- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Tuesday, April 23, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!Sr. Cybersecurity Consultant, Wilson CyberRegistration Level:
- SecureWorld Plus
9:00 am - 3:00 pmLocation / Room: 205BThe University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
- Wednesday, April 24, 20197:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amAdvisory Council Breakfast Roundtable – (VIP / INVITE ONLY)Chairman and Founder, Ponemon InstituteRegistration Level:- VIP / Exclusive
8:00 am - 9:00 amLocation / Room: 205CThis session is for our Advisory Council members only.
8:00 amExhibitor Hall openRegistration Level:- Open Sessions
8:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:30 amEngaging the Board on CybersecurityVP & CISO, Brookfield Asset ManagementRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 200CBoards of directors are increasingly interested more than ever in the organization’s cybersecurity posture and strategy. It’s important to engage them early and often with the right level of detail to maintain their confidence. This session will provide practical guidance on approaches that could be used to be successful when communicating with the Board.
8:30 amIoT Archaeology: Dig Security LessonsAutomotive Solutions Director, Sec eDGERegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 200AThe Internet of Things just turned 100 years old! This session will go back even farther to track related security issues. Easy to remember incidents and issues build the case for common controls. Modern IoT is complex; architectures have many common emergent issues, but it is possible to make good decisions if you choose the right trade-offs.
Seven common attack themes:
1. Inbound traffic vs. Outbound only
2, In-Band
3. Replay
4. Unintended
5. Untrusted supplier
6. Privacy
7. Class Break
Get the basics right, common controls.8:30 amBuilding Blocks to Achieve Cloud SecurityCybersecurity Executive & Co-Founder, Profound Security LabsRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: 200BCloud computing has entered its second decade, and its prevalence is increasing, as “cloud first” is gaining more popularity than ever. Despite its prolonged existence, cloud computing still suffers from confusion and hype over how to secure the cloud. Also, longstanding concerns such as cloud governance continue to muddle the opinions and approaches of CIOs, CISOs, architects, and IT leaders. This session is aimed to demystify the myth of cloud being insecure and will emphasize how to build the security blocks around cloud while using varied service and deployments of cloud computing.
9:30 amOPENING KEYNOTE: Ponemon Institute Research RoundupChairman and Founder, Ponemon InstituteRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterWhat is a CISO and what do they do? As the leader of cyber defense for an organization, the CISO is rapidly becoming indispensable for an organization’s survival. This presentation is based on interviews with senior level IT professionals at 184 companies in seven countries. The goal of the research is to better understand how CISOs work, what their concerns are, and how they are improving their effectiveness in managing risks to the enterprise.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:15 amAdvisory Council Roundtable - (VIP / Invite Only)Registration Level:- VIP / Exclusive
11:15 am - 12:00 pmLocation / Room: 205C11:15 amSecuring the Taboo: Legal Cannabis, Privacy, and Online SalesManager, Information Security, Ontario Cannabis StoreRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 200BWith the Canadian Government’s legalization of cannabis, a whole marketplace for a previously illegal product has exploded into existence, with unique challenges, regulations, and risks not faced by online retailers of more traditional products.
Issues like customer and employee privacy, sale of data and reporting concerns, and problems with being both a retailer and wholesaler will be discussed.
11:15 am[Radware] Cybersecurity Pushed to the LimitSecurity Evangelist, North America, RadwareRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: 200AThroughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for11:15 amIncident Response: Once More Unto the Breach, Dear FriendsCIO & CISO, FirstupRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: 200CThis presentation will cover some of the more challenging aspects of incident response and breach notification. Real world applications and why preparation is everything when it comes to recovery.
12:15 pmLUNCH KEYNOTE: [Fireside Chat] Moving Forward at Equifax: A Personal Reflection of Lessons Learned and Challenges OvercomeVice President, Information Security, Equifax CanadaRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterEquifax is empowering everyone in the organization to understand, evaluate, and collaborate in risk management. However, getting to this point was extremely hard work. Don’t miss this fireside chat with Les Stevens, VP of Information Security at Equifax Canada, as he shares his personal journey through difficult times, what he learned that can be passed along, and the ways he is a better security professional as a result.
1:15 pmPanel: Knowledge Is Power (Encryption)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: 200AEncryption: the translation of data into a secret code. Very much like the codes that Elizebeth Friedman had cracked against the rum runners and bootleggers during the Prohibition days. Our heroine was able to smash their codes and determine when the next shipments were scheduled to arrive stateside. Knowledge truly was power as Friedman was able to effectively predict the future through her diligent code breaking. The level of sophistication may have changed but the point of encryption was and still is to safeguard the data from those that are not part of the group. Our experts will discuss the importance of using encryption to keep our information secure as well as address some of the best practices and pitfalls to watch out for.
Panelists
Alex Hanway, Gemalto
Cuneyt Karul, BlueCat Networks
Steve Magowan, RBC
Miroslav Kis, TMX Group
Moderator: Bobby Singh, TMX1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: KeynoteTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say, but how? By taking a look at the capabilities of the threats we see today, we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing and hoping.
PANELISTS:
Matt Adams, Ixia
Ron Winward, Radware
Shaun Donaldson, Bitdefender
Paul Schofield, enSilo
Jason Madill, Mimecast
Moderator: Erik Hagman, CISO, Caribbean Credit Card Corp2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmNetworking Break — Dash for Prizes and CyberHunt winners announcedRegistration Level:2:30 pm - 2:45 pmLocation / Room: Exhibitor FloorBe sure to have your badge scanned with participating exhibitors throughout the day. Past prizes have included Kindles, Bose wireless headphones, gift cards, iPads, drones, and more! *Must be present to win.
3:00 pmCollaboration Is the Key to Effective Cybersecurity SuccessExecutive Director, Canadian Cyber Threat ExchangeDirector, Information Security, Royal Canadian MintRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: 200CThis presentation will provide an overview of the Canadian Cyber Threat Exchange (CCTX), an organization launched just over two years ago in Canada for all companies doing business in Canada. A partnership with the Canadian government enables the CCTX to provide a unique blend of public/private sector insights. Hear from a CCTX member organization how they leverage the collaboration platform and the sharing community to benefit in best practices, actions and priorities. 3:00 pmFrom Websites to Baby Monitors: The Emerging Battlefront in Consumer Privacy and ProtectionInternet Privacy & Security Analyst, The Internet Society's Online Trust AllianceRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: 200BThe battle for consumer data privacy and security is shifting, and organizations best take note or face the consequences. Encryption and other data practices are still critical, as our latest audit of more than 1,000 consumer-facing organizations shows. But the battle has opened a new front, and it’s in your home or office—specifically the smart devices surrounding us in a growing Internet of Things. Manufacturers, retailers, policymakers—and frankly, any organization that shares data or services across connected devices—stand to benefit from hearing the latest in a growing movement to secure the world of IoT.
3:00 pm(ISC)2 Chapter Meeting and Guest Presentations: Open to All AttendeesVice President & CISO, ManulifeDirector, Risk, Compliance and Projects, IACS, OpentextCISO, Aviva CanadaResearch Director, Security CompassRegistration Level:- Open Sessions
3:00 pm - 5:00 pmLocation / Room: 200AInterested in your local associations? Join (ISC)2 for their monthly meet and greet. This opportunity is open to all SecureWorld attendees.
AGENDA:
1. Chapter update presented by Chapter Directors (10 min.)2. Center for Cyber Safety & Education: Update of CCSE initiatives and 2019 focus presented by Greg Thompson (15 min.)
3. Ontario Chapter of Women in CyberSecurity (WiCyS Ontario)
Introducing WiCyS Ontario! We are launching a Women in CyberSecurity affiliate organization focused on supporting and promoting women who are looking to enter, grow, or mature their cybersecurity careers through ongoing regional engagement. Presented by Karen Nemani (15 min.)4. Aligning Service Providers with CISO Teams
Information security is a complex field, which is often compounded by different views and approaches to the same problem. After having spent many years as a security service provider, and then moving to a CISO role, Sahba Kazerooni will present from personal experience some key disconnects between how service providers and CISO teams see the world. This discussion will be beneficial to all security professionals and will hopefully lead to better servicing of security requirements in our industry.
Presented by Sahba Kazerooni (40 min.)5. Addressing the Gap Between Security Policies and Execution
Many organizations have established a set of common security best practices for their project teams. The big challenge right now is making these security practices relevant to the business. Typically, business stakeholders want to discuss security in terms of resiliency and risk management policies but project teams want to talk in more concrete terms based on operating procedures. We need a policy to procedure pipeline that integrates both the business policy needs as well as the project operational needs. This talk will discuss, in a very practical way, how organizations can build this policy to procedure pipeline and how it addresses the needs of both sides. Presented by Altaz Valani (40 min.).
- AvananBooth: 460
Avanan: Email Security—Reinvented.
Avanan catches the advanced phishing attacks that evade default and advanced security. The invisible, multi-layered solution enables full-suite protection for cloud collaboration software such as Office 365™, G-Suite™, and Slack™. Deploying in one click via API, the platform prevents Business Email Compromise and blocks phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for legacy solutions like Secure Email Gateways and Cloud Access Security Brokers with a patented solution that goes far beyond any other Cloud Email Security Supplement.
- Big Switch NetworksBooth: 340
Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.
- BitdefenderBooth: 420
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- Canadian Cyber Threat Exchange (CCTX)Booth: 325
The CCTX was created to build a secure Canada where all organizations, both private and public, collaborate to reduce cyber security risks. We do this in two ways.
First, through the CCTX Data Exchange we gather, enrich, analyze and share cyber threat information across business sectors and from other Canadian and international cyber threat sharing hubs. And we provide actionable cyber threat intelligence with a Canadian focus.
Second, our CCTX Collaboration Centre is a unique forum for cyber professionals to solve problems by exchanging best practices, techniques and insights.
- Comodo CybersecurityBooth: 320
In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.
- DarktraceBooth: 310
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- EC-CouncilBooth:
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- enSiloBooth: 110
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- GemaltoBooth: 140
Today’s enterprises depend on the cloud, data and software to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect their most sensitive information and software wherever it is created, accessed or stored – from the cloud and data centers to devices and across networks. As the global leader in cloud and data protection, our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in the devices and services used by millions of consumers every day.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- HoneyTek Systems Inc.Booth: 140
HoneyTek Systems offers a number of professional services
to help you maximize security
and optimize the performance of your networks. - InfoSec-Conferences.comBooth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
- ISACA TorontoBooth: TBD
The ISACA Toronto Chapter, with 2800 plus members, is the largest chapter in Canada and the 5th largest in the world. As of 2017, it will have existed in the Toronto information systems audit, control and governance community for 40 years, and is one of the most active ISACA chapters serving IT Governance, Risk, Audit, and Security professionals.
The aim of the Chapter is to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the Greater Toronto Area.
ISACA (previously the Information Systems Audit and Control Association) is a worldwide association of IS governance professionals. The association currently focuses on assurance, security, and governance and provides globally recognized certification in assurance (Certified Information Systems Auditor), security (Certified Information Security Manager), and governance (Certified in the Governance of Enterprise IT).
- ISC2 TorontoBooth: 425
Founded in 2013, the ISC2 Toronto Chapter is an official chapter of ISC2. Based in Toronto, our purpose is to provide educational opportunities for management, operational and technical aspects of the information security field, and to support the mission of ISC2.
- Ixia, a Keysight BusinessBooth: 410
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- MimecastBooth: 450
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- OWASP TorontoBooth: TBD
The Toronto area chapter of The Open Web Application Security Project. Our core purpose: Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.
- Pulse SecureBooth: 120
Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.
- RadwareBooth: 350
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- SiemplifyBooth: 225
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- Skybox SecurityBooth: 210
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- SonatypeBooth: 130
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
- SynackBooth: 440
Synack is the leader in smart crowdsourced security testing: One comprehensive platform includes vulnerability scanning, vetted red-teaming, bug bounty incentives, risk scoring analytics, insightful reports to ease remediation and compliance checks. Reduce your cyber risk with Synack as part of your security team.
- TASKBooth: TBD
Toronto’s Security User Group TASK (Toronto Area Security Klatch) provides a forum for experts to encourage discussion and share expertise in understanding the latest trends and security threats facing computer networks, systems and data.
Our membership includes Information Security practitioners, managers, network administrators, students, and anyone who is interested in learning more about securing information.
We meet to discuss issues that we all share in common, including:
- New technologies and products that impact information security
- Emerging threats, and the vulnerabilities being exploited
- Managing security
- New laws and regulations
- TechTargetBooth: TBD
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- VerodinBooth: 330
Verodin is mission-driven to help organizations remove assumptions and prove cybersecurity effectiveness with evidence-based data. Verodin’s Security Instrumentation Platform (SIP) enables customers to continuously validate that their cybersecurity controls are fully protecting their business-critical assets.
- Women Who Code TorontoBooth: TBD
Our mission is to inspire women to excel in technology careers. We envision a world where women are proportionally represented as technical leaders, executives, founders, VCs, board members, and software engineers.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Dr. Larry PonemonChairman and Founder, Ponemon Institute
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.
Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.
Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.
Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.
- Zaki AbbasVP & CISO, Brookfield Asset Management
An accomplished Information Security and Technology leader with proven ability to develop and align strategies with business priorities and establish strong, trust-based partnerships across executive teams, key stakeholders and board members. Zaki has extensive experience in the insurance, real estate, banking, infrastructure, energy, investment management and IT services sectors. Previous to joining Brookfield Asset Management, Zaki was the Assistant Vice President - Information Security & IT Planning at Economical Insurance. Previous to Economical, Zaki worked as an Information Security Officer at Great-West Life for over 8 years and an Information Security Advocate at IBM for 10 years.
- Chad Childers, ModeratorAutomotive Solutions Director, Sec eDGE
Internationally recognized security thought leader. Expert on Threat Modeling, IoT Security, Threat Analysis and Risk Assessment (TARA), Cryptography, Application Security, and Agile Development Security.
Chad is a voting member of SAE Vehicle Cybersecurity Committee TEVEES18A that shapes the future of automotive security and leading a TARA standardization sub-committee.
- Vinay PuriCybersecurity Executive & Co-Founder, Profound Security Labs
Vinay is an ex-veteran and a leader in cybersecurity with two decades of experience. He possess incisive analytical skills and has innovative ideas to identify gaps in cybersecurity posture and has helped many organizations in architecting complete security frameworks. Vinay holds dual masters in Computer Science and Information Warfare from the United States Naval Postgraduate School and possesses niche certifications in the cyber space, which include ISSO, ISSM, ISSP, SABSA, ECSA, CEH, and CCNA.
- Dr. Larry PonemonChairman and Founder, Ponemon Institute
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management (RIM) framework.
Ponemon Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.
Dr. Ponemon consults with leading multinational organizations on global privacy management programs. He has extensive knowledge of regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom, and internet. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. He was also an appointed to two California State task forces on privacy and data security laws.
Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master’s degree from Harvard University, and attended the doctoral program in system sciences at Carnegie Mellon University. He earned his Bachelor's with Highest Distinction from the University of Arizona. He is a Certified Public Accountant and a Certified Information Privacy Professional.
- Craig NewellManager, Information Security, Ontario Cannabis Store
Craig is in the business of mitigating privacy and data loss disasters. Constantly keeping abreast of new challenges and developments in the industry, he has evangelized risk-based security and control through the banking and utility industries, private business, governmental agencies, and now, online sale of a really exciting product. A believer in the value of collaboration and knowledge sharing, Craig loves to share his experiences, thoughts, concerns, and stories with peers and executives to provide fresh insight and new ideas to existing problems.
- Ron WinwardSecurity Evangelist, North America, Radware
As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation. - Jason BarrCIO & CISO, Firstup
Jason has been in the technology sector for over 20 years and has a passion for taking things apart and making them better.
- Les StevensVice President, Information Security, Equifax Canada
As Vice President of Information Security at Equifax Canada, Les Stevens is responsible for the identification, assessment, and mitigation of inherent, residual, regulatory, security, and compliance risks specifically associated with the business operations of Equifax International business units. His experience building and maintaining information security and organizational compliance programs has made him a recognized expert at translating complex technical controls into business decisions and strategies.
- Bob GordonExecutive Director, Canadian Cyber Threat Exchange
Robert W. (Bob) Gordon is the Executive Director of the Canadian Cyber Threat Exchange (CCTX). The CCTX is Canada’s private sector organization for the sharing and analysis of cyber threat information, and enabling collaboration across all sectors. Most recently, Bob was a Director, Global Cyber Security at CGI. Prior to this, he enjoyed a long and successful career in the Federal Government, which included being the architect of Canada’s first Cyber Security Strategy. Bob has had a unique career in a number of Canada’s security, intelligence and law enforcement organizations: Public Safety Canada, Communications Security Establishment, Canadian Security Intelligence Service, and the Royal Canadian Mounted Police. He held senior executive positions, including at the Senior Assistant Deputy Minister level. He was responsible for science and technology, information management/information technology, and internal security programs (personnel, physical and information technology). Bob has also provided operational leadership in investigating and analyzing the full range of threats to the security of Canada, which included leading the CSIS Counter Terrorism program.
- Susan BereznyDirector, Information Security, Royal Canadian Mint
Susan Berezny is the Director of Information Security at the Royal Canadian Mint. She is responsible for developing a cybersecurity strategy and managing a risk-based security program aligned with business objectives. Prior to joining the Mint, Susan was with The Ottawa Hospital for 23 years in several roles, including Information Security Officer, where she led their security strategies and built a security program embedded in the hospital's operations, projects, and culture. Susan has a bachelor's degree with a mathematics major from McGill University, and numerous security and privacy certifications.
- Kenneth OlmsteadInternet Privacy & Security Analyst, The Internet Society's Online Trust Alliance
Kenneth (Kenny) Olmstead is the Internet Security & Privacy Analyst that helps research, analyze, write, and review technical content relating to The Internet Society's Online Trust Alliance issues—identity, security, privacy, and data stewardship. He also helps with communications and engages the OTA Committees on technical and techno-policy issues. Before joining the Internet Society, Kenny spent 12 years at the Pew Research Center studying how the internet affects American life. In that time, he studied various topics ranging from how the internet changed the business of journalism, to how Americans view cybersecurity, to privacy issues in the Android ecosystem. He has a Master’s degree in Communications, Culture & Technology from Georgetown University.
- Karen NemaniDirector, Risk, Compliance and Projects, IACS, Opentext
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes