Join James Arlen and co. as they reflect on their careers and discuss the challenges (and failures) of being an InfoSec professional.
2:55 to 3pm: Introduction (Brian Bourne) 3 to 4pm: Career Panel Panel Session: Developing Your Career in IT Security The IT security industry continues to rapidly evolve. With this rate of change comes both opportunity and challenges. There are more areas of specialization and more types of employers to apply them to. Come to what […]
As the security industry has continued to under invest in the human element of security, phishing has become the top attack vector for cyber criminals. Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s people. Effective phishing defense and incident response involves empowering […]
This talk will take an in-depth look at the certificate authorities (CAs) found on mobile devices today. The CAs included in our mobile devices make up the roots of trust that our secure network transactions rely on to validate that the servers we are talking to are who they say they are. Focusing specifically on […]
Control systems are all around us, working in the background of our lives providing us light, water, heat, transportation, and many good things. These systems are becoming more digital and more connected than ever before, so we must consider control system security just like we do with IT systems. We certainly have seen a jump […]
This session will detail the evolution of ransomware, its methods of infection, and ways an organization can help protect itself and avoid having to pay a ransom. Hear from a Trustwave SpiderLabs forensic expert analyze a ransomware infection and its actions on a compromised system. Ransomware requires that we reassess our access control, intrusion detection, […]
It’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]
Looking at the assumptions underlying threat analysis tools in general, this session will examine how network virtualization, micro-segmentation and automation of policies are improving fundamental security properties such as context, visibility and threat containment, improving significantly the efficiency of these tools We will first look at the assumptions underlying threat modeling in general, the biggest […]
Interest in Cloud Computing continues to gain traction in Canada as evidenced by both Microsoft Azure and Amazon AWS opening Canadian based datacenters in 2016. Trend Micro is helping deliver security controls in these environments by enabling automated deployment, management and reporting through standard devop configuration management tools such as CHEF, Puppet and Ansible. Join […]
In this session, Thales e-Security will discuss the global use of encryption – from backups to big data, from the data center to the cloud, and much more. Focusing on an independent research study conducted by the Ponemon Institute on behalf of Thales e-Security, we will address features of encryption solutions users find the most valuable […]
From rootkits to ransomware, old school security tools and strategies can’t keep pace with today’s advanced attacks. To be effective, you need to thwart the attack methods of advance persistent threats, leverage next-generation endpoint and network security intelligence to detect and isolate attacks, and address critical alerts with contextual security intelligence. Join us to learn […]
IT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation, many organizations face an excess of cyber-threats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remediation, so that they can promptly […]
Ransomware is a family of malware that ranks as one of the most dangerous of modern times. It is not a matter of how you will be infected, but a matter of when. In this presentation, we will look at some of the ransomwares in the wild and how they propagate and infect machines. We […]
Ransomware has become a global plague costing organizations billions worldwide. It has moved from a single user-infection model to a network-wide infection model, recently bringing many sophisticated organizations to their knees. In the first half of this interactive discussion we will dive deep into the ransomware attack chain, examining how attackers leverage blind spots in […]
The unprecedented power of cloud applications has opened up amazing new possibilities for IT organizations, lines-of-business, and users to empower work needs. Whether sanctioned or not, these cloud applications can have a dark side. The rapid pace of adoption has left most security and compliance teams behind. Users, devices and data are now interacting with a variety of […]
It seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]
We surveyed 654 IT and IT security practitioners in Canada to answer the following questions: Do organizations feel more or less prepared to deal with attacks than last year? How have cyber attacks targeting Canadian organizations changed in the past year? What is the average cost of cyber attacks for Canadian organizations? What cyber security […]
Optiv research has identified that one of the key challenges to Cyber Threat Intelligence providing impact is that the term “threat intelligence” has become heavily diluted and attached to a very diverse array of products, services and capabilities which are not easily adopted across the various enterprise security use cases. Our experience has shown that […]
The solution workflow of today’s Security Operations Center (SOC) can be described as a “Security Frankenstein”—where each “limb” is a disparate solution that has been cobbled together in hopes of “orchestrating” the steps in the security kill chain. The result is an ineffective, costly, and cumbersome approach to the security workflow that increases risk and […]
Today, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]
Protecting yourself from a cyberattack is no longer about technology. While technology is inherently important to any cybersecurity solution, it’s only one piece of the puzzle. And more often than not, the other two pieces are overlooked: people and process. Before adopting the next security technology trend, it’s important to understand what you’re trying to […]
One of the most challenging threats to mitigate is the “trusted employee”. They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]
You probably have an IT budget which includes security to some extent. You realize security is important but just don’t have the amount of people that you need to handle the influx of new exploits as well as manage day to day operations. Learning from others is always a good practice, however with most companies, […]
We live in an age where spies have weakened our security in the wake of 9/11, while hackers and digital security breaches ensure compromised data is made instantly available to billions of eyes. So what should we know, and what can we do to protect ourselves and our interests, and how can we defend our […]
Technology around us is changing faster than ever. We’ve already become dependent of our digital devices, and this is just the beginning. As connected devices open new opportunities for imagination, they also open up new opportunities for online criminals. Where are we today? Where are we going? And how are we ever going to secure […]
Permeating the entire spectrum of computing devices, malware can be found anywhere code is executed. Embedded devices, of which many are a part of the Internet of Things (IoT), are no exception. With their proliferation, a new strain of malware and tactics have emerged. This presentation will discuss our lessons learned from reverse-engineering and hunting […]
Kubernetes is Google’s answer to container orchestration and some of the tools it provides developers are indistinguishable from black magic. However, with the power that it provides it also can let you fall into some security holes that are hard to climb out of. In this presentation we’ll go through those pitfalls, along with some […]
What’s scarier, letting HD Moore rent your house and use your home network for day or being the very next renter that uses that network? With the colossal growth of the vacation rental market over the last five years (AirBnb, HomeAway), travellers are now more vulnerable than ever to network based attacks targeted at stealing […]
With the time to breach detection remaining at 100-200 days and the 100’s of millions of dollars that will be lost to ransomware this year, it is safe to say that modern, relentless attackers have revealed a fundamental flaw in the traditional layered defense model. Any individual layer, when it receives updated security intelligence, does […]
The main government approach to cybersecurity has been to think of it through the lens of the military and intelligence community. After all that is where the most expertise lies today. This lens is problematic going forward. We should instead be looking to the way the government thinks of safety: for transportation, disease, consumer products, […]
Bank heists make great stories. This year, we’ve got some really good stories to tell courtesy of a trusted network known as SWIFT, and some banks that believed they were inherently protected by virtue of being connected – except they weren’t. Hundreds of millions of dollars have revealed some ugly truths and dangerous assumptions. In […]
Most are familiar with the term Darknet. Many have ventured a few times out of curiosity. For us, Darknet is an untapped source of Threat Intelligence and in some cases amusement. The news you see online about things being sold on the Darknet generally focuses on the United States, Russians, credit cards and drugs. While those are […]
DNS is a critical component to all technology running on an enterprise network. Whether it is IT infrastructure, a corporate server, a desktop, a laptop, a POS system, external devices connected to a guest network or even unmanaged devices, such as smart phones or any other connected “thing,” they all use DNS to communicate internally and […]
Penetration tests rarely improve a client’s security. We know this because last year’s test feels horribly close to this year’s. In terms of value to the business, they fall flat in most ways – they are misunderstood from the start, during the test, and at the report. We want to dispel the confusion and tie […]
On the second Tuesday of every month, Windows administrators stand ready to deploy the swarm of patches issues by Microsoft addressing new vulnerabilities found on mission-critical systems. Although this patch management routing may have system admins feeling overwhelmed, Patch Tuesdays are expected, allowing them to plan accordingly for the maintenance windows. But IT organizations are […]
PowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and as such is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate memory. It can execute shellcode and modify process in memory (in userland […]
The landscape of open source malware analysis tools improves everyday. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source […]
When was the last time you thought to yourself, hmm, I wonder if an attacker is exploiting my smart phone and laptop as a result of merely leaving my WiFi enabled? Or, when did you think: I wonder if a person can create a profile about me and possibly determine where I live, work, and […]
Serverless applications offer a number of fantastic benefits that let you focus almost exclusively on solving your user’s problems. Relieved of the daily operations burden of traditional deployments, teams often think that security is taken care of inherently in the design. Nothing could be further from the truth. In this talk, we’ll explore how to […]
This presentation explains the problems a child can encounter in the digital world. It covers subjects including siblings gaining control of your devices and online accounts, outside attackers doing those same two things, and your parents restricting what you can access on the internet. Kids face a unique set of problems that have not yet […]
Every organisation that stores, processes or transmits valuable data will fall victim to a cybersecurity breach. But why? If we know the enemy is coming, and how they’re going to attack, why can’t we stop them? Or even put up a good fight? New research makes it clear that for the past 15 years we […]
This talk is focused on some of the biggest problems associated with computer security defenses. Main topics include: Misaligned defenses Lack of focus on root-causes Lack of focus on local current and historical exploits Lack of data in driving computer security defense decisions Roger will discuss how things got this way and how to fix […]
Do you need a GRC tool but can’t afford the cost of one? Let’s use a batteries included automation first framework to rapidly assemble our own tools that work in the way you want. We won’t create anything with a web interface but we will be able to manage large amounts of information using existing […]
Are you tired of knowing everything, having people ignore “the security person” because “reasons,” and then having “I told you so” as your only comfort? Sick of the hostile relationship between security and development, security and operations, security and HR, and/or security and everyone not wearing a black t-shirt? There’s a better way. Faced with […]
Successfully defending against modern threats requires information security teams to possess the right balance of hard and soft skills for engaging business and technology groups to secure an organization. This is creating more opportunities for women from a variety of backgrounds to join this industry, make positive contributions in a variety of ways and to […]
Quantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. There are viable options for quantum-proofing our cryptographic infrastructure, but […]
Car hacking really came to light in 2015. We saw Jeeps getting attacked over the air, BMWs being remotely unlocked, and attacks on Tesla’s Model S. Yes, today’s cars are computers, and they going to have vulnerabilities. While cars have had in-vehicle networking for the last 25 years, only recently have we seen public attacks […]
Purple Teaming is conducting focused Red Teams with clear training objectives for the Blue Team for the ultimate goal of improving the organization’s overall security posture. The popular opinion is that Purple Teaming requires a big undertaking. This is not true and we will show practical exercises for Purple Teaming for varying levels of organizational […]
Modern threats necessitate active hunting for malware and attackers throughout an organization’s environment. Unfortunately, traditional approaches to detection of this malicious activity are now inadequate as advanced malware and skilled attackers easily mislead them. During this presentation attendees will learn how malware and attackers evade these traditional methods as well as how memory and network […]
Machine learning is the latest trend in malware classification. It’s easy enough that everyone can now spin up a malware crawler, extract some features from the files, build some machine learning models, and publish their research in a reputable journal. However, many of these models have issues with overfitting – they have significant accuracy reductions […]
James Arlen leads Heroku’s (a division of Salesforce) Production Engineering team focused on delivering integrity, availability, and maturity to Heroku’s fleet operations. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Salesforce Heroku, James is a Contributing Analyst at the research firm Securosis, [...]
Adrien de Beaupré is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response, and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). Adrien is actively involved with the information security community, and organizes the BSidesOttawa conference. When not geeking out and breaking stuff he can be found with his family, or at the dojo.
Brian has a passion for security and has been an active member of the IT security community for over 25 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor. Brian was the founder of CMS Consulting Inc. and Infrastructure Guardian Inc. which became part of New Signature. The two organizations (professional services and managed services respectively) provided deep Microsoft expertise working with mid to large enterprise customers. After handing over the reins, [...]
Director, Information Security Services - BMO
Laura Payne is a Director of Information Security Services at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping.
Mike Murray is the VP of Security Intelligence at Lookout. For nearly two decades, Mike has focused on high-end security research, first as a researcher and penetration tester and then building and leading teams of highly skilled security professionals. He previously lead Product Development Security at GE Healthcare, where he built a global team to secure the Healthcare Internet of Things. Prior to that, he co-founded The Hacker Academy and MAD Security, and has held leadership positions at companies including nCircle Network Security, Liberty Mutual Insurance and Neohapsis.
Director, Technical Alliances, PhishMe
Mike Saurbaugh is the director of technical alliances with PhishMe. Prior to PhishMe, Mike spent nearly two decades in financial services and was the head of information security for 12-years. Mike is a Faculty member with IANS Research was involved from the onset with Security Current when it launched and served as the research director leading a number of strategic projects for global security vendors. Recently, Mike was added to the faculty at Excelsior College in their information security program as a course developer and adjunct. Mike started a security [...]
Manager of Vulnerability Research / Lookout
Andrew Blaich is a staff security engineer and researcher at Lookout where he is focused on the securing, responding to, and defending all things mobile. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security. He holds a Ph.D. in computer science and engineering from the University of Notre Dame in enterprise security and wireless networking. In the past, Andrew has worked at both Samsung and Qualcomm Research. Andrew has presented at conferences including RSA, Interop, and SANS DFIR. In his free time, he loves to research the [...]
Chris Sistrunk is a Senior Consultant at Mandiant, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. Prior to joining Mandiant, Chris was a Senior Engineer at Entergy (over 11 years) where he was the Subject Matter Expert (SME) for Transmission & Distribution SCADA systems. Chris helped organize the first ICS Village, which debuted at DEF CON 22 and was featured at RSAC and SANS ICS Summit. He is a Senior Member of IEEE, member of the DNP Users Group, President of Mississippi Infragard, and also is [...]
Incident Response Consultant
James L. Antonakos is an Incident Response Consultant for Trustwave and a former SUNY Distinguished Teaching Professor of Computer Science at Broome Community College, in Binghamton, NY. James is an online instructor in electronics, computer science, and information security and has extensive industrial work experience as well in electronic manufacturing for both commercial and military products, particularly in flight control computer technology for Navy aircraft. James is the author or co-author of over 40 books on computers, networking, electronics, and technology, as well as numerous magazine articles, and has presented [...]
Eric Sun is Solutions Marketing Manager for Rapid7’s Incident Detection & Response offerings. In security, Eric works closely with Rapid7's penetration testers and managed SOC to help security teams model their programs after the intruder attack chain. He also brings an understanding of behavior analytics and risk management from his many years in Asia as a professional poker player. Previously, Eric was at custom mobile app developer, Zco Corporation, based in New Hampshire.
Bruno Germain is a staff systems engineer in the network and security business unit at VMware. As early as 2008, he worked on virtualized network architectures for data centres as part of the team working on the MiM / SPB standards for which he shares patents for his work on the integration of virtual routers to this technology. He has been designing, implementing and securing networking infrastructures for the last 30 years holding positions with service providers, financial institutions and telecomm manufacturers.
Peter Cresswell has over 25 years of IT Security experience, from a diverse background as an IT Manager, Security Solution Architect, Practice Manager, Security Instructor, Product Manager, and Security Auditor. With Trend Micro, Peter has focused on the big migration from perimeter to system-based security controls, across Physical, Virtual, and Cloud environments. Currently, Peter focuses on Canadian companies migrating to the Cloud, and the architectures, processes, and technologies that get them there safely. Peter is often called upon to speak to Security as it applies to Cloud and related Security [...]
Si Brantley has been a veteran in the technology industry for more than 35 years. He has held various roles, including head of sales at Thales e-Security, a leading global data protection and digital trust management company, as well as VP of Sales-Product Division at Racal Datacom. His clientele includes some of the world’s largest retail and financial companies, as well as other verticals. Mr. Brantley is integrally involved in developing security strategies to enable companies to compete confidently and quickly by securing data at-rest, in-motion, and in-use to effectively [...]
Network Security Expert
Keir Humble is a recognized network security expert with over 20 years of hands-on experience providing in-depth timely perspective on the state of enterprise security and emerging trends. Prior to joining Sophos, Keir worked for a number of security vendors including; Symantec, ArcSight (HP), Kaspersky Lab, and Q1 Labs (IBM). Prior to venturing into the world of IT Security Technology, Keir worked for BMO Bank of Montreal as an Incident Handler, Intrusion Detection Analyst, and Network Security Analyst, implementing a variety of security technologies and processes.
Amol heads Qualys' worldwide security engineering team responsible for vulnerability and compliance research. His team tracks emerging threats and develops software, which identifies new vulnerabilities and insecure posture for Qualys' VM, PC, PCI and QBC services. Amol is a veteran of the security industry and has devoted his career to protecting, securing and educating the community from security threats. Amol has presented his research on Vulnerability Trends, Security Axioms, SCADA security, Malware and other security topics at numerous security conferences, including RSA Conference, BlackHat, Hacker Halted, SecTor, BSides, InfoSec Europe, [...]
Senior Security Researcher
Raul Alvarez joined Fortinet in 2004, and is currently working as a Senior Security Researcher/ AV Team Lead. He is also one of the Lead Trainers responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering. Raul has presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa, SecTor, and DefCamp. Raul has presented at the HASK security group and at the University of BC. He is a regular contributor to the Fortinet blog and also in the Virus Bulletin publication, where he has published 22 articles.
Advanced Threat Solutions, Cisco Canada
Sean Earhard heads Cisco’s Advanced Threat Solutions team for Canada, working with organizations to design and build strategies to secure their networks and users from today’s most Advanced Threats. Prior to Cisco, Sean worked with large accounts for Symantec in Toronto and Sophos in Chicago, helping to secure some of the largest organizations in North America over the last 11 years.
Ryan Leonard is a Technical Marketing Engineer for Symantec. Symantec’s recent acquisition of Blue Coat Systems combined the market leader in endpoint, email, and data center security with the market leader in web security and cloud generation intelligence to create the world’s leading pure play security company: the new Symantec Corporation. Mr. Leonard has over 15 years of internet security experience. Prior to joining Symantec, Mr. Leonard was a Sales Engineer for both large enterprises like Palo Alto Networks and Intel Security as well as start-up ventures like Agari and [...]
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
Chief Technology Officer, Scalar
Ryan is an experienced security practitioner and leader with over 20 years of IT experience and 12 years of information security consulting experience. At Scalar, Ryan holds the position of Chief Technology Officer - Security, responsible for driving the company's customer facing security strategy. Prior to assuming his role at Scalar, Ryan was Director of Security Architecture and Engineering at TELUS Security Solutions, and has worked for companies such as McAfee/Intel, MTS Allstream and Q9 Networks.
Director of Threat Intelligence, Optiv
Danny Pickens has over six years of experience within cyber security in the areas of intrusion detection, incident handling and management, and cyber threat analysis. He has fifteen years’ experience as an all-source intelligence analyst covering conventional, asymmetric, and counterterrorism intelligence analysis. Mr. Pickens is currently the Director of Threat Intelligence at Optiv, managing a staff of Cyber Threat Intelligence analysts and consultants charged with conducting research and analysis to support clients with strategic advisement and consulting in the area of intelligence for business alignment and decision advantage. Mr. Pickens [...]
Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force. Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, [...]
Peter Allor is a Security Strategist on cyber incident and vulnerability handling with IBM where he assists in guiding the company’s overall security initiatives and participation in enterprise and government implementation strategies. He assists the IBM X-Force research and development team with the collection, analysis and dissemination of information regarding cyber vulnerabilities, exploits, incidents, threats and early warning and coordinates for X-Force and IBM products.
As a seasoned security leader, Sean Blenkhorn has spent much of his nearly 20-year career consulting with leading global (FORTUNE 50, 100, 500 and 1000) companies around security and compliance solutions. In his role as Senior Director of Solutions Engineering at eSentire, Sean leads his team globally as they provide guidance, consultation, and technical perspective to new customers as they evaluate and adopt eSentire’s award winning services to address their security and compliance requirements. Sean has an Associate’s Degree in Software Engineering from Georgian College.
Security Practice Manager
Mr. Read has over 20 years of experience in the IT industry and an extremely broad skill set when it comes to the security of an organization’s critical IT infrastructure. Mr. Read has been in charge of IT Security Professional Service Delivery for over 10 years and is primarily responsible for: Leading a Security resource team responsible for vulnerability and risk assessments for some of Canada’s largest infrastructures; and Designing and deploying advanced security solutions from the SANs TOP 20 Critical Control list. By leading large projects in the areas [...]
Greg Pepper has been an IT professional for 15+ years with expertise in Security, Networking & Cloud Computing. Initially working for Sony Online Entertainment, PriceWaterhouse Coopers & Organic, Greg has spent the last 15 years working for Cisco & Check Point helping customers to design, plan and implement secure networks throughout the Internet Edge, Campus Backbone, Data Center and Cloud Environments. Currently a Security Architect for Check Point, Greg focuses on Software Defined Data Centers working with customers across the Western United States & Canada across verticals and customer segments.
Former Intelligence Officer & Whistleblower
Edward Snowden is a former intelligence officer who served the CIA, NSA, and DIA for nearly a decade as a subject matter expert on technology and cybersecurity. In 2013, he revealed that the NSA was seizing the private records of billions of individuals who had not been suspected of any wrongdoing, resulting in the most significant reforms to US surveillance policy since 1978. He has received awards for courage, integrity, and public service, and was named the top global thinker of 2013 by Foreign Policy magazine. Today, he works on [...]
Chief Research Officer, F-Secure
Mikko Hypponen is a cyber war veteran and the Chief Research Officer of F-Secure. He has been reverse engineering malware since 1991. Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and lectured at the universities of Stanford and Cambridge. He's also the Curator for the Malware Museum at the Internet Archive.
Cybersecurity Research, GoSecure
Olivier Bilodeau leads the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, Olivier runs honeypots, reverse-engineers binaries, and programs malware analysis tools. He is the author of several important AV industry reports like Dissecting Linux/Moose, Operation Windigo (about the Ebury malware) and Ego-Market: When Greed for Fame Benefits Large-Scale Botnets. Olivier has spoken at several conferences including RSAC USA, BlackHat USA/Europe, DefCon, 44CON, NorthSec, Botconf, SecTor, Derbycon, and AtlSecCon. An active member of his community, Olivier co-organizes MontréHack (a monthly workshop focused on applied information [...]
Director of Security, Honest Dollar
Matt Johansen is the Director of Security at Honest Dollar, a Financial Tech company in Austin, Texas where he is charged with building an Information Security program from the ground up. Previously he was the Director of Services and Research at WhiteHat Security where he oversaw the development and execution of their service related product lines. In addition to these services, Matt also performs research on application security topics that he discusses on the corporate blog and is often invited to present at conferences around the world.
Security Intelligence, Atlassian
I've been serious about hacking and security since 2002. Since discovering my first issue of Phrack (0x0b, 0x3b) I knew that security was for me. Before long, I was consuming text files from former hacker generations at a feverish and insatiable rate. I began driving 2+ hours to the Houston 2600 meeting every month, and a new world was revealed. I've worked in IT for over 12 years, doing everything you can imagine - crawling in ceilings to run Ethernet, automation scripting with Python and Bash, virtualizing datacenters, analyzing malware, scouring pcaps, [...]
Co-Founder and CTO, Veracode
Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode. Wysopal co-founded the company in 2006 and oversees technology strategy and information security. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress about government security and how vulnerabilities are discovered in software. [...]
Cyber Security Consultant - Threat Intel, KPMG
Cheryl Biswas began her IT career with CP Rail’s helpdesk over 20 years ago, with further roles in vendor management and change management. Her previous position was with JIG Technologies as an InfoSec Researcher/Analyst, where she initiated the security role within JIG, did weekly threat intel updates, and advised her team and clients on security matters. She recently joined KPMG Canada as a Cyber Security Consultant, Threat Intel. Cheryl builds bridges to connect people within Information Security, and to connect end users. She actively shares her passion for learning and [...]
Milind Bhargava is a Manager with Deloitte's Risk Advisory team where he performs security audits and assessments. He also leads his own security consulting company that is known for Darknet Threat Intelligence Research. He spoke at Sector in 2016.
Security Consultant, TELUS
Peter Desfigies is a Security Consultant at TELUS Communications Inc. He works with a team of operations analysts to proactively investigate and analyze customer traffic, while also providing threat intelligence on attacks, campaigns, and zero-days in order to protect customer’s environment and enhance their security posture. During his time at TELUS, he has worked with a variety of teams providing LAN, WAN, telco, security and hardware break/fix support, and now security analysis for government and corporate customers. Prior to TELUS, he worked for 12 years in IT operation roles to [...]
Dir of Cyber Security Solution, BlueCat Networks
Scott Penney has been immersed in security technologies and strategies for the last 20 years. His focus has always been on balancing the needs of a dynamic business with the realities of risk mitigation in our connected world. Over his career, Scott has worked with some of the largest companies in the world, such as AT&T, to help define security architectures that make sense – delivering real improvements in overall security posture without over-committing resources. Scott’s current focus is driving new and innovative security solutions for BlueCat, using the power [...]
Independent Security Consultant
Mark Bassegio is an offensive security expert that specializes in physical security and network security consulting. During his years in security, Mark has conducted and overseen hundreds of penetration tests all over the world in multiple industries and disciplines, for medium sized businesses to large Fortune 500 corporations. Mark has delivered presentations to audiences internationally and is the co-creator of the BLEKey, custom hardware designed to exploit weaknesses in proximity-based building access controls.
Chief Risk Officer, Atredis Partners
Tim West has extensive experience in security leadership. He has worked as a security practitioner and as a successful security consultant. As a consultant, Tim has delivered significant projects rebooting security programs in billion-dollar organizations and engaging in high-profile projects including US federal corrective action plans. As a practitioner and leader, Tim has lead teams at a Fortune 25 healthcare organizations responsible for governance, threat and vulnerability management as well as risk and compliance. Tim has spoken nationally on topics of compliance and technical security, medical devices, and other research areas such as cyber [...]
Director, Malware Threat Research
Travis is the Director of Malware Threat Research at Qualys. He has spent the past 15 years in the security industry with a focus on digital forensics and incident response. He holds a wide array of certifications ranging from GIAC Certified Penetration Tester to the CISSP, as well as an MBA with a concentration in information security. Travis has presented his research at conferences worldwide at venues such as BlackHat, RSA, and SecTor.
Security Architect, Deloitte Canada
Pierre-Alexandre Braeken is an accomplished and highly experienced Manager at Deloitte Canada with nearly 15 years of experience in security and system architecture. He has an excellent command and understanding of information technology, security architecture and secure application development, as well as strong analytical skills pertaining to enterprise situations, risk and contingency plans. He's focused on assisting organizations internationally and across Canada with leading effective threat detection, response capabilities and red teaming activities. He has created cutting edge tools in the field of offensive and defensive security and regularly speaks [...]
Director of Research Innovation, ThreatConnect
Robert Simmons is the Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert is also the author of PlagueScanner, an open source virus scanner framework. Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.
Asst. Prof. of Computer Science, USAF Academy
Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: SecTor Canada, Hack in Paris, France, HackCon Norway, BlackHat USA, [...]
Global Security Manager - Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs. Past responsibilities have included day-to-day operational work in complex security networks, policy planning, management, and documentation responsibilities with various network, VoIP and security engineering companies. Kellman is an experienced speaker with original content, that has delivered security talks in private corporate focused events, at school internet safety classes for training students and [...]
Jake Sethi-Reiner is eleven years old. He has presented at NorthSec 2016, at Pycon Canada 2015 (goo.gl/aZXLzZ) and at the Montreal Python group. Jake has also completed online university courses in computer networking (Stanford), Python programming (Rice University), economics (Stanford), symbolic logic (Carnegie Melon) and Linux administration (Linux foundation). His father, Richard Reiner, delivered a keynote at SecTor 2007.
Principal Security Architect
Roger Grimes currently works for Microsoft as a Principal Security Architect. He specializes in general computer security, identity management, PKI, Windows computer security, host security, honeypots, APT, and defending against hackers. Grimes has been working in the computer security industry for nearly three decades, has written eight books and nearly 1000 magazine articles. For the last 10 years Roger has been the computer security columnist for InfoWorld magazine.
Ben Sapiro is the Global CISO of Great West LifeCo and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school; he’s even done privacy and compliance work to pay the bills. Other than that, he’s a typical middle-aged Canadian security professional who has worked in several verticals including SaaS, natural resources and telecom. Ben is a contributor to the Liquidmatrix Podcast (whenever we get around to recording it) and used to help with other stuff like BSidesTO until he realized he should not test his wife’s [...]
Malice Afterthought, Inc.
Described by coworkers as "not the lawyer we need, but the lawyer we deserve," Brendan O’Connor is a security researcher, practitioner, and consultant based in Seattle, WA. He is admitted to the Montana bar, and serves as Vice-Chair of the ABA’s Information Security Committee; while he is a lawyer, he is not your lawyer. He was awarded two DARPA Cyber Fast Track contracts for his security research, which focuses primarily on enabling access to security and privacy through development of disposable computing and sensing tools. He has taught at an [...]
Laura Payne is a Senior Information Security Advisor at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping. The six women participating in this keynote panel currently work in information security across a variety of sectors. With a diverse background of [...]
Sr. Advisor for Cyber Strategy, Fortalice Solutions
Alexis Lavi has an in depth knowledge of cyber security, risk management, national security policy, and ethical hacking. Currently, Alexis is a Senior Advisor for Cyber Strategy at Fortalice Solutions. At Fortalice, she manages and conducts semi-quantitative cyber risk evaluations and penetration tests for energy, defense and retail companies. She also has experience facilitating cyber attack tabletop exercises for major financial institutions, retail companies, and critical manufacturing organizations. In addition to her work at Fortalice, Alexis is the Lead Analytical Guru for Dark Cubed, a Virginia-based cyber security product company, where [...]
Assistant VP Cloud Computing
Andrea Stapley is the Assistant Vice President of the Cloud Computing team globally for Sun Life Financial. She holds a BA from McMaster University and is responsible for Cloud Architecture, Engineering, Operations and Security teams as it relates to Cloud Services hosted with Amazon. Her teams are responsible for developing the Global Cloud roadmap for the Enterprise and executing on that roadmap. The teams architect the cloud solutions for Sun Life and deliver the services required from an engineering and operations perspective for their clients. Before the Cloud role, Andrea [...]
Manager SCSPITRM, RBC
Julie Leo is a Relationship Manager for Security Consulting, IT Risk Centre of Governance at RBC. She received an Honours Bachelor of Arts degree in Crime, Law, and Deviance from the University of Toronto; with a minor in Philosophy and Sociology. With experience across multiple information security domains; such as, Identity and Access Management and Software Security, Julie also has experience as a Customer Service Representative; allowing her to learn the ins and outs of the products and services a financial institution may offer to clients, as well as, the [...]
Senior Security Professional
Karen Nemani is a dedicated senior security professional with almost two decades of experience across the field of information security. She is an innovative information security strategist who enjoys working with clients to demystify their security risk. Her career has included roles that established successful information security programs and her work has directly influenced the creation and design of highly secure, complex information technology infrastructures. A champion of security both professionally and in her community, Karen enjoys engaging, educating and growing new talent and works in support of women considering a career in information security.
Marilyn Blamire has worked at TD Bank, in the Financial Services Technology world for over 35 years, in development, design, architecture, business and process analysis, and most recently Information Security. Over that time, the use of technology has changed beyond imagination and the criminals who seek gain have adapted to take advantage of it. Marilyn's passion is for people, and helping them understand how the things they do every day have a major impact on how safe we are. She is active in the Women in Leadership program at TD, [...]
Michele Mosca is co-founder of the Institute for Quantum Computing at the University of Waterloo, a Professor in the Department of Combinatorics & Optimization of the Faculty of Mathematics, and a founding member of Waterloo's Perimeter Institute for Theoretical Physics. He was the founding Director of CryptoWorks21, a training program in quantum-safe cryptography. He is a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography, and the not-for-profit Quantum-Safe Canada. He co-founded evolutionQ Inc. to support organizations as they evolve their quantum-vulnerable systems to quantum-safe ones and softwareQ Inc. to [...]
Embedded Systems Developer
Eric has worked in development and reverse engineering roles for hardware and software companies, specializing in embedded devices, automotive systems, and bespoke tool development. He is currently a Principal Research Consultant at Atredis Partners. Eric’s work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future. In 2014, Eric founded Linklayer Labs, which [...]
Sr. Incident Response Engineer, Uber
Chris Gates has extensive experience in network and web application penetration testing, Red Teaming and Purple Teaming. Chris is currently learning to be a part-time fixer instead of full-time breaker. He has spoken at numerous events such as the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, Derbycon, LasCon, HashDays, HackCon, Bsides ATL, IT Defense, OWASP AppSec DC, and Devops Days. Chris is also a cofounder of NoVAHackers.
Haydn Johnson has over 3 years of information security experience, including network/web penetration testing, vulnerability assessments, identity and access management, and cyber threat intelligence. He has a Masters in Information Technology and holds the OSCP certificate. Haydn regularly contributes to the InfoSec community primarily via Twitter and has spoken at BSides Toronto. Most recently, he has created a walkthrough for using the persistence module of PowerSploit.
Director of Research, Volexity
Andrew Case is the Director of Research at Volexity LLC, and a member of the Board of Directors for the Volatility Foundation. Prior to joining Volexity, he held positions as a senior incident response handler and malware analyst at Terremark Worldwide and Verizon Enterprise Solutions, where he frequently led large-scale investigations. Andrew's previous experience also includes penetration tests, source code audits, and binary analysis. Andrew is the co-developer of Registry Decoder, a National Institute of Justice funded forensics application, as well as a core developer on the Volatility memory analysis [...]
Data Scientist, ZeroFOX, Inc.
John Seymour is a Data Scientist at ZeroFOX, Inc. by day, and Ph.D. student at University of Maryland, Baltimore County by night. He researches the intersection of machine learning and InfoSec in both roles. He's mostly interested in avoiding, and also helping others avoid, some of the major pitfalls in machine learning, especially in dataset preparation (seriously, do people still use malware datasets from 1998?). He has spoken at both DEFCON and BSides, and aims to add BlackHat to the list in the near future.