Past Events



Sesssions


11:30 - 12:00 Tools (716A) '

Threat hunting demystified – Strengthening risk management through proactive investigation and response

Despite billions spent on security technology each year, it seems little progress has been made to reclaim the advantage from attackers.  Modest reconnaissance by a malicious actor often results in a better understanding of an environment than the defenders who own and operate it.  At the heart of the problem lies one simple truth: know […]

Sponsor Track
Michael Otto
15:55 - 16:55 Tools (716A) '

TLS Tools for Blue Teams

TLS can cause problems for security teams, breaking TLS or ignoring TLS are common modus operandi, both are flawed and expose organizations to weaknesses. This session focusses on the management of TLS from a blue team perspective, without either ignoring or breaking TLS implementations. We will discuss specific tooling, FingerPrinTLS and TLSProxy will be the […]

Tools
Lee Brotherston
14:40 - 15:10 Expo Theatre (Hall G) '

Privileged Access Security for Hybrid Cloud: Secure Amazon, Azure and Google Environments

Organizations are increasingly moving workloads to hosted Infrastructure-as-a-Service (IaaS) environments. In many cases, they are extending their data centers across one or more IaaS providers, creating hybrid cloud environments. This session will explore best practices for extending data centers to hosted environments, and review how to secure privileged access to hosted infrastructure and virtual machines […]

Sponsor Track
Wade Tongen
10:15 - 11:15 Tech1 (718A) '

“BlueBorne” Explained – New Attack Vector Exposing 5B+ Devices

Called “Bluetooth’s Stagefright moment,” the Blueborne attack vector identified in September exposed 5B+ devices to hacking. It impacted major mobile, desktop, and IoT operating systems, including Android, Windows, Linux, and iOS. Blueborne attacks devices via Bluetooth in a manner never seen before, and spreads through the air (airborne). Users do not need to be on […]

Tech
Nadir Izrael
15:55 - 16:55 Management (718B) '

Power Up/Level Up: Supercharging Your Security Program for Cloud and DevOps

Few things have ever transformed the practice and technology of information technology than the dual impacts of cloud computing and DevOps. In this executive session we will detail specific strategies and tactics for transforming your security organization without orphaning your historical investments. This won’t be generic policy mumbo-jumbo; comes learn the hard-earned lessons from dozens […]

Management
Rich Mogull
13:25 - 14:25 Tools (716A) '

Weapons of a Pentester

In this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry. Tools that will be demonstrated and showcased include: Metasploit (Exploit Framework) BeEF (Browser Exploitation Framework) Physical lock testing (Lock pick set – Snap gun, and lock pick card) Hak5 – […]

Tools
Nick Aleks
14:40 - 15:55 Keynote Hall '

Developing Your Career in IT Security (2017)

The IT security industry continues to rapidly evolve. With this rate of change comes both opportunity and challenges. There are more areas of specialization and more types of employers to apply them to. Come to what will certainly be a spirited and exciting panel session on how very different segments of the industry are viewing […]

Career
Dave Millier
Eric Belzile
Laura Payne
Mike Murray
Nik Alleyne
13:25 - 14:25 Management (718B) '

GDPR for Canadian Organisations – What you need to know!

The General Data Protection Regulation (GDPR) comes in to force on May 25th 2018 and many Canadian organisations are unsure if they even have to comply, let alone how. During this session, Bruce will take you through not only what the GDPR is and how it may impact you, but common questions and scenarios Canadian […]

Management
Bruce Cowper
10:15 - 11:15 Tech 3 (801B) '

The Cyberwar Playbook: Financial Services as Critical Infrastructure

How would you hack a bank? In this talk, we discuss how to improve the protection our nation’s critical private-sector cyber infrastructure, using financial services institutions as a case study, and highlight potential exploit chains and vulnerabilities in people, process, and technology. We begin with a thought experiment: if cyberwar were to break out tomorrow, […]

Tech
Jennifer Fernick
Louise Dandonneau
10:15 - 11:15 Tools (716A) '

Security Training in a (Virtual) Box

We have designed a virtual training environment that allows the user to step through the quintessential phases of an attack: reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. Licensed for reuse under Creative Commons, the materials can immediately be used for education and training purposes by attendees. We focus on what can be expected from […]

Tools
Marcelle Lee
Joe Gray
10:15 - 11:15 Management (718B) '

Best Practices to Secure Application Containers and Microservices

Containers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken industry by storm, resulting in over 8 billion downloads and 500,000+ containerized applications in this open source platform. With all this new-found power comes significant […]

Management
Anil Karmel
13:25 - 14:25 Tech 2 (801A) '

FAIL Panel Version 5 – EquiFAIL!

In 2012, we talked about the APT. In 2013, we talked about BYOD and Consumerized IT. In 2014, it was #failAMA. In 2015, Ben Sapiro FAILED to submit an abstract. In 2016, James was VOLUNTOLD to do the thing. It’s 2017, and the voluntoldee said yes again. This is the time when we talk about […]

Tech
James Arlen
Dave Lewis
Ben Sapiro
Rich Mogull
11:30 - 12:00 Security Fundamentals (803) '

How to Ramp Up Security Operations to Stop Advanced Threats

As attacks have become more sophisticated and continue to evolve, static technologies can’t keep up. Siloed solutions fragment your defenses. It takes power and precision to stop attacks. Join this session where we will explore; Do you have an intelligent, orchestrated and automated approach to prevent, detect and respond to threats? How did GFL Environmental […]

Sponsor Track
David Millar
10:15 - 11:15 Tools (716A) '

NOAH: Uncover the Evil Within! Respond Immediately by Collecting All the Artifacts Agentlessly

Imagine the moment when you realize that a malicious threat actor has compromised your network and is currently going through your confidential information. Faced with this dreadful scenario, you initiate an Incident Response. We have built an open source Incident Response framework based on PowerShell to help security investigation responders gather a vast number of […]

Tools
Pierre-Alexandre Braeken
14:40 - 15:40 Tech 2 (801A) '

Securing Shopify’s PaaS on GKE

Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company’s internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team. Unfortunately for us, a hosted solution […]

Tech
Jonathan Pulsifer
12:00 - 13:10 Keynote Hall '

Fighting Cyber(in)security

In this epoch of big data, we have reached a cybersecurity crisis – over 4 billion personal accounts compromised just in the past few years, not to mention multiple power grids. Advanced technologies, ranging from blockchain to quantum computing are emerging, but there are still big questions about how they can help. Fortunately, a band […]

Keynote
David Shrier
14:40 - 15:40 Management (718B) '

Does a BEAR Leak in the Woods? What the DNC breach, Guccifer and Russian APT’s have taught us about attribution analysis

The June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In this presentation we’ll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of “faketivists” like the Guccifer 2.0 persona, and strengths and gaps […]

Management
Toni Gidwani
10:15 - 11:15 Tech1 (718A) '

Breaking the Laws of Robotics: Attacking Industrial Robots

Industrial robots are complex cyber-physical systems used for manufacturing, and are a critical component of any modern factory. These robots aren’t just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial […]

Tech
Stefano Zanero
13:25 - 14:25 Tech1 (718A) '

The quantum threat: what really matters today?

Quantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus, we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. Impressive progress in developing the building blocks of a fault-tolerant […]

Tech
Michele Mosca
Vlad Gheorghiu
10:15 - 11:15 Tech 2 (801A) '

Botract – Abusing smart contracts and blockchain for botnet command and control

In this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts […]

Tech
Majid Malaika
15:55 - 16:55 Tech 3 (801B) '

Lies and Damn Lies: Getting Past the Hype Of Endpoint Security Solutions

The endpoint protection space is a hot market right now. With statistics showing malware creation ranging from 300,000 to 1 million pieces a day, traditional signatures just can’t keep up. Ask any vendor about their solution and you get inundated with the marketing hype, machine learning, artificial intelligence, math models, and lions, tigers and bears! […]

Tech
Lidia Giuliano
14:40 - 15:40 Tech1 (718A) '

Threat Hunting an Evolving Malware Campaign and the Actors Behind It

Threat actors need to constantly evolve their techniques to remain undetectable or their campaigns, once exposed, will cease operation. This briefing will take an in-depth, entertaining look at the ever evolving campaign that was thought to have been nearly eradicated. This campaign and the actors behind it have not only continued to operate behind the […]

Tech
Jeremy Richards
10:15 - 11:15 Tech 3 (801B) '

The Black Art of Wireless Post-Exploitation

Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the […]

Tech
Gabriel Ryan
15:55 - 16:55 Security Fundamentals (803) '

After the Incident: DIY Forensic Collection

Description: When it comes to a post incident self-collection of digital data such as: employee dismissal, data exfiltration, inappropriate behavior/computer usage, or security breach, there is potential for litigation. Whatever the situation, IT personnel should utilize forensic best practices to assure that the information is accurate, admissible, and that the data and original sources are […]

SECurity FUNdamentals
Eugene Filipowicz
15:55 - 16:55 Tech 2 (801A) '

Reverse Engineering Automotive Diagnostics

Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce […]

Tech
Eric Evenchick
14:40 - 15:40 Tech 3 (801B) '

Improving Incident Response for ICS

Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and […]

Tech
Dean Parsons
13:25 - 14:25 Tech 2 (801A) '

Gitting Betrayed: How agile practices can make you vulnerable

Trust is an implicit requirement of doing business. At some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, […]

Tech
Clint Gibler
Noah Beddome
14:40 - 15:40 Tech 3 (801B) '

Disrupting the Mirai Botnet

The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to […]

Tech
Chuck McAuley
13:25 - 14:25 Tech 3 (801B) '

Rootkits vs Ransomware 2.0. Using evil to fight for good

Your company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security […]

Tech
Boris Rudakov
14:40 - 15:40 Tech1 (718A) '

A Deep Dive into the Digital Weapons of Mysterious Cyber Army

Being one of the most isolated and secretive nations on the earth, from the Sony Picture breach to the WannaCry attack, cyber-attacks from the Democratic People’s Republic of Korea (DPRK) seem to be more and more aggressive than before. Based on our observations, the North Korea cyber army has expanded their campaign to target not […]

Tech
Chi-en Shen (Ashley)
11:30 - 12:00 Expo Theatre (Hall G) '

Insider Threat Analytics & Anomalous Behaviors

Employee suspicious access, behavior abuse, and exfiltration of confidential data could all be a result of Insider Threat. We need a new innovative way of thinking about security as rule, pattern and signature-based solutions are evaded easily. Learn how user & entity behavior analytics (UEBA) and Identity Analytics (IdA) leveraging the context of open choice […]

Sponsor Track
Carl Miller
13:25 - 13:55 Theatre (Hall G) '

Security consideration for Microservices using Container Technology

Continuous Deployment and Cloud applications offer new opportunities in cyber security in allowing flexibility and rapid reaction to the ever-changing demands to protect cyber assets. However, new technologies also offer new possibilities and require new approaches in evaluating and improving the security posture for software applications as well as the infrastructure. This talk will explore […]

Sponsor Track
Ralph Janke
11:30 - 12:00 Theatre (Hall G) '

Building a Secure Foundation for the Internet of Things (IoT)

Connected devices provide a way for businesses to improve their operations and to provide enhanced services to customers.  They also can introduce significant security risks, as many devices that are now being connected were not designed with security in mind.  The fundamentals of the old adage of “garbage in, garbage out” are critical for IoT […]

Sponsor Track
John Grimm
11:30 - 12:00 Security Fundamentals (803) '

Moving Up the Security Maturity Curve – The Sisyphean Task

Compressed timelines, skill gaps, staff shortages, and an endless sea of new security technology options challenge organizations to keep pace with rapidly advancing threats. It’s easy for technology leaders to fall into the trap of spending their entire budget on bigger firewalls and trendy new endpoint solutions, while ignoring the simple things. Sometimes the best […]

Sponsor Track
Jamie Hari
11:30 - 12:00 Tech 2 (801A) '

Decoding Cyberespionage from Insider Mistakes

People are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]

Sponsor Track
Brandon Swafford
14:40 - 15:10 Theatre (Hall G) '

Boosting Canada’s Cyber Immune System for Internet Health

As adversaries develop ways to make money through cybercrime and the number of attackers and suppliers of cybercrime tools are growing, organizations are finding it more difficult to protect themselves. This environment increasingly resembles an organism under attack from countless viruses, bacteria, parasites and toxic substances. To effectively defend against these threats, we can use […]

Sponsor Track
Matt Broda
11:30 - 12:00 Tech 3 (801B) '

Prioritizing Vulnerability Remediation From an Attacker’s Perspective

While IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]

Sponsor Track
Bharat Jogi
11:30 - 12:00 Tech 2 (801A) '

The Spy in Your Pocket

You walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]

Sponsor Track
Ricardo Panez
11:30 - 12:00 Management (718B) '

The Power Of Integration

As cyber criminals grow more aggressive, organizations are installing new security tools to protect themselves against threats. In fact, the average enterprise runs 508 applications and allows 89 different vendors to access their network each week. (Source Bomgar.com and Forbes.com) You likely manage dozens of security tools across your organization– from firewalls to authentication software. […]

Sponsor Track
Brian Read
15:55 - 16:25 Expo Theatre (Hall G) '

Security Automation and Orchestration That Won’t Get You Fired

Responding to security incidents is mostly firefighting -too much noise, not enough signal, and not enough analysts to work incidents when the signal is found. There is a direct link between the time to detection and volume of data stolen. Leveraging automation and orchestration in the investigation and response process is the key for finding […]

Sponsor Track
Syra Arif
13:25 - 13:55 Theatre (Hall G) '

The State of the Phish and Response

The State of the Phish and Response is a look into many of the prevalent phishing campaigns that leverage ransomware, fileless malware, and tactics that bypass technology. Contrary to what some may still believe, attackers don’t rely on executables and other extensions typically restricted. What are attackers doing and what works in their campaigns? Additionally, […]

Sponsor Track
Mike Saurbaugh
11:30 - 12:00 Tech1 (718A) '

Skin​ ​in​ ​the​ ​Game:​ ​How​ ​Security​ ​Teams​ ​are​ ​Scaling​ ​Through​ ​IT​ ​Orchestration

It’s​ ​a​ ​universal​ ​truth​ ​acknowledged​ ​that​ ​IT​ ​and​ ​security​ ​teams​ ​have​ ​too​ ​much​ ​to​ ​do,​ ​and​ ​never enough​ ​resources​ ​to​ ​do​ ​it.​ ​Traditionally,​ ​there​ ​are​ ​tactical​ ​tasks​ ​that​ ​security​ ​organizations​ ​own,​ ​but invest​ ​far​ ​too​ ​many​ ​resources​ ​in:​ ​alert​ ​triage,​ ​managing​ ​vulnerabilities,​ ​and​ ​more.​ ​These​ ​tasks​ ​lead to​ ​alert​ ​fatigue,​ ​but​ ​worse,​ ​they​ ​suck​ ​up​ […]

Sponsor Track
Jen​ ​Andre
11:30 - 12:00 Tech1 (718A) '

Building Your Own Automated Malware Analysis Lab for Insights on Active Threats.

Understanding the mechanics of malware attacks is critical for remediation and for preventing similar attempts in the future. Malware analysis can provide valuable insights into the adversaries goals, especially when they are targeted. While cloud based malware analysis tools exist, they are largely inflexible. An in-house lab environment can offer more customization, automation and enhanced […]

Sponsor Track
Kurtis Armour
11:30 - 12:00 Tech 3 (801B) '

Take Best Practices to the Next Level

Despite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]

Sponsor Track
Ken Muir
11:30 - 12:00 Management (718B) '

Cloud Security is Application Security – Securing the Cloud as a Team

“Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the […]

Sponsor Track
John Turner
12:00 - 13:10 Keynote Hall '

Winning Defense

In this keynote, Allison Miller will explore how today’s defenders are protecting consumers/platforms from online threats, at scale. Deflecting exploits and vulns is a full-contact sport, but designing for the “human factor” also means mapping out complex sets of incentives and interdependencies, requiring new approaches to thinking about security, risk, & trust. Allison will discuss […]

Keynote
Allison Miller
10:15 - 10:45 Theatre (Hall G) '

Cyber Crime and Financial Crime: different sides of the same coin

Rapidly evolving technology and business channels have resulted in the cyber landscape becoming a core tool for criminals conducting all facets of financial crime. Modern day criminals seek to steal information and commit various types of conventional fraud with coordinated efforts that increasingly leverage cyber technologies. Industries coping with compliance and/or processing financial transactions are […]

Sponsor Track
Tyson Macaulay
09:00 - 10:00 Keynote Hall '

Security and Privacy in a Hyper-connected World

We’ve created a world where information technology permeates our economies, social interactions, and intimate selves. The combination of mobile, cloud computing, the Internet Things, persistent computing, and autonomy are resulting in something different. This World-Sized Web promises great benefits, but is also vulnerable to a host of new threats. Threats from users, criminals, corporations, and […]

Keynote
Bruce Schneier
10:15 - 10:45 Theatre (Hall G) '

Hunting Ransomware: Automate protection to get ahead of the next global outbreak

Ransomware got “very real” this year with nearly every day delivering news of not just more localized attacks but of sweeping compromises, bringing entire organizations to a sudden halt. Organizations are demanding a comprehensive response and IT teams are struggling to deliver defenses that are effective but don’t cripple their productivity.  With a focus on […]

Sponsor Track
Sean Earhard
15:55 - 16:55 Tech1 (718A) '

Attacking Modern SaaS Companies

Modern software-as-a-service (SaaS) companies have a large footprint and a lot of automation which enables them to build their service quickly. Since several devops and cloud tools and processes are new, many companies don’t understand the risks and don’t plan with security in mind. Even some practiced network pentesters don’t always know the best way to find vulnerabilities […]

Tech
Sean Cassidy

Sponsors


Check Point

Gold

Conexsys

Gold

Forcepoint

Gold

IBM

Gold

Lyrical Security

Gold

Optiv

Gold

Qualys

Gold Networking Reception

Rapid7

Gold Networking Reception

Scalar

Gold

Uzado

Gold

Zayo

Gold

BAE Systems

Silver

Bell

Silver

Centrify

Silver

Cisco

Silver

esentire

Silver

Gurucul

Silver

New Signature

Silver

PhishMe

Silver

ServiceNow

Silver

Thales

Silver

(ISC)2

Bronze

Akamai

Bronze

Arbor Networks

Bronze Lunch

Avecto

Bronze

Bomgar

Bronze

BSI Group Canada

Bronze

Calian

Bronze

Carbon Black

Bronze

Checkmarx

Bronze

Citrix

Bronze

CrowdStrike

Bronze

Cylance

Bronze

Darktrace

Bronze

Defence Intelligence

Bronze

Dell EMC

Bronze

ESET

Bronze Networking Reception

Fidelis

Bronze

Forescout

Bronze

Fortinet

Bronze

Gemalto

Bronze

GlassHouse Systems Inc.

Bronze

Global Knowledge

Bronze

GoSecure

Bronze

HP Inc.

Bronze

Imperva

Bronze

IMSM

Bronze

Infoblox

Bronze

ixia

Bronze

KeyData

Bronze

Speakers


Michael Otto

Michael Otto


Michael Otto is co-founder and head of services at Lyrical Security. Mike has over 22 years’ experience working in I.T., focused exclusively on security risk management for the last 17 years. Mike is a former PCI QSA, principal consultant, and co-developer of Lyrical Security’s adaptive risk management framework. A recognized expert in risk management, factor analysis, it service management, and compliance, Mike has helped over 100 organizations build and improve their strategic and tactical risk management capabilities. Prior to Lyrical Security, Mike held progressive positions in financial services, I.T. training [...]

Lee Brotherston

Lee Brotherston

Security Professional


Lee has worked within Information Security for over a decade. In that time he has held positions ranging from hands-on practitioner through to management across a number of industry verticals, he is currently the Director of Security at Wealthsimple in Toronto. He has spoken on topics ranging from malware analysis to network security and surveillance.

Wade Tongen

Wade Tongen

Regional Vice President, Systems Engineering


Wade works with enterprise accounts in the western US, LATAM and in Canada to help them move to the next generation of identity. He does this with the help of a team of 10 dedicated system engineers to make this a reality for our customers. The new reality of our customers are that people need to work where they are and not at a specific location. Centrify helps our customers embrace the new world of identity as the new perimeter to resources. No matter if that resource is a device [...]

Nadir Izrael

Nadir Izrael

Co-Founder/CTO, Armis


As co-founder and CTO, Nadir Izrael guides the technology vision behind Armis to protect the new connected or IoT devices in and around the workplace. He co-founded the company in 2015 with its CEO, Yevgeny Dibrov. Prior to Armis, worked at Google as senior software engineer. Before Google, Nadir spent six years in the Israeli army, specifically in unit 8200, where he designed and programmed software projects and systems, serving as team leader and attaining the rank of captain.

Rich Mogull

Rich Mogull


Rich has twenty years experience in information security, physical security, and risk management. He specializes in cloud security, data security, application security, emerging security technologies, and security management. He is also the principle course designer of the Cloud Security Alliance training class and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of [...]

Nick Aleks

Nick Aleks

Sr. Security Engineer / CEO


Nick Aleks is a Sr. Security Engineer at TD Bank and CEO of Aleks Security Cyber Intelligence Inc., a Toronto-based Ethical Hacking Firm. Nick and his team specialize in testing the security systems for clients in the software development, government, engineering, manufacturing, and financial industries. He is the founder of DEFCON Toronto Hacker Community, a group with over 1000 active members. Nick has spoken at numerous cyber-security conference (BSIDES, DEFCON Toronto, and Pearls in Policing) where he has shared knowledge on topics including: pen-testing, car hacking, lock-picking, wi-fi-hacking, social engineering [...]

Dave Millier

Dave Millier

CEO - UZADO


Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]

Eric Belzile

Eric Belzile

Director General, Cyber Defense and IT Security Operations


Eric Belzile started his career in the Public Service at Statistics Canada in 1989. Over the years, he occupied various positions with increasing levels of responsibility covering System Development and IT Infrastructure Service Management. Before his transfer to Shared Services Canada (SSC), he was responsible for all IT Infrastructure Services at Statistics Canada, delivering the services as well as defining strategic plans for their evolution. Currently, with SSC, he occupies the position of Director General, Cyber Defense and IT Security Operations. He is responsible for the SSC Security Operations Center [...]

Laura Payne

Laura Payne

Senior Information Security Advisor


Laura Payne is a Senior Information Security Advisor at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping.

Mike Murray

Mike Murray


Mike Murray is the VP of Security Intelligence at Lookout. For nearly two decades, Mike has focused on high-end security research, first as a researcher and penetration tester and then building and leading teams of highly skilled security professionals. He previously lead Product Development Security at GE Healthcare, where he built a global team to secure the Healthcare Internet of Things. Prior to that, he co-founded The Hacker Academy and MAD Security, and has held leadership positions at companies including nCircle Network Security, Liberty Mutual Insurance and Neohapsis.

Nik Alleyne

Nik Alleyne

Senior Manager, Cyber Security


Nik has over 18 years in IT, with the last 9 being more focused on Security. He is currently employed as a Senior Manager, Cyber Security for a Managed Security Services Provider, where he is responsible for leading 3 teams supporting various security technologies including IDS/IPS, AntiMalware tools, proxies, firewals, SIEM, etc. He is also a SANS Instructor, teaching both the SEC503: Intrusion Detection In-Depth and SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling while also making the time to actively write on his blog at http://securitynik.blogspot.com His academic credentials [...]

Bruce Cowper

Bruce Cowper

Director and Co-Founder, Black Arts Illuminated


A self-proclaimed IT security and privacy geek, Bruce is the co-founder of Black Arts Illuminated and its conferences and events. He is also a founding member of the Ottawa Area Security Klatch (OASK), and an active member of numerous other organizations across North America including the Seattle Cloud Security Alliance chapter. Bruce co-founded Black Arts Illuminated Inc. because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters. [...]

Jennifer Fernick

Jennifer Fernick

Senior Cryptographic Security Architect


Jennifer Fernick is the Senior Cryptographic Security Architect at Scotiabank, and is a PhD candidate in Computer Science (Quantum Information) at the University of Waterloo, where she is affiliated with the Institute for Quantum Computing and the Centre for Applied Cryptographic Research. She holds a Master of Engineering in Systems Design Engineering (Waterloo) and a Bachelor of Science in Cognitive Science & Artificial Intelligence (Toronto). She has previously spoken at venues like DEF CON, Blackhat, and RSA, on topics such as machine learning, computing on encrypted data, and post-quantum cryptography. [...]

Louise Dandonneau

Louise Dandonneau

Director of Cyber Security Services, Scotiabank


Louise Dandonneau is the Director of Cyber Security Services at Scotiabank, where she is at the center of the bank’s Cyber Monitoring, Response and Intelligence. With responsibilities globally, Louise is accountable for leading a team responsible for monitoring and analyzing threats, and responding to cyber events. With over 15 years in the IT/Financial industry, Louise has spent her career in incident response and process innovation and applies these methodologies to Cyber. Passionate about good cyber metrics, evolving testing capabilities and influencing processes she collaborates frequently and often within the industry. In her personal time, Louise participates [...]

Marcelle Lee

Marcelle Lee


Marcelle Lee is an industry professional, an adjunct professor in digital forensics and network security, and provides security consulting and training services through her company Fractal Security Group, LLC. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST NICE Cyber Competitions Working Group, and the ISACA CSX Certification Task Force. Marcelle has earned the CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications. She holds four degrees, including a recently completed Master’s Degree in cybersecurity. [...]

Joe Gray

Joe Gray

Enterprise Security Consultant


Joe Gray joined the U.S. Navy directly out of high school and served for 7 years as a Submarine Navigation Electronics Technician. Joe is an Enterprise Security Consultant at Sword and Shield Enterprise Security in Knoxville, TN. Joe maintains his own blog and podcast called “Advanced Persistent Security.” In his spare time, he enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag [...]

Anil Karmel

Anil Karmel

CEO C2 Labs


Anil Karmel is the co-founder and CEO of C2 Labs, a company that partners with organizations on their journey, from designing and implementing IT Strategic Plans to allow IT to take back control leveraging our forward-leaning products and services to a deep specialization in Application Rationalization and Transformation (ART), leveraging Secure Development Operations (SecDevOps), cutting edge application architecture methodologies and a secure application container management platform in C2’s Intermodal Operations Navigator (ION). Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Within NNSA, Karmel served [...]

James Arlen

James Arlen


James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as [...]

Dave Lewis

Dave Lewis

Global Security Advocate


Dave has over 15 years industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Global Security Advocate for Akamai. Dave is the founder of the popular security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave also has a column on CSO and InformationWeek Prior to his current role, Dave worked in the finance, healthcare, entertainment, manufacturing and critical infrastructure verticals. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, Social Security [...]

Ben Sapiro

Ben Sapiro


Ben Sapiro is the Senior Director of Security, Privacy and Compliance at Vision Critical (a SaaS company) and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school. Other than that, he’s a typical middle-aged Canadian who has worked at $companies doing $work to earn Canadian pesos. Ben is a regular contributor on LiquidMatrix Podcast (whenever we get around to recording it) and helps run BSidesTO.  

David Millar

David Millar

Security Executive, IBM Canada


David Millar, Security Executive at IBM Canada has almost 20 years of experience in the IT industry, focused on helping his clients adopt new services and technology to enable business change while reducing operational risk. Always diving in head-first to the technology to understand the bits and bytes, David has become a respected professional in a multitude of IT domains where his technical knowledge has allowed him to communicate difficult concepts in an easy-to-understand format to a business audience. For the past five years David has been focused on security, [...]

Pierre-Alexandre Braeken

Pierre-Alexandre Braeken

Security Architect, Deloitte Canada


Pierre-Alexandre Braeken is an accomplished and highly experienced Manager at Deloitte Canada with nearly 15 years of experience in security and system architecture. He has an excellent command and understanding of information technology, security architecture and secure application development, as well as strong analytical skills pertaining to enterprise situations, risk and contingency plans. He's focused on assisting organizations internationally and across Canada with leading effective threat detection, response capabilities and red teaming activities. He has created cutting edge tools in the field of offensive and defensive security and regularly speaks [...]

Jonathan Pulsifer

Jonathan Pulsifer

Cloud Security Engineer


Jonathan is a Cloud Security Engineer at Shopify working on securing their new platform using Kubernetes on GKE. Previously, he was a SANS mentor, network defense instructor, and a team lead at the Canadian Forces Network Operations Centre in Ottawa. Find Jonathan on Twitter @JonPulsifer

Toni Gidwani

Toni Gidwani


Toni Gidwani is the Director of Research Operations at ThreatConnect and leads ThreatConnect’s research team, an elite group of globally-acknowledged cybersecurity experts dedicated to tracking down existing and emerging cyber threats. Prior to joining ThreatConnect, Toni led analytic teams in the U.S. Department of Defense. She is also an adjunct professor at Georgetown University.

Stefano Zanero

Stefano Zanero

Associate Professor


Stefano Zanero received his PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and general cybersecurity. In addition to teaching “Computer Security” and “Computer Forensics” at Politecnico, he has extensive speaking and training experience in Italy and abroad. Zanero has co-authored over 60 scientific papers and books. He is a Senior Member of the IEEE, the IEEE Computer Society (for which he is a member of the Board [...]

Michele Mosca

Michele Mosca


Michele Mosca obtained his doctorate in Mathematics in 1999 from the University of Oxford on the topic of Quantum Computer Algorithms. He joined the Waterloo faculty in 1999. He is co-founder of the Institute for Quantum Computing at the University of Waterloo, a Professor in the Department of Combinatorics & Optimization of the Faculty of Mathematics, and a founding member of Waterloo’s Perimeter Institute for Theoretical Physics. Mosca is also the co-founder and Director of CryptoWorks21, an NSERC-funded training program in quantum-safe cryptography. In 2015, he cofounded evolutionQ Inc., where [...]

Vlad Gheorghiu

Vlad Gheorghiu


Dr. Vlad Gheorghiu is a postdoctoral researcher at the Institute for Quantum Computing at the University of Waterloo, Canada. Vlad also works on quantum risk assessment for evolutionQ Inc., Waterloo, Canada. Vlad holds a PhD in Theoretical Physics from Carnegie Mellon University, USA. His current research interests lie in post-quantum cryptography, quantum error correction and resource estimation for realistic implementations of quantum algorithms, entanglement theory, quantum software and quantum architectures, as well as applications of machine learning techniques to the quantum domain.

Majid Malaika

Majid Malaika


Majid A. Malaika (Dr. Eng) leads the Application Security Practice at an international organization in Washington, DC and is a security researcher at omProtect. Majid's prior engagements were Application Security Analyst and Security Consulting for leading educational technology companies and multinational financial firms in New York. His work experience includes threat modeling, architecture risk analysis, risk management, secure code review, and penetration testing.

Lidia Giuliano

Lidia Giuliano


Lidia Giuliano has 15 years' experience in Information Security. She has strong interest in vulnerability management, data security and malware analysis with a focus on defensive security. She holds a BAppSci in CS and a MAppSci in IT from RMIT University in Melbourne Australia. In her personal time, she enjoys mentoring, believes in giving back to the Information Security community and researching new areas for continued education.

Jeremy Richards

Jeremy Richards


Jeremy Richards is a Staff Security Researcher at Lookout. Jeremy’s hacking career started in 1995 at the age of 14 when he took on assembly to bypass Leisure Suit Larry age restrictions. Jeremy has taken his years of research experience to mobile and while studying active malware campaigns and searching for evasion techniques in the Lookout corpus has been mapping actors to campaigns through habits of operation, infrastructure characteristics, and opsec fails.

Gabriel Ryan

Gabriel Ryan


Gabriel is a penetration tester and researcher with a passion for wireless and infrastructure testing. His career began as a systems programmer at Rutgers University, where he assessed, diagnosed, and resolved system and application issues for a user community of over 70,000 faculty, students, and staff. Gabriel then went on to work as a penetration tester and researcher for the Virginia-based defense contractor OGSystems. While there, he worked as a lead engineer on the Mosquito project, a geospatial intelligence tool that leverages wireless technology to track potential threats. He currently [...]

Eugene Filipowicz

Eugene Filipowicz


Eugene holds a Bachelor of Science and Masters or Arts from Florida State University, and a Bachelor of Applied Information Science (Information Systems Security) from Sheridan College. He is employed as a digital forensic investigator at Duff & Phelps. Eugene is an active member and Treasurer of the Ontario chapter of HTCIA (High Technology Crime Investigators Association) and a member of IACIS (International Association of Computer Investigative Specialists). Additionally, he is a “Digital Investigations and Forensics” instructor at Sheridan College.

Eric Evenchick

Eric Evenchick

Embedded Systems Developer


For the past eight years, Eric has worked in development and reverse engineering roles for hardware and software companies. He has specialized in embedded devices, automotive systems, and bespoke tool development. He is currently a Senior Research Consultant at Atredis Partners. Eric’s work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future. [...]

Dean Parsons

Dean Parsons


Dean earned his Bachelor's degree in Computer Science at Memorial University in Newfoundland. After completing his degree, he worked for a Canadian Telecommunications company as Security Analyst, and Senior Security Specialist in a vulnerability assessment, ethical hacking and incident handling role for over a decade.   Dean is an active member of the security community, coaching students in the field, mentoring and encouraging others to obtain renowned professional certifications, attending top conferences (DefCon, Blackhat, SANS Events and Summits, Bsides, etc.), and speaking on the Industrial Control System threat landscape and [...]

Clint Gibler

Clint Gibler


Dr. Clint Gibler is a security consultant with NCC Group, a global information assurance specialist providing organizations with security consulting services. By day, Clint performs penetration tests of web applications, mobile apps, and networks for companies ranging from large enterprises to new startups. Clint has spoken at many conferences, including BlackHat USA, Nullcon, Virus Bulletin, NBT2, MobiSys, and TRUST. Clint holds a Ph.D. in Computer Science from the University of California, Davis where his research focused on mobile security.

Noah Beddome

Noah Beddome


Noah Beddome is a career offensive security researcher, a former Marine, and is currently the director of Infrastructure Security at Datadog. His current theme of research is the attack and defense on non-Windows / nontraditional infrastructure.

Chuck McAuley

Chuck McAuley

Security Researcher


Chuck has been working in network security for 15+ years. He currently is a Security Researcher at Ixia Communications, focused on Threat Intelligence and Exploit Research. In the past, he has performed vulnerability research, created DDoS attacks, and studied LTE's mobile packet core. He has spoken at numerous security conferences about these topics and many others.

Boris Rudakov

Boris Rudakov


Boris has nearly 20 years of computer security experience (playing on both sides – offence and defense), including penetration testing, reverse engineering, and security administration. His main interest in security involves vivisecting software to unlock its internals and discover its true purpose. His current focus is on Windows internals and rootkits.

Chi-en Shen (Ashley)

Chi-en Shen (Ashley)


Chi-en Shen (Ashley) is currently working as a senior cyber threat analyst at Team T5 Inc., where she focuses on tracking and monitoring Advance Persistence Threat (APT) and cyber espionage attacks. Her major areas of research include malware analysis, reverse engineering, cyber threat intelligence, and the tracking of emerging threats. Ashley has been a part of the Black Hat Asia review board since 2016. She is also a member and frequent speaker of “Hacks in Taiwan Conference” community. For supporting women in InfoSec, Ashley founded “HITCON GIRLS” – the first [...]

Carl Miller

Carl Miller

Security Strategist


Carl Miller joined Gurucul, as a Senior Solutions Architect out of the Toronto area. Carl was most recently at Optiv where he lead delivery and consulted in IAM related best practices. Carl has years of experience in driving Security Strategy for large Canadian banks, financial services and insurance companies. Prior to his experience at Optiv, Carl was the Global Director of IAM services for Manulife Financial, and played several technical roles for organizations like Hewlett-Packard, Rogers communications, TMX, and TD Bank.

Ralph Janke

Ralph Janke

Software Development Manager


Ralph Janke is a Software Development Manager at eSentire leading several teams developing security applications being used to provide Managed Detection Response for eSentire's clients for on-premise and cloud deployments. His software development teams are using Continuous Deployment Technologies including Linux Containers, Kubernetes and Cloud Infrastructures for development and production environments. Ralph has more than 30 years of experience in software development and computer / telecommunications networks. Beside a Masters of Computer Sciences/Telecommunications, he has also obtained a law degree and observes the world of technology from both perspectives. Ralph [...]

John Grimm

John Grimm

Sr Director of Security Strategy


John Grimm is the senior director of security strategy at Thales e-Security, an industry leader in data protection and applied cryptography.  John’s focus is driving the company’s strategy for the Internet of Things (IoT).  John’s 25 years of experience started as a systems and firmware engineer building secure cryptographic key distribution systems for government applications, and through the years he progressed through product management, solution development, and strategy/marketing leadership roles. He received his bachelor's degree in electrical engineering from Worcester Polytechnic Institute in Worcester, Massachusetts, and is a member of [...]

Jamie Hari

Jamie Hari

Director of Cloud & Security


Jamie Hari is the Director of Cyber Security and Cloud at Zayo. He has 15 years’ experience in enterprise technology and information security, joining Zayo from BlueCat, a leading DNS Security technology company. Prior to BlueCat, Jamie was the head of security Product Management at Scalar Decisions where he launched a new managed security practice that provided cyber security operations for the Toronto Pan Am Games in 2015. At Aimetis Corp, a video surveillance technology firm, Jamie was the head of the technology services and support team and had the [...]

Brandon Swafford

Brandon Swafford


Brandon Swafford is the Chief Technology Officer of Data and Insider Threat Security at Forcepoint. Brandon has more than 12 years of experience in legal investigations and security, including hedge funds where he built security technology and the U.S. Intelligence Community as a Cyber Counterintelligence consultant and analyst. Within the intelligence community, Brandon covered several classified agencies and worked closely with the National Insider Threat Task Force and National Counterintelligence Executive. In addition, Brandon provided insider threat analysis and investigation consulting to the International Monetary Fund in Washington, D.C.

Matt Broda

Matt Broda


Matt Broda is a Technical Fellow in Security at Bell Canada.  Matt is responsible for Bell’s strategic security direction focused on business markets.  Matt has devoted the last 18 years of his career to making cyberspace a safer place.  In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection.  Before joining Bell Canada, Matt held leadership positions focused on security with Nortel’s [...]

Bharat Jogi

Bharat Jogi

Security Professional


Bharat Jogi is a Security Professional with over eight years of experience, including research on vulnerabilities, malware, protocol analysis, evolving attack vectors and signature development. He is currently a Senior Manager of Vulnerability Management Signatures at Qualys, where he leads a team of researchers that identify vulnerabilities in various products, reverse engineer binaries and malware and develop signatures for these threats. He holds a Masters degree in Computer Science from the University of Southern California and has been quoted extensively in mainstream media.

Ricardo Panez

Ricardo Panez

Head of Mobile Threat Prevention


Ricardo Panez is a senior member of Check Point Software with over 20 years of experience in Information Security.  Holding various roles within Check Point has allowed him to work with many of the leading Mobile Operators in the Americas including AT&T, T-Mobile, Digicel, Telefonica and America Mobiles.  Ricardo has had the opportunity to lead teams in the United States as well as in Latin America helping customers secure their data.  Currently Ricardo heads up the Mobile Security practice for Check Point across the Americas.

Brian Read

Brian Read

Security Practice Manager


Mr. Read has over 20 years of experience in the IT industry and an extremely broad skill set when it comes to the security of an organization’s critical IT infrastructure.   Mr. Read has been in charge of IT Security  Professional Service Delivery for over  10 years and is primarily responsible for: Leading a Security resource team responsible for  vulnerability and risk assessments for some of Canada’s largest infrastructures; and Designing and deploying advanced security solutions from the SANs TOP 20 Critical Control list. By leading large projects in the areas [...]

Syra Arif

Syra Arif

Pre-Sales, Security Solution Architect , Security Operations Practice, ServiceNow


Syra Arif is a Advisory Security Solutions Architect with ServiceNow’s Security & Risk Practice, a division of ServiceNow focused on cybersecurity solutions for customers. Syra brings a deep knowledge of multiple domains including Identity & Access Management, Security Operations, Vulnerability Management and GRC. Prior to joining ServiceNow, Syra was a consultant with RSA's Via & Archer solution portfolios covering Identity Management & Governance and Risk solutions for commercial and enterprise customers. In the past, Syra was an expert in the area of cellular mobility & satellite communications with Cisco’s Mobile [...]

Mike Saurbaugh

Mike Saurbaugh

Director, Technical Alliances, PhishMe


Mike Saurbaugh is the director of technical alliances with PhishMe. Prior to PhishMe, Mike spent nearly two decades in financial services and was the head of information security for 12-years. Mike is a Faculty member with IANS Research was involved from the onset with Security Current when it launched and served as the research director leading a number of strategic projects for global security vendors. Recently, Mike was added to the faculty at Excelsior College in their information security program as a course developer and adjunct. Mike started a security [...]

Jen​ ​Andre

Jen​ ​Andre

Senior​ ​Director,​ ​Orchestration​ ​And​ ​Automation, Rapid7


Jen​ ​Andre​ ​is​ ​a​ ​Senior​ ​Director​ ​of​ ​Orchestration​ ​and​ ​Automation​ ​at​ ​Rapid7.​ ​Before​ ​joining​ ​Rapid7, Jen​ ​was​ ​the​ ​founder​ ​&​ ​CEO​ ​of​ ​Komand​ ​(acquired​ ​by​ ​Rapid7)​ ​the​ ​fastest​ ​way​ ​to​ ​automate​ ​your time-intensive​ ​security​ ​processes.​ ​Previously,​ ​she​ ​co-founded​ ​Threat​ ​Stack,​ ​a​ ​pioneering​ ​cloud security​ ​monitoring​ ​companies​ ​and​ ​serves​ ​on​ ​its​ ​board​ ​of​ ​directors.​ ​Jen​ ​has​ ​spent​ ​her​ ​career​ ​in security​ ​operations​ ​and​ ​product​ ​-​ ​starting​ ​off​ ​in​ ​the​ ​SOC​ ​as​ ​an​ ​analyst​ ​and​ ​later​ ​working​ ​as​ ​a researcher​ ​and​ ​developer​ ​at​ ​security​ ​companies​ ​Mandiant​ ​and​ ​Symantec.​ ​A​ ​recognized​ ​speaker​ ​in [...]

Kurtis Armour

Kurtis Armour

Security Systems Engineer, Scalar Decisions


Kurtis Armour is a Security Engineer at Scalar Decisions, where he works on securing client networks and regularly wears many security hats. He currently holds a Bachelor of Technology, with a specialty in Informatics and Security. As a regular conference speaker, Kurtis is inquisitive and dedicated to the industry and furthers research endeavors. His interests lie in securing client networks and research around building secure networks. He holds an OSCP certification which helps him understand the needs and requirements of organizations on the defensive side.

Ken Muir

Ken Muir

Senior Risk Management Consultant, Uzado


Ken has been an Information Technology leader with over 18 years of experience exclusively in Information Security consulting and managed security services. (22 Years in IT). He originally developed a Managed Security Service Practice in 2001 that still runs to this day. Ken’s preference has always been to be a fully hands-on leader developing an array of skills and experiences along with the teams. This Range of experience includes Business Development, Program and Project Leadership, and Security Technology Integration; working with businesses, Governments and major Educational Institutions in Canada and [...]

John Turner

John Turner

Senior Director, Cloud Security - Optiv


John Turner is an accomplished IT executive with more than 20 years of leadership and operational IT experience. As senior director of cloud security enablement at Optiv, Turner’s team of cloud architects are responsible for helping to ensure the successful integrated delivery of cloud security solutions. Turner plays a key part in bringing different areas of Optiv’s team together to deliver seamless cross practice wins. Turner also works as part of the cloud leadership team to define Optiv’s strategy and product portfolio. Turner’s extensive operational background brings a unique client [...]

Tyson Macaulay

Tyson Macaulay

CTO - Cyber


Tyson Macaulay is a veteran of the information security industry with 24 years of experience, spanning most industry verticals and critical infrastructures. In his current role as Chief Technology Officer (CTO) – Cyber for BAE Systems Applied Intelligence, Tyson leads a global organization developing high-assurance end-to-end security designs, as well as pre-sales engineering and consulting services in North America. Other recent positions include CTO Telecommunications Security at Intel and Chief Security Strategist at Fortinet. These roles all involved international business strategy, corporate development (M&A), technical leadership, media and speaking events. [...]

Sean Earhard

Sean Earhard

Advanced Threat Solutions, Cisco Canada


Sean Earhard heads Cisco’s Advanced Threat Solutions team for Canada, working with organizations to design and build strategies to secure their networks and users from today’s most Advanced Threats. Prior to Cisco, Sean worked with large accounts for Symantec in Toronto and Sophos in Chicago, helping to secure some of the largest organizations in North America over the last 11 years.

Sean Cassidy

Sean Cassidy

CTO, DefenseStorm


Sean is the CTO of DefenseStorm, a next gen SIEM for cloud and on-premises networks. When he's not knee-deep thinking of cool stuff to add to his product, he likes to do security talks at conferences like this one. Last year, he debuted the LostPass phishing attack against LastPass and discussed common crypto vulnerabilities in single sign-on implementations.