Enterprise Mobility offers great challenges and great opportunities. There are a plethora of technologies that are constantly entering and evolving in the market (much of them overlapping) to address the security and manageability related to enterprise mobility (including BYOD). This discussion will focus on demystifying the landscape and to provide perspectives on leveraging Secure Enterprise […]
Have you ever wondered what it takes to get one of those “Elusive” bug bounties that people are always snapping up? In this presentation, Gillis Jones will walk you through the fundamentals of the web, and on to the art of hacking the planet. Complete with examples, secrets that the professionals try and keep quiet, […]
This silent threat infects more than 1,000 victims annually. It shows no prejudice, it has no compassion. It comes like an unseen thief in the night to steal. It IS the World’s Deadliest Malware. Point of Sale breaches continue to plague the business world. Credit card data is being stolen in ever increasing numbers with […]
Gene Kim has been studying high-performing IT organizations since 1999. He is the author of the highly acclaimed “Visible Ops Handbook,” “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win,” and founder of Tripwire, Inc. He will be presenting his findings from an ongoing study of how high-performing IT organizations simultaneously […]
Often Vulnerability Management program managers are missing the mark by focusing on the wrong information, communicating poorly and not understanding the business criticality as it relates to the technical risk found in scanning. This creates a “bad data” scenario where all the data collected is seen to have little or no value – which increases […]
Threat modeling allows developers and security professionals to collaborate and catch vulns before they ship – and potentially before the code is even written. In this hands-on workshop, Leigh will teach the basics of threat modeling using a game called Elevation of Privilege.
How dangerous can you get with just the security tools you have today? Do you have access to a technology that makes searching patterns of data in the network very simple? I bet you do. Now I want you to imagine implementing that technology on an open wifi to investigate and monitor, not protect. This […]
If you thought today’s tech was cool, to quote ’70s rocks Bachman-Turner Overdrive, “baby you ain’t seen nuthin’ yet.” This lighthearted yet informative chat focuses on 10 mind-blowing future technologies worth getting excited about. From wearable tech (like Google Glass) and virtual reality (VR) headsets to flying cars and space tourism to domestic robots and […]
The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely […]
Low cost commodity IP surveillance cameras are becoming increasingly popular among households and small businesses. As of April 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there are many models by different vendors, most of them are actually based on the identical hardware and firmware setup. […]
Know your enemy! Attendees will see a live demonstration of how we built a proof-of-concept Android Spy-Phone. We will show how we developed the Android spy-phone module and demonstrate how to inject it into legitimate applications to infect unsuspecting victims. We will demonstrate how the spy-phone command and control server can take complete control of […]
Ever crossed the line in order to learn your trade in the security world? Or perhaps is there really a line? A recent study suggests that many of us feel that in order to build our careers in the IT security industry, the line might blur to help us learn. A common thread is that […]
In today’s increasing open and interconnected enterprise, traditional perimeters are quickly being extended to multi-perimeters to support secure adoption of mobile, cloud, social and information interactions. The traditional network, IT, and end-point security capabilities are being enhanced to support these interactions and similar demands are put on the Identity and Access Management systems too. In […]
A CSEC cybersecurity analyst has gone rogue. He has taken a large cache of top secret files that include the names and identities of several secret agents working in foreign countries. This rogue analyst has stowed these files on the internet in an encrypted format and he is now threatening to share the location of […]
This talk will cover the current state of the art in .NET reversing, down from PE format of .NET assemblies through various types of obfuscation, and into reversing tools and techniques. Finally, we will explore reversing popular .NET RE tools in an attempt to modify their behavior.
Can you hear it? The giant sucking sound to the East? With it are going more than just manufacturing jobs — it’s our manufacturing know how, intellectual property, military secrets, and just about anything you can think of. If we’re one of the most advanced technological nations on Earth, how are the People’s Republic of […]
Information is the lifeblood of today’s connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create – from digital photos to business critical data – increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more […]
The hype train around next-generation firewalls (NGFW) continues to race forward, but replacing one device with a new shiny object isn’t going to ultimately solve the security problem. Securosis analyst Mike Rothman will put NGFW into proper context regarding the evolution of network security and give you 5 steps to move your perimeter protection forward.
It shouldn’t be news to anyone that people share too much information online. In fact, one major problem that attackers and defenders have is the sheer volume of data that they need to sort through. In this presentation, Shane MacDougall will demonstrate leaked information that can lead to a successful attack, walk through a couple […]
There are many great things about the new world of mobile and cloud applications. They enable us to be more connected and productive in our daily lives, whether it be tracking our exercise with a mobile app, banking on our phones, or seamlessly accessing the same data – whether it be for business or personal […]
Threats have changed in dramatic and unexpected ways around the world over the past year as attackers continue to hone and evolve their strategies and tactics, and Internet-connected devices proliferate. Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide […]
Two ongoing industry trends are in conflict with each other. On the one hand, networks are increasingly being consolidated into shared infrastructure utilized by many different clients. From converged hardware networks, through virtualized IT shops, into the cloud, more and more traffic is being merged and intermixed on this shared infrastructure. Conversely, industry regulatory and […]
When CISOs are briefing their executive teams or boards on the organization’s security (usually only when there’s a security incident), this is usually the challenge. Distill the volumes of data, assets, silos, operations, threats, and remediations down to a couple of key points. And this is to an audience who typically get their security information […]
With the rush to take advantage of all “the Cloud” has to offer, many companies are struggling with the new reality that their data is being sent outside the confines of the corporate environment and being stored in multiple geographic locations. With the Cloud comes the challenge of securing your data, understanding where it is […]
You put your credit card in, I take your cash out. Point of Sale systems and Cash Machines are frequently targeted but rarely discussed. This talk will be a frank discussion about the types of attacks Ryan and John have both seen and executed against these types of machines, where these systems are vulnerable from […]
Many Security Analysts are tasked with assisting in Corporate Governance. This session explores the concept of network forensic investigations using a SIEM, and how security analysts can use it to assist in Governance, HR or law enforcement with network interception to gather evidence that must preserve chain-of-custody. With the challenges of cloud-based computing and mobile […]
Evidence handling is of primary importance for the RCMP Tech Crime Unit Members when called upon to investigate a possible cybercrime. When such an incident occurs, it is important that the IT personnel in place is in a position to clearly identify the potential digital-related evidence and to properly preserve it upon the arrival of […]
Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards to network defense and exploitation. Most security professionals know about these advanced tools; many people have even discussed the overall concept regarding command and control of networked systems, however, many experts to not yet understand how to create a botnet […]
The Rapid7 Labs team vigilantly scans the horizon to discover new tactics being used by attackers as well as wide-spread vulnerabilities that must be addressed. The team has uncovered a myriad of important issues including significant configuration issues with serial servers, Amazon S3 storage, UPnP and more. The team is consistently tracking and analyzing malware […]
As Virtual Machines (VM’s) were the disruptive technology at the end of last century for server and storage platforms, Software Defined Networks (SDN) will be (already is) the first industry-changing, disruptive technology for switch and router platforms in this young century. SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and […]
Breaking in is half the battle. I’ve talked to so many people whose only objective is to try and break into systems. I get that. It’s awesome, the rush you get when you bring up that shell. But what then? Ops hardening does not end at the outer shell. Once you’re in, you still have […]
This session will highlight how Network Access Control is the ultimate patch checking system. By utilizing a set of key protocols NAC will define and implement a policy that will define the access requirement for devices attempting to access your network. Those policies are designed to look for among other things pre-admission endpoint security policy […]
This presentation will go through the various steps required to craft a Security Operations Center; including hiring and managing an array of human resources, monitoring, reporting, and mitigating technology, and covering the definition of repeatable, scalable processes, such as the OODA loop. The presentation will address the fundamental concepts related to training, structuring, and running […]
Application-Level Denial of Service (DoS) attacks are a threat to nearly everyone hosting content on the Internet. DoS attacks are simple to launch, but are often very difficult to defend against. Modern websites are a diverse set of moving parts, and a malicious actor only needs to find the point at which any one of […]
AccessData will talk about Today’s Cyber Threat Landscape – The traditional cyber security infrastructure is riddled with blind spots… open doorways for threats you can’t see, because the tools you’re relying on can’t see them We will discuss how to eliminate those blind spots, allowing you to catch the data leakage your DLP misses, detect […]
With the maturation of IPS and other threat prevention technologies, security vendors have significantly narrowed the patch gap, but is it enough? The rise in APTs has opened a threat gap that most likely cannot be solved without some collaboration among the good guys – even if they are the competition. Learn how organizations utilize […]
The ugly bastard child of FAIL Panel, in its 2nd year running, a discussion on Malware letters received to our mailbag and other general observations on infosec. We’ll disagree, agree, talk over each other, ramble until cut-off, throw things and generally entertain you. Vendor and FUD free since last we last remembered to wear underwear.
New application architectures, programmatic languages and frameworks, the (un)availability of exposed platform security capabilities combined with virtual/physical networking and workload mobility are beginning to stress our “best practices” from a security perspective. What are the real security issues (or hype) of Software Defined Networking (SDN) and the vision of the Software Defined Datacenter?
Information security today has evolved into a big data arms race. As vendors create ever more elaborate and sophisticated systems to flag and investigate abnormal events, the huge amounts of log data is driving up costs for storage, processing, software and network transport. A more effective, less costly information security approach is to protect information […]
In this 30 minute session, we will look at tips and techniques that can help malware analysts and Incident Responders perform effective analysis and de-obfuscate/decode malicious exploit code. Primary focus will be on exploit delivery obfuscation and JAR exploit debugging.
The polymorphic nature of malware, failure of signature-based security tools and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management virtually impossible using traditional approaches without copies, samples or details how can one possibly prevent, contain and inform on targeted attacks? This session will demonstrate how to […]
Over the last three years, our visibility into the threat landscape of civil society organizations and human rights NGOs has led to a number of discoveries about how various threat actors are engaging in espionage against civilian targets. Attacks in this area are often overlooked by AV and security companies due to the low resources […]
The foundation of Canada’s economy is increasingly dependent of the digital infrastructure that supports all sectors of industry. Confidence in this infrastructure is essential if individuals and businesses are to harness the opportunities it presents. Maintaining this confidence is a complex challenge, especially in face of continually evolving threats. Staying ahead of the threats to […]
This talk will take you through the basics of how to pick, rake, bump, impression and bypass a lock, but be careful, you’re leaving a lot of evidence behind. Using datagram’s work at lockpickingforensics.com as a jumping off point we’ll explore how a picker gets in, and how, with careful observation and some practice, we […]
The majority of large datacenter storage architectures in the world are currently based on Fiber Channel networks. Unfortunately, the emphasis on security, compliance, and audit remains on hosts and traditional Ethernet networks, leaving the Fiber Channel behind as “a storage thing” that for some reason is never secured. Abdicating this responsibility leaves the Fiber Channel […]
Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript — even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean […]
In this seminar, Ajay K. Sood will: Discuss the motivation and nature of APT and Modern Malware Outline malware trends, and the Modern Malware lifecycle Reveal how Modern Malware defeats current countermeasures Give examples of Data Exfiltration and botnet control
This session will discuss conducing physical penetration tests in environments that have some level of security protections. A general framework of social engineering, physical intrusions and practical reviews will be proposed. We will explore how to bypass hard physical security controls, how to conduct comprehensive physical security assessments and how to implement more effective physical […]
From no access at all, to the company Amazon’s root account, this talk will teach attendees about the components used in cloud applications like: EC2, SQS, IAM, RDS, meta-data, user-data, Celery; and how misconfigurations in each can be abused to gain access to operating systems, database information, application source code and Amazon’s services through it’s […]
Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools […]
With more than 20 years’ experience in the cybersecurity industry, Danny Pehar has become one of its foremost experts. As a member of the Forbes Technology Council, Danny is also a monthly cybersecurity content contributor to the renowned business magazine. His media portfolio also includes regular television appearances that have built him an engaged broadcast audience and social media following. As the architect of the Cybercrime Equation, Danny works closely with the Toronto Police Cyber task force as well as the FBI cyber task force. He also sits on the [...]
General Manager Security
Ali Afshari is an 18-year veteran of the security industry, with seven years’ experience at Cisco Canada. As Cisco Canada’s director of enterprise security sales, Ali works with Canada¹s largest financial institutions and service providers on their security strategy. His passion is to ensure security is embedded into every aspect of IT, approaching it from an architectural view across organizations. You can follow Ali on Twitter at @Ali_Afshari for ongoing updates of security news in Canada.
A giant of a man, Gillis Jones is currently employed as a Security Consultant at Accuvant Labs. He has been engaged in web application security for the last four years, and has worked with companies to increase their security posture all the way from a Stealth Startup to a multi-million dollar business with hundreds of employees. He is the founder of the Badmin Project, and has worked with dozens of entry level security people to assist them in becoming "1337".
Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force. Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, [...]
Gene Kim is a multiple award winning CTO, researcher and author. He was founder and CTO of Tripwire for 13 years. He has written three books, including "The Visible Ops Handbook" and "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win." Gene is a huge fan of IT operations, and how it can enable developers to maximize throughput of features from "code complete" to "in production," without causing chaos and disruption to the IT environment. He has worked with some of the top Internet companies on [...]
Bill Olson is a 17-year Information Security and Information Technology industry veteran. Currently he is the Vulnerability Management Subject Matter Expert within Qualys. He is responsible for working with clients to ensure their Vulnerability Management programs are maturing and they are fully utilizing the QualysGuard Cloud Platform. As a Qualys Technical Account Manager (TAM), Bill has spent the past six years helping large enterprises build or augment their vulnerability management and compliance practices by understanding their needs and how the QualysGuard suite can benefit their businesses. Prior to joining Qualys, [...]
Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software, which identifies new vulnerabilities and insecure posture for Qualys' VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, [...]
Security Engineer
Leigh is a Security Engineer at Heroku, a Salesforce.com company. Prior to Heroku, she worked at Microsoft, MessageLabs/Symantec, and Bell Canada. Her career has included everything from stringing cable and building phone systems to responding to some of the most critical computer security incidents in industry history, shipping software to a billion people, and protecting infrastructure running a million apps. Her community work includes founding the HackLabTO hackerspace in Toronto, Canada, and the first feminist hackerspace, the Seattle Attic Community Workshop, as well as advising countless others and speaking about [...]
Global Security Manager - Sycomp
Raised my children with a firewall ; shamed a large airline into using SSL for check-in ; front line for the security as some of the biggest corporations went online for the first time ; 20 years of helping every sector define, deploy, and defend their infrastructure ; Thinks learning a new programming language is a great way to relax on holiday ; Dreams in key/value pairs ; Obsessed with putting everything in containers ; Loving every minute of it.
Marc Saltzman is one of North America's most recognizable and trusted tech experts. As a syndicated columnist, Marc specializes in consumer electronics, Internet trends and video games; and contributes to nearly 50 high-profile publications in Canada and the U.S., including USA Today, CNN, CanWest, Toronto Star, Sympatico, MSN, Yahoo!, Costco Connection, Movie Entertainment, AARP and Playboy. Marc, who has authored 14 books, also hosts "Gear Guide," a video segment that airs before the film begins at Cineplex and IMAX theatres, along with national TV spots (CTV News Channel) and radio [...]
David Maxwell is a Senior Systems Analyst at eSentire Inc. Maxwell has been particularly active in the NetBSD open source community and was a NetBSD Security Officer from 2001-2005. Maxwell previously worked at Coverity running the DHS sponsored Scan project to identify and resolve tens of thousands of flaws in open source codebases, and participates with the DHS Software Assurance Forums to promote new ways of analyzing system security. Maxwell was a contributor to the SANS Top-25 list in 2011.
Artem Harutyunyan is a Software Architect for Qualys. His responsibilities include design and development of distributed computing systems for storing and analyzing large volumes of data. Prior to joining Qualys Artem spent several years at CERN where he worked on the development of geographically distributed large-scale Grid and cloud computing systems. Artem holds a PhD from State Engineering University of Armenia. Artem presented at Hack In the Box security conference, as well as at numerous other international scientific conferences and workshops.
Kevin McNamee is a seasoned IT security professional with over 30 years of experience in product development and security research. As director of Alcatel-Lucent’s Motive Security Labs he is responsible for the security research team that does the malware analysis and research to support Alcatel-Lucent’s cloud based malware detection system. Previously he was director of security research at Alcatel-Lucent’s Bell Labs specializing in the analysis of malware propagation and malware detection. He has recently presented at RSA, BlackHat, SECTOR, Virus Bulletin and BSides conferences.
Co-Founder, SecTor
A self-proclaimed IT security and privacy geek, Bruce is the co-founder of SecTor. He is also a founding member of the Toronto Area Security Klatch (TASK), and an active member of numerous other security and privacy related organizations across North America. Bruce co-founded SecTor because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters where today he manages Microsoft’s security policies and standards program. Aside from his [...]
CISO
James Arlen is Aiven.io’s CISO bringing a mix of security and engineering background to DBaaS (database as a service). Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Aiven.io, James is a Contributing Analyst at the research firm Securosis, blogger/podcaster with Liquidmatrix Security [...]
Co-Founder, SecTor
Brian has a passion for security and has been an active member of the IT security community for over 25 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor. Brian was the founder of CMS Consulting Inc. and Infrastructure Guardian Inc. which became part of New Signature. The two organizations (professional services and managed services respectively) provided deep Microsoft expertise working with mid to large enterprise customers. After handing over the reins, [...]
Founder and Principal Consultant, Authoritative Consulting
CISSP, GCIH, GEEK Gord Taylor is Founder and Principal Consultant at Authoritative Consulting. He is one of Canada’s most sought-after Security and Networking experts, developing and actualizing next generation Security programs for large enterprises and high-growth technology firms. Gord spent 16 years at one of Canada’s “Big 5” Financial Institutions, serving as resident expert across Information Security, Networking, Distributed Computing, and co-developed the company’s first CSIRT team more than 20 years ago. Since launching Authoritative Consulting in 2012, he has helped enterprise customers, independent software vendors, and service providers to [...]
Dr. Sridhar Muppidi is an IBM Distinguished Engineer and Chief Technology Officer for Identity & Access Management Solutions in IBM Security Systems. In this role, Sridhar drives IAM technical strategy, architecture and solutions - including mobile security and cloud security. He is technical leader with about 20 years experience in security, software product development and security solutions architecture for a number of industry verticals. He has a number of publications & patents in security and represents IBM in various open standards activities.
Todd is an IT security specialist, author of Cryptogeddon & CF Fundraiser. Todd is an operational expert with extensive experience architecting, implementing and maintaining mission critical, secure, always-on internet based systems and processes. Todd is well versed in IT security, risk management and corporate governance. Todd has earned his Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) designations. Todd has spoken at numerous local and national security events including Sector, TASK, Software Hamilton and the International Association of Privacy Professionals Privacy Symposium. Todd's wife & kids, faith, baseball, [...]
Kelly has "officially" worked in Information Security since 2003, in everything from start ups to government organizations to finance. Kelly currently runs the Application Security program at a financial company and reads a lot of source code.
G. Mark Hardy is founder and President of National Security Corporation. He has been providing cyber security expertise to government, military, and commercial clients for over 30 years, and is an internationally recognized expert who has spoken at over 250 events world-wide. G. Mark serves on the Advisory Board of CyberWATCH, an Information Assurance/Information Security Advanced Technology Education Center of the National Science Foundation. A graduate of Northwestern University, he holds a BS in Computer Science, a BA in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, [...]
Matt Johansen is a manager for WhiteHat Security¹s Threat Research Center (TRC). Matt began his career as a security consultant, where he was responsible for performing network and web application penetration tests for clients. He then took at role at WhiteHat as an application security specialist for the TRC and quickly rose through the ranks to managing more than 40 at the company¹s Houston location. In his spare time, Matt is a frequent web security instructor at San Jose State University and Adelphi University, where he received his Bachelor of [...]
President, Securosis
Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.
Shane MacDougall is a principal partner at Tactical Intelligence, a Canadian boutique information security firm. He also runs the threat intelligence program for a major US technology company. Shane is a frequent presenter at security conferences around the world, and is a two-time winner of the DEF CON social engineering CTF. His book, "Practical Social Engineering and OSINT," published by No Starch Press is due out in 2014.
Greg Kliewer is the Senior Principal Consultant for Layer 7 Technologies in Canada. In this role, Greg consults on the architecture, design, and delivery of strategic API Management platforms for key CA Technologies accounts nationwide. Greg joined CA when Layer 7 was acquired in 2013. With over 15 years of experience delivering secure web services and APIs for Canadian banks, insurance companies, and government ministries and agencies, Greg understands what it takes to effect comprehensive change in large organizations.
Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he was responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability.
Mr. Johnson is the chief architect of the Unisys Stealth program, which virtualizes networks into cryptographically-secured communities of interest. He has architected security solutions for PCs, servers, and mobile platforms. Mr. Johnson is also the lead security architect for the Unisys Cloud Engineering organization. As such, he is responsible for determining the security posture of the Unisys Secure Private Cloud offerings. Mr. Johnson's technical background has focused on what he calls Protocol Engineering -- developing new, innovative network protocols to solve a variety of problems. Over the last several years, [...]
Jeanne has over 20 years of sales and operations experience in the IT industry. She is a recognized expert in Software Sales, Sales Management, Global Sales Operations, and Customer Experience. She has served in senior leadership positions with prominent companies such as CA and FICO, including senior vice president of sales, vice president of client relations, and vice president of investor relations. Jeanne is frequently invited to speak at industry conferences, including Sales 2.0, the North American Conference on Customer Management, Keynote at the Institute for International Research Operational Innovation, [...]
CSO of Quick Intelligence
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 25 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave sold Uzado in 2019. Dave [...]
John has worked in the information security field for over 15 years. His main focus has been on application security assessments and he has worked in this capacity for a number of companies in both direct and consulting roles. His work has included network penetration testing, application review, architecture design analysis, source code review, as well as physical security assessments. He was the technical editor and primary author of the book "Virtualization for Security". He was also a technical reviewer for the book "Network Security Hacks 2nd Edition"
Ryan has more than 15 years of experience in Information Security. He has worked as a Technical Team Leader, Database Administrator, Windows and UNIX Systems administrator, Network Engineer, Web Application developer, Systems programmer, Information Security Engineer, and is currently a Principal Consultant doing network penetration testing. Ryan has delivered his research about ATM security, network protocol attacks, and penetration testing tactics at numerous conferences, including Black Hat, DefCon, DerbyCon, Shmoocon, and SecTor to name a few. He is also an open source project contributor for projects such as Metasploit, Ettercap, [...]
Gary Freeman is an experienced HP ArcSight user and has been working in the IT Security industry for the last 22 years. His experience ranges from the design, development and deployment of various large network and security systems and in the last 5 years, he has been assisting security software sales with presales solution architecture. Gary currently leads a team of HP ESP Solution Architects for Canada and a presales enablement team for the AMS channel.
Cpl. Connors has been a member of the RCMP since 2003. He is a certified computer forensic examiner with the RCMP National Division Integrated Technological Crime Unit and has conducted several computer forensic examinations as well as participating in pure computer crimes and/or computer-related high profile investigations.
Sgt. Turgeon has been a member of the RCMP since 1998. He is a certified computer forensic examiner with the RCMP National Division Integrated Technological Crime Unit and has conducted several computer forensic examinations as well as participating in pure computer crimes and/or computer-related high profile investigations. He currently leads the RCMP National Division Integrated Technological Crime Unit team comprised of ten (10) computer forensic examiners / investigators.
Asst. Prof. of Computer Science, USAF Academy
Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: SecTor Canada, Hack in Paris, France, HackCon Norway, BlackHat USA, [...]
Software Developer, Network Security Engineer, Graduate Student of Computer Science - @MedivhMagus Nick is currently a graduate student researching covert channel communication utilizing wireless networking protocols. He obtained his Bachelor's Degree in Computer Science, Master's Degree in Cyber Security and is currently engaged in his second Master's Degree in Computer Science. Nick holds a Security+ certification and seeks to obtain his CISSP certification at the completion of his graduate coursework. An avid cyber security advocate, Nick has volunteered as a technical mentor working with high school students competing in the [...]
Ryan Poppa is a Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities. Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques. Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com
Ross C. Barrett, MSc, Senior Manager of Security Engineering, Rapid7, Inc. is a software engineer and security professional with a focus on vulnerability management and configuration assessment tools. At Rapid7 Ross is responsible for scanning and data collection for vulnerability, controls and compliance assessment. Previous roles include vulnerability researcher with several teams in the vulnerability management industry and roving IT fixer. Ross is frequently quoted in the press on the subject of vulnerability management and trending issues in security.
Llewellyn Derry is the Vice President of Business Development for ISC8. ISC8 has built the industry's first signature-less advanced-malware detection product that operates at 10G and above. He has over 25 years of industry experience in the commercial, federal government and overseas markets. Prior to joining ISC8 Llewellyn was with Raytheon as Sr. Director of Cyber Security Solutions. There he managed the company's worldwide cyber security R&D budget and lead a team that developed a portfolio of cyber security services for the Critical Infrastructure Protection (CIP) market for Commercial Utilities, [...]
Mark Kikta is a Security Consultant with VioPoint which is located in Auburn Hills, Michigan. Mark supports a variety of operational security programs that includes vulnerability management security monitoring and incident response. As a former Linux engineer with Secure-24, Mark tries to provide information he wishes he had known when he was starting to work with Linux in the realms of security.
Toni Buhrke, Systems Engineer – MBA, CISSP Toni Buhrke is a Senior Engineer at ForeScout Technologies. Toni has many accomplishments to her credit having worked for and with the top security companies and organizations across North America. In her role at ForeScout, Toni works with companies to evaluate and assess the Network Access Control (NAC) solutions within their environment and to architect and plan their production deployment. Toni also develops and teaches Best Practice seminars on the NAC solution and is a speaker on NAC and BYOD topics at various [...]
Yves Beretta brings over 20 years of security management and operations experience to his role at eSentire where he is responsible for all aspects of managed services delivery, including their state-of-the-art 24x7x365 Security Operations Center. Mr.Beretta leads a great team responsible for detecting and mitigating cyber threats for clients of various industry and sizes. He holds a CISSP, a CISM, and a Bachelor of Computer Science from Supinfo University of Paris. Prior to eSentire, Mr.Beretta trained thousands of IT professionals on topics such as Project Management and Object Oriented Programming. [...]
Ryan is an engineer at Risk I/O, a security "Software as a Service" company. Prior to Risk I/O he spent the majority of his career at Orbitz.com, where his varied roles included: management of the flight search farm, leader of EU information security at sister site eBookers.com, and finally architect on the security team where he explored the defensive side of security.
Lucas Zaichkowsky is the Enterprise Defense Architect at AccessData, responsible for providing expert guidance on the topic of CyberSecurity. Prior to joining AccessData, Lucas was a Technical Engineer at Mandiant where he worked with Fortune 500 organizations, the Defense Industrial Base, and government institutions to deploy measures designed to defend against the world's most sophisticated attack groups.
Mike Barkett is the Head of the Business Solution Center for Check Point, which he joined as part of the company's 2007 acquisition of NFR Security. He brings over fifteen years of professional IT Security experience to Check Point. In his current capacity, Mr. Barkett manages strategic market opportunities, systems integration, and complex security challenges, focusing on the advanced technologies – such as IPS, Application Control, DLP, and security virtualization -- that go beyond the fundamental firewall functionality that has been a hallmark of Check Point's two-decade track record of [...]
Ben Sapiro is the Global CISO of Great West LifeCo and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school; he’s even done privacy and compliance work to pay the bills. Other than that, he’s a typical middle-aged Canadian security professional who has worked in several verticals including SaaS, natural resources and telecom. Ben is a contributor to the Liquidmatrix Podcast (whenever we get around to recording it) and used to help with other stuff like BSidesTO until he realized he should not test his wife’s [...]
Global Security Advocate
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.
Christofer Hoff is VP of Strategy & Planning at Juniper Networks' Security Business Unit, previously serving as chief security architect, responsible for worldwide security solutions architecture, customer advocacy, and field enablement. He was previously director of cloud & virtualization solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Prior to Cisco, he was Unisys Corporation's chief security architect, served as Crossbeam Systems' chief security strategist, was the [...]
Ms. Walsh is a PreSales Architect for the Unisys Software Channel team, currently focused on the Unisys Stealth program, which virtualizes networks into cryptographically-secured communities of interest. She is architecting network security solutions for Unisys Partners and Clients that encompass Data Centers, Cloud, Remote Access, and Regional Isolation. Ms. Walsh's technical background has spanned many Unisys enterprise class, mission critical solution offerings including legacy mainframes, open enterprise servers and network protocols
Experienced and accomplished Information Security Professional with intensive knowledge of Vulnerability Management and Assessment, Threat Intelligence, Cyber Security, Malware Analysis, and Incident Handling. With extensive experience in Academia, Financial Services industry, Security Consulting, and Managed Security Services, Mohamad brings a wealth of knowledge from many different Security perspectives and holds industry certifications including CISA, GREM and GCIH.
Dana Wolf is the Sr. Director for Products at OpenDNS. Previously she was Director of Products at Rapid7, responsible for product development of Nexpose, Metasploit and ControlsInsight. Prior to Rapid7 Dana worked at RSA as a Director of New and Advanced Development for the Office of the CTO. She was responsible for developing new security technologies and business opportunities in the areas of virtualization security, hardware root of trust, advanced security operations and GRC. Dana also managed CTO operations and RSA's advanced development engineering team. She joined RSA in 2004 [...]
Katie Kleemola is a Security Analyst at the Citizen Lab, Munk School of Global Affairs, University of Toronto where she works on reverse engineering malware targeted at human rights organizations. Prior to joining the Citizen Lab, she worked as a software developer at a large corporation. Katie holds an Honours Bachelor of Science in Computer Science from the University of Toronto.
John drives Microsoft Canada's strategic policy and technology efforts. He is the lead advocate for the use of technology by private and public sectors, economic development, innovation, environmental sustainability, accessibility, privacy, and security.
Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.
Consultant
Rob VandenBrink is a consultant with Coherent Security in Ontario, Canada. He is also a volunteer with the Internet Storm Center (https://isc.sans.edu), a site that posts daily blogs on information security and related stories. His areas of specialization include all facets of Information Security, Network Infrastructure, Network and Datacentre Design, Automation, Orchestration and Virtualization. Rob has developed tools for ensuring policy compliance for VPN Access users, a variety of networking tools native to Cisco IOS, as well as security audit/assessment tools for both Palo Alto Networks Firewalls and VMware vSphere. [...]
Director of Security, Honest Dollar
Matt Johansen is the Director of Security at Honest Dollar, a Financial Tech company in Austin, Texas where he is charged with building an Information Security program from the ground up. Previously he was the Director of Services and Research at WhiteHat Security where he oversaw the development and execution of their service related product lines. In addition to these services, Matt also performs research on application security topics that he discusses on the corporate blog and is often invited to present at conferences around the world.
Country Manager
With over 20 years of real-life, in-the-trenches business experience in the IT security space, Ajay is a seasoned veteran when it comes to introducing disruptive security technology to the Canadian market. He currently serves as the Canadian Country Manager at Rapid7, where he is empowering clients to defend themselves from the pervasive threats to traditional and cloud infrastructures with best-in-class solutions and services. A seasoned leader, speaker and author, Ajay has enabled his clients to stay ahead of the curve in architecting and operating their cyber security defenses. You can [...]
Director of Security Operations
With a career spanning 15 years Jamie's experience extends across many security disciplines. As a consultant he spent years performing application security reviews and offensive security activities. He built a threat hunting program at a top 5 North American bank whose scope spanned both cyber and financial crime. Recently he has taken on leading the security operations function of a top US SaaS company. His involvement in the security community runs deep and has been heavily involved with running and starting several Canadain security conferences.
Independent Security Consultant
Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.
Andrés Riancho is an application and cloud security expert who leads the open source w3af project and provides high-quality security assessment services to companies around the world. In the research field, he identified new techniques which can be used to escalate privileges in Amazon AWS infrastructures, discovered critical vulnerabilities in IPS appliances, multiple vulnerabilities in web and REST APIs, and contributed with SAP research performed at a former employer. His focus is application security, where he developed w3af, a web application attack and audit framework used extensively by security professionals. [...]
Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their [...]