The foundation of Canada’s economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to […]
This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]
The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as “a storage thing” that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel […]
In this seminar, Ajay K. Sood will: Discuss the motivation and nature of APT and Modern Malware Outline malware trends, and the Modern Malware lifecycle Reveal how Modern Malware defeats current countermeasures Give examples of Data Exfiltration and botnet control
This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical […]
From no access at all, to the company Amazon’s root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon’s services through it’s […]
Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools […]
These silent attackers hit more than 1,000 victims annually. They shows no prejudice, have no compassion. They come like an unseen thief in the night to steal. They are, the Bad Boys of Cyber Crime. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers […]
The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we’ll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we’ll dive […]
This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded […]
Big data is one of the fastest growing areas within IT. The benefits of big data have been well publicised however little is known about the actual security risks associated with the technology. This session cuts through the hype and will expose big data security risks, a new class of attack and the practical guidance […]
Jackson Shaw will take the audience thru the state of Identity & Access Governance and why having an IAG strategy is key to security for corporations big and small. He will also highlight how, in today’s rapidly changing environment of APTs, foreign intrigue & hacking why even with a strong IAG strategy you will still […]
This session is result of a yearlong study of the most recent SCADA vulnerabilities and includes root cause analysis, attack vector scrutiny, consequence of successful attack and remediation study. Attendees will get an insight into the factors that resulted in the nature and magnitude of the harmful outcomes in order to identify what actions need […]
In this hands-on talk, we will introduce new targeted techniques and research that enable an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. We will demonstrate that this new compression oracle is real and practical by executing a PoC against a […]
In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). To justify […]
Enterprise Mobility offers great challenges and great opportunities. There are a plethora of technologies that are constantly entering and evolving in the market (much of them overlapping) to address the security and manageability related to enterprise mobility (including BYOD). This discussion will focus on demystifying the landscape and to provide perspectives on leveraging Secure Enterprise […]
Have you ever wondered what it takes to get one of those “Elusive” bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, […]
This silent threat infects more than 1,000 victims annually. It shows no prejudice, it has no compassion. It comes like an unseen thief in the night to steal. It IS the World’s Deadliest Malware. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with […]
Gene Kim has been studying high-performing IT organizations since 1999. He is the author of the highly acclaimed “Visible Ops Handbook,” “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win,” and founder of Tripwire, Inc. He will be presenting his findings from an ongoing study of how high-performing IT organizations simultaneously […]
Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a “bad data” scenario where all the data collected is seen to have little or no value – which increases […]
Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.
How dangerous can you get with just the security tools you have today? Do you have access to a technology that makes searching patterns of data in the network very simple? I bet you do. Now I want you to imagine implementing that technology on an open wifi to investigate and monitor, not protect. This […]
If you thought today’s tech was cool, to quote ’70s rocks Bachman-Turner Overdrive, “baby you ain’t seen nuthin’ yet.” This lighthearted yet informative chat focuses on 10 mind-blowing future technologies worth getting excited about. From wearable tech (like Google Glass) and virtual reality (VR) headsets to flying cars and space tourism to domestic robots and […]
The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely […]
Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. […]
Know your enemy! Attendees will see a live demonstration of how we built a proof-of-concept Android Spy-Phone. We will show how we developed the Android spy-phone module and demonstrate how to inject it into legitimate applications to infect unsuspecting victims. We will demonstrate how the spy-phone command and control server can take complete control of […]
Ever crossed the line in order to learn your trade in the security world? Or perhaps is there really a line? A recent study suggests that many of us feel that in order to build our careers in the IT security industry, the line might blur to help us learn. A common thread is that […]
In today’s increasing open and interconnected enterprise, traditional perimeters are quickly being extended to multi-perimeters to support secure adoption of mobile, cloud, social and information interactions. The traditional network, IT, and end-point security capabilities are being enhanced to support these interactions and similar demands are put on the Identity and Access Management systems too. In […]
A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of […]
This talk will cover the current state of the art in .NET reversing, down from PE format of .NET assemblies through various types of obfuscation, and into reversing tools and techniques. Finally, we will explore reversing popular .NET RE tools in an attempt to modify their behavior.
Can you hear it? The giant sucking sound to the East? With it are going more than just manufacturing jobs — it’s our manufacturing know how, intellectual property, military secrets, and just about anything you can think of. If we’re one of the most advanced technological nations on Earth, how are the People’s Republic of […]
Information is the lifeblood of today’s connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create – from digital photos to business critical data – increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more […]
The hype train around next-generation firewalls (NGFW) continues to race forward, but replacing one device with a new shiny object isn’t going to ultimately solve the security problem. Securosis analyst Mike Rothman will put NGFW into proper context regarding the evolution of network security and give you 5 steps to move your perimeter protection forward.
It shouldn’t be news to anyone that people share too much information online. In fact, one major problem that attackers and defenders have is the sheer volume of data that they need to sort through. In this presentation, Shane MacDougall will demonstrate leaked information that can lead to a successful attack, walk through a couple […]
There are many great things about the new world of mobile and cloud applications. They enable us to be more connected and productive in our daily lives, whether it be tracking our exercise with a mobile app, banking on our phones, or seamlessly accessing the same data – whether it be for business or personal […]
Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide […]
Two ongoing industry trends are in conflict with each other. On the one hand, networks are increasingly being consolidated into shared infrastructure utilized by many different clients. From converged hardware networks, through virtualized IT shops, into the cloud, more and more traffic is being merged and intermixed on this shared infrastructure. Conversely, industry regulatory and […]
When CISOs are briefing their executive teams or boards on the organization’s security (usually only when there’s a security incident), this is usually the challenge. Distill the volumes of data, assets, silos, operations, threats, and remediations down to a couple of key points. And this is to an audience who typically get their security information […]
With the rush to take advantage of all “the Cloud” has to offer, many companies are struggling with the new reality that their data is being sent outside the confines of the corporate environment and being stored in multiple geographic locations. With the Cloud comes the challenge of securing your data, understanding where it is […]
You put your credit card in, I take your cash out. Point of Sale systems and Cash Machines are frequently targeted but rarely discussed. This talk will be a frank discussion about the types of attacks Ryan and John have both seen and executed against these types of machines, where these systems are vulnerable from […]
Many Security Analysts are tasked with assisting in Corporate Governance. This session explores the concept of network forensic investigations using a SIEM, and how security analysts can use it to assist in Governance, HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile […]
Evidence handling is of primary importance for the RCMP Tech Crime Unit Members when called upon to investigate a possible cybercrime. When such an incident occurs, it is important that the IT personnel in place is in a position to clearly identify the potential digital-related evidence and to properly preserve it upon the arrival of […]
Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards to network defense and exploitation. Most security professionals know about these advanced tools; many people have even discussed the overall concept regarding command and control of networked systems, however, many experts to not yet understand how to create a botnet […]
The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware […]
As Virtual Machines (VM’s) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and […]
Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you’re in, you still have […]
This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy […]
This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running […]
Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of […]
John drives Microsoft Canada's strategic policy and technology efforts. He is the lead advocate for the use of technology by private and public sectors, economic development, innovation, environmental sustainability, accessibility, privacy, and security.
Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.
Rob VandenBrink is a consultant with Metafore in Canada, specializing in Networking, Security and Virtualization. He has clients in manufacturing, finance and entertainment with locations in almost every time zone. He holds several industry certifications, as well as a Master's degree with the SANS Technology Institute. He co-authors SANS SEC579 - Virtualization and Private Cloud Security. Rob is also an Incident Handler with the Internet Storm Center - look for his posts at http://isc.sans.edu !
Director of Security, Honest Dollar
Matt Johansen is the Director of Security at Honest Dollar, a Financial Tech company in Austin, Texas where he is charged with building an Information Security program from the ground up. Previously he was the Director of Services and Research at WhiteHat Security where he oversaw the development and execution of their service related product lines. In addition to these services, Matt also performs research on application security topics that he discusses on the corporate blog and is often invited to present at conferences around the world.
Ajay K. Sood (B. Eng, CISSP, GSEC) has been instrumental in introducing many leading and disruptive security vendors to Canada, and is currently the Vice-President and General Manager for FireEye Canada. A technologist and security strategist, Ajay has participated in the architecture and implementation of some of the largest and most robust perimeters in Canada as well as internationally.
Independent Security Consultant
Jamie Gamble started his professional career as a programmer before joining the research team at nCircle, where he worked on automating detection of web and network based vulnerabilities. He then began working for security centric consulting companies specializing in auditing complex applications and performing red team assessments. His experience also includes malware analysis and proactive adversary hunting. Jamie is deeply involved in the security community and is a co-organizer of the international security conference REcon which focuses on advanced security research and reverse engineering. He is a co-founder of Bsides [...]
Independent Security Consultant
Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications. His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by [...]
Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their [...]
Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force. Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, [...]
Vice President of Cloud Research, Trend Micro
Mark Nunnikhoven is the Vice President of Cloud Research at Trend Micro. He is one of the foremost experts on cloud technologies and cybersecurity issues. With a focus on modernizing security practices and usable security systems at scale, Mark works with clients and partners around the world. Often quoted in the media both at home in Canada and internationally, Mark is an engaging public speaker, an O'Reilly video author, an accomplished computer scientist, and security leader. You can reach Mark online at http://markn.ca or on Twitter @marknca.
Philip cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450. Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Phil currently works as a professor at a private Midwestern university. He teaches computer security and forensics. His current research focus involves use of microcontrollers and small embedded computers for forensics and pentesting. Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual [...]
Kevvie Fowler is a partner in KPMG Canada's forensic practice and is an information security and data analytics specialist. As author of SQL Server Forensic Analysis and contributing author to several security and forensics books Kevvie is a recognized advisor who supports organizations across Canada and abroad. Kevvie also teaches database forensics to law enforcement agencies across North America and sits on the SANS GIAC Advisory Board where he guides the direction of emerging security and forensics research. Prior to joining KPMG, Kevvie Fowler managed his own professional services company [...]
Jackson Shaw is Senior Director of Product Management for Dell Software Group's Identity and Access Management product line. He joined Dell as part of the Quest Software acquisition. Prior to Quest, Jackson was an integral member of Microsoft's Identity & Access Management product management team within the Windows Server Marketing group at Microsoft. While at Microsoft he was responsible for product planning and marketing around Microsoft's identity & access management products including Active Directory and Microsoft Identity Integration Server. Jackson began his identity management career as an early employee at [...]
Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software, which identifies new vulnerabilities and insecure posture for Qualys' VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, [...]
Yoel Gluck is a security researcher with 12 years of experience in the industry. He is currently a Lead Product Security Engineer at Salesforce.com. Yoel graduated from Bar-Ilan University (Israel) with a B.Sc in Computer Science and Math. Using his experience as a software engineer, he attempts to break applications by analyzing developer design patterns. His research areas include web application, network, virtualization, encryption, and email security. When he's not busy analyzing security risks, he enjoys spending time with his two-year-old daughter.
Angelo Prado is a Lead Product Security Engineer at Salesforce.com. He has worked as a software and security engineer for Microsoft and Motorola. Angelo has been involved with the security community for over 8 years, and he has spoken at Black Hat USA, Georgetown University (Washington, D.C.), Comillas University (Madrid) and GSICKMinds (Coruña, Spain). His passions & research include web application security, windows security, browsers, malware analysis and Spanish Jamón.
John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. He is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.
Danny Pehar is the Director of Business Development for TELUS Security Solutions. Danny has been in the security industry for over 12 years and has worked with numerous business leaders in the security space and has spoken at industry events across Canada. Danny is also a published author and comedian performing in comedy clubs in his spare time.
Ali Afshari is an 18-year veteran of the security industry, with 7 years' experience at Cisco Canada. As Cisco Canada¹s director of enterprise security sales, Ali works with Canada¹s largest financial institutions and service providers on their security strategy. His passion is to ensure security is embedded into every aspect of IT, approaching it from an architectural view across organizations. You can follow Ali on Twitter at @Ali_Afshari for ongoing updates of security news in Canada.
A giant of a man, Gillis Jones is currently employed as a Security Consultant at Accuvant Labs. He has been engaged in web application security for the last four years, and has worked with companies to increase their security posture all the way from a Stealth Startup to a multi-million dollar business with hundreds of employees. He is the founder of the Badmin Project, and has worked with dozens of entry level security people to assist them in becoming "1337".
Gene Kim is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire for 13 years. He has written three books, including "The Visible Ops Handbook" and "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win." Gene is a huge fan of IT operations, and how it can enable developers to maximize throughput of features from "code complete" to "in production," without causing chaos and disruption to the IT environment. He has worked with some of the top Internet companies on [...]
Bill Olson is a 17-year Information Security and Information Technology industry veteran. Currently he is the Vulnerability Management Subject Matter Expert within Qualys. He is responsible for working with clients to ensure their Vulnerability Management programs are maturing and they are fully utilizing the QualysGuard Cloud Platform. As a Qualys Technical Account Manager (TAM), Bill has spent the past six years helping large enterprises build or augment their vulnerability management and compliance practices by understanding their needs and how the QualysGuard suite can benefit their businesses. Prior to joining Qualys, [...]
Leigh is a Security Engineer at Heroku, a Salesforce.com company. Prior to Heroku, she worked at Microsoft, MessageLabs/Symantec, and Bell Canada. Her career has included everything from stringing cable and building phone systems to responding to some of the most critical computer security incidents in industry history, shipping software to a billion people, and protecting infrastructure running a million apps. Her community work includes founding the HackLabTO hackerspace in Toronto, Canada, and the first feminist hackerspace, the Seattle Attic Community Workshop, as well as advising countless others and speaking about [...]
Global Security Manager - Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]
Marc Saltzman is one of North America's most recognizable and trusted tech experts. As a syndicated columnist, Marc specializes in consumer electronics, Internet trends and video games; and contributes to nearly 50 high-profile publications in Canada and the U.S., including USA Today, CNN, CanWest, Toronto Star, Sympatico, MSN, Yahoo!, Costco Connection, Movie Entertainment, AARP and Playboy. Marc, who has authored 14 books, also hosts "Gear Guide," a video segment that airs before the film begins at Cineplex and IMAX theatres, along with national TV spots (CTV News Channel) and radio [...]
David Maxwell is a Senior Systems Analyst at eSentire Inc. Maxwell has been particularly active in the NetBSD open source community and was a NetBSD Security Officer from 2001-2005. Maxwell previously worked at Coverity running the DHS sponsored Scan project to identify and resolve tens of thousands of flaws in open source codebases, and participates with the DHS Software Assurance Forums to promote new ways of analyzing system security. Maxwell was a contributor to the SANS Top-25 list in 2011.
Artem Harutyunyan is a Software Architect for Qualys. His responsibilities include design and development of distributed computing systems for storing and analyzing large volumes of data. Prior to joining Qualys Artem spent several years at CERN where he worked on the development of geographically distributed large-scale Grid and cloud computing systems. Artem holds a PhD from State Engineering University of Armenia. Artem presented at Hack In the Box security conference, as well as at numerous other international scientific conferences and workshops.
Kevin McNamee is a seasoned IT security professional with over 30 years of experience in product development and security research. As director of Alcatel-Lucent’s Motive Security Labs he is responsible for the security research team that does the malware analysis and research to support Alcatel-Lucent’s cloud based malware detection system. Previously he was director of security research at Alcatel-Lucent’s Bell Labs specializing in the analysis of malware propagation and malware detection. He has recently presented at RSA, BlackHat, SECTOR, Virus Bulletin and BSides conferences.
Director and Co-Founder, Black Arts Illuminated
A self-proclaimed IT security and privacy geek, Bruce is the co-founder of Black Arts Illuminated and its conferences and events. He is also a founding member of the Ottawa Area Security Klatch (OASK), and an active member of numerous other organizations across North America including the Seattle Cloud Security Alliance chapter. Bruce co-founded Black Arts Illuminated Inc. because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters. [...]
James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as [...]
Director and Co-Founder, Black Arts Illuminated
Brian has a passion for security and has been an active member of the IT security community for over 20 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor as part of Black Arts Illuminated. When he’s not running conferences and events, Brian maintains his technical edge as Executive Vice President, Products, New Signature, a Microsoft National Solution Provider headquartered in Washington DC. In June 2015, New Signature acquired Microsoft technology consultancy [...]
Founder and Principal Consultant, Authoritative Consulting
CISSP, GCIH, GEEK Gord Taylor is Founder and Principal Consultant at Authoritative Consulting. He is one of Canada’s most sought-after Security and Networking experts, developing and actualizing next generation Security programs for large enterprises and high-growth technology firms. Gord spent 16 years at one of Canada’s “Big 5” Financial Institutions, serving as resident expert across Information Security, Networking, Distributed Computing, and co-developed the company’s first CSIRT team more than 20 years ago. Since launching Authoritative Consulting in 2012, he has helped enterprise customers, independent software vendors, and service providers to [...]
Dr. Sridhar Muppidi is an IBM Distinguished Engineer and Chief Technology Officer for Identity & Access Management Solutions in IBM Security Systems. In this role, Sridhar drives IAM technical strategy, architecture and solutions - including mobile security and cloud security. He is technical leader with about 20 years experience in security, software product development and security solutions architecture for a number of industry verticals. He has a number of publications & patents in security and represents IBM in various open standards activities.
Todd is an IT security specialist, author of Cryptogeddon & CF Fundraiser. Todd is an operational expert with extensive experience architecting, implementing and maintaining mission critical, secure, always-on internet based systems and processes. Todd is well versed in IT security, risk management and corporate governance. Todd has earned his Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) designations. Todd has spoken at numerous local and national security events including Sector, TASK, Software Hamilton and the International Association of Privacy Professionals Privacy Symposium. Todd's wife & kids, faith, baseball, [...]
Kelly has "officially" worked in Information Security since 2003, in everything from start ups to government organizations to finance. Kelly currently runs the Application Security program at a financial company and reads a lot of source code.
G. Mark Hardy is founder and President of National Security Corporation. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is an internationally recognized expert who has spoken at over 250 events world-wide. G. Mark serves on the Advisory Board of CyberWATCH, an Information Assurance/Information Security Advanced Technology Education Center of the National Science Foundation. A graduate of Northwestern University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, [...]
Matt Johansen is a manager for WhiteHat Security¹s Threat Research Center (TRC). Matt began his career as a security consultant, where he was responsible for performing network and web application penetration tests for clients. He then took at role at WhiteHat as an application security specialist for the TRC and quickly rose through the ranks to managing more than 40 at the company¹s Houston location. In his spare time, Matt is a frequent web security instructor at San Jose State University and Adelphi University, where he received his Bachelor of [...]
Mike Rothman is President of Securosis and the author of “The Pragmatic CSO.” He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. After 20 years in security, he's one of the guys who "knows where the bodies are buried.” Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike held senior positions at SHYM Technology, CipherTrust, TruSecure and eIQnetworks. After getting fed up with vendor life, [...]
Shane MacDougall is a principal partner at Tactical Intelligence, a Canadian boutique information security firm. He also runs the threat intelligence program for a major US technology company. Shane is a frequent presenter at security conferences around the world, and is a two-time winner of the DEF CON social engineering CTF. His book, "Practical Social Engineering and OSINT," published by No Starch Press is due out in 2014.
Greg Kliewer is the Senior Principal Consultant for Layer 7 Technologies in Canada. In this role, Greg consults on the architecture, design, and delivery of strategic API Management platforms for key CA Technologies accounts nationwide. Greg joined CA when Layer 7 was acquired in 2013. With over 15 years of experience delivering secure web services and APIs for Canadian banks, insurance companies, and government ministries and agencies, Greg understands what it takes to effect comprehensive change in large organizations.
Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he was responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability.
Mr. Johnson is the chief architect of the Unisys Stealth program, which virtualizes networks into cryptographically-secured communities of interest. He has architected security solutions for PCs, servers, and mobile platforms. Mr. Johnson is also the lead security architect for the Unisys Cloud Engineering organization. As such, he is responsible for determining the security posture of the Unisys Secure Private Cloud offerings. Mr. Johnson's technical background has focused on what he calls Protocol Engineering -- developing new, innovative network protocols to solve a variety of problems. Over the last several years, [...]
Jeanne has over 20 years of sales and operations experience in the IT industry. She is a recognized expert in Software Sales, Sales Management, Global Sales Operations, and Customer Experience. She has served in senior leadership positions with prominent companies such as CA and FICO, including senior vice president of sales, vice president of client relations, and vice president of investor relations. Jeanne is frequently invited to speak at industry conferences, including Sales 2.0, the North American Conference on Customer Management, Keynote at the Institute for International Research Operational Innovation, [...]
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
John has worked in the information security field for over 15 years. His main focus has been on application security assessments and he has worked in this capacity for a number of companies in both direct and consulting roles. His work has included network penetration testing, application review, architecture design analysis, source code review, as well as physical security assessments. He was the technical editor and primary author of the book "Virtualization for Security". He was also a technical reviewer for the book "Network Security Hacks 2nd Edition"
Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]
Gary Freeman is an experienced HP ArcSight user and has been working in the IT Security industry for the last 22 years. His experience ranges from the design, development and deployment of various large network and security systems and in the last 5 years, he has been assisting security software sales with presales solution architecture. Gary currently leads a team of HP ESP Solution Architects for Canada and a presales enablement team for the AMS channel.
Cpl. Connors has been a member of the RCMP since 2003. He is a certified computer forensic examiner with the RCMP National Division Integrated Technological Crime Unit and has conducted several computer forensic examinations as well as participating in pure computer crimes and/or computer-related high profile investigations.
Sgt. Turgeon has been a member of the RCMP since 1998. He is a certified computer forensic examiner with the RCMP National Division Integrated Technological Crime Unit and has conducted several computer forensic examinations as well as participating in pure computer crimes and/or computer-related high profile investigations. He currently leads the RCMP National Division Integrated Technological Crime Unit team comprised of ten (10) computer forensic examiners / investigators.
Asst. Prof. of Computer Science, USAF Academy
Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, and information protection paradigms. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: HackCon Norway, BlackHat USA, SecTor Canada, Shmoocon DC, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted [...]
Software Developer, Network Security Engineer, Graduate Student of Computer Science - @MedivhMagus Nick is currently a graduate student researching covert channel communication utilizing wireless networking protocols. He obtained his Bachelor's Degree in Computer Science, Master's Degree in Cyber Security and is currently engaged in his second Master's Degree in Computer Science. Nick holds a Security+ certification and seeks to obtain his CISSP certification at the completion of his graduate coursework. An avid cyber security advocate, Nick has volunteered as a technical mentor working with high school students competing in the [...]
Ryan Poppa is a Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities. Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques. Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com
Ross C. Barrett, MSc, Senior Manager of Security Engineering, Rapid7, Inc. is a software engineer and security professional with a focus on vulnerability management and configuration assessment tools. At Rapid7 Ross is responsible for scanning and data collection for vulnerability, controls and compliance assessment. Previous roles include vulnerability researcher with several teams in the vulnerability management industry and roving IT fixer. Ross is frequently quoted in the press on the subject of vulnerability management and trending issues in security.
Llewellyn Derry is the Vice President of Business Development for ISC8. ISC8 has built the industry's first signature-less advanced-malware detection product that operates at 10G and above. He has over 25 years of industry experience in the commercial, federal government and overseas markets. Prior to joining ISC8 Llewellyn was with Raytheon as Sr. Director of Cyber Security Solutions. There he managed the company's worldwide cyber security R&D budget and lead a team that developed a portfolio of cyber security services for the Critical Infrastructure Protection (CIP) market for Commercial Utilities, [...]
Mark Kikta is a Security Consultant with VioPoint which is located in Auburn Hills, Michigan. Mark supports a variety of operational security programs that includes vulnerability management security monitoring and incident response. As a former Linux engineer with Secure-24, Mark tries to provide information he wishes he had known when he was starting to work with Linux in the realms of security.
Toni Buhrke, Systems Engineer – MBA, CISSP Toni Buhrke is a Senior Engineer at ForeScout Technologies. Toni has many accomplishments to her credit having worked for and with the top security companies and organizations across North America. In her role at ForeScout, Toni works with companies to evaluate and assess the Network Access Control (NAC) solutions within their environment and to architect and plan their production deployment. Toni also develops and teaches Best Practice seminars on the NAC solution and is a speaker on NAC and BYOD topics at various [...]
Yves Beretta brings over 20 years of security management and operations experience to his role at eSentire where he is responsible for all aspects of managed services delivery, including their state-of-the-art 24x7x365 Security Operations Center. Mr.Beretta leads a great team responsible for detecting and mitigating cyber threats for clients of various industry and sizes. He holds a CISSP, a CISM, and a Bachelor of Computer Science from Supinfo University of Paris. Prior to eSentire, Mr.Beretta trained thousands of IT professionals on topics such as Project Management and Object Oriented Programming. [...]
Ryan is an engineer at Risk I/O, a security "Software as a Service" company. Prior to Risk I/O he spent the majority of his career at Orbitz.com, where his varied roles included: management of the flight search farm, leader of EU information security at sister site eBookers.com, and finally architect on the security team where he explored the defensive side of security.