Job Posting — Senior Business Systems Analyst (Information Security)

The Insurance Corporation of British Columbia (ICBC) is currently looking for a Senior Business Systems Analyst (Information Security) for its Information Risk Management team within the Information Services Division.

The position supports Information Risk Management to ensure ICBC meets business, legal, and stakeholder requirements for information security while managing costs. The successful candidate will be expected to function as a senior member of the Information Risk Management team, providing leadership and mentoring to team members while acting with minimal direction from the Manager.

In this role you will be working closely with business and technology stakeholders to identify business needs as they pertain to information security and seek alignment with policies, standards and other governance documents. You will take a leadership role to effectively articulate information security requirements, collaborate with team members and stakeholders such as Privacy & Freedom of Information and IT Security to facilitate the development and implementation of security processes and technology improvements. As part of your duties, you will complete risk assessments working while closely with business and technology stakeholders. You will provide ongoing reviews, improvements, and updates to existing information security policies, standards, strategies, risk assessment processes, and other governance documents and processes. You will plan, lead, and implement information security projects and initiatives while providing leadership and mentoring to other team members.

Position Requirements

You have knowledge of:

  • The ISO 27000 framework or similar information security management systems
  • Information security threats and the typical security controls used to mitigate those threats
  • Concepts of risk management, especially of the ISO 27002 and ISO 31000 risk management processes
  • Information Technology governance, risk, and compliance processes
  • Knowledge of industry standards such as NIST, COBIT, PCI-DSS, etc.
  • The BC Freedom of Information and Protection of Privacy Act (FIPPA)
  • e-Discovery and Legal Hold trends and legislation

You have skills to:

  • Evaluate risks to information and technology, including threat assessment, likelihood and impact assessment, and request executive risk management decisions
  • Demonstrated strength in facilitation and communication
  • Identify opportunities for improvements in business use of systems
  • Provide guidance about information security policy compliance
  • Draft executive and external briefing notes, security alerts and updates, and employee communications regarding information security policy and awareness issues
  • Present security issues to varied audiences
  • Work with outside parties to perform regular cyber security audits and training and be responsible for addressing any exposures identified within the audit
  • Knowledge and understanding of software development lifecycle, from application design and development to testing, implementation and production support
  • Strong focus on systems analysis, process, process improvement, and quality
  • Data-driven, analytical with strong problem-solving skills

You bring these credentials:

  • Bachelor’s degree in Information Technology (IT), Computer Science or equivalent
  • Several years of related experience including at least a few years in IT security
  • An information security certification such as Certified Information Systems Security Professional (CISSP) is an asset, but not required

You can view this job posting and apply for the position through ICBC’s website up to March 27, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

March 12th, 2021 meeting

DATE:March 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Security Frameworks
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

We have a whole alphabet soup of security frameworks, ranging from checklists to guidelines to salami slicers to product evaluation criteria. Most consider them simply annoyances. Some consider them annoyances that must be complied with. However, they can be of use–if you know what they are, and what they can (and can’t) do for you.

BIOGRAPHY

Robert Slade prefers to say that he is the recipient of patronage from his nation-state because he is old and wise. Others prefer to say that he is retired. Rob finds this odd, since he is not the retiring type, as can be easily determined at


https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413


It is next to impossible to get him to take bio writing seriously, but you can try at rslade@vcn.bc.ca

Job Posting — Information Protection Advisor

The Insurance Corporation of British Columbia (ICBC) has an exciting opportunity for an experienced Information Protection Advisor to work in their Information Risk Management Department. As part of this team you will:

  • gather electronic evidence to support investigations,
  • provide information security governance and compliance services to corporate and divisional projects, conduct risk assessments and penetration tests,
  • present findings to business risk owners, and
  • develop security policies and standards.

To make an immediate contribution, you will draw on your demonstrated experience:

  • Gathering electronic evidence to support investigations, including extracting and interpreting systems log files and conducting computer forensics and mobile device forensics
  • Analyzing threats and assessing information security exposures to ICBC’s information and ICBC’s information technology systems
  • Performing regular pen tests and security tests on ICBC Systems, as well as engaging third parties to perform regular pen tests
  • Developing electronic investigation processes and procedures
  • Developing proactive monitoring rules, triaging alerts, and handling incidents
  • Recommending, creating, and updating corporate principles, policies, standards, and procedures related to information security
  • Consulting on corporate and divisional projects as an Information Security Lead, identifying information security risks, communicating with the business owners to establish impact, recommending treatment plans to remain within business risk tolerance, and tracking treatment plans through implementation;
  • Collect information security metrics to monitor and enhance the information security program at ICBC
  • Creating information security awareness media, including posters, online communications, blog articles, audio and video recordings, and other media.

Position Requirements

Key to your success in this role requires you to bring knowledge related to:

  • Principles, standards, practices, and tools pertaining to information systems security
  • The ISO/IEC 27000 framework for building Information Security Management Systems
  • BC’s Freedom of Information and Protection of Privacy Act (FIPPA); and e-Discovery and Legal Hold trends and legislation
  • Strong understanding of distributed systems and how they work
  • Incident handling processes and procedures
  • Trends and developments in the information and technology security field
  • Familiarity with SOC and SIEM tools
  • Familiarity with third party audit reports such as SSAE 16, SOC 2

Due to the nature of this position, the successful candidate must meet the Canadian Border Service security clearance requirements of the Enhanced Driver License Program

It would be considered an asset if your experience is supported by a business or technology degree and if you have industry recognized certifications such as a Certified Information Systems Security Professional (CISSP) and/or a Certified Information Systems Auditor (CISA) and/or a Certified Information Security Management (CISM) designation.

You can view this job posting and apply for the position through ICBC’s website up to March 31, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

External events February Update

OrganizationEventDateNote
CloudWorldCloudWorldFeb 18-19Free for developers & engineers
ASIS Canada Pacific ChapterWomen in SecurityFeb 18Free
Oktane21Okatane21April 6-8Free
ISACA Vancouver Chapter & Reboot Communications LTDVancouver International Privacy & Security SummitMay 5-7Commercial
SecureWorldSecureWorld Central Virtual ConferenceMay 6Commercial
BSides VancouverBSides VancouverMay 9-14Call for participation open
BC GovernmentBC Security DayMay 12Free
VanTUGVanTUG1st and 3rd Tues of each monthNext event Feb 16, Free
OWASP VancouverOWASP Vancouver4th Thursday of each monthNext event Feb 23, Free
VanCitySecVanCitySecMay not have regular meetings anymoreFree

February 12th, 2021 meeting

DATE:February 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
(Please note Zoom link was updated)
RSVP Required – register at Zoom
TOPIC(S):Ransomware, Risk, and Recovery: Is Your DR Strategy Ready for Today’s Threats?
PRESENTER(S):  Sean Deuby (Director of Services, Semperis)

ABSTRACT

Disaster Recovery (DR) strategies have traditionally focused on natural disasters, then expanded into other physical events such as terrorism. Today, cyber weaponization is everywhere, and the “Extinction Event” is a genuine threat with no respect for geographic boundaries.


In 2017 the NotPetya ransomware attack impacted Maersk worldwide in under 10 minutes and cost the company over $300M. The 2018 Winter Olympics were hit by a targeted cyber attack. Ransomware attacks have become commonplace. Cyber risk directly correlates to business risk and cyber disasters strike more frequently with broader impact than their physical counterparts. Thus, modern DR strategies must prioritize cyber scenarios.


Takeaways:
Denial-of-availability malware is now the #1 risk to business operations
Cyber insurance policies are not the magic bullet they position themselves to be
New “cyber-first” DR technologies automate recovery of complex systems, facilitate recovery to the cloud, and eliminate the risk of reinfection from system state and bare-metal backups

BIOGRAPHY

Sean Deuby brings 30 years’ experience in Enterprise IT and Hybrid Identity to his role as Director of Services at Semperis. An original architect and technical leader of Intel Active Directory, Texas Instrument’s Windows NT network, and 15-time MVP alumnus, Sean has been involved with Microsoft identity technology since its inception. His experience as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the challenges of today’s identity-centered security. Sean is also an industry journalism veteran; as former technical director for Windows IT Pro, he has over 400 published articles on Active Directory, Azure Active Directory and related security, and Windows Server. He has presented sessions at multiple CIS / Identiverse conferences.

January 8th, 2021 meeting

DATE:January 8th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Learning through law:
Building a better defense by studying real legal cases
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

ABSTRACT

While we are inundated by headlines of cybercriminals hacking everything that moves, we seldom have the opportunity to learn how they go about their trade craft. Often stories are distilled to simple things like “didn’t patch” or “phishing attack”. The complexities of real life events are far deeper. We can use the openness of our legal system to discover how these attacks actually unfolded for those who we are fortunate enough to apprehend, or at least charge with a crime. This talk will analyze a dozen recent indictments and US Grand Jury documents to learn the tricks, tools and techniques used in some of the most well known recent cyber attacks.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit. 


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News(https://t.co/VWNBOja8Iv), CBC and CTV if you are old enough to still watch news on a TV.

December 11th, 2020 meeting

DATE:December 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Differential Privacy
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

Differential privacy is a relatively recent topic, although it is an amalgam of well-known, and long utilized, concepts. Oddly, outside of academic circles, it was almost unknown until Apple made a big deal of it in an announcement in 2016. Differential privacy is, however, the “quantitative risk analysis” of privacy, which is why it has such important points to make to the field of privacy, and why almost nobody is using it. (Including, mostly, Apple.)

OK, CISSP question time:

Which privacy law does differential privacy support?

a. British law
b. Chinese law
c. EU law
d. US law

You want a clue?  OK, some initial discussion, then:

a. British privacy law is still primarily based on the original privacy directives, and
is mostly concerned with what data you can collect, and for how long, and how
accurate you have to be.
b. Yeah, I needed a good laugh, too.  But China *does* have a privacy law, and it
pretends to be compatible with the original privacy directives.
c. Well, GDPR is *mostly* just the original privacy directives, but the new
accountability directive *might* have to do with how well you protect what you
*have* collected …
d. OK, I often say the the US doesn’t have any privacy laws, but they do.  Those
are primarily concerned with how much you can sue when people disclose your
data.

For the final answer, attend the December 11th meeting on the topic of
differential privacy.

BIOGRAPHY

Robert Slade has been stuck inside for six months with nothing to do but study
the latest security and privacy buzzwords.  More information than anyone would
want to know about him is available at http://en.wikipedia.org/wiki/Robert_Slade
(and he doesn’t particularly care if you know that).

Job posting – Network Infrastructure Lead

Raymond James Ltd. is seeking a Lead – Network Infrastructure to work in their Burnaby office.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

Under the direction of the Senior Manager, Information Security and Network Infrastructure, and in consultation with parent company Raymond James Financial (US) Network Manager, the Lead – Network Infrastructure is responsible for enterprise alignment & integration, managing a growing team of up to 6+ network engineers, providing technical architecture direction, and day-to-day operations.

The Network Infrastructure team’s responsibilities include all networking and infrastructure aspects for LAN, WAN, SD-WAN, Wireless (802.11x), Load Balancing (LTM/GTM), Remote Access (VPN), Firewall, Network Access Control, DDoS, Network Management solutions and Telecom in a regulated enterprise environment that focuses on availability and security. The Network Infrastructure team is also responsible for datacenter and network closet infrastructure within the co-location data centers and offices across Canada. You will be solving complex challenges in a fast-paced and continuously evolving environment, while championing the direction and evolution of a global integrated team with the parent company.

Responsibilities:

  • Primary architect and central point of contact for network infrastructure solutions specializing in routing and switching, load balancing, firewall, network security and datacenter infrastructure;
  • Manage Network Infrastructure team resourcing, planning, scheduling, and prioritizing efforts to meet overall network infrastructure commitments;
  • Technical lead with the ability to mentor other members on the network infrastructure team;
  • Collaborate with network infrastructure counterparts in the parent company RJF (US) to align enterprise standards, knowledge share, integrate solutions and create a global team;
  • Partner with a broad base of business and technical teams to ensure that networks is developed to meet business and project objectives while adhering to architectural and testing standards and established methodologies;
  • Forward thinking to identify upcoming trends, emerging technologies and evaluating new network infrastructure technologies;
  • Responsible for up time, monitoring, reliability, BCP/DR, stability and maintenance of supported systems as well as continual assessment of the quality and effectiveness of our network monitoring and alarming;
  • Manage network vendor relationships, contracts, budget and SLAs;
  • Serves as a key person in major incidents and troubleshooting network infrastructure problems, taking ownership of problems to resolution;
  • Produces and maintains documentation of network infrastructure solutions;
  • Test network performance and analyzes trends to provide statistics, metrics and reports; develop strategies for optimizing network infrastructure;
  • Improve operations efficiency by developing automation based upon analyzing and identifying significant opportunities where automation can tackle administration tasks, volume, systemic or critical operational issues;
  • Ensures Network Infrastructure solutions adhere to enterprise security standards;
  • Develop project plans, budget and feasibility studies for various network infrastructure projects, upgrades, improvements, expansions and equipment refresh;
  • Provide timely support, analysis and resolution for Network Infrastructure related problems; and
  • Provide critical tier 3 support, as required, on a 24 hours x 7 days / week basis. Excluding participation in an After Hours Support rotation.

Experience and Skills:

  • Minimum 10 years’ experience in large-scale enterprise network environments with working expert level knowledge of Data Center Network Routing & Switching, Firewall, and Load balancing technologies;
  • Minimum 3 years’ experience managing 5-10+ engineers in a team lead role;
  • Cisco (CCIE, CCNP: Routing & Switching | Security), F5 (Certified Administrator | Certified Technical Specialist), Palo Alto (PCNSE), (ISC)² (CISSP), SANS or other network security vendor certifications highly desirable;
  • Advance knowledge and experience in the following areas: Network Design, Load Balancing (LTM/GTM), Wireless, Network Security (NAC/DDoS/NGFW Firewalls), Network Aggregators, Remote Access VPN, Converged Infrastructure, Cloud Networking (SD-WAN) technologies, LAN/WAN, routing protocols (BGP, EIGRP, OSPF), switching, VLANs, spanning-tree, VOIP protocols, QoS, DHCP, DNS, etc;
  • Expert knowledge of BGP and Multicast;
  • Experience with network monitoring, management & performance testing technologies (Solarwinds, Datadog, Nagios, Cacti, Netflow, nTop, sFlow, Splunk Rancid, etc.);
  • Experience in scripting and automation;
  • Experience with troubleshooting and determining root cause analysis through log/packet analysis and debugging;
  • Experience with Datacenter facilities;
  • Experience with Cabling Standards and troubleshooting;
  • Experience in the financial services or brokerage industry is an asset;
  • Knowledge of service management frameworks (ITIL);
  • Ability to work effectively with technical and non-technical personnel in a cross-functional setting; and
  • Excellent verbal and written communication skills.

Competencies:

  • Analysis: Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions;
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message;
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take actions that are consistent with available facts, constraints, and probable consequences;
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise;
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals; and
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

This is a permanent full-time position with a competitive compensation and benefits package.

If you would like to join our team, please send a resume and covering letter, quoting the position and Job Posting #20-162 by December 11, 2020 to:

Human Resources
Raymond James Ltd.
resumes@raymondjames.ca

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. We require applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

We sincerely thank all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James Ltd. recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

Friday, November 13, 2020 2pm to 4pm

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:November 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Cyberwarfare: The New “Colder” War
PRESENTER(S):  Kevin Murphy
Agenda:

2:00 pm – 2:15 pm  Welcome and announcements
2:15 pm – 2:45 pm  Featured Presentation
2:45 pm – 3:15 pm  Break
3:15 pm – 3:45 pm  Featured Presentation
3:45 pm – 4:00 pm  Q&A 

Abstract:  Is Cyberwarfare actually the next World War?  Modern cybersecurity threats have evolved into very effective disinformation campaigns and destructive ransomware. What can we collectively do to protect ourselves, our business, and our democratic institutions? Hint: the solution is more than just technology.

Biography:
Kevin was the VP of Cybersecurity Operations and Governance at IOActive.com, a retired US Air Force intelligence officer, and the former Director of Windows Security Architecture at Microsoft with over 25 years of experience in threat intelligence and information security. Kevin holds the CISM, CISSP, and CGEIT security certifications.

October 9th, 2020 meeting

Fri, Oct. 9, 2020 2:00pm — 4:00pm

DATE:October 9th, 2020
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Threat landscape 2020: A deep dive on the threats we face and how we can successfully combat cybercrime
PRESENTER(S):  Chester Wisniewski (Principal Research Scientist, Sophos)

 A portion of this meeting will be dedicated to the AGM. Where possible we will use Zoom polls.

ABSTRACT

Part 1 – Know thy enemy.
There is no point in defending against attackers that aren’t there. The inverse could be worse, being unprepared for what is out there. The pace of change by cybercriminals is driven by money, which means it never stands still for long.


Part 2 – How we can use COVID-19 to our advantage.
Most security minded people are in a constant struggle to modernize and justify budgets to effectively train their staff and make modern efficient tools available. COVID-19 not only changed the threatscape, it has presented opportunities to IT security teams to up their game.


Part 3 – Targeted ransom deep dive.
These attacks have achieved unbelievable success and profit for the skilled criminals behind them. I will walk you through a typical attack and demonstrate the TTPs and cleverness that goes into hamstringing their victims.


Part 4 –  Parting defensive thoughts.
How we view our networks and the people who defend them is evolving with the threats. Many organizations who make headlines after being victimized have not evolved and sometimes even been culled from the herd. I will wrap up providing my advice on how to modernize your approach to protecting your data.

BIOGRAPHY

Chester Wisniewski is a principal research scientist at Sophos. With more than 25 years of professional experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.


Chester analyzes the massive amounts of attack data gathered by SophosLabs to distill and share relevant information in an effort to improve the industry’s understanding of evolving threats, attacker behaviors and effective security defenses. He’s helped organizations design enterprise-scale defense strategies, served as the primary technical lead on architecting Sophos’ first email security appliance, and consulted on security planning with some of the largest global brands.


As a former President of the Vancouver SecSIG he is grateful for no longer being responsible for the meetings, but excited to continue to share and contribute to the security knowledge of our community. You may recognize me from my appearances on Global News, CBC and CTV if you are old enough to still watch news on a TV.

Friday, September 11, 2020 2pm to 4pm, GM Meeting Notice (Virtual)

DATE:September 11th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):Homomorphic Encryption
PRESENTER(S):  Rob Slade
No Eventbrite registration required – register using the Zoom link. Please check your email for the Zoom password after you register. 

A portion of this meeting will be dedicated to the AGM. To confirm executive positions and any other decisions we will be using Zoom polls where possible.

Abstract:  Recently security operations have become very excited about homomorphic encryption. It seems to be the latest “magic” security technology that will solve all our problems, but I don’t think we’ve really provided a good outline of what it is, and, particularly, what it can’t do.

This presentation will outline the basic concepts, note some specific forms and applications, and point out the various factors for use or consideration.

A longer outline of this talk is available at https://community.isc2.org/t5/T/H/m-p/26922/highlight/true#M1683

Biography:
Ebo Fynqr znl or na vasbezngvba frphevgl naq znantrzrag pbafhygnag sebz Abegu Inapbhire, Oevgvfu Pbyhzovn, Pnanqn, be ur znl or na negvsvpvny vagryyvtrapr cebtenz tbar ubeevoyl jebat, naq ubbxrq hc gb inevbhf rznvy nqqerffrf.  Zber vasbezngvba guna nalbar jbhyq jnag gb xabj nobhg uvz vf ninvynoyr ng uggc://ra.jvxvcrqvn.bet/jvxv/Eboreg_Fynqr

https://cryptii.com/pipes/rot13

August 14th, 2020 Meeting

DATE:August 14th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):The Clutter that’s Choking AppSec
PRESENTER(S):  Rahul Raghavan (Co-Founder and Chief Evangelist, we45)

ABSTRACT

Increasingly shorter agile development sprints and mandatory security
assessments are putting pressure on product teams to deliver secure applications faster
than ever. Further, inorganic adoption of security tooling sometimes creates information
overload that does more harm than good.


What’s going wrong:
• Results from SAST, DAST and SCA tools create large vulnerability data sets that are
difficult to act upon.
• Automated scan results from security tools are replete with false positives and duplicate
entries that make remediation troublesome.
• Manual methods of triaging vulnerability data sets are inefficient and lower productivity.
• Improper vulnerability management increases friction between security and engineering
teams.

What the audience will glean from this talk:
• How automated methods of vulnerability correlation and de-duplication can significantly
reduce your AppSec testing time.
• How to effectively integrate vulnerability remediation with the engineering workflow.
• Understand the basic anatomy of a vulnerability to effectively prioritise and fix security bugs faster and better!


Why should they care:
• Without a change in approach, application security professionals and engineering teams
will continue to delay development schedules and product release dates, or risk releasing a
product that is not entirely secure.


Who should attend:
• Security professionals who face problems managing vulnerabilities.
• Engineering teams who find the current vulnerability remediation workflow problematic.
• CISO’s who want to lay down a mature and efficient AppSec Program.

BIOGRAPHY

Rahul is the Co-Founder and Chief Evangelist at we45.


The sheer pervasiveness of applications, their associated software engineering process and therefore the variance of application security quotient across software teams is what drives Rahul’s primary role as an AppSec Advocate at we45.


Having worked on both the building and breaking sides of product engineering, Rahul
appreciates both the constraints and the opportunities of imbibing security within the
software lifecycle. This understanding created a natural segue for we45’s custom security
solution engineering and enhanced AppSec service delivery models for its global customers.


As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs
in the setting up of cross functional skill building and collaboration models between
engineering, QA and security teams to build and manage software security maturity
frameworks.


Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global
conferences, seminars and meetup groups on the following topic areas:
1. Application Security Automation and DevSecOps
2. AppSec Tooling
3. Threat Modeling in Agile Engineering
4. QA: Security Mapping
5. Automation ROI Modelling
6. AWS Security
7. Secure Software Maturity Models

 RSVP Required – register at Zoom

July 10th, 2020 Meeting

DATE:July 10th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom
TOPIC(S):The business of measuring security
PRESENTER(S):  Gary Hinson

ABSTRACT

Although quantifying things is an essential part of rational management, measuring is particularly challenging in the arcane field of information risk and security. Gary will be sharing his Hinson tips on selecting security metrics that work, both for infosec pros like us and for the businesses we serve. Pull up a chair and put your brain in gear. Audience participation is not merely permitted: it’s encouraged.

BIOGRAPHY

Gary Hinson lives at the end of the world, not only down under in New Zealand, but so far off the beaten track that nobody can find him. (Talk about security by obscurity.) Despite this, he advises international companies on information risk and security matters, providing excellent policies, awareness materials and strategies. He is a long-time active member of the CISSPforum, a Certified Usual Suspect. He has a long-abiding interest in the ISO27k standards, running the ISO27k Forum supporting 4,000 fellow ISO addicts. He has written the book (well, a book, anyway) on security metrics which is very pragmatic. (All will become clear during the session.) (Well OK, maybe not all but he’ll do his best)

RSVP Required – register at Zoom

Job Posting – Privacy Specialist

Hootsuite is looking for a Privacy Specialist to help inform and develop a world class privacy program. You’ll be closely supporting their Privacy team to drive initiatives across the organization and translating complex global privacy laws into practical advice for business stakeholders. Based in our Vancouver office, this role reports to our Director, Privacy & Product Compliance.

Continue reading “Job Posting – Privacy Specialist”

CANCELLED – April 2020 Education Session

PLEASE NOTE THE MARCH MEETING WAS CANCELLED, WE ARE TENTATIVELY MOVING OUR SPEAKER’S TALK TO APRIL INSTEAD. WE WILL KEEP YOU POSTED IF THERE ARE ANY FURTHER CHANGES.
 
Presented by Vancouver Security SIG, (ISC)² Vancouver Chapter, and ISSA Vancouver Chapter
 
Friday April 17th from 2:00 PM to 4:00 PM (PST)

Featured Presentation Topic(s): Homomorphic Encryption

Speaker(s): Rob Slade (M. Sc.)

Continue reading “CANCELLED – April 2020 Education Session”

CANCELLED – March 13th, 2020 meeting

DATE:March 13th, 2020
TIME:2:00pm to 4:00pm (PST)
VENUE:KPMG Campus – 11th floor
777 Dunsmuir Street, V7Y 1K3, Vancouver B.C.Please be punctual for entry to the meeting room
RSVP Required – register at Eventbrite
TOPIC(S):Homomorphic Encryption 
PRESENTER(S):  Rob Slade (M. Sc.)

PLEASE NOTE THE MARCH MEETING WAS CANCELLED, WE ARE TENTATIVELY MOVING OUR SPEAKER’S TALK TO APRIL INSTEAD. WE WILL KEEP YOU POSTED IF THERE ARE ANY FURTHER CHANGES.
Continue reading “CANCELLED – March 13th, 2020 meeting”