“Our data is only safe within our borders!” “(The US|China|New Zealand|Vanuatu) is spying on our citizens!” “Don’t ship our citizens’ data overseas!” These rallying cries are calling for the same solution: forced data localization laws, where a country requires that all its citizens’ and corporations’ data be kept within the territory of that country. What’s […]
Today, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within a network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user […]
The CISO lives with a target on his/her back, usually lasts a mere 12-18 months and takes the fall for security issues often out of their control. Yet, this is a strategic, C-level position and essential to the success of any organization. The disconnect lies in the CISO being able to elevate their worth with their […]
Microsoft researchers have studied some of the exploits discovered over the past several years and the vulnerabilities they targeted. Understanding which vulnerabilities get exploited, who exploits them, the timing of exploitation, and the root causes, all help security professionals more accurately assess risk. Development practices that help minimize vulnerabilities will be discussed.
Infrastructure and application deployments are easy, but as security professionals we have to be conscious of the security concerns. Enter DevOps: pro-actively secure, reduce the attack surface, and automate changes at scale. Through a security focussed lens, we look at how embracing DevOps can reduce information security leakages for application and infrastructure deployments. In this […]
Is it possible to be successful in a vulnerability centric world? Once you have great vulnerability management data, what do you do with it? Join this session to learn how to find and focus on your true vulnerabilities to build stronger security. You will: Learn how to optimize your vulnerability management program Get best practices […]
This is the story one man’s personal trip to the cloud (and back) as he rebuilds his home network in a devops model, supported by virtual private cloud service. This presentation takes a micro look at cloud services, and the benefits and risks that come along with it for the average home user, as well […]
In this session, the topic of Software Defined Networking (SDN) will be explored from a security perspective. What SDN means today will be covered, using a lab setup using an OpenDaylight controller with networking gear from multiple vendors. Openflow, Netconf and Yang protocols will all be discussed, explored and exploited! Security and reliability issues that […]
Over the past couple of years, malware naming from Major AV companies has been collapsing into more generic signatures. Although this may speed up detection and maintenance for AV companies, it can impact small teams which use AV detections as one of the indicators to quantify events during malware triage. This talk will cover a […]
In this presentation, Dave will walk the attendees through the challenges facing most companies around dealing with vulnerabilities in their environments. Many companies are running tools or having scans performed against their network, and are being presented with a sea of information on discovered vulnerabilities along with information on how to address them. But most […]
Mobile devices are becoming the target of choice for cybercriminals. This presentation will provide an in-depth view of the mobile malware that is currently active on the Internet. It will describe the infection rates, what the malware does, how it is monetized and the impact it has on network resources and the user experience. The […]
Most network and security operations people hate automation. They like to press buttons themselves and maintain “control” of the processes. Cloud computing is going to be very disruptive as they realize their time tested processes go the way of the dodo bird. What they don’t realize is that the cloud actually increases the control they […]
It’s hard out there for a retailer. For one thing, there are particular challenges to securing a retail business, starting with thin margins and widely distributed environments, and ending with the overriding need to keep customers happy. For another, retailers are the targets of attacks both from criminals around the world and from those same […]
Every business needs to monitor their systems. As a combined view of all network activity, a SIEM can be a powerful tool when managed properly. However, deciding whether to manage network security in-house or off-loading your data to a third party can be a difficult decision. Discover the costs and benefits of in-house vs third-party […]
With cloud forensics picking up, Google has become one of the most important sources of information about anyone who uses one or more Android devices – or doesn’t use Android at all. Google Account aggregates information about the user’s online behavior and offline activities, analyzes their communication, recommending places to visit and things to read. […]
As the popularity of the Python programming language increases and consolidates its position as one of the most popular languages of its genre, only a few attempts have been made to assess how resistant it may be to attacks. We will review and test with practical examples some of the most common attack and defense mechanisms, by […]
Presently, managers and technical staff rely on a traditional reactive incident response process that starts when a security breach is identified – it allows the attacker to “seize the initiative”. DigitalDefence will present the Agile Incident Management (AIM) methodology, which stresses proactive planning in combination with a rapid and effective response to an attack. Using Canadian-specific […]
This presentation will cover distinct advantages of Incident Response by working closely with Penetration Testers to provide a more holistic view of the threats to your network. We will also further explore how a breach like this happens.
Wifi connected drug infusion pumps known as ‘Smart Pumps” have been used in hospitals for over a decade. What could go wrong? Answer: Death. They have recently been the target of much interest in the hardware hacking community. In this talk we will tear down one of these pumps and identify a number of security […]
This talk will discuss the risk posed by Cross Site Request Forgery (CSRF or XSRF) which is also known as session riding, or transaction injection. Many applications are vulnerable to XSRF, mitigation is difficult as it often requires re-engineering the entire application, and the threat they pose is often misunderstood. A live demo of identifying […]
According to Verizon’s 2015 Data Breach Investigations Report, one of the leading causes of data breaches over the past two years has been vulnerable applications. Yet, analytics collected by Veracode from more than 200,000 application risk assessments over the last 18 months found a wide disparity in how the problem is addressed across industries. In […]
When it comes to endpoint security, it has been said that the best way to keep an infected device from causing damage to the broader network is to keep it turned off once it is compromised. While this method of quarantining an endpoint may be a quick fix, for obvious reasons it is not very […]
Tired of threat intelligence anecdotes? How vendors just keep selling the idea that “more data is better data”? Join Alex in a scientific animated-GIF-powered data-driven analysis of what makes for a good threat intelligence feed and sharing community that is relevant to your environment and defense needs!
Ever been busted because your man in the middle software (which does TLS properly) alerted someone to your bad certificate? No more! Want to detect certain types of connections leaving your network, but can’t keep the IP blacklist up to date? This could be the answer. This talk includes an introduction to both TLS and […]
Increasingly, our lives are becoming entangled with gadgets that require more than simple installation, they require WiFi and an IP address. As we move from upholstered caves to house-shaped machines that automagically know when to turn lights on or off, raise or lower the temperature, unlock the front door upon our approach – we might […]
In today’s threat landscape, many corporate users are being compromised by exploit kits and phishing campaigns. These offensive techniques are successful because they target outdated software and unsuspecting users. There are tools and configuration options to help prevent the execution of malicious binaries, the exploitation of web browsers, and the third party applications that are […]
Threat Intelligence is a term frequently discussed within information security circles, with many firms offering commercial threat data feeds, using different frameworks and transport mechanisms detailed (including STIX and TAXII). Beyond the threat data generally offered, there are questions about exactly how useful and actionable such data can be. In this talk we will debut […]
For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by […]
Today’s advanced malware hides in plain sight, patiently waiting to strike, challenging security teams to track its progress across their network and endpoints. As attacks are gaining speed and sophistication, the security industry is by delivering advanced big data analytics—analyzing data about data to block breach attempts, improve security everywhere, and retroactively respond to new […]
In this session we will demonstrate how to achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources. Most companies have deployed a number of technologies that make up the SANS Top 20, but the challenge is how to ensure these technologies integrate to provide the layers of […]
Machine learning-based (ML) techniques for network intrusion detection have gained notable traction in the web security industry over the past decade. Some Intrusion Detection Systems (IDS) successfully used these techniques to detect and deflect network intrusions before they could cause significant harm to network services. Simply put, IDS systems construct a signature model of how […]
The proliferation of devices like the Raspberry Pi, Pineapple Express, PwnPi and more make it easier (and cheaper) than ever to obtain a complete stealth attack or defense arsenal. In this session, we’ll take a low-cost, credit-card sized ARM computer, add some freely available software and see what we get. We’ll learn: what options are […]
Cybercrime makes victims of all who are targeted. In today’s thriving hyper-connected, global marketplace threat actors ruthlessly find IT gateways and disconnected system-doorways to crawl through, rendering enterprises sitting ducks looking over their shoulder and bracing for an inevitable attack. Well, what if you could flip the script? What if your enterprise could hunt for […]
Hundreds of millions of Android devices are at risk of being hijacked by a new and previously unknown threat. Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs used by virtually every Android device maker and network service provider. Exploitation gives malicious apps unrestricted […]
If we’re honest, we’re still making a lot of this security stuff up as we go, much like early pilots. The public was afraid of air travel and now it is a critical part of our lives. We wrestle with how to mature our profession. I believe information sharing will be one of the key […]
As technologies like Cloud and Mobility and processes like Agile Development have become mainstream, many enterprises large and small, have challenges not only keeping pace and leveraging these technologies to grow their business but also reducing risk to the business in an interconnected world. This session will provide best practices and experience from a CISO’s […]
Identity and access management (IAM) projects are traditionally some of the most important (and most difficult) security activities that organizations must undertake. We hear of companies in the fifth year of their two-year IAM project, millions of dollars over budget and there is no end in sight. It’s a common occurrence. But it doesn’t have […]
Vulnerability scanning is like flossing, some do it regularly, some only when they have an issue or having their annual checkup, and some not at all. The challenge is that like bacteria the bad guys don’t sit back and wait for you to get around to it, and like teeth your IT systems are never […]
While some believe that fundamental privacy protections will be challenged by the operation of Big Data analytics, Dr. Cavoukian dispels the notion that privacy acts as a barrier to analytics and the innovations they can spark. She argues that the limiting paradigm of “zero-sum” – that you can either have privacy or innovation, but not […]
RFID access controls are broken. In this talk, we will demonstrate how to break into buildings using open-source hardware we’re releasing. Over the years we have seen research pointing to deficiencies in every aspect of access control systems: the cards, the readers, and the backend. Yet despite these revelations there has been no meaningful change […]
Security is becoming quite the thing nowadays, everyone wants to have some. The mantra that things should be built with security in mind and can’t be plastered on later is a very important one, whether you are established or if you’re based in Silicon Valley and are about to write “the new hotness”. However, what […]
Cybercrime continues to evolve into a truly transnational phenomenon. Highly technical and organized individuals with clear financial motivation continue to target our financial, retail, and service sectors. Only by understanding the origin and motivation of these criminals can the problem be properly confronted. This presentation will also include a present-day case study on criminal actors […]
Unfortunately, it’s a foregone conclusion that no organization is 100% safe from a breach. With 49% of security leaders believing zero day attacks against their network will be the most prevalent over the next three years and 65% saying attacks have evaded current preventative security controls, it’s all about mitigating risk and the potential impact […]
This talk will discuss how the team prepared for the largest sporting event held in Canada, the TORONTO 2015 Pan Am / Parapan Am Games. The session will include how we created a Cyber Security Group, staff scheduling, contingency planning, and communications. I will also discuss how we managed the day to day security operations, offer a recap […]
Malware comes in different shapes and sizes. They are even produced in a massive scale. But attackers know that this is not enough. Malware has to be protected. In this talk, I will present the different techniques attackers use to protect and mask malware to bypass security products and analysis. I will show how attackers […]
Security teams, both in the enterprise and at cloud service providers, spend untold resources attempting to keep cyber criminals from infiltrating mission-critical data systems. However, survey data from Cloud Security Alliance (CSA) shows that attacks from malicious insiders are 4 times more common than Security realizes – likely because they are so hard to detect. […]
The hardest part of cybercrime is the cashout. The strategy for cashing out needs to be easy enough to make it worth your while and safe enough to stay out of the clink. With more and more focus on identifying and stopping credit card fraud, cybercrooks are diversifying their methods for cashing out. While criminals […]
This will be an advanced level discussion covering attacks sourced from the Darknet that target the global financial services industry. We will detail what the Darknet is, how it operates, why it’s so elusive and why it’s a breeding ground for malicious activity. More specifically, we will focus on new and emerging threats stemming from […]
More than 7000 new and unique vulnerabilities will be disclosed this year. CSOs, CISOs and security professionals in IT are expected to keep their organizations safe not only from these new flaws but also from a ton of older security issues. An effective way to prioritize and mitigate the most relevant issues is by analyzing […]
The pace of databreaches has reached epic proportions. Organizations large and small, in every industry are falling victim to hackers, hacktivists and nation states. Your intellectual property, data and bank accounts have never been at greater risk – it’s not if, but when your organization will be victimized. Testing and maintaining an effective Incident Response […]
Malice Afterthought, Inc.
Described by coworkers as "not the lawyer we need, but the lawyer we deserve," Brendan O’Connor is a security researcher, practitioner, and consultant based in Seattle, WA. He is admitted to the Montana bar, and serves as Vice-Chair of the ABA’s Information Security Committee; while he is a lawyer, he is not your lawyer. He was awarded two DARPA Cyber Fast Track contracts for his security research, which focuses primarily on enabling access to security and privacy through development of disposable computing and sensing tools. He has taught at an [...]
James Arlen is a member of Salesforce’s security team focused on Public Cloud computing at one of the world’s largest SaaS/PaaS providers. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as CISO or most senior security executive at dozens of international companies across the finance, critical infrastructure, manufacturing, and [...]
Jasbir Gill specializes in Identity and Access Management technologies and Mobility products and solutions. Jasbir has previously worked deploying these solutions as a part of Microsoft Consulting Services for over a decade, deploying solutions for customers around the world.
Hello, my name is Lanny Cofman. I’ve been with Microsoft for nearly 9 years in various roles. I spent 7 years in Services as a Premier Field Engineer (PFE), specializing in Identity and Active Directory. My last 2 years I’ve been a Technical Solutions Professional (TSP), also specializing in Identity within the Enterprise Mobility Suite (EMS) business. I’ve been in the IT industry for nearly 15 years as a technical subject matter expert, and have worked with hundreds of customers and partners throughout my tenure. I’ve delivered various services from [...]
Co-Founder and CTO, Veracode
Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode. Wysopal co-founded the company in 2006 and oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress about government security and how vulnerabilities are discovered in software. [...]
Tim Rains is Chief Security Advisor of Microsoft’s Worldwide Cybersecurity & Data Protection group where he helps Microsoft’s enterprise customers with cybersecurity strategy and planning. Formerly, Tim was Director Cybersecurity & Cloud Strategy in Trustworthy Computing at Microsoft, where he was responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability.
Chayim is a veteran of the software industry with nearly twenty years of experience. He has helped release several operating systems, contributed to a variety of open-source projects, and built and maintained multiple datacenters and operations teams. With experience contributing at SGI, PlateSpin, Novell, Kobo, and Lyrical, Chayim has helped several organizations transition to Continuous Delivery, increasing both the speed and quality of software releases. Chayim established Lyrical Software, Canada's premier DevOps company in 2006, and has been working multiple cloud technologies ever since.
Ryan Poppa is a Lead Engineers at nCircle Network Security. They specialize in interrogating Applications and Services over the network. Their years of experience have been focused on the non invasive detection of vulnerabilities. Current Areas of research include; HTTP server analysis, graph theory, SSL library fingerprinting and unobfuscation techniques. Based in Toronto Ontario, they hold degrees from University of Guelph and the University of Waterloo. You can find their latest posts at blog.glaciertech.ca & numerophobe.com
Global Security Manager - Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]
Rob VandenBrink is a consultant with Metafore in Canada, specializing in Networking, Security and Virtualization. He has clients in manufacturing, finance and entertainment with locations in almost every time zone. He holds several industry certifications, as well as a Master's degree with the SANS Technology Institute. He co-authors SANS SEC579 - Virtualization and Private Cloud Security. Rob is also an Incident Handler with the Internet Storm Center - look for his posts at http://isc.sans.edu !
Sean is a researcher and incident responder with experience in malware analysis and reverse engineering. He is also an active contributor to open source security tools focused on incident response and analysis. Prior to PhishMe, Sean worked in a number of incident response and application security roles with a focus on security testing and threat modeling. He also loves fly fishing.
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
Kevin McNamee is a seasoned IT security professional with over 30 years of experience in product development and security research. As director of Alcatel-Lucent’s Motive Security Labs he is responsible for the security research team that does the malware analysis and research to support Alcatel-Lucent’s cloud based malware detection system. Previously he was director of security research at Alcatel-Lucent’s Bell Labs specializing in the analysis of malware propagation and malware detection. He has recently presented at RSA, BlackHat, SECTOR, Virus Bulletin and BSides conferences.
Mike Rothman is a 25-year security veteran. He specializes in the sexy aspects of security, like protecting networks and endpoints, security management, compliance, and helping clients navigate a secure evolution to the cloud. He’s a busy guy, serving both as President of DisruptOPS, as well as Analyst & President of Securosis. This is a good thing since Mike gets into trouble when he’s not busy enough.
Wendy Nather is Research Director at the Retail Cyber Intelligence Sharing Center (R-CISC), where she is responsible for advancing the state of resources and knowledge to help organizations defend their infrastructure from attackers. She was previously Research Director of the Information Security Practice at independent analyst firm 451 Research, covering the security industry in areas such as application security, threat intelligence, security services, and other emerging technologies. Wendy has served as a CISO in both the private and public sectors. She led IT security for the EMEA region of the [...]
Jeff Pold is Director of Security Information Services, SpiderLabs Research at Trustwave. He manages the SIS teams in Canada and Poland, which focus on supplying parsing support and reporting content for the various Trustwave SIEM product lines, as well as Trustwave MSS. Jeff started working with SIEM in 2004 at Intellitactics, which was then acquired by Trustwave in 2010.
Ron Pettit is a Senior Security Information Specialist with Spiderlabs Research at Trustwave. Ron is based out of the Cambridge, Ontario Trustwave office, and spends his time working across various SIEM platforms, delivering content and assisting in SIEM R&D. Ron’s career at Trustwave began five years ago, in 2010, following a five-year stint in online advertising.
CEO, ElcomSoft Co.Ltd
Vladimir Katalov is CEO, co-owner and co-founder of ElcomSoft Co.Ltd. He studied Applied Mathematics at the Moscow Engineering-Physics Institute (State University). Vladimir manages all technical research and product development for the company. He regularly presents at events and runs IT security and computer forensics training both for foreign and domestic computer investigative committees and other organizations.
Independent Security Consultant
Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.
Embedded Systems Developer
Eric has worked in development and reverse engineering roles for hardware and software companies, specializing in embedded devices, automotive systems, and bespoke tool development. He is currently a Principal Research Consultant at Atredis Partners. Eric’s work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future. In 2014, Eric founded Linklayer Labs, which [...]
Robert Beggs breaks into computers and data networks. As an ethical hacker and incident responder, he identifies and closes the vulnerabilities that could be exploited to create a security breach. He has been responsible for the technical leadership and project management of multiple successful responses to data loss. His experience has driven the development of the AIM methodology, used to effectively respond to a breach. His clients range from banks and insurance companies to small and medium enterprises. Robert holds an MBA in Science and Technology from Queen's University and [...]
Grayson Lenik is Director of Digital Forensics and Incident Response, part of Nuix’s Cyber Threat Analysis Team. He has worked in information security and digital technology for more than 20 years. Grayson has researched and presented on anti-forensics, cybercrime operations, and incident response methodology at conferences including DEFCON, SecTor, NetDiligence Cyber Risk Forum, International Association of Financial Crimes Investigators, and Electronic Crimes Special Agent Program. Grayson regularly instructs law enforcement and private organizations in incident response and digital forensics. He was the primary instructor for the United States Secret Service [...]
Jeremy Richards is a Staff Security Researcher at Lookout. Jeremy’s hacking career started in 1995 at the age of 14 when he took on assembly to bypass Leisure Suit Larry age restrictions. Jeremy has taken his years of research experience to mobile and while studying active malware campaigns and searching for evasion techniques in the Lookout corpus has been mapping actors to campaigns through habits of operation, infrastructure characteristics, and opsec fails.
Adrien de Beaupré is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response, and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). Adrien is actively involved with the information security community, and organizes the BSidesOttawa conference. When not geeking out and breaking stuff he can be found with his family, or at the dojo.
John Beal is the National Security SaaS Leader for Canada. Previously he was the Sales Leader for Mobility and Endpoint Solutions across Canada and the Caribbean. He has 20 years of experience with IBM across both Hardware and Software.
Alex Pinto is the Chief Data Scientist of Niddel and the lead of MLSec Project. He is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to support the information security monitoring practice. So far, he has presented the results of his research at multiple conferences, including Black Hat USA, DEFCON, BSidesLV, ISC2 Security Congress and now SecTor! He has almost 15 years dedicated to all-things information security, and 3 years in Data Science-y related work. If you are into certifications, Alex is currently a [...]
Lee has worked within Information Security for over a decade. In that time he has held positions ranging from hands-on practitioner through to management across a number of industry verticals, he is currently the Director of Security at Wealthsimple in Toronto. He has spoken on topics ranging from malware analysis to network security and surveillance.
Principal Security Specialist
Kurtis Armour is a Principal Security Specialist at Scalar Decisions, where his specialties include risk assessment, incident response, penetration testing, threat and vulnerability management/ research, among others. He holds a Bachelor of Technology, with a specialty in Informatics and Security. As a regular conference speaker, Kurtis is inquisitive and dedicated to the industry and furthers research endeavors. He holds an OSCP certification which helps him understand the needs and requirements of organizations on the defensive side.
Research & Development, eSentire Inc.
Roy Firestein started his career as an independent infosec consultant and penetration tester, dabbling in malware analysis and forensic investigations. Over the years, he built many offensive and defensive security products for his employers, such as Cymon.io. His passions lie in entrepreneurship, AI, big-data and finding novel solutions to technical security problems using modern tools and techniques. Roy is currently leading the Research & Development efforts at eSentire Inc.
Ken Westin is a security analyst and "creative technologist" with 15 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, the New York Times and others. He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a car jacking amongst other crimes.
Security Practice Manager
Mr. Read has over 20 years of experience in the IT industry and an extremely broad skill set when it comes to the security of an organization’s critical IT infrastructure. Mr. Read has been in charge of IT Security Professional Service Delivery for over 10 years and is primarily responsible for: Leading a Security resource team responsible for vulnerability and risk assessments for some of Canada’s largest infrastructures; and Designing and deploying advanced security solutions from the SANs TOP 20 Critical Control list. By leading large projects in the areas [...]
Clarence recently graduated with a B.S. and M.S. in Computer Science from Stanford University, specializing in data mining and artificial intelligence. He currently works at Shape Security, a startup in Silicon Valley building a product that protects its customers from malicious bot intrusion. At Shape, he works on the system that tackles this problem from the angle of big data analysis. Clarence is a community speaker with Intel, traveling around the USA speaking about topics related to the Internet of Things and hardware hacking. He is also the organizer of [...]
Todd is an IT security specialist, author of Cryptogeddon & CF Fundraiser. Todd is an operational expert with extensive experience architecting, implementing and maintaining mission critical, secure, always-on internet based systems and processes. Todd is well versed in IT security, risk management and corporate governance. Todd has earned his Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) designations. Todd has spoken at numerous local and national security events including Sector, TASK, Software Hamilton and the International Association of Privacy Professionals Privacy Symposium. Todd's wife & kids, faith, baseball, [...]
Keith started out in the early 80's developing programs to exchange data packets between bulletin board systems. Since then, he has crossed all domains from system administration, operations, databases and programming with extensive experience implementing and designing solutions on Microsoft and Linux platforms. Keith developed an interest in training, becoming a Microsoft Certified Trainer (MCT) which drove a need to earn nearly every Microsoft certification, Keith prefers to call it his MC* designation. Keith is an undergraduate working towards a distant PhD in Computer Science, and when not studying or [...]
Jim Penrose is the EVP for Cyber Intelligence at Darktrace where he leads the firm¹s cyber operations team. A distinguished speaker, Jim has presented at the 2014 Cybersecurity Summit, the Gartner Security & Risk Management Summit, and the Suits and Spooks London 2014 meeting. Jim joins Darktrace following a distinguished 17 year career at NSA where he achieved the rank of Defense Intelligence Senior Level and was responsible for a variety of roles encompassing cyber threat analysis and counterterrorism. Most recently, as Chief of the Operational Discovery Center, Jim innovated [...]
Shai is a security industry expert with more than 12 years of experience in cyber security, data analytics and product management. He has a proven track record of turning cutting-edge research and technology into products that solve complex problems and is currently a product manager for Check Point Mobile Prevention. Prior to this role, he was a data scientist at Lacoon Mobile Secudity which was acquired by Check Point in April of 2015. As a member of the Tel-Aviv University’s Applied Machine Learning Group, he collaborated with a range of [...]
Trey Ford is the Global Security Strategist at Rapid7 where he serves as a customer resource, industry and community advocate. Over the last 15 years, Trey ran Black Hat events worldwide as General Manager, and served functions ranging from incident response, product management, PCI QSA and security engineer for a variety for industry leaders including Zynga, McAfee, FishNet Security and WhiteHat Security.
President of Acuity Solutions Kris Lovejoy is currently President of Acuity Solutions, provider of the BluVector Advanced Malware Detection and Analysis Platform. Before joining Acuity in Jun 2015, Kris spent +20 years running security businesses and managing security operations: As GM of IBM’s Security Services Division; IBM’s Global CISO; CTO of Consul Risk Management which was acquired by IBM in 2007; VP of Security Assurance Services for TruSecure. A recognized security expert, Kris has been granted numerous externals awards, including 2015 recognition in SC Magazine’s 25 Year Retrospective as one [...]
Jeremy Hanlon is a 15-year software industry veteran and currently responsible for evangelizing all Dell Software products with a specialty in Security for G500 customers across the United States and Canada. Prior to his current position, Jeremy served in various roles at Dell, including Mobility, Big Data and Virtualization/Cloud. He has more than 15 years of experience in Microsoft-focused corporate IT environments. Before joining Dell in 2011, Jeremy worked for PlateSpin (acquired by Novell) and SmartForce (acquired by SkillSoft). Jeremy brings hands-on experience in large scale server consolidation projects including [...]
Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. She is presently the Executive Director of the Privacy and Big Data Institute at Ryerson University. Appointed as the Information and Privacy Commissioner of Ontario, Canada in 1997, Dr. Cavoukian served an unprecedented three terms as Commissioner. There she created Privacy by Design (PbD), a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In October 2010, regulators at the International [...]
Ben has worked in infrastructure and security for 15 years across 3 continents. He popped a shell once. Ben works on defensive security now, because he only has the hair for offensive research, not the skills.
Assistant to the Special Agent in Charge, Criminal Investigative Division, United States Secret Service Jason B. Brown is the Assistant to the Special Agent in Charge in the Secret Service’s Criminal Investigative Division. In this position, Mr. Brown manages the Cyber Intelligence Section which targets, identifies and apprehends the most prolific and profitable cyber criminals harming the United States. Additionally, he is responsible for overseeing the Secret Service’s network of 39 domestic and international Electronic Crimes Task Forces. From 2008-2009, Mr. Brown was detailed to the Executive Office of the [...]
Fahmy Kadiri has been providing complex security solutions to large, medium and small businesses across Canada for over 10 years. He has held various Analyst, Consulting, and Architect roles all with a detailed focus on the Cyber Security Industry. Fahmy is currently a Sr. Security Architect for Dell SecureWorks, supporting Large Enterprise clients in Canada and North Eastern United States.
Enzo Sacco is a senior information security leader with over 26 years of experience. He has worked in progressive, technical and management roles within the financial services industry. Over the course of his career, Enzo has held information security leadership roles in Information Technology with a focus on security development and automation, risk management, security standard and policy development, and security management. Most recently, Enzo has been involved with enterprise security operation management, vulnerability management, incident response and cyber threat management.
Quang Tu is a security professional who has been working in the industry for 4 years. A generalist through opportunity, he has experience with various security technologies from his roles as an administrator and as an analyst. He is currently trying his hand at SIEM technology.
Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their [...]
Harold Byun is currently Vice President of Product Management at Skyhigh Networks. Prior to Skyhigh, he worked at MobileIron, Zenprise (acquired by Citrix), and the Vontu/Symantec Data Loss Prevention group. His work in technology has focused on DLP, cloud and mobile application security, data containerization, and security intelligence. He is co-inventor on patented security risk visualization and scoring technology and holds an MBA from the Haas School of Business at UC Berkeley and a BA from Tufts.
Benjamin Brown currently works on incident response, systems architecture review, adversarial resilience, and threat intelligence at Akamai Technologies. He has degrees in both Anthropology and International Studies. Research interests include deepweb ethnographic studies, novel and side-channel attack vectors, radio systems, the psychology and anthropology of information security, metacognitive techniques for intelligence analysis, threat actor profiling, and thinking about security as an ecology of complex systems.
Joseph Pizzo, a veteran of the security industry with over 20 years of experience, currently serves proudly as part of the Norse Field Engineering Team. Prior to Norse, Joseph previously worked in varying engineering roles for RSA Security, AccessData, HBGary and Guidance Software. Joseph has spent significant time working with multiple global organizations to assist with their security infrastructure and is a valued and trusted resource for a large portion of Fortune 500 Corporations. Joseph's education includes Devry and Columbia University.
Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software, which identifies new vulnerabilities and insecure posture for Qualys' VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, [...]
Reg Harnish (CISM, CISSP, CISA, ITIL) is an entrepreneur, speaker, security specialist and the CEO of GreyCastle Security. With nearly 15 years of security experience in Financial Services, Healthcare, Higher Education and other industries, Reg focuses on security solutions ranging from risk management, incident handling and regulatory compliance to network, application and physical security. Reg is a frequent speaker and has presented at prominent events, including the NYS Cyber Security Conference, US Cyber Crime, Symantec Vision, ISACA, ISSA, InfraGard and more. Reg's successes have been featured in several leading industry [...]