Data Connectors is proud to host the Cybersecurity Strategies Conference.
8:15 am - 5:00 pm123 Queen St. WestToronto, Ontario, M5H 2M9416-361-1000
CHECK-IN AND OPENING INTRODUCTIONS8:15 am - 8:45 am
Session One8:45 am - 9:15 am
Identity – the Foundation of your Zero Trust Architecture
The evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, and beyond.
Manish Raval is a Pre-Sales Engineer at Okta. At Okta, he’s responsible for working with prospects and customers to provide solutions to their Identity and Access Management challenges and journey. Prior to Okta, he spent over 11 years at Microsoft in different subsidiaries across North America and APAC. At Microsoft, he was part of the Product Support, Product Engineering, Consulting, and Account Management teams and worked on different technologies across Operating Systems and System Center suite of products.
Manish holds a master’s degree in Advanced Computer Applications from Saurashtra University, India. He enjoys traveling, reading, and cooking.
Jim brings more than 21 years of experience in the development, management, and marketing of technology solutions. Jim joined BetterCloud from IBM, where he served as VP of Product Management for the company’s Security Operations & Response portfolio.
Prior to IBM, he led the product management team responsible for infrastructure security services at Dell SecureWorks. Other notable roles include positions with Internet Security Systems, Red Hat, EMS Technologies and the US Department of Defense.
Jim holds a Bachelor’s Degree in Mechanical Engineering from the Georgia Institute of Technology, and an MBA from the Goizueta Business School at Emory University.
Session Two9:15 am - 9:45 am
Threat Management: Trends & Technology.
Enterprise Security Operations practioners face an almost unfair challenge in their attempt to secure their enterprise from a constantly evolving threat landscape. The amount of data flowing through an enterprise is increasing in variety, volume and velocity and threat actors are continually honing their attack methods. Human Intelligence works, but there aren’t enough of them. Security Tools exist but are often not used correctly.
In this talk we discuss the requirements of a modern day security analytics platform and what enterprise security practioners should look for in evaluating modern day solutions.
Niranjan Mayya is the Founder & President of RANK Software, a Toronto based start-up in the space of real time security analytics, threat hunting and detection.
Prior to founding RANK, Niranjan led the Big Data team at RIM (Blackberry) that was responsible for Contextual Systems and Analytics. His prior roles have been as VP of Technology at Viigo (acquired by RIM) and VP of Software Development at Pulse Microsystems. He has several worldwide patents in the areas of computer graphics, Internet systems and computer algorithms. Niranjan holds an engineering undergraduate from University of Poona, India and a PhD in Computer Science from University of Florida.
Break9:45 am - 10:15 am
Coffee Break / Vendor Exhibit Time
Session Three10:15 am - 10:45 am
The Data-Centric Security Paradigm
Data is inert, passive and lacks the direct ability to control its own fate. It cannot protect itself, or mitigate risks to it during processing, while at rest, or in transit. In reality, data is fully dependent on the enterprise for protection through the use of a complex environment of security products, processes, and procedures. These include discreet methods of encryption for at-rest and in-transit data, authentication, authorization, physical security tools and applications, user behavior policies and procedures, and event collection and management.
Ultimately, data security is contingent upon the correct and complete installation, configuration, and management of this complex security environment. Risk and the actual loss of data, through user error or bad actor theft, is often a direct result of mistakes made somewhere in the chain of protection.
Moreover, through the adoption of cloud services and storage and external trusted partnerships across the insecure landscape, the data perimeter has expanded well beyond the ability of the current protection schemes to protect the data.
The Information Security industry must recognize that the historical perimeter is obsolete and embrace the new, data-centric security paradigm. This workshop will emphasize a paradigm that infuses data with self-governance, provenance, and self-protection capabilities, to give data the ability to protect itself throughout its lifecycle.
Jim Minie is a Senior Solutions Engineer for Sertainty’s Commercial Accounts Team. Jim is a 30+ year veteran in the Information Technology and Information Security industries. He has extensive knowledge of cybersecurity technology companies and their solutions, with direct experience as both customer/user and vendor. Prior to Sertainty, Jim specialized in network design and implementation of security technologies, with emphasis on data collection, analysis, and security. His portfolio includes previous roles with Q1 Labs/IBM, RSA Security, Symantec, a Fortune 50 financial company, and the aerospace and brewing industries. Jim holds degrees in Management Information Systems/Management and Computer Science.
Session Four10:45 am - 11:15 am
How They Bypass Office 365 Security
The move to SaaS has changed the phishing landscape: your Office 365 inbox is the #1 threat vector and your Office 365 credentials are their #1 target. In this talk, we will demonstrate the techniques attackers use to bypass Microsoft’s defenses. Learn how they use Microsoft’s own services to fool filters and utilize built-in tools to launch them internally–bypassing your email security gateway.
During this session, we’ll demonstrate how to protect Office 365 from:
- Email-based phishing, spoofing, and malware
- Account takeover, insider threats, compromised Microsoft credentials
- Loss of sensitive data from OneDrive, SharePoint and Office 365
Michael Hiskey is a long-time data, analytics, security, cloud and AI industry executive. An accomplished writer and speaker, he has published articles in Forbes, InfoWorld, TechCrunch, ITProPOrtal, etc. Michael spends his time thinking about how these innovations impact B2B organizations and their customers. Michael has a background in enterprise technology from IBM, where he led marketing, customer success and development teams for almost 10 years. He then went on to lead marketing efforts at high-growth firms like Kognitio, Trifacta and Semarchy before joining the Avanan team in 2019. Michael holds an MBA from Columbia Business School, and lives in New York, with his wife and daughter – one current and one future ‘women in technology’.
Lunch11:15 am - 11:45 am
Lunch / Vendor Exhibit Time
Keynote Session11:45 am - 12:30 pm
Chris Lynam is currently the Director General of the new National Cybercrime Coordination Unit within the RCMP. He led extensive work and consultations with other government departments, law enforcement partners across Canada and the private sector to conceptualize and design a national cybercrime coordination mechanism for Canada. He previously worked for Public Safety Canada and within the Security and Intelligence Secretariat of the Privy Council Office where he was part of the team that supported the National Security Advisor to the Prime Minister. Outside the RCMP, he is a member of the Army Reserve and served as the Lieutenant-Colonel Commanding of the Governor General’s Foot Guards, an Infantry Regiment based in Ottawa.
Break12:30 pm - 1:00 pm
Dessert and Coffee Break / Vendor Exhibit Time
Session Six1:00 pm - 1:30 pm
How to Address the $26 Billion Problem of Business Email & Account Compromise
The FBI recently reported that business email compromise/email account compromise (BEC/EAC) has cost organizations around the world more than $26 billion since July 2016. In this talk, Proofpoint will discuss why these attacks are so successful and how best to protect against these types of threats, which don’t normally include malware or detectable malicious intent. There are multiple areas that an organization must consider across email, cloud, authentication, visibility and education in order to address the different attack tactics and limit potential for financial losses.
Join Proofpoint for deep dive into email fraud and how to defend against it. In this session, we’ll discuss:
• Why BEC/EAC attacks are so successful
• What techniques you can employ to prevent BEC/EAC attacks, and
• What you can do now to address this growing problem
Denis Ryan is Senior Director, Advanced Technologies for Proofpoint, Inc. Previously, Denis held management positions at several well-known high-tech companies including Nominum (now part of Akamai), Tellabs (now Coriant), Verizon and IBM. As a sales leader of the fastest growing business unit in Proofpoint, Denis oversaw the go to market sales and sales engineering strategy post the Return Path business unit acquisition for email fraud prevention. The diverse background of IT and security solutions allows Denis to overlay the Proofpoint sales efforts in multiple verticals as Proofpoint has ramped this specialized team to prevent the various forms of identity deception. He resides in the Dallas-Fort Worth metroplex, mentors undergraduates for his alma mater (University of Dallas) and volunteers his time for various local charities.
Session Seven1:30 pm - 2:00 pm
Innovating access to critical IT infrastructure
How can access management keep up with a multi-vendor (AWS, Azure, GCP, OpenStack), multi-role (3rd party, developer, database admin) and multi-protocol (SSH/RDP/HTTPS) world where nothing is static?
SSH.COM’s Markku Rossi discusses why granting, revoking and managing access to the critical infrastructure needs innovation. Learn how identities are federated, access management is mostly automated with Zero Trust authentication, global cloud inventories auto-discovered, deployment is fast & scalable – and access is granted just-in-time, with the right amount of privilege for the task at hand.
Markku Rossi brings close to 25 years of software engineering and architecture experience to the company. He is responsible for R&D and directs the company’s technology strategy. Markku has extensive knowledge and experience with SSH Communications Security products, having served the company from 1998 through 2005 as Chief Engineer and a major contributor to the SSH software architecture. Prior to rejoining the company in 2015, he co-founded several companies such as Codento and ShopAdvisor and served as CTO at Navicore and Chief Architect at Nokia. He has a Master of Science degree in Computer Science from Aalto University.
Break2:00 pm - 2:15 pm
Break / Vendor Exhibit Time
Session Eight2:15 pm - 2:45 pm
Get Off of My Cloud: Securing the Modern Data Center
As many firms transition their data centers into the cloud and heavily virtualized environments, the old practice of implementing choke points to force data flows through a select set of avenues simply doesn’t work. According to Gartner, by “2025, 80% of enterprises will have shut down their traditional data center, versus 10% today.” How will security respond when evolving data centers represent a gigantic blind spot where basic visibility, compliance and enforcement become impossible?
This talk will cover:
-Key security challenges when moving from perimeter security to distributed security
-Best practices in implementing Zero Trust data center security for cloud-based architectures.
Glenn Langstrom is VP of customer success at ShieldX. Glenn has more than 20 years of experience as a customer success and sales leader in information security and has excelled in diverse roles within sales management, managed security services, and cloud security software development. His technical expertise includes 10+ years of networking security (firewalls, IPS/IDS, NDLP, DAM), 5+ host security (eDLP, EDR, HIPS, & Insider Threat) and 5+ years of security management (SIEM/UEBA/Insider Threat/Encryption Key Management/Cloud Security Monitoring). Glenn has held customer success and executive and sales management focused roles at DataEye Security, Forcepoint, Digital Guardian, NitroSecurity/McAfee, Juniper Networks, Ingrian Networks and Cabletron/Enterasys.
Glenn earned his bachelor of sciences in Managerial Economics from the University of California, Davis and he is lifelong fan of the San Francisco Giants and 49ers.
Session Nine2:45 pm - 3:15 pm
Real talk on ransomware
We all know what ransomware is – we know the stats, we’ve seen the headlines, we’re all in the mindset of “if, not when.” With all the fear, uncertainty and doubt constantly bombarding IT professionals, Arcserve dives into the realities of ransomware attacks and the real impacts on organizations. We offer participants an opportunity to “sound off” on ransomware and share experiences and challenges with your peers to better understand how prepared organizations are to defend against ransomware attacks.
Break3:15 pm - 3:30 pm
Break / Vendor Exhibit Time
Session Ten3:30 pm - 3:50 pm
Enhancing your Zero Trust Approach to Access Management with Context and Risk
In 2018, 29% of data breaches involved the use of stolen credentials. How can organizations combat this? By using context and risk-aware access management solutions that are built on the Zero Trust framework.
Traditional access management solutions, such as Single Sign-On (SSO) have become the de-facto standard for managing employee access to applications and systems. Although SSO offers many security and cost benefits, it also introduces a lucrative route to your data – if any of the employee credentials are stolen, they can be used to access a broad range of cloud and on-prem systems.
Adding a contextual layer to your SSO deployment can make all the difference. Unlike traditional SSO solutions, adaptive SSO uses machine learning to continuously analyze user activities, flag access events with an elevated risk of a breach, and detect anomalous behavior that can indicate in-progress attacks.
In this session, we’ll discuss how adaptive SSO solutions based on the Zero Trust framework can help you secure your hybrid environment by creating dynamic, context-aware access controls.
Stas Neyman oversees Product Marketing at Idaptive. Stas’ expertise spans 10+ years and he drives go-to-market, messaging, and marketing strategies for Idaptive Identity Management portfolio. Prior to Idaptive, he defined and executed product marketing programs for developer-focused product portfolio at Centrify and a set of cloud management services at Amazon Web Services (AWS).
CISO PANEL4:00 pm - 5:00 pm
Carlos has 23 years of experience in cybersecurity, IT Risk Management and privacy matters. He started his career with EY in Mexico City in 1996 and joined the Canadian practice in 2018. In addition to helping EY build a better working world he teaches at the University of Toronto School of Continuing Studies and volunteers for ISACA and the IAPP.
He holds different designations including: CISA, CISSP, CISM, CGEIT, CRISC and ISO27001LA and was appointed as a Privacy by Design Ambassador by the Information and Privacy Commissioner of Ontario in 2011
Ferris AdiSenior Security & Compliance ManagerRogers Communications
Bill OhlsonChief Information Security Officernanopay
Farooq NaiyerChief Information Security OfficerORION
Jason BarrChief Information Security OfficerAptean
Michael BallInformation Security Advisor and vCISOCollision Sciences Inc.
Kelley IrwinChief Information OfficerElectrical Safety Authority
Registration for this event is opening soon.
Click Here to be added to the Invitation List for a complimentary pass.
Registration has closed for this conference
8:15 am - 5:00 pm123 Queen St. WestToronto, Ontario, M5H 2M9416-361-1000