May 9th, 2025 meeting

DATE:May 9th, 2025
TIME:2:00pm to 4:00pm (PDT)
VENUE:Hybrid Zoom Online meeting & In-Person at Sophos Inc. (Map)
TOPIC:Death of Security Through Obscurity in the TPRM Process
PRESENTERS: Kevin Qiu
RECORDING: 
For those attending in person, please take the elevator to floor 15.

ABSTRACT

Kevin is excited to share his knowledge on the role of third party risk management in the information security industry. He will take the audience through a journey on how we all got to the lovely world of 1000 row questionnaires. From the beginnings of security compliance in the late 1990s, to the rise of AI specific security questionnaires, Kevin will discuss how the industry has changed its approach to reviewing external vendors over the years. A veteran of answering hundreds of thousands of security questions of all kinds, he will provide an overview of how the industry has changed from NDA heavy, painful RFP processes to much more transparent and accessible trust centers. His hope is that by the end of the presentation, you will have new ideas and thoughts on how you can streamline your own organization’s TRPM processes, as sellers and/or buyers. You may even be inspired to create a public trust center of your own!

BIOGRAPHY

Kevin Qiu is a seasoned information security professional with a decade of experience securing companies in various verticals. He is currently the first security hire at the Series B company Shiftsmart. Prior to this, he spent 3 years helping organizations of all sizes build out trust centers to streamline the security review process. He is also an advisor to a multitude of security startups and enjoys mentoring individuals looking to break into the security industry.

April 11th, 2025 meeting

DATE:April 11th, 2025
TIME:2:00pm to 4:00pm (PDT)
VENUE:Hybrid Zoom Online meeting & In-Person at Sophos Inc. (Map)
TOPIC:Privacy in Cybersecurity
PRESENTERS: Kristél Kriel & Cael Hibbert
RECORDING: 
One speaker will be present in-person, with the other virtual. For those attending in person, please take the elevator to floor 15.

ABSTRACT

Privacy laws set rules for how personal information is collected, used, and protected. Cybersecurity helps keep that information secure. This session will cover how privacy and cybersecurity work together, key legal requirements, and what cybersecurity professionals need to know about privacy risks.
Key Topics Covered:

  1. Privacy Laws and Regulatory Requirements
  2. Privacy Risks in Cybersecurity Incidents
  3. Incident Response and Risk Management
  4. Legal Privilege and Reporting

BIOGRAPHY

Kristél Kriel, Partner
Kristél co-leads the privacy, data protection & cybersecurity practice at MLT Aikins. Her experience with complicated cybersecurity, privacy, freedom of information and technology matters makes her a valued asset to public and private organizations across all industries. Kristél is a Certified Information Privacy Professional (Canada).
MLT Aikins Profile


Cael Hibbert, Lawyer
Cael is an experienced lawyer in the MLT Aikins innovation, data and technology practice group in Vancouver, focusing on privacy, data protection and cybersecurity in both public and private sectors. He supports organizations in addressing privacy challenges and helps build privacy compliance programs.
MLT Aikins Profile