Past Events



Sesssions


- Expo Theatre (Hall G) '

The Threat Landscape

The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware […]

Sponsor Track
Ryan Poppa
Ross Barrett
- Expo Theatre (Hall G) '

SDN : Radically New Network Architecture, Same Old Cyber Security Protection

As Virtual Machines (VM’s) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and […]

Management
Llewellyn Derry
- Expo Theatre (Hall G) '

Popping the Penguin: An Introduction to the Principles of Linux Persistence

Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you’re in, you still have […]

Tech
Mark Kikta
- Expo Theatre (Hall G) '

Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH”

This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy […]

Sponsor Track
Toni Buhrke
- Expo Theatre (Hall G) '

Building a Security Operations Center – Lessons Learned

This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running […]

Management
Yves Beretta
- Expo Theatre (Hall G) '

Running at 99%, mitigating a layer 7 DoS

Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of […]

Tech
Ryan Huber
- Expo Theatre (Hall G) '

Today’s Cyber Threat Landscape – Prevention is no cure

AccessData will talk about Today’s Cyber Threat Landscape – The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them We will discuss how to eliminate those blind spots, allowing you to catch the data leakage your DLP misses, detect […]

Sponsor Track
Lucas Zaichkowsky
- Expo Theatre (Hall G) '

It Takes a Village: Reducing the Threat Gap by Allying with Your Competition

With the maturation of IPS and other threat prevention technologies, security vendors have significantly narrowed the patch gap, but is it enough? The rise in APTs has opened a threat gap that most likely cannot be solved without some collaboration among the good guys – even if they are the competition. Learn how organizations utilize […]

Sponsor Track
Michael A Barkett
- Expo Theatre (Hall G) '

Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber

The ugly bastard child of FAIL Panel, in its 2nd year running, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you. Vendor and FUD free since last we last remembered to wear underwear.

Management
James Arlen
Ben Sapiro
Dave Lewis
Mike Rothman
- Expo Theatre (Hall G) '

Software Refined Networking – The Path To Hell Is Paved With Good Abstraction

New application architectures, programmatic languages and frameworks, the (un)availability of exposed platform security capabilities combined with virtual/physical networking and workload mobility are beginning to stress our “best practices” from a security perspective. What are the real security issues (or hype) of Software Defined Networking (SDN) and the vision of the Software Defined Datacenter?

Tech
Christofer Hoff
- Expo Theatre (Hall G) '

Ending the information security arms race with end-to-end encryption

Information security today has evolved into a big data arms race. As vendors create ever more elaborate and sophisticated systems to flag and investigate abnormal events, the huge amounts of log data is driving up costs for storage, processing, software and network transport. A more effective, less costly information security approach is to protect information […]

Sponsor Track
Jill Walsh
- Expo Theatre (Hall G) '

Analyzing Exploit Packs: Tips & Tricks

In this 30 minute session, we will look at tips and techniques that can help malware analysts and Incident Responders perform effective analysis and de-obfuscate/decode malicious exploit code. Primary focus will be on exploit delivery obfuscation and JAR exploit debugging.

Sponsor Track
Mohamad AL-Bustami
- Expo Theatre (Hall G) '

Needle in a Haystack – Harnessing Big Data for Security

The polymorphic nature of malware, failure of signature-based security tools and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management virtually impossible using traditional approaches without copies, samples or details how can one possibly prevent, contain and inform on targeted attacks? This session will demonstrate how to […]

Tech
Dana Wolf
- Expo Theatre (Hall G) '

RATastrophe: Monitoring a Malware Menagerie

Over the last three years, our visibility into the threat landscape of civil society organizations and human rights NGOs has led to a number of discoveries about how various threat actors are engaging in espionage against civilian targets. Attacks in this area are often overlooked by AV and security companies due to the low resources […]

Tech
Seth Hardy
Katie Kleemola
- Expo Theatre (Hall G) '

Fortifying Canada’s Cyberspace: Together

The foundation of Canada’s economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to […]

Sponsor Track
John Weigelt
- Expo Theatre (Hall G) '

How they get in and how they get caught

This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]

SECurity FUNdamentals
Schuyler Towne
- Expo Theatre (Hall G) '

Fiber Channel – Your OTHER Data Center Network

The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as “a storage thing” that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel […]

Tech
Rob VandenBrink
- Expo Theatre (Hall G) '

MILLION BROWSER BOTNET

Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript — even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean […]

Tech
Matt Johansen
- Expo Theatre (Hall G) '

Modern Malware and APTs – What Current Controls Can’t See

In this seminar, Ajay K. Sood will: Discuss the motivation and nature of APT and Modern Malware Outline malware trends, and the Modern Malware lifecycle Reveal how Modern Malware defeats current countermeasures Give examples of Data Exfiltration and botnet control

Sponsor Track
Ajay Sood
- Expo Theatre (Hall G) '

Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments

This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical […]

Sponsor Track
Jamie Gamble
Mark Bassegio
- Expo Theatre (Hall G) '

Pivoting in Amazon clouds

From no access at all, to the company Amazon’s root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon’s services through it’s […]

Tech
Andrés Riancho
- Expo Theatre (Hall G) '

Malware Automation

Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools […]

Tech
Christopher Elisan
- Expo Theatre (Hall G) '

The Bad Boys of Cybercrime

These silent attackers hit more than 1,000 victims annually. They shows no prejudice, have no compassion. They come like an unseen thief in the night to steal. They are, the Bad Boys of Cyber Crime. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers […]

Sponsor Track
Chris Pogue
- Expo Theatre (Hall G) '

Frayed Edges; Monitoring a perimeter that no longer exists

The foundations of traditional network security are crumbling in the public cloud. Old assumptions will leave your cloud deployments vulnerable and exposed. In this talk, we’ll examine the existing models of network security and how you can transition to new cloud-friendly models that take advantage of dynamic cloud environments. With the stage set, we’ll dive […]

SECurity FUNdamentals
Mark Nunnikhoven
- Expo Theatre (Hall G) '

Your own pentesting army complete with air support

This talk will discuss pentesting with an army of low-powered devices running a custom Linux distro (known as The Deck). The devices are connected via 802.15.4 networking for command and control. The Deck runs on the BeagleBone and BeagleBoard family of devices. An airborne version of The Deck which (along with wireless sensors) is embedded […]

Tech
Philip Polstra
- Expo Theatre (Hall G) '

“Big Data Security, Securing the insecurable”

Big data is one of the fastest growing areas within IT. The benefits of big data have been well publicised however little is known about the actual security risks associated with the technology. This session cuts through the hype and will expose big data security risks, a new class of attack and the practical guidance […]

Tech
Kevvie Fowler
- Expo Theatre (Hall G) '

Identity & Access Governance: Key to Security or Completely Useless?

Jackson Shaw will take the audience thru the state of Identity & Access Governance and why having an IAG strategy is key to security for corporations big and small. He will also highlight how, in today’s rapidly changing environment of APTs, foreign intrigue & hacking why even with a strong IAG strategy you will still […]

Sponsor Track
Jackson Shaw
- Expo Theatre (Hall G) '

Vulnerability analysis of 2013 SCADA issues

This session is result of a yearlong study of the most recent SCADA vulnerabilities and includes root cause analysis, attack vector scrutiny, consequence of successful attack and remediation study. Attendees will get an insight into the factors that resulted in the nature and magnitude of the harmful outcomes in order to identify what actions need […]

SECurity FUNdamentals
Amol Sarwate
- Expo Theatre (Hall G) '

BREACH: SSL, Gone in 30 seconds

In this hands-on talk, we will introduce new targeted techniques and research that enable an attacker to reliably retrieve encrypted secrets (session identifiers, CSRF tokens, OAuth tokens, email addresses, ViewState hidden fields, etc.) from an HTTPS channel. We will demonstrate that this new compression oracle is real and practical by executing a PoC against a […]

Tech
Yoel Gluck
Angelo Prado
- Expo Theatre (Hall G) '

BIOS Chronomancy

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). To justify […]

Tech
John Butterworth
- Expo Theatre (Hall G) '

Securing Enterprise Mobility beyond MDM

Enterprise Mobility offers great challenges and great opportunities. There are a plethora of technologies that are constantly entering and evolving in the market (much of them overlapping) to address the security and manageability related to enterprise mobility (including BYOD). This discussion will focus on demystifying the landscape and to provide perspectives on leveraging Secure Enterprise […]

Sponsor Track
Danny Pehar
Ali Afshari
- Expo Theatre (Hall G) '

Appsec Tl;dr

Have you ever wondered what it takes to get one of those “Elusive” bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, […]

SECurity FUNdamentals
Gillis Jones
- Expo Theatre (Hall G) '

The World’s Deadliest Malware

This silent threat infects more than 1,000 victims annually. It shows no prejudice, it has no compassion. It comes like an unseen thief in the night to steal. It IS the World’s Deadliest Malware. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with […]

Tech
Chris Pogue
- Keynote Hall '

Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations

Gene Kim has been studying high-performing IT organizations since 1999. He is the author of the highly acclaimed “Visible Ops Handbook,” “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win,” and founder of Tripwire, Inc. He will be presenting his findings from an ongoing study of how high-performing IT organizations simultaneously […]

Keynote
Gene Kim
- Expo Theatre (Hall G) '

Vulnerability Management Programs and Lessons Learned from the Field

Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a “bad data” scenario where all the data collected is seen to have little or no value – which increases […]

Sponsor Track
Bill Olson
Amol Sarwate
- Expo Theatre (Hall G) '

Threat Modeling 101

Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.

SECurity FUNdamentals
Leigh Honeywell
- Expo Theatre (Hall G) '

Weaponized Security

How dangerous can you get with just the security tools you have today? Do you have access to a technology that makes searching patterns of data in the network very simple? I bet you do. Now I want you to imagine implementing that technology on an open wifi to investigate and monitor, not protect. This […]

Tech
Kellman Meghu
- Keynote Hall '

Tech it out

If you thought today’s tech was cool, to quote ’70s rocks Bachman-Turner Overdrive, “baby you ain’t seen nuthin’ yet.” This lighthearted yet informative chat focuses on 10 mind-blowing future technologies worth getting excited about. From wearable tech (like Google Glass) and virtual reality (VR) headsets to flying cars and space tourism to domestic robots and […]

Keynote
Marc Saltzman
- Expo Theatre (Hall G) '

The US Department of Homeland Security’s Software Assurance Enumerations

The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely […]

Sponsor Track
David Maxwell
- Expo Theatre (Hall G) '

Watching the watchers: hacking wireless IP security cameras

Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. […]

SECurity FUNdamentals
Artem Harutyunyan
- Expo Theatre (Hall G) '

Build Your Own Android Spy-Phone

Know your enemy! Attendees will see a live demonstration of how we built a proof-of-concept Android Spy-Phone. We will show how we developed the Android spy-phone module and demonstrate how to inject it into legitimate applications to infect unsuspecting victims. We will demonstrate how the spy-phone command and control server can take complete control of […]

Tech
Kevin McNamee
- Keynote Hall '

Crossing the line; career building in the IT security industry

Ever crossed the line in order to learn your trade in the security world? Or perhaps is there really a line? A recent study suggests that many of us feel that in order to build our careers in the IT security industry, the line might blur to help us learn. A common thread is that […]

Keynote
Bruce Cowper
James Arlen
Leigh Honeywell
Brian Bourne
Gord Taylor
- Expo Theatre (Hall G) '

Enabling Access Assurance and Identity Intelligence for a multi-perimeter world

In today’s increasing open and interconnected enterprise, traditional perimeters are quickly being extended to multi-perimeters to support secure adoption of mobile, cloud, social and information interactions. The traditional network, IT, and end-point security capabilities are being enhanced to support these interactions and similar demands are put on the Identity and Access Management systems too. In […]

Sponsor Track
Sridhar Muppidi
- Expo Theatre (Hall G) '

CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game

A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of […]

SECurity FUNdamentals
Todd Dow
- Expo Theatre (Hall G) '

.NET Reversing: The Framework, The Myth, The Legend

This talk will cover the current state of the art in .NET reversing, down from PE format of .NET assemblies through various types of obfuscation, and into reversing tools and techniques. Finally, we will explore reversing popular .NET RE tools in an attempt to modify their behavior.

Tech
Kelly Lum
- Keynote Hall '

How the West was Pwned

Can you hear it? The giant sucking sound to the East? With it are going more than just manufacturing jobs — it’s our manufacturing know how, intellectual property, military secrets, and just about anything you can think of. If we’re one of the most advanced technological nations on Earth, how are the People’s Republic of […]

Keynote
G. Mark Hardy
- Expo Theatre (Hall G) '

Information & Risk Mitigation

Information is the lifeblood of today’s connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create – from digital photos to business critical data – increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more […]

Sponsor Track
Neils Johnson
- Expo Theatre (Hall G) '

FUFW: 5 Steps to Re-architecting Your Perimeter

The hype train around next-generation firewalls (NGFW) continues to race forward, but replacing one device with a new shiny object isn’t going to ultimately solve the security problem. Securosis analyst Mike Rothman will put NGFW into proper context regarding the evolution of network security and give you 5 steps to move your perimeter protection forward.

Management
Mike Rothman
- Expo Theatre (Hall G) '

CeilingCat IS Watching You

It shouldn’t be news to anyone that people share too much information online. In fact, one major problem that attackers and defenders have is the sheer volume of data that they need to sort through. In this presentation, Shane MacDougall will demonstrate leaked information that can lead to a successful attack, walk through a couple […]

Tech
Shane MacDougall
- Expo Theatre (Hall G) '

Trust No One: The New Security Model for Web APIs

There are many great things about the new world of mobile and cloud applications. They enable us to be more connected and productive in our daily lives, whether it be tracking our exercise with a mobile app, banking on our phones, or seamlessly accessing the same data – whether it be for business or personal […]

Sponsor Track
Greg Kliewer

Sponsors


No Sponsor found.

Speakers


Ryan Poppa

Ryan Poppa


Ryan Poppa is a Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities. Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques. Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com

Ross Barrett

Ross Barrett


Ross C. Barrett, MSc, Senior Manager of Security Engineering, Rapid7, Inc. is a software engineer and security professional with a focus on vulnerability management and configuration assessment tools. At Rapid7 Ross is responsible for scanning and data collection for vulnerability, controls and compliance assessment. Previous roles include vulnerability researcher with several teams in the vulnerability management industry and roving IT fixer. Ross is frequently quoted in the press on the subject of vulnerability management and trending issues in security.

Llewellyn Derry

Llewellyn Derry


Llewellyn Derry is the Vice President of Business Development for ISC8. ISC8 has built the industry's first signature-less advanced-malware detection product that operates at 10G and above. He has over 25 years of industry experience in the commercial, federal government and overseas markets. Prior to joining ISC8 Llewellyn was with Raytheon as Sr. Director of Cyber Security Solutions. There he managed the company's worldwide cyber security R&D budget and lead a team that developed a portfolio of cyber security services for the Critical Infrastructure Protection (CIP) market for Commercial Utilities, [...]

Mark Kikta

Mark Kikta


Mark Kikta is a Security Consultant with VioPoint which is located in Auburn Hills, Michigan. Mark supports a variety of operational security programs that includes vulnerability management security monitoring and incident response. As a former Linux engineer with Secure-24, Mark tries to provide information he wishes he had known when he was starting to work with Linux in the realms of security.

Toni Buhrke

Toni Buhrke


Toni Buhrke, Systems Engineer – MBA, CISSP Toni Buhrke is a Senior Engineer at ForeScout Technologies. Toni has many accomplishments to her credit having worked for and with the top security companies and organizations across North America. In her role at ForeScout, Toni works with companies to evaluate and assess the Network Access Control (NAC) solutions within their environment and to architect and plan their production deployment. Toni also develops and teaches Best Practice seminars on the NAC solution and is a speaker on NAC and BYOD topics at various [...]

Yves Beretta

Yves Beretta


Yves Beretta brings over 20 years of security management and operations experience to his role at eSentire where he is responsible for all aspects of managed services delivery, including their state-of-the-art 24x7x365 Security Operations Center. Mr.Beretta leads a great team responsible for detecting and mitigating cyber threats for clients of various industry and sizes. He holds a CISSP, a CISM, and a Bachelor of Computer Science from Supinfo University of Paris. Prior to eSentire, Mr.Beretta trained thousands of IT professionals on topics such as Project Management and Object Oriented Programming. [...]

Ryan Huber

Ryan Huber


Ryan is an engineer at Risk I/O, a security "Software as a Service" company. Prior to Risk I/O he spent the majority of his career at Orbitz.com, where his varied roles included: management of the flight search farm, leader of EU information security at sister site eBookers.com, and finally architect on the security team where he explored the defensive side of security.

Lucas Zaichkowsky

Lucas Zaichkowsky


Lucas Zaichkowsky is the Enterprise Defense Architect at AccessData, responsible for providing expert guidance on the topic of CyberSecurity. Prior to joining AccessData, Lucas was a Technical Engineer at Mandiant where he worked with Fortune 500 organizations, the Defense Industrial Base, and government institutions to deploy measures designed to defend against the world's most sophisticated attack groups.

Michael A Barkett

Michael A Barkett


Mike Barkett is the Head of the Business Solution Center for Check Point, which he joined as part of the company's 2007 acquisition of NFR Security. He brings over fifteen years of professional IT Security experience to Check Point. In his current capacity, Mr. Barkett manages strategic market opportunities, systems integration, and complex security challenges, focusing on the advanced technologies – such as IPS, Application Control, DLP, and security virtualization -- that go beyond the fundamental firewall functionality that has been a hallmark of Check Point's two-decade track record of [...]

James Arlen

James Arlen


James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as [...]

Ben Sapiro

Ben Sapiro


Ben Sapiro is the Senior Director of Security, Privacy and Compliance at Vision Critical (a SaaS company) and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school. Other than that, he’s a typical middle-aged Canadian who has worked at $companies doing $work to earn Canadian pesos. Ben is a regular contributor on LiquidMatrix Podcast (whenever we get around to recording it) and helps run BSidesTO.  

Dave Lewis

Dave Lewis

Global Security Advocate


Dave has over two decades of industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies . He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave writes a column for Forbes and Huffington Post.

Mike Rothman

Mike Rothman


Mike Rothman is President of Securosis and the author of “The Pragmatic CSO.” He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and compliance. After 20 years in security, he's one of the guys who "knows where the bodies are buried.” Starting his career as a programmer and a networking consultant, Mike joined META Group in 1993 and spearheaded META's initial foray into information security research. Mike held senior positions at SHYM Technology, CipherTrust, TruSecure and eIQnetworks. After getting fed up with vendor life, [...]

Christofer Hoff

Christofer Hoff


Christofer Hoff is VP of Strategy & Planning at Juniper Networks' Security Business Unit, previously serving as chief security architect, responsible for worldwide security solutions architecture, customer advocacy, and field enablement. He was previously director of cloud & virtualization solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Prior to Cisco, he was Unisys Corporation's chief security architect, served as Crossbeam Systems' chief security strategist, was the [...]

Jill Walsh

Jill Walsh


Ms. Walsh is a PreSales Architect for the Unisys Software Channel team, currently focused on the Unisys Stealth program, which virtualizes networks into cryptographically-secured communities of interest. She is architecting network security solutions for Unisys Partners and Clients that encompass Data Centers, Cloud, Remote Access, and Regional Isolation. Ms. Walsh's technical background has spanned many Unisys enterprise class, mission critical solution offerings including legacy mainframes, open enterprise servers and network protocols

Mohamad AL-Bustami

Mohamad AL-Bustami


Experienced and accomplished Information Security Professional with intensive knowledge of Vulnerability Management and Assessment, Threat Intelligence, Cyber Security, Malware Analysis, and Incident Handling. With extensive experience in Academia, Financial Services industry, Security Consulting, and Managed Security Services, Mohamad brings a wealth of knowledge from many different Security perspectives and holds industry certifications including CISA, GREM and GCIH.

Dana Wolf

Dana Wolf


Dana Wolf is the Sr. Director for Products at OpenDNS. Previously she was Director of Products at Rapid7, responsible for product development of Nexpose, Metasploit and ControlsInsight. Prior to Rapid7 Dana worked at RSA as a Director of New and Advanced Development for the Office of the CTO. She was responsible for developing new security technologies and business opportunities in the areas of virtualization security, hardware root of trust, advanced security operations and GRC. Dana also managed CTO operations and RSA's advanced development engineering team. She joined RSA in 2004 [...]

Seth Hardy

Seth Hardy


Seth Hardy is a Senior Security Analyst at the Citizen Lab, Munk School of Global Affairs, University of Toronto. Prior to the Citizen Lab, he worked for a large anti-virus vendor. Seth has worked extensively on analysis of document-based malware and AV evasion methods. His other areas of experience include provably secure cryptography, random number generators, and network vulnerability research. Seth has spoken at a number of security conferences including Black Hat, DEF CON, SecTor, and the CCC. He holds degrees from Worcester Polytechnic Institute in Mathematics and Computer Science.

Katie Kleemola

Katie Kleemola


Katie Kleemola is a Security Analyst at the Citizen Lab, Munk School of Global Affairs, University of Toronto where she works on reverse engineering malware targeted at human rights organizations. Prior to joining the Citizen Lab, she worked as a software developer at a large corporation. Katie holds an Honours Bachelor of Science in Computer Science from the University of Toronto.

John Weigelt

John Weigelt


John drives Microsoft Canada's strategic policy and technology efforts. He is the lead advocate for the use of technology by private and public sectors, economic development, innovation, environmental sustainability, accessibility, privacy, and security.

Schuyler Towne

Schuyler Towne


Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.

Rob VandenBrink

Rob VandenBrink


Rob VandenBrink is a consultant with Metafore in Canada, specializing in Networking, Security and Virtualization. He has clients in manufacturing, finance and entertainment with locations in almost every time zone. He holds several industry certifications, as well as a Master's degree with the SANS Technology Institute.  He co-authors SANS SEC579 - Virtualization and Private Cloud Security.  Rob is also an Incident Handler with the Internet Storm Center - look for his posts at http://isc.sans.edu !

Matt Johansen

Matt Johansen

Director of Security, Honest Dollar


Matt Johansen is the Director of Security at Honest Dollar, a Financial Tech company in Austin, Texas where he is charged with building an Information Security program from the ground up. Previously he was the Director of Services and Research at WhiteHat Security where he oversaw the development and execution of their service related product lines. In addition to these services, Matt also performs research on application security topics that he discusses on the corporate blog and is often invited to present at conferences around the world.

Ajay Sood

Ajay Sood


 Ajay K. Sood (B. Eng, CISSP, GSEC) has been instrumental in introducing many leading and disruptive security vendors to Canada, and is currently the Vice-President and General Manager for FireEye Canada. A technologist and security strategist, Ajay has participated in the architecture and implementation of some of the largest and most robust perimeters in Canada as well as internationally.

Jamie Gamble

Jamie Gamble

Independent Security Consultant


Jamie Gamble started his professional career as a programmer before joining the research team at nCircle, where he worked on automating detection of web and network based vulnerabilities. He then began working for security centric consulting companies specializing in auditing complex applications and performing red team assessments. His experience also includes malware analysis and proactive adversary hunting. Jamie is deeply involved in the security community and is a co-organizer of the international security conference REcon which focuses on advanced security research and reverse engineering. He is a co-founder of Bsides [...]

Mark Bassegio

Mark Bassegio

Independent Security Consultant


Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.

Andrés Riancho

Andrés Riancho


Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications. His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by [...]

Christopher Elisan

Christopher Elisan


Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their [...]

Mark Nunnikhoven

Mark Nunnikhoven

Vice President of Cloud Research, Trend Micro


Mark Nunnikhoven is the Vice President of Cloud Research at Trend Micro. He is one of the foremost experts on cloud technologies and cybersecurity issues. With a focus on modernizing security practices and usable security systems at scale, Mark works with clients and partners around the world. Often quoted in the media both at home in Canada and internationally, Mark is an engaging public speaker, an O'Reilly video author, an accomplished computer scientist, and security leader. You can reach Mark online at http://markn.ca or on Twitter @marknca.

Philip Polstra

Philip Polstra


Philip cleaned out his savings at age 8 in order to buy a TI99-4A computer for the sum of $450. Two years later he learned 6502 assembly and has been hacking computers and electronics ever since. Phil currently works as a professor at a private Midwestern university. He teaches computer security and forensics. His current research focus involves use of microcontrollers and small embedded computers for forensics and pentesting. Prior to entering academia, Phil held several high level positions at well-known US companies. He holds a couple of the usual [...]

Kevvie Fowler

Kevvie Fowler


Kevvie Fowler is a partner in KPMG Canada's forensic practice and is an information security and data analytics specialist. As author of SQL Server Forensic Analysis and contributing author to several security and forensics books Kevvie is a recognized advisor who supports organizations across Canada and abroad. Kevvie also teaches database forensics to law enforcement agencies across North America and sits on the SANS GIAC Advisory Board where he guides the direction of emerging security and forensics research. Prior to joining KPMG, Kevvie Fowler managed his own professional services company [...]

Jackson Shaw

Jackson Shaw


Jackson Shaw is Senior Director of Product Management for Dell Software Group's Identity and Access Management product line. He joined Dell as part of the Quest Software acquisition. Prior to Quest, Jackson was an integral member of Microsoft's Identity & Access Management product management team within the Windows Server Marketing group at Microsoft. While at Microsoft he was responsible for product planning and marketing around Microsoft's identity & access management products including Active Directory and Microsoft Identity Integration Server. Jackson began his identity management career as an early employee at [...]

Amol Sarwate

Amol Sarwate


Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software, which identifies new vulnerabilities and insecure posture for Qualys' VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, [...]

Yoel Gluck

Yoel Gluck


Yoel Gluck is a security researcher with 12 years of experience in the industry. He is currently a Lead Product Security Engineer at Salesforce.com. Yoel graduated from Bar-Ilan University (Israel) with a B.Sc in Computer Science and Math. Using his experience as a software engineer, he attempts to break applications by analyzing developer design patterns. His research areas include web application, network, virtualization, encryption, and email security. When he's not busy analyzing security risks, he enjoys spending time with his two-year-old daughter.

Angelo Prado

Angelo Prado


Angelo Prado is a Lead Product Security Engineer at Salesforce.com. He has worked as a software and security engineer for Microsoft and Motorola. Angelo has been involved with the security community for over 8 years, and he has spoken at Black Hat USA, Georgetown University (Washington, D.C.), Comillas University (Madrid) and GSICKMinds (Coruña, Spain). His passions & research include web application security, windows security, browsers, malware analysis and Spanish Jamón.

John Butterworth

John Butterworth


John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. He is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.

Danny Pehar

Danny Pehar


Danny Pehar is the Director of Business Development for TELUS Security Solutions. Danny has been in the security industry for over 12 years and has worked with numerous business leaders in the security space and has spoken at industry events across Canada. Danny is also a published author and comedian performing in comedy clubs in his spare time.

Ali Afshari

Ali Afshari


Ali Afshari is an 18-year veteran of the security industry, with 7 years' experience at Cisco Canada. As Cisco Canada¹s director of enterprise security sales, Ali works with Canada¹s largest financial institutions and service providers on their security strategy. His passion is to ensure security is embedded into every aspect of IT, approaching it from an architectural view across organizations. You can follow Ali on Twitter at @Ali_Afshari for ongoing updates of security news in Canada.

Gillis Jones

Gillis Jones


A giant of a man, Gillis Jones is currently employed as a Security Consultant at Accuvant Labs. He has been engaged in web application security for the last four years, and has worked with companies to increase their security posture all the way from a Stealth Startup to a multi-million dollar business with hundreds of employees. He is the founder of the Badmin Project, and has worked with dozens of entry level security people to assist them in becoming "1337".

Gene Kim

Gene Kim


Gene Kim is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire for 13 years. He has written three books, including "The Visible Ops Handbook" and "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win." Gene is a huge fan of IT operations, and how it can enable developers to maximize throughput of features from "code complete" to "in production," without causing chaos and disruption to the IT environment. He has worked with some of the top Internet companies on [...]

Bill Olson

Bill Olson


Bill Olson is a 17-year Information Security and Information Technology industry veteran. Currently he is the Vulnerability Management Subject Matter Expert within Qualys. He is responsible for working with clients to ensure their Vulnerability Management programs are maturing and they are fully utilizing the QualysGuard Cloud Platform. As a Qualys Technical Account Manager (TAM), Bill has spent the past six years helping large enterprises build or augment their vulnerability management and compliance practices by understanding their needs and how the QualysGuard suite can benefit their businesses. Prior to joining Qualys, [...]

Leigh Honeywell

Leigh Honeywell

Security Engineer


Leigh is a Security Engineer at Heroku, a Salesforce.com company. Prior to Heroku, she worked at Microsoft, MessageLabs/Symantec, and Bell Canada. Her career has included everything from stringing cable and building phone systems to responding to some of the most critical computer security incidents in industry history, shipping software to a billion people, and protecting infrastructure running a million apps. Her community work includes founding the HackLabTO hackerspace in Toronto, Canada, and the first feminist hackerspace, the Seattle Attic Community Workshop, as well as advising countless others and speaking about [...]

Kellman Meghu

Kellman Meghu

Global Security Manager - Sycomp


Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]

Marc Saltzman

Marc Saltzman


Marc Saltzman is one of North America's most recognizable and trusted tech experts. As a syndicated columnist, Marc specializes in consumer electronics, Internet trends and video games; and contributes to nearly 50 high-profile publications in Canada and the U.S., including USA Today, CNN, CanWest, Toronto Star, Sympatico, MSN, Yahoo!, Costco Connection, Movie Entertainment, AARP and Playboy. Marc, who has authored 14 books, also hosts "Gear Guide," a video segment that airs before the film begins at Cineplex and IMAX theatres, along with national TV spots (CTV News Channel) and radio [...]

David Maxwell

David Maxwell


David Maxwell is a Senior Systems Analyst at eSentire Inc. Maxwell has been particularly active in the NetBSD open source community and was a NetBSD Security Officer from 2001-2005. Maxwell previously worked at Coverity running the DHS sponsored Scan project to identify and resolve tens of thousands of flaws in open source codebases, and participates with the DHS Software Assurance Forums to promote new ways of analyzing system security. Maxwell was a contributor to the SANS Top-25 list in 2011.

Artem Harutyunyan

Artem Harutyunyan


Artem Harutyunyan is a Software Architect for Qualys. His responsibilities include design and development of distributed computing systems for storing and analyzing large volumes of data. Prior to joining Qualys Artem spent several years at CERN where he worked on the development of geographically distributed large-scale Grid and cloud computing systems. Artem holds a PhD from State Engineering University of Armenia. Artem presented at Hack In the Box security conference, as well as at numerous other international scientific conferences and workshops.

Kevin McNamee

Kevin McNamee


Kevin McNamee is a seasoned IT security professional with over 30 years of experience in product development and security research. As director of Alcatel-Lucent’s Motive Security Labs he is responsible for the security research team that does the malware analysis and research to support Alcatel-Lucent’s cloud based malware detection system. Previously he was director of security research at Alcatel-Lucent’s Bell Labs specializing in the analysis of malware propagation and malware detection. He has recently presented at RSA, BlackHat, SECTOR, Virus Bulletin and BSides conferences.

Bruce Cowper

Bruce Cowper

Co-Founder, Black Arts Illuminated


A self-proclaimed IT security and privacy geek, Bruce is the co-founder of Black Arts Illuminated and its conferences and events. He is also a founding member of the Ottawa Area Security Klatch (OASK), and an active member of numerous other organizations across North America including the Seattle Cloud Security Alliance chapter. Bruce co-founded Black Arts Illuminated Inc. because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters. [...]

Brian Bourne

Brian Bourne

Director and Co-Founder, Black Arts Illuminated


Brian has a passion for security and has been an active member of the IT security community for over 20 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor as part of Black Arts Illuminated. When he’s not running conferences and events, Brian maintains his technical edge as Executive Vice President, Products, New Signature, a Microsoft National Solution Provider headquartered in Washington DC. In June 2015, New Signature acquired Microsoft technology consultancy [...]

Gord Taylor

Gord Taylor

Founder and Principal Consultant, Authoritative Consulting


CISSP, GCIH, GEEK Gord Taylor is Founder and Principal Consultant at Authoritative Consulting.  He is one of Canada’s most sought-after Security and Networking experts, developing and actualizing next generation Security programs for large enterprises and high-growth technology firms. Gord spent 16 years at one of Canada’s “Big 5” Financial Institutions, serving as resident expert across Information Security, Networking, Distributed Computing, and co-developed the company’s first CSIRT team more than 20 years ago.  Since launching Authoritative Consulting in 2012, he has helped enterprise customers, independent software vendors, and service providers to [...]

Sridhar Muppidi

Sridhar Muppidi


Dr. Sridhar Muppidi is an IBM Distinguished Engineer and Chief Technology Officer for Identity & Access Management Solutions in IBM Security Systems. In this role, Sridhar drives IAM technical strategy, architecture and solutions - including mobile security and cloud security. He is technical leader with about 20 years experience in security, software product development and security solutions architecture for a number of industry verticals. He has a number of publications & patents in security and represents IBM in various open standards activities.

Todd Dow

Todd Dow


Todd is an IT security specialist, author of Cryptogeddon & CF Fundraiser. Todd is an operational expert with extensive experience architecting, implementing and maintaining mission critical, secure, always-on internet based systems and processes. Todd is well versed in IT security, risk management and corporate governance. Todd has earned his Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) designations. Todd has spoken at numerous local and national security events including Sector, TASK, Software Hamilton and the International Association of Privacy Professionals Privacy Symposium. Todd's wife & kids, faith, baseball, [...]

Kelly Lum

Kelly Lum


Kelly has "officially" worked in Information Security since 2003, in everything from start ups to government organizations to finance. Kelly currently runs the Application Security program at a financial company and reads a lot of source code.

G. Mark Hardy

G. Mark Hardy


G. Mark Hardy is founder and President of National Security Corporation. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is an internationally recognized expert who has spoken at over 250 events world-wide. G. Mark serves on the Advisory Board of CyberWATCH, an Information Assurance/Information Security Advanced Technology Education Center of the National Science Foundation. A graduate of Northwestern University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, [...]

Neils Johnson

Neils Johnson


Matt Johansen is a manager for WhiteHat Security¹s Threat Research Center (TRC). Matt began his career as a security consultant, where he was responsible for performing network and web application penetration tests for clients. He then took at role at WhiteHat as an application security specialist for the TRC and quickly rose through the ranks to managing more than 40 at the company¹s Houston location. In his spare time, Matt is a frequent web security instructor at San Jose State University and Adelphi University, where he received his Bachelor of [...]

Shane MacDougall

Shane MacDougall


Shane MacDougall is a principal partner at Tactical Intelligence, a Canadian boutique information security firm. He also runs the threat intelligence program for a major US technology company. Shane is a frequent presenter at security conferences around the world, and is a two-time winner of the DEF CON social engineering CTF. His book, "Practical Social Engineering and OSINT," published by No Starch Press is due out in 2014.

Greg Kliewer

Greg Kliewer


Greg Kliewer is the Senior Principal Consultant for Layer 7 Technologies in Canada. In this role, Greg consults on the architecture, design, and delivery of strategic API Management platforms for key CA Technologies accounts nationwide. Greg joined CA when Layer 7 was acquired in 2013. With over 15 years of experience delivering secure web services and APIs for Canadian banks, insurance companies, and government ministries and agencies, Greg understands what it takes to effect comprehensive change in large organizations.