May 13th, 2022 meeting

DATE:May 13th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Disinformation and Fake News – Democracy Dies in Lies
PRESENTER: Stephen Carras
RECORDING: 

ABSTRACT

January 6th was a wake-up call for democracies and ordinary citizens around the world; fake news isn’t just some meme on social media that your annoying cousin shares to everyone, it almost brought the world’s largest democracy to its knees. While the media and ordinary citizens talk about fake news and those who perpetrate its spread, not as many know its history, and how nation states like Russia use it to influence unwitting pawns around the world. More importantly, how do we as societies (both Canada, the United States, and other nations) proactively and successfully engage with people who believe in these conspiracies and bring them back to normal views and beliefs to prevent future acts of domestic extremism from occurring.

BIOGRAPHY

Stephen is an American living in the Seattle / Bellevue area working as an Engineer, Cybersecurity at T-Mobile. He holds degrees in Security and Risk Analysis – Information and Cybersecurity, and Business with Minors in Finance and Renewable Energy from Penn State. Currently he is also pursuing a Masters in Cybersecurity Analytics and Operations from Penn State while working at T-Mobile. While he is relatively new to the world of cybersecurity, he has worked at other companies in the clean technology and finance industries before making the transition to cybersecurity. In his free time he enjoys learning new technologies, investing, and drinking Starbucks Frappuccinos.

April 8th, 2022 meeting

DATE:April 8th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Phishing, are you ready for the next small or big threat?
PRESENTER: Miles Walker
RECORDING: 

ABSTRACT

With phishing attack crimes rising 600% since covid hit, protecting against it is one of the biggest issues facing the tech world today. Miles is eager to arm you with the knowledge of how to safeguard your business from phishing where 90% of cyber crimes start and give you some real world insights and practical information to better protect you and your business.

BIOGRAPHY

Miles Walker is the Channel Development Manager of Graphus.ai, one of Kaseya’s newest acquisitions. Miles joins the team after 15 years in Sales/Marketing and Account Management in London and Toronto. He is now based in Vancouver where his professional career started in Radio @ 104.9 XFM after studying Marketing/Sales and International Business at Capilano University. When Miles is not playing basketball, travelling, sailing or collecting street art he is evangelizing all things cyber security through his LinkedIn videos, events and of course virtually!

March 11th, 2022 meeting

DATE:March 11th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Consumer Privacy is too Complicated for Consumers
PRESENTER: Kevin Murphy (CISM, CGEIT, CISSP)
RECORDING: 

ABSTRACT

The average consumer really has no idea what personal information they are sharing online and how companies (and governments) track their online behaviour. How did we get here? Come join us as we review what consumers can do to “sort of” protect their personal information online.

BIOGRAPHY

Kevin was the vice president of cybersecurity operations and governance at IOActive.com. He is a retired U.S. Air Force intelligence officer and the former director of Windows security architecture at Microsoft. He has over 25 years of experience in threat intelligence and information security and holds the CISM, CISSP and CGEIT security certifications.

February 11th, 2022 meeting

DATE:February 11th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:7 Mindset Shifts for Success in the Digital World
PRESENTER: Dr. Linda Miller
RECORDING: Link to recorded session

ABSTRACT

Who knew that going digital would end up enabling a more human world. Now that we’re on the brink of international standards for equity and inclusion, sustainable practices and full transparency, how should corporations and businesses position themselves for success and avoid the dangers of a hyper-enabled population? The answer: think about what you would have done 20 years ago, and do the exact opposite.


This talk explores the 7 keys to not just surviving but thriving in a world of hyper-connectedness and constant radical change.


Outline:
Cast off Industrial Age practices and thinking
Relocate certainty, trust, and truth
Imbue meaning and purpose at all levels
Build change intelligence as a capability
Lead ‘transformationally’ day to day
Seek the breakdown then go for the breakthrough
Co-create the future

BIOGRAPHY

Dr. Linda Miller has made a career of transformative change. She has been on leading edge implementations of most major business technologies since 1978.

After a 20-year career in information technology, Dr. Miller sought to humanize how technology was implemented in public and private corporations. Her pursuit led to a PhD in spiritual psychology, post graduate work in executive coaching, and multiple certifications in running successful strategic change initiatives.

Her range of experience spans government to multi-nationals, IT governance practices to corporate restructures to consortiums. Her clients include insurance companies, banking institutions, municipal and provincial governments, mobility technology providers, and law firms.

In 2008 Dr. Miller saw the need for new business tools, techniques, and measurement models that equip leaders and teams to thrive in the high speed, high complexity and highly ambiguous contexts that have become the norm.

Over 7 years of masters and doctoral research, she developed a framework of methods and practices that enable corporations to be successful in technology driven radical change and build the capability to continuously transform. Her courses, advisory services, and published works has helped transforming organizations across Canada and around the world.

Find out more about Dr. Miller and her company at www.iMindTransformation.com

January 14th, 2022 meeting

DATE:January 14th, 2022
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Security Awareness Lessons from Dr. Bonnie
PRESENTER: Rob Slade
RECORDING: Link to recorded session

ABSTRACT


Dr. Bonnie Henry, as BC’s Chief Medical Health Officer, has demonstrably saved tens of thousands of lives over the course of the pandemic. With the regular CoVID press briefings, she has also provided a MasterClass in effective communication of complex technical subjects. This reference provides real-world examples of the most significant points in designing and implementing an effective security awareness program. It also conclusively proves, with mathematical certainty, the importance of a security awareness training program.

BIOGRAPHY

Rob Slade had his booster shot on Boxing Day, and, besides, as an old antivirus researcher, Rob knows that there is no conclusive evidence that Omicron can transmit over Zoom, so you are probably safe to attend this (virtual) meeting. On the other hand, having lost Gloria, Rob’s emotional stability is probably worse than ever, so attend at your own risk. More information than anyone would want to know about Rob is available at http://fibrecookery.blogspot.com/

December 10th, 2021 meeting

DATE:December 10th, 2021
TIME:2:00pm to 4:30pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Operational Threat Hunting for the Enterprise
PRESENTER: Neumann Lim (Deloitte)
RECORDING:Link to recorded session

ABSTRACT


According to IBM’s 2020 Cost of a Data Breach Report, security automation solutions — including AI, analytics and orchestration — and incident response (IR) preparedness, including formation of IR teams and testing IR plans, showed the greatest reduction in data breach costs. Threat hunting is a key component in security operations and incident response preparedness. This talk will guide you through the foundations of beginning to operationalize threat hunting into your enterprise.

BIOGRAPHY

Neumann Lim is a senior manager at Deloitte where he leads the development of the services, strategies and methodologies on cyber detection and incident response. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in incident response. With more than 14 years of infosec experience, he has delivered numerous cyber risk assessments, coordinated national incident responses across multiple industries. Neumann has been invited to share his thought leadership at many security conferences such as Grayhat BlueTeam Conf, DefCon Village, HTCIA Canada, Toronto CISO Summit and CCTX.

November 12th, 2021 meeting

DATE:November 12th, 2021
TIME:2:00pm to 4:30pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Searching for the Balance: Infosec at a Different Angle
PRESENTER:Kovan Mohammed Ameen
RECORDING:Link to recorded session

ABSTRACT

Can we ever catch up to all the chaos? How far behind are we?


When do we get to rest? Will it get worse before it gets better? Will there ever be a point in time where stability is a possibility?… These and many other questions alike have a familiar tone, uncertainty. And I can say with confidence that most, if not all of us, have had questions like that at some point in our lives, regardless of the reasons behind them.
In this talk, we’ll be asking those same questions about information security, with the hopes of clearing the path to find the answers we need, whether that’s going back to the drawing board or evolving to adapt our current solutions in a new way.


Side note: There’s hope, but we need to act fast.

BIOGRAPHY

Senior Information Systems Security student at Southern Alberta Institute of Technology (SAIT). I developed a passion for hacking at just 14 years of age, at first, I wanted to become a pen tester but after pursuing post-secondary education in infosec, I found myself enjoying the educational, analytical, and research side of infosec more. My goal is to have a foundation that creates large-scale cooperation between different organizations and promotes new ways of thinking when it comes to finding long-term solutions to problems the industry faces.

October 8th, 2021 meeting

DATE:October 8th, 2021
TIME:2:00pm to 4:30pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Shoulders of InfoSec Project
PRESENTER: Jack Daniel
RECORDING:Link to recorded presentation

Please note a portion of this meeting will be dedicated to the AGM.

ABSTRACT

When frustrated we may ask ourselves “where are we going and why are we in this handbasket?”, but we rarely have the time to really reflect on where we’re going as an industry and how we got here─and who led the way. The people and ideas which were the foundations of information security are not ancient history, yet few of us know much about them. We are too busy running to keep up and never have time to look back. In this talk we will meet some of the people who founded and advanced our field, and hear some of their stories.

BIOGRAPHY

Jack Daniel is the Community Advocate for Tenable, is a co-founder of Security BSides, a community builder, storyteller, technologist, historian, mentor, and security professional. He has over 20 years’ experience in network and system administration and security, and has worked in a variety of practitioner and management positions. Jack is a technology community activist, a podcaster, and a frequent speaker at technology and security events. Jack used to put letters after his name but he doesn’t anymore; some fell off, others were pushed.

September 10th, 2021 meeting

DATE:September 10th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Measuring how well you are managing Information Security
PRESENTER:Walter B. Williams (CISSP, SSCP)
RECORDING:Link to recorded presentation

ABSTRACT

We create controls to manage the risk of a compromise of availability, integrity, confidentiality, privacy, control, authenticity, and utility to the organization for which we are responsible for. To understand if the controls are effective, you have to measure their performance against goals established for each control against the risk tolerance of the organization. This sounds good on paper, but is one of the hardest things to get right in the management of an information security program. We’ll examine what NIST, CIS, and ISO has to say regarding the measurement of our controls, and how to construct metrics. We’ll look at how to identify the applicable controls per each risk to your organization. We’ll construct metrics for completeness of implementation, for effectiveness, and for adverse impact to your organization for those controls and look at ways to map these back to the risks your organization is managing.

BIOGRAPHY

Walter has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he’d served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He has a book on How to Create an Information Security Program from Scratch which will be available for purchase on September 15. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.

August 13th, 2021 meeting

DATE:August 13th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:The Role of Physical Security in Cyber Security
PRESENTER: Gerry Sieracki (CISSP, Director of Public Relations (ISC)² San Diego Chapter, TLO, ILO)
RECORDING: Link to recorded presentation

ABSTRACT

When people think of Cyber Security the first thing most people think of are items like ransomware, patching, vulnerabilities, and hacking. Often overlooked is the most basic, fundamental level of protection, physical. In today’s world we can no longer separate the requirements for physical and cyber security. They are both reliant on one another and you cannot have one without the other. This presentation will cover some thoughts on Physical Security, how it relates to Cyber Security, and some lived through examples of incidents I’ve encountered on the job. The goal is to spark some thought and conversation on Physical Security and how it relates to Cyber Security.

BIOGRAPHY

Gerry is a seasoned IT veteran with almost 25 years of progressively responsible work in IT. He currently works as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. He has been the Project Lead for several major networking (LAN/WAN) and infrastructure upgrades. Gerry works closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity issues.

Gerry earned his CISSP in May 2015. He is a member of Infragard, MS-ISAC (Multi State Information Sharing and Analysis Center), a TLO (Terror Liaison Officer), an ILO (Infrastructure Liaison Officer), and member of the Cyberhood Watch Water and Power Sector – Los Angeles/San Diego. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure.

July 9th, 2021 meeting

DATE:July 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Overview of the Canadian Supply Chain Security Landscape
PRESENTER:Peter Hillier, CD, CISSP
RECORDING:Link to recorded presentation

ABSTRACT

Of the many cybersecurity challenges facing practitioners today, the very high risk Supply Chain security domain is among the most significant. Join us on July 9th as Peter Hillier maps out those challenges, asks why our Government is seemingly ignoring them and provides recommendations for both government and security practitioners alike to address a systems security engineered approach to the problem.

BIOGRAPHY

Peter Hillier served 20 years in the Intelligence and Security areas of the Canadian Armed Forces. He has spent over two decades dedicated to the evolution of the IT Security profession either through creating new services, writing, speaking, and participating in standards development. He is also a longtime professional mentor and Veterans advocate. He currently works under Hillier Information Protection Solutions Inc. and also provides Systems Security Engineering services, training, and R&D through SSEng Group Inc.

June 11th, 2021 meeting

DATE:June 11th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Tear it Down and Start Over
PRESENTER(S):  Deb Radcliff

ABSTRACT

It’s time to cut our losses and replace our network computing model with something completely different.

As the tech industry pushes businesses into adopting their versions of digital transformation, the heart of all technology is still based on IP, which dates back to 1983. Trying to secure networks by adding layer after layer of security up and down the TCP/IP stack and down into the hardware layers is not working and will not scale. Even at the developer layer, where all this transformation is occurring, attackers are deep into their code repositories and loading malware through their build servers (such as in the SolarWinds Orion patch update that was introduced to 1800 downstream clients and infiltrated more than 100 high-level government intelligence and tech agencies in the US).

We need to figure out a new way to network. What do we replace IP with that is both more efficient and naturally secure (versus trusting the way IP is)? That should be the biggest question on everyone’s mind who’s working toward digital transformation.

Will AI come to the rescue or is it just another technology that can be used against us? What about Quantum networking? Can we move data faster than light more securely than IP transport? Can we somehow return ownership of data to the humans behind that data in the process?

In this session, Deb Radcliff raises provocative questions about future networking and access technologies. So be prepared to answer questions. For example, will we ever actually replace IP? Is AI truly autonomous? Would you take a human chip implant if it were the only means to access your data? If so, what would be your security requirements?

Radcliff will also tell stories of how she became the industry’s first beat reporter starting in 1996 after assisting Jon Littman with research for his best-selling book, “The Fugitive Game,” about hacker on the run, Kevin Mitnick. She will share her experiences and the many colorful characters she’s met from the days before we had cybercops and information security programs.

These characters and experiences are also fictionalized in book I of her cyberthriller series, Breaking Backbones: Information is power, which takes place in the near future (available at Amazon, her publisher (free shipping), and all booksellers). In it, hackers rise up against GlobeCom who takes over the world through human chip implants. She’s nearing completion of book II, “Information Should Be Free,” part of which delves into super smart AI and future networking—and that’s why she’ll be picking your brains around these tough subjects.

BIOGRAPHY

Deb Radcliff is an author, speaker and analyst with extensive background in cybersecurity and cybercrime reporting. In 1996, after researching a best-selling book about computer hacker, Kevin Mitnick authored by Jon Littman, she decided to make cybercrime a beat. At first, she relied on gray and white hat hackers to give her the scoop on hacking techniques and then she built relationships with newly-minted cyberagents and leaders at the FBI, several agencies within DoD, the Secret Service, CIA, NYPD and many other local and federal agencies. Her articles are cited in numerous research papers and college textbooks, and she’s won two Neal Awards for investigative reporting and was runner up for a third. She’s spoken at West Point, HOPE 2000 and other events, and is currently speaking regularly in online venues. She also stood up an Analyst Program at SANS Institute and ran it for 15 years until April 2020.

Today, as a cybersecurity analyst and author, she writes for CSO and manages her own blog OnlineCrimeBytes, runs the Shift Left Academy content program. In April 2021, Radcliff published her first cyberthriller book, Breaking Backbones: Information is Power. The book is part one in a three-part fictional series set in the not-too-distant future when a powerful entity called GlobeCom takes over the world through human chip implants and the hackers mount a coordinated defense to break GlobeCom’s network backbone.

April 9th, 2021 meeting

DATE:April 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Presentation 1: Why is phishing still an issue?
Presentation 2: Setting the CISO free
PRESENTER(S):  Presentation 1: Mike Fleck (Senior Director of Sales, Cyren)
Presentation 2: Rob Newby (CEO, Procordr)

Presentation 1 detail:

ABSTRACT

Why is phishing still an issue? Let’s take a look at the tactics attackers are using and discuss why these simple, yet sophisticated, tricks allow malicious messages to evade detection. Mike will share summary statistics about the scale and type of phishing attacks and also provide detailed examples of specific incidents.

BIOGRAPHY

Mike Fleck is the Senior Director of Sales Engineering at Cyren. With over 15 years of experience in information security, Mike holds patents for transparent encryption and automated encryption key management and has been featured in Security Week, Information Security Magazine, Information Management, and NBC News. Prior to Cyren, Mike was the Vice President of Identity Protection at 4iQ, a provider of dark web threat intelligence that helps to protect consumer identities and to investigate cybercriminals. Previously, Mike was the Vice President of Security at Covata Limited (ASX: CVT) where he directed US operations and global marketing. He joined Covata in 2017, by way of acquisition of CipherPoint which he co-founded in 2010 and was CEO. His vast experience with complex Fortune 500 and Federal Government environments includes technical leadership roles at Vormetric (acquired by Thales), High Tower Software (acquired by NetForensics), Predictive Systems (NASDAQ: PRDS), and Lockheed Martin.

Presentation 2 detail:

ABSTRACT

Cybersecurity is now front page news. Companies are exposed, and CISOs need to make strategic decisions. Lack of accountability can lead to large fines and even prison time for Board members, but they aren’t being appropriately informed. Rob Newby was a new CISO in this situation 2 years ago. His board was concerned, but about the wrong things.


Rob explains what we’re doing wrong now in Security, and what simple changes can be made for the better to fix issues in reporting, strategy, governance and the demand for skills.

BIOGRAPHY

Rob is a problem solver for UK and EMEA boards, as a CISO and Security Adviser Rob has returned failing programmes and projects to the critical path, including setting up and developing multiple lines of defence in parallel, defining and delivering measurable business value. He is now the CEO of UK Cybersecurity startup Procordr, delivering strategy and governance solutions to large enterprises He previously worked as a CISO to SmartDCC, Strategic Adviser to Group CISO at Admiral Group, and at Aviva Group, he was the CISO for General Insurance and Strategic Adviser to their UK CISO.

March 12th, 2021 meeting

DATE:March 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Security Frameworks
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

We have a whole alphabet soup of security frameworks, ranging from checklists to guidelines to salami slicers to product evaluation criteria. Most consider them simply annoyances. Some consider them annoyances that must be complied with. However, they can be of use–if you know what they are, and what they can (and can’t) do for you.

BIOGRAPHY

Robert Slade prefers to say that he is the recipient of patronage from his nation-state because he is old and wise. Others prefer to say that he is retired. Rob finds this odd, since he is not the retiring type, as can be easily determined at


https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413


It is next to impossible to get him to take bio writing seriously, but you can try at rslade@vcn.bc.ca

February 12th, 2021 meeting

DATE:February 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
(Please note Zoom link was updated)
RSVP Required – register at Zoom
TOPIC(S):Ransomware, Risk, and Recovery: Is Your DR Strategy Ready for Today’s Threats?
PRESENTER(S):  Sean Deuby (Director of Services, Semperis)

ABSTRACT

Disaster Recovery (DR) strategies have traditionally focused on natural disasters, then expanded into other physical events such as terrorism. Today, cyber weaponization is everywhere, and the “Extinction Event” is a genuine threat with no respect for geographic boundaries.


In 2017 the NotPetya ransomware attack impacted Maersk worldwide in under 10 minutes and cost the company over $300M. The 2018 Winter Olympics were hit by a targeted cyber attack. Ransomware attacks have become commonplace. Cyber risk directly correlates to business risk and cyber disasters strike more frequently with broader impact than their physical counterparts. Thus, modern DR strategies must prioritize cyber scenarios.


Takeaways:
Denial-of-availability malware is now the #1 risk to business operations
Cyber insurance policies are not the magic bullet they position themselves to be
New “cyber-first” DR technologies automate recovery of complex systems, facilitate recovery to the cloud, and eliminate the risk of reinfection from system state and bare-metal backups

BIOGRAPHY

Sean Deuby brings 30 years’ experience in Enterprise IT and Hybrid Identity to his role as Director of Services at Semperis. An original architect and technical leader of Intel Active Directory, Texas Instrument’s Windows NT network, and 15-time MVP alumnus, Sean has been involved with Microsoft identity technology since its inception. His experience as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the challenges of today’s identity-centered security. Sean is also an industry journalism veteran; as former technical director for Windows IT Pro, he has over 400 published articles on Active Directory, Azure Active Directory and related security, and Windows Server. He has presented sessions at multiple CIS / Identiverse conferences.

January 8th, 2021 meeting

DATE:January 8th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Learning through law:
Building a better defense by studying real legal cases
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

ABSTRACT

While we are inundated by headlines of cybercriminals hacking everything that moves, we seldom have the opportunity to learn how they go about their trade craft. Often stories are distilled to simple things like “didn’t patch” or “phishing attack”. The complexities of real life events are far deeper. We can use the openness of our legal system to discover how these attacks actually unfolded for those who we are fortunate enough to apprehend, or at least charge with a crime. This talk will analyze a dozen recent indictments and US Grand Jury documents to learn the tricks, tools and techniques used in some of the most well known recent cyber attacks.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit. 


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News(https://t.co/VWNBOja8Iv), CBC and CTV if you are old enough to still watch news on a TV.

December 11th, 2020 meeting

DATE:December 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Differential Privacy
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

Differential privacy is a relatively recent topic, although it is an amalgam of well-known, and long utilized, concepts. Oddly, outside of academic circles, it was almost unknown until Apple made a big deal of it in an announcement in 2016. Differential privacy is, however, the “quantitative risk analysis” of privacy, which is why it has such important points to make to the field of privacy, and why almost nobody is using it. (Including, mostly, Apple.)

OK, CISSP question time:

Which privacy law does differential privacy support?

a. British law
b. Chinese law
c. EU law
d. US law

You want a clue?  OK, some initial discussion, then:

a. British privacy law is still primarily based on the original privacy directives, and
is mostly concerned with what data you can collect, and for how long, and how
accurate you have to be.
b. Yeah, I needed a good laugh, too.  But China *does* have a privacy law, and it
pretends to be compatible with the original privacy directives.
c. Well, GDPR is *mostly* just the original privacy directives, but the new
accountability directive *might* have to do with how well you protect what you
*have* collected …
d. OK, I often say the the US doesn’t have any privacy laws, but they do.  Those
are primarily concerned with how much you can sue when people disclose your
data.

For the final answer, attend the December 11th meeting on the topic of
differential privacy.

BIOGRAPHY

Robert Slade has been stuck inside for six months with nothing to do but study
the latest security and privacy buzzwords.  More information than anyone would
want to know about him is available at http://en.wikipedia.org/wiki/Robert_Slade
(and he doesn’t particularly care if you know that).

Friday, November 13, 2020 2pm to 4pm

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:November 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Cyberwarfare: The New “Colder” War
PRESENTER(S):  Kevin Murphy
Agenda:

2:00 pm – 2:15 pm  Welcome and announcements
2:15 pm – 2:45 pm  Featured Presentation
2:45 pm – 3:15 pm  Break
3:15 pm – 3:45 pm  Featured Presentation
3:45 pm – 4:00 pm  Q&A 

Abstract:  Is Cyberwarfare actually the next World War?  Modern cybersecurity threats have evolved into very effective disinformation campaigns and destructive ransomware. What can we collectively do to protect ourselves, our business, and our democratic institutions? Hint: the solution is more than just technology.

Biography:
Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the CISM, CISSP, and CGEIT security certifications.

October 9th, 2020 meeting

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:October 9th, 2020
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Threat landscape 2020: A deep dive on the threats we face and how we can successfully combat cybercrime
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

 A portion of this meeting will be dedicated to the AGM. Where possible we will use Zoom polls.

ABSTRACT

Part 1 – Know thy enemy.
There is no point in defending against attackers that aren’t there. The inverse could be worse, being unprepared for what is out there. The pace of change by cybercriminals is driven by money, which means it never stands still for long.


Part 2 – How we can use COVID-19 to our advantage.
Most security minded people are in a constant struggle to modernize and justify budgets to effectively train their staff and make modern efficient tools available. COVID-19 not only changed the threatscape, it has presented opportunities to IT security teams to up their game.


Part 3 – Targeted ransom deep dive.
These attacks have achieved unbelievable success and profit for the skilled criminals behind them. I will walk you through a typical attack and demonstrate the TTPs and cleverness that goes into hamstringing their victims.


Part 4 –  Parting defensive thoughts.
How we view our networks and the people who defend them is evolving with the threats. Many organizations who make headlines after being victimized have not evolved and sometimes even been culled from the herd. I will wrap up providing my advice on how to modernize your approach to protecting your data.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News, CBC and CTV if you are old enough to still watch news on a TV.

Friday, September 11, 2020 2pm to 4pm, GM Meeting Notice (Virtual)

DATE:September 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Homomorphic Encryption
PRESENTER(S):  Rob Slade
No Eventbrite registration required – register using the Zoom link. Please check your email for the Zoom password after you register. 

A portion of this meeting will be dedicated to the AGM. To confirm executive positions and any other decisions we will be using Zoom polls where possible.

Abstract:  Recently security operations have become very excited about homomorphic encryption. It seems to be the latest “magic” security technology that will solve all our problems, but I don’t think we’ve really provided a good outline of what it is, and, particularly, what it can’t do.

This presentation will outline the basic concepts, note some specific forms and applications, and point out the various factors for use or consideration.

A longer outline of this talk is available at https://community.isc2.org/t5/T/H/m-p/26922/highlight/true#M1683

Biography:
Ebo Fynqr znl or na vasbezngvba frphevgl naq znantrzrag pbafhygnag sebz Abegu Inapbhire, Oevgvfu Pbyhzovn, Pnanqn, be ur znl or na negvsvpvny vagryyvtrapr cebtenz tbar ubeevoyl jebat, naq ubbxrq hc gb inevbhf rznvy nqqerffrf.  Zber vasbezngvba guna nalbar jbhyq jnag gb xabj nobhg uvz vf ninvynoyr ng uggc://ra.jvxvcrqvn.bet/jvxv/Eboreg_Fynqr

https://cryptii.com/pipes/rot13