Compromised credentials have been APT groups’ favorite tool for accessing, propagating and maintaining access to their victims’ networks. Consequently, aware defenders mitigate this risk, by adding additional factors (MFA), so no secret is a single point of failure (SPOF). However, the systems’ most lucrative secrets, their “Golden Secrets”, are still a SPOF and abused in […]
Brand impersonation is a key attack strategy in which a malicious user crafts content to look like a known brand to deceive a user into entering sensitive information, such as account passwords or credit card details. To address this issue, we developed and trained a Siamese Neural Network on labeled images to detect brand impersonation. […]
This past year has proved the point that advanced nation-state backed threat actors are increasingly investing their time and money to develop novel ways to access the cloud. These actors are especially interested in Microsoft 365, where more and more organizations are collaborating and storing some of their most confidential data. Especially for threat groups […]
As the founder of both the Defcon and Blackhat events, Jeff has been around the security community since the early days. When Defcon started some 30 years ago, the security community had a rather unique culture, composition and approach. What can we learn from our past? What attributes do we need to hold on to […]
The challenges facing today’s CISO and corporate cyber teams are daunting. Cyber Security partners now number in the 100s and product options seem to be 10 times that. The only thing that is certain is that the number of threats and attacks are increasing at an alarming rate. There was a time when you could […]
Organizations spend millions of dollars in their Cybersecurity Program building governance programs and enhancing security operations, however major incidents still happen. We know you can never have 100% assurance and a new security technology is not always the solution, but how do you explain that to the Board and Senior Executives who received regular updates […]
Data is the currency of the 21st century, and as true as this is for organizations, it also trickles down to the security team. There’s a delicate balance between collecting too much and not enough data. Too much data, and your SOC is sifting through endpoint, application and network logs for days on end. Not […]
The vast majority of code in modern applications is made up of open-source components. This allows developers to focus on value-generating features and not on scaffolding and foundations. The challenge is that this scaffolding is not free like a lunch. It’s free like a puppy. That means that not only should you be careful in […]
Do you have any idea how much time it will take to scan, identify, and secure every organization file containing sensitive information? Me neither, data are everywhere! You can’t mitigate data exfiltration with an IT tool. It’s an enterprise initiative to detect and respond to broken business processes and irregular activities. In this session, we’ll […]
Carding is one of the earliest forms of cybercrime. Since the 1980s, cybercriminals have developed various fraud tactics to steal and monetize credit card information. To prevent these types of attacks, financial institutions have developed anti-fraud measures to detect and prevent fraudulent transactions. These security precautions include checking various parameters like IP address, operating system, […]
The way we move our mouse, use our keyboard, and touch our phones is unique to us. Behavioral biometrics allows security systems to identify computer users across a wide variety of devices uniquely. While AI can help secure computer infrastructure, they are vulnerable to data-based type attacks. By capturing user interaction data, an attacker may […]
The decisions made in the seconds, minutes, and hours of a security breach carry long-term operational, legal, regulatory, and public relations repercussions. Making the wrong move in the heat of the moment can cost a fortune; it can even end a career. Featuring real-world best practices from the breach response team responsible for defending hundreds […]
During these years when a holiday just can’t be any scarier than the other 364 days, it’s easy to forget that some spectres aren’t what they seem. Some of them are Old Lady Nather under the ghost sheet. Others are clowns, but not the kind that inhabits your nightmares, just the expo halls. If you’ve […]
Bridge the Gap Between IT Security and Infrastructure Teams and Unify Your Security Efforts with a Vulnerability Management Solution. Chances are you know Tripwire as the progenitor of file integrity monitoring. But over the course of Tripwire’s history, we’ve focused on how we can help security teams maximize their productivity to more effectively address today’s […]
Over the last five years, we have publicly disclosed the details about dozens of software vulnerabilities with varying degrees of severity and their effect on a wide range of vendors including Oracle, Pulse Secure, Microsoft, Antidote, and Akamai. We have acquired hard-earned experience on the difficulty faced dealing with clients and vendors, the risks and […]
Responding to security incidents and vulnerabilities is an ongoing process which becomes increasingly more difficult to manage in a Hybrid environment. Reacting too slowly to a critical incident or vulnerability can have drastic consequences, but how do we make sure that we are working on the most critical threats first? Join us to learn how […]
With employees working remotely, the amount of data that flows through the cloud is exploding. The classic paradigm of corporate perimeters and traditional network architecture is now a thing of the past. Keeping up with this evolution is imperative and organizations are looking to implement an agile and holistic threat defense. SASE is a security […]
Perennial threats like ransomware have evolved to hold pace with our adoption and migration to cloud. They have continued to be a thorn in our sides even as platforms and user behaviour has changed. While cloud and malware security solutions have a major part to play, there is also a less intuitive initiative that has […]
This talk will uncover the amazing detection capability available from Azure AD Reports and how any organization can utilize it in the most efficient ways to help detect malicious actors. On top of that, the talk will walk attendants through a tool that can be used to help threat hunters and analysts anywhere to work […]
Rogue digital cinema server A15591 hadn’t just been modified to unlock encrypted feature films before release – it gave rise to a sprawling, parallel theatre distribution operation, one with its own insiders and security. How was it possible to unravel the heavily protected path from post-production to silver screen? Why did the scheme fail? At […]
This presentation will discuss how reliance on cloud services and traditional hardening practices leads to increased successful attacks. We’ll look at how even non-APT attackers now invest more time and effort into creating custom malware, and we’ll discuss the solution to how companies can adjust their security posture to address cloud environments’ continuously changing threat […]
The threat landscape is expanding, even though the cybersecurity community enhances the efforts to address cyberattacks. The majority of cyberattacks begin with a spear-phishing email, which is commonly used to infect organizations with ransomware. The importance of establishing a cybersecurity ecosystem has been acknowledged by all sectors. Currently, the Covid-19 pandemic has demonstrated the different […]
The use of artificial intelligence (AI) for cybersecurity, such as to detect insider threats and advanced attacks, is now an accepted and important tool for our industry. However, at the same time as we are realizing the power of AI, we need to become increasingly aware of its ethical challenges. To illustrate the importance of […]
Most AppSec programs forget that there is only one team that can fix security findings: the development team. While an AppSec strategy based on scanning will help you find flaws, the best approach also avoids creating flaws in the first place. Yet developers often don’t have the training they need to prevent, identify, or remediate […]
Today’s networks are expanding beyond on-prem to include cloud and hybrid deployments. While enterprises seek to balance agility and security, they are also faced with skills shortages and the need to work with the technology of multiple vendors. Automation is key to addressing these challenges while offering cloud, network, and security teams the ability to […]
XDR has extended Trend Micro’s detection and response capabilities by capturing more telemetry from more security controls than ever. Come to our presentation to learn how Vision One is extending its reach through the Open Cybersecurity Aliiance’s STIX-Shifter to query third-party data lakes providing a more comprehensive risk vision for your organization.
Threat intelligence and Security Operations have a symbiotic relationship: each improves when they interact with the other. When intelligence drives or supports security operations, you can prioritize events and reduce the time it takes to triage alerts and more rapidly perform investigations, effectively reducing MTTD and MTTR. In this talk, Chris highlights the challenges faced […]
To meet the scale of current and future data security threats, evolving global and regional privacy regulations, and cloud adoption brought on by remote working, organizations need an easier and unified approach to discover, protect, and control their sensitive data. Let’s discuss how Thales has pushed the innovation envelope with its new CipherTrust Data Security […]
When adopting a Zero Trust approach to cybersecurity, there are several key things to consider. Join TELUS’ Marc Kneppers as he highlights the important things to think about when implementing a Zero Trust architecture. Find out how TELUS is implementing Zero Trust in our organization and hear about the results of a Zero Trust Assessment […]
As a kid I always assumed that when you shot a rocket into space, other than the capsule, all the other parts burned up on re-entry into the atmosphere. Elon Musk asked why couldn’t you just reuse the rocket? And SpaceX was launched. To change cybersecurity, we must change our mindset. In 30 minutes, I […]
The security market is full of solutions to support threat detection and response: EDR, NDR, SIEM, XDR, SOAR, you name it. But just deploying tools is not enough to get results. Organizations must ensure they have the appropriate coverage of threats and technologies to detect and respond to incidents and minimize impact. This session introduces […]
Cybersecurity pros’ time is in high demand, as such the need to automate information gathering and attribution becomes greater every day. One question that confounds many pros is how to get started, what do you need in your stack to help you get the answers you need quickly? SOAR, Threat Intelligence, a SIEM, EDR/XDR, IDS, […]
In 2020, ransomware attackers made more than $350 million and caused terrible disruption, particularly in healthcare. Combatting this blight requires a comprehensive, multi-faceted strategy adopted in collaboration by governments around the world. To this end, the Ransomware Task Force brought together experts from governments, private, and nonprofit sectors to identify actions that would help to […]
Virtually every headline-generating breach is the result of misuse or abuse of privileged credentials. Proper PAM practices would have gone a long way towards preventing, speeding recovery, and minimizing damages from these incidents. In this session, we’ll discuss recent ransomware attacks, looking at what went wrong and how earlier detection of privileged account misuse could […]
With all the recent headlines, it seems the risk of ransomware has become an added certainty to the daily lives of Cybersecurity personnel. Adversaries are automating the initial stages of the cyber-attack lifecycle to identify the best bang for their buck. How do organizations with limited resources even keep up? Adding another tool to the […]
Ransomware attacks have been proliferating over the past five years, becoming an easy source of revenue for cybercriminals, and putting businesses at risk. How did we get here? What can security teams do differently to detect and respond to attacks more effectively? In this session, Ordr Evangelist Jamison Utter shares research on why ransomware exists […]
State, local, and federal government agencies have been dealing with benefit program fraud for as long as the programs have existed. But as these programs have moved online, fraudsters have increasingly become more sophisticated cybercriminals and employed cyber threat tactics to commit their crimes…but they have also begun leaving digital fingerprints. Join this session to […]
As the importance of data protection grows globally, several jurisdictions have introduced, or announced their intention to introduce, their first general data protection legislation. This presentation seeks to provide a global overview of the latest regulatory developments and upcoming data protection legislation, as well as the GDPR centric approach of many new data protection laws. […]
Traditional ransomware attacks – where the cybercriminal breaches a network, encrypts data, and demands payment for a decryption code – is a tough challenge. Add a threat to expose data and the situation is even more critical. But if that was not enough, now threat actors are adding DDoS attacks to the mix to ratchet […]
The threat landscape is continually evolving with devastating speed and is continually changing focus to new targets. It’s not just your perimeter that is at risk, your employees are under attack, your supply chain is vulnerable, and your business reputation could be easily tarnished with just one breach. Single solutions will not stop all the […]
Ransomware isn’t a new threat, but recent big-name attacks like Colonial Pipeline have brought it top-of-mind for security leaders. With limited time, budget, and expertise to work with, security teams are struggling to develop effective protection, detection, and response strategies for both known and unknown threat actors. The most effective ransomware defense strategies leverage a […]
Risk-Based Vulnerability Management (RBVM) encompasses more than you probably think. In this entertaining and informative talk, we will do a deep dive into the foundational concepts and underlining theories of quantifying risk, and then share how implementing practical RBVM programs are essential to secure the modern network.
Did you know that 80% of CISOs say that software projects have been hindered by concerns over inevitable security issues? Vulnerabilities don’t need to slow you down. Join HackerOne for a discussion on “Why the future of DevOps needs Hackers.” Key Takeaways: How organizations collaborate with hackers How bug bounty data insights empower development teams […]
This talk will examine how cybersecurity researchers gather threat intelligence using a variety of open-source tools and open-source intelligence techniques on hacker forums, darknet websites, Reddit, and other forums. Researchers are constantly being asked to look at threats and understand the relationship between threats and threat actors. We will head down the yellow brick road […]
The SolarWinds SUNBURST attack was a rude awakening for many security teams, and it won’t be the last time Security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With threats persisting inside the network for months, security teams need a new plan. In this session, CISO Jeff Costlow discusses strategies, […]
When researching malware, we often find ways to remotely identify if a system is compromised, especially when looking at server-side threats. This requires thoroughly reverse engineering the network protocol of malware to understand how to properly trigger a behaviour or response that could be used as a fingerprint. This presentation will show how we built […]
Security used to be easier when everything could be put into a datacenter and always protected. In today’s modern digital transformation, people can work anywhere, and apps live everywhere – on-prem, in the cloud, and multi-cloud, complex environments. This has forced security to go through its own transformation. As security deployment gets more complicated, it […]
Digital business transformation and the shift to a distributed workforce are driving networking and security to the cloud. The Secure Access Service Edge (SASE) model consolidates networking and security functions – traditionally delivered in siloed point solutions – into a single integrated cloud-delivered service. Join this session to hear pitfalls to avoid when starting the […]
This talk will technically review the latest Supply Chain and Ransomware attacks, some new Financial Sector Specific threats, the steep rise in “Triple Extortion Events” and the advanced and automatic requirements for event prevention strategy and tactics. This presentation will use public and anonymized private information as well as technical analysis from Check Point Research. […]
What is best practice? Best practices range from organization to organization as a result of each organizations risk appetite and risk tolerance. Learn about an effective approach to the most often asked questions surrounding access management strategy, maturity and priorities, and security risks. In this revealing presentation you’ll learn how to answer the question of […]
Co-Founder of ZenGo
Tal Be'ery is a Co-Founder of ZenGo, securing crypto assets with the ZenGo Wallet mobile app. Tal is a cyber-security researcher, returning speaker in the industry's most prestigious events, including Black Hat and RSA Conference and a member of Facebook's exclusive WhiteHat list. One of his most known works was the TIME attack against the HTTPS/SSL protocol. For the last two decades, Tal had built and led a few Cyber-Security R&D teams, mostly in the field of network monitoring for various security problems and protocols. Previously, Tal has led research [...]
Matan Hamilis is a cryptography researcher at ZenGo, enabling the secure management of crypto assets with a dedicated wallet mobile app. Formerly, Matan was a cybersecurity research team lead at the IDF. In his 8+ years of experience in the realms of cybersecurity research, he was focusing primarily on a variety of networking stacks for a wide range of industries, appliances and vendors and has found deep interest in various Linux kernel topics. Matan holds a B.Sc. and M.Sc. in computer science from the Technion in which he focused primarily [...]
Data Scientist, Microsoft
Yuchao Dai is a data scientist working in security.
Nitin Kumar Goel is a Product and Engineering Manager at Microsoft.
Applied Researcher, Microsoft
Justin Grana works on the intersection of economics and machine learning to solve complex security problems.
Senior Applied Researcher, Microsoft
Jugal Parikh has been in the security and machine learning industry for over a decade. He enjoys translating research from state-of-the-art AI techniques to combat complex security challenges like social engineering, insider threats, static and behavioral entity detection, and adversarial attacks against machine learning algorithms. His research has led to several patents, industry, and academic collaborations. He’s currently an Applied Researcher Manager at Microsoft Security Research team.
Manager, Professional Services
Doug Bienstock splits his time at Mandiant performing Incident Response and Red Team work. He uses lessons learned from IRs to better simulate attacker techniques and help organizations stay ahead of the bad guys. Doug has extensive experience with Microsoft 365 and supporting services - both as an investigator and researcher.
Manager, Professional Services
Josh Madeley is a member of the Mandiant Incident Response Team. His recent focus on Office 365 intrusions has converted him into a PowerShell fanboy.
Founder and CEO, DEF CON/Black Hat Briefings
Jeff Moss, Founder of Black Hat and DEF CON Computer Security Conferences Moss is the founder and creator of both the Black Hat Briefings and DEF CON, two of the most influential information security conferences. DEF CON just had its 29th anniversary. In 2016 Mr. Moss joined Richemont, serving as a Non-Executive Director and a member of the Board's Nominations and Strategic Security Committees. Between April 2011 and December 2013 Mr. Moss was the Chief Security Officer for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit whose [...]
Director of Cyber Security
Bill Dunnion is currently the Director of Cyber Security at Calian Ltd and is responsible for their global cyber security program. Bill has been at the forefront of the world of Cyber Security for more than 20 years, leading teams on some of the largest and most robust cyber security projects, most notably for the Government of Canada’s ID and Access infrastructure program. He is the co-founder of the Ottawa Cyber Security Meetup Group and appears regularly as a subject matter expert and thought leader on national media including CBC, [...]
Director, Cybersecurity Advisory Services
Laura has built her career in IT and security over 20 years, starting at one of Canada’s largest financial institutions before moving into consulting, and currently serves as the Chief Enablement Officer & VP Security Consulting at cybersecurity firm White Tuque. Her experience covers a variety of domains, including information security governance and risk, security operations and engineering, and security leadership. She is passionate about bringing people together to solve problems in today’s increasingly complex technical landscape. Outside of work, Laura is actively engaged in mentoring professionals seeking to join [...]
Partner, Cybersecurity Risk & Advisory Services
Raheel Qureshi is a Partner leading Cybersecurity Portfolio at iSecurity Inc (a Calian Company) and has over 15 years of experience helping organizations excel in the areas of cybersecurity, Cloud and Digital IT architecture in a variety of industries including financials, Public, private, and healthcare sector. He has an established record in leading Digital Forensics and Incident Response (DFIR) along with Threat Hunting Services with a view on assisting organizations manage Cyber Risk and get out of the woods.
Director, Malware Threat Research
Travis is the Director of Malware Threat Research at Qualys. He has spent the past 15 years in the security industry with a focus on digital forensics and incident response. He holds a wide array of certifications ranging from GIAC Certified Penetration Tester to the CISSP, as well as an MBA with a concentration in information security. Travis has presented his research at conferences worldwide at venues such as BlackHat, RSA, and SecTor.
Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal. Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master [...]
Benoît H. Dicaire leads the Canadian Sales Engineering at Forcepoint. Being just as much at ease in the boardroom, then a war room or even the server room, he collaborates with senior managers and specialists to bring clarity to your information protection program. Benoît is a former independent consultant with 30 years of experience. He believes that cybersecurity builds trust and sets businesses apart.
Bryan Oliver is a senior analyst at Flashpoint focusing on threat intelligence within dark web communities. Prior to coming to Flashpoint, he spent two years as a consultant in Moscow, Russia, where he had the privilege to work with some of Russia's largest companies in technology and finance. He received an MA from the University of Chicago in 2019 focusing on International Relations and Economics and has a background in software development.
Justin is an independent cybersecurity researcher focusing on cyber-fraud. His main interests revolve around cyber-fraud data management, analytics, behavioral biometrics, natural language processing, and adversarial machine learning. Justin supports organizations in strengthening their data and machine learning capabilities to better defend against next-generation cyber threats.
Managing Director, Cycura Inc.
Iain is a Cyber Security veteran with more than 17 years of experience in Information Security. He has designed and run security operations programs in large Banking, Healthcare, and Government organizations. His experience as a practitioner brings a critical understanding of the needs and challenges of organizations to Cycura's consulting practice. As Managing Director of Cycura’s professional services group, Iain acts as project executive on Offensive Security and Incident response initiatives. Iain holds information security designations from ISC2, SABSA, and ISACA and an MBA from Athabasca University in Alberta, Canada.
Sr Director of System Engineering
Matthew Hickey is a Director of Engineering, Enterprise, at Sophos. He got his start in the field of Information Security working for Securities Industry Automation Corporation (SIAC), at the time, a subsidiary of the New York and American Stock Exchanges. After working several years on Wall Street, he continued honing his skills in this field at Lockheed Martin. There he worked on several projects for the Department of Defense. This work included conducting security audits, penetration testing, and firewall deployments guides for very high profile, security conscious customers. Most recently Matthew has been working for [...]
Advisory CISO Team Lead
Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security, and is a Senior Cybersecurity Fellow at the Robert Strauss Center [...]
Chad Reaney is a sales engineer at Tripwire. He has over 20 years of experience in the infrastructure and security with experiences ranging from IT administration to consulting to system architecture. At Tripwire, he is responsible for delivering security solutions and services to help organizations protect and detect changes in cyber threats. He is based in Montreal.
Penetration Testing Team Director
Laurent is the Director of Penetration Testing for GoSecure. He has conducted over 400 pentesting and red team engagements over the span of 10 years and is still enthusiastic about it. Laurent is also a challenge designer for NorthSec and has given talks at RSAC, CQSI, NCFTA, HackFest, RSI, Montrehack, Owasp Montreal and NorthSec. Besides security, Laurent is interested in lockpicking, magic and pickpocketing.
Cybersecurity Research Lead
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 12 years of infosec experience, Olivier runs honeypots, reverse-engineers binaries, and develops malware analysis tools. He authored several important AV industry reports like Dissecting Linux/Moose, Operation Windigo (about the Ebury malware) and Ego-Market: When Greed for Fame Benefits Large-Scale Botnets. Passionate communicator, Olivier has spoken at several conferences like RSAC USA, BlackHat USA/Europe, DefCon, 44CON, NorthSec, Botconf, SecTor, Derbycon, AtlSecCon and more. Invested in his community, he co-organizes MontréHack — a monthly workshop focused on applied information [...]
Senior Solution Consultant
Dan has been with ServiceNow for over 6 years as a Senior Solution Consultant. He spent a large portion of his earlier career at NetApp and Hewlett Packard developing his skill. Dan assists in transforming the delivery & management of services to help the modern enterprise operate faster and be more scalable than ever.
Sr. Technical Evangelist
Jay Reddy has been associated with ManageEngine for over 5 years. As a technical evangelist, he helps IT leaders and global enterprises to outmaneuver complex cybersecurity challenges. He is a sought-after speaker on the latest Cybersecurity trends in international conferences. He has authored numerous e-books and conducted research studies that help business leaders with insight and advice on leveraging the latest technology for better IAM and cybersecurity.
Diana John is a passionate technologist who has deployed, operated, and troubleshot the traditional legacy infrastructure. Diana is largely vocal about the Imperative transformation as a Sales Engineer at Zscaler focusing on the Public Sector in Central Canada. Diana, who started her career with Route/Switch, broadened her horizons working on Adobe's network, Wide Area Network, Wireless, Network Access Controls, Risk Management, Cloud Migrations with multiple vendors. Large and medium sized businesses benefit from her strategy planning, roadmap visions, technical assessments, and trade off sessions. Diana inherently understands that the customer [...]
Mangatas is currently a Senior Consultant in EY Canada's Managed Detection and Response team, where he is responsible for elevating EY's Threat Hunting and Detection Engineering capabilities. He enjoys tinkering with defensive security tools and breaking offensive security tools and finding ways to detect them in his lab. Mangatas is actively involved in numerous security communities such as Sheridan College's ISSessions, Open Security Collaborative Development (OSCD) Initiative, Cyber Defense Community - Indonesia (CDEF.ID) and is a TheDFIRReport Contributor. He has presented at numerous international conferences such as HackFest, SANS TH [...]
Tim has more than 20 years of experience in information security, with duties ranging from C-suite briefings to red team engagements abroad. As a member of Canada's mirror committee to ISO/IEC JTC 1/SC 27 and the Cloud Security Alliance OCF WG, Tim also works to advance security standards for industry and the public sector. He has previously spoken at events including BSides Toronto, InnovationTO, GovSym, the MISA Ontario Security Conference, and the Chief Security Officer Summit.
Patrick von Sychowski has worked in the cinema and media industry for over 20 years. He is the Editor of the cinema news and analysis site Celluloid Junkie and co-founder of the streaming platform Cultpix.
Ell, a former SysAdmin, cloud builder, podcaster and container advocate has always been a security enthusiast. This enthusiasm and driven curiosity have helped her become an active member of the InfoSec community, leading her to explore the exciting world of Genetic Software Mapping at Intezer.
Senior Research Associate
Maria Bada is a Lecturer in Psychology at Queen Mary University in London, a RISCS Fellow in cybercrime and an external behaviour scientist at AwareGo. She received her PhD from Panteion University of Athens, UK in 2013. Her research focuses on the human aspects of cybercrime and cybersecurity, as well as the effectiveness of cyber security awareness campaigns and their impact in changing online behaviour. She has collaborated with governments and international organisations to assess national level cybersecurity capacity. She has a background in cyberpsychology, and she is a member [...]
CTO Security Analytics
Stephan Jou is CTO Security Analytics at Interset, Micro Focus, and leads AI for cyber strategy and development of ArcSight Intelligence, a leading-edge cybersecurity and In-Q-Tel funding project that uses machine learning and behavioral analytics. Previous to Interset, Jou has been at IBM and Cognos where he led the development of over 10 products in the areas of cloud computing, mobile, visualization, semantic search, data mining and neural networks. Jou holds a M.Sc. in Computational Neuroscience and Biomedical Engineering, and a dual B.Sc. in Computer Science and Human Physiology, all [...]
Sr. Director, Developer and Security Relations
Rey is a developer and security advocate at Veracode focused on helping the community build secure software and being a voice for developers within the company.
Director of Cloud Products
Sattwik is the Director of Cloud Products at Tufin. Prior to working at Tufin, Sattwik helped enterprises with their digital transformation journey into the cloud while working for companies like Oracle, Ribbon Communications, and most recently for a cloud-native security startup, Privafy Inc. At Tufin, Sattwik continues to work with Fortune 1000 companies to accelerate their adoption of security policy management in cloud.
Sr. Security Consultant, Architect
Peter Cresswell has over 25 years of IT Security experience, from a diverse background as an IT Manager, Security Solution Architect, Practice Manager, Security Instructor, Product Manager, and Security Auditor. With Trend Micro, Peter has focused on the big migration from perimeter to system-based security controls, across Physical, Virtual, and Cloud environments. Currently, Peter focuses on Canadian companies migrating to the Cloud, and the architectures, processes, and technologies that get them there safely. Peter is often called upon to speak to Security as it applies to Cloud and related Security [...]
Chris leads the Security Architecture team to develop use cases leveraging ThreatConnect's suite of cyber risk quantification, threat intelligence and security orchestration and automated response platforms. Prior to joining ThreatConnect almost ten years ago, Chris worked with MITRE Corporation where he designed Identity and Access management solutions for large government entities, performed security vulnerability assessments on products, and led implementation of cross-security domain systems that bridged the gap between networks operating at different security classifications.
Senior Product Manager
Steve Kingston has been responsible for Thales’ enterprise key management offerings for the last 9 years. In his role as Senior Product Manager for Key Management, Steve has led the effort to launch CipherTrust Manager, Thales' next generation key management and data encryption platform. He has led initiatives within Thales to broaden its partner ecosystem for its product offerings, engaged with partners and customers globally, and has pioneered efforts for Product Operations within his organization. In addition, he has worked in the technology sector for over 20 years, spanning a [...]
Chief Security Architect, TELUS
Security was not the original plan. Marc started in Astrophysics, getting degrees from the University of Calgary and Western Ontario before finally quitting with his MSc to scrounge for money in the private sector. Luckily, the Internet was waiting. Starting as a UNIX system administrator and working his way through Internet services, dot coms and the core networking teams, Marc ended up as the Security prime for TELUS' core networks. With a nod to his 20 years of experience in IT/networking security Marc was appointed a TELUS Fellow and is [...]
Chief Security Advisor
Morgan is an internationally recognized expert on cybersecurity strategy, cyberterrorism, national security, and intelligence. He currently serves as a Senior Fellow at The Center for Digital Government, Chief Security Advisor for SentinelOne, and is the chief technology analyst for several national news organizations. Morgan's landmark testimony before Congress on Healthcare.gov changed how the government collected personally identifiable information. Previously Morgan was a Senior Advisor in the US State Department Antiterrorism Assistance Program and was the Senior Law Enforcement Advisor for the 2012 Republican National Convention. In addition to 18 years [...]
VP Cybersecurity Evangelist
Augusto Barros is VP, Cyber Security Evangelist at Securonix. Augusto is a former Gartner analyst with 20 years of experience in different cybersecurity-related roles. Augusto has worked on a variety of information security projects and initiatives, from security awareness campaigns, to penetration testing, to security infrastructure design. The challenges of threat detection and response are his main interests and the focus of his research. He has also ventured into the application of behavior economics concepts to the security space. Augusto has taught courses and presented at numerous security conferences, including Black Hat Europe, RSA Conference, and Gartner [...]
Geoff has worked in the IT and IS industries for over 16 years in both red and blue team roles. In his current role as a Solutions Architect @ RiskIQ, Geoff’s focus is helping his clients from major Canadian banks achieve the best possible perimeter defenses. Based out of Toronto, he works closely alongside clients to identify unknowns, derive insights from external assets, and supports security teams to help them achieve their defensive goals. When not obsessing over the latest threats, Geoff enjoys drumming, traveling, and playing with his Boston [...]
Vice President, Community and Public Affairs
Jen Ellis is the vice president of community and public affairs at Rapid7 where she works to advance cybersecurity by building productive collaboration between those in the security community and those operating outside it. She partners extensively with security researchers, technology providers and operators, and various government entities to drive greater understanding and awareness of cybersecurity challenges. She believes effective collaboration is our best path forward to reducing cybercrime and protecting consumers and businesses. Jen is a nonresident senior fellow of the Atlantic Council, sits on the boards of the [...]
Dan Conrad is an IAM Strategist with One Identity. He has been with Quest since 2007 where his roles have included Solutions Architect, Federal CTO, and IAM Strategist. Dan’s experience started in the US Air Force working in information management. He retired from the Air Force in 2004 and returned to government IT as a contractor to the US Army. He is an experienced SysAdmin having administered organizations ranging from 10,000 to 150,000 users. This experience led him to focus on large enterprises with complex solutions. Dan holds a BS [...]
Principal Strategic Systems Consultant
Bryan Patton is a Principal Strategic Systems Consultant at Quest Software. For nearly 20 years he has helped customers shape their Microsoft environments. With particular emphasis on Active Directory and Office 365 environments, Bryan specializes in Identity and Access Management, Data Governance, Migration, and Security, including Certified Information Systems Security Professional (CISSP) certification.
Nelson Santos is a security professional with years of experience in both attack and defense teams. He holds multiple top-tier security certifications and has trained under some of the best-known researchers in the field. His interests range from exploit development and vulnerability research to machine learning and artificial intelligence. In his free time, Nelson enjoys sailing, playing with his toddler son, and long walks on the beach.
Sr Director Product and Solution Evangelism
Jamison brings over 25 years of IT/Security experience spanning large organizations like Sprint, SUN Microsystems, and Palo Alto Networks where he led the OT/IoT business development unit and startups like Infoblox, where he was the security evangelist for many years. His deep desire to understand a customer’s internal and external problem set make him an empathic speaker and his experience in many roles spanning sales, channel, BD, and evangelism make him a capable and competent industry visionary. With hundreds of public speaking engagements including the EU congress at the Hague, and [...]
Director, Cyber Strategy & Transformation
Luis leads teams of cybersecurity professionals as they work alongside clients to navigate the ever-evolving landscape of cyber threats to support their strategic goals and business objectives. He strives to help clients illuminate the connections between cyber risks with critical business functions to enable clients to identify, mitigate, and inform senior leaders of how threats in cyberspace manifest in threats to business operations. Prior to joining Optiv, Luis was a Senior Manager at Deloitte & Touche LLP, where he was a leader in cyber wargaming, cyber risk quantification, and cyber [...]
Liam McLaughlin serves as a Privacy Consultant at OneTrust – the #1 most widely used privacy, security, and governance technology platform. In his role, McLaughlin advises companies large and small on EU GDPR, California Consumer Privacy Act (CCPA), Brazil LGPD, and hundreds of the world's privacy laws. He is focused on formulating efficient and effective responses to data protection requirements as well as building and scaling privacy programs. McLaughlin is a Certified Information Privacy Professional (CIPP/E, CIPM) and earned a B.A in Criminology & Law Studies from Marquette University.
Director, Security Technologists
Gary is an industry veteran bringing over 20 years of broad technology experience including routing and switching, wireless, mobility, collaboration, and cloud but always with a focus on security. His previous roles include solutions architect, security SME, sales engineering, consultancy, product management, IT, and customer support. Gary seeks to understand and convey the constantly evolving threat landscape, as well as the techniques and solutions that address the challenges they present. Prior to joining Netscout in 2012, he spent 12 years at Cisco Systems and held previous positions with Avaya and [...]
Principal Product Manager
Andrew has over 20 years’ experience in the IT industry, and joined Mimecast just over three years ago. His experience is built across the knowledge gained while in South Africa and the UK, where engagements with customers ranged from large health care providers to insurance giants and governments agencies. Having been in the industry for an extended period, has afforded Andrew the opportunity to work in varying roles which focused on deploying or architecting secure solutions prior to moving across to Mimecast. This experience has been invaluable, as he took [...]
Regional Solution Architect
Brian is an Enterprise Architect for McAfee Enterprise’s North America business unit. He’s been in IT since 1992 first as a customer in healthcare at the largest hospital consortium in Canada where he was Director of Security and Operations, and in a technical sales role since 2000 at various organizations such as Sun Microsystems, Bell Canada and finally at McAfee for the past 14 years. As a Certified Information Security Manager Brian brings the depth of experience necessary to help customers navigate a fast-evolving threat landscape.
Jerry Gamblin is an influential security researcher and analyst, focusing on the enterprise network and application security with over 15 years of experience. His research has been presented on numerous blogs, podcasts, and security conferences. When not at work, his personal research focuses on IoT & embedded automotive systems.
Security Solutions Engineer
Will Kapcio is a Security Solutions Engineer at HackerOne — the world's most trusted hacker-powered security platform. His primary focus is on empowering government agencies and enterprise organizations to run successful bug bounty and disclosure programs to help make the internet more secure. Prior to joining HackerOne, Will was a cybersecurity consultant at EY. Will has earned a bachelor’s degree in Electrical Engineering from Villanova University, a master’s degree in Cybersecurity from Villanova University, and the CISSP certification.
Senior Security Strategist
Aamir Lakhani is a researcher at FortiGuard Labs specializing in threat actor research, reverse malware engineering, and incident response. He has over 15 years of experience as a senior security researcher and consultant. In his spare time, he is trying to master the floss dance, he has everything mastered except for the arm, legs, and hip movements.
Chief Information Security Officer
As a security technologist and leader for over 20 years, Jeff’s deep experience securing information and technology assets, as well as years of successful engineering leadership, have resulted in secure product deployments to thousands of customers. As the Deputy CISO at ExtraHop Networks, Jeff leads the team towards groundbreaking security and privacy services in ExtraHop's best of breed network detection and response tool.
Marc-Etienne M.Léveillé is a malware researcher at ESET. He joined ESET in 2012 and currently specializes in malware attacking unusual platforms, whether it’s fruity hardware or software from south pole birds. M.Léveillé focused his research on the reverse engineering of server-side malware to discover their inner working and operation strategy. His research led to the publication of the Operation Windigo white paper that won Virus Bulletin’s Péter Szőr Award for best research paper in 2014. While still keeping eyes open on crimeware, M.Léveillé now focuses on the analysis of targeted [...]
Stephane Asselin, with his 29 years of experience in IT, is a Senior Manager for the entire Crowdstrike Canada Technical Team. He has national responsibility for Canada for a team that works with customer at planning, designing, and implementing Security solutions and all processes involved. At Crowdstrike, Mr. Asselin works with top Canadian strategic customers and partners, enabling them on all Modules of the Crowdstrike platform, developing technical expertise and helping them secure their local and remote workforce. Prior to Crowdstrike, Mr. Asselin worked at VMware for 10 years with [...]
Global SASE Go-To-Market Lead
Najib leads the newly formed Secure Access Service Edge (SASE) team at Cisco. SASE is a key part of Cisco’s future as a leader in the Network and Security industry and Hatahet is responsible for the Go-To-Market and Sales Acceleration of Cisco’s SASE, a converged network and security offering. Since joining Cisco in 2017, Hatahet has led the Cloud Security business in the Canadian market helping industry leaders adopt Cloud Security solutions to facilitate the business transformation of many customers into the cloud-first, mobile-first era. Prior to Cisco, Hatahet served [...]
Pete has 31 years of IT and MSSP experience and has been a hands-on CISO for the last 17 years. He recently joined Check Point as Field CISO of the Americas. Pete’s experience and leadership was most recently at Cybraics Defense as CISO. This company is an advanced Artificial Intelligence and Machine Learning Analytics formed as a DARPA funded project. Pete is the former CISO of Hertz Global, successfully protecting the brand in over 150 countries, 20,000 employees and 10,000 locations. Pete led Virtustream’s (now a Dell company) efforts as [...]
Chief Security Strategist
Christopher L. Hills has more than 20 years’ experience as a Technical Director, Senior Solutions Architect, and Security Engineer operating in highly sensitive environments. Chris is a military veteran of the United States Navy and started with BeyondTrust after his most recent role leading a Privileged Access Management (PAM) team as a Technical Director within a Fortune 500 organization. In his current position, he has responsibilities as a Chief Security Strategist (America’s) working with Customer, Marketing, and Executives on Thought Leadership, Market Trends, Company Vision and Strategy reporting to the [...]