November 8th, 2024 meeting

DATE:November 8th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Trusting the Source and Content of Internet Communications: A Global
Transformation Project
PRESENTER: Scott Perry (CPA, CISA, ISO 27001 Lead Auditor)
RECORDING: 

ABSTRACT

The Internet has a trust problem. The Internet was not designed to exchange the monetary and the priceless value of our personal transactions.

The pandemic brought forth a rise in our dependence on digital life: from videoconferencing to shop-at-home applications, to social media. It has also transitioned the crime and espionage centers from physical cities to the Internet. Kim Cameron, Microsoft’s Chief Identity Architect (2004-2019) predicted this when stating in his landmark publication Law of Identity “The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers”.

The centralized control on identity with every merchant, organization and government an individual interacts with has frustrated the public with the requirement to remember hundreds of account/password combinations and the loss of control of sensitive personal data. This has been perpetuated in a societal shift of individuals (with governmental support) demanding more control of their personal information. Despite the warning signs, the Internet has thrived without an architectural construct to bind transactions to verifiable identities.

To revolutionize an established Internet itself, the architectural core of Internet transactions must evolve using new governance blueprints, trust anchors, and secure smartphones overlaying a foundation of decentralized identifiers. The building blocks of this new architecture has been developing over the last nine years and is ready to explode on a global scale.

Speaker Scott Perry, CEO of the Digital Governance Institute and co-Chair for the Governance Working Group for the Trust Over IP Foundation (ToIP), a Linux Foundation sponsored non-profit, will walk through a multi-level technical and governance architecture (“the Trust Over IP Stack”) that outlines greater confidence over the source and content of internet communications is being achieved. He will also walk through existing ecosystems where the exchange of verified digital credentials is transforming industries and societies.

BIOGRAPHY

Scott Perry is the Founder and CEO of the Digital Governance Institute where he provides a variety of governance solutions in the emerging space of governance of digital assets. Scott is a recognized global leader in digital identity, blockchain, and verifiable credential governance and accreditation. He has worked with the world’s most respected SSL certificate issuers, aerospace and defense companies, and government agencies such as the US Senate Sergeant at Arms and Federal Aviation Administration.

He is a Co-Chair of the Trust Over IP Foundation’s Governance Stack Working Group where he has authored and contributed to most of its governance and assurance publications driven to create standards and accountability in decentralized identity and verifiable credential networks.

As a hands-on governance and cybersecurity consultant and auditor, Scott provides deep and impactful advice that you would expect from a leader in the field.

October 11th, 2024 meeting

DATE:October 11th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Artificial Intelligence: Overwhelming Risk, or Terrible Mistake?
PRESENTER: Rob Slade
RECORDING: 

ABSTRACT

With the release of the Large Language Models (LLMs) such as ChatGPT and DALL-E, there is a great deal of interest in artificial intelligence. However, there are risks, and there is much confusion, particularly since a lot of people talking about “AI” are actually talking about different things. Artificial intelligence is not a single thing, or even a single field. This presentation looks at the various components of AI, and what they can (and can’t) do, but concentrates on genAI/LLMs, and what we know about how well they are doing so far.

BIOGRAPHY

Oh, you guys want a bio?

I hate writing them, so I asked the AIs to do it for me.

Robert Slade is renowned, with a career spanning several decades, has made significant contributions to the field of cybersecurity, authoring numerous books and papers, with a solid foundation for his expertise, is influential and his publications have served as essential resources for both novices and seasoned professionals, gives engaging presentations with an ability to demystify complex security concepts making him a sought-after speaker and educator, with a career marked by significant achievements and a commitment to advancing the field of information security, his work has been instrumental in shaping the understanding of digital threats and has left an indelible mark on the information security landscape. His legacy serves as a testament to the importance of dedication, expertise, and innovation in the ever-evolving landscape of information security.

You will note that none of these claims are really verifiable, and so they are also basically unchallengeable.

September 13th, 2024 meeting

DATE:September 13th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:De-anonymizing the Blockchain with Cryptocurrency Investigations
PRESENTER: Artem Ponomarov (PhD, CCSS Auditor, Chainalysis Investigation Specialist)
RECORDING: 

ABSTRACT

Cryptocurrencies were once primarily associated with illicit activities due to their decentralized and seemingly anonymous nature. However, most of them operate on a pseudonymous basis, making crypto investigations a crucial aspect of modern cybersecurity. This involves a detailed analysis of blockchain transactions to trace the movement of funds. In this talk, we will explore the latest advances in crypto forensics and how to unveil the real-world entities behind cryptocurrency-related crimes. The goal is to equip the audience with the knowledge and skills needed to navigate the complex landscape of cryptocurrency.

BIOGRAPHY

Artem is a cryptocurrency security expert with over four years of experience in crypto forensics. He has developed and utilized advanced blockchain analytics tools to assist in recovering funds from crypto-related hacks and scams. Artem holds a PhD in Physics and several certifications, including Chainalysis Investigation Specialist Certification (CISC) and Cryptocurrency Security Standard (CCSS) Auditor. Before his current role, he served as CISO at Gftd Japan, where he led teams in crypto AML compliance, smart contract audits, and incident response. He is also an active member of the Cryptocurrency Security Standard (CCSS) group, contributing significantly to the field of blockchain and cybersecurity. Currently, Artem is the Manager of IT Security at the City of North Vancouver.

August 9th, 2024 meeting

DATE:August 9th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Current Cybersecurity Threats and How to avoid an RGE (Resume Generating Event)
PRESENTER: Ian H. Moore (CISSP – ENFP)
RECORDING: 

ABSTRACT

You are in your security operation center and every node on your network monitoring map starts to flash red.  You attempt to ping your domain controller and other key devices but nothing responds.  For those that have experienced a breach or a major outage, this scenario seems realistic.  Ian Moore will explain to you how to take actions now to help prevent this from happening. 

He will cover the differences between a few of the main cyber-attacking organizations and their methods, along with a typical attack process and timeline.

Along the same thread, Ian will explain and discuss the various techniques that attackers use, the common vulnerabilities that they exploit, and how you can employ some key mitigation strategies to protect your enterprise, and lastly, how to keep your leadership off the news and how to prevent you from having to update your resume.

BIOGRAPHY

Supervisory Cybersecurity Advisor (SCSA) for the State of Washington

Cybersecurity and Infrastructure Security Agency (CISA)

Ian serves as the Supervisory Cybersecurity Advisor for the state of Washington for CISA. He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation’s critical infrastructure.

His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the state, local, tribal, and territorial government entities, and the nation’s sixteen critical infrastructure sectors.

Prior to joining DHS and CISA, Ian worked in both IT and cybersecurity for over 25 years. He started as an Intelligence Specialist in the U.S. Navy, right out of high school and then transitioned to the University of Washington, Bothell and earned his B.S. in Computing and Software Systems in 2002. Upon graduating college he earned a commission in the U.S. Air Force and worked as a Communication Officer at Offutt AFB in Nebraska. After separating from the Air Force in 2006, Ian took a civilian job doing cybersecurity, software development, and cyberspace planning for USSTRATCOM. During his time at USSTRATCOM, Ian earned his master’s degree in Cybersecurity from Bellevue University in Bellevue, Nebraska. Ian was the first student to graduate from Bellevue University’s Masters in Cybersecurity program in 2012. In 2015, Ian and his family decided to move home to the Northwest and took a job at the Puget Sound Naval Shipyard as a Cybersecurity Engineer. After a promotion and a year of working as the Platform IT (Operational Technology) Branch Manager, he accepted a Cybersecurity Advisor position within CISA. After a year of interviews, security checks and waiting, he was brought on as the Cybersecurity State Coordinator for the state of Washington in March of 2021. On July 1 st of 2024 Ian was promoted to the newly created position of Supervisory Cybersecurity Advisor for Washington state. This position will oversee the cybersecurity activities within the state, both public and private, and develop an overarching cybersecurity strategy for the state.

As the SCSA for Washington State, Ian works with the other three Cybersecurity Advisors and the State Coordinator to support state agencies, counties, and cities/towns and private industry partners to help them shore up their cybersecurity by partnering with them on assessments and offering CISA technical services. Through these partnerships he builds and cultivates relationships and trust throughout the state.

Ian maintains his Certified Information Systems Security Professional (CISSP) certification, since 2014.

July 12th, 2024 meeting

DATE:July 12th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Adaptive Cybersecurity – A Relationship-Based Approach
PRESENTER: Alexandra Landegger
RECORDING: 

ABSTRACT

Cybersecurity today demands proactive, strategic planning to uphold enterprise
stability and customer trust. Alexandra Landegger, CISO, Collins Aerospace, believes in
advanced preparation and encouraging early collaboration with legal and cross-departmental teams to strengthen security posture.


Join this session to hear her share case studies on:


· Fostering flexibility and adaptiveness in response strategies
· Adapting swiftly to emerging threats with a focus on prevention
· Committing to data-driven decision-making to minimize biases

BIOGRAPHY

As Chief Information Security Officer at Collins Aerospace, Alexandra leads a
diverse team of cybersecurity and compliance professionals to protect the company’s digital ecosystem, including IT, OT and hosted services. She also sponsors the RTX Cybersecurity Engagement Council to drive an inclusive, learning and collaborative culture that makes our organization feel like the right “home” for everyone. Prior to joining Collins, Alexandra led Booz Allen Hamilton’s Commercial Aerospace and Automotive practices, advising C-level clients on cybersecurity and digital transformation initiatives.

June 14th, 2024 meeting

DATE:June 14th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Different types of banking fraud and how fraudsters steal money from bank customers
PRESENTER: Siva Ram
RECORDING: 

ABSTRACT

This talk will cover the types of banking fraud and how fraudsters steal money from businesses.


This will provide a “from the trenches” look at the different ways fraudsters trick customers, exploit potential weaknesses in banking applications and steal money from people and organizations. This will include some very interesting attack vectors and some very common misconceptions of banking fraud.

BIOGRAPHY

Siva Ram is the Head of Business Security & Fraud risk for wholesale banking digital channels at a global bank. He is responsible for protecting mission critical, global banking applications against cyber and fraud attacks. He has over 25 years of professional experience in the security industry helping organizations of various sizes improve security with penetration testing, security architecture, fraud monitoring and building security programs. Prior to this role, he co-founded and ran a California based security consulting company that was acquired by a multi-national cyber security services company.

May 10th, 2024 meeting

DATE:May 10th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:New Threats to Democracy in the Era of Generative AI
PRESENTER: Konstantin Beznosov, Ph.D. (UBC Professor)
RECORDING: 

ABSTRACT

In Montreal, on May 24, 2023, in a panel on challenges of artificial intelligence (AI) to modern civilization, world-renowned historian and author Yuval Noah Harari said: “If you are talking with someone, you need to know whether it’s a human or an AI. If we don’t do that, then the public conversation collapses, and democracy cannot survive.” This quote succinctly summarises one of the key growing concerns that the generative AI (GenAI) is posing a real and significant risk to democratic discourse and, as a result, to democratic societies around the globe. To bring it close to home, Prof. Yoshua Bengio, the scientific director of the Mila-Quebec AI Institute and the most prominent Canadian expert in AI, warned the House of Commons Industry Committee on February 5, 2024 that the country is at risk of seriously endangering its democratic institutions. AI-driven manipulation of voice, video, or text “can fool a social media user and make them change their mind on political questions” said Bengio. As some researchers put it, GenAI “threatens to interfere with democratic representation, undermine democratic accountability, and corrode social and political trust.” If this vulnerability is potent, its exploitation by organised criminal groups and/or state-sponsored threat agents (e.g., to influence voters in national elections) can have devastating repercussions on Canada and other democratic societies. This talk will discuss the above vulnerabilities and the corresponding risks to modern democracy.

BIOGRAPHY

Dr. Beznosov founded and directs the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) at the University of British Columbia. His primary research interests are usable privacy and security (UPS), AI and security, and systems security. Prior to joining UBC in 2004, Prof. Beznosov worked as a Security Architect at two start-ups, where he designed and developed products for security integration of enterprise applications, as well as consulted large telecommunication and banking organizations on the architecture of security solutions for distributed enterprise applications. While at UBC, Dr. Beznosov has been actively collaborating with a broad spectrum of experts (most recently: Samsung, Telus, Microsoft Research, Google, UC Berkeley, Honeywell, Oregon State Univ., Univ. of Lisbon, Yahoo!), on diverse research projects from network security to web and mobile privacy & security, to human and social factors of computer security. Over the 20 years of his academic career, Dr. Beznosov served on program committees and/or helped to organise top international conferences in the fields of cybersecurity (ACM CCS, IEEE Symposium on Security & Privacy, USENIX Security, NDSS, ACSAC, SACMAT, NSPW) and human aspects of cyber security & privacy (USENIX SOUPS, Privacy and Security subcommittee of ACM CHI), served as an associate editor of ACM Transactions on Information and System Security (TISSEC) and Elsevier’s Computers & Security. He currently serves on the program committees of USENIX Security ‘24 and ACM CHI ‘24.

April 12th, 2024 meeting

DATE:April 12th, 2024
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
TOPIC:Conducting Cyber Security Exercises – Sharing Knowledge From Training and Experience
PRESENTER: Gerry Sieracki (CISSP, Retired IT – OT – Cyber Security)
RECORDING: 

ABSTRACT

This presentation is the sharing of my knowledge gained from years of training and work experience in both the private and public sector. It will cover topics including planning, designing, conducting, post exercise debriefing, and more. It is designed to promote thinking about methods of conducting Cyber Security Exercises. The knowledge shared can also be applied to other types of exercises such as Disaster Recovery Exercises.

BIOGRAPHY

Gerry is a seasoned IT veteran with over 25 years of progressively responsible work in IT. He retired from work as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. Gerry worked closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity and other issues.


Gerry earned his CISSP in May 2015. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure. Gerry has had training on developing Cyber Security and Incident Response Exercises. Gerry has designed and conducted several exercises, and participated in many more.

March 8th, 2024 meeting

DATE:March 8th, 2024
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:The Case for Self-Sovereign ID
PRESENTER: Aaron Day
RECORDING: 

ABSTRACT

Why Self-Sovereign ID is Superior to Digital Identity


Self-sovereign identity (SSI) is a decentralized approach to digital identity management that emphasizes individual control and ownership over personal data. In contrast, digital identity (DI) typically involves the use of centralized systems, such as those employed by social media platforms, governments, and financial institutions, to manage and authenticate identity.

BIOGRAPHY

Aaron Arthur Day is an early Internet entrepreneur who started developing commercial sites in 1993 on platforms like Compuserve, Prodigy, and AOL. Born in North Vancouver, raised in Kelowna, British Columbia, and having spent significant time abroad, he is now the President of Lions Gate Digital and the editor of Invest Offshore. Day resides in Vancouver, embracing a life of passion for web design and development​.

February 9th, 2024 meeting

DATE:February 9th, 2024
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Why are US-based high-tech companies continuing to accrue the largest fines ever in the EU? What is the disconnect between EU public policy makers and US-based high-tech companies?
PRESENTER: Tim Rains
RECORDING: 

ABSTRACT

2023 marks the 10-year anniversary of Edward Snowden leaking those classified documents about U.S. national security intelligence and surveillance. Are the French, Germans, and other nations in the European Economic Area still concerned about the potential for overreach by U.S. intelligence operations? The answer is yes, very concerned.


Some have suggested that the U.S. has weaponized the U.S. Foreign Intelligence Surveillance Act (FISA) and the CLOUD Act to wage economic espionage against Western European nations among others. Can this be true – what does the available data reveal? Why are CISOs and security teams in the EU so concerned about U.S. government access to data? What do European-based CISOs, and other executives know that you don’t?


Join high-tech industry insider and author, Tim Rains, for a deep dive into these questions.

BIOGRAPHY

Tim Rains is an internationally recognized cybersecurity executive, strategist, advisor, and author of the popular book Cybersecurity Threats, Malware Trends, and Strategies. Currently, Tim is Vice President Trust & Cyber Risk at T-Mobile where he leads cybersecurity strategy, architecture, risk management, conformance, assurance, vulnerability management, and Business Information Security Officers (BISOs). Tim is a Subcommittee Member on the National Security Telecommunications Advisory Committee (NSTAC) helping to develop cybersecurity recommendations for the President of the United States.


Previously, Tim was the Global Security Lead for Worldwide Public Sector at Amazon Web Services helping start AWS’s Public Sector business in Europe, the Middle East and Africa. Before that, he was Executive Director Cybersecurity Strategy at the Las Vegas Sands Corporation, leading cybersecurity strategy and architecture for a dozen casino-hotel-resorts and the world’s largest private airline. Tim spent 17 years at Microsoft in numerous roles including Global Chief Security Advisor; Director of Security, Identity, and Enterprise Mobility; Director of Trustworthy Computing; and founding Technical Lead of Microsoft’s customer-facing Security Incident Response Team.

January 12th, 2024 meeting

DATE:January 12th, 2024
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Security Operations in the Age of Cybercrime
PRESENTER: Alex Pierce, Systems Engineer (Arctic Wolf Networks)
RECORDING: 

ABSTRACT

Cybercrime is big business and attackers have evolved. Today, cybercrime has become a $1.5 trillion dollar industry and that number is increasing. The barriers for attacks have been lowered, and the rewards have never been higher. So, who are these cybercriminals and how does an organization protect itself? Our discussion will focus on the common motives and methods of cybercriminal groups along with strategies on how to develop an effective security operations program to safeguard your environment.

BIOGRAPHY

Alex is a CISSP certified, experienced, and motivated Security Systems Engineer based out of Vancouver, British Columbia. In his current role as an Arctic Wolf Systems Engineer, he is responsible for creating innovative technical solutions to solve customers’ complex business issues and objectives.

December 8th, 2023 meeting

DATE:December 8th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:The New Frontier: Integrating Traditional Technical Surveillance Counter Measures, People Investigations, with Modern Cyber Security Technology
PRESENTER: Dale Jackaman
RECORDING: 

ABSTRACT

In the realm of security and surveillance, the integration of Traditional Technical Surveillance Counter Measures (TSCM) with modern cyber security technologies marks a significant evolution. This presentation explores how the meticulous practices of TSCM, traditionally focused on physical surveillance detection, are now being enhanced by the advancements in digital forensics and cyber security. This blend is not just an addition of new tools; it represents a fundamental shift in our approach to counter surveillance, encompassing both the physical and digital domains.

We will delve into how this integration is crucial in the context of people investigations. The digital transformation has introduced complex cyber threats that require a more holistic approach to surveillance detection. By combining traditional TSCM techniques with cutting-edge cyber security measures, such as network security tools and AI-driven analytics, we can more effectively identify and mitigate a broader range of threat actors.

BIOGRAPHY

Mr. Jackaman is a distinguished professional with a diverse and extensive background. As a licensed private investigator and security consultant, he specialises in internal cyber security investigations, civil and criminal investigations, digital forensics, and technical surveillance countermeasures. His proficiency in this field is not just about uncovering electronic eavesdropping devices but also encompasses the intricate skill of identifying and apprehending spies. His expertise further extends to conducting undercover operations, performing suspect and witness interviews, and fulfilling high-level corporate roles, including a significant tenure as the Director of Information Systems at BC Research at UBC.

His educational foundation in digital forensics is robust, grounded in the BCIT Forensic Sciences Program, where he specialised in the Computer Crime Option. Mr. Jackaman also has a longstanding involvement in radio communications and electronics, holding an advanced amateur experimental radio license since 1973. His early career includes dedicated service in the Canadian Armed Forces Signals Corps from 1978 to 1983, where he completed three active tours of duty in the Middle East.

Since 2005, Mr. Jackaman has been at the helm of Amuleta Computer Security Inc., a company that specialises in high-tech criminal and civil investigations. This role highlights his commitment to using advanced technology, including artificial intelligence, for enhancing security and investigative capabilities.

November 10th, 2023 meeting

DATE:November 10th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Artificial intelligence – the end of humanity or another Y2K moment?
PRESENTER: Alain Filotto
RECORDING: 

ABSTRACT

This presentation is an overview of the recent developments in artificial intelligence and it’s tools, including chatGPT. Topics covered: What is artificial intelligence? How is chatGPT different from a web search? What are the pros and cons of AI? How can criminals use artificial intelligence and what are some of its perils? And finally, how should governments and companies handle this technology?

BIOGRAPHY

Alain has been working with digital evidence for over 15 years, including with his company, Alphafox Forensics. He is a retired Sergeant of the RCMP with 29 years of policing experience. The last 10 years of his career were spent with the RCMP’s Digital Forensic Services as an examiner and team leader. He is a graduate of the computer forensics program of BCIT. He is certified as a computer and mobile forensic examiner and is a Certified Information Systems Security Professional (CISSP). He holds other certifications, including being an EnCase Certified Examiner and a court-recognized computer and mobile forensics expert. He has supported major investigations as an examiner including internet child exploitation, commercial crimes, organized crime, and national security.

October 13th, 2023 meeting

DATE:October 13th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Sophos, 777 Dunsmuir St #1400, Vancouver, B.C. V7Y 1K4
Zoom Online meeting
TOPIC:Investigating the Reasons why Small and Medium Enterprises (SMEs) are not Using the Existing Cybersecurity Frameworks such as the NIST CSF: A Qualitative Exploratory Study Using the Delphi Data Collection Method
PRESENTER: Lloyd Jura, Ph.D., CISSP
RECORDING: 
This is an in-person event, with a Zoom session for remote participants. Guests must take the elevator to the 14th floor and go past reception to the 15th floor.

ABSTRACT

In this presentation, Dr. Lloyd Jura will talk about two things; his journey to obtaining a Ph.D. in Information Technology with a Cybersecurity concentration and secondly, he will present the findings of his research.


Dr. Jura’s exploratory qualitative study aimed to establish why small to medium enterprises (SMEs) are not adopting existing cybersecurity frameworks and establish motivating factors that SMEs can adopt by interviewing twenty-one cybersecurity subject matter experts. SMEs are not as prepared to deal with attacks as large enterprises and are not adopting cybersecurity frameworks like the NIST CSF. Current literature on cybersecurity framework adoption focused on large enterprises that excluded SMEs, even though breaches are increasingly happening to SMEs compared to large corporations. The research used the Self-determination Theory (SDT). SDT is one of the significant theories in human motivation, and its development and improvement over the years have been motivated by the desire to understand what motivates employees (Gagné, 2014). Self-determination Theory promotes “perceived autonomy, competence, and relatedness” (van Haastrecht et al. 2021, p. 1).

BIOGRAPHY

Dr. Lloyd Jura, an Assistant Professor at the New York Institute of Technology (NYIT) Vancouver Campus and an entrepreneur running Jura Technologies, Inc., is an accomplished expert in Governance, Risk, and Compliance (GRC) with over 25 years of industry experience. In his academic and professional pursuits, he aims to influence GRC and cybersecurity awareness training. Dr. Jura’s interdisciplinary background in information technology, business administration, and cybersecurity informs his research, focusing on governance, risk management, and compliance strategies in modern business environments. He is well-versed in frameworks like PCI-DSS, SOC 2, NIST CSF, and ISO 27001, and has led teams managing cybersecurity, data protection, and compliance programs in organizations such as Fraser Health Authority, ICBC, Vivonet, IBM Canada, and TELUS Security Solutions.

September 8th, 2023 meeting

DATE:September 8th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Virtual Meeting, Zoom registration link
TOPIC:Zero B.S. Guide to Zero Trust
PRESENTER: Aryan Taheri
RECORDING: 

ABSTRACT

This is a Guide for Zero Trust with explanations and analogies to truly understand the topic of Zero Trust, and help get traction.

BIOGRAPHY

Aryan is a Certified Ethical Hacker that has spent over 2 decades at Fortune 500 companies in a variety of roles including development, performance engineering, architecture, and cybersecurity. Domains have included eCommerce, Business Intelligence, Enterprise Systems, Mobile Device Management, and Cybersecurity. Most notable, he led the infrastructure & architecture solution that manages over 50K point of sale devices at a major Telcom company. Later, he applied additional layers of defense on those devices.

August 11th, 2023 meeting

DATE:June 9th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Virtual Meeting, Zoom registration link
TOPIC:FEARLESS – Why the business does not think cybersecurity is a problem
PRESENTER: Elson Kung (CISA, PMP)
RECORDING: 

ABSTRACT

Every day, our newsfeed is cluttered with news of ransomware, data exfiltration, stolen crypto, phishing, supplier attacks, and even DDoS. To us, there is no doubt that the cyber landscape is fraught with dangers. The organizations we are working so hard to secure are always only a hair away from becoming the next headline. As technology and security professionals, we know this. But what about the business? Are they just as aware of the threats? Are they prioritizing the organizations’ resources to fight cybercrime? If the answer is “No” to either of these questions, they are probably naive to the risk they face, and think that bad things can only happen to others, right? Certainly, they are negligent in their duties, and could care less about their organizations’ proprietary information, their customers’ PII, and their third parties’ information? Or are they simply arriving at the wrong conclusion despite having done their utmost due diligence?


In this session, we will consider the different frames of mind and explore potential solutions to correct the business’ view that cybersecurity deserves some, but not more attention. We will discuss how to steer them with effective operational and risk management approaches so they are just as vigilant as we are.

BIOGRAPHY

Elson Kung is the founder and consultant of Cactimo. He has hands-on and leadership experience in operational risk management, guiding businesses to implement effective controls to reduce a diverse array of risks including cyber security, third party, data privacy, financial reporting, regulatory compliance, resilience, and fraud. For over 25 years, he has worked in IT, various functions in the business, and the front-line of a company with $128 billion of assets and $2.5 billion of income in 2022.


A former president of ISACA Vancouver Chapter, he now serves on the board of BCG Counselling Group, the Provincial Security Advisory Council of BC, and is a Toastmasters area director. He also volunteers, runs, hikes and bikes.

June 9th, 2023 meeting

DATE:June 9th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:SAP Canada Inc., 910 Mainland Street, V6B1A9, Vancouver B.C.
Zoom Online meeting
TOPIC:How UBC Students Design, Analyze, and Research Real World Cybersecurity: Examples from the Trеnchеs
PRESENTER: Dr. Konstantin (Kosta) Beznosov, P.Eng.; UBC students
RECORDING: 
This is an in-person event, with a Zoom session for remote participants. Guests must sign in as a visitor and wait for our SAP host to let attendees in.

ABSTRACT

Part 1: Computer security is a very rapidly evolving field, with technologies, tools, and risks changing yearly, if not monthly. Yet, if computer security students only learn the principles behind, they will be unable to develop higher levels of knowledge, such as application, analysis, and evaluation. To resolve this predicament, UBC’s undergraduate computer security course has been designed to have a term project as a major educational component. In this part of the presentation, Prof. Konstantin Beznosov (the designer and instructor of the UBC cybersecurity course for the last 19 years) will briefly describe the course design. He will specifically focus on the project component.This brief introduction will be followed by short presentations of three recent term projects (both analysis and design) by undergraduate student teams.


Part 2: After the networking break, there will be three presentations by recent PhD students, who will showcase research projects from their dissertations. This part will give you a taste of the kinds of cybersecurity academic research that graduate students do at the Laboratory for Education and Research in Security Systems Engineering.

BIOGRAPHY

Konstantin (Kosta) Beznosov is a Professor at the Department of Electrical and Computer Engineering, University of British Columbia, where he directs the Laboratory for Education and Research in Secure Systems Engineering. His research interests are usable security, mobile security and privacy, security and privacy in online social networks, and web security. Prior UBC, he was a Security Architect at Hitachi Computer Products (America) and Concept Five. Besides many academic papers, he is also a co-author of “Enterprise Security with EJB and CORBA” and “Mastering Web Services Security” books, as well as XACML and several CORBA security specifications. He has served on program committees and/or helped to organize SOUPS, ACM CCS, IEEE Symposium on Security & Privacy, NSPW, NDSS, ACSAC, SACMAT. Prof. Beznosov has served as an associate editor of ACM Transactions on Information and System Security (TISSEC) and Elsevier’s Computers & Security.

May 12th, 2023 meeting

DATE:May 12th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:How to Windows 11: Are we there yet?
PRESENTER: Alfredo Contreras & Ryan Williams
RECORDING: 

ABSTRACT

The release of Windows 11 has brought about a lot of buzz in the tech world. This presentation will explore the process of implementing Windows 11 into an organization’s existing infrastructure, including considerations for hardware requirements, compatibility with existing software, and potential challenges. We will also discuss the new features and improvements that Windows 11 brings to the table, and how they can benefit users and organizations.

BIOGRAPHY

With more than 15 years of experience in this space, Alfredo has helped businesses automate tasks and secure end-points across North and South America and parts of Europe. Tailoring solutions to fit customer needs and requirements, creating best practices and refining for our ever changing industry and empowering IT with world class Automation tools.


Ryan Williams has recently joined Baramundi software as the new VP West Coast Operations. Ryan is an enthusiastic and dynamic addition to our team, focusing on helping small-to-medium sized businesses tackle challenges in Unified Endpoint Management and empowering IT teams with practical, cost-effective software solutions.

April 14th, 2023 meeting

DATE:April 14th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Serverless Security Best Practices
PRESENTER: Mihir Pathare & Colin Igbokwe
RECORDING: 

ABSTRACT

In this session we will explore how to think about security from the front to the back of a typical serverless application on AWS cloud. How do you configure AWS serverless services to provide least-privileged access while ensuring functionality? How should you think about managing IAM policies for your AWS Lambda functions? We cover all this and more, leaving you with concrete examples applicable to almost any workload.

BIOGRAPHY

Mihir Pathare is an AWS Solutions Architect based in Vancouver. He is passionate about helping customers solve their business problems, and progress through their cloud journey. With a background in cyber-security, Mihir focuses on enabling customers to build highly secure and compliant workloads in the cloud. Outside work, he enjoys music, hiking and wildlife photography.


Colin Igbokwe is a Sr. Security Solution Architect with the AMER commercial team at AWS. He has been working with AWS technology for more than three years and has a background in Offensive Security and DevSecOps. Enjoys chess and biking whenever possible.