The Future of Cybersecurity

CISO Think Tank

August 24, 2022 - Toronto, Canada

Visionaries

Ben Sapiro
Head of Technology Risk & CISO
Canada Life

Think Tank Speaker

At Canada Life, we’re focused on improving the financial, physical and mental well-being of Canadians. Whether handling policy claims, help growing and protecting clients’ retirement and investment savings, providing workplace mental health support for all employers or helping build stronger communities by investing in community projects, we are committed to putting the customer first in all that we do. That trust is built on the dedication, skill and energy of our employees and advisors and their commitment to our customers and to our communities.
Christy Peel
Security & Compliance Director
Drager

Think Tank Speaker

Analytical problem-solver who uses technical background to bridge gap between business processes and system design. Responsible for managing information risks (threats, vulnerabilities, and impact). This includes assessing threats and vulnerabilities of information (and information systems) and evaluating how vulnerable information is to threats. Also responsible for providing leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor operational and strategic risks. Actively participates in the sponsorship, design and management of IS&RM process and metrics to ensure a robust and effective organization. Strong directional leadership skills by influence and trust. Entrusted to lead projects that have high impact to the organization.
Steve Magowan
VP Information Security
Blackberry

Think Tank Speaker

A results-focused, forward-thinking, business minded Cyber Security, Security Architecture & Risk Management Leader with extensive experience and proven success at enabling business goals while invoking transformational change. Committed to strategic, risk focused innovation that aligns with the business and enables their goals while defending and supporting organizational interests. Recognized as a highly collaborative leader with a long history of managing large, globally distributed teams in high responsibility, error intolerant environments. Heavily invested in the team approach and committed to the maintenance of a positive work culture. Fluent in Spanish. Dated but revivable French. KEY ACCOMPLISHMENTS VALUE CREATION: Establishment of Cyber Security as a key enabler in revenue generation, through the mapping of compliance initiatives to the many government mandated compliance frameworks that gate sales in the current risk landscape (Biden Executive Order, CMMC, FedRAMP, CanRAMP, IRAP, ISMAP) Achievement of cost leadership with dramatic efficiency and efficacy gains through next generation methodologies & process modernization that lower the friction of governance and seamlessly integrate risk into the enterprise fabric. RISK MANAGEMENT: Strategic oversight of advanced risk tactics that leverage the power of Data Analytics, Machine Learning and other associated technologies to enable adaptive, effective and innovative solutions to previously unsolvable risk and security problems. CORPORATE GOVERNANCE: 22 years of successful compliance with Sarbanes-Oxley, SOC1 / 2, OSFI and NERC regulatory governance CORE AREAS OF STRENGTH Strategic Business Vision / Advanced Technology & Tactics Corporate Governance / Risk Management / Risk Analytics Data Protection / Data Loss Prevention / AI / Machine earning PCI-DSS / SOX / SOC 1 & SOC 2 / Privacy Compliance NIST / FIPS / COBIT / PIPEDA / GDPR / NYDFS / HIPPA Application Security – CI / CD, DevOps, DevSecOps Cloud Security Architecture / Zero Trust / IoT / SCADA Project / Program Management / Governance (Agile) $MM Budget Management / Large Team Leadership Executive Presentation & Large Audience Speaking
Arif Hameed
VP & CISO
MUNICH RE

Think Tank Speaker

Arif Hameed is currently the Vice President & Chief Information Security Officer at Munich Re New Ventures. Munich Re New Ventures is the innovation arm of Munich Re Life & Health North America. Prior to joining Munich Re, he had roles in Security Advisory, IT Risk, Supply Chain Cyber Risk, Client Cybersecurity Assurance and IT Audit at major Canadian Banks and a global Credit Bureau. He actively volunteers for professional associations including ISACA, Cloud Security Alliance, Evanta, EC-Council and participates in advisory committees for academic programs in Cybersecurity and IT Audit. He also has presented, moderated and took part in panels for Cybersecurity events including the RSA Conference, SecureWorld, ISMG, secureCISO, BrightTALK etc. He has obtained the CISSP, CISA, CRISC, GSTRT, ISO27001 LA and ABCP certifications. Specialties: -Cybersecurity Strategy -IT Risk Management -Client Security Assurance -Supply Chain Cyber Risk, RFP and Contract Security Schedules -Information Security Advisory -Access Management Lifecycle / Logical Access -Business Continuity Management / Disaster Recovery -Physical and Environmental Security Reviews -Frameworks: NIST CSF / ISO 27xxx / PCI DSS / CCM / SOC / ISF SoGP -Regulations: SOX 404, OSFI, PIPEDA, NYDFS , BaFin VAIT Professional Memberships: ISACA (ISC)2 Disaster Recovery Institute International (DRII) Institute of Corporate Directors High Tech Crime Investigation Association (HTCIA)
David Masson
Director of Enterprise Security
Darktrace Holdings Limited

Think Tank Speaker

David Masson is Darktrace’s Director of Enterprise Security, and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. David is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major international and national media outlets in Canada where he is based. He holds a master’s degree from Edinburgh University.
Octavia Howell
CISO
Equifax Canada

Think Tank Speaker

Recognized as one of the 2022 Top 20 Women in Canada, Octavia Howell has spent her career protecting some of the world’s largest financial institutions from cyber attacks. Today, she serves as Equifax Canada’s Chief Information Security Officer and is the Founder and CEO of Augustus Redefined, an organization focused on the advise ent of Black Women in Cyber. Octavia believes a security leader should mentor, motivate trust, and lead their teams to act with integrity and transparency. She often says, “A team is only as strong as their leaders and each leader casts a shadow that they will be held accountable for.” Octavia is motivated by the belief that we are placed on this earth to help each other achieve greatness (whatever that may be).
Samer Adi
CISO
Green Shield Canada

Think Tank Speaker

Strategic IT Operations Executive with expertise in driving Information Security programs within business units. A big picture visionary delivers business continuity while ensuring best in class security systems; implementing new technologies and process improvements to ensure up to date technology platforms. Leads by example, modelling accountability, ownership, and clear and consistent communication. Adaptable leader, builds and fosters talented teams, champions excellence and innovation. An author, public speaker, motivator, passionate about information security and data privacy. Over the years Samer was able to build DevOps teams from ground up, lead corporate wide complex modernization projects, and move IT operation from on-premises to cloud without causing any business outage. Samer is the IT Security leader and CISO with one of Canada’s largest health benefits providers. Focusing on the security and privacy of members’ data. Also, leading security delivery within a complex digital transformation program. Samer was the Technology Operations and security leader with Canada’s #1 meal kit provider, leading a team of professionals in Cybersecurity, IT Infrastructure and Operations. Samer was the VP Infrastructure and Chief Information Security Officer to the largest payment processing network in Canada, leading a team of 70 professionals. Samer was the Head of Information Security and Internal Controls for one of the well-known retailers in Canada. Leading a team of security professionals to provide the best information security protection possible and maintain compliance with regulator’s requirements. Before, Samer was the CISO for the Canadian office of a Global IT Consultancy company. He Managed a team which was responsible for providing a complete cyber security service externally to the clients and internally within a Global structure. Samer was the CISO for the largest payment processing company in Canada. Samer could maintain PCI-DSS complaint status for the company for 2012 – 2014 and PA-DSS status for all their payment applications. In addition, Samer served with the largest network provider for white label ATMs with the same capacity. Samer have more than 30 years’ experience in Information Security and Information Technology Infrastructure support. Samer holds a degree in Computer Science and Information Technology. PCIISA, PCIP, CISM. Samer published two books in Computer Maintenance. Both books are part of the Grade 11 & 12 curriculum.
Michael Gross
Manager, Cybersecurity Intelligence
Cleveland Clinic

Think Tank Speaker

Information Technology: Successful professional with extensive experience in networking technologies, server platforms, operating systems, programming languages and mainframe applications. Problem Management: More than four years of advanced network, mainframe and server troubleshooting and support. Proven success in situation and change management for high impacting issues. Good understanding of general problem management methodologies, Six Sigma, ITIL and Process Ownership. Team Management: Managed several individuals (both internal employees and contractors) with responsibility for oversight of successful Disaster Recovery/Business Continuity tests. Ability to motivate as well as delegate in order to execute on stated goals. Professional Skills: Excellent work ethic, interpersonal skills & relationship building, multi-tasking, and communication management. Demonstrated eagerness to learn and take on challenging tasks. Specialties: Advanced Network Troubleshooting, End to End System Troubleshooting, Disaster Recovery Planning and Design, Business Continutiy Planning, Solution Development
Steve Zalewski
Former CISO
Levi Strauss & Co.

Think Tank Speaker

Mr. Zalewski currently provides CISO, security consulting and security advisory services. These include: • International cybersecurity advisor and trainer. • Executive advisory board member for security startups, providing guidance on security market direction and product requirements. • CISO advisory board member for venture capital firms internationally. • vCISO for companies requiring temporary or part-time CISO expertise. Services also include guidance and solutions to address incident response, security program design, security assessment, security due-diligence, vendor/supplier due-diligence, security architecture review, board reporting and other key security leadership requirements. Operational experience in Healthcare, Utilities and International Retail verticals. Key Strengths: •Organizational Management •Strategic Planning & Execution •Enterprise Security Architecture/Strategy •Executive and BOD Security Governance/Reporting •Cybersecurity Incident Response •Security Risk & Compliance Management Additionally, I co-hosts the CISOSeries Defense-in-Depth Podcasts and am a frequent speaker and panel moderator at industry events.
Garrett Weber
VP - Worldwide Sales Engineering
Salt Security

Think Tank Speaker

I am a passionate cybersecurity engineering and sales professional with a unique mix of leadership, technical skills and business acumen. I've spent time working in both the public and private sectors, which has allowed me to experience organizations with varying cultures and needs. I work best when solving challenging, complex problems and I am skilled at conveying recommendations in such a way that everyone, especially the non-technical folks in the C-suite, can understand the value in the solution that is being provided. I enjoy working in teams where I can learn from others and provide mentoring to my fellow team members. I've never met a challenge that I won't take head on and, even when I fail, I look at everything I do in life as a learning experience.
Robert Smith
Field CISO
Noname Security

Think Tank Speaker

Information Technology Leader with a focus on Security, Architecture and Operations. Experienced in regulatory compliances & security frameworks: HIPAA, PCI, SOX, COBIT, ISO, NIST, SANS20. Consistently leading strategic planning, policy development and day-to-day operations of information security function in close coordination with all corporate departments aligned with corporate vision. Proficient in target enumeration, vulnerability assessments, risk analysis and management, open source intelligence gathering, social engineering, IDS/IPS and SIEM tools.
August 24, 2022

Attend this event

Not available on August 24, 2022?
View other dates for the Think Tank

Agenda

All times Eastern Time
12:00 PM-1:15 PM
Welcome & Registration

1:15 PM-1:50 PM
Keynote
Third Party Security – We need to support our suppliers

Managing third party risk must be a core competency for security teams because our businesses depend more and more on third parties. There is no clearer alignment for security with business value than third party risk management. To manage third party risk well we need to do more than asks questions, we need to enable our suppliers. To enable our means we need to understand them and some of the problems we face as a profession in assessing the security around third parties.


1:55 PM-2:50 PM
Panel
Ransomware/Extortionware

CISOs face a huge headache trying to understand how to know when they were attacked, what data attackers have corrupted? How quickly can they recover from the attack? And do they have to pay a ransom to get the data back?
Ransomware remains a significant challenge for companies, not simply because it has become ubiquitous, but also because of the significant impact a single ransomware attack may have on a company and every other company or customer that relies on that company.

Cybersecurity and risk management have always been vital for the flow of any business. However, the current condition of the global supply chain makes it exceptionally vulnerable to severe damage from an attack more so than usual. When the supply chain is barely getting by, criminals are more likely to assume they have leverage over businesses. A ransomware attacker may be more brazen and exercise higher demands than they might have a few years ago.

Panelists
Iain Paterson
CISO
WELL Health Technologies Corp.
Octavia Howell
CISO
Equifax Canada
Recognized as one of the 2022 Top 20 Women in Canada, Octavia Howell has spent her career protecting some of the world’s largest financial institutions from cyber attacks. Today, she serves as Equifax Canada’s Chief Information Security Officer and is the Founder and CEO of Augustus Redefined, an organization focused on the advise ent of Black Women in Cyber. Octavia believes a security leader should mentor, motivate trust, and lead their teams to act with integrity and transparency. She often says, “A team is only as strong as their leaders and each leader casts a shadow that they will be held accountable for.” Octavia is motivated by the belief that we are placed on this earth to help each other achieve greatness (whatever that may be).
Michael Gross
Manager, Cybersecurity Intelligence
Cleveland Clinic
Information Technology: Successful professional with extensive experience in networking technologies, server platforms, operating systems, programming languages and mainframe applications. Problem Management: More than four years of advanced network, mainframe and server troubleshooting and support. Proven success in situation and change management for high impacting issues. Good understanding of general problem management methodologies, Six Sigma, ITIL and Process Ownership. Team Management: Managed several individuals (both internal employees and contractors) with responsibility for oversight of successful Disaster Recovery/Business Continuity tests. Ability to motivate as well as delegate in order to execute on stated goals. Professional Skills: Excellent work ethic, interpersonal skills & relationship building, multi-tasking, and communication management. Demonstrated eagerness to learn and take on challenging tasks. Specialties: Advanced Network Troubleshooting, End to End System Troubleshooting, Disaster Recovery Planning and Design, Business Continutiy Planning, Solution Development
Robert Smith
Field CISO
Noname Security
Information Technology Leader with a focus on Security, Architecture and Operations. Experienced in regulatory compliances & security frameworks: HIPAA, PCI, SOX, COBIT, ISO, NIST, SANS20. Consistently leading strategic planning, policy development and day-to-day operations of information security function in close coordination with all corporate departments aligned with corporate vision. Proficient in target enumeration, vulnerability assessments, risk analysis and management, open source intelligence gathering, social engineering, IDS/IPS and SIEM tools.

In partnership with

2:50 PM-3:05 PM
Networking Break

3:05 PM-4:00 PM
Fireside Chat
Guarding the Doors: Navigating 3rd Party Risk

As organizations expand their third-party ecosystem, many are challenged with executing core activities that are critical to operations, risk profiles, and compliance posture without compromising the quality of data collection, evaluation, and mitigation measures increasingly outsourcing business activities to 3rd-party vendors. It is critical for an organization to be vigilant when selecting the right 3rd-party vendor with the appropriate security posture, as many vendors are hosting, processing and transmitting sensitive regulatory information with unrestrained access to our IT assets. At the highest level, third-party incidents can result in reputational damage, non-compliance, or even criminal activity, which can negatively impact earnings and shareholder value. To address this challenge, many organizations are investing in technology to support vendor risk management. Technology isn’t the entire answer to managing third-party risk, however the right technology or collection of technologies, coupled with optimal processes, can enable organizations to bridge the gap.

Panelists
Steve Magowan
VP Information Security
Blackberry
A results-focused, forward-thinking, business minded Cyber Security, Security Architecture & Risk Management Leader with extensive experience and proven success at enabling business goals while invoking transformational change. Committed to strategic, risk focused innovation that aligns with the business and enables their goals while defending and supporting organizational interests. Recognized as a highly collaborative leader with a long history of managing large, globally distributed teams in high responsibility, error intolerant environments. Heavily invested in the team approach and committed to the maintenance of a positive work culture. Fluent in Spanish. Dated but revivable French. KEY ACCOMPLISHMENTS VALUE CREATION: Establishment of Cyber Security as a key enabler in revenue generation, through the mapping of compliance initiatives to the many government mandated compliance frameworks that gate sales in the current risk landscape (Biden Executive Order, CMMC, FedRAMP, CanRAMP, IRAP, ISMAP) Achievement of cost leadership with dramatic efficiency and efficacy gains through next generation methodologies & process modernization that lower the friction of governance and seamlessly integrate risk into the enterprise fabric. RISK MANAGEMENT: Strategic oversight of advanced risk tactics that leverage the power of Data Analytics, Machine Learning and other associated technologies to enable adaptive, effective and innovative solutions to previously unsolvable risk and security problems. CORPORATE GOVERNANCE: 22 years of successful compliance with Sarbanes-Oxley, SOC1 / 2, OSFI and NERC regulatory governance CORE AREAS OF STRENGTH Strategic Business Vision / Advanced Technology & Tactics Corporate Governance / Risk Management / Risk Analytics Data Protection / Data Loss Prevention / AI / Machine earning PCI-DSS / SOX / SOC 1 & SOC 2 / Privacy Compliance NIST / FIPS / COBIT / PIPEDA / GDPR / NYDFS / HIPPA Application Security – CI / CD, DevOps, DevSecOps Cloud Security Architecture / Zero Trust / IoT / SCADA Project / Program Management / Governance (Agile) $MM Budget Management / Large Team Leadership Executive Presentation & Large Audience Speaking
Samer Adi
CISO
Green Shield Canada
Strategic IT Operations Executive with expertise in driving Information Security programs within business units. A big picture visionary delivers business continuity while ensuring best in class security systems; implementing new technologies and process improvements to ensure up to date technology platforms. Leads by example, modelling accountability, ownership, and clear and consistent communication. Adaptable leader, builds and fosters talented teams, champions excellence and innovation. An author, public speaker, motivator, passionate about information security and data privacy. Over the years Samer was able to build DevOps teams from ground up, lead corporate wide complex modernization projects, and move IT operation from on-premises to cloud without causing any business outage. Samer is the IT Security leader and CISO with one of Canada’s largest health benefits providers. Focusing on the security and privacy of members’ data. Also, leading security delivery within a complex digital transformation program. Samer was the Technology Operations and security leader with Canada’s #1 meal kit provider, leading a team of professionals in Cybersecurity, IT Infrastructure and Operations. Samer was the VP Infrastructure and Chief Information Security Officer to the largest payment processing network in Canada, leading a team of 70 professionals. Samer was the Head of Information Security and Internal Controls for one of the well-known retailers in Canada. Leading a team of security professionals to provide the best information security protection possible and maintain compliance with regulator’s requirements. Before, Samer was the CISO for the Canadian office of a Global IT Consultancy company. He Managed a team which was responsible for providing a complete cyber security service externally to the clients and internally within a Global structure. Samer was the CISO for the largest payment processing company in Canada. Samer could maintain PCI-DSS complaint status for the company for 2012 – 2014 and PA-DSS status for all their payment applications. In addition, Samer served with the largest network provider for white label ATMs with the same capacity. Samer have more than 30 years’ experience in Information Security and Information Technology Infrastructure support. Samer holds a degree in Computer Science and Information Technology. PCIISA, PCIP, CISM. Samer published two books in Computer Maintenance. Both books are part of the Grade 11 & 12 curriculum.

4:05 PM-4:20 PM
Disruptor
How AI Can Think like an Attacker

Outside agents today are using more automation, targeting external providers and shadow IT, and taking advantage of new techniques in their campaigns. As threats change, security approaches need to evolve to manage risk so you can minimize downtime, compromises, and incidents. In this session, learn how the evolution of security gives you unparalleled visibility into the parts of your business that are exposed to the outside world, allowing your security team to proactively identify vulnerabilities before an event takes place. This “outside in” perspective can help you to identify issues before they put your business at risk.


In partnership with

4:20 PM-4:35 PM
Networking Break

4:35 PM-4:55 PM
The explosion of API Security

How do CISOs get the most out of APIs while limiting the risk?  20 years ago the motives for hackers were website defacement and getting your name on all those defacements. That was the point of hacking. Now, it’s all about monetizing the data you can steal. 

Just as cloud computing initially seeped into organizations under the cloak of shadow IT, application programming interface (API) adoption has often followed an organic, inexact, and unaudited path. IT leaders know they are benefiting from APIs, internal, via third parties, and often outwardly exposed. They just don’t know where they are, how much they support key services, and how they’re being used, or abused! 

In this session we will discuss if APIs are meant to be exposed, and discuss if the startups API software companies are ready for the explosion.


In partnership with

5:00 PM-5:55 PM
Panel
The Greatest Fears?

The biggest fear is not the technology, it is the potential of human error that could expose your organization to a cyberattack. The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. Most also agree that they will not be able to reduce the level of employee disregard for information security. How do we guard against human error without limiting employee efficiency and productivity?

Panelists
Christy Peel
Security & Compliance Director
Drager
Analytical problem-solver who uses technical background to bridge gap between business processes and system design. Responsible for managing information risks (threats, vulnerabilities, and impact). This includes assessing threats and vulnerabilities of information (and information systems) and evaluating how vulnerable information is to threats. Also responsible for providing leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor operational and strategic risks. Actively participates in the sponsorship, design and management of IS&RM process and metrics to ensure a robust and effective organization. Strong directional leadership skills by influence and trust. Entrusted to lead projects that have high impact to the organization.
Jeff Moore
Chief Product Security Officer
Drager
Arif Hameed
VP & CISO
MUNICH RE
Arif Hameed is currently the Vice President & Chief Information Security Officer at Munich Re New Ventures. Munich Re New Ventures is the innovation arm of Munich Re Life & Health North America. Prior to joining Munich Re, he had roles in Security Advisory, IT Risk, Supply Chain Cyber Risk, Client Cybersecurity Assurance and IT Audit at major Canadian Banks and a global Credit Bureau. He actively volunteers for professional associations including ISACA, Cloud Security Alliance, Evanta, EC-Council and participates in advisory committees for academic programs in Cybersecurity and IT Audit. He also has presented, moderated and took part in panels for Cybersecurity events including the RSA Conference, SecureWorld, ISMG, secureCISO, BrightTALK etc. He has obtained the CISSP, CISA, CRISC, GSTRT, ISO27001 LA and ABCP certifications. Specialties: -Cybersecurity Strategy -IT Risk Management -Client Security Assurance -Supply Chain Cyber Risk, RFP and Contract Security Schedules -Information Security Advisory -Access Management Lifecycle / Logical Access -Business Continuity Management / Disaster Recovery -Physical and Environmental Security Reviews -Frameworks: NIST CSF / ISO 27xxx / PCI DSS / CCM / SOC / ISF SoGP -Regulations: SOX 404, OSFI, PIPEDA, NYDFS , BaFin VAIT Professional Memberships: ISACA (ISC)2 Disaster Recovery Institute International (DRII) Institute of Corporate Directors High Tech Crime Investigation Association (HTCIA)
Rob Knoblauch
Deputy CISO & VP Global Security Services
Scotiabank

5:55 PM-6:00 PM
Closing Remarks

6:00 PM-7:00 PM
Cocktail Hour

In Partnership With