December 11th, 2020 meeting

DATE:December 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Differential Privacy
PRESENTER(S):  Robert Slade (M. Sc.)


Differential privacy is a relatively recent topic, although it is an amalgam of well-known, and long utilized, concepts. Oddly, outside of academic circles, it was almost unknown until Apple made a big deal of it in an announcement in 2016. Differential privacy is, however, the “quantitative risk analysis” of privacy, which is why it has such important points to make to the field of privacy, and why almost nobody is using it. (Including, mostly, Apple.)

OK, CISSP question time:

Which privacy law does differential privacy support?

a. British law
b. Chinese law
c. EU law
d. US law

You want a clue?  OK, some initial discussion, then:

a. British privacy law is still primarily based on the original privacy directives, and
is mostly concerned with what data you can collect, and for how long, and how
accurate you have to be.
b. Yeah, I needed a good laugh, too.  But China *does* have a privacy law, and it
pretends to be compatible with the original privacy directives.
c. Well, GDPR is *mostly* just the original privacy directives, but the new
accountability directive *might* have to do with how well you protect what you
*have* collected …
d. OK, I often say the the US doesn’t have any privacy laws, but they do.  Those
are primarily concerned with how much you can sue when people disclose your

For the final answer, attend the December 11th meeting on the topic of
differential privacy.


Robert Slade has been stuck inside for six months with nothing to do but study
the latest security and privacy buzzwords.  More information than anyone would
want to know about him is available at
(and he doesn’t particularly care if you know that).

Job posting – Network Infrastructure Lead

Raymond James Ltd. is seeking a Lead – Network Infrastructure to work in their Burnaby office.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

Under the direction of the Senior Manager, Information Security and Network Infrastructure, and in consultation with parent company Raymond James Financial (US) Network Manager, the Lead – Network Infrastructure is responsible for enterprise alignment & integration, managing a growing team of up to 6+ network engineers, providing technical architecture direction, and day-to-day operations.

The Network Infrastructure team’s responsibilities include all networking and infrastructure aspects for LAN, WAN, SD-WAN, Wireless (802.11x), Load Balancing (LTM/GTM), Remote Access (VPN), Firewall, Network Access Control, DDoS, Network Management solutions and Telecom in a regulated enterprise environment that focuses on availability and security. The Network Infrastructure team is also responsible for datacenter and network closet infrastructure within the co-location data centers and offices across Canada. You will be solving complex challenges in a fast-paced and continuously evolving environment, while championing the direction and evolution of a global integrated team with the parent company.


  • Primary architect and central point of contact for network infrastructure solutions specializing in routing and switching, load balancing, firewall, network security and datacenter infrastructure;
  • Manage Network Infrastructure team resourcing, planning, scheduling, and prioritizing efforts to meet overall network infrastructure commitments;
  • Technical lead with the ability to mentor other members on the network infrastructure team;
  • Collaborate with network infrastructure counterparts in the parent company RJF (US) to align enterprise standards, knowledge share, integrate solutions and create a global team;
  • Partner with a broad base of business and technical teams to ensure that networks is developed to meet business and project objectives while adhering to architectural and testing standards and established methodologies;
  • Forward thinking to identify upcoming trends, emerging technologies and evaluating new network infrastructure technologies;
  • Responsible for up time, monitoring, reliability, BCP/DR, stability and maintenance of supported systems as well as continual assessment of the quality and effectiveness of our network monitoring and alarming;
  • Manage network vendor relationships, contracts, budget and SLAs;
  • Serves as a key person in major incidents and troubleshooting network infrastructure problems, taking ownership of problems to resolution;
  • Produces and maintains documentation of network infrastructure solutions;
  • Test network performance and analyzes trends to provide statistics, metrics and reports; develop strategies for optimizing network infrastructure;
  • Improve operations efficiency by developing automation based upon analyzing and identifying significant opportunities where automation can tackle administration tasks, volume, systemic or critical operational issues;
  • Ensures Network Infrastructure solutions adhere to enterprise security standards;
  • Develop project plans, budget and feasibility studies for various network infrastructure projects, upgrades, improvements, expansions and equipment refresh;
  • Provide timely support, analysis and resolution for Network Infrastructure related problems; and
  • Provide critical tier 3 support, as required, on a 24 hours x 7 days / week basis. Excluding participation in an After Hours Support rotation.

Experience and Skills:

  • Minimum 10 years’ experience in large-scale enterprise network environments with working expert level knowledge of Data Center Network Routing & Switching, Firewall, and Load balancing technologies;
  • Minimum 3 years’ experience managing 5-10+ engineers in a team lead role;
  • Cisco (CCIE, CCNP: Routing & Switching | Security), F5 (Certified Administrator | Certified Technical Specialist), Palo Alto (PCNSE), (ISC)² (CISSP), SANS or other network security vendor certifications highly desirable;
  • Advance knowledge and experience in the following areas: Network Design, Load Balancing (LTM/GTM), Wireless, Network Security (NAC/DDoS/NGFW Firewalls), Network Aggregators, Remote Access VPN, Converged Infrastructure, Cloud Networking (SD-WAN) technologies, LAN/WAN, routing protocols (BGP, EIGRP, OSPF), switching, VLANs, spanning-tree, VOIP protocols, QoS, DHCP, DNS, etc;
  • Expert knowledge of BGP and Multicast;
  • Experience with network monitoring, management & performance testing technologies (Solarwinds, Datadog, Nagios, Cacti, Netflow, nTop, sFlow, Splunk Rancid, etc.);
  • Experience in scripting and automation;
  • Experience with troubleshooting and determining root cause analysis through log/packet analysis and debugging;
  • Experience with Datacenter facilities;
  • Experience with Cabling Standards and troubleshooting;
  • Experience in the financial services or brokerage industry is an asset;
  • Knowledge of service management frameworks (ITIL);
  • Ability to work effectively with technical and non-technical personnel in a cross-functional setting; and
  • Excellent verbal and written communication skills.


  • Analysis: Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions;
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message;
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take actions that are consistent with available facts, constraints, and probable consequences;
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise;
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals; and
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

This is a permanent full-time position with a competitive compensation and benefits package.

If you would like to join our team, please send a resume and covering letter, quoting the position and Job Posting #20-162 by December 11, 2020 to:

Human Resources
Raymond James Ltd.

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. We require applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

We sincerely thank all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James Ltd. recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at

Friday, November 13, 2020 2pm to 4pm

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:November 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Cyberwarfare: The New “Colder” War
PRESENTER(S):  Kevin Murphy

2:00 pm – 2:15 pm  Welcome and announcements
2:15 pm – 2:45 pm  Featured Presentation
2:45 pm – 3:15 pm  Break
3:15 pm – 3:45 pm  Featured Presentation
3:45 pm – 4:00 pm  Q&A 

Abstract:  Is Cyberwarfare actually the next World War?  Modern cybersecurity threats have evolved into very effective disinformation campaigns and destructive ransomware. What can we collectively do to protect ourselves, our business, and our democratic institutions? Hint: the solution is more than just technology.

Kevin was the VP of Cybersecurity Operations and Governance at, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the CISM, CISSP, and CGEIT security certifications.

October 9th, 2020 meeting

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:October 9th, 2020
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Threat landscape 2020: A deep dive on the threats we face and how we can successfully combat cybercrime
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

 A portion of this meeting will be dedicated to the AGM. Where possible we will use Zoom polls.


Part 1 – Know thy enemy.
There is no point in defending against attackers that aren’t there. The inverse could be worse, being unprepared for what is out there. The pace of change by cybercriminals is driven by money, which means it never stands still for long.

Part 2 – How we can use COVID-19 to our advantage.
Most security minded people are in a constant struggle to modernize and justify budgets to effectively train their staff and make modern efficient tools available. COVID-19 not only changed the threatscape, it has presented opportunities to IT security teams to up their game.

Part 3 – Targeted ransom deep dive.
These attacks have achieved unbelievable success and profit for the skilled criminals behind them. I will walk you through a typical attack and demonstrate the TTPs and cleverness that goes into hamstringing their victims.

Part 4 –  Parting defensive thoughts.
How we view our networks and the people who defend them is evolving with the threats. Many organizations who make headlines after being victimized have not evolved and sometimes even been culled from the herd. I will wrap up providing my advice on how to modernize your approach to protecting your data.


Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.

Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.

As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News, CBC and CTV if you are old enough to still watch news on a TV.

Friday, September 11, 2020 2pm to 4pm, GM Meeting Notice (Virtual)

DATE:September 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Homomorphic Encryption
PRESENTER(S):  Rob Slade
No Eventbrite registration required – register using the Zoom link. Please check your email for the Zoom password after you register. 

A portion of this meeting will be dedicated to the AGM. To confirm executive positions and any other decisions we will be using Zoom polls where possible.

Abstract:  Recently security operations have become very excited about homomorphic encryption. It seems to be the latest “magic” security technology that will solve all our problems, but I don’t think we’ve really provided a good outline of what it is, and, particularly, what it can’t do.

This presentation will outline the basic concepts, note some specific forms and applications, and point out the various factors for use or consideration.

A longer outline of this talk is available at

Ebo Fynqr znl or na vasbezngvba frphevgl naq znantrzrag pbafhygnag sebz Abegu Inapbhire, Oevgvfu Pbyhzovn, Pnanqn, be ur znl or na negvsvpvny vagryyvtrapr cebtenz tbar ubeevoyl jebat, naq ubbxrq hc gb inevbhf rznvy nqqerffrf.  Zber vasbezngvba guna nalbar jbhyq jnag gb xabj nobhg uvz vf ninvynoyr ng uggc://

August 14th, 2020 Meeting

DATE:August 14th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):The Clutter that’s Choking AppSec
PRESENTER(S):  Rahul Raghavan (Co-Founder and Chief Evangelist, we45)


Increasingly shorter agile development sprints and mandatory security
assessments are putting pressure on product teams to deliver secure applications faster
than ever. Further, inorganic adoption of security tooling sometimes creates information
overload that does more harm than good.

What’s going wrong:
• Results from SAST, DAST and SCA tools create large vulnerability data sets that are
difficult to act upon.
• Automated scan results from security tools are replete with false positives and duplicate
entries that make remediation troublesome.
• Manual methods of triaging vulnerability data sets are inefficient and lower productivity.
• Improper vulnerability management increases friction between security and engineering

What the audience will glean from this talk:
• How automated methods of vulnerability correlation and de-duplication can significantly
reduce your AppSec testing time.
• How to effectively integrate vulnerability remediation with the engineering workflow.
• Understand the basic anatomy of a vulnerability to effectively prioritise and fix security bugs faster and better!

Why should they care:
• Without a change in approach, application security professionals and engineering teams
will continue to delay development schedules and product release dates, or risk releasing a
product that is not entirely secure.

Who should attend:
• Security professionals who face problems managing vulnerabilities.
• Engineering teams who find the current vulnerability remediation workflow problematic.
• CISO’s who want to lay down a mature and efficient AppSec Program.


Rahul is the Co-Founder and Chief Evangelist at we45.

The sheer pervasiveness of applications, their associated software engineering process and therefore the variance of application security quotient across software teams is what drives Rahul’s primary role as an AppSec Advocate at we45.

Having worked on both the building and breaking sides of product engineering, Rahul
appreciates both the constraints and the opportunities of imbibing security within the
software lifecycle. This understanding created a natural segue for we45’s custom security
solution engineering and enhanced AppSec service delivery models for its global customers.

As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs
in the setting up of cross functional skill building and collaboration models between
engineering, QA and security teams to build and manage software security maturity

Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global
conferences, seminars and meetup groups on the following topic areas:
1. Application Security Automation and DevSecOps
2. AppSec Tooling
3. Threat Modeling in Agile Engineering
4. QA: Security Mapping
5. Automation ROI Modelling
6. AWS Security
7. Secure Software Maturity Models

 RSVP Required – register at Zoom

July 10th, 2020 Meeting

DATE:July 10th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):The business of measuring security
PRESENTER(S):  Gary Hinson


Although quantifying things is an essential part of rational management, measuring is particularly challenging in the arcane field of information risk and security. Gary will be sharing his Hinson tips on selecting security metrics that work, both for infosec pros like us and for the businesses we serve. Pull up a chair and put your brain in gear. Audience participation is not merely permitted: it’s encouraged.


Gary Hinson lives at the end of the world, not only down under in New Zealand, but so far off the beaten track that nobody can find him. (Talk about security by obscurity.) Despite this, he advises international companies on information risk and security matters, providing excellent policies, awareness materials and strategies. He is a long-time active member of the CISSPforum, a Certified Usual Suspect. He has a long-abiding interest in the ISO27k standards, running the ISO27k Forum supporting 4,000 fellow ISO addicts. He has written the book (well, a book, anyway) on security metrics which is very pragmatic. (All will become clear during the session.) (Well OK, maybe not all but he’ll do his best)

RSVP Required – register at Zoom

Job Posting – Privacy Specialist

Hootsuite is looking for a Privacy Specialist to help inform and develop a world class privacy program. You’ll be closely supporting their Privacy team to drive initiatives across the organization and translating complex global privacy laws into practical advice for business stakeholders. Based in our Vancouver office, this role reports to our Director, Privacy & Product Compliance.

Continue reading “Job Posting – Privacy Specialist”

CANCELLED – April 2020 Education Session

Presented by Vancouver Security SIG, (ISC)² Vancouver Chapter, and ISSA Vancouver Chapter
Friday April 17th from 2:00 PM to 4:00 PM (PST)

Featured Presentation Topic(s): Homomorphic Encryption

Speaker(s): Rob Slade (M. Sc.)

Continue reading “CANCELLED – April 2020 Education Session”

CANCELLED – March 13th, 2020 meeting

DATE:March 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:KPMG Campus – 11th floor
777 Dunsmuir Street, V7Y 1K3, Vancouver B.C.Please be punctual for entry to the meeting room
RSVP Required – register at Eventbrite
TOPIC(S):Homomorphic Encryption 
PRESENTER(S):  Rob Slade (M. Sc.)

Continue reading “CANCELLED – March 13th, 2020 meeting”

Jan. 10, 2020 2:00pm — 4:00pm

DATE January 10th, 2020
TIME 2:00pm to 4:00pm (PST)
VENUE KPMG Campus – 11th floor
777 Dunsmuir Street, V7Y 1K3, Vancouver B.C.
Please be punctual for entry to the meeting room
RSVP Required – register at Eventbrite
TOPIC Business Transformation through Enterprise Security – powered by Artificial Intelligence and Machine Learning
PRESENTER Deepak Ranjan Rout (Executive Security Advisor, Microsoft)
Continue reading “Jan. 10, 2020 2:00pm — 4:00pm”

Dec. 13, 2019 2:00pm — 4:00pm

DATE:November 8th, 2019
TIME:2:00pm to 4:00pm (PST)
VENUE:KPMG Campus – 11th floor
777 Dunsmuir Street, V7Y 1K3, Vancouver B.C.Please be punctual for entry to the meeting room
RSVP Required – register at Eventbrite
TOPIC(S):Evolution of payments security and threat landscape. How PCI standards are evolving to support security needs of the industry
PRESENTER(S):  Emma Sutcliffe (Senior Director, Data Security Standards, PCI Security Standards Council)
Continue reading “Dec. 13, 2019 2:00pm — 4:00pm”