Attackers are always trying their best to breach your network to steal the secret sauce hidden inside. This session will delve into the attacker’s tool set and focus on the types of attacks that are being leveraged against companies today. I will examine tools, case studies and my own war stories.
CIPPIC, the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic, is Canada’s only public interest technology law clinic. CIPPIC is unique in Canada, bringing together a team of expert legal professionals and students to advocate for the public interest in policy debates arising from the intersection of law and technology. Defense of privacy rights and […]
Let’s talk Metasploit! Come learn how the community is building tools that work not just for the single user, but for the whole team. Jeffrey will begin the presentation by discussing basic usage and capabilities, and then explore the roads less traveled as well as some new paths currently being explored in Metasploit Framework. Audience members will […]
Data breaches are the new reality, with the severity and cost of reported breaches escalating constantly. How an organization responds, and how prepared they are in the event of a breach can mean the difference between swift recovery and extended business interruption. This talk will cover: Pre-Breach planning and readiness Incident Response during a breach […]
Despite billions spent on security technology each year, it seems little progress has been made to reclaim the advantage from attackers. Modest reconnaissance by a malicious actor often results in a better understanding of an environment than the defenders who own and operate it. At the heart of the problem lies one simple truth: know […]
TLS can cause problems for security teams, breaking TLS or ignoring TLS are common modus operandi, both are flawed and expose organizations to weaknesses. This session focusses on the management of TLS from a blue team perspective, without either ignoring or breaking TLS implementations. We will discuss specific tooling, FingerPrinTLS and TLSProxy will be the […]
Organizations are increasingly moving workloads to hosted Infrastructure-as-a-Service (IaaS) environments. In many cases, they are extending their data centers across one or more IaaS providers, creating hybrid cloud environments. This session will explore best practices for extending data centers to hosted environments, and review how to secure privileged access to hosted infrastructure and virtual machines […]
Called “Bluetooth’s Stagefright moment,” the Blueborne attack vector identified in September exposed 5B+ devices to hacking. It impacted major mobile, desktop, and IoT operating systems, including Android, Windows, Linux, and iOS. Blueborne attacks devices via Bluetooth in a manner never seen before, and spreads through the air (airborne). Users do not need to be on […]
Few things have ever transformed the practice and technology of information technology than the dual impacts of cloud computing and DevOps. In this executive session we will detail specific strategies and tactics for transforming your security organization without orphaning your historical investments. This won’t be generic policy mumbo-jumbo; comes learn the hard-earned lessons from dozens […]
In this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry. Tools that will be demonstrated and showcased include: Metasploit (Exploit Framework) BeEF (Browser Exploitation Framework) Physical lock testing (Lock pick set – Snap gun, and lock pick card) Hak5 – […]
The IT security industry continues to rapidly evolve. With this rate of change comes both opportunity and challenges. There are more areas of specialization and more types of employers to apply them to. Come to what will certainly be a spirited and exciting panel session on how very different segments of the industry are viewing […]
The General Data Protection Regulation (GDPR) comes in to force on May 25th 2018 and many Canadian organisations are unsure if they even have to comply, let alone how. During this session, Bruce will take you through not only what the GDPR is and how it may impact you, but common questions and scenarios Canadian […]
How would you hack a bank? In this talk, we discuss how to improve the protection our nation’s critical private-sector cyber infrastructure, using financial services institutions as a case study, and highlight potential exploit chains and vulnerabilities in people, process, and technology. We begin with a thought experiment: if cyberwar were to break out tomorrow, […]
We have designed a virtual training environment that allows the user to step through the quintessential phases of an attack: reconnaissance, scanning and enumeration, gaining access, maintaining access, and covering tracks. Licensed for reuse under Creative Commons, the materials can immediately be used for education and training purposes by attendees. We focus on what can be expected from […]
Containers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken industry by storm, resulting in over 8 billion downloads and 500,000+ containerized applications in this open source platform. With all this new-found power comes significant […]
In 2012, we talked about the APT. In 2013, we talked about BYOD and Consumerized IT. In 2014, it was #failAMA. In 2015, Ben Sapiro FAILED to submit an abstract. In 2016, James was VOLUNTOLD to do the thing. It’s 2017, and the voluntoldee said yes again. This is the time when we talk about […]
As attacks have become more sophisticated and continue to evolve, static technologies can’t keep up. Siloed solutions fragment your defenses. It takes power and precision to stop attacks. Join this session where we will explore; Do you have an intelligent, orchestrated and automated approach to prevent, detect and respond to threats? How did GFL Environmental […]
Imagine the moment when you realize that a malicious threat actor has compromised your network and is currently going through your confidential information. Faced with this dreadful scenario, you initiate an Incident Response. We have built an open source Incident Response framework based on PowerShell to help security investigation responders gather a vast number of […]
Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company’s internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team. Unfortunately for us, a hosted solution […]
In this epoch of big data, we have reached a cybersecurity crisis – over 4 billion personal accounts compromised just in the past few years, not to mention multiple power grids. Advanced technologies, ranging from blockchain to quantum computing are emerging, but there are still big questions about how they can help. Fortunately, a band […]
The June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In this presentation we’ll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of “faketivists” like the Guccifer 2.0 persona, and strengths and gaps […]
Industrial robots are complex cyber-physical systems used for manufacturing, and are a critical component of any modern factory. These robots aren’t just electromechanical devices but include complex embedded controllers, which are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance. In this scenario, industrial […]
Quantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus, we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. Impressive progress in developing the building blocks of a fault-tolerant […]
In this talk, we discuss a possible new technique where hackers could abuse smart contracts that are deployed on the blockchain as means of command and control (C2) for botnets. We call this novel technique ‘botract’; derived by merging two words: ‘bot’ and ‘contract’. In this talk, we describe how hackers can exploit smart contracts […]
The endpoint protection space is a hot market right now. With statistics showing malware creation ranging from 300,000 to 1 million pieces a day, traditional signatures just can’t keep up. Ask any vendor about their solution and you get inundated with the marketing hype, machine learning, artificial intelligence, math models, and lions, tigers and bears! […]
Threat actors need to constantly evolve their techniques to remain undetectable or their campaigns, once exposed, will cease operation. This briefing will take an in-depth, entertaining look at the ever evolving campaign that was thought to have been nearly eradicated. This campaign and the actors behind it have not only continued to operate behind the […]
Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the […]
Description: When it comes to a post incident self-collection of digital data such as: employee dismissal, data exfiltration, inappropriate behavior/computer usage, or security breach, there is potential for litigation. Whatever the situation, IT personnel should utilize forensic best practices to assure that the information is accurate, admissible, and that the data and original sources are […]
Automotive diagnostics provide access for manufacturing, service, and forensics of automotive systems, and are present in nearly every vehicle on the road today. These systems provide a large attack surface, and often contain undocumented features. Unfortunately, information about these systems is proprietary, and tools for interacting with them are expensive. In this talk, we’ll introduce […]
Defending an ICS (Industrial Control System) requires additional considerations beyond the approach of traditional IT Security. For example, ICS incident responders are tasked with extracting forensic data for threat analysis and implementing indicators of compromise for threat mitigation as quickly as possible. All of this is expected while continuing to maintain the physical safety and […]
Trust is an implicit requirement of doing business. At some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, […]
The Mirai botnet has brought public awareness to the danger of poorly secured embedded devices. Its ability to propagate is fast and reliable. Its impact can be devastating and variants of it will be around for a long time. You need to identify it, stop it, and prevent its spread. I had the opportunity to […]
Your company has been hit by ransomware. What do you do? Well, if you are a regular security system administrator, your next steps are restoring from backups (you have backups, right?), deploying behavior-based IDS/IPS or updated antivirus, and waiting for the next attack. But you’re not a regular security admin, are you? You’re a security […]
Being one of the most isolated and secretive nations on the earth, from the Sony Picture breach to the WannaCry attack, cyber-attacks from the Democratic People’s Republic of Korea (DPRK) seem to be more and more aggressive than before. Based on our observations, the North Korea cyber army has expanded their campaign to target not […]
Employee suspicious access, behavior abuse, and exfiltration of confidential data could all be a result of Insider Threat. We need a new innovative way of thinking about security as rule, pattern and signature-based solutions are evaded easily. Learn how user & entity behavior analytics (UEBA) and Identity Analytics (IdA) leveraging the context of open choice […]
Continuous Deployment and Cloud applications offer new opportunities in cyber security in allowing flexibility and rapid reaction to the ever-changing demands to protect cyber assets. However, new technologies also offer new possibilities and require new approaches in evaluating and improving the security posture for software applications as well as the infrastructure. This talk will explore […]
Connected devices provide a way for businesses to improve their operations and to provide enhanced services to customers. They also can introduce significant security risks, as many devices that are now being connected were not designed with security in mind. The fundamentals of the old adage of “garbage in, garbage out” are critical for IoT […]
Compressed timelines, skill gaps, staff shortages, and an endless sea of new security technology options challenge organizations to keep pace with rapidly advancing threats. It’s easy for technology leaders to fall into the trap of spending their entire budget on bigger firewalls and trendy new endpoint solutions, while ignoring the simple things. Sometimes the best […]
People are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]
As adversaries develop ways to make money through cybercrime and the number of attackers and suppliers of cybercrime tools are growing, organizations are finding it more difficult to protect themselves. This environment increasingly resembles an organism under attack from countless viruses, bacteria, parasites and toxic substances. To effectively defend against these threats, we can use […]
While IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]
You walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]
As cyber criminals grow more aggressive, organizations are installing new security tools to protect themselves against threats. In fact, the average enterprise runs 508 applications and allows 89 different vendors to access their network each week. (Source Bomgar.com and Forbes.com) You likely manage dozens of security tools across your organization– from firewalls to authentication software. […]
Responding to security incidents is mostly firefighting -too much noise, not enough signal, and not enough analysts to work incidents when the signal is found. There is a direct link between the time to detection and volume of data stolen. Leveraging automation and orchestration in the investigation and response process is the key for finding […]
The State of the Phish and Response is a look into many of the prevalent phishing campaigns that leverage ransomware, fileless malware, and tactics that bypass technology. Contrary to what some may still believe, attackers don’t rely on executables and other extensions typically restricted. What are attackers doing and what works in their campaigns? Additionally, […]
It’s a universal truth acknowledged that IT and security teams have too much to do, and never enough resources to do it. Traditionally, there are tactical tasks that security organizations own, but invest far too many resources in: alert triage, managing vulnerabilities, and more. These tasks lead to alert fatigue, but worse, they suck up […]
Understanding the mechanics of malware attacks is critical for remediation and for preventing similar attempts in the future. Malware analysis can provide valuable insights into the adversaries goals, especially when they are targeted. While cloud based malware analysis tools exist, they are largely inflexible. An in-house lab environment can offer more customization, automation and enhanced […]
Despite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]
“Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the […]
In this keynote, Allison Miller will explore how today’s defenders are protecting consumers/platforms from online threats, at scale. Deflecting exploits and vulns is a full-contact sport, but designing for the “human factor” also means mapping out complex sets of incentives and interdependencies, requiring new approaches to thinking about security, risk, & trust. Allison will discuss […]
Global Security Advocate
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.
General Counsel, CIPPIC
David Fewer is General Counsel of the University of Ottawa’s Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC), Canada’s only public interest technology law clinic. CIPPIC’s mandate is to advocate for balance in policy and law-making on issues arising out of new technologies. David joined CIPPIC in November 2004. His work focuses on training students in effective legal advocacy, producing public education materials, and articulating a public interest perspective in public policy debates and important court cases at the intersection of law and technology. David graduated with a B.A. [...]
Senior Software Engineer
Jeffrey is a Senior Software Engineer at Rapid7, working on Metasploit. He has 10 years’ experience working in various segments of computer security, including system administration, development of security software, hardening security features in mobile devices and assurance of data protection on associated networks. Prior to Rapid7, Jeffrey worked at Raytheon Pikewerks as a member of its research and development team. He holds a bachelor’s degree in computer science from the University of Texas at San Antonio.
Managing Director, Cycura Inc.
Iain is an Information Security veteran with more than 15 years of experience in enterprise IT. He has designed and run security operations programs in large Banking, Healthcare, and Government organizations. His experience as a practitioner brings a critical understanding of the needs and challenges of organizations to Cycura's consulting practice. In leading Cycura’s professional services group, Iain acts as project executive on major Incident response initiatives. Leading a team of forensic investigators, security experts and incident handlers, Iain bridges the critical gap between technologists and senior leadership in impacted [...]
Michael Otto is co-founder and head of services at Lyrical Security. Mike has over 22 years’ experience working in I.T., focused exclusively on security risk management for the last 17 years. Mike is a former PCI QSA, principal consultant, and co-developer of Lyrical Security’s adaptive risk management framework. A recognized expert in risk management, factor analysis, it service management, and compliance, Mike has helped over 100 organizations build and improve their strategic and tactical risk management capabilities. Prior to Lyrical Security, Mike held progressive positions in financial services, I.T. training [...]
Director of Security, Ecobee
Lee has worked within Information Security for over a decade. In that time he has held positions ranging from hands-on practitioner through to management across a number of industry verticals, he is currently the Director of Security at Ecobee. He has spoken on topics ranging from malware analysis to network security and surveillance.
Regional Vice President, Systems Engineering
Wade works with enterprise accounts in the western US, LATAM and in Canada to help them move to the next generation of identity. He does this with the help of a team of 10 dedicated system engineers to make this a reality for our customers. The new reality of our customers are that people need to work where they are and not at a specific location. Centrify helps our customers embrace the new world of identity as the new perimeter to resources. No matter if that resource is a device [...]
Co-Founder and CTO, Armis
Nadir Izrael is co-founder and CTO at Armis and drives the technology vision behind the platform. He served six years in the Israeli army’s Cyber Intelligence unit where he designed and programmed software systems and attained the rank of captain. He graduated Summa Cum Laude from Technion-Israel Institute of Technology where he studied computer science and physics. In the following years, he worked for Google as a software engineer manager. Nadir enjoys creating simulations of particle systems and cosmological models and is experienced in applied machine learning algorithms and statistical [...]
Analyst/Securosis, CISO/DisruptOps, Securosis, L.L.C.
Rich Mogull has twenty years experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having starting working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, [...]
CEO of Aleks Security Cyber Intelligence Inc.
Nick Aleks is a leader in Toronto's security community. He is a distinguished security engineer, speaker and researcher. Nick is one of the founding partners of DEFCON Toronto (DC416), one of Canada’s largest hacker meetup communities. In partnership with TraceLabs, he organized the world’s first ever OSINT CTF where hackers helped find missing persons. He also runs a Toronto-based ethical hacking firm and is an advisor at HackStudent, an organization that helps educate students ages 13-17 about cybersecurity.
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
Director General, Cyber Defence and IT Security Operations
Eric Belzile started his career in the Public Service at Statistics Canada in 1989. Over the years, he occupied various positions with increasing levels of responsibility covering System Development and IT Infrastructure Service Management. Before his transfer to Shared Services Canada (SSC), he was responsible for all IT Infrastructure Services at Statistics Canada, delivering the services as well as defining strategic plans for their evolution. Currently, with SSC, he occupies the position of Director General, Cyber Defence and IT Security Operations. He is responsible for the SSC Security Operations Center [...]
Director, Information Security Services - BMO
Laura Payne is a Director of Information Security Services at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping.
Senior Manager, Cyber Security
Nik has over 18 years in IT, with the last 9 being more focused on Security. He is currently employed as a Senior Manager, Cyber Security for a Managed Security Services Provider, where he is responsible for leading 3 teams supporting various security technologies including IDS/IPS, AntiMalware tools, proxies, firewals, SIEM, etc. He is also a SANS Instructor, teaching both the SEC503: Intrusion Detection In-Depth and SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling while also making the time to actively write on his blog at http://securitynik.blogspot.com His academic credentials [...]
Tim is the Chief Scientist at Lookout where he leads platform and core technology research for Lookout's platform, focusing on Automated Software Analysis and applied Machine Learning. Tim has been building and securing products for over 20 years, working across the spectrum of Perimeter Security, Data Loss Prevention, Software Analysis, and Security Data Analytics.
A self-proclaimed IT security and privacy geek, Bruce is the co-founder of SecTor. He is also a founding member of the Toronto Area Security Klatch (TASK), and an active member of numerous other security and privacy related organizations across North America. Bruce co-founded SecTor because of his passion to bring IT, security and privacy awareness and knowledge sharing to the community. When he isn’t organizing events with Brian, you’ll usually find him at Microsoft’s Redmond, WA headquarters where today he manages Microsoft’s security policies and standards program. Aside from his [...]
Senior Cryptographic Security Architect
Jennifer Fernick is the Senior Cryptographic Security Architect at Scotiabank, and is a PhD candidate in Computer Science (Quantum Information) at the University of Waterloo, where she is affiliated with the Institute for Quantum Computing and the Centre for Applied Cryptographic Research. She holds a Master of Engineering in Systems Design Engineering (Waterloo) and a Bachelor of Science in Cognitive Science & Artificial Intelligence (Toronto). She has previously spoken at venues like DEF CON, Blackhat, and RSA, on topics such as machine learning, computing on encrypted data, and post-quantum cryptography. [...]
Director of Cyber Security Services, Scotiabank
Louise Dandonneau is the Director of Cyber Security Services at Scotiabank, where she is at the center of the bank’s Cyber Monitoring, Response and Intelligence. With responsibilities globally, Louise is accountable for leading a team responsible for monitoring and analyzing threats, and responding to cyber events. With over 15 years in the IT/Financial industry, Louise has spent her career in incident response and process innovation and applies these methodologies to Cyber. Passionate about good cyber metrics, evolving testing capabilities and influencing processes she collaborates frequently and often within the industry. In her personal time, Louise participates [...]
Marcelle Lee is an industry professional, an adjunct professor in digital forensics and network security, and provides security consulting and training services through her company Fractal Security Group, LLC. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST NICE Cyber Competitions Working Group, and the ISACA CSX Certification Task Force. Marcelle has earned the CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications. She holds four degrees, including a recently completed Master’s Degree in cybersecurity. [...]
Senior OSINT Specialist
Joe Gray is currently a Senior OSINT Specialist at Qomplx, Inc. He previously maintained his own blog and podcast called Advanced Persistent Security. Joe is currently finishing a social engineering and OSINT book with NoStarch press, due for publication in Fall 2020. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, he placed 2nd in the HackFest Quebec Missing Persons CTF powered by TraceLabs, 2nd in the BSides Atlanta OSINT [...]
CEO C2 Labs
Anil Karmel is the co-founder and CEO of C2 Labs, a company that partners with organizations on their journey, from designing and implementing IT Strategic Plans to allow IT to take back control leveraging our forward-leaning products and services to a deep specialization in Application Rationalization and Transformation (ART), leveraging Secure Development Operations (SecDevOps), cutting edge application architecture methodologies and a secure application container management platform in C2’s Intermodal Operations Navigator (ION). Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Within NNSA, Karmel served [...]
James Arlen leads Heroku’s (a division of Salesforce) Production Engineering team focused on delivering integrity, availability, and maturity to Heroku’s fleet operations. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Salesforce Heroku, James is a Contributing Analyst at the research firm Securosis, [...]
Ben Sapiro is the Global CISO of Great West LifeCo and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school; he’s even done privacy and compliance work to pay the bills. Other than that, he’s a typical middle-aged Canadian security professional who has worked in several verticals including SaaS, natural resources and telecom. Ben is a contributor to the Liquidmatrix Podcast (whenever we get around to recording it) and used to help with other stuff like BSidesTO until he realized he should not test his wife’s [...]
Security Executive, IBM Canada
David Millar-LaRocque has over 20 years of sales and marketing experience in the IT industry, successfully working with channel partners, IBM's hardware division, and a host of infrastructure services. For the past eight years David has held a variety of leadership roles in IBM's Security organization where he has helped IBM to become a major Canadian security vendor by focusing on helping clients to reduce their risk posture through the combination of people, processes and technology. For both personal and professional reasons, David has been dedicating time to building a [...]
Security Architect, Deloitte Canada
Pierre-Alexandre Braeken is an accomplished and highly experienced Manager at Deloitte Canada with nearly 15 years of experience in security and system architecture. He has an excellent command and understanding of information technology, security architecture and secure application development, as well as strong analytical skills pertaining to enterprise situations, risk and contingency plans. He's focused on assisting organizations internationally and across Canada with leading effective threat detection, response capabilities and red teaming activities. He has created cutting edge tools in the field of offensive and defensive security and regularly speaks [...]
Cloud Security Engineer
Jonathan is a Cloud Security Engineer at Shopify working on securing their new platform using Kubernetes on GKE. Previously, he was a SANS mentor, network defense instructor, and a team lead at the Canadian Forces Network Operations Centre in Ottawa. Find Jonathan on Twitter @JonPulsifer
Founder/CEO - Distilled Analytics
David Shrier is the founder & Chief Executive Officer of MIT spinout Distilled Analytics, a Lecturer & Futurist at the MIT Media Lab, and an Associate Fellow with Oxford. He is a serial innovation catalyst, having developed $8.5 billion of growth opportunities with several startup companies as well as Fortune 1000 companies including D&B, Wolters Kluwer, Ernst & Young, GE/NBC Universal, Disney, AOL Verizon, and Starwood Hotels & Resorts. His books, developed together with MIT Professor Alex Pentland, include New Solutions in Cybersecurity, Frontiers of Financial Technology and Trust::Data.
Toni Gidwani is the Director of Research Operations at ThreatConnect and leads ThreatConnect’s research team, an elite group of globally-acknowledged cybersecurity experts dedicated to tracking down existing and emerging cyber threats. Prior to joining ThreatConnect, Toni led analytic teams in the U.S. Department of Defense. She is also an adjunct professor at Georgetown University.
Stefano Zanero received his PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and general cybersecurity. In addition to teaching “Computer Security” and “Computer Forensics” at Politecnico, he has extensive speaking and training experience in Italy and abroad. Zanero has co-authored over 60 scientific papers and books. He is a Senior Member of the IEEE, the IEEE Computer Society (for which he is a member of the Board [...]
Michele Mosca is co-founder of the Institute for Quantum Computing at the University of Waterloo, a Professor in the Department of Combinatorics & Optimization of the Faculty of Mathematics, and a founding member of Waterloo's Perimeter Institute for Theoretical Physics. He was the founding Director of CryptoWorks21, a training program in quantum-safe cryptography. He is a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography, and the not-for-profit Quantum-Safe Canada. He co-founded evolutionQ Inc. to support organizations as they evolve their quantum-vulnerable systems to quantum-safe ones and softwareQ Inc. to [...]
Dr. Vlad Gheorghiu is a postdoctoral researcher at the Institute for Quantum Computing at the University of Waterloo, Canada. Vlad also works on quantum risk assessment for evolutionQ Inc., Waterloo, Canada. Vlad holds a PhD in Theoretical Physics from Carnegie Mellon University, USA. His current research interests lie in post-quantum cryptography, quantum error correction and resource estimation for realistic implementations of quantum algorithms, entanglement theory, quantum software and quantum architectures, as well as applications of machine learning techniques to the quantum domain.
Majid A. Malaika (Dr. Eng) leads the Application Security Practice at an international organization in Washington, DC and is a security researcher at omProtect. Majid's prior engagements were Application Security Analyst and Security Consulting for leading educational technology companies and multinational financial firms in New York. His work experience includes threat modeling, architecture risk analysis, risk management, secure code review, and penetration testing.
Lidia Giuliano has 15 years' experience in Information Security. She has strong interest in vulnerability management, data security and malware analysis with a focus on defensive security. She holds a BAppSci in CS and a MAppSci in IT from RMIT University in Melbourne Australia. In her personal time, she enjoys mentoring, believes in giving back to the Information Security community and researching new areas for continued education.
Jeremy Richards is a Staff Security Researcher at Lookout. Jeremy’s hacking career started in 1995 at the age of 14 when he took on assembly to bypass Leisure Suit Larry age restrictions. Jeremy has taken his years of research experience to mobile and while studying active malware campaigns and searching for evasion techniques in the Lookout corpus has been mapping actors to campaigns through habits of operation, infrastructure characteristics, and opsec fails.
Gabriel is a penetration tester and researcher with a passion for wireless and infrastructure testing. His career began as a systems programmer at Rutgers University, where he assessed, diagnosed, and resolved system and application issues for a user community of over 70,000 faculty, students, and staff. Gabriel then went on to work as a penetration tester and researcher for the Virginia-based defense contractor OGSystems. While there, he worked as a lead engineer on the Mosquito project, a geospatial intelligence tool that leverages wireless technology to track potential threats. He currently [...]
Eugene holds a Bachelor of Science and Masters or Arts from Florida State University, and a Bachelor of Applied Information Science (Information Systems Security) from Sheridan College. He is employed as a digital forensic investigator at Duff & Phelps. Eugene is an active member and Treasurer of the Ontario chapter of HTCIA (High Technology Crime Investigators Association) and a member of IACIS (International Association of Computer Investigative Specialists). Additionally, he is a “Digital Investigations and Forensics” instructor at Sheridan College.
Embedded Systems Developer
Eric has worked in development and reverse engineering roles for hardware and software companies, specializing in embedded devices, automotive systems, and bespoke tool development. He is currently a Principal Research Consultant at Atredis Partners. Eric’s work with embedded systems began with development of research vehicles at the University of Waterloo, in partnership with General Motors and the US Environmental Protection Agency. This experience lead to roles in developing automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors and Faraday Future. In 2014, Eric founded Linklayer Labs, which [...]
Dean earned his Bachelor's degree in Computer Science at Memorial University in Newfoundland. After completing his degree, he worked for a Canadian Telecommunications company as Security Analyst, and Senior Security Specialist in a vulnerability assessment, ethical hacking and incident handling role for over a decade. Dean is an active member of the security community, coaching students in the field, mentoring and encouraging others to obtain renowned professional certifications, attending top conferences (DefCon, Blackhat, SANS Events and Summits, Bsides, etc.), and speaking on the Industrial Control System threat landscape and [...]
Dr. Clint Gibler is a security consultant with NCC Group, a global information assurance specialist providing organizations with security consulting services. By day, Clint performs penetration tests of web applications, mobile apps, and networks for companies ranging from large enterprises to new startups. Clint has spoken at many conferences, including BlackHat USA, Nullcon, Virus Bulletin, NBT2, MobiSys, and TRUST. Clint holds a Ph.D. in Computer Science from the University of California, Davis where his research focused on mobile security.
Noah Beddome is a career offensive security researcher, a former Marine, and is currently the director of Infrastructure Security at Datadog. His current theme of research is the attack and defense on non-Windows / nontraditional infrastructure.
Chuck has been working in network security for 15+ years. He currently is a Security Researcher at Ixia Communications, focused on Threat Intelligence and Exploit Research. In the past, he has performed vulnerability research, created DDoS attacks, and studied LTE's mobile packet core. He has spoken at numerous security conferences about these topics and many others.
Boris has nearly 20 years of computer security experience (playing on both sides – offence and defense), including penetration testing, reverse engineering, and security administration. His main interest in security involves vivisecting software to unlock its internals and discover its true purpose. His current focus is on Windows internals and rootkits.
Chi-en Shen (Ashley) is a senior researcher working at FireEye, where she focuses on threat intelligence research. She specializes in threat hunting, malware analysis, reverse engineering, and targeted attack research. To support women in InfoSec, Ashley co-founded “HITCON GIRLS” – the first security community for women in Taiwan. Ashley is also a regular speaker at international security conferences, including Black Hat, FIRST, HITB GSEC, CODE BLUE, Troopers, HITCON, Confidence, and RESET. Ashley also serves as a review board member of Black Hat Asia, Blue Hat Shanghai and Hack in the [...]
Carl Miller is a Senior Solutions Manager within Gurucul’s Security practice and has history of providing holistic leadership, development and deployment of innovative security solutions to challenges within the Financial Sectors. Carl has lead delivery and consulted in Identity Access Management, Security Governance, and Role Based Access Control. He has years of experience in driving Security Strategy for large Canadian banks, financial services and insurance companies. He thrives in managing complex environments through both the medium of English and French.
Software Development Manager
Ralph Janke is a Software Development Manager at eSentire leading several teams developing security applications being used to provide Managed Detection Response for eSentire's clients for on-premise and cloud deployments. His software development teams are using Continuous Deployment Technologies including Linux Containers, Kubernetes and Cloud Infrastructures for development and production environments. Ralph has more than 30 years of experience in software development and computer / telecommunications networks. Beside a Masters of Computer Sciences/Telecommunications, he has also obtained a law degree and observes the world of technology from both perspectives. Ralph [...]
Sr Director of Security Strategy
John Grimm is the senior director of security strategy at Thales e-Security, an industry leader in data protection and applied cryptography. John’s focus is driving the company’s strategy for the Internet of Things (IoT). John’s 25 years of experience started as a systems and firmware engineer building secure cryptographic key distribution systems for government applications, and through the years he progressed through product management, solution development, and strategy/marketing leadership roles. He received his bachelor's degree in electrical engineering from Worcester Polytechnic Institute in Worcester, Massachusetts, and is a member of [...]
Director of Cloud & Security
Jamie Hari is the Director of Cyber Security and Cloud at Zayo. He has 15 years’ experience in enterprise technology and information security, joining Zayo from BlueCat, a leading DNS Security technology company. Prior to BlueCat, Jamie was the head of security Product Management at Scalar Decisions where he launched a new managed security practice that provided cyber security operations for the Toronto Pan Am Games in 2015. At Aimetis Corp, a video surveillance technology firm, Jamie was the head of the technology services and support team and had the [...]
Deputy CISO, Forcepoint
Ken Bell is the Deputy Chief Information Security Officer for Forcepoint and is responsible for securing the company and sharing our key learning with customers. Ken has more than 24 years of information security and law enforcement experience. Ken specializes in computer and network forensics and has conducted hundreds of computer and network forensic investigations. Ken holds a Bachelor’s degree in Criminal Justice and Computer Information Systems, and a Master’s Degree in Information Assurance from Norwich University. In addition, Ken holds several industry recognized certifications to include, CISM, CEH, and [...]
Matt Broda is a Technical Fellow in Security at Bell. Matt is responsible for Bell’s strategic security direction focused on business markets. Matt has devoted the last 19 years of his career to making cyberspace a safer place. In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection. Before joining Bell, Matt held leadership positions focused on security with Nortel’s Chief Technology [...]
Bharat Jogi is a Security Professional with over eight years of experience, including research on vulnerabilities, malware, protocol analysis, evolving attack vectors and signature development. He is currently a Senior Manager of Vulnerability Management Signatures at Qualys, where he leads a team of researchers that identify vulnerabilities in various products, reverse engineer binaries and malware and develop signatures for these threats. He holds a Masters degree in Computer Science from the University of Southern California and has been quoted extensively in mainstream media.
Regional Expert, Mobility - Check Point Software
Bobby Buggs is a Telecommunications professional that hails from Flint, Michigan. Bobby has worked in the mobile/wireless industry for over 17 years. Over the course of his career, Bobby has held numerous roles in both sales and technical disciplines. Bobby received his Bachelors of Arts Degree in Telecommunications from Michigan State University and his Masters of Business Degree from the University of Phoenix. Bobby Buggs currently lives in the Metro-Detroit area.
Security Practice Manager
Mr. Read has over 20 years of experience in the IT industry and an extremely broad skill set when it comes to the security of an organization’s critical IT infrastructure. Mr. Read has been in charge of IT Security Professional Service Delivery for over 10 years and is primarily responsible for: Leading a Security resource team responsible for vulnerability and risk assessments for some of Canada’s largest infrastructures; and Designing and deploying advanced security solutions from the SANs TOP 20 Critical Control list. By leading large projects in the areas [...]
Pre-Sales, Security Solution Architect , Security Operations Practice, ServiceNow
Syra Arif is a Advisory Security Solutions Architect with ServiceNow’s Security & Risk Practice, a division of ServiceNow focused on cybersecurity solutions for customers. Syra brings a deep knowledge of multiple domains including Identity & Access Management, Security Operations, Vulnerability Management and GRC. Prior to joining ServiceNow, Syra was a consultant with RSA's Via & Archer solution portfolios covering Identity Management & Governance and Risk solutions for commercial and enterprise customers. In the past, Syra was an expert in the area of cellular mobility & satellite communications with Cisco’s Mobile [...]
Director, Technical Alliances, PhishMe
Mike Saurbaugh is the director of technical alliances with PhishMe. Prior to PhishMe, Mike spent nearly two decades in financial services and was the head of information security for 12-years. Mike is a Faculty member with IANS Research was involved from the onset with Security Current when it launched and served as the research director leading a number of strategic projects for global security vendors. Recently, Mike was added to the faculty at Excelsior College in their information security program as a course developer and adjunct. Mike started a security [...]
Senior Director, Orchestration And Automation, Rapid7
Jen Andre is a Senior Director of Orchestration and Automation at Rapid7. Before joining Rapid7, Jen was the founder & CEO of Komand (acquired by Rapid7) the fastest way to automate your time-intensive security processes. Previously, she co-founded Threat Stack, a pioneering cloud security monitoring companies and serves on its board of directors. Jen has spent her career in security operations and product - starting off in the SOC as an analyst and later working as a researcher and developer at security companies Mandiant and Symantec. A recognized speaker in [...]
Senior Security Strategist
As a member of eSentire's Security Strategy team, Kurtis Armour is responsible for finding new and innovative ways to protect customers. As a regular conference speaker, Kurtis is inquisitive and dedicated to the cybersecurity industry and furthers research endeavors. He holds an OSCP certification which helps him understand the needs and requirements of organizations on the defensive side. Kurtis' current research focuses on cloud and endpoint security as it pertains to the managed detection and response industry. Kurtis holds a Bachelor of Technology from Seneca College.
Senior Risk Management Consultant, Uzado
Ken has been an Information Technology leader with over 18 years of experience exclusively in Information Security consulting and managed security services. (22 Years in IT). He originally developed a Managed Security Service Practice in 2001 that still runs to this day. Ken’s preference has always been to be a fully hands-on leader developing an array of skills and experiences along with the teams. This Range of experience includes Business Development, Program and Project Leadership, and Security Technology Integration; working with businesses, Governments and major Educational Institutions in Canada and [...]
Senior Director, Cloud Security - Optiv
John Turner is an accomplished IT executive with more than 20 years of leadership and operational IT experience. As senior director of cloud security enablement at Optiv, Turner’s team of cloud architects are responsible for helping to ensure the successful integrated delivery of cloud security solutions. Turner plays a key part in bringing different areas of Optiv’s team together to deliver seamless cross practice wins. Turner also works as part of the cloud leadership team to define Optiv’s strategy and product portfolio. Turner’s extensive operational background brings a unique client [...]
Product Manager, Security & Privacy, Google
Product Manager, Security & Privacy, Google (aka Google's "Underground Cartographer") Allison Miller (@selenakyle) works in product management at Google, mitigating security risks to the Google platform and end-users. Prior to her current role, Miller held technical and leadership roles in security, risk analytics and payments/commerce at Electronic Arts, Tagged.com (now the Meet Group), PayPal/eBay and Visa International. She is an expert in designing and implementing real-time risk prevention and detection systems running at Internet-scale. Miller speaks internationally on security, fraud and risk, is Co-Chair of the O'Reilly Security Conference, holds [...]