SCHEDULE

The Schedule

Get to know our list of activities and events

June 12 & 13 Toronto, CA
8:00 am
-
9:00 am

Registration and breakfast

Registration and breakfast

9:00 am
-
9:30 am

Opening Keynote

Shared Services Canada – On the front line of the Government of Canada’s cyber defence

Mr. John A. Glowacki Jr. will discuss how Shared Services Canada safeguards government networks and systems through a coordinated, enterprise-wide approach. By incorporating security into the design of IT projects, procurements and initiatives, the Department is improving cyber incident response capabilities and introducing best practices across the Government of Canada.

John Glowacki, COO, Shared Services Canada

Opening Keynote

Shared Services Canada – On the front line of the Government of Canada’s cyber defence

Mr. John A. Glowacki Jr. will discuss how Shared Services Canada safeguards government networks and systems through a coordinated, enterprise-wide approach. By incorporating security into the design of IT projects, procurements and initiatives, the Department is improving cyber incident response capabilities and introducing best practices across the Government of Canada.

John Glowacki, COO, Shared Services Canada

9:30 am
-
10:00 am

Editorial Spotlight Session

Internet of Things Info/Cybersecurity Jobs, Skills, and Staffing: What You Need To Know Now

IoT is growing at a 32.6% annual rate through 2020 but a 6 million shortfall of cybersecurity professionals is projected by 2019: recipe for disaster or the biggest career opportunity in decades for security professionals? This session will discuss transitioning info/cybersecurity jobs and skills to an IoT world including: What’s trending right now in IoT-driven jobs, skills, and certifications; current salaries for info/cyber security jobs and cash premiums skills; what should employers and tech professionals be doing now to prepare for securing IoT long term?  

David Foote, Chief Analyst & CRO, Foote Partners, LLC

Editorial Spotlight Session

Internet of Things Info/Cybersecurity Jobs, Skills, and Staffing: What You Need To Know Now

IoT is growing at a 32.6% annual rate through 2020 but a 6 million shortfall of cybersecurity professionals is projected by 2019: recipe for disaster or the biggest career opportunity in decades for security professionals? This session will discuss transitioning info/cybersecurity jobs and skills to an IoT world including: What’s trending right now in IoT-driven jobs, skills, and certifications; current salaries for info/cyber security jobs and cash premiums skills; what should employers and tech professionals be doing now to prepare for securing IoT long term?  

David Foote, Chief Analyst & CRO, Foote Partners, LLC

10:00 am
-
10:45 am

Expo Floor Opens & Networking Break

Expo Floor Opens & Networking Break

10:45 am
-
11:30 am

Editorial Spotlight Session

Managing 3rd Party Risk

Increasingly security pro’s in Canada are faced with having 3rd parties managing risk for them through managed applications, shared cloud services and traditional MSSP. This session will show you how to insure the integrity of your network resources when dealing with this management issue.

John Proctor, VP global cyber security, CGI

Rahul Bhardwaj, VP, information security, FIS

Editorial Spotlight Session

Managing 3rd Party Risk

Increasingly security pro’s in Canada are faced with having 3rd parties managing risk for them through managed applications, shared cloud services and traditional MSSP. This session will show you how to insure the integrity of your network resources when dealing with this management issue.

John Proctor, VP global cyber security, CGI

Rahul Bhardwaj, VP, information security, FIS

11:30 am
-
12:15 pm

Editorial Spotlight Session

Security Awareness Training and Compliance

The fact remains that the most popular point of entry to your network by bad guys is social engineering. Hear leading experts provide key tips on better security awareness and ways your organization can enforce compliance.

Bobby Singh, CISO head of infrastructure, TMX Group

Graham Westbrook, cybersecurity analyst, Geisinger Health Systems

Editorial Spotlight Session

Security Awareness Training and Compliance

The fact remains that the most popular point of entry to your network by bad guys is social engineering. Hear leading experts provide key tips on better security awareness and ways your organization can enforce compliance.

Bobby Singh, CISO head of infrastructure, TMX Group

Graham Westbrook, cybersecurity analyst, Geisinger Health Systems

12:15 pm
-
1:15 pm

Networking Lunch and Expo Floor

Networking Lunch and Expo Floor

1:15 pm
-
1:35 pm

4 Track Master Classes

4 Track Master Classes

1:40 pm
-
2:25 pm

4 track tech sponsor sessions

4 track tech sponsor sessions

1:40 pm
-
2:25 pm

Going Beyond Next-Generation Endpoint Security

Endpoints are at the centre of the universe of advanced attacks. They’re the most vulnerable, and act as a favored attack vector for cybercriminals because they provide the easiest entry points into your network.   Hear ways IT teams can go beyond simple threat detection and look at the organization’s entire security posture.

John Beale, Canadian Endpoint Security Leader, IBM Security

Going Beyond Next-Generation Endpoint Security

Endpoints are at the centre of the universe of advanced attacks. They’re the most vulnerable, and act as a favored attack vector for cybercriminals because they provide the easiest entry points into your network.   Hear ways IT teams can go beyond simple threat detection and look at the organization’s entire security posture.

John Beale, Canadian Endpoint Security Leader, IBM Security

1:40 pm
-
2:25 pm

Mind the Gap: Going Beyond Penetration Testing For Improved Security Programs

Subjects like IT security management, threat modelling, incident response and security architecture improvement aren't usually addressed in most penetration tests, and compliance driven audit processes rarely extend beyond the regulation or standard that is being audited.  This talk will cover a few great ways to examine, analyze, review and improve organizational and product-oriented security programs using data and experience from Rapid7's consulting teams and will examine frameworks used for security program improvement and review, and discuss common gaps in security programs at different stages of maturity and in different verticals.

Caspian Kilkelly, Information Security Consultant, Rapid7

Mind the Gap: Going Beyond Penetration Testing For Improved Security Programs

Subjects like IT security management, threat modelling, incident response and security architecture improvement aren't usually addressed in most penetration tests, and compliance driven audit processes rarely extend beyond the regulation or standard that is being audited.  This talk will cover a few great ways to examine, analyze, review and improve organizational and product-oriented security programs using data and experience from Rapid7's consulting teams and will examine frameworks used for security program improvement and review, and discuss common gaps in security programs at different stages of maturity and in different verticals.

Caspian Kilkelly, Information Security Consultant, Rapid7

2:25 pm
-
3:30 pm

Expo Floor & Coffee Break

Expo Floor & Coffee Break

3:30 pm
-
4:15 pm

Editorial Spotlight Session

Data Analytics vs. Privacy

It’s one thing to capture customer and employee data on a day-to-day basis, but what is the best way to use it and protect it without causing security issues? This session will provide a better understanding on the balance between the worth of the data you collect and the risk to the organization for having it.

Rick Doten, chief, cyber and information security, Crumpton Group LLC

Pierre Boisond, information security engineering team lead, Aviall (A Boeing Company)

Editorial Spotlight Session

Data Analytics vs. Privacy

It’s one thing to capture customer and employee data on a day-to-day basis, but what is the best way to use it and protect it without causing security issues? This session will provide a better understanding on the balance between the worth of the data you collect and the risk to the organization for having it.

Rick Doten, chief, cyber and information security, Crumpton Group LLC

Pierre Boisond, information security engineering team lead, Aviall (A Boeing Company)

4:15 pm
-
5:00 pm

Closing Demo Session

Closing Demo Session

5:00 pm
-
6:00 pm

Networking Reception

Gain a clearer perspective on ways to manage mobile threats and where technology and policy must intersect.

Networking Reception

Gain a clearer perspective on ways to manage mobile threats and where technology and policy must intersect.

6:00 pm
-
7:30 pm

ISC2 Toronto Chapter Town Hall Meeting

(ISC2 Toronto Chapter Members Only event)​. Following the conclusion of the conference's first day, please join the ISC2 Toronto Chapter for the next Town Hall Meeting. Please email sc.marketingmanager@haymarketmedia.com for registration details.

ISC2 Toronto Chapter Town Hall Meeting

(ISC2 Toronto Chapter Members Only event)​. Following the conclusion of the conference's first day, please join the ISC2 Toronto Chapter for the next Town Hall Meeting. Please email sc.marketingmanager@haymarketmedia.com for registration details.

8:30 am
-
9:30 am

Breakfast

Breakfast

9:00 am
-
9:30 am

Keynote

Cyberdefense for the Rest of Us

Today’s cyber defenders are trapped in a dense “Fog of More” – more threats, tools, training, guidance, and requirements than they can absorb. But to manage your risk, you still have to prioritize in the face of motivated and creative attackers. We’ll describe how dynamic information models (like Cyber OODA Loops, the Cyber Kill Chain, the CIS Community Attack Model) allow us to continuously understand attacks and translate them into effective defensive action.

Tony Sager, senior VP & chief evangelist, Center for Internet Security

Keynote

Cyberdefense for the Rest of Us

Today’s cyber defenders are trapped in a dense “Fog of More” – more threats, tools, training, guidance, and requirements than they can absorb. But to manage your risk, you still have to prioritize in the face of motivated and creative attackers. We’ll describe how dynamic information models (like Cyber OODA Loops, the Cyber Kill Chain, the CIS Community Attack Model) allow us to continuously understand attacks and translate them into effective defensive action.

Tony Sager, senior VP & chief evangelist, Center for Internet Security

9:30 am
-
10:15 am

Editorial Spotlight Session: Proactive Security

Attack or be Attacked!!??

Bug bounty programs have been successful as a proactive security measure by getting others to attack your web resources or software. But what other proactive hunting measures are available and do they work? Those questions and more will be answered in this editorial spotlight session.

Editorial Spotlight Session: Proactive Security

Attack or be Attacked!!??

Bug bounty programs have been successful as a proactive security measure by getting others to attack your web resources or software. But what other proactive hunting measures are available and do they work? Those questions and more will be answered in this editorial spotlight session.

10:15 am
-
11:00 am

Expo Floor Opens & Networking Break

Expo Floor Opens & Networking Break

11:00 am
-
11:45 am

3 track Cyber 360 Clinics

3 track Cyber 360 Clinics

11:00 am
-
11:45 am

Cyber 360 Clinic 1

Automating Threat Intelligence

Hear practical areas to consider when building and managing your threat intel strategy. Gain an understanding on how to ensure you have the right technologies and processes in place, what you should buy and the best options for your budget.

Tony Sager, senior VP & chief evangelist, Center for Internet Security

Priscilla Moriuchi, Director of Strategic Threat Development, Recorded Future

Cyber 360 Clinic 1

Automating Threat Intelligence

Hear practical areas to consider when building and managing your threat intel strategy. Gain an understanding on how to ensure you have the right technologies and processes in place, what you should buy and the best options for your budget.

Tony Sager, senior VP & chief evangelist, Center for Internet Security

Priscilla Moriuchi, Director of Strategic Threat Development, Recorded Future

11:00 am
-
11:45 am

Cyber 360 Clinic 2

RansomEVERYware

Learn key methods for detection and remediation for ransomware through this hands-on workshop.

Cyber 360 Clinic 2

RansomEVERYware

Learn key methods for detection and remediation for ransomware through this hands-on workshop.

11:00 am
-
11:45 am

Cyber 360 Clinic 3

Managing the Mobile Threat

Gain a clearer perspective on ways to manage mobile threats and where technology and policy must intersect.

Cyber 360 Clinic 3

Managing the Mobile Threat

Gain a clearer perspective on ways to manage mobile threats and where technology and policy must intersect.

11:45 am
-
12:30 pm

3 Track Sponsor Tech Sessions

3 Track Sponsor Tech Sessions

11:45 am
-
12:30 pm

Is Business Intelligence poised to Transform Cyber Security Operations?

Security Operations Analysis and Reporting (SOAR) is the new Business Intelligence (BI) for Cyber Security.  In the past BI was instrumental in transforming industry segments such as retail and supply chain to dramatically increase efficacy, accuracy and overall business performance.  SOAR should do the same for Cyber Security.  This session will answer the question will/can it?

Casey Corcoran, Partner, FourV Systems

Is Business Intelligence poised to Transform Cyber Security Operations?

Security Operations Analysis and Reporting (SOAR) is the new Business Intelligence (BI) for Cyber Security.  In the past BI was instrumental in transforming industry segments such as retail and supply chain to dramatically increase efficacy, accuracy and overall business performance.  SOAR should do the same for Cyber Security.  This session will answer the question will/can it?

Casey Corcoran, Partner, FourV Systems

11:45 am
-
12:30 pm

The Last Line of Defense in a Risk Strategy

Financial institutions, healthcare providers, pharmaceutical manufacturers, and organizations across other industries struggle with optimizing regulatory spend while mitigating risks. Boards of directors continue to approve security spending on the known quantities: perimeter, identity, and more recently, behavioral initiatives. But is this enough? In today’s environment of a highly mobile workforce, an intelligent endpoint has become the last line of defense and a pillar of a modern risk management program. Understand how Cylance’s unique predictive, pre-execution, prevention technology provides the highest level of risk protection for global organizations, while minimizing alert fatigue.

Nik Das, Sales Engineer, Cylance

The Last Line of Defense in a Risk Strategy

Financial institutions, healthcare providers, pharmaceutical manufacturers, and organizations across other industries struggle with optimizing regulatory spend while mitigating risks. Boards of directors continue to approve security spending on the known quantities: perimeter, identity, and more recently, behavioral initiatives. But is this enough? In today’s environment of a highly mobile workforce, an intelligent endpoint has become the last line of defense and a pillar of a modern risk management program. Understand how Cylance’s unique predictive, pre-execution, prevention technology provides the highest level of risk protection for global organizations, while minimizing alert fatigue.

Nik Das, Sales Engineer, Cylance

12:35 pm
-
1:35 pm

Networking Lunch and Expo Floor

Networking Lunch and Expo Floor

1:35 pm
-
2:15 pm

3 track Cyber 360 Clinics

3 track Cyber 360 Clinics

1:35 pm
-
2:15 pm

Cyber 360 Clinic 4

Cloud Computing – For Real!

Worldwide organizations are beginning to fully embrace the cloud for real. Between Amazon, Microsoft and Google – organizations are ceding responsibility for their organization, employee and customer data to the cloud. This is no longer just about an app or two or email! How have you redefined risk to meet that environment AND what how have you altered your incident response plans?

Cyber 360 Clinic 4

Cloud Computing – For Real!

Worldwide organizations are beginning to fully embrace the cloud for real. Between Amazon, Microsoft and Google – organizations are ceding responsibility for their organization, employee and customer data to the cloud. This is no longer just about an app or two or email! How have you redefined risk to meet that environment AND what how have you altered your incident response plans?

1:35 pm
-
2:15 pm

Cyber 360 Clinic 5

Gaining and Keeping Executive Support

Keeping management in your corner and answering your emails and calls is not just about budget anymore. Security needs to be an integral part of an organizations risk management plan and to do so you need executive buy in. What works, what doesn’t?

Cyber 360 Clinic 5

Gaining and Keeping Executive Support

Keeping management in your corner and answering your emails and calls is not just about budget anymore. Security needs to be an integral part of an organizations risk management plan and to do so you need executive buy in. What works, what doesn’t?

1:35 pm
-
2:15 pm

Cyber 360 Clinic 6

Building a successful GRC program

How to build a successful GRC program that even a small organization can afford and successfully implement with scarce resources and a small budget

Walt Williams, Director of Information Security, MonoType Imaging

Cyber 360 Clinic 6

Building a successful GRC program

How to build a successful GRC program that even a small organization can afford and successfully implement with scarce resources and a small budget

Walt Williams, Director of Information Security, MonoType Imaging

2:15 pm
-
2:35 pm

Editorial Wrap Up

(mainstage)

Editorial Wrap Up

(mainstage)

2:35 pm
-
3:05 pm

Closing Session

The Canadian Cyber Threat Exchange (CCTX)

The CCTX is operational.  It has just completed it’s first year.  Hear from Executive Director and executives from two CCTX Member companies about what has been accomplished and what’s next.

Robert (Bob) Gordon, executive director, Canadian Cyber Threat Exchange (CCTX) "

Steven Hurley, assistant vice president, global information risk management, Manulife

Vivek Khindria, director, information security, Bell Canada

Closing Session

The Canadian Cyber Threat Exchange (CCTX)

The CCTX is operational.  It has just completed it’s first year.  Hear from Executive Director and executives from two CCTX Member companies about what has been accomplished and what’s next.

Robert (Bob) Gordon, executive director, Canadian Cyber Threat Exchange (CCTX) "

Steven Hurley, assistant vice president, global information risk management, Manulife

Vivek Khindria, director, information security, Bell Canada

ICON is an invite-only half-day track on RISKSEC Day 2.

For consideration of an invitation to I.C.O.N.
please email sc.marketingmanager@haymarketmedia.com


Icon: A half-day international clinic for CSO’s

Club Room | RiskSec Day 2 | 10:30AM to 3:20 PM

This clinic will tackle challenges from a technical, corporate and a policy perspective within both domestic and international realms. This new feature is specifically for senior cybersecurity leaders. This is a must attend event for any C level cybersecurity professional in the NY and Tri-state area.

10:30 am
-
11:30 am

Privacy – It’s Not Just About Your Country's Rules!

Learn and understand how privacy regulations both differ and continue to change in various nations. This can affect how you manage data of employees, customers and partners residing in or doing business in various locations. Ignore at your own peril!Learn and understand how privacy regulations both differ and continue to change in various nations. This can affect how you manage data of employees, customers and partners residing in or doing business in various locations. Ignore at your own peril!

Pierre Boisond, information security engineering team lead, Aviall (A Boeing Company)

Privacy – It’s Not Just About Your Country's Rules!

Learn and understand how privacy regulations both differ and continue to change in various nations. This can affect how you manage data of employees, customers and partners residing in or doing business in various locations. Ignore at your own peril!Learn and understand how privacy regulations both differ and continue to change in various nations. This can affect how you manage data of employees, customers and partners residing in or doing business in various locations. Ignore at your own peril!

Pierre Boisond, information security engineering team lead, Aviall (A Boeing Company)

11:30 am
-
12:30 pm

Risk, Security and Executive Management

Your job is to mitigate the security risk faced by your organization. Nowhere is it written you need to often convince the very ones who hired you of how it fits directly into the organizations overall risk management strategy. And yet to be able to do your job you need executive and board support – they understand the topic of risk – so give it to them in a form they can digest for the betterment of the organization and your blood pressure.

Lois Tullo, Executive-in-Residence, Global Risk Institute & Professor, Schulich School of Business

John Del Grande, Director, Architecture & Information Security Solutions Delivery, President's Choice Financial

Risk, Security and Executive Management

Your job is to mitigate the security risk faced by your organization. Nowhere is it written you need to often convince the very ones who hired you of how it fits directly into the organizations overall risk management strategy. And yet to be able to do your job you need executive and board support – they understand the topic of risk – so give it to them in a form they can digest for the betterment of the organization and your blood pressure.

Lois Tullo, Executive-in-Residence, Global Risk Institute & Professor, Schulich School of Business

John Del Grande, Director, Architecture & Information Security Solutions Delivery, President's Choice Financial

12:30 pm
-
1:30 pm

CISO Lunch

CISO Lunch

1:30 pm
-
2:15 pm

International Organization for Standards (ISO)

Why So Important?

Various ISO standards may be a large part of the framework for PCI, HIPAA and others but those standards, whether explicitly or implicitly, helps organizations do security better as well. Hear how to enforce such standards on your partners to further protect you and hear ways to get the most out of ISO.

Mark E. S. Bernard, Cybersecurity Consultant and Project Manager, Secure Knowledge Management Inc

Carlos Recalde, managing director, CTO, Successful Technology, LLC

International Organization for Standards (ISO)

Why So Important?

Various ISO standards may be a large part of the framework for PCI, HIPAA and others but those standards, whether explicitly or implicitly, helps organizations do security better as well. Hear how to enforce such standards on your partners to further protect you and hear ways to get the most out of ISO.

Mark E. S. Bernard, Cybersecurity Consultant and Project Manager, Secure Knowledge Management Inc

Carlos Recalde, managing director, CTO, Successful Technology, LLC

2:15 pm
-
3:00 pm

Cybersecurity Canada

The True North has a lot to offer the cybersecurity industry. From professionals and security organizations to security guidelines and national governmental support. However, as any security pro worth their salt will tell you – you can always do more. This session will discuss the many strengths Canada has in our industry and how to leverage those – but as well some of the perceived blind spots and how you and your organization can help get beyond those.

Manan Qureshi, VP/head of business continuity, crisis management, integrated cyber command + control, Riyad Bank

Chris Henry, executive director, technology, cyber security and hospitality, Global Consulting Group

Cybersecurity Canada

The True North has a lot to offer the cybersecurity industry. From professionals and security organizations to security guidelines and national governmental support. However, as any security pro worth their salt will tell you – you can always do more. This session will discuss the many strengths Canada has in our industry and how to leverage those – but as well some of the perceived blind spots and how you and your organization can help get beyond those.

Manan Qureshi, VP/head of business continuity, crisis management, integrated cyber command + control, Riyad Bank

Chris Henry, executive director, technology, cyber security and hospitality, Global Consulting Group

close x
download

Brochure

Enter Your Info Below And We Will Send
You The Brochure To Your Inbox!

Thank you!
Your submission has been received!

Oops! Something went wrong while submitting the form

Register
#risksectoronto
See the

SCHEDULE

BECOME A

SPONSOR