This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps: Identify a server-side request forgery Gain access to instance meta-data credentials Enumerate IAM permissions Privilege escalation Connecting to internal VPC services via VPN Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot […]
Threat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]
Behavioral analytics helps IT professionals predict and understand consumer trends, but it can also assist CISOs in understanding potential threats—and unearthing them before they wreak major havoc. Additionally, automation helps to respond rapidly, thus reducing your mean time to resolve (MTTR) and improve SOC efficiency. Join this session to discuss: Using behavior analytics as a […]
The evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]
It was the best of times, it was the worst of times… that pretty much sums up infosec today. We can’t figure out how to align to our businesses effectively, we love our silos, and constantly hire the wrong people. This presentation will address common issues in information security and people leadership areas, giving you […]
Cars are no longer simply mechanical. While they may be getting more advanced that doesn’t mean they are immune to hacks. One particularly sensitive entry point for hacking a car is the legally required OBD II port, which is basically “the Ethernet jack for your car”. This port works on a signaling protocol called CAN […]
This presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]
Most 3rd party software installations require elevated privileges that could lead to reduced security in the attack surface of your client and enterprise systems. Knowing what is in 3rd party open source software succinctly and detecting changes made during installation and at runtime can inform risk choices about what you should allow on your systems […]
The CIS Critical Controls are recognized as a good start in setting up a defensible infrastructure. They are platform / OS agnostic, aren’t driven by vendor agendas, and are very much community and volunteer driven. In this talk, we’ll discuss a typical organization, one that we’d see in many security engagements. We’ll discuss the various […]
While we continue to support the concepts of compliance, defense, governance, and prevention, it’s time to shift our focus beyond those measures with more emphasis on strategic response to incidents. This talk offers real stories of failure and practical, quick-win lessons on how to be prepared to respond quickly, accurately, and confidently when incidents occur. […]
The Web application development lifecycle has numerous security activities. For developers, code review is a familiar recurring activity. To support Java developers, a project was started in 2012 called, “Find Security Bugs” (FSB). It is an extension of the SpotBugs project, formerly known as FindBugs. FSB is a community static analysis tool which targets specific vulnerabilities. Over the years FSB has evolved from a limited tool to a solid coverage of bug […]
I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation […]
In recent years, the threat to the public key infrastructure posed by quantum computers has gained some attention. Standards agencies such as NIST and ETSI have begun efforts to standardize encryption and signature algorithms that are quantum resistant. This talk will introduce attendees to the threat posed by quantum computing and explain which parts of […]
The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]
When performing Incident Response in a platform where infrastructure and data is just as quickly destroyed as it is created, speed and efficacy are paramount. While AWS provides a wide gamut of tools and capabilities to effectively harness the cloud, it’s often a daunting task to understand which tools to use for what, when, and […]
In 2013, a public report revealed a group of actors conducted targeted attacks leveraging a malware dubbed ICEFOG against mainly government organizations and the defense industry of South Korea and Japan. Little has been published about the activities of ICEFOG malware since the report was released more than six years ago. However, despite a pause […]
TACO is an acronym I use with clients to help them map controls from their software delivery pipelines to the organizational controls. TACO stands for Traceability, Access, Compliance, and Operations. The approach consists of a base list of 25 automatable controls that are documented and the control activity, artifacts and SOR identified. After mapping how […]
This exclusive session delves into the details of some of CrowdStrike’s most eye opening breach investigations of the past year and highlights the need for speed in modern security operations centers. See new research on “breakout time” and learn how you can use the 1-10-60 Rule to benchmark your organization and see if you have […]
Algorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]
In this session, we will explore how organizations can adopt a single data governance framework to discover and protect sensitive data while mitigating cyber risks, reducing storage costs and addressing increasing privacy regulations.
With the increased focus on cybersecurity over the past several years, organizations are proactively adopting security practices and deploying security solutions to harden their networks. This is in the hopes of not being the next victim of a security breach. The emphasis on securing the network perimeter has driven organizations to deploy multiple inline security […]
As enterprises face pressure amid growing internal and external compliance requirements, these organizations are looking for ways to expand visibility throughout their environments. Mark Holub offers insights on how companies can gain visibility throughout their environments to improve asset management, software inventory, vulnerability assessment, configuration compliance and more. Using real-world examples and forward-looking principles, Mark […]
Migration to Office 365, AWS, Azure, GCP and modern endpoints can be done safely when these foundational security tenants are applied: visibility, protection and control. Applying these security tenants properly requires a security framework that combines data protection, threat protection, and identity access control in an integrated and cohesive manner. This session will discuss best […]
The cybersecurity market is teeming with new tools and technologies, each promising to detect and respond to threats better than the rest. But if your business is like most, you’re probably struggling with a shortage of security-focused manpower and expertise to manage those tools with skill, speed, and precision. The reality is that effective security […]
Artificial Intelligence (AI) technology as we know it is neither good nor bad. But it seems like you can’t go anywhere these days without hearing about how every company is using the power of AI, which is often actually machine learning (ML). As ML becomes a more ubiquitous tool for problem solving purposes, it will […]
As human beings we often sense when things aren’t quite right. The same is true as it applies to cybersecurity. This session examines why human intuition is a key part of any organization’s phishing defense. Learn about the types of phishing attacks seen in the wild, how attackers evolve their tactics to avoid perimeter controls, […]
Never before has the creation and preservation of value depended so much on effective cyber security, nor has the means to “getting security right” been so complex. Many aspects of traditional security management are urgently being reconsidered as security teams seek to stay aligned with the characteristics of the modern enterprise and ahead of the […]
This presentation is a non-technical look at the benefits of threat intelligence and the challenges that organizations face when attempting to utilize and operationalize threat intelligence within their infrastructure. Existing resources (human and infrastructure), security tools, the difference between threat data sources and cybersecurity program maturity are just a few of the areas we will […]
Join Scalar, a CDW Company for a discussion on the key elements to prioritizing your security vulnerabilities and risks. Taking a holistic approach to risk management, we will help you understand how to follow best practices and manage your risk effectively and efficiently. Darren and Benjamin will go through some of the key elements that […]
When you sign a piece of code, you make a statement that it comes from your trusted brand and that you stand behind it. But what happens when that trust is broken? Recent attacks underscore the importance of managing reputational risk. As attackers become increasingly skilled in the art of signing and spreading malware, technologists […]
Risk is a balance between security and usability, when security is too restrictive users naturally find ways around it. As organizations seek to improve the user experience and while maintaining the required level of security, questions of risk arise. How do we deploy Cloud solutions with direct to Internet connectivity and still maintain visibility over […]
Amidst the ever-evolving threat landscape, 2018 was a particularly nasty year that saw an increased threat of cryptojacking to the ever-expanding reach of emotet and all of its variants. In 2019 these threats – and others – have expanded their reach and shifted away from SMBs towards enterprise businesses. Join me for a dive into […]
It is no surprise that many organizations are undergoing a digital transformation in response to a rapidly evolving security landscape. The migration to cloud, the rise in a mobile workforce, rapid proliferation of data and increasing need to collaborate across cloud applications present an added layer of complexity for organizations building out a security strategy. […]
Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review a few advanced security processes and discuss how to easily automate them using common tools in the Cloud. This approach will help you and your team increase the security […]
With 23 MCU movies, I have learned some valuable lessons surrounding cybersecurity. Why didn’t Jarvis run on a segmented network (Avengers: Age of Ultron)? Why didn’t Edith have 2-FactorAuthentication (Spider-Man: Far from Home)? Let’s explore how, if Shield had implemented cybersecurity frameworks such as Mitre ATT@CK, they could have saved New York with much less […]
Whether you are looking for industry insight, your first job, changing careers or professional development, the Career Panel and Career Fair at SecTor 2019 is for you. Join our panelists as they answer your questions and debate how different segments of the industry are viewing the type of talent they want to gain, train and […]
Quantitative risk analysis often isn’t used in security because things may be difficult to quantify. If an attack hasn’t happened before, then what is its likelihood? If no data exists, how do we know how much a breach will cost? Despite these unknowns, there are several strategies for quantifying risk. Types of unknowns: First time […]
OAuth is a popular authorization schema used by many iOS and Android apps to delegate user authentication and authorization to a known third-party entity such as Google, Facebook or LinkedIn. This includes apps that enterprises develop or use to connect to G Suite or cloud providers such as BOX and Google Firebase. When users grant […]
This presentation is a non-technical, introductory-level presentation of current APT threats (from a North American perspective). The focus of this presentation will be the geo-political environment that motivates APT activity from one nation-state to another. We will cover a selection of nation-state activities, focusing on the most prevalent and prolific. We will additionally cover a small selection of […]
This talk is the ‘grand finale’ of a four-year long investigation that started with analyzing an IoT botnet, to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertaken to […]
Have you ever wondered how security is different ‘in the cloud’? What does “Cloud Native” even mean? What is “Zero Trust”? Serverless? Just in Time (access management)? And how do we secure these things? This talk is a whirlwind intro to securing cloud computing with audience participation (open discussion) and demonstrations of various new cloud […]
Fuzzing is an automated testing technique to find vulnerabilities that can be abused in cyber-attacks in software and/or hardware. In this talk we will delve into how fuzzing is used in both offensive and defensive operations. We will demonstrate how the best security researchers in the world use fuzzing to find 0-days (previously unknown vulnerabilities), […]
FLAIR (Fuzzy simiLArIty fRamework): A comprehensive study on APT analysis using Fuzzy hash similarity algorithms by providing a framework comprises of more than 25 Fuzzy hashing algorithms Finding similar files has been a long recognized and ever-increasing need in malware research and forensic investigation. Cryptographic hash functions such as MD5, SHA1 and SHA256 are the […]
Cyber security and privacy are inextricably linked. GDPR kicked in last May, the California Consumer Privacy Act (CCPA) in June and Canada amended PIPEDA with the Digital Privacy Act in November 2018. This presentation will be two-fold: first, the presentation will explore the requirements and obligations placed on organizations by these new regulations and the […]
When adopting serverless technology, we eliminate the need to develop a server to manage our application and by doing so, we also pass some of the security threats to the infrastructure provider. However, serverless functions, even without provisioning or managing servers, still execute code. If this code is written in an insecure manner, it can […]
Many have succumbed to the various forms on ransom-based malware. Whether it is Cryptolocker, Wannacry, Crysis or the many other forms on ransomware, numerous organizations assume they are not at risk and end up having to respond to a ransomware attack without proper preparation. This presentation will include firsthand case studies and lessons learned during […]
Bluetooth Low Energy (BLE) is being used extensively in almost all the modern “Smart” devices, from smartphones and smartwatches to advanced medical equipment. This talk will introduce several new BLE hacking techniques and tools as well as techniques for performing attacks on “SMART” BLE Devices. The talk will focus on gathering enough information about BLE […]
How often have you heard that ‘Early stage startups don’t care much about Security because if there is no product, there is nothing to secure?’ Although there is merit in the argument that startups need to build product to sustain and grow, it often puts the person in charge of securing them in a tricky […]
Andrés Riancho is an application and cloud security expert who leads the open source w3af project and provides high-quality security assessment services to companies around the world. In the research field, he identified new techniques which can be used to escalate privileges in Amazon AWS infrastructures, discovered critical vulnerabilities in IPS appliances, multiple vulnerabilities in web and REST APIs, and contributed with SAP research performed at a former employer. His focus is application security, where he developed w3af, a web application attack and audit framework used extensively by security professionals. [...]
Senior Security Strategist
Kurtis works on the Field CTO Team at eSentire Inc. He helps architect and deploy solutions to prevent, detect and respond to security incidents.
Senior Security Strategist
Jacob is a Senior Security Strategist at eSentire, a Managed Detection and Response company based in Waterloo, Ontario. Jacob has worked within the MDR space for over 8 years in various roles from SOC, Operations, and Professional Services. He is mainly focused on security as it relates to networking, cloud services, and automation.
VP, Enterprise Security
Rob Knoblauch, VP Enterprise Security Scotiabank is a cybersecurity professional with over 20 years of experience protecting financial institutions from a myriad of information security risks. He serves on a variety of customer advisory boards for leading cyber security companies and speaks at various conferences on cybersecurity, AI and machine learning. Rob has a passion for building strong teams and bringing new, innovative technologies to combat the growing complexities of cyber threats. Prior to Scotiabank, Rob has worked in the Toronto Stock Exchange, Bank of Montreal, and Bird on a [...]
Senior Sales Engineer
Rob is a veteran of the cybersecurity industry with over 20 years of experience. Throughout his career he has focused on Identity governance and access management, as well as APIs and microservices. Rob’s ability to address both business and technical requirements and provide effective solutions has enabled him to become a trusted advisor for clients across multiple industries. Rob holds a Bachelor of Technology Management, a MSc in IT, and Advanced Certificates in Telecommunications Management and Enterprise Architecture. When not working with clients, he enjoys outdoor activities with family, gaming, [...]
Sr. Manager, Strategic Alliances
Madhu Mahadevan manages the SailPoint partnership at Okta. As a part of the Strategic Alliances team, he helps any organization to use any technology and enables their people to securely connect to the tools they need. Follow him on Twitter at @mmaha
Senior Security Consultant
Michael Cole is a Senior Security Consultant with Rapid7 and has been in the technology and security fields for over 17 years. He is the recovering CISO of a publicly traded bank, and has had roles in security architecture and engineering, biometrics, and security program development. Michael holds numerous professional certifications, including CISSP, CISM, and CISA, and has earned master’s degrees in both Information Security and Management and Leadership. He also has degrees in Scottish history and Golf Course Operations.
Offensive Cyber Security Analyst
Rohan is an Offensive Cyber Security Analyst at TCS where he does IOT, hardware, web and Android application hacking. He is also a part-time bug bounty hunter on Hackerone and Synack. He has found security vulnerabilities within big companies like Yahoo, Twitter, Goldman Sachs, Matomo, BrickFTP, Pixiv, etc. He has also attended a live hacking event in Nepal. Rohan has presented a talk on Microsoft Azure Bootcamp as well as delivered training on IOT, web application and Cloud hacking.
Corneliu Nitu is a computer security professional with extensive experience in the development of security solutions in several industry verticals (telecommunication, healthcare, manufacturing and ICS). With a Ph.D. in Artificial Intelligence, he has deep knowledge of intelligent technologies, which he applied to the development of cutting-edge products. As a Security Researcher with Nokia’s Threat Intelligence Lab, he is responsible for malware analysis, research of the current trends in cyber security and the creation of malware threat intelligence for Nokia’s network-based malware detection products that are deployed in mobile ISPs around [...]
Enterprise Security Analyst
Guy is an enterprise security analyst/engineer and has been with Microsoft several years, first as part of the ACE team in the Digital Security Risk Engineering org delivering threat and SDL compliance assessments on Microsoft Line of Business Web apps. Guy now works on the Open Source Security (OSS) team within the Customer Security & Trust Engineering (CST-E) organization where he is responsible for assessing the security of open source software used by Microsoft Engineering through tools, threat modeling, security code reviews, and the development of in-house security tools. His [...]
Rob VandenBrink is a consultant with Coherent Security in Ontario, Canada. He is also a volunteer with the Internet Storm Center (https://isc.sans.edu), a site that posts daily blogs on information security and related stories. His areas of specialization include all facets of Information Security, Network Infrastructure, Network and Datacentre Design, Automation, Orchestration and Virtualization. Rob has developed tools for ensuring policy compliance for VPN Access users, a variety of networking tools native to Cisco IOS, as well as security audit/assessment tools for both Palo Alto Networks Firewalls and VMware vSphere. [...]
Principal Security Architect
Chad is the Principal Security Architect at Forget Computers, Ltd., the largest and oldest Apple-focused MSSP in Chicago, IL, USA. The story of how he got into InfoSec is prolly not much different from yours, meandering over more than 15 years across infrastructure engineering, complex systems design, strategy, and lots of mentoring across sectors and industries in the US and overseas. His twitter bio sums him up nicely: Dad, ludic, neurodivergent, grateful for many gifts. Mom said, "There's always one weirdo on every bus." But I can never find them.
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool “Find Security Bugs” (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, ATLSecCon, [...]
Will Hunt (@Stealthsploit) is a cyber security consultant and former digital forensic consultant who has worked in IT security for over 10 years. He co-founded in.security, a specialist cyber security company delivering high-end consultancy and training services. He has delivered infrastructure and web hacking courses at Black Hat USA and EU, as well as training and speaking at other bespoke international events and conferences. Will also assists government in various technical, educational and advisory capacities. He runs the blog https://stealthsploit.com
Research Officer, Canada’s National Research Council
Philippe Lamontagne is a computer scientist and mathematician born and raised in Montreal. He received his Ph. D. in quantum cryptography from Université de Montréal in 2018. His thesis is focused on the provable security of quantum protocols for secure two-party computation. He worked for a year as a machine learning engineer before accepting a position of research officer at Canada's National Research Council (NRC). As a member of the NRC's cybersecurity team, his research interests include quantum-resistant algorithms, security of machine learning and lightweight cryptography for embedded devices.
Adversary Detection Team Lead
Mathieu Saulnier is a “Security Enthusiast” ©@h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. For the last 6 years he has been focused on putting in place a few SOC and has specialized in detection (Blue Team), content creation and mentorship. He currently holds the title of Senior Security Architect and acts as Adversary Detection Team Lead and Threat Hunting Team Lead for Bell Canada, one of Canada’s largest carriers. He loves to give talks and has had the honor to do so [...]
Managing Principal Consultant, SecureWorks
Jonathon Poling is a Managing Principal Consultant for Digital Forensics and Incident Response (DFIR) at Secureworks. With over 11 years of experience spanning government, contractor and private sectors, he serves as a DFIR SME in all major operating systems (Windows, Linux, Mac) including Cloud (AWS), currently focusing on Security Orchestration/Automation. He is most at home on the *nix command line, performing investigations using FOSS tools.
Chi-en Shen (Ashley) is a senior researcher working at FireEye, where she focuses on threat intelligence research. She specializes in threat hunting, malware analysis, reverse engineering, and targeted attack research. To support women in InfoSec, Ashley co-founded “HITCON GIRLS” – the first security community for women in Taiwan. Ashley is also a regular speaker at international security conferences, including Black Hat, FIRST, HITB GSEC, CODE BLUE, Troopers, HITCON, Confidence, and RESET. Ashley also serves as a review board member of Black Hat Asia, Blue Hat Shanghai and Hack in the [...]
Founder, Xodiac Inc.
Peter Maddison has been in the business of building high-performance teams and automating everything worth automating for the past couple of decades. Presently, Peter spends his time helping organizations accelerate their delivery practices as an expert coach and consultant and is equally comfortable talking about business strategy as he is talking about IT. As a part of Xodiac, Peter is on a mission to help make every team thrive.
With over 20 years of Information Technology Management and Security experience working with both Private and Public Sector in Canada, Serge Bertini is currently the VP and Country Manager for CrowdStrike in Canada. Prior to joining CrowdStrike, he was the VP and GM for the Security Division of HPE Canada. His understanding of the security challenges organizations face daily has helped his customers to develop and implement successful business-focused cyber strategies. Before HPE, he was the Regional Director for Intel Security/McAfee where he was named McAfee’s Global Sales Regional Manager [...]
Robert Falzon is currently the Head of Engineering within the office of the CTO for Check Point Software Technologies Inc., the worldwide leader in securing the Internet. His background includes over 20 years of experience in large-scale network security architecture, design, and deployment projects for government and business organizations spanning the globe. Robert currently leads a large team of the most talented cyber security engineers in the industry who are responsible for educating the market on the latest cyber security trends. Other past responsibilities have included operational, management, and developmental duties [...]
Neil is an information security and privacy risk leader with over 15 years of experience across a broad range of security/privacy risk areas and diverse industry segments.
Senior Solutions Engineer
Matthew Adams is a Network and Security Systems Engineer who has enjoyed working with Enterprise, NEMs and Service Providers for over the past ten years. During Matt’s tenor at Ixia Solutions Group, he has spent most of his time deploying large scale testing and test automation solutions for his clients. As a result, Matt has extensive experience helping clients validate and secure their local and wide area networks whilst they roll out new security and critical business applications. In addition to Matt’s extensive experience in pre-production testing along with production [...]
CISSP, CISA, MBA
Mark Holub is a Subject Matter Expert for Qualys’ policy compliance solution. With 20 years of experience across IT Security, Compliance, and IT Audit, he has helped small, medium and large enterprises with establishing strong governance and control environments. He has significant experience with building Information Security and Audit programs.
Kevin is currently the Vice President of Professional Services and Customer Strategy and is focused on Enterprise Strategy for Symantec's customers and overall Go-To-Market Strategy. Prior to his current role, Kevin was Blue Coat's Chief Information Security Officer, responsible for overall cyber risk management; he also helped lead the transition of all Security and Privacy functions to Symantec. Kevin has also led Blue Coat's worldwide Value Strategy and Customer Enablement program. With more than 20 years' experience in the IT security field, Kevin is key advisor to top commercial and [...]
Principal Product Manager
With over 20 years in the IT security space as a software developer, architect and product manager, Karl has a passion for security and a deep commitment to drive criminal syndicates and nation state actors off our networks and out of our devices. Over the years, Karl has collaborated with organizations from small businesses to national defense agencies, both to understand the threats these organizations face and to design and build the software used to defend them from adversaries. With an engineering background, Karl has patents ranging from cryptographic methods [...]
Josh Fu, CISM, CISSP, is a Security Engineer for BlackBerry Cylance. Josh has experience as a Channel Manager and consultant in cloud infrastructure and as a Sales Engineer in cybersecurity. Josh founded the West Coast chapter of the International Consortium of Minority Cybersecurity Professionals and has presented in front of industry audiences across the country.
Senior Research Engineer
Jason Meurer is the senior researcher for Cofense labs. His years of experience in the inner workings of company product offerings has been key in his bottom to top structuring of research project integrations and focus on real world needs for the research team. His current projects bring botnet tracking and target data to the forefront to give everyone the heads up they deserve.
Cyber Security Strategist
Gary Miller is a Cyber Security Strategist at Bell. For more than 20 years Gary has been assisting governments and industry organizations around the world shape appropriate and practical cyber security strategies to support their changing business. Gary has held senior executive positions within international businesses leading corporate security functions and cyber security business units. He brings a unique balance of business, IT and cyber security domain expertise. He has successfully launched new cyber security products and businesses, consulted with governments on national cyber security strategy and policy, advised on [...]
David has been deeply involved in security since the late 90’s when he started in security information and event management with one of the 3 pioneering SIEM vendors. Over the years, David has held positions both in software engineering and professional services. Within the last 8 years, made the move to sales and architecture to help customers of all sizes and verticals with solutions that will assist them in improving their security posture and mitigating risk to the business.
Darren is the Principal Consultant responsible for the Cyber Security division of Scalar Decision's Risk Advisory Services practice. He is a seasoned Management Consultant and Information Security professional with over 20 years’ experience in Information Technology operations, architecture, design, audit, and security management. During his tenure at Scalar, he has formed world-class penetration testing and vulnerability management teams; servicing clients in the Financial, Health Care, and Technology sectors. He has proficiency with the identification and quantification of security risk, assessing threats and risks based on best practice methodologies as well [...]
Manager, Risk Advisory
Benjamin is the Principal Consultant responsible for the Cyber Risk Consulting division of Scalar's Risk Advisory Services practice. He is an experienced consultant with over 10 years' experience in Information Technology sales, operations, design, audit, and management. Benjamin has implemented security programs at several large law firms, technology and software development organizations with great success. Benjamin uses his ability to design programs that are fit-for-purpose and right-size to ensure clients are able to manage their own security programs on an ongoing basis. He specializes in ISO 27001, NIST CSF, SANS [...]
Chris Hickman is the chief security officer at Keyfactor. As a member of the senior management team, Chris is responsible for establishing and maintaining Keyfactor’s leadership position as a world-class, technical organization with deep security industry expertise. He leads client success initiatives and helps integrate the voice of the customer directly into Keyfactor’s platform and capability set. Prior to joining Keyfactor, Chris was Director of Technical Services at Alacris, an Ottawa based smartcard and certificate management company, which was sold to Microsoft and is now part of the Microsoft Identity [...]
Bil Harmer is the Americas CISO at Zscaler. In this role he engages security executives at a peer level to drive strategic change and facilitate industry wide collaboration on emerging security and privacy topics. While developing the Security and Data Protection program for SuccessFactors/SAP he pioneered the processes for security and privacy compliance used by Cloud vendors today. Prior to joining Zscaler, Harmer was the Chief Security Officer at GoodData Corp and the VP Security & Cloud Privacy Officer for the Cloud Division of SAP. He has provided advisory services [...]
Consulting Systems Engineer
Raja is a Toronto-based Consulting Engineer with Aruba, a Hewlett Packard Enterprise Company. He has over 19 years of experience in Networking, including IT strategy and Enterprise Architecture for all verticals and environments of all sizes. Raja’s design and consulting experience encompasses global network designs across multi-vendor environments. As a member of Aruba’s Mobility & Access Consulting organization, Raja provides guidance on networking solutions that best enable business outcomes and user experiences for large organizations across Canada.
Threat Analytics Researcher
Austin McBride is a Threat Analytics Researcher at Cisco Umbrella who analyzes and evaluates the impact of security threats on customers, identifies unclassified threat vectors and discovers emerging trends in malware distribution. His current research focuses on the significance of cryptocurrency in the ever-evolving threat landscape, which abets malicious actors to remain anonymous while buying infrastructure and avariciously amassing profit that has been unprecedented in traditional financial markets in recent history. His background is in data mining, analytics, security research and data visualization. McBride regularly speaks at international security conferences [...]
Angelica has spent over a decade in marketing and sales roles focusing on physical and cyber security. An alum of University of Chicago and CSU Fresno (MBA), her experience includes product marketing, solutions selling and corporate branding.
Technical Director, Trend Micro Canada
As Technical Director, Albert is responsible for managing the technical field for Trend Micro Canada. With experience in a wide area of security and network related technologies for medium and large enterprises, he is passionate about targeting today’s cybersecurity challenges and tomorrow’s threat landscape. Prior to joining Trend Micro, Albert held technical roles at Citrix Systems, NetDialog and KPN.
Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations. Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies.
Asst. Prof. of Computer Science, USAF Academy
Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: SecTor Canada, Hack in Paris, France, HackCon Norway, BlackHat USA, [...]
CEO of Aleks Security Cyber Intelligence Inc.
Nick Aleks is a distinguished security engineer, speaker and researcher, and currently leads a R&D team at a large financial institution. He is one of the founding partners of DEFCON Toronto (DC416), one of Canada's largest hacker meetup communities. In partnership with TraceLabs, he organized the world's first ever OSINT CTF where hackers helped find missing persons. Nick also runs a Toronto-based ethical hacking firm and is an advisor at HackStudent, an organization that helps educate students ages 13-17 about cybersecurity.
Joe Cummins has focused his career as an offensive cybersecurity professional, and as a seasoned serial Entrepreneur within the Canadian ecosystem, has led CybernetIQ since its inception in 2009. Over the course of his career, Joe has successfully built and sold a series of innovative software platforms focused on solving real-world cybersecurity challenges and bridging the gaps within the IT and OT spaces. Products such as TOTEM (Building Management Systems), FOCAL (Unmanned Data Storage), as well as other disruptive technologies that have been developed under contract to various Private and [...]
Inna is a threat hunter at Deloitte Cyber Intelligence Center (managed security service provider) servicing clients from various industries including retail, aviation, oil and finance. She has a background in programming, database maintenance, sales and marketing and various IT positions. Previously, she worked in several small companies and served in the military in a technological unit. She is now researching application of big data analysis and machine learning for cyber threat detection.
Kevvie Fowler is the Deloitte Global Incident Response Leader and Canadian Resilient practice leader where he leads the strategy and delivery of cyber response and crisis management services. He has more than 22 years of experience assisting organizations prepare for and recover from some of the industry’s most high-profile data breaches and business disruptions. Kevvie is the author of several cyber security and forensics books and is a global authority in database forensics, using the science to better investigate breaches and minimize their impact on clients. Kevvie has served as [...]
Assistant VP Cloud Computing
Andrea Stapley is the Assistant Vice President of the Cloud Computing team globally for Sun Life Financial. She holds a BA from McMaster University and is responsible for Cloud Architecture, Engineering, Operations and Security teams as it relates to Cloud Services hosted with Amazon. Her teams are responsible for developing the Global Cloud roadmap for the Enterprise and executing on that roadmap. The teams architect the cloud solutions for Sun Life and deliver the services required from an engineering and operations perspective for their clients. Before the Cloud role, Andrea [...]
Tom Tran is penetration tester and cybersecurity expert who provides expert advice and ethical hacking services to the Government of Ontario and its various agencies, boards, and commissions. Tom has had a passion for the cybersecurity space since the early BBS days, trading hacking text files on his brand new 386 over his 2400 baud modem. More recently, his work involves convincing software companies that getting an NT Authority\SYSTEM terminal is a security vulnerability instead of a feature.
Director of Cyber Risk
Dr. Marshall Kuypers is the Director of Cyber Risk at Expanse, an SF-based startup. He received his doctorate from Stanford, focusing on data-driven methods for quantifying cyber risk. Marshall was a fellow at the Center for International Security and Cooperation (CISAC) from 2014-2016 where he worked on projects ranging from policy to technical matters in computer security. Marshall has also modeled cyber risk for the Jet Propulsion Lab and assessed supply chain risk in cyber systems with Sandia National Labs.
Senior Security Researcher
Elaheh Samani is a senior security researcher at Symantec’s Modern OS Security (MOS). She’s actively researching emerging threats targeting mobile users. Previously, she worked at Google Chrome protection with the Tailored Reverse Engineer Expertise team who focused on the analysis and reverse engineering of malware and unwanted software. She has been specializing in cyber security and development of detection systems for more than 8 years.
Entrepreneur & Technologist
Kevin Watkins is an entrepreneur and technologist with a background in security and privacy, often called upon for media interviews and to speak at industry conferences. A native of Houston, he moved to the Bay Area 15 years to join McAfee as a Research Architect, pioneering automation tools identifying mobile malware threats. Kevin founded Appthority in 2011, leading the technology that secured 25M+ in funding and becoming the leader for Fortune 1000 companies securing their enterprise from mobile threats. Appthority was acquired by Symantec in 2018, where Kevin works today [...]
Jill Sopko is an unconventional cybersecurity professional with fifteen years of experience and a bachelor’s degree in Political Science (concentration in National Security Policy), a Master of Business Administration (MBA) and a Master of Science in Homeland Security. Jill started her career doing program management at the Pentagon, later pivoting into analytical and threat intelligence work for the US Department of Defense, the US Intelligence Community, and now at NetScout.
Cybersecurity Research, GoSecure
Olivier Bilodeau leads the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys attracting embedded Linux malware, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. A passionate communicator, Olivier has spoken at several conferences such as BlackHat Europe, Defcon, Botconf, SecTor, Derbycon, HackFest and more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on applied information security, and NorthSec, Montreal’s community conference and the world’s largest on-site Capture-The-Flag.
Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student in criminology and one of Canada's decorated 150 scientific Mitacs innovators. She is also part of the NorthSec organization. With her background in economics, criminology, and now cybersecurity, she specializes in the study of crime and technology.
Senior Cloud Advocate, Microsoft
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, Women in Security and Technology (WIST) chapter leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Chief Product Officer, Cycura Inc.
Roy is a strategist, seasoned hacker and expert in cyber security, business development and project management. He has a background in security, programming, research, management, marketing and sales with a unique ability to manage multi-disciplinary projects while navigating complex cyber challenges. Roy’s passion lies in Big Data and Machine Learning, especially when applied to cyber security. As a multi-linguist of technology-driven business, he speaks fluent geek, marketer, designer, salesperson and investor.
Senior Threat Researcher
Hossein Hadian Jazi is a senior threat researcher at Cysiv Security. He is an active researcher whose research interests include APT tracking, malware analysis, cyber threat intelligence, and machine learning. Currently his focus is on detecting and tracking APT campaigns in North America as well as developing big data machine learning based models to attribute threat actors. He has been specializing in cyber security and APT analysis for over 10 years.
Fellow at Dell EMC
Radia Perlman is a Fellow at Dell EMC. Her innovations in routing protocol design made network routing more robust, more scalable, and more easily and safely configurable. She also showed how to make networks resilient to Byzantine failures. Other security-related contributions include assured time-based expiration of data from a cloud, and improved usability and security of authentication. She is the author of the textbook "Interconnections" and coauthor of the textbook "Network Security". She has been recognized with many industry honors including induction into the National Academy of Engineering, the Inventor [...]
Stas is a civil litigator focusing on insurance-related disputes. He has a broad range of experience including commercial disputes, subrogation, cyber liability, and privacy law. Stas assists companies with their risk management efforts, advises them on their cyber security and privacy policies and procedures, and assists with managing data breaches and subsequent litigation.
Head of Security Research
In the past year, Tal Melamed been experimenting in offensive and defensive security for the serverless technology as part of his role as Head of Security Research at Protego Labs. Specializing in AppSec, he has more than 15 years of experience in security research and vulnerability assessment, previously working for leading security organizations such as Synack, AppSec Labs, CheckPoint, and RSA. Tal is also the leader and creator of the OWASP Serverless Top 10 and DVSA projects.
Director, PwC Cybersecurity & Privacy
Peter is a Director in PwC’s Cybersecurity & Privacy practice. He is a senior cyber security professional with over 20 years of experience focusing on information security risk management, cyber threat incident response, threat hunting, malware analysis, and computer forensics. Peter has worked in senior positions for a number of organizations, including a national telecommunications and media company, Fortune 500 cloud-computing company, a recognized cyber security software company and most recently a major US defense contractor where he focused on developing insider threat solutions, engaging in incident response and threat [...]
Offensive Security Analyst
Yogesh Ojha is currently working as an Offensive Security Analyst at Tata Consultancy Services, Cyber Security Unit, where his primary research areas focus on Physical and IOT Security, hardware hacking and Mobile Application Security. He is responsible for corporate information security, including assessment and penetration testing. Yogesh is an avid developer who works on multiple projects that make use of machine learning, IOT and Robotics.
Security Researcher / Engineer
Kashish Mittal is a Security Researcher and Engineer and is currently is the Head of Security at MileIQ, a Microsoft startup. He has worked for companies such as Elevate Security, Duo Security, Bank of America, and Deutsche Bank. By choice, he is an ethical hacker and an addicted CTF player. He is a member of PPP (CMU's elite CTF group). He has a BS and a MS from Carnegie Mellon University with a focus on security. He is passionate about delivering security awareness and training to employees, college students and [...]