Toronto has a vibrant and active security community. Join the founders and leaders of 6 of Toronto’s most active security communities for a “fireside chat”. Why do these communities exist? What are they up to these days? What are they working on next? How can you get involved? Join what will be a fun and […]
Organizations adopting cloud-based delivery are often at a loss as to how to navigate the technological and organizational changes introduced by this movement. Are we ahead? Are we behind? Do we really need to deploy to production hourly? What about security? This presentation provides insights from 451 Research’s view of technology and security trends as […]
Most organizations conduct a vulnerability assessment or penetration test of their network as part of their security program. Testing may be conducted by employees, or by external specialists, and the results may be used to comply with regulations such as PCI DSS, or they may just satisfy your sense of “security’s being done right”. However, […]
Penetration Tests and/or Red Team Engagements are usually aimed at getting the highest level of privileges in an organization’s Active Directory domain aka Domain Admin. However, what most teams miss or simply ignore is the fact that there are things that can be done even when you have obtained Domain Admin privilege. This talk’s primary […]
Attackers keep getting cleverer with their phishing attacks and if you’re a high value target or a large enterprise you’re probably also getting many targeted attempts every day. This session will cover the best practices for O365 for detecting, removing and investigating phishing attempts against an O365 tenant.
The IoT industry is often lambasted for lax security, however it does face unique challenges. This talk brings expertise from a veteran security engineer who has spent the last few months embedded (hah!) in an IoT manufacturer, working on security from the inside. We will explore some of the unique challenges in this space, and […]
Anonymity tools such as the tor network and cryptocurrencies are increasingly adopted by fraudsters to hide their tracks. They have enabled a darknet underground economy that centers around online illicit markets which has generated over USD$500 million in sales in the past year. Within online illicit markets, fraudsters create profiles and post ads for their […]
All smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product. Instead, there is an implicit trust that they just work and that the security features in the datasheet do what they say. This is especially problematic when the […]
The intersections between IT, OT, and (I)IOT has continued to fuse multiple domains within the organization. And in a world where we need to fully understand our security posture and react to the world around us, visualization is key. During this presentation we will dive deep on the toolsets, tradecraft and methodologies to render (visualize) […]
It’s safe to assume that many people reading this text have heard of using the Remote Desktop Protocol (RDP) to connect to other machines. But has anyone ever considered that merely using RDP can compromise their own computer? In this talk, we will not be covering a typical RDP vulnerability where a server is attacked […]
The PowerShell bubble has burst. With offensive use going down and detections and defences rising, the need for an alternative means to operate offensively against Windows environments is well underway and a big part of that is due to C# and .NET. In this presentation, Lee will take the audience through the rise of weaponized […]
Our future is inseparable from technology and the choices we make will determine if we trust or fear the infrastructure our societies are built on. We as the people that dream, design, implement and talk about technology are seminal to determining which direction the world around us takes. What we do and say today really […]
From startups to large enterprise to academia, Canada has more influence on the global security market and innovation than one might expect. This panel will discuss Canadian businesses’ stance in IT security and take a forward look at what it will take to become a stronger competitor in world markets. Expect conversation from funding innovative startups to […]
The Zero Trust security model assumes a hostile network with relentless external and internal threats. Authenticating and authorizing every device, user and network flow requires real-time algorithmic processing of telemetry from as many sources of data as possible. Applying mature machine learning data science to the Zero Trust problem provides a wholistic solution to multiple […]
CIPPIC is the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic, Canada’s only public interest technology law clinic. CIPPIC is based at the University of Ottawa’s Centre for Law Technology and Society. In this session, CIPPIC staff will review the year’s legal developments in cybersecurity and provide a look ahead at what we might expect […]
Cryptographers focus on provably secure cryptographic primitives. Standards bodies focus on syntax of messages. But there are many system issues that get ignored, leading to interesting security problems. Examples include trust models for PKI, misuse of web cookies, naming issues, and placing unreasonable demands on users. This session provides lessons on and mechanisms for avoiding […]
There’s a torrent of unmanaged, un-agentable devices sweeping across businesses in every industry. From devices like smart TVs, MRI machines, patient infusion pumps, industrial device controllers, and manufacturing robotic arms, to printers, smartwatches, smart HVACs, and badge readers. These devices form an attack surface which is neither protected by nor monitored by traditional security products. […]
During a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if […]
The purpose of this session is to explain the less well-known aspects of the Canadian Anti-Spam Legislation (CASL or the Act) and illustrate those in action through a series of case studies based on the actual enforcement activities of the Canadian Radio-television and Telecommunications Commission (CRTC). In so doing, we aim to position CASL as […]
Life is rough for a security leader! The security product landscape is increasingly complicated but seems to always lag behind malicious actor capabilities. Organizations need proven security programs that demonstrate visible ROI, but once-vaunted security concepts have been sacrificed upon the altars of speed and mobility. Organizational leadership-level involvement has never been greater, offering access […]
In order to save the security industry, someone had to quit or be fired. Is this the ultimate fail or the only way to beat Thanos? This year’s panel includes all the best viewpoints: a vendor, an academic, a startup, and a quitter. Half the panel does more operations work than security work and has […]
This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps: Identify a server-side request forgery Gain access to instance meta-data credentials Enumerate IAM permissions Privilege escalation Connecting to internal VPC services via VPN Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot […]
Threat hunting in the cloud is something that is not often talked about from a security strategy perspective. This talk will specifically cover techniques that can be used to support hunting within cloud environments. Recently, we have seen both Amazon and Microsoft release traffic mirroring capabilities within cloud environments which has allowed traditional network security solutions […]
Behavioral analytics helps IT professionals predict and understand consumer trends, but it can also assist CISOs in understanding potential threats—and unearthing them before they wreak major havoc. Additionally, automation helps to respond rapidly, thus reducing your mean time to resolve (MTTR) and improve SOC efficiency. Join this session to discuss: Using behavior analytics as a […]
The evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]
It was the best of times, it was the worst of times… that pretty much sums up infosec today. We can’t figure out how to align to our businesses effectively, we love our silos, and constantly hire the wrong people. This presentation will address common issues in information security and people leadership areas, giving you […]
Cars are no longer simply mechanical. While they may be getting more advanced that doesn’t mean they are immune to hacks. One particularly sensitive entry point for hacking a car is the legally required OBD II port, which is basically “the Ethernet jack for your car”. This port works on a signaling protocol called CAN […]
This presentation focuses on the malicious actors’ efforts to introduce and spread malicious apps through the Google Play app store, and how various players (consumers, internet providers, security firms, etc.) can help to thwart these efforts. One of the most common ways of conducting cyber security attacks (beside phishing) is through trojenized applications that end […]
Modern software applications are complex, highly integrated collections of components, authored by dozens or even hundreds of individuals, and the rise of open source has taken this complexity to the next level. As an end-user, how well do you understand what a piece of software is *actually* doing, under the hood? Is your favorite string […]
The CIS Critical Controls are recognized as a good start in setting up a defensible infrastructure. They are platform / OS agnostic, aren’t driven by vendor agendas, and are very much community and volunteer driven. In this talk, we’ll discuss a typical organization, one that we’d see in many security engagements. We’ll discuss the various […]
While we continue to support the concepts of compliance, defense, governance, and prevention, it’s time to shift our focus beyond those measures with more emphasis on strategic response to incidents. This talk offers real stories of failure and practical, quick-win lessons on how to be prepared to respond quickly, accurately, and confidently when incidents occur. […]
The Web application development lifecycle has numerous security activities. For developers, code review is a familiar recurring activity. To support Java developers, a project was started in 2012 called, “Find Security Bugs” (FSB). It is an extension of the SpotBugs project, formerly known as FindBugs. FSB is a community static analysis tool which targets specific vulnerabilities. Over the years FSB has evolved from a limited tool to a solid coverage of bug […]
I will recap traditional cracking techniques before utilising combinator attacks to challenge recent password guidance of passphrases over passwords. I will then focus on more advanced methods, leveraging additional tools to launch attacks such as Fingerprint, PRINCE and Purple Rain. Non-deterministic techniques will be shown that are designed for infinite runtime, resulting in candidate generation […]
In recent years, the threat to the public key infrastructure posed by quantum computers has gained some attention. Standards agencies such as NIST and ETSI have begun efforts to standardize encryption and signature algorithms that are quantum resistant. This talk will introduce attendees to the threat posed by quantum computing and explain which parts of […]
The goal of the talk is to answer a few questions we often see or hear : “ATT&CK is nice and all, but how do I (we) get started?”, “How can I (we) detect those TTP?”, “Why use the ATT&CK Framework?”, etc. The ATT&CK Framework from Mitre is the new honest in the InfoSec world. […]
When performing Incident Response in a platform where infrastructure and data is just as quickly destroyed as it is created, speed and efficacy are paramount. While AWS provides a wide gamut of tools and capabilities to effectively harness the cloud, it’s often a daunting task to understand which tools to use for what, when, and […]
In 2013, a public report revealed a group of actors conducted targeted attacks leveraging a malware dubbed ICEFOG against mainly government organizations and the defense industry of South Korea and Japan. Little has been published about the activities of ICEFOG malware since the report was released more than six years ago. However, despite a pause […]
TACO is an acronym I use with clients to help them map controls from their software delivery pipelines to the organizational controls. TACO stands for Traceability, Access, Compliance, and Operations. The approach consists of a base list of 25 automatable controls that are documented and the control activity, artifacts and SOR identified. After mapping how […]
This exclusive session delves into the details of some of CrowdStrike’s most eye opening breach investigations of the past year and highlights the need for speed in modern security operations centers. See new research on “breakout time” and learn how you can use the 1-10-60 Rule to benchmark your organization and see if you have […]
Algorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]
In this session, we will explore how organizations can adopt a single data governance framework to discover and protect sensitive data while mitigating cyber risks, reducing storage costs and addressing increasing privacy regulations.
With the increased focus on cybersecurity over the past several years, organizations are proactively adopting security practices and deploying security solutions to harden their networks. This is in the hopes of not being the next victim of a security breach. The emphasis on securing the network perimeter has driven organizations to deploy multiple inline security […]
As enterprises face pressure amid growing internal and external compliance requirements, these organizations are looking for ways to expand visibility throughout their environments. Mark Holub offers insights on how companies can gain visibility throughout their environments to improve asset management, software inventory, vulnerability assessment, configuration compliance and more. Using real-world examples and forward-looking principles, Mark […]
The cybersecurity market is teeming with new tools and technologies, each promising to detect and respond to threats better than the rest. But if your business is like most, you’re probably struggling with a shortage of security-focused manpower and expertise to manage those tools with skill, speed, and precision. The reality is that effective security […]
As human beings we often sense when things aren’t quite right. The same is true as it applies to cybersecurity. This session examines why human intuition is a key part of any organization’s phishing defense. Learn about the types of phishing attacks seen in the wild, how attackers evolve their tactics to avoid perimeter controls, […]
Never before has the creation and preservation of value depended so much on effective cyber security, nor has the means to “getting security right” been so complex. Many aspects of traditional security management are urgently being reconsidered as security teams seek to stay aligned with the characteristics of the modern enterprise and ahead of the […]
This presentation is a non-technical look at the benefits of threat intelligence and the challenges that organizations face when attempting to utilize and operationalize threat intelligence within their infrastructure. Existing resources (human and infrastructure), security tools, the difference between threat data sources and cybersecurity program maturity are just a few of the areas we will […]
Join Scalar, a CDW Company for a discussion on the key elements to prioritizing your security vulnerabilities and risks. Taking a holistic approach to risk management, we will help you understand how to follow best practices and manage your risk effectively and efficiently. Darren and Benjamin will go through some of the key elements that […]
When you sign a piece of code, you make a statement that it comes from your trusted brand and that you stand behind it. But what happens when that trust is broken? Recent attacks underscore the importance of managing reputational risk. As attackers become increasingly skilled in the art of signing and spreading malware, technologists […]
Risk is a balance between security and usability, when security is too restrictive users naturally find ways around it. As organizations seek to improve the user experience and while maintaining the required level of security, questions of risk arise. How do we deploy Cloud solutions with direct to Internet connectivity and still maintain visibility over […]
Brian has a passion for security and has been an active member of the IT security community for over 25 years. Being part of the IT community has always been important to Brian and his entrepreneurial spirit and industry experiences are what helped establish TASK and SecTor. Brian was the founder of CMS Consulting Inc. and Infrastructure Guardian Inc. which became part of New Signature. The two organizations (professional services and managed services respectively) provided deep Microsoft expertise working with mid to large enterprise customers. After handing over the reins, [...]
CEO of Aleks Security Cyber Intelligence Inc.
Nick Aleks is a leader in Toronto's security community. He is a distinguished security engineer, speaker and researcher. Nick is one of the founding partners of DEFCON Toronto (DC416), one of Canada’s largest hacker meetup communities. In partnership with TraceLabs, he organized the world’s first ever OSINT CTF where hackers helped find missing persons. He also runs a Toronto-based ethical hacking firm and is an advisor at HackStudent, an organization that helps educate students ages 13-17 about cybersecurity.
OWASP Toronto Chapter Co-Lead
Opheliar Chan spends most of her time trying to make application security more accessible, pragmatic, and FUD-free, both as Director of Advisory at Security Compass, and while moonlighting as co-lead of the OWASP Toronto Chapter. For over a decade, she has focused on application security, SDLC process consulting and implementations, program building, penetration testing/vulnerability assessments, and related. Prior to her career in consulting, she worked in security research, web application development, and technical writing. You can usually find her in-person at OWASP Toronto Meetups, or at firstname.lastname@example.org.
By day Max Cizauskas is the manager of Threat Prevention at IGM Financial, implementing blue team policies and practices and advising on how projects can apply security across their cloud dev ops endeavours. By night Max focuses on helping people bridge the gap to get into information security. He shares his perspective on the most important practices that can be implemented across all practices through being a committee member of the Toronto Area Security Klatch (TASK) and the BSides Toronto annual conference, as well as the host of the infrequent [...]
Lee Kagan is a sr. principal offensive RnD specialist at Symantec, the co-founder of RedBlack Security in Toronto and co-creator of the Canadian Collegiate Cyber Exercise (C3X). Lee has been professionally active since 2010 and focuses on advanced Windows attack and defence, command and control infrastructure design and adversary systems in general.
Leader in Cybersecurity Field and CoFounder
Helen Oakley is a cybersecurity enthusiast, researcher and educator. She takes on a leadership security role at a global leading software provider. Helen is currently working on her own cybersecurity research project and strongly believes in giving back to the community. Helen is a lead of Toronto’s community group “Leading Cyber Ladies” and HackStudent.com teacher, which is a non-profit organization that educates kids in cybersecurity skills.
Fernando Montenegro is a principal industry analyst and management consultant with 451 Research, focusing on analyzing market trends and providing strategic advice on topics related to modern security markets: cloud security, endpoint security and others. His previous experience includes pre- and post-sales technical roles and consulting roles with vendors in enterprise security such as Hewlett Packard, RSA and others. He has worked with organizations in Canada, Latin America, and the US. His areas of interest include security economics - particularly behaviour economics - data science, including machine learning, and cybercrime. [...]
Robert Beggs breaks into computers and data networks. As an ethical hacker and incident responder, he identifies and closes the vulnerabilities that could be exploited to create a security breach. He has been responsible for the technical leadership and project management of multiple successful responses to data loss. His experience has driven the development of the AIM methodology, used to effectively respond to a breach. His clients range from banks and insurance companies to small and medium enterprises. Robert holds an MBA in Science and Technology from Queen's University and [...]
Information Security Consultant
I work as an Information Security Consultant at eSentire. Being a cybersecurity enthusiast, I have worked in both capacities (as a Blue teamer in SOC) and presently working in Red Team. I’ve completed a few certifications such as CCNA and OSCP. I am currently working on Advanced Active Directory Attacks and Methodologies and learning about pentesting techniques against popular Cloud infrastructures such as AWS and Azure. Infosec is all about learning which makes me feel right at home, which is why I love to learn, and I love to give [...]
Practice Group Lead, New Signature
Jim Banach is the North American Practice Group Lead for Modern Workplace at New Signature. Jim has been absorbed in Information Technology for the past 20 years focusing on helping customers realize the value of their investments in productivity solutions. Jim has a long history in messaging and communications technologies including Exchange, Skype for Business / Teams, and Office 365.
Director of Security, Ecobee
Lee has worked within Information Security for over a decade. In that time he has held positions ranging from hands-on practitioner through to management across a number of industry verticals, he is currently the Director of Security at Ecobee. He has spoken on topics ranging from malware analysis to network security and surveillance.
Co-founder and CEO, Flare
Mathieu Lavoie is co-founder and CEO of Flare. He obtained his B.Eng. from the ÉTS. After being a malware researcher for a few years, he worked as a pentester and then as a security team lead in a large financial institution. He was also a strategic advisor for senior executives regarding cybersecurity and blockchain initiatives. He has spoken at security conferences such as HOPE, Hackfest and NorthSec about his open-source Bitcoin forensic tool called Bitcluster.
Researcher and Founder, Leveldown Security
Thomas Roth is a security researcher and founder of leveldown security. His focus is on mobile and embedded systems with published research on topics such as TrustZone, payment terminals, embedded and chip security. In recent years, his focus has been on critical infrastructure and communication, with published research on industrial control systems, industrial IoT devices and secure communication. In 2018, Thomas Roth and his research were named as one of the 30 under 30 in Technology by the Forbes Magazine and was named TCCA Young Engineer of the Year 2018.
Joe Cummins has focused his career as an offensive cybersecurity professional, and as a seasoned serial Entrepreneur within the Canadian ecosystem, has led CybernetIQ since its inception in 2009. Over the course of his career, Joe has successfully built and sold a series of innovative software platforms focused on solving real-world cybersecurity challenges and bridging the gaps within the IT and OT spaces. Products such as TOTEM (Building Management Systems), FOCAL (Unmanned Data Storage), as well as other disruptive technologies that have been developed under contract to various Private and [...]
Security Software Engineer
Dana Baril is a security software engineer with experience in some of the world's leading technology giants. She started her career in an elite Israeli military cyber intelligence unit, proceeded to a big data startup, and then joined Google in its Zurich HQ. For the past 3 years she has been working on Windows Defender Advanced Threat Protection at Microsoft, researching and developing new cyber security threat detections. Dana is passionate about Operating Systems and Windows Internals. Dana is an active volunteer with high school students, training the next generation [...]
Founder and CEO, DEF CON/Black Hat Briefings
A career spent at the intersection of hacking, professional cybersecurity and Internet governance gives Jeff Moss a unique perspective on information security. Mr. Moss is the founder and CEO of the DEF CON hacker conference and the founder of Black Hat Briefings, two of the world's most influential information security events. Mr. Moss also served as the CSO/VP of ICANN (the Internet Corporation for Assigned Names and Numbers). His corporate experience includes work with Ernst & Young. LLC and a directorship at Secure Computing. Mr. Moss serves on the Board [...]
Brian O’Higgins is an Angel Investor and Board Member. Brian O’Higgins has over 30 years experience as a leader in security technology development for enterprise and government customers—possibly known best for his role pioneering PKI (public key infrastructure)— and as the co-founder and Chief Technology Officer of Entrust, a leading Internet Security Company. He was also a co-founder and Chief Technology Officer of Third Brigade, a provider of security products for physical and virtualized servers that was acquired by Trend Micro in 2009. Brian's approach to security is both [...]
Stephan Jou is CTO of Interset, a Micro Focus company, a leading-edge cybersecurity and In-Q-Tel portfolio company that uses machine learning and behavioral analytics. Jou currently leads both Interset and various analytics-related initiatives for Micro Focus’ security division. Previous to Interset, Jou has been at IBM and Cognos where he led the development of over 10 products in the areas of cloud computing, mobile, visualization, semantic search, data mining and neural networks. Jou holds a M.Sc. in Computational Neuroscience and Biomedical Engineering, and a dual B.Sc. in Computer Science and [...]
Leo is a veteran of both the corporate and entrepreneurial sides of the telecom industry. As CEO and co-founder of Skypoint Capital, a venture capital firm that specializes in telecom, he served as principal for each successive telecom fund within the firm. Before creating Skypoint, he was Assistant Vice President and member of the Chairman’s Executive Council at Newbridge Networks. Leo established the Newbridge Affiliates Program in 1992, and was instrumental in the launch of 16 Newbridge affiliates. Leo holds a Bachelor of Electrical Engineering degree from McGill University in [...]
Senior Vice President of Global Marketing
As the head of global marketing at Trend Micro, Leah MacMillan is responsible for the marketing strategy, message and brand image that drives awareness, interest and preference for the company and its solutions. As the ‘chief storyteller’, she is passionate about products and innovation, and strives to find compelling and creative ways to express Trend Micro’s story to customers, partners, analysts, media, shareholders and employees. Leah’s unwavering love for software development and high-tech marketing began almost 30 years ago when she first joined Corel Corporation, a dynamic consumer graphics software [...]
Michele Mosca is co-founder of the Institute for Quantum Computing at the University of Waterloo, a Professor in the Department of Combinatorics & Optimization of the Faculty of Mathematics, and a founding member of Waterloo's Perimeter Institute for Theoretical Physics. He was the founding Director of CryptoWorks21, a training program in quantum-safe cryptography. He is a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography, and the not-for-profit Quantum-Safe Canada. He co-founded evolutionQ Inc. to support organizations as they evolve their quantum-vulnerable systems to quantum-safe ones and softwareQ Inc. to [...]
Principal Security Engineer, BlackBerry Cylance
Chris Pittman has worked in enterprise information technology since 1993 and has specialized in cyber security for the last 14 years. He worked in security and controls and incident response for the Ford Motor Company before moving to the security vendor space in 2008. As a sales engineer at BlackBerry Cylance, he provides technical and security guidance to global enterprises interested in implementing AI-based endpoint security solutions. He holds SEC+, CISSP and a Master of Information Assurance in Digital Forensics, which he also teaches at Eastern Michigan University.
General Counsel, CIPPIC
David Fewer is General Counsel of the University of Ottawa’s Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC), Canada’s only public interest technology law clinic. CIPPIC’s mandate is to advocate for balance in policy and law-making on issues arising out of new technologies. David joined CIPPIC in November 2004. His work focuses on training students in effective legal advocacy, producing public education materials, and articulating a public interest perspective in public policy debates and important court cases at the intersection of law and technology. David graduated with a B.A. [...]
Fellow at Dell EMC
Radia Perlman is a Fellow at Dell EMC. Her innovations in routing protocol design made network routing more robust, more scalable, and more easily and safely configurable. She also showed how to make networks resilient to Byzantine failures. Other security-related contributions include assured time-based expiration of data from a cloud, and improved usability and security of authentication. She is the author of the textbook "Interconnections" and coauthor of the textbook "Network Security". She has been recognized with many industry honors including induction into the National Academy of Engineering, the Inventor [...]
Co-Founder and CTO, Armis
Nadir Izrael is co-founder and CTO at Armis and drives the technology vision behind the platform. He served six years in the Israeli army’s Cyber Intelligence unit where he designed and programmed software systems and attained the rank of captain. He graduated Summa Cum Laude from Technion-Israel Institute of Technology where he studied computer science and physics. In the following years, he worked for Google as a software engineer manager. Nadir enjoys creating simulations of particle systems and cosmological models and is experienced in applied machine learning algorithms and statistical [...]
Chuck Ben-Tzur is an IT Security professional with over 15 years of experience as a consultant and a senior manager. Chuck has helped leading Canadian and international organizations to build their corporate security program, assess and implement effective security controls and maintain ongoing compliance. To keep his technical knowledge fresh and up-to-date, Chuck likes to “keep his hands dirty” by researching the security of new technologies and is continuously performing hands-on penetration testing, vulnerability assessments and threat risk analysis. Chuck has presented at many conferences and in front of professional [...]
Director, Electronic Commerce Enforcement, CRTC
Neil Barratt joined the Compliance & Enforcement team at the CRTC in May 2017. As Director, Electronic Commerce Enforcement, he is responsible for ensuring compliance with Canada’s Anti-Spam Legislation including outreach and enforcement activities. Under his leadership, the CASL team has prioritised the disruption of malicious activity that harms Canadians and undermines trust in the digital economy. Neil has also overseen a renewed focus on transparency, developing and publishing clear guidance to stakeholders and the public. Neil has over a decade of experience in policy development and implementation. Most recently, [...]
Director of Service Delivery, Canada / Global Executive Services Director - Optiv
A highly accomplished senior leader with more than 20 years of experience in the defense, financial, retail, technology, and professional services industries. Leveraging knowledge in leadership, risk and compliance management, cyber security, and data governance, Chris has built and lead comprehensive programs that combine emerging technologies and risk-based governance. Chris has led globally dispersed teams focusing in security operations, incident investigation and response, enterprise risk management, compliance, red/blue team attack and penetration services, sales, and marketing. As a subject matter expert, he has authored numerous articles and been regularly cited [...]
James Arlen is Aiven.io’s CISO bringing a mix of security and engineering background to DBaaS (database as a service). Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Salesforce Heroku, James is a Contributing Analyst at the research firm Securosis, blogger/podcaster with Liquidmatrix [...]
Analyst/Securosis, CISO/DisruptOps, Securosis, L.L.C.
Rich Mogull has twenty years experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having starting working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, [...]
Nick is the program coordinator for, and professor in, Sheridan College’s Honours Bachelor of Applied Information Sciences (Information Systems Security) degree program. Previous to his role in academia, Nick led an incident response team, worked as a computer forensic investigator, programmer, penetration tester, secure code auditor and general InfoSec consultant. You can find Nick on Twitter at @nickinfosec where he’ll either be tweeting cringe-worthy cyberpuns or asking beginner electronics/maker questions.
Global Security Advocate
Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.
Andrés Riancho is an application and cloud security expert who leads the open source w3af project and provides high-quality security assessment services to companies around the world. In the research field, he identified new techniques which can be used to escalate privileges in Amazon AWS infrastructures, discovered critical vulnerabilities in IPS appliances, multiple vulnerabilities in web and REST APIs, and contributed with SAP research performed at a former employer. His focus is application security, where he developed w3af, a web application attack and audit framework used extensively by security professionals. [...]
Senior Security Strategist
As a member of eSentire's Security Strategy team, Kurtis Armour is responsible for finding new and innovative ways to protect customers. As a regular conference speaker, Kurtis is inquisitive and dedicated to the cybersecurity industry and furthers research endeavors. He holds an OSCP certification which helps him understand the needs and requirements of organizations on the defensive side. Kurtis' current research focuses on cloud and endpoint security as it pertains to the managed detection and response industry. Kurtis holds a Bachelor of Technology from Seneca College.
Senior Security Strategist
Jacob is a Senior Security Strategist at eSentire, a Managed Detection and Response company based in Waterloo, Ontario. Jacob has worked within the MDR space for over 8 years in various roles from SOC, Operations, and Professional Services. He is mainly focused on security as it relates to networking, cloud services, and automation.
VP, Enterprise Security
Rob Knoblauch, VP Enterprise Security Scotiabank is a cybersecurity professional with over 20 years of experience protecting financial institutions from a myriad of information security risks. He serves on a variety of customer advisory boards for leading cyber security companies and speaks at various conferences on cybersecurity, AI and machine learning. Rob has a passion for building strong teams and bringing new, innovative technologies to combat the growing complexities of cyber threats. Prior to Scotiabank, Rob has worked in the Toronto Stock Exchange, Bank of Montreal, and Bird on a [...]
Senior Sales Engineer
Rob is a veteran of the cybersecurity industry with over 20 years of experience. Throughout his career he has focused on Identity governance and access management, as well as APIs and microservices. Rob’s ability to address both business and technical requirements and provide effective solutions has enabled him to become a trusted advisor for clients across multiple industries. Rob holds a Bachelor of Technology Management, a MSc in IT, and Advanced Certificates in Telecommunications Management and Enterprise Architecture. When not working with clients, he enjoys outdoor activities with family, gaming, [...]
Sr. Manager, Strategic Alliances
Madhu Mahadevan manages the SailPoint partnership at Okta. As a part of the Strategic Alliances team, he helps any organization to use any technology and enables their people to securely connect to the tools they need. Follow him on Twitter at @mmaha
Senior Security Consultant
Michael Cole is a Senior Security Consultant with Rapid7 and has been in the technology and security fields for over 17 years. He is the recovering CISO of a publicly traded bank, and has had roles in security architecture and engineering, biometrics, and security program development. Michael holds numerous professional certifications, including CISSP, CISM, and CISA, and has earned master’s degrees in both Information Security and Management and Leadership. He also has degrees in Scottish history and Golf Course Operations.
Rohan Aggarwal is a full-time Bug Bounty hunter (HackerOne and Synack). He has found security vulnerabilities in big companies like Yahoo, Twitter, Goldman Sachs, Matomo, BrickFTP, and Pixiv. He has attended various live hacking events such as HackerOne h1-2004 and BountyBash. Rohan previously worked as an Offensive Security Analyst at TCS where he did Web/Mobile Pentesting, IOT and Automotive Security. He presented at SecTor 2019 (Car Hacking on Simulation) and at Microsoft’s Azure Bootcamp and has delivered training on IOT, Web Application and Cloud Hacking.
Corneliu Nitu is a computer security professional with extensive experience in the development of security solutions in several industry verticals (telecommunication, healthcare, manufacturing and ICS). With a Ph.D. in Artificial Intelligence, he has deep knowledge of intelligent technologies, which he applied to the development of cutting-edge products. As a Security Researcher with Nokia’s Threat Intelligence Lab, he is responsible for malware analysis, research of the current trends in cyber security and the creation of malware threat intelligence for Nokia’s network-based malware detection products that are deployed in mobile ISPs around [...]
OSS Security Analyst/Engineer, Microsoft
Guy is an enterprise security analyst/engineer and has been with Microsoft several years, first as part of the ACE team in the Digital Security Risk Engineering org delivering threat and SDL compliance assessments on Microsoft Line of Business Web apps. Guy now works on the Open Source Security (OSS) team within the Customer Security & Trust Engineering (CST-E) organization where he is responsible for assessing the security of open source software used by Microsoft Engineering through tools, threat modeling, security code reviews, and the development of in-house security tools. His [...]
Rob VandenBrink is a consultant with Coherent Security in Ontario, Canada. He is also a volunteer with the Internet Storm Center (https://isc.sans.edu), a site that posts daily blogs on information security and related stories. His areas of specialization include all facets of Information Security, Network Infrastructure, Network and Datacentre Design, Automation, Orchestration and Virtualization. Rob has developed tools for ensuring policy compliance for VPN Access users, a variety of networking tools native to Cisco IOS, as well as security audit/assessment tools for both Palo Alto Networks Firewalls and VMware vSphere. [...]
Principal Security Architect
Chad is the Principal Security Architect at Forget Computers, Ltd., the largest and oldest Apple-focused MSSP in Chicago, IL, USA. The story of how he got into InfoSec is prolly not much different from yours, meandering over more than 15 years across infrastructure engineering, complex systems design, strategy, and lots of mentoring across sectors and industries in the US and overseas. His twitter bio sums him up nicely: Dad, ludic, neurodivergent, grateful for many gifts. Mom said, "There's always one weirdo on every bus." But I can never find them.
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool “Find Security Bugs” (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, ATLSecCon, [...]
Will Hunt (@Stealthsploit) is a cyber security consultant and former digital forensic consultant who has worked in IT security for over 10 years. He co-founded in.security, a specialist cyber security company delivering high-end consultancy and training services. He has delivered infrastructure and web hacking courses at Black Hat USA and EU, as well as training and speaking at other bespoke international events and conferences. Will also assists government in various technical, educational and advisory capacities. He runs the blog https://stealthsploit.com
Research Officer, Canada’s National Research Council
Philippe Lamontagne is a computer scientist and mathematician born and raised in Montreal. He received his Ph. D. in quantum cryptography from Université de Montréal in 2018. His thesis is focused on the provable security of quantum protocols for secure two-party computation. He worked for a year as a machine learning engineer before accepting a position of research officer at Canada's National Research Council (NRC). As a member of the NRC's cybersecurity team, his research interests include quantum-resistant algorithms, security of machine learning and lightweight cryptography for embedded devices.
Sr Manager Incident Response
Mathieu Saulnier is a “Security Enthusiast” ©@h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. Since 2011, he has been focused on putting in place SOC and has specialized in detection (Blue Team), content creation and mentorship. He worked as a Senior Security Architect and acted as Adversary Detection Team Lead and Threat Hunting Team Lead for one of Canada’s largest carriers for more than a decade. He is now Sr Manager Incident Response at Syntax. He loves to give talks and has had [...]
Managing Principal Consultant, SecureWorks
Jonathon Poling is a Managing Principal Consultant for Digital Forensics and Incident Response (DFIR) at Secureworks. With over 11 years of experience spanning government, contractor and private sectors, he serves as a DFIR SME in all major operating systems (Windows, Linux, Mac) including Cloud (AWS), currently focusing on Security Orchestration/Automation. He is most at home on the *nix command line, performing investigations using FOSS tools.
Chi-en Shen (Ashley) is a senior researcher working at FireEye, where she focuses on threat intelligence research. She specializes in threat hunting, malware analysis, reverse engineering, and targeted attack research. To support women in InfoSec, Ashley co-founded “HITCON GIRLS” – the first security community for women in Taiwan. Ashley is also a regular speaker at international security conferences, including Black Hat, FIRST, HITB GSEC, CODE BLUE, Troopers, HITCON, Confidence, and RESET. Ashley also serves as a review board member of Black Hat Asia, Blue Hat Shanghai and Hack in the [...]
Founder, Xodiac Inc.
Peter Maddison has been in the business of building high-performance teams and automating everything worth automating for the past couple of decades. Presently, Peter spends his time helping organizations accelerate their delivery practices as an expert coach and consultant and is equally comfortable talking about business strategy as he is talking about IT. As a part of Xodiac, Peter is on a mission to help make every team thrive.
With over 20 years of Information Technology Management and Security experience working with both Private and Public Sector in Canada, Serge Bertini is currently the VP and Country Manager for CrowdStrike in Canada. Prior to joining CrowdStrike, he was the VP and GM for the Security Division of HPE Canada. His understanding of the security challenges organizations face daily has helped his customers to develop and implement successful business-focused cyber strategies. Before HPE, he was the Regional Director for Intel Security/McAfee where he was named McAfee’s Global Sales Regional Manager [...]
Robert Falzon is currently the Head of Engineering within the office of the CTO for Check Point Software Technologies Inc., the worldwide leader in securing the Internet. His background includes over 20 years of experience in large-scale network security architecture, design, and deployment projects for government and business organizations spanning the globe. Robert currently leads a large team of the most talented cyber security engineers in the industry who are responsible for educating the market on the latest cyber security trends. Other past responsibilities have included operational, management, and developmental duties [...]
Neil is an information security and privacy risk leader with over 15 years of experience across a broad range of security/privacy risk areas and diverse industry segments.
Senior Solutions Engineer
Matthew Adams is a Network and Security Systems Engineer who has enjoyed working with Enterprise, NEMs and Service Providers for over the past ten years. During Matt’s tenor at Ixia Solutions Group, he has spent most of his time deploying large scale testing and test automation solutions for his clients. As a result, Matt has extensive experience helping clients validate and secure their local and wide area networks whilst they roll out new security and critical business applications. In addition to Matt’s extensive experience in pre-production testing along with production [...]
CISSP, CISA, MBA
Mark Holub is a Subject Matter Expert for Qualys’ policy compliance solution. With 20 years of experience across IT Security, Compliance, and IT Audit, he has helped small, medium and large enterprises with establishing strong governance and control environments. He has significant experience with building Information Security and Audit programs.
Principal Product Manager
With over 20 years in the IT security space as a software developer, architect and product manager, Karl has a passion for security and a deep commitment to drive criminal syndicates and nation state actors off our networks and out of our devices. Over the years, Karl has collaborated with organizations from small businesses to national defense agencies, both to understand the threats these organizations face and to design and build the software used to defend them from adversaries. With an engineering background, Karl has patents ranging from cryptographic methods [...]
Senior Research Engineer
Jason Meurer is the senior researcher for Cofense labs. His years of experience in the inner workings of company product offerings has been key in his bottom to top structuring of research project integrations and focus on real world needs for the research team. His current projects bring botnet tracking and target data to the forefront to give everyone the heads up they deserve.
Cyber Security Strategist
Gary Miller is a Cyber Security Strategist at Bell. For more than 20 years Gary has been assisting governments and industry organizations around the world shape appropriate and practical cyber security strategies to support their changing business. Gary has held senior executive positions within international businesses leading corporate security functions and cyber security business units. He brings a unique balance of business, IT and cyber security domain expertise. He has successfully launched new cyber security products and businesses, consulted with governments on national cyber security strategy and policy, advised on [...]
David has been deeply involved in security since the late 90’s when he started in security information and event management with one of the 3 pioneering SIEM vendors. Over the years, David has held positions both in software engineering and professional services. Within the last 8 years, made the move to sales and architecture to help customers of all sizes and verticals with solutions that will assist them in improving their security posture and mitigating risk to the business.
Darren is the Principal Consultant responsible for the Cyber Security division of Scalar Decision's Risk Advisory Services practice. He is a seasoned Management Consultant and Information Security professional with over 20 years’ experience in Information Technology operations, architecture, design, audit, and security management. During his tenure at Scalar, he has formed world-class penetration testing and vulnerability management teams; servicing clients in the Financial, Health Care, and Technology sectors. He has proficiency with the identification and quantification of security risk, assessing threats and risks based on best practice methodologies as well [...]
Principal, Cyber Risk
Benjamin is the Principal Consultant responsible for the Cyber Risk Consulting division of Scalar's Risk Advisory Services practice. He is an experienced consultant with over 10 years' experience in Information Technology sales, operations, design, audit, and management. Benjamin has implemented security programs at several large law firms, technology and software development organizations with great success. Benjamin uses his ability to design programs that are fit-for-purpose and right-size to ensure clients are able to manage their own security programs on an ongoing basis. He specializes in ISO 27001, NIST CSF, SANS [...]
Product Lead, Keyfactor
Ryan Sanders is a Toronto-based Product Lead with Keyfactor, a leader in providing secure digital identity solutions for the Global 2000 Enterprises. Ryan has a passion for cybersecurity and actively analyzes the latest in compliance mandates, market trends, and industry best practices related to public key infrastructure (PKI) and digital certificates. More recently he has specialized in code signing fundamentals and security best practices to prevent software supply chain attacks. Prior to joining Keyfactor, Ryan held several roles in product marketing and enablement at WinMagic, a Toronto-based data encryption and [...]
Jack Palivoda is a Senior Solutions Engineer at Keyfactor. With over 35 years of deep technological experience, he is responsible for collaborating with prospects and clients, facilitating technical discussions that align customer requirements with the right solutions. Jack also conducts product demonstrations, proof of concept delivery, and turns customer insights into concepts for product enhancements. Prior to joining Keyfactor, Jack held various technical positions at Microsoft and was a Systems Engineer at AT&T. Jack enjoys spending time with his wife and four children, serving his church community, and is a [...]
Bil Harmer is the Americas CISO at Zscaler. In this role he engages security executives at a peer level to drive strategic change and facilitate industry wide collaboration on emerging security and privacy topics. While developing the Security and Data Protection program for SuccessFactors/SAP he pioneered the processes for security and privacy compliance used by Cloud vendors today. Prior to joining Zscaler, Harmer was the Chief Security Officer at GoodData Corp and the VP Security & Cloud Privacy Officer for the Cloud Division of SAP. He has provided advisory services [...]
Consulting Systems Engineer
Raja is a Toronto-based Consulting Engineer with Aruba, a Hewlett Packard Enterprise Company. He has over 19 years of experience in Networking, including IT strategy and Enterprise Architecture for all verticals and environments of all sizes. Raja’s design and consulting experience encompasses global network designs across multi-vendor environments. As a member of Aruba’s Mobility & Access Consulting organization, Raja provides guidance on networking solutions that best enable business outcomes and user experiences for large organizations across Canada.