Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday
Biography: Owais is a security consultant having over 7+ years of experience in Cybersecurity domain. He has provided services to multiple entities ranging from Government organization to financial institutes to Oil and Gas industry. His core area of interest is penetration testing, application security and incident response.
Title of your talk: Breaking and Fixing .net Web Apps
The technology landscape around the globe is changing rapidly by every year passing by. As per statistics, 4.57 Billion or almost 58% of the world’s population (fig 1.1) are able to utilize internet by web applications as source of information for their daily life through their desktop browser or their mobile phone browsers.
With the current pandemic, the business model of most of the organizations have shifted from in-person or physical appearance to virtual. This however lowered the risk of spreading of virus as well as helped business to continue without urther hindrances.
With that said and regardless of pandemic, every business unit or functions had always stressed out to provide cost effective solutions to customers while taking care of ease of access. Web applications here play an important and vital part in providing ease of access to consumers for almost every daily life tasks.
From Owais Mehtab MVC .NET Secure Coding paying bills, to booking appointments and tickets. From watching movies to
registering yourself for vote. With this rapid growth of technology, organizations have always been competing with their competitors or taking advantage of situation to release certain portal/application in short span of time. While the deliverables are planned in such a manner to meet the business objective, often the security side of the business are either neglected or considered right after the applications are compromised or sensitive user data is exposed.
The presentation/talk will focus concepts of secure programming. This involves looking at a specific piece of code, identifying a security flaw, and implementing a fix for flaws found. It covers the some of the most common issues identified in penetration testing of web application and coding bad practices that results in introducing the vulnerability as well as how to avoid those issues with examples.
Biography: Bhuvana has been working in different facets of cybersecurity implementation, consulting, and operations management over the past 15 years. Based on her experience working with multiple Fortune 500 customers, she understands the diverse needs of multiple verticals within cybersecurity. She has delivered multiple proposals and led many identity-management projects across North America.
Bhuvana’s primary areas of interest include operations management and identifying, improving the maturity of a given landscape based on risk assessment.
Topic: Mature IAM in this era of work from home
Abstract: Yes, it would be great if we had the best of class implementation in our company’s application landscape all set and ready to address the needs of this pandemic. While no company will ever be 100% ready to handle a problem this big, most companies struggle to get the basics right. This talk will focus on what steps an organization can follow based on their current maturity. What are the non-negotiables during a pandemic and what long term objectives should the organization focus on in terms of identity and access management in this era.
Biography: Hani Mansi has focused his thirty career on the transformation, management and optimization of cyber security Programs for Financial, Health Care, Telecommunication, Utilities and Government. Hani is the Chief Information Security Officer for the City of Edmonton – a modern municipal corporation that provides services to almost one million residents. In his role, Hani provides corporate leadership for Information Technology and Critical Infrastructure cyber security governance, strategy, incident response, assurance, architecture and operations. In addition, Hani oversees Digital Ethics as well as Disaster Recovery.
Biography: In her 16 years’ experience as an academician and a Senior Security Researcher, Dr. Navneet Kaur Popli has worked on and studied cutting edge technologies for cyber-attack and defence. She has analysed a number of attacks for both private organisations and governments giving them solutions and preparing them for future risks. In her academic career as an Assistant Professor, she has trained and mentored students about present and emergent threats and defences. She has participated, facilitated and spoken in many international conferences, seminars and workshops. Her work is published in many journals of repute. She was instrumental in creation of a ‘Cyber Security Research Cell’ in her institute which encourages students to explore both present and future trends in cyber security.
Abstract: AI and ML – New Weaponry in the Defence Armour
“IN THE GAME OF CYBER ATTACK AND DEFENCE, AI AND ML ARE THE NEW GOAL KEEPERS”
Since time immemorial, cyber security professionals have followed a military approach to defence - establishing firewalls, hardening the perimeter and patching the system. Recent high profile attacks have shown that we must move from military terminology to biology basics. We must try to build a solid immune system for our networks using artificial intelligence and machine learning. Sifting through hoards of data we can find solutions which can defend us not only against present attacks but also completely unknown and novel ones. Since attackers are trying new methodologies all the time, this new weaponry of AI and ML will surely make defence armour agile and strong.
Biography: Martin Dinel is a trusted and experienced information technology and cyber security professional with over 32 years of leadership experience in the Information and Technology industry. As Chief Information Security Officer for the Government of Alberta since August 2015, Martin is defining the Government of Alberta’s vision and strategy to counter the cyber threat and ensure that the information of Albertans is well protected. This year, his role with the government expanded when he was assigned to the Government of Alberta’s COVID-19 pandemic response team as the Service Alberta representative, and later on, when Data Analytics, Artificial Intelligence, Robotics Process Automation, Modernization and Rationalization, Alberta Digital Service, and Provincial Telecommunication were added to his busy portfolio focused on the modernization and security of government digital services. During his tenure as CISO, Martin has also occupied various executive roles as a member of the National CIO Subcommittee on Information Protection, a committee that includes peers from the federal, provincial, territorial, and municipal governments across the country, acting as Chair for 3 of the past 5 years.
Biography: Tim McCreight MSc CISSP CPP CISA
Tim is the Acting Director and Chief Security Officer for The City of Calgary. He brings over 35 years of experience in the security industry and is recognized as one of North America’s leading Enterprise Security Risk Management (ESRM) evangelists. Tim is also a member of the Global Board of Directors for ASIS, and is the global sponsor for Enterprise Security Risk Management (ESRM) and Digital Transformation within ASIS.
Throughout his career Tim has held executive positions at several organizations, notably as the Chief Information Security Officer (CISO) for the Government of Alberta, and as the Director, Enterprise Information Security for Suncor Energy Services Inc. Recently Tim was the owner of Risk Rebels, a global security consulting practice, and a Principal Consultant at Online Business Systems.
Tim was awarded his Master of Science in Security and Risk Management (with Merit) from the University of Leicester and attained his CISSP, CPP, and CISA security designations.
Tim is sought after industry spokesperson and writer, having presented as a keynote speaker at conferences across North America on such diverse topics as enterprise security risk management (ESRM) and implementing enterprise security programs. He is also a regular columnist for Canadian Security Magazine and is seen as a trusted source for security news and information by media outlets across North America.
Biography: Adam is a multi-decade information technology and risk management professional, who pays large sums of annual maintenance fees to many IT and Security organizations. An observer of human nature, aficionado of electrons, and taker-aparter-of-things, Adam believes that all Information Security and Technology professionals can be amazing communicators, and respected for their knowledge and expertise.
Title of your talk: Crisis Communications in the Time of Plague.
Stress. Speed. Interference. When the world is falling apart and everyone is full of panic, have you ever felt like your important message isn’t being received or understood? We’ll explore strategies for security and technology professionals to deliver stunning communications that influence decision makers, and encourage action.
Biography: Jason has been architecting, designing, and deploying security technologies that secure the most complex computing environments for almost 2 decades. His understanding of technologies, people, and process enable him to deliver effective, comprehensive security solutions that align to an organizations security goals and strategic imperatives. Jason is adept at addressing a range of risk profiles across industry verticals; skills he has cultivated as an end-user security practitioner, partner/integrator, and now manufacturer as Senior Technical Solutions Architect, Cybersecurity for Cisco Systems. Jason is also active in the direct community speaking at BC Aware, Privacy and Security Conference, and has delivered sessions at BSides. Jason also holds over 75+ designations across a variety of products and technologies including the CCIE designation.
Title of your talk: Security Knows Viruses but the Pandemic Introduces New Challenges to Security Teams
The pandemic has forced the world into the largest ever IT based proof of concept extending IT/Security teams to adopt these capabilities at scale in minimal time. The rush to add capacity and capabilities has highlighted the super hero strength of these teams but the adversary has also seen this shift as an opportunity to maximize revenue. We have seen the adversary transition their capabilities at super hero rate with strong focus on the pandemic and its outcomes. The industry has proven that WFH is viable and sees this trend continue well after the pandemic is over – security is imperative. This session discusses some of the things the defender should consider when extending their capabilities to support work from home efforts currently in place with the ability to support this longer term.
Biography: Rachel Hayward, Director, Compliance and Special Investigations
With more than 15 years of experience in public and private sector privacy, Rachel now oversees the OIPC’s review of breach reports, privacy impact assessments, investigations generated by the Commissioner and offence investigations. Prior to her senior leadership role, Rachel managed high profile investigations, including the office’s largest offence investigation which resulted in 38 charges under the Health Information Act and additional criminal charges. Rachel holds a Master of Public Administration, and is a Certified Privacy Professional (Canada) and Information Privacy Manager. She is also trained in risk and information systems control, and was recently awarded the status of Fellow of Information Privacy by the International Association of Privacy Professionals.