Events

Posted on

May 12th, 2023 meeting

DATE:May 12th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:How to Windows 11: Are we there yet?
PRESENTER: Alfredo Contreras & Ryan Williams
RECORDING: 

ABSTRACT

The release of Windows 11 has brought about a lot of buzz in the tech world. This presentation will explore the process of implementing Windows 11 into an organization’s existing infrastructure, including considerations for hardware requirements, compatibility with existing software, and potential challenges. We will also discuss the new features and improvements that Windows 11 brings to the table, and how they can benefit users and organizations.

BIOGRAPHY

With more than 15 years of experience in this space, Alfredo has helped businesses automate tasks and secure end-points across North and South America and parts of Europe. Tailoring solutions to fit customer needs and requirements, creating best practices and refining for our ever changing industry and empowering IT with world class Automation tools.


Ryan Williams has recently joined Baramundi software as the new VP West Coast Operations. Ryan is an enthusiastic and dynamic addition to our team, focusing on helping small-to-medium sized businesses tackle challenges in Unified Endpoint Management and empowering IT teams with practical, cost-effective software solutions.

Posted on

April 14th, 2023 meeting

DATE:April 14th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Serverless Security Best Practices
PRESENTER: Mihir Pathare & Colin Igbokwe
RECORDING: 

ABSTRACT

In this session we will explore how to think about security from the front to the back of a typical serverless application on AWS cloud. How do you configure AWS serverless services to provide least-privileged access while ensuring functionality? How should you think about managing IAM policies for your AWS Lambda functions? We cover all this and more, leaving you with concrete examples applicable to almost any workload.

BIOGRAPHY

Mihir Pathare is an AWS Solutions Architect based in Vancouver. He is passionate about helping customers solve their business problems, and progress through their cloud journey. With a background in cyber-security, Mihir focuses on enabling customers to build highly secure and compliant workloads in the cloud. Outside work, he enjoys music, hiking and wildlife photography.


Colin Igbokwe is a Sr. Security Solution Architect with the AMER commercial team at AWS. He has been working with AWS technology for more than three years and has a background in Offensive Security and DevSecOps. Enjoys chess and biking whenever possible.

Posted on

March 10th, 2023 meeting

DATE:March 10th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Consumer Privacy is a Challenge for Consumers
PRESENTER: Kevin Murphy (CISSP, CISM, CGEIT)
RECORDING: 

ABSTRACT

Protect Your Privacy

How to Keep Your Data Safe

Who has your data? How did they get it? Organizations large and small collect all manner of information about you and your family, often without your knowledge. And even when it’s collected for innocent purposes, your data can still end up in the wrong hands. Many consumers don’t know they can opt out of this data collection—or how to do it.

Join Kevin Murphy, Business Information Security Officer, as he provides an in-depth look at consumer privacy, including:

The whos, whys, and hows of data collection
The potential dangers of having your data out there
How to keep your information private

BIOGRAPHY

Kevin is the Enterprise BISO (Business Information Security Office) for T-Mobile USA. He was the vice president of cybersecurity operations and governance at IOActive.com. He is a retired U.S. Air Force intelligence officer and the former director of Windows Security Architecture at Microsoft. He has over 25 years of experience in threat intelligence and information security and holds the CISM, CISSP and CGEIT security certifications.

Posted on

February 10th, 2023 meeting

DATE:February 10th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Trusted Protector of what matters most: Identities, Access & Privilege +  2023 Cyber Security Trends
PRESENTER: Dan Deganutti (SVP and Canada Country Manager, BeyondTrust)
RECORDING: 

ABSTRACT

In this talk we will review the Top Trends/Predictions for 2023 (BeyondTrust edition) and focus in on a few in particular and how they relate to PAM and Identity. Subsequently we will dive into the tie between Identity/Access/Privileges, the key role they play in a Zero Trust model and how certain aspects are quick wins for any Cyber program.

BIOGRAPHY

I currently have the honor of leading the Canadian team here at BeyondTrust and have been with the organization for the last 6 years. Previously, I have been in the Security space for over 20 years now and have brought 5 vendors into the Canadian marketplace. Passionate about Cyber and (real) Football…don’t get me started on Italy missing the World Cup…again.

Posted on

January 13th, 2023 meeting

DATE:January 13th, 2023
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:What’s Working in the Real World and What’s Not: Insights From the IBM Cost of a Data Breach Report
PRESENTER: Evan O’Regan (Associate Partner – IAM Practice – Canada)
RECORDING: 

ABSTRACT

Join IBM IAM expert Evan O’Regan as he shares real-world, practical examples illustrating the value of IAM best practices based on the annual IBM Cost of a Data Breach report and the IBM X-Force Red Incident Response Team after-action reports. Evan will share insights on how to identify and prioritize key activities, how to detect early and avoid the common IAM and Zero Trust pitfalls that often signal eventual failure for the program, as well as what to include an how to align your IAM and Zero Trust business case for success.


As a companion to the practical examples, this discussion will cover a pragmatic understanding of IAM, CIAM, and Zero Trust for the benefit of non-technical practitioners, and how to apply these principles in practice as organizations start or progress their strategy across domains such as Customer Identity and Access Management, Infrastructure and Endpoint, and in securing their Hybrid Cloud environment.

BIOGRAPHY

For over twenty-five years, Evan’s work has centered on the practical application of identity to address the evolving challenges faced by organizations in both public and private sectors. Evan has led Identity and Access Management programs for some of the world’s most recognized brands across a wide range of industries, making him a recognized thought leader in the field of digital transformation. His insights come from experience working on large complex systems as well as emerging identity technologies, blockchain, and self-sovereign identity frameworks.

Posted on

December 9th, 2022 meeting

DATE:November 9th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:The Cyber Skills Gap War
PRESENTER: Stan Engelbrecht
RECORDING: 

ABSTRACT

For years now, different companies and governments have been sounding the alarm on the talent gap in cyber security. There are a number of factors that are causing this, from the continued advancement in technology, to the ever increase attacks on individuals, businesses, and governments and the impact of workload and expectations on those working in the industry. We will look at how these areas are trending, whether or not we are actually gaining any ground, and what can be done to fix this issue and who is in fact responsible for addressing this issue.

BIOGRAPHY

Stan Engelbrecht has spent close to 7 years in the SOAR space, from a product development, deployment, and advisory role to many of the fortune 500 companies. He is the current president of the Vancouver ISC2 Chapter and Vancouver Security Special Interest Group. Stan completed his BCIS with concentrations in Systems Admin, Networking, and Security from the University of the Fraser Valley in 2015 but has been working with and tinkering with technology since his mid teens. He is currently the Director of Cyber Security Practice at D3 Security.

Posted on

November 4th, 2022 meeting & AGM

DATE:November 4th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Advanced Persistent Cybercrime
PRESENTER: Derek Manky
RECORDING: 
The AGM was delayed from September to November.

ABSTRACT

We are seeing a shift on the threat landscape where cybercrime, including ransomware, is becoming more destructive and targeted towards high valued assets and services. Nation state attacks that target critical infrastructure, government and healthcare are now having an impact across the entire attack surface including businesses’ IT networks. This is the result of the converging threat landscape, where nation state threat actors are working jointly with cybercriminal enterprise, hitting IT and OT networks in tandem. Businesses that were not concerned of being a target from sophisticated APT attacks in the past, are now impacted. Similarly the public sector is further impacted by the larger threat of cybercrime. This elevated game from the adversary has raised the level of risk to organizations to a high watermark never seen before. FortiGuard Labs observed an increase of nearly 100% in 1H 2022 of ransomware variants, driven by the Ransom-as-a-Service (RaaS) model and a growing cybercriminal workforce.

BIOGRAPHY

Derek Manky plays a strategic and visionary role in consulting with leading CSOs/CISOs of Fortune 500 companies worldwide across multiple industries, bringing with him over twenty years of cyber security experience. He leads FortiGuard Labs’ Global Threat Intelligence Team. Mr. Manky has established frameworks in the security industry including responsible vulnerability disclosure, which has exercised the responsible handling of over 1000 zero day vulnerabilities. Manky has been with the Cyber Threat Alliance since it was founded in May 2014 and sits on the steering committee. He has helped to build collaborative platforms in the cyber security industry for over 15 years. Manky collaborates with global forums and expert groups alongside leading political figures, key policy stakeholders and law enforcement, including the World Economic Forum C4C, NATO NICP, INTERPOL, and FIRST.org. His vision is applied to help shape the future of proactive cyber security, with the ultimate goal to make a positive impact towards the global war on cybercrime.

Posted on

October 14th, 2022 meeting & AGM

DATE:October 14th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
TOPIC:Is the Cookie Monster compromising your identity? How cookies undermine multi-factor authentication
PRESENTER: Chester Wisniewski (Principal Research Scientist at Sophos)
RECORDING: 
The AGM was delayed from September to October.

ABSTRACT

As organizations continue to adopt multifactor authentication (MFA) criminals are now being forced to find ways around it. There has been no shortage of high-profile instances of MFA being bypassed including Electronic Arts, Uber, and YouTube. How strong are the MFA solutions we can choose from and how do criminals bypass them? Why is the Cookie Monster moving from the category of childhood friend to authentication enemy? We’ll explore all of that and more. Join us.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit. 


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviours and effective security defences. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News, CBC and CTV if you are old enough to still watch news on a TV.

Posted on

September 9th, 2022 meeting & AGM

DATE:September 9th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Meeting ID: 98484395392 Passcode: 09220922
TOPIC:Decentralized Finance: Bitcoins and Blockchains and Digital Cash, Oh My!
PRESENTER: Rob Slade (M. Sc.)
RECORDING: 

ABSTRACT

NFTs and cryptocurrencies have become enormously popular, recently, but are also wildly speculative. Starting with the principles of, and research into, digital cash, we will examine valuation, fungibility, technologies, infrastructures, and the basic principles underlying this field. In addition, we will note the speculative nature of much of this “wealth.” What is a cryptocurrency? What is a currency? Starting with the concepts of value and trust, we look briefly at true digital currencies, and the shortcuts that cryptocurrencies have taken. We build an outline for the requirements for digital cash, why cryptocurrencies have only partly fulfilled those requirements, and why NFTs are even worse. Currently, “investment” in cryptocurrencies is highly speculative, and seems to be roughly equivalent to putting anticipated winnings at a casino into your stock portfolio. And, by the way, BLOCKCHAIN IS NOT THE ANSWER!!!

BIOGRAPHY

Rob Slade is an information security and management consultant from North Vancouver, British Columbia, Canada. (Or he may be an AI experiment gone horribly wrong, and hooked up to various email addresses.) He has consulted for Fortune 100 companies, has taught on six continents, gets calls from intellectual property lawyers, is frequently published in the Information Security Management Handbook, and authored “Robert Slade Guide to Computer Viruses,” “Software Forensics,” “Dictionary of Information Security,” “Cybersecurity Lessons from CoVID-19,” and two thirds of “Viruses Revealed.” He got his start in security researching viruses. (But not this type of virus.) More information than anyone would want to know about him is available at


https://twitter.com/rslade
http://en.wikipedia.org/wiki/Robert_Slade
http://catless.ncl.ac.uk/Risks/search?query=slade
http://shouldersofinfosec.pbworks.com/w/page/146046189/Rob%20Slade%20%20%28Slade%2C%20Robert%29
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
https://www.youtube.com/playlist?list=PLUuvftvRsRv4bMs_scU3TyBZzuvW7kpZi
http://fibrecookery.blogspot.com
https://www.amazon.com/Robert-Slade/e/B001H6MUCW

Posted on

External Events August 2022 Update

OrganizationEventDateNote
SANSSANS SummitsMultiple days (August 15th-16th, 31st- September 1st)Virtual, Free
Software SecuredEnsuring Secure Software in Highly Regulated IndustriesAugust 16th 2022Virtual, Free
CISAThe Importance of MFAAugust 17th 2022Virtual, Free
NYU Center for Global AffairsFireside Chat: Leadership in a Cyber Dependent WorldAugust 23rd 2022Virtual, Free
ISACA VancouverCyber Summer Fest PartySeptember 1st 2022In Person, $
GatherVerse3We (Web3 Summit)September 13th 2022Virtual, Free
SecTorSecTor 2022October 5th-6th 2022In Person, $
AuthenticateAuthenticate 2022October 17th-19th 2022Hybrid, $
iTech ConferencesiTech Vancouver 2022December 1st 2022In Person, Free Until Nov 30th
Posted on

August 12th, 2022 meeting

DATE:August 12th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Meeting ID: 894 7268 0162 Passcode: 436345
TOPIC:Security Awareness programs: Why they are important and how to start one for free
PRESENTER: Anthony Green (Manager, Security Operations and Compliance – CPA BC)
RECORDING: 

ABSTRACT

Anthony has provided thousands of staff with security awareness training and during this webinar, he will talk a little bit about what he learned and how anybody can implement a security awareness program.


The first half of the presentation will start by explaining what a Security Awareness program entails and why it is essential to an organization. This will be followed up by some tips and processes recommended to be implemented company wide before implementing a program.


The second half of the presentation will be a lot more practical as we will go over some free tools that anybody can use to begin building a security awareness program for free now! E.g. Phishing Simulation, Phish Button, Email Awareness Campaigns, etc.

BIOGRAPHY

Anthony Green is currently the Manager of Security Operations and Compliance Manager (MSOC) at Chartered Professional Accountants of British Columbia.


Prior to joining CPABC, Anthony led PCI compliance as a Security Analyst for one of Western Canada’s largest retailers – London Drugs. Anthony has also been elected to serve as the President for the ISACA Vancouver Chapter after previously serving as Vice-President and Director of Communications.


In the evenings Anthony teaches the Cyber Security Micro-Credential at UBC and Security Fundamentals at VCC.


Anthony is also a co-founder of Tracer Digital, a Vancouver-based firm that aids small businesses in securing and marketing their online presence.


Anthony is very enthusiastic about giving back to the local Information Security community by mentoring young graduates and teaching local small businesses the fundamentals of cybersecurity they would otherwise not have been exposed to. Anthony curates cybersecurity resources to the general public through the CPA BCs newsroom with content such as cyber security articles and podcasts with local security leaders.

Posted on

July 8th, 2022 meeting

DATE:July 8th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:The Role of Physical Security in Cyber Security
PRESENTER: Gerry Sieracki (CISSP, Director of Public Relations (ISC)² San Diego Chapter, TLO, ILO)
RECORDING: 

ABSTRACT

When people think of Cyber Security the first thing most people think of are items like ransomware, patching, vulnerabilities, and hacking. Often overlooked is the most basic, fundamental level of protection, physical. In today’s world we can no longer separate the requirements for physical and cyber security. They are both reliant on one another and you cannot have one without the other. This presentation will cover some thoughts on Physical Security, how it relates to Cyber Security, and some lived through examples of incidents I’ve encountered on the job. The goal is to spark some thought and conversation on Physical Security and how it relates to Cyber Security.

BIOGRAPHY

Gerry is a seasoned IT veteran with almost 25 years of progressively responsible work in IT. He currently works as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. He has been the Project Lead for several major networking (LAN\WAN) and infrastructure upgrades. Gerry works closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity issues.

Gerry earned his CISSP in May 2015. He is a member of Infragard, MS-ISAC (Multi State Information Sharing and Analysis Center), a TLO (Terror Liaison Officer), an ILO (Infrastructure Liaison Officer), and member of the Cyberhood Watch Water and Power Sector – Los Angeles\San Diego. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure.

Posted on

External Events June 2022 Update

OrganizationEventDateNote
IBMHow To Recover Production Volumes In Hours — Not Days Or WeeksJune 15th 2022Virtual, Free
iSMGISMG Fraud SummitJune 16th 2022Hybrid, Hybrid
ASISHow Financial Services Can Prepare for and Mitigate “Phygital” Attacks Against Critical InfrastructureJune 16th 2022Virtual, Free
RH-ISAC2022 RH-ISAC Emerging Technology ShowcaseJune 29th-30th 2022Virtual, Free
UK Public SectorPSE365: Public Sector Cyber Security Virtual EventJuly 14th 2022Virtual, Free
(ISC)
² Central Florida		A Day in the Life of a CISOJuly 14th 2022Virtual, Free
Carnegie Mellon UniversityDevSecOps Days 2022July 27th 2022Virtual, Free
Posted on

June 10th, 2022 meeting

DATE:June 10th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Value Assurance: A Novel Approach to Information Security Programs in Organizations
PRESENTER: Sabino Marquez
RECORDING: 

ABSTRACT

The evolution of Information Security from a technical sub-discipline of IT to a strategic enabler of stakeholder value continues unabated. Join Sabino as he discusses innovations in Information Security management and outlines a novel program that places InfoSec squarely “in the business” where it can directly influence the value conversation. Value Assurance is a management strategy which reframes the Information Security function as a strategic investment that enables the Revenue and Go-to-Market strategies and can drive higher valuations at equity events. By aligning the assurance mandate to value and communicating assurance wins in revenue terms, assurance leaders can lead from behind to help accelerate revenue velocity, enable market differentiation, materially increase stakeholder trust, and ultimately help to boost valuation.

BIOGRAPHY

Sabino is an experienced assurance leader who empowers organizations through the strategic governance of their Information Security and Value Assurance programs. A natural entrepreneur and storyteller, Sabino brings over 20 years of experience in the B2B SaaS and Retail Banking sectors to help organizations create and defend ultimate value for their stakeholders. You can learn more about Sabino and his approach to leading the assurance practice here and here.

Posted on

May 13th, 2022 meeting

DATE:May 13th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Disinformation and Fake News – Democracy Dies in Lies
PRESENTER: Stephen Carras
RECORDING: 

ABSTRACT

January 6th was a wake-up call for democracies and ordinary citizens around the world; fake news isn’t just some meme on social media that your annoying cousin shares to everyone, it almost brought the world’s largest democracy to its knees. While the media and ordinary citizens talk about fake news and those who perpetrate its spread, not as many know its history, and how nation states like Russia use it to influence unwitting pawns around the world. More importantly, how do we as societies (both Canada, the United States, and other nations) proactively and successfully engage with people who believe in these conspiracies and bring them back to normal views and beliefs to prevent future acts of domestic extremism from occurring.

BIOGRAPHY

Stephen is an American living in the Seattle / Bellevue area working as an Engineer, Cybersecurity at T-Mobile. He holds degrees in Security and Risk Analysis – Information and Cybersecurity, and Business with Minors in Finance and Renewable Energy from Penn State. Currently he is also pursuing a Masters in Cybersecurity Analytics and Operations from Penn State while working at T-Mobile. While he is relatively new to the world of cybersecurity, he has worked at other companies in the clean technology and finance industries before making the transition to cybersecurity. In his free time he enjoys learning new technologies, investing, and drinking Starbucks Frappuccinos.

Posted on

External Events April 2022 Update

OrganizationEventDateNote
ScytheUniCon 2022April 8th 2022Virtual, Free
AttackIQPurple Hats Conference 2022April 21st 2022Virtual, Free
MARSBSides Vancouver 2022May 2nd-3rd 2022Virtual, $
BC GovernmentBC Security DayMay 10th 2022Virtual, Free
MicrosoftMicrosoft Security SummitMay 12th 2022Virtual, Free
BSides SeattleBSides Seattle 2022May 14th-15th 2022In Person, $
CanSecWestCanSecWest 2022May 18th-20th 2022Hybrid, $
Splunk.conf22June 14th-15thHybrid, Hybrid
SMGFraud SummitJune 16thVirtual, Free
MicrosoftVirtual Security & Compliance Summit
Posted on

April 8th, 2022 meeting

DATE:April 8th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Phishing, are you ready for the next small or big threat?
PRESENTER: Miles Walker
RECORDING: 

ABSTRACT

With phishing attack crimes rising 600% since covid hit, protecting against it is one of the biggest issues facing the tech world today. Miles is eager to arm you with the knowledge of how to safeguard your business from phishing where 90% of cyber crimes start and give you some real world insights and practical information to better protect you and your business.

BIOGRAPHY

Miles Walker is the Channel Development Manager of Graphus.ai, one of Kaseya’s newest acquisitions. Miles joins the team after 15 years in Sales/Marketing and Account Management in London and Toronto. He is now based in Vancouver where his professional career started in Radio @ 104.9 XFM after studying Marketing/Sales and International Business at Capilano University. When Miles is not playing basketball, travelling, sailing or collecting street art he is evangelizing all things cyber security through his LinkedIn videos, events and of course virtually!

Posted on

March 11th, 2022 meeting

DATE:March 11th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Consumer Privacy is too Complicated for Consumers
PRESENTER: Kevin Murphy (CISM, CGEIT, CISSP)
RECORDING: 

ABSTRACT

The average consumer really has no idea what personal information they are sharing online and how companies (and governments) track their online behaviour. How did we get here? Come join us as we review what consumers can do to “sort of” protect their personal information online.

BIOGRAPHY

Kevin was the vice president of cybersecurity operations and governance at IOActive.com. He is a retired U.S. Air Force intelligence officer and the former director of Windows security architecture at Microsoft. He has over 25 years of experience in threat intelligence and information security and holds the CISM, CISSP and CGEIT security certifications.