in the major leagues and not be demoted. Keeping up with the attacks automated within Metasploit can […]
The more things change, the more they stay the same. The first volley of Sniper Forensics presentations focused on single system forensic methodology, data acquisition, interpretation, and ultimately the identification of the Indicators of Compromise found in a breach. In this round, Sniper Forensics takes aim at the world of Incident Response with the same […]
HTML5 introduces significant changes for today’s websites: new and updated tags, new functionality, better error handling and improved Document Object Model (DOM). However, the HTML5 new features come with new (application) security vulnerabilities. This session will review the new attack vectors, associated risks and what a needs to be taken into consideration when implementing HTML5.
Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide […]
DNSSEC was designed to protect the Domain Name System from an ever increasing stream of DNS spoofing attacks and (non-)malicious DNS rewriting schemes. But from the start, many intended to use this new distributed and digitally signed database for other purposes as well. DNSSEC can already be used to secure large scale TLS, SSH and […]
Digital investigations may be conducted differently by various labs (law enforcement agencies, private firms, enterprise corporations) but each lab performs similar steps when acquiring, processing, analyzing, or reporting on data. This updated talk will discuss techniques that criminals can use to throw wrenches into each of these steps in order to disrupt an investigation, and […]
Have you ever wished for the power of Maltego when performing internal assessments? Ever hoped to map the internal network within seconds? Or that Maltego had a tad more aggression? Sploitego is the answer. In the presentation we’ll show how we’ve carefully crafted several local transforms that gives Maltego the ooomph to operate nicely within […]
No matter what anyone tells you, no investigation is complete or comprehensive if it only includes host-based forensic analysis. The fact is the host never has all of the relevant information, and there are way too many techniques for ensuring that no incriminating evidence is ever left on the disk. Because of this reality, it […]
Many security professionals think of locks as curiosities or puzzles, and are well acquainted with the idea that “locks keep honest people honest.” However, physical security has a rich history and our modern relationship to locks is very different than it was even a hundred years ago. In this talk we’ll put modern physical security […]
Jason Macy is the Chief Technical Officer responsible for innovation and product strategy for global operations. Jason has been on the front-lines of the SOA security and testing industry for over 10 years and consistently brings real-world solutions to the sustained engineering initiatives ensuring that the product technology continues to lead the industry and provide out-of-the box product technology solutions to hundreds of industry use-cases. With experience from virtually every vertical industry sector, Jason has helped to evolve the product technology platform to be the global leader in FIPS 140-2 [...]
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
Jon McCoy is a .NET Software Engineer that focuses on security and forensics and the founder of DigitalBodyGuard.com. He has worked on a number of Open Source projects ranging from hacking tools to software for paralyzed people. With a deep knowledge of programming under the .NET Framework he has released new attacks on live applications and the .NET Framework itself. He provides consulting to protect .NET applications.
Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. He has obtained a Bachelor of Laws (LL.B.) degree from Osgoode Hall Law School in Toronto, Master of Laws (LL.M.) degrees from Cambridge University in the UK and Columbia Law School in New York, and a Doctorate in Law (J.S.D.) from Columbia Law School. Dr. Geist is the editor of many books including Law, Privacy and Surveillance in Canada in the Post-Snowden Era (2015, University of [...]
Sangameswaran Manikkayam Iyer is a Sr. Security Specialist with Symantec Canada. He brings with him over 15 years of industry experience in Information Security and Risk in large projects involving infrastructure software and emerging security technology solutions. He has designed IT solutions targeted in the arena of enterprise security, vulnerability assessment, end-point security enforcement & GRC. He has worked with customers across the globe in diverse verticals including: DoD, government, law enforcement agencies, telecom, banking & finance, transportation, energy and education. Sangameswaran is a symantec veteran for more than a [...]
As a malware researcher, Josh has spent the past 4 years investigating, and oftentimes battling Point of Sale malware. He has tracked malware families, made attempts at uncovering the authors behind malicious campaigns, and has had more than a few sleepless nights attempting to gain further insight and understanding behind a particular PoS malware sample. In short, Josh loves reversing malware, and PoS malware is his favorite. When he is not lost in assembly, or attempting to identify and subsequently replicate some cryptographic routine, Josh will often find himself throwing [...]
Ryan Merritt is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has sixteen (16) years of industry experience and has performed security research and presented talks on security topics for the Chicago Fed, Illinois Bankers Association, and BGSU. Prior to Trustwave he was a Senior Security Consultant for a Chicago based firm focusing on penetration testing, social engineering, and security architecture assessments. Ryan holds a Bachelor of Science in Computer Science [...]
Grayson Lenik is Director of Digital Forensics and Incident Response, part of Nuix’s Cyber Threat Analysis Team. He has worked in information security and digital technology for more than 20 years. Grayson has researched and presented on anti-forensics, cybercrime operations, and incident response methodology at conferences including DEFCON, SecTor, NetDiligence Cyber Risk Forum, International Association of Financial Crimes Investigators, and Electronic Crimes Special Agent Program. Grayson regularly instructs law enforcement and private organizations in incident response and digital forensics. He was the primary instructor for the United States Secret Service [...]
Global Security Manager - Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]
Greg Kliewer is the Senior Principal Consultant for Layer 7 Technologies in Canada. In this role, Greg consults on the architecture, design, and delivery of strategic API Management platforms for key CA Technologies accounts nationwide. Greg joined CA when Layer 7 was acquired in 2013. With over 15 years of experience delivering secure web services and APIs for Canadian banks, insurance companies, and government ministries and agencies, Greg understands what it takes to effect comprehensive change in large organizations.
Robert Beggs breaks into computers and data networks. As an ethical hacker and incident responder, he identifies and closes the vulnerabilities that could be exploited to create a security breach. He has been responsible for the technical leadership and project management of multiple successful responses to data loss. His experience has driven the development of the AIM methodology, used to effectively respond to a breach. His clients range from banks and insurance companies to small and medium enterprises. Robert holds an MBA in Science and Technology from Queen's University and [...]
Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]
Veteran security reporter Dennis Fisher has a decade of experience reporting on security industry news and issues. In his role as Threatpost's Editor-in-Chief, Dennis provides analysis on fast-breaking industry news, writing original in-depth features that cover malware attacks and cybercrime for end-users, business and IT professionals.
James Arlen leads Heroku’s (a division of Salesforce) Production Engineering team focused on delivering integrity, availability, and maturity to Heroku’s fleet operations. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Salesforce Heroku, James is a Contributing Analyst at the research firm Securosis, [...]
Bharat Jogi is a Security Professional with over eight years of experience, including research on vulnerabilities, malware, protocol analysis, evolving attack vectors and signature development. He is currently a Senior Manager of Vulnerability Management Signatures at Qualys, where he leads a team of researchers that identify vulnerabilities in various products, reverse engineer binaries and malware and develop signatures for these threats. He holds a Masters degree in Computer Science from the University of Southern California and has been quoted extensively in mainstream media.
Speaker details not currently available.
David Senf is an IT research and advisory thought leader and executive with a particular focus on cybersecurity. He has spent close to two decades analyzing and delivering vendor, provider, channel and end-user success. He examines security within the larger context of technology adoption from containers to cloud and from DevOps to devices. He founded Cyverity to promote cybersecurity risk awareness, solutions selection, and operations benchmarks and best practices. Previously he was a VP at IDC where he worked with and presented to countless organizations - and much of the [...]
Kevvie Fowler is the Deloitte Global Incident Response Leader and Canadian Resilient practice leader where he leads the strategy and delivery of cyber response and crisis management services. He has more than 22 years of experience assisting organizations prepare for and recover from some of the industry’s most high-profile data breaches and business disruptions. Kevvie is the author of several cyber security and forensics books and is a global authority in database forensics, using the science to better investigate breaches and minimize their impact on clients. Kevvie has served as [...]
Naveed Ul Islam (BEE Telecom/DSP, CISSP, GCFA, MCSE, CCNA) is a Sr. Security Analyst at TELUS and the Security Intelligence architect within the TELUS Intelligent Analysis team. Naveed's other interests are in application forensics and security. Previous to TELUS, Naveed was a security consultant for Microsoft USA where he performed security and privacy audits of Microsoft's core-business related websites and has secured several key sites such as Microsoft XBOX 360 host web site and Microsoft's internal auction site known as Micronews
Robert Falzon is currently the Head of Engineering within the office of the CTO for Check Point Software Technologies Inc., the worldwide leader in securing the Internet. His background includes over 20 years of experience in large-scale network security architecture, design, and deployment projects for government and business organizations spanning the globe. Robert currently leads a large team of the most talented cyber security engineers in the industry who are responsible for educating the market on the latest cyber security trends. Other past responsibilities have included operational, management, and developmental duties [...]
Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he was responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability.
Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force. Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, [...]
Jibran Ilyas is a Senior Forensic Investigator at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, application security and security research. He has investigated some of the nation's largest data breaches and is a co-author of Trustwave's annual Global Security Reports, which provide data breach statistics and highlight latest hacker techniques. Jibran has presented talks at several global security conferences such as DEFCON, Black Hat, SecTor and SOURCE Barcelona, in the area of Computer Forensics and Cyber Crime. Jibran [...]
Will Bechtel, Director of Product Management, Qualys. He has over 25 years of information security and software development experience that spans industries such as financial services, high-tech, utilities, healthcare and defense. At Qualys, Will is the Director of Product Management for the Web Application Scanning and Malware Detection Services. Prior to Qualys, Will was the Application Security Practice Lead for AT&T's Security Consulting and a Sr. Consulting Manager in the Application Security Practice with VeriSign's Global Security Consulting where he lead application security assessments for fortune 500 clients. In previous [...]
Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.
Seth Hardy is a Senior Security Analyst at the Citizen Lab, Munk School of Global Affairs, University of Toronto. Prior to the Citizen Lab, he worked for a large anti-virus vendor. Seth has worked extensively on analysis of document-based malware and AV evasion methods. His other areas of experience include provably secure cryptography, random number generators, and network vulnerability research. Seth has spoken at a number of security conferences including Black Hat, DEF CON, SecTor, and the CCC. He holds degrees from Worcester Polytechnic Institute in Mathematics and Computer Science.
As Senior Technical Specialist – Modern Workplace Security and Compliance, Rodney Buike specializes in identity, threat, and information protection focused on enhancing the security and compliance practices of Microsoft 365 clients worldwide. An expert in cloud technology, this award-winning technology evangelist works collaboratively with finance, insurance, and manufacturing clients to ensure their workforce can work securely on any device and in any location. Rodney is a gifted communicator and technician. Throughout a 20+-year career, his ability to analyze and resolve complex problems has benefited clients greatly. A passionate advocate for [...]
David Mortman runs Security for enStratus and is a Contributing Analyst at Securosis. Previously he was responsible for operations and security for C3, LLC Formerly the Chief Information Security Officer for Siebel Systems, Inc., Before that, Mr. Mortman was Manager of IT Security at Network Associates. Mr. Mortman has also been a regular panelist and speaker at RSA, Blackhat, Defcon and SourceBoston as well. Mr. Mortman sits on a variety of advisory boards including Qualys. He holds a BS in Chemistry from the University of Chicago. David writes for Securosis, [...]
Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations. Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol [...]
Ross C. Barrett, MSc, Senior Manager of Security Engineering, Rapid7, Inc. is a software engineer and security professional with a focus on vulnerability management and configuration assessment tools. At Rapid7 Ross is responsible for scanning and data collection for vulnerability, controls and compliance assessment. Previous roles include vulnerability researcher with several teams in the vulnerability management industry and roving IT fixer. Ross is frequently quoted in the press on the subject of vulnerability management and trending issues in security.
Chris Carpenter is an information security professional with over fifteen years' experience. He has worked in the US Intelligence community performing incident response, penetration testing and security assessments. He has recently given up most of his hands on activities and currently serves as the Chief Information Security Officer (CISO) for the United States Mint. In this role he is responsible for all aspects of security operations and compliance activities for the Mint. This includes penetration testing, incident response, network monitoring, PCI compliance and FISMA compliance. He still likes to participate [...]
Mike Geide is a senior security researcher at Zscaler, Inc. - a cloud computing, security software as a service (SaaS) provider. He is responsible for researching, analyzing, and developing mitigation strategies for security threats - particularly threats to Zscaler's cloud and web-based threats to its customers. He has spoken at several security conferences, including RSA, CanSecWest, and SANS; and his research has been cited in the media, including USA Today, The Register, and Dark Reading. Prior to joining Zscaler, Geide worked in the Federal Government for DHS/US-CERT and then the [...]
John Proctor is Director of Cyber Resilience for CGI, the 32,000 person Canadian company's national cyber security practice. John's team provides Consultant Enterprise Security Services, Enterprise Security Health Checks, Vulnerability Assessments and Penetration Tests, Cyber Forensics, Threat and Risk Assessments, Privacy Impact Assessments and managed security services. The team is based at CGI's secure facility in Ottawa and supports all of CGI's business units and clients, in Canada and abroad. John has provided security services to a number of Canada's major financial institutions, Federal, Provincial and Municipal government departments and [...]
Dave Black, has been a civilian member of RCMP for over 29 years. He joined the RCMP in the pre-internet / pre-cybercrime era and has transitioned into management of the RCMP's Cybercrime Fusion Centre (CCFC) in Ottawa's Technological Crime Program. Dave is a member of the RCMP Cybercrime Council, and an active participant in Public Safety Canada's inter-agency Cyber Security Workgroups. His duties include strategic assessment of cybercrime trends, development of policy for cyber incident triage and guidance to Canadian federal departments on security standards, incident response plans and Industrial [...]
Elvis Gregov is an experienced Security Solutions Architect and has been a key technical resource in the IT Security sector here in Canada for over 10 years. Elvis started his IT security career with Hewlett Packard Canada back in 2002 as a Network Security Analyst and from there progressively moved up the ranks within organizations such as Emergis, TELUS and Forsythe, where he was the senior Security Solutions Architect. As a Senior Solutions Engineer now for Accuvant Canada, Elvis spends his time articulating the Accuvant value-proposition and sharing the value [...]
William Tysiak has been focused on launching predominantly U.S.-based IT Security companies into Canada, dating back to 1998. William was the first card carrying employee of Network Associates (NAI) in Canada, the Santa Clara, California merger between McAfee and Network General, and he helped build their enterprise client base and channel. From there William launched Texas-based Intrusion.com, an IDS and firewall appliance manufacturer into Canada as their Country Manager. William's next project was launching Atlanta-based Ciphertrust, the manufacturer of IronMail (the World's first email firewall and arguably the top anti-spam [...]
Steve Werby is an independent information security consultant and researcher. He was formerly the Chief Information Security Officer at the University of Texas at San Antonio, as well as enterprise information security officer for the Virginia Department of Corrections and Virginia Commonwealth University. Before making the shift to information security program management in 2006, he operated an information security consultancy with an international client base, served as COO for a web development firm, and held engineering roles in a Fortune 500 manufacturing company. He has an industrial and systems engineering [...]
Ben Sapiro is the Global CISO of Great West LifeCo and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school; he’s even done privacy and compliance work to pay the bills. Other than that, he’s a typical middle-aged Canadian security professional who has worked in several verticals including SaaS, natural resources and telecom. Ben is a contributor to the Liquidmatrix Podcast (whenever we get around to recording it) and used to help with other stuff like BSidesTO until he realized he should not test his wife’s [...]
Global Security Advocate
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.
Independent Security Consultant
Jamie Gamble started his professional career as a programmer before joining the research team at nCircle, where he worked on automating detection of web and network based vulnerabilities. He then began working for security centric consulting companies specializing in auditing complex applications and performing red team assessments. His experience also includes malware analysis and proactive adversary hunting. Jamie is deeply involved in the security community and is a co-organizer of the international security conference REcon which focuses on advanced security research and reverse engineering. He is a co-founder of Bsides [...]
Space Rogue is widely sought after for his unique views and perceptions of the information security industry, he has testified before Congress and has been quoted in numerous media outlets. Space Rogue was an early member of the security research think tank L0pht Heavy Industries and helped co-found the Internet security consultancy @Stake. He created the widely popular Hacker News Network, which, not once but twice, became a major resource for information security news. He currently works as the Threat Intelligence Manager for Trustwave SpiderLabs.
Tyler Reguly is a Manager of Security Research with Tripwire, and a key member of VERT (Vulnerability and Exposure Research Team), where he focuses on web application security and vulnerability detection. Tyler is involved in industry initiatives such as CVSS-SIG, and has spoken at many security events, including RSA and SecTor. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario by developing and teaching several security related courses. Tyler is frequently quoted by security industry press and is a prolific blogger.
Jordan Powers is currently a Security Analyst at one the of world's largest financial institutions. He is currently performing gap analysis on polices and procedures and has created, deployed and maintained virtual applications to hundreds of users. Previously he was at nCircle as a security researcher where he applied research into local application analytics on Mac OS X, while also maintaining the virtual infrastructure."
Zack Fasel is a seasoned Penetration Tester and Security Consultant with diverse experience serving clients ranging in Fortune 1000s, Enterprises, and SMBs in varying industries. He has delivered hundreds of network, wireless, and social penetration tests and subsequently driven strong defensive remediation strategies as a result. Zack tries to stay closely connected to the local security community in Chicago as the lead for dc312[.org] and as a Co-Founder of THOTCON[.org], Chicago's local Hacking con. When not focusing his efforts on Infosec, Zack can be found playing the untz untz wubs, [...]
Founder and Chief Innovation Officer, eSentire
In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now, with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.
Ed is the CEO of Risk I/O a vulnerability management Software as a Service that centralizes, correlates and automates the entire stack of security vulnerabilities and remediation workflow. Prior to Risk I/O, Ed served as the Chief Information Security Officer for Orbitz, the well-known online travel agency where he built and led the information security program and personnel for over 6 years. Ed has 20 years of experience in information security and technology. He is a frequent speaker at information security events across North America and Europe. Past talks have [...]
Chuck Ben-Tzur is an IT Security professional with over 15 years of experience as a consultant and a senior manager. Chuck has helped leading Canadian and international organizations to build their corporate security program, assess and implement effective security controls and maintain ongoing compliance. To keep his technical knowledge fresh and up-to-date, Chuck likes to “keep his hands dirty” by researching the security of new technologies and is continuously performing hands-on penetration testing, vulnerability assessments and threat risk analysis. Chuck has presented at many conferences and in front of professional [...]
Paul Wouters received his Bachelors degree in Education in 1993. He co-founded an ISP and a security company specialising in IPsec and DNSSEC. For many years, he has been the release manager for Openswan, the Linux IPsec software. He is the co-founder of the first Toronto hacker space, HackLab.TO. He is an active participant and document author with the IETF, and is currently a Senior Software Engineer for the security group at Red Hat where he gets to shoot himself in the foot every day with FIPS and SElinux.
Michael Perklin is currently employed as a Senior Investigator within the Corporate Investigations department of Rogers Communications. Throughout his career he has performed digital-forensic examinations on over a thousand devices and has processed petabytes of information for electronic discovery. Michael is a member of the High Technology Crime Investigations Association, a professor of digital forensics for Sheridan's Information Security degree program, and is an avid information security nut who loves reading about new ways to break things.
Nadeem Douba - GWAPT, GPEN: Currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over 10 years and has frequently presented at ISSA and company seminars and training sessions. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.
Jason Mical is a network forensic specialist for AccessData. In this role Jason is responsible for the global management of AccessData's Network Forensic solutions and assists AD's customers with the assessment of IT risk reduction in such areas as electronic intercepts, intrusion analysis, virus detection, incidence response, privacy, asset management, policies, standards and guidelines. Jason also offers his expertise and consulting services to customers and other audiences on issues of electronic, computer, and physical security investigations. Jason has over 19 years experience in telecommunications fraud prevention, physical security management and [...]
Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.