The bad guys are a lot more organized than we think, we are targeted now more than ever!FR
Stephane Asselin CrowdStrike
11:00am
Capturing the Flag: Team Building via Competitive LearningEN
Chris Carlis & Mike Connor
12:15pm
Stop Trying to Boil the Ocean; Making Better Risk Decisions to Prevent Future Cyber AttacksEN
Seth Matheson Tenable
1:30pm
Évitez le banc des accusés: Un guide pour les gestionnaires de cybersécuritéFR
Vanessa Henri
2:30pm
CISOs Panel - How to secure our dataEN
Justin Grudzien Shruti Gupta Kendra Cooley Mehdi Talei
3:30pm
The Missing Pieces to Building and Adopting AppSec CapabilitiesEN
Jon Shapransky
4:30pm
La souveraineté de nos donnéesFR
Stéphane Garneau
5:30pm
Simplifying Cybersecurity Through ConsolidationEN
Victor Tavares
Master of ceremony: Steve Waterhouse
Speakers
Stephane Asselin
Speaker
Chris Carlis
Speaker
Mike Connor
Speaker
Seth Matheson
Speaker
Vanessa Henri
Speaker
Shruti Gupta
Panelist
Justin Grudzien
Panelist
Kendra Cooley
Panelist
Mehdi Talei
Panelist
Jon Shapransky
Speaker
Stéphane Garneau
Speaker
Victor Tavares
Speaker
Steve Waterhouse
Master of Ceremony
Stephane Asselin
Biography
Stephane Asselin, with his 29 years of experience in IT, is the Country Manager for the entire CrowdStrike Canada Engineering Technical Team. He has national responsibility for Canada for a team that works with customer at planning, designing, and implementing Security solutions and all processes involved. At CrowdStrike, Mr. Asselin works with top Canadian strategic customers and partners, enabling them on all Modules of the CrowdStrike platform, developing technical expertise and helping them secure their local and remote workforce.
Chris Carlis
Biography
Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. These experiences lead Chris to co-found Dolos Group with a focus on Red/Purple Teaming, security education and training. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, FS-ISAC, and various B-Side events. He is a perennial volunteer at the Thotcon conference in his native Chicago and helps to organize multiple Chicagoland “BurbSec” information security monthly gatherings.
Mike Connor
Biography
Mike is an Application Penetration Tester at Principal Financial Group with over 10 years experience in information security analysis, research, and security testing. Mike has spent his career promoting security education by creating, designing and hosting challenges for Capture the Flag (CTF) competitions at infosec conferences across the globe.
Seth Matheson
Biography
Seth Matheson is Tenable's Distinguished Security Engineer and supports customers throughout the globe as well as Tenable product development and design. Outside of Tenable, Seth has worked in the security industry for over 10 years, including the direct operation of large-scale vulnerability management programs in highly complex and federated enterprise networks.
Vanessa Henri
Biography
Vanessa, cofounder of Henri & Wolf, specializes in cybersecurity law and data governance. She earned her Master's from McGill University, focusing on cyberespionage. A Certified Data Protection Officer and Senior Lead Implementor for ISO/IEC 27701:2019, her practice notably involves integrating legal frameworks into product engineering. She recently has been nominated as Cybersecurity Law Woman of the Year and Cybersecurity Woman of the World. Other accolades include being named among Canada's Top 20 Most Influential Women in Cybersecurity and receiving the Women Trailblazer in Cybersecurity award. Vanessa is a published author and a sought-after speaker at global industry conferences. She serves on non-profit boards like Cybereco and OpenNorth, participates in the mentorship program at Next AI, and advises on BlackHat CISO Summit and Canadian Women in Cybersecurity panels.
Shruti Gupta
Biography
Shruti is the founder and CEO of Zania.ai, an AI Security startup. Prior to that she was CISO & AI Security Architect at Microsoft Identity. CISO at Instacart and Brex. Founding Security Engineer/Lead at Airbnb, OpenDNS.
Justin Grudzien
Biography
Justin Grudzien is the Chief Information Security Officer at DoorDash and has worked in security and technology for over 20 years, with the last 13 years spent in security leadership. Previously, Justin has built multiple successful security programs within the e-commerce and travel sectors and has consulted with many companies throughout Chicago by helping them start or refine their information security programs. Justin has served as the Chief Security Officer and Data Protection Officer at Journera, the Chief Security Officer at Raise Marketplace, and the Vice President and Chief Information Security Officer at Orbitz Worldwide. Justin holds a Bachelor of Science Degree in Computer Science from the University of Illinois at Springfield.
Kendra Cooley
Biography
Kendra Cooley is a seasoned Information Security Leader with a track record of creating secure infrastructures for top organizations like Webflow, and Flock Safety. Her strategic vision and hands-on expertise has driven enhanced security practices across diverse enterprises. With advisory roles at companies like Havoc Shield and a history of sharing insights at conferences like Hackfest and BSides, Kendra is dedicated to advancing the field of cybersecurity by integrating tailored strategies to optimize security and cost-efficiency.
Mehdi Talei
Biography
Mehdi holds a master's degree in computer engineering and microelectronics. As soon as he arrived in Montreal, he started working in the IT field and has 15 years' experience, particularly in IT infrastructure and cybersecurity. Most of his experience has been in the retail sector, at Couche-Tard and Dollarama among others. Mehdi then trained in Business Administration at John Molson, which helped him move up the organization at Dollarama. He is currently in charge of the Cybersecurity team within the same company and its Latin American subsidiary, Dollarcity.
Jon Shapransky
Biography
Jon Shapransky is a Principal Consultant in the Cyber Risk business at Kroll with over 10 years of experience in cybersecurity. Over his career, Jon has had the opportunity to perform and lead various types of projects from security assessments (e.g., Threat and Risk Assessments, Security Audits and Gap Analysis, Vulnerability Assessments, and Penetration Tests), to developing governance frameworks and security programs for private companies (including Fortune 100, Fortune 500, and Fortune Global 500 organizations), all levels of Government, Health Care, and Higher Education. Currently, Jon is focused on helping clients build software security programs and establish capabilities to reduce risk.
Stéphane Garneau
Biography
Coming soon!
Victor Tavares
Biography
Victor has more than 25 years of experience in the networking and information security industry, where he has worked with most of Canada's largest enterprise, service provider, and public sector organizations. Prior to joining Palo Alto Networks in 2014, Victor led the Enterprise Systems Engineering team at Juniper Networks in Canada, which he joined through Juniper’s acquisition of network security pioneer NetScreen Technologies in 2004. Victor’s technical background extends to software engineering and development, systems, cloud, and datacenter.
Steve Waterhouse
Biography
It was during his military career with the Canadian Armed Forces in the Royal 22e Régiment that Capt(ret) Steve Waterhouse, CD swapped his weapon for a keyboard and among Canada's first cyber-soldiers. After training soldiers and officers in the use of combat weapons, Steve went on to implement and operate the first military administrative networks at LFQAHQ, Base Montréal and Royal Military College of Saint-Jean, as well as introduce and apply modern cybersecurity practices as first Information Systems Security Officer (ISSO) in Montreal and Saint-Jean. He continues to share his passion and experience as a lecturer at the Université de Sherbrooke as part of the master's degree program in information security - prevention component. He is invited to contribute his experience and expertise to committees of the House of Commons of Canada and the National Assembly of Quebec, and is frequently called upon in the Canadian media to comment on cybersecurity issues and as an expert witness in legal cases. Mr. Waterhouse was also the first Assistant Deputy Minister of Government Security and Cybersecurity for Quebec's Ministry of Cybersecurity and Digital Affairs (MCN) until early 2023. He holds many technological professional certifications and is a CompTIA and CWNP instructor. Steve is also a PADI DIvemaster.
9:00am - Registration opens
Description
10:00am - Opening words
Description
10:05am - The bad guys are a lot more organized than we think, we are targeted now more than ever!
Description
For security teams on the front lines and those of us in the business of stopping cyberattacks and breaches, 2022 and the first half of 2023 provided no rest for the weary. In the face of massive disruption brought about by the COVID, driven social, economic and technological shifts of 2022, adversaries refined their tradecraft to become even more sophisticated and brazen. The result was a series of high-profile attacks that rocked many organizations and, on their own, represented watershed moments in cybersecurity. Come in to hear about the latest Intel trends in CyberSecurity.
11:00am - Capturing the Flag: Team Building via Competitive Learning
Description
Capture the Flag (CTF) contests can provide security teams with a fun, engaging learning opportunity outside of traditional training methods. In this session learn what goes into to building CTF challenges and how you can leverage competitive learning to strengthen team dynamic and skillsets.
12:15pm - Stop Trying to Boil the Ocean; Making Better Risk Decisions to Prevent Future Cyber Attacks
Description
Discussing traditional approaches to Risk Management and why they are less and less effective as technology gets more complex and attacks get harder to detect. Including:
Gaining comprehensive visibility across the modern attack surface
Anticipating threats, identifying exposures and prioritizing efforts to prevent attacks
Communicating cyber risk up and down the organization to help make better risk decisions
1:30pm - Évitez le banc des accusés: Un guide pour les gestionnaires de cybersécurité
Description
Confrontés à une vague de poursuites judiciaires aux États-Unis, les gestionnaires de cybersécurité voient leur rôle de 'CISO' devenir de plus en plus périlleux. Entre le risque de burnout professionnel et la menace de responsabilité personnelle, s'ajoutent des zones d'ombre juridiques. Comment gérer les divulgations de vulnérabilités ? Quelle est la légalité de la surveillance des biens d'autrui ou des incursions dans les profondeurs obscures de l'Internet?
C'est au cœur de cette matrice complexe de risques juridiques que les gestionnaires sont appelés à naviguer aujourd'hui. Par le biais de mises en contexte pratiques, apprenez à reconnaître et répondre aux risques juridiques dans vos activités quotidiennes, sans pour autant engager votre responsabilité personnelle.
2:30pm - CISOs Panel - How to secure our data
Description
3:30pm - The Missing Pieces to Building and Adopting AppSec Capabilities
Description
There are increasing requirements for organizations to improve their application security practices. To meet these requirements, organizations need to adopt capabilities whether practices (e.g., threat modelling, vulnerability scanning, etc.) or tools (e.g., SAST, SCA, DAST, CSPM, etc.). The value of hiring specialists and buying tools will not be realized unless the associated services, processes, procedures are adopted.
This talk will focus on presenting an approach to building capabilities and highlight underlying principles behind adoption. This framework covers both the general components of a capability and the components required to adopt a capability. We’ll present a framework that incorporates relevant third-party research from fields outside of security and applies them to the security domain to help explain why some are successful in implementing and adopting capabilities while others are not.
This talk is for anyone involved in designing, building, and managing application security and product security programs.
Takeaways:
Universal framework on capability development that prompts us to think about what we will need to ensure success and adoption.
Understanding of the principles behind adoption.
Perspective of how team topologies (structure and interactions) influences our ability to achieve desired results.
An approach to measuring progress.
4:30pm - La souveraineté de nos données
Description
5:30pm - Simplifying Cybersecurity Through Consolidation
Description
All around us, digital transformation continues to accelerate. As we look back, the past few years have shown us how quickly changes happen — from industry dynamics to macroeconomics, all, in the midst of an increasingly fraught geopolitical environment. CISOs and security leaders are increasingly pressured to do more with less.
In this presentation, we will unpack why consolidation is imperative for organizations as they embark on the cyber transformation journey, to simplify their security stack and reduce cyber risk.
