Mon Sept 25 - PIC 120/122

8:00-4:00

PIC Atrium

8:00-9:00

PIC Atrium

Start the morning with a light breakfast and some tea or coffee with your fellow attendees.

9:00-4:50

PIC Atrium

CTFs are entertaining, and professionals use them worldwide to enhance their soft and technical skills. Come participate individually or as a team!

9:00:9:15

(PIC 120/122)

Welcoming everyone and morning announcements.

9:15-9:50

(PIC 120/122)

9:50-10:30

(PIC 120/122)

Have you heard mention of Supply-chain Levels for Software Artifacts (SLSA)? If you have, but you are unsure what exactly they are asking for, this talk is for you. I’ll explain what the SLSA framework is, how it fits into your development process, and a variety of tools you can use to attest your desired level of SLSA. In addition I’ll go over the changes from SLSA version 0 to SLSA version 1.0, most notably that instead of one SLSA Level (1-4), there are now separate tracks (Build 1-3, Build 4, Source)

9:50-10:30

PIC - 232

Just the mention of AI (Artificial Intelligence) may conjure up fears for some security professionals. How about the rest of us who are new to security and just heard of AI? This talk will try to provide a peace of mind basic understanding of AI and how we can handle and control it. Then, we can turn on the light and see the bright side of AI. Finally, be one with AI to harvest its Power.

10:30-11:15

(PIC 120/122)

Mental health in the cybersecurity industry is becoming an important topic of concern. Many of us struggle to cope with the demands of our jobs, long hours, and ambiguity of our decisions, to name a few. Our relationships begin to suffer, stress, anxiety, and symptoms of depression begin to appear, and we don't know where to turn. To help as many people as possible, a diverse group of panellists will share multiple perspectives, thoughts and actions around their journeys navigating their mental health. By the end of the panel, the panellists will equip you to start exploring ways to help yourself and help those around you.

11:15-12:00

PIC - 232

In 2021, Business Email Compromise (BEC) scams led to roughly $2.4 billion in global cyber losses, compared to $49.2 million from ransomware. Yet, many still believe that ransomware is the biggest threat facing their business. This talk details a real incident I handled where a BEC culminated in a small business losing almost 1 million dollars. I will tie the incident to the MITRE ATT&CK Cloud Matrix, detail common indicators of compromise for BECs, and provide technical and administrative controls to manage risk around BECs. This talk will provide you with the motivation and tools to convince your organization to better protect itself against this increasingly common and severe attack

11:15-12:00

(PIC 120/122)

In this session we will learn about adversarial emulation and how both red and blue teams can benefit from it use. We learn about the tools available to us and then build out an operation leveraging Open Source and Commercial tools without preventive capabilities. We will then review the adversarial outcomes which includes reviewing the outcomes on our passively deployed Security portfolio. The knowledge gained ensures defensive teams understand the opportunity to increase our defenses. We will then turn on our preventive capabilies across a variety of security technologies and perform the test again reviewing the results. Understanding how the adversarial approaches their victim and defenders’ ability to layer defense is a recipe for success.

12:00-1:00

PIC Atrium

Come enjoy lunch with your fellow attendees!

1:00-1:50

(PIC 120/122)

As organizations increasingly adopt hybrid architectures and microservices, the number of APIs utilized within their ecosystems continues to grow at an exponential rate. This phenomenon, known as API sprawl, poses significant challenges in terms of security, governance, and efficiency. But of them all, API security might require the most urgent response.   For organizations trying to secure their APIs, multi-cloud complexity and difficulty enforcing consistent security top the list of challenges according to F5’s State of Application Strategy Report (2023). To address the security challenges of API sprawl, organizations need to adopt a more holistic app and API security strategy for their organization including components that deliver runtime protection, posture management, and help integrate security and code testing earlier in the software development lifecycle.  Join this session to hear from Peter Scheffler, Sr. Solutions Architect at F5 and learn:  · What makes APIs such a target  · What makes protecting APIs so difficult  · Elements of a good API security practices  · How to augment existing app security infrastructure to protect APIs  · Capabilities organizations should be considering for comprehensive API security · The role of AI/ML in API security today 

1:00-1:50

PIC - 232

As cyberattacks grow in volume and complexity, artificial intelligence (AI) is helping under-resourced SecOps analysts to stay ahead of threats by leveraging machine learning and natural language processing to curate threat intelligence from millions of research papers, blogs and news stories to cut through the noise of daily alerts and drastically reduce response times. AI is also used to model the attacker modus operandi –reconnaissance of your digital presence followed by attacks on areas of weakness. Please join as we share how IBM Security is employing AI technologies to identify, protect, detect, and respond to rapid escalation of cybersecurity threats that threaten businesses, organizations, and governments across Canada.

1:50-2:30

(PIC 120/122)

Next to AI, "Zero Trust" and OT/ICS Security continue to be among the hottest topics in cybersecurity. It seems like everyday there is a new offering or recommendation around "Zero Trust" for OT. But what exactly is "Zero Trust" in OT and how do we apply modern "Zero Trust" principles in an environment that is often change averse and many years behind the cybersecurity curve? Let's define "Zero Trust" and talk about what it *really* means in an OT context, what is already in place to support it, and how we can practically and meaningfully improve security in these environments. There is no magic bullet, but it isn't an all or nothing proposition either, I will discuss ways that we can both leverage existing architecture and technology and set ourselves up for future success.

1:50-2:30

PIC - 232

In this presentation, Michelle will take us on a journey through time from 1784 right up to today and what Security Controls have been put in place to protect our Physical systems, now interconnected: Cyber-Physical. She will paint a picture that will logically demonstrate that focusing on Risk, and then creating mitigations by having contextual understanding of the physical environments with OT is the next step in Security Evolution. Michelle will leave the audience with Top 5 Actions to ensure Operational Security with an emphasis of building an OT Risk and Security Program.

2:00-4:00

PIC - 233

Join Veeam as we delve into a true-to-life scenario where a user's innocent act of opening an email attachment triggers a destructive ransomware attack. Discover the power of Veeam Backup & Replication™ as we showcase its ability to rapidly respond to such incidents. Learn how to navigate the recovery process seamlessly and witness how Veeam empowers organizations to swiftly bounce back from security breaches, ensuring minimal disruption to daily operations.  * Please note: you are required to bring your laptop for this lab. Register Here: https://www.eventbrite.com/e/ransomware-recovery-workshop-tickets-710549672197?aff=oddtdtcreator

2:30-3:15

(PIC 120/122)

This presentation explores widespread usage of AI platforms and the rising concerns of personal data exposure. We analyze some of the statistics related to these, and examine the current state protection and limitations provided by the data privacy laws and the end-user agreements. Also, we will briefly discuss how data privacy laws are adapting to the AI era. We also offer practical best practices for users and organizations to secure data while utilizing AI platforms responsibly. Attendees will gain insights into data exposure, legal frameworks, and actionable strategies to navigate the AI-data privacy intersection confidently.

2:30-3:15

PIC - 232

#CyberIsTheNewDisaster - with the increase in the quantity and sophistication of cyber events it is more important than ever to ensure you are not only doing everything you can to find the problem before it becomes on but, should the worst happen, enable yourself to recover from the event in a timely manner. This session will focus on the three pillars of Cyber Resilience: Information Security, Data Protection & Cyber Recovery and cover not only best practices but also lessons learned.

3:15-4:00

(PIC 120/122)

There's two types of technology practitioners, those who have lived through a major incident, and those who haven’t lived through a major incident yet. Whether it’s ransomware, a fire in a datacenter, the collapse of a cloud provider, the discovery of a vulnerability in a popular product two days before a holiday... we’ll never run out a ways for incident response to push adrenaline and cortisol into our blood streams, and the timing is never convenient. In this session we’ll tell stories and explore lessons from Adam’s decades of participating in major incident response across a multitude of companies. We’ll explore how to manage conflict, how to ask the right questions at the right times, and how to deliver our best selves under pressure.

3:15-4:00

PIC - 232

My talk is based on cartoons in cyber security and sharing core and important cyber security concepts from people, process, technology perspective to the audience in that fashion. I have leveraged famous themes/cartoons to share the life of a cyber professional, how risk management is done, what are the threats facing the world today, the world of geeky nerds, privacy, cyber warfare, cyber political satire in an all in one presentation. This is my attempt to go little off beat from serious cyber talks and pave the way for learning by laughing and also a humble attempt to become a cyber comedian.

4:50-7:30

PIC-340 Patio

Speaker and those with VIP tickets may come join the Volunteers for drinks and a light dinner after our first day.

8:00-9:00

PIC Atrium

Start the morning with a light breakfast and some tea or coffee with your fellow attendees.

8:00-3:00

PIC Atrium

9:00-4:50

PIC Atrium

CTFs are entertaining, and professionals use them worldwide to enhance their soft and technical skills. Come participate individually or as a team!

9:00:9:15

(PIC 120/122)

Welcoming everyone and morning announcements.

9:15-9:50

(PIC 120/122)

9:50-10:30

(PIC 120/122)

I’ll discuss why APIs are a leading attack vector for data breaches against well protected organizations. The API economy continues to explode in growth, organizations diligently believe they are safe from attack, yet a flaw is present that continues to lead towards data breaches. You’ll learn why APIs require specific tools and techniques to successfully find vulnerabilities so that they can be protected.

9:50-10:30

PIC - 232

In the fast-paced world of technology sales, a critical yet often overlooked role exists: pre-sales engineering. This presentation aims to uncover the hidden potential of pre-sales engineering, providing valuable insights into how to enter this domain, why it stands as an exceptional career choice, and the essential attributes required to excel in this often underappreciated field.

10:30-11:15

(PIC 120/122)

Bill C-26 creates a legal framework for Federal oversight of cybersecurity planning by critical infrastructure operators. This presentation will cover the proposed bill, ramifications, and how maturing security operations capabilities will support compliance.

10:30-11:15

PIC - 232

Cyber breaches, such as ransomware, can have devastating financial and reputational impacts for organizations. These financial and reputational risks for CFOs, and other financial and executive leaders in the organization, should raise questions regarding the preparedness of their organization on how to respond to a cyber breach. KPMG (Incident Response and Forensics), have assisted numerous clients from all sectors and sizes in the response to and recovery from cyber breaches. The learnings from these breaches are valuable to organizations to improve cyber maturity and ready incident response practices to be better prepared to respond to and manage the inevitable cyber breach. The panelists will be able to share lessons learned, best practices and current trends. The panel will also be able to comment on questions, such as when to pay or not to pay ransom demands, changes to privacy legislation, the challenges of obtaining and maintaining cyber insurance, and more. Cyber breaches, such as ransomware, can have devastating financial and reputational impacts for organizations. These financial and reputational risks for CFOs, and other financial and executive leaders in the organization, should raise questions regarding the preparedness of their organization on how to respond to a cyber breach. KPMG (Incident Response and Forensics), have assisted numerous clients from all sectors and sizes in the response to and recovery from cyber breaches. The learnings from these breaches are valuable to organizations to improve cyber maturity and ready incident response practices to be better prepared to respond to and manage the inevitable cyber breach. The panelists will be able to share lessons learned, best practices and current trends. The panel will also be able to comment on questions, such as when to pay or not to pay ransom demands, changes to privacy legislation, the challenges of obtaining and maintaining cyber insurance, and more.

11:15-12:00

(PIC 120/122)

Join Martin Dinel and Dan Woods for this Fireside chat.

11:15-12:00

PIC - 232

Anyone researching enterprise mobility will eventually come across the terms BYOD, CYOD, COPE, COSU and COBO (and a few more). The acronyms themselves are simple: BYOD is Bring Your Own Device; CYOD is all about choosing your own device; COPE is corporately owned/personally managed; COBO is a company owned/only business; COSU is a company owned/disposable company. Beyond that, there is little agreement about their meaning.

12:00-1:00

Lunch Area

Come enjoy lunch with your fellow attendees!

1:00-1:50

PIC - 232

While preventative cybersecurity tools play a crucial role in safeguarding our systems, we must recognize the indispensability of data protection as the ultimate fallback when these measures fail. Effective data protection practices not only mitigate the potential impact of a breach but also ensure compliance with regulations, build customer trust, and safeguard the confidentiality, integrity, and availability of data. By embracing data protection as the foundation of cybersecurity, organizations can fortify their defenses against evolving cyber threats and position themselves as responsible custodians of sensitive information. Let us explore why data protection is the foundation of cybersecurity and why it deserves our utmost attention.

1:00-1:50

(PIC 120/122)

The presentation will commence with a brief introduction outlining the diverse range of cyber risks the organization is currently facing. We will then transition into a discussion on building a cyber program founded on risk, emphasizing the integration of Zscaler's comprehensive security solutions, aligning with Zero Trust principles. Following this, we will delve into understanding how the organization life cycle effectively manages the program and establishes robust reporting mechanisms to gauge and mitigate risks.

1:50-2:30

(PIC 120/122)

Moderator: Nickkisha Farrell-Myles Panelists: Celia Wanderley Prashant Prashant Pooja Shah Mashhood Ahmed Organized by: WiCyS Western Canada Affiliate

1:50-2:30

PIC - 232

Endpoint detection and response (EDR) is a key part of any security program. But with so many choices out there, it can be confusing to choose a solution. This is true for new implementations, and when you're evaluating whether it's time to replace or upgrade your legacy solution. Join cybersecurity expert Nick Jaldevi for a practical, vendor-agnostic look at issues to consider and questions to ask before you invest in an EDR or XDR solution. The tips you pick up here will save you time, effort, and even money down the road!

2:30-3:15

(PIC 120/122)

The talk will cover basics and some advanced concepts of attacking an android application and how in real world an android application is tested for vulnerabilities and exploited out in the wild.