As vehicles around the world become more and more automated, ongoing security threats become an even greater risk. But for the automotive industry, addressing end-to-end security poses significant challenges. Building a car isn’t done in isolation – components, manufacturers and global supply chains must be synchronistic to make the connected vehicle completely secure. In this […]
Deception techniques for cybersecurity are not new – honeypots have been used for many years. However, new types of deception techniques are being developed to supplement the classic honeypot approach. Deception can be used in several ways and for various end results. In this presentation, we will cover two main areas related to deception-based cybersecurity. […]
Hardware Security Modules (HSMs) come in a variety of shapes, forms and sizes, and are used for different purposes. They are also deployed in a myriad of ways based on your needs. If you are thinking about using HSMs, just curious about what is out there, or using them today and not sure if you […]
Executives and the board face difficult decisions to determine whether cyber insurance is worth the spend and what limit to buy. Quantifying the financial costs of potential cyber incidents provides objective grounding for decision-making and reduces reliance on gut feeling, fear or intuition. However, cyber risk assessments usually don’t quantify the financial cost to the […]
This quick-moving talk will cover techniques for reducing the range of combinations or keys you need to attack to successfully open a lock. There will be some math…but I’m not particularly good at math so it definitely won’t get complicated. We will cover a number of fun topics like decoding combination locks, figuring out how […]
With a plethora of IoT devices on the market, and consumer devices being used in the enterprise, it becomes ever trickier to decide on the right strategy for choosing. Product development lives and dies by the phrase ‘Fast, Good, Cheap – Pick Two’. Today, as we push the bleeding edge and strive for instant improvements […]
Whether you are looking for industry insight, your first job, changing careers or professional development, this year’s Developing Your Career in IT Security panel and networking session in the Keynote Hall on Tuesday, October 2 from 2:55pm is for you. Join our panelists as they answer your questions and debate how different segments of the […]
We are seeing a new approach to security that is rippling across network defenders, products, and attackers alike. The approach is based on the idea that you can improve security on data by harnessing data to improve security. This requires transitioning from appliances that shrink data volumes to cloud approaches that capture more data than […]
Imagine using a risk score to determine whether to grant a user access to an application, a system, a device. Wouldn’t it be a huge time-saver if you could auto-approve low risk access requests instead of manually granting such requests? On the flip side, wouldn’t it be great to automatically ensure that privileged access requests […]
In this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry.
Many enterprises are focused on prevention and are too busy with day-to-day firefights to look beyond the flames and think about how to recover. Beyond preventing attacks, organizations need to focus on detection and response. It’s no longer a matter of if you’re going to be attacked, but when. Join this session to: Learn the […]
Privacy Engineering is an emerging discipline and this presentation will talk about privacy engineering in the context of emerging standards and best practices for consent, consent management, and permissioned data. The Kantara Initiative released a standard for User Managed Access (based on OATH 2), Consent Receipts, and has a working group on Consent Management practices. […]
Automated Twitter accounts have been making headlines for their ability to spread spam and malware as well as significantly influence online discussion and sentiment. In this talk, we explore the economy around Twitter bots, as well as demonstrate how attendees can track down bots through a three-step methodology: building a dataset, identifying common attributes of […]
It’s no longer a matter of “if”, but “when”. As the world becomes more mobile and connected, cyberattacks continue to rapidly grow in frequency and sophistication, placing your company’s data and personal information at risk. Are you protected? While organizations are aware of the growing threat, most are overly focused on security software and data […]
Building a resilient cyber security ecosystem is crucial for levelling the playing field against adversaries. The newly established Canadian Centre for Cyber Security, as part of the Communications Security Establishment (CSE), sees the increasing need for widespread innovation and collaboration to secure our country’s future. Collaboration is a point of pride and necessity from a […]
Cyber security is no longer about protecting secrets. It’s about our way of life: from autonomous cars, to webcams medical devices, to the manipulation of political campaigns and global markets. But are you thinking about what’s next? This talk will aim to inspire the audience of security professionals to take action about the things that require our […]
The Fails just keep on failing. We’re back for the 6th examination of the wide range of failures that our industry is not simply capable of but also EXCELS at. All the blinkie lights and all the shiny things that directly provide for day-to-day Fail. We know that this is sounding repetitive, but that’s kind […]
This presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines? We will look at the Sysmon tool and compare its outputs to standard EVT logs Look at how Sysmon […]
The International Federation of Robotics estimate that 2.6 million industrial robots will be installed in factories worldwide by 2019. Robots are not only in industrial environments, they also exist in homes and around us as toys, companions, assistants and serve various roles in our daily lives. In this session we will talk about our journey […]
The MITRE ATT&CK framework has emerged as the most complete and detailed body of knowledge of adversary techniques and tools ever compiled. As such, anyone in threat detection and response should be studying it. In this talk we will provide a brief overview of MITRE ATT&CK and how it can be used to help organize and focus […]
Since its inception, the security industry has been inundated with trendy defense techniques, topics, terms, and products that once implemented will solve all of our security woes. For the last several years one of those terms, threat hunting, has become the darling of defenders and vendors worldwide. But just what is threat hunting? Is it […]
Heimdall assumes that when a new vulnerability is disclosed, and an exploit goes public, criminals build scanners in order to detect the machines reachable on the internet which are affected by the new vulnerability. If these machines are found and compromised, they are often used by criminals for other activities (C&C panel, redirect to cloned […]
A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the world’s largest banks. Through the use of tales from the front line and useful illustrative slides, I will attempt to take you through the lessons to be learned from an ethical […]
The next evolution of the global mobile communications network is on the horizon and the technology standards are being developed to support it…but how secure will it be? This talk will present an overview of the 5G security evolution and current status at the half-way point before official 5G release. The new network will not […]
Smart contract security is a brave, new, and sometimes terrible field. This presentation will take you through a storytelling history of some of the most famous vulnerabilities of these first few years (from the Dao hack, to the Parity wallet vulnerabilities and including less-well-known but very interesting events like the DDOS attacks from late 2016). […]
With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can […]
Smart things are a big trend nowadays. In more than 47 million households, Alexa is always listening and sometimes recording. What exactly does Alexa know about its master? What information does it collect, where is it stored, and what Amazon does to all that data aside of the “learning and quality assurance” routine? In this […]
The 2017 M.E. Docs cyber-attack that crippled hundreds of companies crafted the blueprints for hijacking a vendor to attack clients through their trusted vendors. These attacks herald a new generation of supply-chain based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory […]
What does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers? Join Matthew Maglieri, CISO of Ashley Madison’s parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is […]
Simple lessons to teach you how you can fill the knowledge gap within your staff…today! Few industries are expanding faster or evolving more rapidly than IT security. There is no shortage of bad actors trying to outsmart you and get to your data. The bad guys are relentless in their never-ending pursuit to find a […]
The Payment Card Industry Data Security Standard has a bad rap with the security community and for good reason. We’re doing it wrong. Penetration Testers in particular can play a key role in the effectiveness of PCI, but most have never read the Standard and even fewer really understand it. In this talk we’ll cover […]
Established methodologies for monitoring cloud-based environments are less than ideal. They come with significant downsides, including the ability for attackers and mischievous users to avoid detection and bypass security controls. I would like to explore how we can use existing technologies like log management systems, SIEMs and the auditing features that cloud platforms already provide […]
Angad is a framework to automate classification of an unlabeled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in several feature vectors. These vectors are individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection […]
The shift from legacy data collection and storage models to cloud has resulted in new paradigms in data management. Add to this more sophisticated and motivated adversaries, along with innovation in the manner in which they attack, and it yields a perfect storm of a complex attack surface, combined with multi-phased and multi-vector attacks. Today’s […]
In Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Pre-Crime Division,” which anticipated and prevented violent killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity—especially for insider threat detection and prevention. Based on user interaction with data, […]
As we’ve talked with more and more of our clients about their digital transformations, it has become clear that security is a key facilitator for successful transformation. For example, if an organization churns out a series of new cloud-hosted mobile applications that permit users to more effectively interact with the company, the initiative can backfire […]
As today’s digitally connected ecosystem continues to evolve, adapt and innovate, there has been a consistent, underlying theme across the landscape – teams are struggling to balance their increasing workloads with the limited resources at their disposal. As a result, it is becoming more difficult for Security, IT and DevOps teams to accomplish their goals, […]
Cryptojacking has recently erupted onto the cybercrime scene, thanks to the surge in value in 2017 of cryptocurrencies such as Bitcoin, Monero, and Ethereum. Crooks are aggressively targeting laptops, desktops, servers, and even mobile devices. From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, […]
The concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]
Enterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]
Artificial Intelligence(AI) is impacting our world in previously unimaginable ways. But how does it really work? If you are looking for the real deal about this industry buzzword, this is the talk for you. We will cover the history of this incredibly innovative technology, what it is and what it is not, the steps required […]
As the extraction of value from data becomes more critical to a company’s success, organizations are trying to stay ahead of the data deluge. Unfortunately, data technologies often have security bolted on, not baked into the DNA, leaving far too many doors open to compromise. This session will cover the challenges of big data and […]
Endpoint security is one of the most important aspects of a defence in depth strategy. It is critical to businesses because code execution on servers and workstations is one of the key ways to obtain an initial foothold within a corporate environment. The ability to prevent, detect, and respond to incidents within your environment in […]
There is no one Golden Rule when it comes to email encryption. Every enterprise is unique. It’s vital to ensure email encryption is tailored for and tightly integrated to your Cybersecurity strategy. Join Echoworx VP of Operations, Alex Loo, to understand: Key components of an email encryption strategy. Benefits of leveraging encryption in the cloud. […]
For a long time now, it has been widely known that a proactive cybersecurity plan is not good enough, you must have a reactive plan as well. It is not good enough to simply mitigate a cyber breach, you need to be ready to react to one as well. However, in the very near future […]
As more and more organizations undertake digital transformation they become increasingly dependent on their online presence. This exposes their business to cyber-attacks that target the growing number of vulnerabilities in web services software stacks, which require the organizations to evolve their current cyber defense approach and stretch their resources. Navigating digital transformation securely can feel […]
On the eve of quantum computing, the definitive need for crypto-agility is greater than ever. The ability to locate, manage, and securely update digital certificates on a network or on a device seems like a simple task, yet with the advent of new Enterprise use cases and flourishing IoT device introductions, management at massive scale […]
The security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary to help secure networks in today’s volatile threat landscape. In this talk, Earl will analyze how the threat landscape has evolved over the last year or so by looking […]
How can a good offense be a great defense? The concept of Hack-Back is extremely controversial and at first glance seems unsuited to the corporate world. However, in this session we will look at strategies and technologies you can use to actively defend your organization. Learn how create an active defense by using the attacker’s […]
Ted Shorter is the Chief Technology Officer at Certified Security Solutions, Inc. (CSS). Responsible for CSS’ Intellectual Property development efforts, Ted helps align CSS’ security focus with the changing Enterprise and Internet of Things (IoT) landscape. A renowned Public Key Infrastructure (PKI) expert, Ted has provided oversight to hundreds of private-sector Enterprise PKI deployments, in multiple vertical markets including: Healthcare, Finance, Manufacturing, Aerospace, and e-Commerce. Ted has worked in the security arena for over 25 years, in the fields of cryptography, application security, authentication and authorization services, and software vulnerability [...]
Lane Thames is a senior security researcher and software engineer with Tripwire’s Vulnerability and Exposure Research Team (VERT). As a member of VERT, Lane develops software that detects applications, devices, and operating systems along with vulnerability detection and management software. He also spends time looking for new vulnerabilities and understanding emerging cybersecurity threats. Lane enjoys contributing to the cybersecurity community by publishing new research, blogging about cybersecurity topics, and presenting new techniques and technologies at cybersecurity conferences. Lane received his PhD in Electrical and Computer Engineering from the Georgia Institute [...]
Co-founder, President & CTO of Crypto4A
With more than 30 years in the security industry, Bruno Couillard, P.Eng., brings a wealth of knowledge and expertise in the field of technology and cybersecurity. He served 10 years as a Telecommunications Officer in the Canadian Forces followed with service for the Canadian federal government where he worked on multiple high assurance security designs and evaluations. He also held senior security architect roles with the Canadian Cryptographic Modernization Program and the Canadian delegation on NATO standardization committees. Bruno is best known for his leading role in the development of [...]
A risk management specialist for over 15 years, Julien spends his days supporting business leaders to improve their organization’s cybersecurity, risk management and insurance practices. In-depth security program assessment generally yields dozens of recommendations. Typical risk assessments are largely qualitative and subjective. As a result, executives and administrators not only lack adequate information to drive effective decisions, but also face challenges to determine how much investment in cybersecurity, risk management or insurance is enough. To support them in making objective and impactful decisions, Julien shares his time between sourcing relevant [...]
Schuyler Towne is a research scholar at the Ronin Institute, studying the history and anthropology of physical security.
Tyler Reguly is a Manager of Security Research with Tripwire, and a key member of VERT (Vulnerability and Exposure Research Team), where he focuses on web application security and vulnerability detection. Tyler is involved in industry initiatives such as CVSS-SIG, and has spoken at many security events, including RSA and SecTor. Additionally, he has contributed to the Computer Systems Technology curriculum at Fanshawe College in London, Ontario by developing and teaching several security related courses. Tyler is frequently quoted by security industry press and is a prolific blogger.
Director and Co-Founder, Black Arts Illuminated
Brian has a passion for security and has been an active member of the IT security community for over 25 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor as part of Black Arts Illuminated. Brian was the founder of CMS Consulting Inc. and Infrastructure Guardian Inc. which became part of New Signature. The two organizations (professional services and managed services respectively) provided deep Microsoft expertise working with mid to large enterprise [...]
CEO - UZADO
Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 20 years. He founded the InfoSec company Sentry Metrics, one of Canada's most successful MSSPs. After the sale of Sentry Metrics, Dave's lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado (http://www.uzado.com), a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions "what now?" or "what next?" Dave is also the CSO of [...]
CyberTalent Program Director, SANS Institute
Max leads the CyberTalent division of the SANS Institute, the most trusted and the largest provider of information security training and certification in the world. In this role, he directs business development and stakeholder engagement to support the various SANS CyberTalent programs and develop strategic partnerships. He also oversees CyberTalent program operations. SANS CyberTalent helps organizations address their cybersecurity workforce needs through initiatives such as the Cyber Immersion Academies, CyberStart game, and a series of talent assessment tools. Max joined SANS Institute as its’ CyberTalent Business Development manager in 2015. [...]
Director, Information Security Services - BMO
Laura Payne is a Director of Information Security Services at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping.
Stephan Jou is the chief technology officer at Interset, an In-Q-Tel-backed security analytics company. He leads the development of advanced analytics and mathematical modeling for unsupervised machine learning to detect how corporate intellectual property is being attacked, moved, shared, and utilized. Prior to Interset, Jou served as a technical architect at IBM’s Business Analytics Office of the CTO—a role in which he architected the development of more than ten Cognos and IBM products in the areas of cloud-computing, mobile, visualization, semantic search, data-mining, and neural networks. Stephan has also published [...]
Donald Messier is the Director General, Cyber and IT Security Infrastructure at Shared Services Canada. Mr. Messier works collaboratively with partners and client departments and agencies to plan, design, build, operate, and maintain an effective, efficient and responsive IT and cybersecurity infrastructure to secure Government of Canada data and technology assets. Mr. Messier leads a team of 400 public servants and contractors distributed across Canada and manages a complex security infrastructure including: firewalls, intrusion detection and prevention, event management systems, anti-virus, anti-malware, data loss prevention, denial of service protection, web [...]
John Lambert holds the title of Distinguished Engineer and is the General Manager of the Microsoft Threat Intelligence Center. The Center is responsible for detecting and disrupting adversary-based threats aimed at Microsoft and its customers. Its mission is to drive detective innovations into products and services to raise the ability for every defender to deal with adversary-based threats through security research, threat intelligence, forensics, and data science. Previously at Microsoft, Lambert worked in the Trustworthy Computing group for ten years and the Windows Security group on features related to cryptography [...]
Leslie K. Lambert, former CISO for Juniper Networks and Sun Microsystems, has over 30 years of experience in information security, IT risk and compliance, security policies, standards and procedures, incident management, intrusion detection, security awareness, and threat vulnerability assessments and mitigation. She received CSO Magazine’s 2010 Compass Award for security leadership and was named one of Computerworld’s Premier 100 IT Leaders in 2009. An Anita Borg Institute Ambassador since 2006, Leslie has mentored women across the world in technology. Leslie is also serving on the board of the Bay Area [...]
CEO of Aleks Security Cyber Intelligence Inc.
Nick Aleks is the CEO of Aleks Security Cyber Intelligence Inc., a Toronto-based Ethical Hacking Firm. Nick and his team specialize in testing the security systems for clients in the software development, government, engineering, manufacturing, and financial industries. He is the founder of DEFCON Toronto Hacker Community, a group with over 1000 active members. Nick has spoken at numerous cyber-security conference (BSIDES, DEFCON Toronto, and Pearls in Policing) where he has shared knowledge on topics including: pen-testing, car hacking, lock-picking, wi-fi-hacking, social engineering (human hacking), and threat intelligence.
Mounil Patel has been a part of the Mimecast team for over nine years and holds the position of Field CTO. Mounil also held positions at Mimecast as Director of Sales Engineering, and VP of Strategic Field Engagement. Previously he was Global Practice Director managing pre-sales and services for EMC's Telco, Media and Entertainment division for archiving and backup products as well as Director of Data Restoration and e-Discovery services at Iron Mountain. Mounil has also held CIO positions at Endeca Technologies and Phase Forward Incorporated. He holds a Bachelor [...]
John Wunderlich is a privacy expert who has worked and consulted about privacy and security for over 15 years in multiple jurisdictions. Before launching his consulting practice, he designed and implemented security and privacy programs and was a senior policy advisor to the Information and Privacy Commissioner of Ontario. He has provided advice and consulting services to multiple public and private sector organizations in Canada, the United States and abroad. He serves as Chief Privacy Officer for JLINC Labs, a company that has developed protocols and software for data governance [...]
Olabode is a Data Scientist at Duo Security where he wrangles data, prototypes data-related features, and makes pretty graphs to support engineering, product management, and marketing efforts. Prior to Duo, Olabode studied usable security at the University of Florida. When he’s not at work, he spends his time exploring data involving topics such as sports analytics, relative wages and cost of living across the United States.
Senior Security Product Consultant
Kurt Lysy is Senior Security Product Consultant and security subject-matter expert at HP. As a passionate evangelist of HP's cybersecurity strategy, Kurt travels throughout North America meeting with enterprise companies and partners about today's modern security threats – and how HP's innovative, hardware-enforced, security and manageability solutions help keep businesses secure. Throughout his 35-year career in IT, Kurt has been committed to delivering impactful security products and solutions that delight end users and IT professionals alike. Before joining HP’s security team, Kurt spent several decades in numerous roles in the [...]
Head, Canadian Centre for Cyber Security, CSE
Scott Jones was appointed to the position Head, Canadian Centre for Cyber Security (Cyber Centre), effective 12 June 2018. The Cyber Centre will be a single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure owners and operations, the private sector and the Canadian public. Scott began his career at CSE in 1999 and has held various positions including Assistant Deputy Minister of IT Security, acting Assistant Deputy Minister of Corporate Services and Chief Financial Officer, Director General of Cyber Defence and a [...]
Cyber Security Expert
Keren Elazari is an internationally acclaimed security researcher, author and strategic analyst, with years of experience in the international cyber security industry. Since 2000, Keren has worked with leading Israeli security firms, government organizations, Big 4 firms, advised Fortune 500 and groundbreaking startup companies, helping global organizations navigate complex cyber security issues. Elazari’s independent research work and writing about emerging security issues has been featured by Scientific American, WIRED, and she is a frequent speaker and commentator in international events and in the media. Ms. Elazari holds an MA in Security Studies from the [...]
Ben Sapiro is the Global CISO of Great West LifeCo and has worked in both InfoSec consulting and operations since he somehow managed to graduate from b-school; he’s even done privacy and compliance work to pay the bills. Other than that, he’s a typical middle-aged Canadian security professional who has worked in several verticals including SaaS, natural resources and telecom. Ben is a contributor to the Liquidmatrix Podcast (whenever we get around to recording it) and used to help with other stuff like BSidesTO until he realized he should not test his wife’s [...]
Bruce Potter is Expel’s (expel.io) chief information security officer (CISO). He’s responsible for cyber risk management and ensuring the secure operations of Expel’s services. He also remains perpetually frustrated that employees pronounce CISO not-the-way-he-wants. Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that worked with organizations ranging from hedge funds to intelligence agencies. Bruce sold Ponte Technologies to the KeyW Corporation where he served as CTO for two years. In another life, Bruce founded the Shmoo Group and helps run the yearly hacker conference, ShmooCon (shmoocon.org), in [...]
Global Security Advocate
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.
James Arlen is a member of Salesforce’s security team focused on Public Cloud computing at one of the world’s largest SaaS/PaaS providers. Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both consultant and staff member roles, James led business and technical teams of professionals in short-term projects as well as multi-year organizational change initiatives. James held key contributor roles as CISO or most senior security executive at dozens of international companies across the finance, critical infrastructure, manufacturing, and [...]
Nick is the program coordinator for, and professor in, Sheridan College’s Honours Bachelor of Applied Information Sciences (Information Systems Security) degree program. Previous to his role in academia, Nick led an incident response team, worked as a computer forensic investigator, programmer, penetration tester, secure code auditor and general InfoSec consultant. You can find Nick on Twitter at @nickinfosec where he’ll either be tweeting cringe-worthy cyberpuns or asking beginner electronics/maker questions.
Director, KPMG RCCS
Peter is a Director in KPMG’s Risk Consulting - Cyber Security practice. He is a senior cyber security professional with over 20 years of experience focusing on cyber security. Peter has worked in senior positions for numerous organizations, including a national telecommunications and media company, Fortune 500 cloud-computing company, a recognized cyber security software company and most recently a major US defense contractor where he focused on developing insider threat solutions, engaging in incident response and threat hunting and implementing monitoring and detection systems for security operations centers. Peter holds [...]
Talha Tariq is the CISO at Anki, a consumer robotics and AI company where he leads security and privacy engineering efforts. He has 15 years of experience building and scaling security programs from start-ups to large Fortune 100 organizations. Previously he was CISO for FinancialForce, Director of Security Consulting at PwC, and has held various security engineering and leadership positions at Microsoft and NCR. He has broad security and privacy engineering experience and patents building trusted platforms for cloud and IoT devices. He has led a variety of engagements around [...]
Evan is a threat detection and machine learning specialist working for a start-up to deliver next generation intelligent enterprise security solutions in detection and response automation. He previously worked at the Target Corporation, applying machine learning and artificial intelligence techniques to detect and stop threat actors. Evan also managed the threat detection team at Target's Cyber Fusion Center (CFC), which delivered detection capabilities and performed threat hunting in collaboration with the incident response team. He has over a decade of experience in security working in various roles from system security engineering to penetration [...]
Principal Threat Hunter, RSA
Neil R. Wyler is currently a Senior Threat Hunting and Incident Response Specialist with RSA. He has spent over 18 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black Hat Security Briefings for over 16 years and a member of the Senior Staff at DEF CON for 18 years. Neil has spoken at numerous security conferences worldwide, including Black Hat, DEF CON, and the RSA Conference. He has been the subject of various online, [...]
Andrea Braschi received his B.Sc. in computer engineering from the "Università degli studi di Pavia" (2012) and his M.Sc. degree in Computer Engineering from the "Politecnico di Milano" (2014). From October 2014 to August 2017 Braschi worked in the R&D department of Reply Communication Valley as an IT security consultant where he performed different tasks such as: Incident Response Capability Assessment, SOC Optimization, development of an APT detection system, code review, and malware analysis. He has published several monthly threat reports for ABI (Italian Banks Associations). Braschi currently works as [...]
Co-Founder, Ethical Hacker, Social Engineer
FC is a well-known ethical hacker and social engineer. He has been working in the information security field for over 20 years and excels at circumventing access controls. He has held positions in his career such as Senior Penetration Tester as well as Head of Social Engineering and Physical Assessments for renowned security companies. Having worked as Head of Cyber Research for Raytheon Missile Systems, and working closely alongside intelligence agencies, he has cemented both his skillset and knowledge as well as help to steer governments take correct courses of [...]
Lilly works with GoSecure on Threat Intelligence. She started her journey being mostly self-taught making hacking tools in her spare time – Chameleon (custom base64 steganography), Badger (DLL Security Enumeration including ASLR Entropy), Dirty-Needle (DLL Injection Tool) and more. She has presented at the Atlantic Security Conference on PE File Structure Security Enumeration and Custom Base64 Steganography and at the Halifax Area Security Klatch (HASK) on using file upload vulnerabilities to obtain shell access to a webserver using injection techniques. In addition, Lilly has presented at Digital Discovery Camp for [...]
Chief Security Architect, TELUS
Security was not the original plan. Marc started in Astrophysics, getting degrees from the University of Calgary and Western Ontario before finally quitting with his MSc to scrounge for money in the private sector. Luckily, the Internet was waiting. Starting as a UNIX system administrator and working his way through Internet services, dot coms and the core networking teams, Marc ended up as the Security prime for TELUS' core networks. With a nod to his 20 years of experience in IT/networking security Marc was appointed a TELUS Fellow and is [...]
J. (maurelian_) is a security engineer at ConsenSys Diligence, where he works to ensure that Ethereum smart contracts are transparent, trustworthy, and reliable. He helped build a decentralized name registrar for the Ethereum Name Service; authoring the spec and auditing the final implementation. He is a regular writer and speaker on smart contract security. Prior to joining ConsenSys, Maurelian worked at Coinbase.
Sarah (isthisanart_) is a software engineer working at Consensys on tools for financial transparency/accounting. When not doing that, she creates games and other interactive experiences. She is a proud Recurse Center alum, and has recently presented at Transmediale in Berlin, Ethereal Summit in NYC, NorthSec in Montreal, and is a co-organizer of Our Networks, a summit on the decentralized web in Toronto.
For the last five years Shimi has been part of the Research team at Checkmarx (lead by founder & CTO - Maty Siman). He has participated in developing the core of Checkmarx’s main product - CxSAST (static application security testing using code analysis) and in the design of their new products (CxIAST). Shimi is currently working on research related to innovative technologies and their application security aspects
CEO, ElcomSoft Co.Ltd
Vladimir Katalov is CEO, co-owner and co-founder of ElcomSoft Co.Ltd. He studied Applied Mathematics at the Moscow Engineering-Physics Institute (State University). Vladimir manages all technical research and product development for the company. He regularly presents at events and runs IT security and computer forensics training both for foreign and domestic computer investigative committees and other organizations.
Mark Sangster is an industry security strategist and cybersecurity evangelist who researches, speaks and writes about cybersecurity as it relates to regulations, ethical obligations, data breach incident response and cyber risk management. Mark's 20-year career was established with industry giants like Intel, Cisco and BlackBerry, where he worked on the first secure devices for government agencies. Mark continues to build mutually-beneficial relationships with regulatory agencies and industry associations, drawing on his strong technical aptitude and intuitive understanding of information security. As an ILTA Council Member, Mark regularly attends legal tech [...]
Matthew Maglieri is the Chief Information Security Officer at ruby (the parent company to AshleyMadison.com) where he leads an experienced team of cybersecurity professionals working around-the-clock to safeguard and defend the company’s systems and data. He relies upon his experience on the front lines of the cybersecurity industry and specialized knowledge of the tools, tactics, and procedures used by advanced threat groups to build leading threat-based, intelligence-led information security programs. Matthew is a sought after speaker who presents worldwide on how businesses can best assess their risk of a breach, [...]
Shira Shamban is a security researcher and technical expert with a focus on threat intelligence. Shira started her professional career in cybersecurity as a military officer in the elite intelligence unit 8200 of the Israel Defense Force. During her 13-year service in the unit, Shira acquired hands-on experience in cybersecurity and intelligence operations while earning an engineering degree from Tel-Aviv University. After her military service, Shira turned to security innovation in business. As the Data Initiative Lead at Dome9 Security, Shira is now leading the company's security research to implement [...]
VP Technical Services, PSC
Joseph Pierini, Vice President of Technical Services at PSC, is responsible for the development and execution of the penetration testing programs supporting PCI and other privacy laws and regulations. Years of security and compliance experience make Joseph an expert at understanding issues clients face in achieving and maintaining compliance. Having served as the Primary Point of Contact for the PCI Security Standards Council’s Approved Scanning Vendor for nearly a decade, Joseph has developed extensive knowledge in the area of weaknesses and vulnerabilities threatening client's network infrastructure and applications. When not [...]
John Ventura is a security researcher currently focusing on infrastructure security challenges for Datadog, Inc. He has worked across multiple computer security fields, including forensics, network penetration testing, and web application security for a diverse set of companies.
Sr. Malware Research Engineer
Ankur Tyagi is a Sr. Malware Research Engineer at Qualys Inc., where he analyzes malicious code and applies statistical modelling to identify suspicious patterns and evolving trends. His research interests include developing algorithms and analysis tools that apply stochastic and machine learning models for classifying large collections of uncategorized samples. He has completed MS in Software Systems with focus on Applied Security from BITS-Pilani. Contact him at 7h3rAm@gmail.com.
With over 20 years of real-life, in-the-trenches business experience in the IT security space, Ajay is a seasoned veteran when it comes to introducing disruptive security brands to the Canadian market. He currently serves as the Vice-President and General Manager for Symantec Canada where he is on a mission to evangelize the importance for entities to stay ahead of the curve when it comes to architecting and operating their cyber security defenses. You can follow him on Twitter at @akssecure.
Charles is a 12-year veteran of the information security industry, and currently serves as a Security Specialist for Forcepoint’s User Entity and Behavior Analytics group. Charles is a recognized industry expert on data security and has worked extensively on solving complex security problems for both the public and private sector. Charles is an active participant in the security community, holding numerous certifications, including a CISSP, and has spoken in front of the UN Cybersecurity Sub-Council and the National Retail Federation. Prior to working with Forcepoint, Charles was part of Hewlett [...]
Security Executive, IBM Canada
David Millar-LaRocque has over 20 years of sales and marketing experience in the IT industry, successfully working with channel partners, IBM's hardware division, and a host of infrastructure services. For the past eight years David has held a variety of leadership roles in IBM's Security organization where he has helped IBM to become a major Canadian security vendor by focusing on helping clients to reduce their risk posture through the combination of people, processes and technology. For both personal and professional reasons, David has been dedicating time to building a [...]
Jadon is a software engineer turned product manager who has spent his entire career in the worlds of cybersecurity and startups. He worked as a software developer at a cloud security startup before moving on to become founding engineer at a New York-based startup enabling home-cooks to get their food delivered anywhere in the city. Shortly before joining Rapid7, Jadon worked as an integrations engineer bringing dozens of security products into the ecosystem of a SOAR platform and refining workflows to automate use cases such as phishing remediations, incident response, [...]
Matthew Hickey is a Director of Engineering, Enterprise, at Sophos. He got his start in the field of Information Security working for Securities Industry Automation Corporation (SIAC), at the time, a subsidiary of the New York and American Stock Exchanges. After working several years on Wall Street, he continued honing his skills in this field at Lockheed Martin. There he worked on several projects for the Department of Defense. This work included conducting security audits, penetration testing, and firewall deployments guides for very high profile, security conscious customers. Most recently Matthew has been working for [...]
Robert Falzon is currently the Director of Field Engineering, Americas International for Check Point Software Technologies Inc., worldwide leader in securing the internet. He has provided his expertise and security training to private and public sector customers all over the world, with experience living and working in Canada, Europe and the Middle East and Latin America. Robert has developed a friendly, often entertaining approach to engaging customers in security presentations and discussions and is often sought for opportunities where presentation and delivery are key to developing customer relationships and winning [...]
CISSP, CISA, MBA
Mark Holub (CISSP, CISA, MBA) is a Compliance Security Solutions Architect at Qualys and is a subject matter expert for the company’s compliance solutions. With 20 years of experience across IT security, compliance and IT audit, Holub assists small, medium and large enterprises with establishing strong governance and control environments.
Josh Fu, CISM, CISSP, is a security professional at Cylance, an artificial intelligence company focused on cybersecurity. Josh has experience as a channel manager and consultant in cloud infrastructure and as a technical account manager and sales engineer in cybersecurity. Josh founded the west coast chapter of the International Consortium of Cybersecurity Professionals while he was living in San Francisco and has presented in front of industry audiences across the country and for groups such as ISACA, ISC2, MGTA, IANS, and SANS. He is also a published author in Information [...]
David Soto brings over 20 years of technical and information security management experience to his current role as an executive director, executive advisory in the Office of the CISO at Optiv. Soto utilizes his past and present experiences to assist executives in aligning their cyber security roadmaps to the business. Using his information security expertise, Soto assists organizations in moving from a tactical to a strategic approach, tackling issues such as incident management, vulnerability management, security operations and application security. As a subject matter expert in cyber security solutions and [...]
Principal Security Specialist
Kurtis Armour is a Principal Security Specialist at Scalar Decisions, where his specialties include risk assessment, incident response, penetration testing, threat and vulnerability management/ research, among others. He holds a Bachelor of Technology, with a specialty in Informatics and Security. As a regular conference speaker, Kurtis is inquisitive and dedicated to the industry and furthers research endeavors. He holds an OSCP certification which helps him understand the needs and requirements of organizations on the defensive side.
As VP Operations at Echoworx, a recognized leader in secure digital communication, Alex Loo leads a team responsible for the deployment, support and IT infrastructure of encryption service across a vast Cloud environment – with certified data centres located in the US, UK, Ireland, Mexico and Canada. With over-three decades of field experience directing and supporting the infrastructure of technical operations, Alex oversees the security measures required for SaaS, with SOC 2 and Web Trust certifications.
With more than 15 years of experience in the cyber security industry, Danny Pehar has developed multimillion-dollar cyber security projects across North America. Danny is a bestselling author and uses his own Executive Security Storytelling formula to successfully educate organizations on the fascinating world of cyber security and cyber insurance. He's also built an engaged television audience through his regular appearances on the Global Morning Show. Danny has spoken on the topic of cyber security and cyber insurance throughout various industries and has worked with numerous Fortune 500 companies.
Matt Broda is a Technical Fellow in Security at Bell. Matt is responsible for Bell’s strategic security direction focused on business markets. Matt has devoted the last 19 years of his career to making cyberspace a safer place. In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection. Before joining Bell, Matt held leadership positions focused on security with Nortel’s Chief Technology [...]
Chris Hickman is the Vice President of Managed Services at Certified Security Solutions, Inc. (CSS). Chris is responsible for developing and assisting in the deployment of Authentication and Encryption solutions including, Managed Public Key Infrastructures, Smart Cards & Tokens and Certificate Management solutions. Chris has a deep understanding of an organization’s need to balance security with a practical approach to certificate management and strong authentication solutions. During his time at CSS, Chris has assisted many Fortune 500 companies in implementing certificate management products and processes to minimize the operational overhead [...]
Earl Carter has always had a passion for solving puzzles and understanding how things operate. He quickly learned that identifying security weaknesses is just like solving puzzles. Almost 20 years ago, he was introduced to network security when he accepted a position at the Airforce Information Warfare center in San Antonio, Texas. In 1998, Mr Carter started working at Cisco and became one of the founding members on the Security Technology Assessment Team (STAT). After spending 15 years identifying new security threats, Mr Carter became a Threat Researcher for Cisco [...]
Aamir Lakhani is a leading security strategist responsible for providing IT security solutions to major enterprises and government organizations. Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions and government organizations. Aamir has designed offensive counter-defense measures for the US Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. Writing under the pseudonym Dr. Chaos, Mr. Lakhani also [...]