Past Events



Sesssions


- Expo Theatre (Hall G) '

Fortifying Canada’s Cyberspace: Together

The foundation of Canada’s economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to […]

Sponsor Track
John Weigelt
- Expo Theatre (Hall G) '

How they get in and how they get caught

This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]

SECurity FUNdamentals
Schuyler Towne
- Expo Theatre (Hall G) '

Fiber Channel – Your OTHER Data Center Network

The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as “a storage thing” that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel […]

Tech
Rob VandenBrink
- Expo Theatre (Hall G) '

MILLION BROWSER BOTNET

Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript — even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean […]

Tech
Matt Johansen
- Expo Theatre (Hall G) '

Modern Malware and APTs – What Current Controls Can’t See

In this seminar, Ajay K. Sood will: Discuss the motivation and nature of APT and Modern Malware Outline malware trends, and the Modern Malware lifecycle Reveal how Modern Malware defeats current countermeasures Give examples of Data Exfiltration and botnet control

Sponsor Track
Ajay Sood
- Expo Theatre (Hall G) '

Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments

This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical […]

Sponsor Track
Jamie Gamble
Mark Bassegio
- Expo Theatre (Hall G) '

Pivoting in Amazon clouds

From no access at all, to the company Amazon’s root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon’s services through it’s […]

Tech
Andrés Riancho
- Expo Theatre (Hall G) '

Malware Automation

Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools […]

Tech
Christopher Elisan
- Expo Theatre (Hall G) '

The Bad Boys of Cybercrime

These silent attackers hit more than 1,000 victims annually. They shows no prejudice, have no compassion. They come like an unseen thief in the night to steal. They are, the Bad Boys of Cyber Crime. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers […]

Sponsor Track
Chris Pogue
- Expo Theatre (Hall G) '

Frayed Edges; Monitoring a perimeter that no longer exists

The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we’ll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we’ll dive […]

SECurity FUNdamentals
Mark Nunnikhoven
- Expo Theatre (Hall G) '

Your own pentesting army complete with air support

This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded […]

Tech
Philip Polstra
- Expo Theatre (Hall G) '

“Big Data Security, Securing the insecurable”

Big data is one of the fastest growing areas within IT. The benefits of big data have been well publicised however little is known about the actual security risks associated with the technology. This session cuts through the hype and will expose big data security risks, a new class of attack and the practical guidance […]

Tech
Kevvie Fowler
- Expo Theatre (Hall G) '

Identity & Access Governance: Key to Security or Completely Useless?

Jackson Shaw will take the audience thru the state of Identity & Access Governance and why having an IAG strategy is key to security for corporations big and small. He will also highlight how, in today’s rapidly changing environment of APTs, foreign intrigue & hacking why even with a strong IAG strategy you will still […]

Sponsor Track
Jackson Shaw
- Expo Theatre (Hall G) '

Vulnerability analysis of 2013 SCADA issues

This session is result of a yearlong study of the most recent SCADA vulnerabilities and includes root cause analysis, attack vector scrutiny, consequence of successful attack and remediation study. Attendees will get an insight into the factors that resulted in the nature and magnitude of the harmful outcomes in order to identify what actions need […]

SECurity FUNdamentals
Amol Sarwate
- Expo Theatre (Hall G) '

BREACH: SSL, Gone in 30 seconds

In this hands-on talk, we will introduce new targeted techniques and research that enable an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. We will demonstrate that this new compression oracle is real and practical by executing a PoC against a […]

Tech
Yoel Gluck
Angelo Prado
- Expo Theatre (Hall G) '

BIOS Chronomancy

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). To justify […]

Tech
John Butterworth
- Expo Theatre (Hall G) '

Securing Enterprise Mobility beyond MDM

Enterprise Mobility offers great challenges and great opportunities. There are a plethora of technologies that are constantly entering and evolving in the market (much of them overlapping) to address the security and manageability related to enterprise mobility (including BYOD). This discussion will focus on demystifying the landscape and to provide perspectives on leveraging Secure Enterprise […]

Sponsor Track
Danny Pehar
Ali Afshari
- Expo Theatre (Hall G) '

Appsec Tl;dr

Have you ever wondered what it takes to get one of those “Elusive” bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, […]

SECurity FUNdamentals
Gillis Jones
- Expo Theatre (Hall G) '

The World’s Deadliest Malware

This silent threat infects more than 1,000 victims annually. It shows no prejudice, it has no compassion. It comes like an unseen thief in the night to steal. It IS the World’s Deadliest Malware. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with […]

Tech
Chris Pogue
- Keynote Hall '

Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations

Gene Kim has been studying high-performing IT organizations since 1999. He is the author of the highly acclaimed “Visible Ops Handbook,” “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win,” and founder of Tripwire, Inc. He will be presenting his findings from an ongoing study of how high-performing IT organizations simultaneously […]

Keynote
Gene Kim
- Expo Theatre (Hall G) '

Vulnerability Management Programs and Lessons Learned from the Field

Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a “bad data” scenario where all the data collected is seen to have little or no value – which increases […]

Sponsor Track
Bill Olson
Amol Sarwate
- Expo Theatre (Hall G) '

Threat Modeling 101

Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.

SECurity FUNdamentals
Leigh Honeywell
- Expo Theatre (Hall G) '

Weaponized Security

How dangerous can you get with just the security tools you have today? Do you have access to a technology that makes searching patterns of data in the network very simple? I bet you do. Now I want you to imagine implementing that technology on an open wifi to investigate and monitor, not protect. This […]

Tech
Kellman Meghu
- Keynote Hall '

Tech it out

If you thought today’s tech was cool, to quote ’70s rocks Bachman-Turner Overdrive, “baby you ain’t seen nuthin’ yet.” This lighthearted yet informative chat focuses on 10 mind-blowing future technologies worth getting excited about. From wearable tech (like Google Glass) and virtual reality (VR) headsets to flying cars and space tourism to domestic robots and […]

Keynote
Marc Saltzman
- Expo Theatre (Hall G) '

The US Department of Homeland Security’s Software Assurance Enumerations

The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely […]

Sponsor Track
David Maxwell
- Expo Theatre (Hall G) '

Watching the watchers: hacking wireless IP security cameras

Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. […]

SECurity FUNdamentals
Artem Harutyunyan
- Expo Theatre (Hall G) '

Build Your Own Android Spy-Phone

Know your enemy! Attendees will see a live demonstration of how we built a proof-of-concept Android Spy-Phone. We will show how we developed the Android spy-phone module and demonstrate how to inject it into legitimate applications to infect unsuspecting victims. We will demonstrate how the spy-phone command and control server can take complete control of […]

Tech
Kevin McNamee
- Keynote Hall '

Crossing the line; career building in the IT security industry

Ever crossed the line in order to learn your trade in the security world? Or perhaps is there really a line? A recent study suggests that many of us feel that in order to build our careers in the IT security industry, the line might blur to help us learn. A common thread is that […]

Keynote
Bruce Cowper
James Arlen
Leigh Honeywell
Brian Bourne
Gord Taylor
- Expo Theatre (Hall G) '

Enabling Access Assurance and Identity Intelligence for a multi-perimeter world

In today’s increasing open and interconnected enterprise, traditional perimeters are quickly being extended to multi-perimeters to support secure adoption of mobile, cloud, social and information interactions. The traditional network, IT, and end-point security capabilities are being enhanced to support these interactions and similar demands are put on the Identity and Access Management systems too. In […]

Sponsor Track
Sridhar Muppidi
- Expo Theatre (Hall G) '

CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game

A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of […]

SECurity FUNdamentals
Todd Dow
- Expo Theatre (Hall G) '

.NET Reversing: The Framework, The Myth, The Legend

This talk will cover the current state of the art in .NET reversing, down from PE format of .NET assemblies through various types of obfuscation, and into reversing tools and techniques. Finally, we will explore reversing popular .NET RE tools in an attempt to modify their behavior.

Tech
Kelly Lum
- Keynote Hall '

How the West was Pwned

Can you hear it? The giant sucking sound to the East? With it are going more than just manufacturing jobs — it’s our manufacturing know how, intellectual property, military secrets, and just about anything you can think of. If we’re one of the most advanced technological nations on Earth, how are the People’s Republic of […]

Keynote
G. Mark Hardy
- Expo Theatre (Hall G) '

Information & Risk Mitigation

Information is the lifeblood of today’s connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create – from digital photos to business critical data – increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more […]

Sponsor Track
Neils Johnson
- Expo Theatre (Hall G) '

FUFW: 5 Steps to Re-architecting Your Perimeter

The hype train around next-generation firewalls (NGFW) continues to race forward, but replacing one device with a new shiny object isn’t going to ultimately solve the security problem. Securosis analyst Mike Rothman will put NGFW into proper context regarding the evolution of network security and give you 5 steps to move your perimeter protection forward.

Management
Mike Rothman
- Expo Theatre (Hall G) '

CeilingCat IS Watching You

It shouldn’t be news to anyone that people share too much information online. In fact, one major problem that attackers and defenders have is the sheer volume of data that they need to sort through. In this presentation, Shane MacDougall will demonstrate leaked information that can lead to a successful attack, walk through a couple […]

Tech
Shane MacDougall
- Expo Theatre (Hall G) '

Trust No One: The New Security Model for Web APIs

There are many great things about the new world of mobile and cloud applications. They enable us to be more connected and productive in our daily lives, whether it be tracking our exercise with a mobile app, banking on our phones, or seamlessly accessing the same data – whether it be for business or personal […]

Sponsor Track
Greg Kliewer
- Expo Theatre (Hall G) '

Microsoft Security Intelligence Report, Canadian Edition

Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide […]

Management
Tim Rains
- Expo Theatre (Hall G) '

Cryptographically Isolated Virtualized Networks – A Community of Interest Approach

Two ongoing industry trends are in conflict with each other. On the one hand, networks are increasingly being consolidated into shared infrastructure utilized by many different clients. From converged hardware networks, through virtualized IT shops, into the cloud, more and more traffic is being merged and intermixed on this shared infrastructure. Conversely, industry regulatory and […]

Tech
Robert Johnson
- Expo Theatre (Hall G) '

How to Connect Security to the Business

When CISOs are briefing their executive teams or boards on the organization’s security (usually only when there’s a security incident), this is usually the challenge. Distill the volumes of data, assets, silos, operations, threats, and remediations down to a couple of key points. And this is to an audience who typically get their security information […]

Sponsor Track
Jeanne Glass
- Expo Theatre (Hall G) '

Data in the Cloud. Who owns it and how can you get it back?

With the rush to take advantage of all “the Cloud” has to offer, many companies are struggling with the new reality that their data is being sent outside the confines of the corporate environment and being stored in multiple geographic locations. With the Cloud comes the challenge of securing your data, understanding where it is […]

Management
Dave Millier
- Expo Theatre (Hall G) '

Swiping Cards At The Source: POS & Cash Machine Security

You put your credit card in, I take your cash out. Point of Sale systems and Cash Machines are frequently targeted but rarely discussed. This talk will be a frank discussion about the types of attacks Ryan and John have both seen and executed against these types of machines, where these systems are vulnerable from […]

John Hoopes
Ryan Linn
- Expo Theatre (Hall G) '

Enterprise Forensics = new category that focuses on user activity and what drives the business (analytics + behavior)

Many Security Analysts are tasked with assisting in Corporate Governance. This session explores the concept of network forensic investigations using a SIEM, and how security analysts can use it to assist in Governance, HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile […]

Sponsor Track
Gary Freeman
- Expo Theatre (Hall G) '

Reacting to Cyber Crime: Preserving Crucial Evidence for Law Enforcement

Evidence handling is of primary importance for the RCMP Tech Crime Unit Members when called upon to investigate a possible cybercrime. When such an incident occurs, it is important that the IT personnel in place is in a position to clearly identify the potential digital-related evidence and to properly preserve it upon the arrival of […]

Management
Cpl. David Connors
Sgt. Stéphane Turgeon
- Expo Theatre (Hall G) '

Exploiting the Zero’th Hour: Developing your Advanced Persistent Threat to Pwn the Network

Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards to network defense and exploitation. Most security professionals know about these advanced tools; many people have even discussed the overall concept regarding command and control of networked systems, however, many experts to not yet understand how to create a botnet […]

Tech
Solomon Sonya
Nick Kulesza
- Expo Theatre (Hall G) '

The Threat Landscape

The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware […]

Sponsor Track
Ryan Poppa
Ross Barrett
- Expo Theatre (Hall G) '

SDN : Radically New Network Architecture, Same Old Cyber Security Protection

As Virtual Machines (VM’s) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and […]

Management
Llewellyn Derry
- Expo Theatre (Hall G) '

Popping the Penguin: An Introduction to the Principles of Linux Persistence

Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you’re in, you still have […]

Tech
Mark Kikta
- Expo Theatre (Hall G) '

Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH”

This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy […]

Sponsor Track
Toni Buhrke
- Expo Theatre (Hall G) '

Building a Security Operations Center – Lessons Learned

This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running […]

Management
Yves Beretta
- Expo Theatre (Hall G) '

Running at 99%, mitigating a layer 7 DoS

Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of […]

Tech
Ryan Huber

Sponsors


No Sponsor found.

Speakers


John Weigelt

John Weigelt


John drives Microsoft Canada's strategic policy and technology efforts. He is the lead advocate for the use of technology by private and public sectors, economic development, innovation, environmental sustainability, accessibility, privacy, and security.

Schuyler Towne

Schuyler Towne


Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.

Rob VandenBrink

Rob VandenBrink


Rob VandenBrink is a consultant with Metafore in Canada, specializing in Networking, Security and Virtualization. He has clients in manufacturing, finance and entertainment with locations in almost every time zone. He holds several industry certifications, as well as a Master's degree with the SANS Technology Institute.  He co-authors SANS SEC579 - Virtualization and Private Cloud Security.  Rob is also an Incident Handler with the Internet Storm Center - look for his posts at http://isc.sans.edu !

Matt Johansen

Matt Johansen

Director of Security, Honest Dollar


Matt Johansen is the Director of Security at Honest Dollar, a Financial Tech company in Austin, Texas where he is charged with building an Information Security program from the ground up. Previously he was the Director of Services and Research at WhiteHat Security where he oversaw the development and execution of their service related product lines. In addition to these services, Matt also performs research on application security topics that he discusses on the corporate blog and is often invited to present at conferences around the world.

Ajay Sood

Ajay Sood


 Ajay K. Sood (B. Eng, CISSP, GSEC) has been instrumental in introducing many leading and disruptive security vendors to Canada, and is currently the Vice-President and General Manager for FireEye Canada. A technologist and security strategist, Ajay has participated in the architecture and implementation of some of the largest and most robust perimeters in Canada as well as internationally.

Jamie Gamble

Jamie Gamble

Independent Security Consultant


Jamie Gamble started his professional career as a programmer before joining the research team at nCircle, where he worked on automating detection of web and network based vulnerabilities. He then began working for security centric consulting companies specializing in auditing complex applications and performing red team assessments. His experience also includes malware analysis and proactive adversary hunting. Jamie is deeply involved in the security community and is a co-organizer of the international security conference REcon which focuses on advanced security research and reverse engineering. He is a co-founder of Bsides [...]

Mark Bassegio

Mark Bassegio

Independent Security Consultant


Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.

Andrés Riancho

Andrés Riancho


Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications. His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by [...]

Christopher Elisan

Christopher Elisan


Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their [...]

Mark Nunnikhoven

Mark Nunnikhoven

Vice President of Cloud Research, Trend Micro


Mark Nunnikhoven is the Vice President of Cloud Research at Trend Micro. He is one of the foremost experts on cloud technologies and cybersecurity issues. With a focus on modernizing security practices and usable security systems at scale, Mark works with clients and partners around the world. Often quoted in the media both at home in Canada and internationally, Mark is an engaging public speaker, an O'Reilly video author, an accomplished computer scientist, and security leader. You can reach Mark online at http://markn.ca or on Twitter @marknca.

Philip Polstra

Philip Polstra


Philip cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450. Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Phil currently works as a professor at a private Midwestern university. He teaches computer security and forensics. His current research focus involves use of microcontrollers and small embedded computers for forensics and pentesting. Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual [...]

Kevvie Fowler

Kevvie Fowler


Kevvie Fowler is a partner in KPMG Canada's forensic practice and is an information security and data analytics specialist. As author of SQL Server Forensic Analysis and contributing author to several security and forensics books Kevvie is a recognized advisor who supports organizations across Canada and abroad. Kevvie also teaches database forensics to law enforcement agencies across North America and sits on the SANS GIAC Advisory Board where he guides the direction of emerging security and forensics research. Prior to joining KPMG, Kevvie Fowler managed his own professional services company [...]

Jackson Shaw

Jackson Shaw


Jackson Shaw is Senior Director of Product Management for Dell Software Group's Identity and Access Management product line. He joined Dell as part of the Quest Software acquisition. Prior to Quest, Jackson was an integral member of Microsoft's Identity & Access Management product management team within the Windows Server Marketing group at Microsoft. While at Microsoft he was responsible for product planning and marketing around Microsoft's identity & access management products including Active Directory and Microsoft Identity Integration Server. Jackson began his identity management career as an early employee at [...]

Amol Sarwate

Amol Sarwate


Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software, which identifies new vulnerabilities and insecure posture for Qualys' VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, [...]

Yoel Gluck

Yoel Gluck


Yoel Gluck is a security researcher with 12 years of experience in the industry. He is currently a Lead Product Security Engineer at Salesforce.com. Yoel graduated from Bar-Ilan University (Israel) with a B.Sc in Computer Science and Math. Using his experience as a software engineer, he attempts to break applications by analyzing developer design patterns. His research areas include web application, network, virtualization, encryption, and email security. When he's not busy analyzing security risks, he enjoys spending time with his two-year-old daughter.

Angelo Prado

Angelo Prado


Angelo Prado is a Lead Product Security Engineer at Salesforce.com. He has worked as a software and security engineer for Microsoft and Motorola. Angelo has been involved with the security community for over 8 years, and he has spoken at Black Hat USA, Georgetown University (Washington, D.C.), Comillas University (Madrid) and GSICKMinds (Coruña, Spain). His passions & research include web application security, windows security, browsers, malware analysis and Spanish Jamón.

John Butterworth

John Butterworth


John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. He is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.

Danny Pehar

Danny Pehar


Danny Pehar is the Director of Business Development for TELUS Security Solutions. Danny has been in the security industry for over 12 years and has worked with numerous business leaders in the security space and has spoken at industry events across Canada. Danny is also a published author and comedian performing in comedy clubs in his spare time.

Ali Afshari

Ali Afshari


Ali Afshari is an 18-year veteran of the security industry, with 7 years' experience at Cisco Canada. As Cisco Canada¹s director of enterprise security sales, Ali works with Canada¹s largest financial institutions and service providers on their security strategy. His passion is to ensure security is embedded into every aspect of IT, approaching it from an architectural view across organizations. You can follow Ali on Twitter at @Ali_Afshari for ongoing updates of security news in Canada.

Gillis Jones

Gillis Jones


A giant of a man, Gillis Jones is currently employed as a Security Consultant at Accuvant Labs. He has been engaged in web application security for the last four years, and has worked with companies to increase their security posture all the way from a Stealth Startup to a multi-million dollar business with hundreds of employees. He is the founder of the Badmin Project, and has worked with dozens of entry level security people to assist them in becoming "1337".

Gene Kim

Gene Kim


Gene Kim is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire for 13 years. He has written three books, including "The Visible Ops Handbook" and "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win." Gene is a huge fan of IT operations, and how it can enable developers to maximize throughput of features from "code complete" to "in production," without causing chaos and disruption to the IT environment. He has worked with some of the top Internet companies on [...]

Bill Olson

Bill Olson


Bill Olson is a 17-year Information Security and Information Technology industry veteran. Currently he is the Vulnerability Management Subject Matter Expert within Qualys. He is responsible for working with clients to ensure their Vulnerability Management programs are maturing and they are fully utilizing the QualysGuard Cloud Platform. As a Qualys Technical Account Manager (TAM), Bill has spent the past six years helping large enterprises build or augment their vulnerability management and compliance practices by understanding their needs and how the QualysGuard suite can benefit their businesses. Prior to joining Qualys, [...]

Leigh Honeywell

Leigh Honeywell

Security Engineer


Leigh is a Security Engineer at Heroku, a Salesforce.com company. Prior to Heroku, she worked at Microsoft, MessageLabs/Symantec, and Bell Canada. Her career has included everything from stringing cable and building phone systems to responding to some of the most critical computer security incidents in industry history, shipping software to a billion people, and protecting infrastructure running a million apps. Her community work includes founding the HackLabTO hackerspace in Toronto, Canada, and the first feminist hackerspace, the Seattle Attic Community Workshop, as well as advising countless others and speaking about [...]

Kellman Meghu

Kellman Meghu

Global Security Manager - Sycomp


Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]

Marc Saltzman

Marc Saltzman


Marc Saltzman is one of North America's most recognizable and trusted tech experts. As a syndicated columnist, Marc specializes in consumer electronics, Internet trends and video games; and contributes to nearly 50 high-profile publications in Canada and the U.S., including USA Today, CNN, CanWest, Toronto Star, Sympatico, MSN, Yahoo!, Costco Connection, Movie Entertainment, AARP and Playboy. Marc, who has authored 14 books, also hosts "Gear Guide," a video segment that airs before the film begins at Cineplex and IMAX theatres, along with national TV spots (CTV News Channel) and radio [...]

David Maxwell

David Maxwell


David Maxwell is a Senior Systems Analyst at eSentire Inc. Maxwell has been particularly active in the NetBSD open source community and was a NetBSD Security Officer from 2001-2005. Maxwell previously worked at Coverity running the DHS sponsored Scan project to identify and resolve tens of thousands of flaws in open source codebases, and participates with the DHS Software Assurance Forums to promote new ways of analyzing system security. Maxwell was a contributor to the SANS Top-25 list in 2011.

Artem Harutyunyan

Artem Harutyunyan


Artem Harutyunyan is a Software Architect for Qualys. His responsibilities include design and development of distributed computing systems for storing and analyzing large volumes of data. Prior to joining Qualys Artem spent several years at CERN where he worked on the development of geographically distributed large-scale Grid and cloud computing systems. Artem holds a PhD from State Engineering University of Armenia. Artem presented at Hack In the Box security conference, as well as at numerous other international scientific conferences and workshops.

Kevin McNamee

Kevin McNamee


Kevin McNamee is a seasoned IT security professional with over 30 years of experience in product development and security research. As director of Alcatel-Lucent’s Motive Security Labs he is responsible for the security research team that does the malware analysis and research to support Alcatel-Lucent’s cloud based malware detection system. Previously he was director of security research at Alcatel-Lucent’s Bell Labs specializing in the analysis of malware propagation and malware detection. He has recently presented at RSA, BlackHat, SECTOR, Virus Bulletin and BSides conferences.

Bruce Cowper

Bruce Cowper

Director and Co-Founder, Black Arts Illuminated


A self-proclaimed IT security and privacy geek, Bruce is the co-founder of Black Arts Illuminated and its conferences and events. He is also a founding member of the Ottawa Area Security Klatch (OASK), and an active member of numerous other organizations across North America including the Seattle Cloud Security Alliance chapter. Bruce co-founded Black Arts Illuminated Inc. because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters. [...]

James Arlen

James Arlen


James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as [...]

Brian Bourne

Brian Bourne

Director and Co-Founder, Black Arts Illuminated


Brian has a passion for security and has been an active member of the IT security community for over 20 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor as part of Black Arts Illuminated. When he’s not running conferences and events, Brian maintains his technical edge as Executive Vice President, Products, New Signature, a Microsoft National Solution Provider headquartered in Washington DC. In June 2015, New Signature acquired Microsoft technology consultancy [...]

Gord Taylor

Gord Taylor

Founder and Principal Consultant, Authoritative Consulting


CISSP, GCIH, GEEK Gord Taylor is Founder and Principal Consultant at Authoritative Consulting.  He is one of Canada’s most sought-after Security and Networking experts, developing and actualizing next generation Security programs for large enterprises and high-growth technology firms. Gord spent 16 years at one of Canada’s “Big 5” Financial Institutions, serving as resident expert across Information Security, Networking, Distributed Computing, and co-developed the company’s first CSIRT team more than 20 years ago.  Since launching Authoritative Consulting in 2012, he has helped enterprise customers, independent software vendors, and service providers to [...]

Sridhar Muppidi

Sridhar Muppidi


Dr. Sridhar Muppidi is an IBM Distinguished Engineer and Chief Technology Officer for Identity & Access Management Solutions in IBM Security Systems. In this role, Sridhar drives IAM technical strategy, architecture and solutions - including mobile security and cloud security. He is technical leader with about 20 years experience in security, software product development and security solutions architecture for a number of industry verticals. He has a number of publications & patents in security and represents IBM in various open standards activities.

Todd Dow

Todd Dow


Todd is an IT security specialist, author of Cryptogeddon & CF Fundraiser. Todd is an operational expert with extensive experience architecting, implementing and maintaining mission critical, secure, always-on internet based systems and processes. Todd is well versed in IT security, risk management and corporate governance. Todd has earned his Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) designations. Todd has spoken at numerous local and national security events including Sector, TASK, Software Hamilton and the International Association of Privacy Professionals Privacy Symposium. Todd's wife & kids, faith, baseball, [...]

Kelly Lum

Kelly Lum


Kelly has "officially" worked in Information Security since 2003, in everything from start ups to government organizations to finance. Kelly currently runs the Application Security program at a financial company and reads a lot of source code.

G. Mark Hardy

G. Mark Hardy


G. Mark Hardy is founder and President of National Security Corporation. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is an internationally recognized expert who has spoken at over 250 events world-wide. G. Mark serves on the Advisory Board of CyberWATCH, an Information Assurance/Information Security Advanced Technology Education Center of the National Science Foundation. A graduate of Northwestern University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, [...]

Neils Johnson

Neils Johnson


Matt Johansen is a manager for WhiteHat Security¹s Threat Research Center (TRC). Matt began his career as a security consultant, where he was responsible for performing network and web application penetration tests for clients. He then took at role at WhiteHat as an application security specialist for the TRC and quickly rose through the ranks to managing more than 40 at the company¹s Houston location. In his spare time, Matt is a frequent web security instructor at San Jose State University and Adelphi University, where he received his Bachelor of [...]

Mike Rothman

Mike Rothman


Mike Rothman is President of Securosis and the author of “The Pragmatic CSO.” He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. After 20 years in security, he's one of the guys who "knows where the bodies are buried.” Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike held senior positions at SHYM Technology, CipherTrust, TruSecure and eIQnetworks. After getting fed up with vendor life, [...]

Shane MacDougall

Shane MacDougall


Shane MacDougall is a principal partner at Tactical Intelligence, a Canadian boutique information security firm. He also runs the threat intelligence program for a major US technology company. Shane is a frequent presenter at security conferences around the world, and is a two-time winner of the DEF CON social engineering CTF. His book, "Practical Social Engineering and OSINT," published by No Starch Press is due out in 2014.

Greg Kliewer

Greg Kliewer


Greg Kliewer is the Senior Principal Consultant for Layer 7 Technologies in Canada. In this role, Greg consults on the architecture, design, and delivery of strategic API Management platforms for key CA Technologies accounts nationwide. Greg joined CA when Layer 7 was acquired in 2013. With over 15 years of experience delivering secure web services and APIs for Canadian banks, insurance companies, and government ministries and agencies, Greg understands what it takes to effect comprehensive change in large organizations.

Tim Rains

Tim Rains


Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning.  Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he was responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability.

Robert Johnson

Robert Johnson


Mr. Johnson is the chief architect of the Unisys Stealth program, which virtualizes networks into cryptographically-secured communities of interest. He has architected security solutions for PCs, servers, and mobile platforms. Mr. Johnson is also the lead security architect for the Unisys Cloud Engineering organization. As such, he is responsible for determining the security posture of the Unisys Secure Private Cloud offerings. Mr. Johnson's technical background has focused on what he calls Protocol Engineering -- developing new, innovative network protocols to solve a variety of problems. Over the last several years, [...]

Jeanne Glass

Jeanne Glass


Jeanne has over 20 years of sales and operations experience in the IT industry. She is a recognized expert in Software Sales, Sales Management, Global Sales Operations, and Customer Experience. She has served in senior leadership positions with prominent companies such as CA and FICO, including senior vice president of sales, vice president of client relations, and vice president of investor relations. Jeanne is frequently invited to speak at industry conferences, including Sales 2.0, the North American Conference on Customer Management, Keynote at the Institute for International Research Operational Innovation, [...]

Dave Millier

Dave Millier

CEO - UZADO


Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]

John Hoopes

John Hoopes


John has worked in the information security field for over 15 years. His main focus has been on application security assessments and he has worked in this capacity for a number of companies in both direct and consulting roles. His work has included network penetration testing, application review, architecture design analysis, source code review, as well as physical security assessments. He was the technical editor and primary author of the book "Virtualization for Security". He was also a technical reviewer for the book "Network Security Hacks 2nd Edition"

Ryan Linn

Ryan Linn


Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]

Gary Freeman

Gary Freeman


Gary Freeman is an experienced HP ArcSight user and has been working in the IT Security industry for the last 22 years. His experience ranges from the design, development and deployment of various large network and security systems and in the last 5 years, he has been assisting security software sales with presales solution architecture. Gary currently leads a team of HP ESP Solution Architects for Canada and a presales enablement team for the AMS channel.

Cpl. David Connors

Cpl. David Connors


Cpl. Connors has been a member of the RCMP since 2003. He is a certified computer forensic examiner with the RCMP National Division Integrated Technological Crime Unit and has conducted several computer forensic examinations as well as participating in pure computer crimes and/or computer-related high profile investigations.

Sgt. Stéphane Turgeon

Sgt. Stéphane Turgeon


Sgt. Turgeon has been a member of the RCMP since 1998. He is a certified computer forensic examiner with the RCMP National Division Integrated Technological Crime Unit and has conducted several computer forensic examinations as well as participating in pure computer crimes and/or computer-related high profile investigations. He currently leads the RCMP National Division Integrated Technological Crime Unit team comprised of ten (10) computer forensic examiners / investigators.

Solomon Sonya

Solomon Sonya

Asst. Prof. of Computer Science, USAF Academy


Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, and information protection paradigms. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: HackCon Norway, BlackHat USA, SecTor Canada, Shmoocon DC, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted [...]

Nick Kulesza

Nick Kulesza


Software Developer, Network Security Engineer, Graduate Student of Computer Science - @MedivhMagus Nick is currently a graduate student researching covert channel communication utilizing wireless networking protocols. He obtained his Bachelor's Degree in Computer Science, Master's Degree in Cyber Security and is currently engaged in his second Master's Degree in Computer Science. Nick holds a Security+ certification and seeks to obtain his CISSP certification at the completion of his graduate coursework. An avid cyber security advocate, Nick has volunteered as a technical mentor working with high school students competing in the [...]

Ryan Poppa

Ryan Poppa


Ryan Poppa is a Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities. Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques. Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com

Ross Barrett

Ross Barrett


Ross C. Barrett, MSc, Senior Manager of Security Engineering, Rapid7, Inc. is a software engineer and security professional with a focus on vulnerability management and configuration assessment tools. At Rapid7 Ross is responsible for scanning and data collection for vulnerability, controls and compliance assessment. Previous roles include vulnerability researcher with several teams in the vulnerability management industry and roving IT fixer. Ross is frequently quoted in the press on the subject of vulnerability management and trending issues in security.

Llewellyn Derry

Llewellyn Derry


Llewellyn Derry is the Vice President of Business Development for ISC8. ISC8 has built the industry's first signature-less advanced-malware detection product that operates at 10G and above. He has over 25 years of industry experience in the commercial, federal government and overseas markets. Prior to joining ISC8 Llewellyn was with Raytheon as Sr. Director of Cyber Security Solutions. There he managed the company's worldwide cyber security R&D budget and lead a team that developed a portfolio of cyber security services for the Critical Infrastructure Protection (CIP) market for Commercial Utilities, [...]

Mark Kikta

Mark Kikta


Mark Kikta is a Security Consultant with VioPoint which is located in Auburn Hills, Michigan. Mark supports a variety of operational security programs that includes vulnerability management security monitoring and incident response. As a former Linux engineer with Secure-24, Mark tries to provide information he wishes he had known when he was starting to work with Linux in the realms of security.

Toni Buhrke

Toni Buhrke


Toni Buhrke, Systems Engineer – MBA, CISSP Toni Buhrke is a Senior Engineer at ForeScout Technologies. Toni has many accomplishments to her credit having worked for and with the top security companies and organizations across North America. In her role at ForeScout, Toni works with companies to evaluate and assess the Network Access Control (NAC) solutions within their environment and to architect and plan their production deployment. Toni also develops and teaches Best Practice seminars on the NAC solution and is a speaker on NAC and BYOD topics at various [...]

Yves Beretta

Yves Beretta


Yves Beretta brings over 20 years of security management and operations experience to his role at eSentire where he is responsible for all aspects of managed services delivery, including their state-of-the-art 24x7x365 Security Operations Center. Mr.Beretta leads a great team responsible for detecting and mitigating cyber threats for clients of various industry and sizes. He holds a CISSP, a CISM, and a Bachelor of Computer Science from Supinfo University of Paris. Prior to eSentire, Mr.Beretta trained thousands of IT professionals on topics such as Project Management and Object Oriented Programming. [...]

Ryan Huber

Ryan Huber


Ryan is an engineer at Risk I/O, a security "Software as a Service" company. Prior to Risk I/O he spent the majority of his career at Orbitz.com, where his varied roles included: management of the flight search farm, leader of EU information security at sister site eBookers.com, and finally architect on the security team where he explored the defensive side of security.