Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 22, 2020
    9:00 am
    [SecureWorld PLUS] Understanding and Building an Effective Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    Partner/ Attorney, Blake, Cassels & Graydon LLP
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    The NIST cybersecurity framework continues to be celebrated as a robust guideline for transforming an organization’s security posture and risk management. At times, however, NIST can seem like a difficult framework to understand and implement.
    This course will provide best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    In this course, attendees will learn how to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

     

     

    9:00 am
    [SecureWorld PLUS] Whiteboard Hacking Crash Course
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    Leader in Cybersecurity
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    Whiteboard Hacking is a one-day comprehensive training on Threat Modeling (also known as Web Application Security Risk Assessment), based on industry best practice – the STRIDE threat model. While we encourage attendees to have some insight into the development process, this course is relevant to cybersecurity professionals with varying levels of technical expertise. Participants will learn how Threat Modeling is relevant to overall Software Development Lifecycle, identify applicability for web applications of various complexity and understand how to break down the architecture into conceptual views for threat analysis. During the threat identification portion, participants will understand how OWASP Top 10, data privacy regulations and common audit requirements are addressed in the assessment with practical guide for risk rating, reporting and communication.
    The 6-hour course will cover:

    • What is Threat Modeling?: Introduction to Threat Modeling and how it is relevant to the Software Development Lifecycle and Security-by-design concept
    • How does Threat Modeling work across different web application complexities?: Applying Threat Modeling to simple web app and complex enterprise solutions, reviewing different slices and stages of Threat Modeling from “Lean Canvas for Threat Modeling” to a low-level attack tree and threats analysis
    • What are you assessing?: Understating architecture and its application; includes a hands-on exercise where we will define architecture for Acme web application
    • Identifying threats – what can go wrong?: STRIDE as the basis, working through OWASP top 10, data privacy regulations and common audit requirements; includes a hands-on exercise where we will identify threats for Acme web application
    • Addressing each threat: Qualitative and quantitative risk analysis, mitigation patterns and tangible action items; includes a hands-on exercise where we will conduct risk rating and mitigation for Acme web application
    • Practical guide for Threat Modeling: Best practices and tools for getting your team and stakeholders on board, including conducting a successful Threat Modeling workshop, do’s and don’ts, creating tech-friendly and business-friendly report

    By the end of this training course, you’ll be able to:

    • Identify design flaws and security gaps in your software
    • Create your own threat models and execute Threat Modeling workshop for your software
    • Generate actionable mitigation and security plan for your software

    This training course is for you because…

    • You want to learn how to perform security risk analysis on web application
    • You work with software development teams to improve security posture and increase resilience
    • You are a development or security manager who wants to lead their team towards security-by-design
    • You want to become an application security expert
  • Thursday, April 23, 2020
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast Roundtable – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:00 am

    This session is for our Advisory Council members only.

    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:30 am
    (ISC)2 Chapter Meeting and Guest Presentations: Open to All Attendees
    • session level icon
    Presenting: Y2Q Problem and Its Security and Operational Implications for the Enterprise
    speaker photo
    Founder & Director, Cybersecurity Research Lab, Ryerson University
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am

    Interested in your local associations? Join (ISC)2 for their monthly meet and greet. This opportunity is open to all SecureWorld attendees.
    Presentation:
    Quantum computing is an emerging technology that will present significant challenges for information security. Unfortunately, our understanding surrounding this new technology can be foreign and complex for those who are not experts in computer science, engineering, and/or quantum physics. This presentation is based on a knowledge translation project. The objective is to provide a practical introduction to the quantum threat in a clear and understandable manner. The project has three parts: the situation, analysis, and security roadmap. Part one explains what quantum computing is, the quantum threat, the impact on security, some quantum definitions and where quantum development is situated. Part two includes of an analysis of attack scenarios and mitigations and an examination of quantum key distribution, one of many positive impacts quantum computing. Part three is a roadmap that outlines important considerations for information security personnel when dealing with pending quantum threat.

    8:30 am
    [OWASP] Chapter Meeting and Guest Presentation
    • session level icon
    Presentation: Testing OWASP Juice Shop with ZAP and Burp Suite
    speaker photo
    Co-Leader, OWASP Toronto Chapter
    speaker photo
    Security Consultant, Security Compass
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Join us for a session where we will demonstrate how to test OWASP Juice Shop, a purposefully insecure web application and one of our flagship projects, with OWASP ZAP and Burp Suite, two application security testing tools widely used by industry professionals.
    If you are a beginner, come learn how to perform basic tasks such as intercepting web traffic, manipulating requests, viewing proxy history, and using tools such as Repeater and Intruder on Burp, or Request Editor and Fuzzer on ZAP.
    If you are already familiar with ZAP and Burp, come hear about some tips and techniques that can help you in your own assessments, learn about some advanced features of Burp/ZAP, or even share your own insights with the rest of the community.
    Take-Away:
    Know the tools to simulate threats to your application and identify the weaknesses to address.

    9:30 am
    [OPENING KEYNOTE] Executive Leadership Panel
    • session level icon
    Insider Threat: Are We Giving this Security Risk the Attention It Deserves?
    speaker photo
    CISO and CTO, Toronto Stock Exchange
    speaker photo
    Chief Security Officer, Huawei Canada
    speaker photo
    Director, Data Protection and Resiliency, Royal Bank of Canada
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    What is insider threat? How can organizations ensure these risk areas are mitigated? Are there techniques and tools that can help raise awareness and eliminate insider threat? During this panel discussion, we will define the different types of threat actors and identify potential options for reducing risk.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:15 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:15 am - 12:00 pm
    11:15 am
    Cybersecurity in Canada: The Evolution of Legal Trends & How to Respond
    • session level icon
    speaker photo
    Partner/ Attorney, Blake, Cassels & Graydon LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    As cybersecurity and privacy laws evolve, there is a growing need to stay abreast of the changing regulations and compliance obligations. This session will provide an overview of recent legal developments in Canada and best practices for addressing these regulatory changes within your organization.
    We will explore:

    • Recent cybersecurity and privacy legal developments in Canada
    • Governance-related best practices for responding to these new developments
    • Best practices for managing vendors
    • Making strategic decisions regarding cyber insurance
      Presentation Level:GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    Canadian Cyber Threat Exchange (CCTX) Meeting and Guest Presentation
    • session level icon
    Presenting: Sharing for Cyber Resiliency
    speaker photo
    Director, Business Development, Canadian Cyber Threat Exchange
    speaker photo
    Executive in Residence, Global Risk Institute; CFRO/CCO, Novera Capital, Risk Management Faculty, Schulich School of Business, York University
    speaker photo
    Executive Vice-President, Chief Information Officer, Toronto Hydro
    speaker photo
    CISO & VP, Manulife
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    The Canadian Cyber Threat Exchange (CCTX) is a sharing hub and collaboration organization that provides insight into cyber events directly impacting Canadian business, along with mitigation options and tools to combat identified threats. Learn about the CCTX and enjoy a special, CCTX-hosted guest presentation.
    Presentation: 
    Sharing is not hard to do and can make a world of difference for others. Come learn how the simple act of sharing in cybersecurity contributes to better cyber resiliency as a collective team. Listen to examples provided by Canadian Cyber Threat Exchange members about what they share and how it is making a difference as a community effort.

    11:15 am
    Navigating Maze: Can You Recover from Ransomware?
    • session level icon
    speaker photo
    IT Director & CISO, Maple Reinders Group
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    One-fifth of companies have been hit with ransomware, and yet most companies still rely on hoping they won’t be hit rather than addressing shortcomings and following best practices. The industry has said for years that “it is not if, but when you will be breached,” so let’s set some goals and follow some simple steps to at least make ourselves a less desirable target than the companies that are “giving in.” If we agree that protection is not a guarantee, then we must also accept that recovery is CRITICAL and that the work starts now.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    Security Crisis & Breach Readiness for the Enterprise
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    What is the difference between a security crisis and a Breach? How will your organization as a whole respond if crippled by ransomware or a breach of all PHI or Confidential Pii? During this discussion we will speak about some of the must have items in order to have a brilliant response to a cyber security incident that impacts the entire organization.

    12:15 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:15 pm - 1:00 pm
    12:15 pm
    [LUNCH KEYNOTE] The Changing Landscape of Cybercrime and Its Impact
    • session level icon
    speaker photo
    Detective Constable, Coordinated Cyber Centre (C3), Toronto Police Service, Former VP of IT at Capital G Bank
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    The average loss from a bank robbery is about $3,000. The average loss from a successful Business Email Compromise (BEC) attack is nearly $130,000. Numbers like that show why BEC and other cyber crimes are rampant and on the rise—and every type of organization is at risk.
    Join Kenrick Bagnall, Detective Constable of Toronto Police Service’s Coordinated Cyber Centre (C3), as he shares true crime examples of emerging cyber threats impacting the Toronto area, as well as some of the challenges that are inherent in this space.
    Kenrick will share insight into how the Toronto Police Service Cybercrime Unit is evolving to better support the community it serves. He will also discuss industry best practices that can help organizations prepare to face and respond to inevitable predatory cyber threats.
    The key audience take away will be to avoid complacency when it comes to defense against cyber threats and always have a response plan that is current, robust, tested and involves law enforcement in the process.

    1:15 pm
    [Panel] Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    1:15 pm
    [Panel] Emerging Threats – Hackers and Exploits and Phishing Attacks! Oh My!
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    We all have heard email is the #1 attack vector. Based on the numbers we are seeing; it is pretty indisputable. But what about the other stuff? Zero Day exploits still make headlines. New ransomware attacks every week. IoT devices are easily hacked. BEC/CEO fraud attacks are at an all time high. Will AI be a tool for the hackers? Join our panelists as they share knowledge on the current threatscape and make some predictions on what is coming soon to a network near you.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes and CyberHunt Winners Announced
    Registration Level:
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.

    3:00 pm
    Practical Considerations When Verifying Your Vendors’ Cybersecurity Controls
    • session level icon
    speaker photo
    Sr. Director, Client Security, Equifax
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.
    Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)

    3:00 pm
    When Cyber Attacks Get Physical
    • session level icon
    speaker photo
    CISO, Analytics 4 Life
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Advancements in technology, especially over the past decade, have resulted a significant increase in the number of connected devices worldwide. While there are plenty of conversations on cybersecurity of connected devices, they are mainly around data protection and privacy issues. The fact of the matter is, a percentage of these cyberattacks can cause physical harm to humans. Although this issue is important, it does not often get the attention it deserves.
    This presentation focuses on a few cyberattack scenarios on connected devices which may pose safety risks for the user/operator,
    including: connected cars, medical devices, collaborative robots and home networks.
    Increasing public awareness of these risks not only helps consumers make more informed decisions, but it also raises expectations of manufacturers to take cybersafety seriously.
    Presentation Level:
    GENERAL (InfoSec best practices, trends, solutions, etc.)
    3:00 pm
    (ISC)2 Chapter Meeting and Guest Presentations: Open to All Attendees
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    Interested in your local associations? Join (ISC)2 for their monthly meet and greet. This opportunity is open to all SecureWorld attendees.
    Details will be available soon.

Exhibitors
  • Alert Logic
    Booth:

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Arctic Wolf Networks
    Booth:

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOCTMservice is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.

  • Canadian Cyber Threat Exchange (CCTX)
    Booth:

    The CCTX was created to build a secure Canada where all organizations, both private and public, collaborate to reduce cyber security risks. We do this in two ways.

    First, through the CCTX Data Exchange we gather, enrich, analyze and share cyber threat information across business sectors and from other Canadian and international cyber threat sharing hubs. And we provide actionable cyber threat intelligence with a Canadian focus.

    Second, our CCTX Collaboration Centre is a unique forum for cyber professionals to solve problems by exchanging best practices, techniques and insights.

  • Cobalt.io
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Digital Shadows
    Booth:

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Endace
    Booth:

    Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • ISACA Toronto
    Booth:

    The ISACA Toronto Chapter, with 2800 plus members, is the largest chapter in Canada and the 5th largest in the world. As of 2017, it will have existed in the Toronto information systems audit, control and governance community for 40 years, and is one of the most active ISACA chapters serving IT Governance, Risk, Audit, and Security professionals.

    The aim of the Chapter is to sponsor local educational seminars and workshops, conducts regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the Greater Toronto Area.

    ISACA (previously the Information Systems Audit and Control Association) is a worldwide association of IS governance professionals. The association currently focuses on assurance, security, and governance and provides globally recognized certification in assurance (Certified Information Systems Auditor), security (Certified Information Security Manager), and governance (Certified in the Governance of Enterprise IT).

  • (ISC)2 Toronto
    Booth:

    Founded in 2013, the (ISC)² Toronto Chapter is an official chapter of (ISC)².  Based in Toronto, our purpose is to provide educational opportunities for management, operational and technical aspects of the information security field, and to support the mission of (ISC)².

  • Leading Cyber Ladies – Toronto Chapter
    Booth:

    Leading Cyber Ladies is a global non-profit organization who focuses on bringing more women into the cyber field through educational cybersecurity sessions, mentorship, speaking opportunities, networking and career opportunities through close partnership with the business sector and other groups in the cybersecurity community.

    While we are focusing on educating women, we are welcoming everyone, all genders and identities! Here we support each other in a friendly and encouraging environment. We are proud to partner with many sponsor companies across Toronto to bring our events to the community free of charge. Join our Meetup group for details on upcoming events!

    We are proud to partner with many sponsor companies across Toronto to bring our events to the community free of charge. Join our Meetup group for details on upcoming events!

  • Malwarebytes
    Booth:

    Malwarebytes secures endpoints, making workplaces resilient. Our adaptive attack protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. Visit us at www.malwarebytes.com/business.

  • Okta
    Booth:

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • OWASP Toronto
    Booth:

    The Toronto area chapter of The Open Web Application Security Project. Our core purpose: Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.

  • Stratejm, Inc.
    Booth:

    Stratejm is one of North America’s Premier Next-Generation Managed Security Services Provider (NGMSSP) delivering an innovative Cloud-based Security-as-a-Service (SECaaS); an end-to-end security platform that offers enterprise clients world-class Managed Detection & Response (MDR). Leveraging true Security Orchestration, Automation and Response (SOAR), Stratejm’s SECaaS implies machine learning and artificial intelligence to effectively and efficiently solve the “Security Challenge.” We’re bending the cost curve associate with building, evolving, operationalizing and optimizing an enterprise cybersecurity program.

  • TASK
    Booth:

    Toronto’s Security User Group TASK (Toronto Area Security Klatch) provides a forum for experts to encourage discussion and share expertise in understanding the latest trends and security threats facing computer networks, systems and data.

    Our membership includes Information Security practitioners, managers, network administrators, students, and anyone who is interested in learning more about securing information.

    We meet to discuss issues that we all share in common, including:

    • New technologies and products that impact information security
    • Emerging threats, and the vulnerabilities being exploited
    • Managing security
    • New laws and regulations
  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

  • Women Who Code Toronto
    Booth:

    Our mission is to inspire women to excel in technology careers. We envision a world where women are proportionally represented as technical leaders, executives, founders, VCs, board members, and software engineers.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Imran Ahmad
    Partner/ Attorney, Blake, Cassels & Graydon LLP

    Imran has a business law practice with a specialization in technology, cybersecurity, and privacy law. As part of his cybersecurity practice, Imran works closely with clients to develop and implement practical strategies related to cyber threats and data breaches. He advises on legal risk assessments, compliance, due diligence and risk allocation advice, security, and data breach incident preparedness and response. In addition, Imran acts as “breach counsel” in the event of a cybersecurity incident, such as a data or privacy breach. He also provides representation in the event of an investigation, an enforcement action, or a litigation.

    Imran has an active technology practice. He advises on licensing, outsourcing and service-provider arrangements, as well as on other commercial matters with respect to carrying on business over the internet, the cloud and the digital environment.
    In his privacy law practice, he advises clients on compliance with all Canadian federal and provincial privacy and data management laws. He has a particular focus on cross-border data transfer issues and enterprise-wide governance programs related to privacy and information governance.

    Imran is the author of Canada’s first legal incident preparation and response handbook titled "Cybersecurity in Canada: A Guide to Best Practices, Planning, and Management" (LexisNexis, August 2017). He is fluent in English, French, and Hindi.

  • speaker photo
    Helen Oakley
    Leader in Cybersecurity

    Helen Oakley is a cybersecurity enthusiast, researcher and educator. Helen is a well-known expert in Toronto’s cybersecurity community, and a regular speaker at Elevate, SecTor, and corporate cybersecurity and technology events; she is currently on the advisory board for SiberX’s “Canadian Women in Cybersecurity” conference. Helen holds a leadership security role at a global leading software provider and is a Co-Founder of SecurePanda.ca – a company with an innovative approach to web application security. Helen is currently working on her own Artificial Intelligence cybersecurity research project and strongly believes in giving back to the community. Helen is a lead of Toronto’s community group “Leading Cyber Ladies” and HackStudent.com teacher, which is a non-profit organization that educates kids in cybersecurity skills.

  • speaker photo
    (ISC)2 Local Chapter

    The International Information System Security Certification Consortium, or (ISC)², is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization."

  • speaker photo
    Dr. Atefeh (Atty) Mashatan
    Founder & Director, Cybersecurity Research Lab, Ryerson University

    Dr. Atefeh (Atty) Mashatan is the Founder and Director of the Cybersecurity Research Lab at Ryerson University. SC Magazine recognized her as one of top five Women of Influence in Security globally in 2019. She joined the School of Information Technology Management of Ryerson University in 2016 focusing on Information Systems Security, Cryptography, and Combinatorics. Prior to joining Ryerson, Dr. Mashatan was a Senior Information Security Consultant and Solutions Architect at CIBC (Canadian Imperial Bank of Commerce) with a focus on cryptography and enterprise architecture, evaluating proposed and existing security systems. Prior to that Dr. Mashatan was a Scientific Collaborator at the Security and Cryptography Laboratory of School of Computer and Communication Sciences, EPFL (Swiss Federal Institute of Technology, Lausanne), where she conducted research into cryptographic protocols. She is a Certified Service Oriented Architect (SOA) with Honours and holds a Certified Information Systems Security Professional (CISSP) certification from the International Information Systems Security Certification Consortium (ISC2).

    The Cybersecurity Research Lab (CRL) is an academic research lab at Ted Rogers School of Management at Ryerson University. The CRL conducts cutting-edge information security research, provides training for the next generation of cybersecurity experts, and is spearheading a crucial and ongoing dialogue with the Information and Computer Technology (ICT) industry in Canada. The lab is led by Dr. Atefeh (Atty) Mashatan, and is recognized for its strong partnerships and linkages to industry. Its mission is to help organizations, large and small, to find innovative and cost effective cyber risk mitigation strategy and solutions. The lab’s research expertise is in Cryptography, Blockchain Technology, Quantum-resistant solutions, Machine Learning and its applications in Cybersecurity, Enterprise Security Architecture, and Security of Internet of Things (IoT).

  • speaker photo
    Yuk Fai Chan
    Co-Leader, OWASP Toronto Chapter

    Yuk Fai Chan is Co-Leader of the OWASP Toronto chapter, where he actively promotes software security within the Toronto community. Professionally, Yuk Fai is a Co-Founder at Proack Security Inc., a Toronto-based information security consulting firm. He specializes in application security, penetration testing, threat modelling, security incident simulations and breach preparedness. Previously, Yuk Fai was a Director in the Cybersecurity & Privacy consulting practice at PwC Canada, with proven experience advising clients across the financial, telecommunications, power, mining and retail industries. He has also worked as a Security Consultant at Security Compass, helping clients on secure software development. Yuk Fai is an Offensive Security Certified Professional (OSCP) and GIAC Certified Forensic Examiner (GCFE).

  • speaker photo
    Bobby Modha
    Security Consultant, Security Compass

    Bobby Modha is a Security Consultant with Security Compass. He specializes in security assessments in the application security space including web application, APIs and mobile app penetration testing. In his spare time, Bobby enjoys working on personal projects such as developing scripts and participating in capture-the-flags.

  • speaker photo
    Moderator: Bobby Singh
    CISO and CTO, Toronto Stock Exchange
  • speaker photo
    Olivera Zatezalo
    Chief Security Officer, Huawei Canada

    Olivera Zatezalo is the Chief Security Officer at Huawei Canada, and her responsibility is to ensure Huawei Canada’s operations is compliant with Canadian cyber security laws and regulations. With over 20 years of experience in the telecommunication industry, Olivera is best known for creating value through collaborative leadership style, agile execution, and for her global cyber security expertise. Up until joining Huawei Canada, Olivera was responsible for cyber security governance, management and operations within an international communication provider operating in Canada, US, UK and France, and was a member of Canadian Security Telecommunication Advisory Committee. Olivera holds Masters in Electrical Engineering from University of Belgrade and is a Certified Information Security Manager.

  • speaker photo
    Steve Magowan
    Director, Data Protection and Resiliency, Royal Bank of Canada

    Steve Magowan is Director of Data Protection with the Royal Bank of Canada. A Veteran of the Canadian Airforce, since retiring Steve has spent the past 20 years engaged in a wide assortment of Risk Focused, Data Protection, Security Architecture & Enterprise Risk Management initiatives.

    Including the remediation of active security threats under live security breach conditions, Architecting a multi-petabyte, field level enterprise data encryption and data protection program for RBC, as well as developing leading edge Data Protection, Data Governance, Governance as a Service and Risk Management tactics through the power of Big Data, using Data Science, Artificial Intelligence and Machine Learning techniques to enable solutions to previously unsolvable problems with adaptive, effective strategies, that align with the business and enable their goals.

    Steve has experience leading Innovation and Forward Thinking Progress across multiple industries including aviation, large energy, mining, automotive, telecom and banking.

  • speaker photo
    Imran Ahmad
    Partner/ Attorney, Blake, Cassels & Graydon LLP

    Imran has a business law practice with a specialization in technology, cybersecurity, and privacy law. As part of his cybersecurity practice, Imran works closely with clients to develop and implement practical strategies related to cyber threats and data breaches. He advises on legal risk assessments, compliance, due diligence and risk allocation advice, security, and data breach incident preparedness and response. In addition, Imran acts as “breach counsel” in the event of a cybersecurity incident, such as a data or privacy breach. He also provides representation in the event of an investigation, an enforcement action, or a litigation.

    Imran has an active technology practice. He advises on licensing, outsourcing and service-provider arrangements, as well as on other commercial matters with respect to carrying on business over the internet, the cloud and the digital environment.
    In his privacy law practice, he advises clients on compliance with all Canadian federal and provincial privacy and data management laws. He has a particular focus on cross-border data transfer issues and enterprise-wide governance programs related to privacy and information governance.

    Imran is the author of Canada’s first legal incident preparation and response handbook titled "Cybersecurity in Canada: A Guide to Best Practices, Planning, and Management" (LexisNexis, August 2017). He is fluent in English, French, and Hindi.

  • speaker photo
    Canadian Cyber Threat Exchange (CCTX)

    The Canadian Cyber Threat Exchange (CCTX) is a sharing hub and collaboration organization that provides insight into cyber events directly impacting Canadian business, along with mitigation options and tools to combat identified threats. Learn about the CCTX and enjoy a special, CCTX-hosted guest presentation. Details available soon.

  • speaker photo
    Moderator: MJ Couldridge
    Director, Business Development, Canadian Cyber Threat Exchange

    MJ Couldridge is the Director of Business Development for the Canadian Cyber Threat Exchange. The CCTX is Canada’s threat sharing hub for all companies doing business in Canada. It provides analysis and enables collaboration of cyber security insights impacting Canada. Providing both a cross-industry and by-industry context, it serves small, medium and large organizations across the country contributing to cyber resiliency.
    Before joining the CCTX, MJ was the Vice President of Partnerships at two cybersecurity start-ups in North America and a Global Director at IBM for Workplace Services and Mobility.

  • speaker photo
    Lois Tullo
    Executive in Residence, Global Risk Institute; CFRO/CCO, Novera Capital, Risk Management Faculty, Schulich School of Business, York University
  • speaker photo
    Robert Wong
    Executive Vice-President, Chief Information Officer, Toronto Hydro

    Robert Wong is EVP & CIO at Toronto Hydro, responsible for information technology, operational technology, cyber security, and telecommunications. Robert was also Chief Risk Officer, responsible for corporate enterprise risk management, strategic planning, corporate governance, and business continuity.
    Robert is on the Board of Directors of Canadian Cyber Threat Exchange and its Finance and Audit Committee.
    Robert holds Bachelor of Applied Science Degree in Electrical Engineering from the University of Toronto, Master of Business Administration Degree from the Schulich School of Business at York University, and Chartered Director designation from The Directors College (a collaboration between McMaster University and The Conference Board of Canada).

  • speaker photo
    Greg Thompson
    CISO & VP, Manulife
  • speaker photo
    Kevin Dreyer
    IT Director & CISO, Maple Reinders Group

    Kevin Dreyer is an IT Director and CISO with over 25 years of industry experience for a General Contractor securing a national network and its 400 users across a hybrid cloud infrastructure. He fell in love with computers at age 12 when a cousin introduced him to programming, and has never looked back. Having dropped out of college due to the lures of the darker side of computer security, he has spent his adult life working on the defensive side while finishing a college diploma and working on certifications from IBM, Cisco, Novell, Microsoft, Mile2, and finally CISSP about two years ago.

  • speaker photo
    Kenrick Bagnall
    Detective Constable, Coordinated Cyber Centre (C3), Toronto Police Service, Former VP of IT at Capital G Bank

    Kenrick has been a member of the Toronto Police Service since April of 2006 and currently serves as an investigator in the Coordinated Cyber Centre (C3) section of Intelligence Services. Before this Kenrick spent 20 years in the Information Technology industry primarily in the financial services sector, holding positions of Senior Network Analyst, Information Technology Manager and Senior Vice President of Information Technology.
    Kenrick is also an Associate Professor at George Brown College where he instructs the Cybersecurity Security Certificate program and also lectures on the University of Toronto Global Professional Master of Laws, Innovation, Law and Technology program.
    Kenrick’s background in Information Technology combined with his Law Enforcement experience has uniquely positioned him as an investigator, instructor and presenter on technology, information security and cyber investigations.

  • speaker photo
    Arif Hameed
    Sr. Director, Client Security, Equifax

    Arif Hameed is Senior Director at Equifax, where he leads a team that handles client cybersecurity due diligence activities including questionnaires, audits, remediation support, security schedules, etc. Prior to his role at Equifax, he worked at two of the largest banks in Canada in Security Advisory, IT Risk, Third Party Cyber Risk, and IT Audit.

  • speaker photo
    Adel Danesh
    CISO, Analytics 4 Life

    Adel Danesh has over 20 years of experience in IT and information security. Over the course of his professional career, he has been holding information security leadership roles in various organizations and spearheaded mission critical security and infrastructure projects. In his current job, Adel is a CISO at Analytics For Life, a medical research firm that is developing an innovative medical device for diagnosis of cardiovascular diseases. He is leading the information security program which is aimed at implementing cybersecurity best practices in the design and operation of the medical device as well as protecting the organization against cyberattacks . Adel is the first elected president of (ISC)2 Toronto Chapter. The chapter has grown exponentially since it’s inception in 2012 and now has over 1500 members. Adel also has written articles that are published in a renowned information security magazine.

  • speaker photo
    (ISC)2 Local Chapter

    The International Information System Security Certification Consortium, or (ISC)², is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization."

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store