Kabir Dubey, Benning Maisonti, Luis Alberto Leyva Robles (Presenting in person)
RECORDING:
For those attending in person, please take the elevator to floor 15.
ABSTRACT
The rapid development and advances in Quantum computing and their ability to break the current standard encryption algorithms like AES 256 and Elliptic Curve Diffie Helfman (ECDH) proven by Peter Shor’s algorithm make a priority to secure the data at transit, at the heart of this problem lies the TLS protocol, this paper attempts to highlight the importance of making the TLS Protocol quantum resistant and how the NIST approved algorithms affect its performance.
BIOGRAPHY
Kabir Dubey Currently pursuing a master’s in cybersecurity at New York Tech Vancouver. I bring hands-on experience from academic and freelance projects, with a focus on network security, intrusion detection, and digital forensics. I have worked with tools such as Suricata, Snort, Autopsy, and Cellebrite, while also building a strong foundation in TCP/IP and security monitoring. With a strong interest in applied cybersecurity, I am committed to making complex security concepts practical and effective in addressing real-world challenges.
Benning Maisonti Currently pursuing a master’s in cybersecurity at New York Tech Vancouver. I am a member of ISC2 and hold the Certified in Cybersecurity (CC) credential. With a strong interest in cybersecurity practices. I am building expertise in areas such as access control, cloud security, and security operations, with a focus on making complex cybersecurity concepts easier to understand and apply.
Taming the Hacker Storm: A Way to Defeat Cybercriminals and Malware
PRESENTERS:
Roger A. Grimes (Presenting virtually/remote)
RECORDING:
For those attending in person, please take the elevator to floor 15.
ABSTRACT
Malicious hackers and their malware creations are rampant on the Internet. Ransomware is taking down companies, hospitals, and even entire cities at will. Hundreds of millions of dollars are stolen, and millions of people’s accounts are stolen every day. A large portion of the Internet is just hacker traffic, phishing, and their malware programs. However, most people are unaware that we can significantly reduce Internet crime, making it nearly impossible for hackers and their malware creations to be successful. There is a way to make a far safer Internet for you, your children, your grandchildren, and your grandparents. We have most of the needed technology, we just need to make it more pervasive.
Attend this session to learn about: The ONE BIG UNDERLYING COMPUTER SECURITY PROBLEM that underlies all other problems How fixing that one problem will make the Internet a far safer place for the world to compute Hear about the cool new Internet DNS-like service that will make it far harder for hackers to hide Come learn what it would take and how you can help to one day make hackers and their malware creations something future generations learn about in history books If you’re just tired about hiring about the problem, come learn how to SOLVE THE PROBLEM!
BIOGRAPHY
Roger A. Grimes, Data-Driven Defense Evangelist for KnowBe4, Inc., is a 36-year computer security consultant, instructor, holder of dozens of computer certifications, and author of 15 books and over 1,500 articles on computer security. He has spoken at many of the world’s biggest computer security conferences, been in Newsweek™ magazine, appeared on television, been interviewed for NPR’s All Things Considered™, the Wall Street Journal, and been a guest on dozens of radio shows and podcasts. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee, and Microsoft. He has consulted for hundreds of companies, from the largest to the smallest, around the world. He specializes in host and network security, quantum security, identity management, anti-malware, hackers, honeypots, Public Key Infrastructure, cloud security, cryptography, policy, and technical writing. His certifications have included CPA, CISSP, CISA, CISM, CEH, MSCE: Security, Security+, and yada-yada others, and he has been an instructor for many of them. His writings and presentations are often known for their real-world, contrarian views. He was the weekly security columnist for InfoWorld and CSO magazines between 2005 – 2019.
For those attending in person, please take the elevator to floor 15.
ABSTRACT
CISOs and enterprise security teams have never had more frameworks, standards, and tools to help them than they do today. So then, operating an enterprise cybersecurity program must be easier now, right? Join Tim Rains, an industry cybersecurity veteran and author, as he examines whether this is the case and highlights some of the challenges CISOs face.
BIOGRAPHY
Tim Rains is an internationally recognized cybersecurity executive, advisor, and author.
Currently, Tim is Vice President and Chief Information Security Officer (CISO) at ADT – the largest security and automation company in the United States, protecting 6.5 million households. In this role, Tim leads enterprise cybersecurity and product security.
Previously, Tim was Vice President Trust & Cyber Risk at T-Mobile where he led cybersecurity strategy, architecture, assurance, risk management, compliance, and the Business Information Security Officer function. T-Mobile has the largest 5G network in the world. While Tim was at T-Mobile, he was appointed to serve on a subcommittee of the President of the United States’ National Security Telecommunications Advisory Committee (NSTAC) that developed recommendations to the President focused on improving national cybersecurity.
Prior to T-Mobile, Tim held cybersecurity leadership positions at both Amazon Web Services (AWS) and Microsoft. At AWS, Tim was the Global Security and Compliance Leader for Worldwide Public Sector, where he spent 3 years living in London. In the 17 years Tim spent at Microsoft, he held numerous roles including Global Chief Security Advisor, Director of Security, Identity, and Enterprise Mobility, Director of Trustworthy Computing, and founding Technical Lead of Microsoft’s customer facing Cybersecurity Incident Response Team.
Death of Security Through Obscurity in the TPRM Process
PRESENTERS:
Kevin Qiu
RECORDING:
For those attending in person, please take the elevator to floor 15.
ABSTRACT
Kevin is excited to share his knowledge on the role of third party risk management in the information security industry. He will take the audience through a journey on how we all got to the lovely world of 1000 row questionnaires. From the beginnings of security compliance in the late 1990s, to the rise of AI specific security questionnaires, Kevin will discuss how the industry has changed its approach to reviewing external vendors over the years. A veteran of answering hundreds of thousands of security questions of all kinds, he will provide an overview of how the industry has changed from NDA heavy, painful RFP processes to much more transparent and accessible trust centers. His hope is that by the end of the presentation, you will have new ideas and thoughts on how you can streamline your own organization’s TRPM processes, as sellers and/or buyers. You may even be inspired to create a public trust center of your own!
BIOGRAPHY
Kevin Qiu is a seasoned information security professional with a decade of experience securing companies in various verticals. He is currently the first security hire at the Series B company Shiftsmart. Prior to this, he spent 3 years helping organizations of all sizes build out trust centers to streamline the security review process. He is also an advisor to a multitude of security startups and enjoys mentoring individuals looking to break into the security industry.
One speaker will be present in-person, with the other virtual. For those attending in person, please take the elevator to floor 15.
ABSTRACT
Privacy laws set rules for how personal information is collected, used, and protected. Cybersecurity helps keep that information secure. This session will cover how privacy and cybersecurity work together, key legal requirements, and what cybersecurity professionals need to know about privacy risks. Key Topics Covered:
Privacy Laws and Regulatory Requirements
Privacy Risks in Cybersecurity Incidents
Incident Response and Risk Management
Legal Privilege and Reporting
BIOGRAPHY
Kristél Kriel, Partner Kristél co-leads the privacy, data protection & cybersecurity practice at MLT Aikins. Her experience with complicated cybersecurity, privacy, freedom of information and technology matters makes her a valued asset to public and private organizations across all industries. Kristél is a Certified Information Privacy Professional (Canada). MLT Aikins Profile
Cael Hibbert, Lawyer Cael is an experienced lawyer in the MLT Aikins innovation, data and technology practice group in Vancouver, focusing on privacy, data protection and cybersecurity in both public and private sectors. He supports organizations in addressing privacy challenges and helps build privacy compliance programs. MLT Aikins Profile
The Softer Side of Risk: How Knowing People & Culture Can Help You
PRESENTER:
Jason Leuenberger
RECORDING:
The speaker will be virtual (not present at Sophos.) For those attending in person, please take the elevator to floor 14.
ABSTRACT
Ever noticed how nobody likes ice cold butter on warm toast? That’s the perfect metaphor for how many organizations approach risk management – cold, rigid frameworks meeting warm, complex human systems. This talk challenges traditional GRC programs that ignore the human element, despite risk being part of our daily decision-making. We’ll propose a more nuanced approach that blends relationship dynamics, systems thinking, and cultural awareness to create programs that actually stick. Since dramatic transformations are rarely achievable or sustainable, we’ll focus on consistent 1% gains, knowing when to lean on numbers and when to address underlying fears and metaphors. We’ll pull insights from social science and psychology, helping us navigate the balance between art and science in risk management, transforming it from a dreaded necessity into something people and teams will embrace.
BIOGRAPHY
Jason was previously the Head of GRC globally for Starbucks, and is now a certified Leadership & Team coach. He brings 20+ years of experience in Cybersecurity, Risk Management, GRC, and Privacy to his work with those in high stress roles. Day-to-day he works with leaders & teams centered around their development goals, helping identify obstacles that might be getting in their way, and then working to break free from anything limiting them. He applies coaching and the social sciences to work in risk management with people and teams, understanding the most powerful component of managing risk: the human beings involved in making those decisions.
Software Composition Analysis for Managing Security and Licensing Risks
PRESENTER:
Baljeet Malhotra, Ph.D
RECORDING:
ABSTRACT
Artificial Software Composition Analysis (SCA) is used by developers to identify dependencies or components of applications, which may have been built using Open Source and/or proprietary libraries. SCA is essentially a form of Application Security Testing (AST) to find the underlying licensing issues and/or security vulnerabilities in applications. There are several SCA/AST tools available in the Open Source markets like Github. As cloud took off in a big way, many of the enterprise applications started integrating various web based APIs to provide useful technical and business functionalities built by third parties. Unfortunately, Web APIs pose unique licensing and security risks that existing SCA/AST tools do not address. In this presentation, we’ll revisit Software Composition Analysis as a way to discover and manage security and licensing risks.
BIOGRAPHY
Dr. Baljeet Malhotra is an award-winning researcher and a global tech leader known for his work in Open Source and API Risk Management. He founded TeejLab in 2019 and steered the team to build API Discovery and Security™, world’s first end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys for $565 million). He also served as Research Director at SAP and Senior Software Engineer at MahindraTech. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC. He has given numerous ISACA, ISSA, IIA, ISC2, OWASP talks globally, and published several papers and patents at international venues.
The “I” in our CIA is Integrity. Fighting against it are errors, misinformation, and disinformation, which fraudsters use against us all the time. Discord attacks involve nation-state enemies of democracies: they have been using disinformation for at least a century, and now, with discord attacks, to rather devastating effect.
Disinformation is now fracturing our own society, and we, in information security, should be more prevalent in fighting it. In addition, we are falling all over ourselves to use genAI/LLMs, which weren’t actually designed to create disinformation, but probably couldn’t do a better job at it if they had been.
I certainly hope that there will be a lot of discussion in this session, and not just me speaking at you.
BIOGRAPHY
Rob Slade misses you all, rather desperately, and thinks that it is inconsiderate of you to have had this emergency this month rather than next month. All the AIs can be induced to say nice things about him, but they hallucinate a lot, and spew disinformation anyway. If you want, you can (virtually) accompany him on his daily walk (and prep for your CISSP exam) at https://fibrecookery.blogspot.com/2023/02/cissp-seminar-free.html, which is, in fact, now completely posted https://fibrecookery.blogspot.com/2024/10/complete-free-cissp-review-seminar.html
The power of generative Artificial Intelligence (AI) and the legal, privacy, and security-related risks that are the inevitable cost of harnessing that power. Organizations must be aware of the many implications created through the deployment of a generative AI tool in their environment, and security personnel must learn to ask critical questions. You will learn why you need to ask “who owns the data?”, “who owns the tool?”, “who is responsible for the output of the tool?”, and more from a combination of the legal, privacy, and security perspectives.
BIOGRAPHY
Jake Bernstein is a partner at K&L Gates. He is a member of the Technology Transactions and Sourcing and Data Protection, Privacy, and Security practice groups. Jake is also a Certified Information Systems Security Professional. He can be heard discussing cybersecurity and privacy issues as the co-host of the popular Cyber Risk Management Podcast.
In addition to his Data Protection, Privacy, and Security work, Jake also leverages his background as an Assistant Attorney General in the Consumer Protection Division of the Washington State Office of the Attorney General to counsel clients on a host of regulatory matters, especially involving technology and the Internet.
Trusting the Source and Content of Internet Communications: A Global Transformation Project
PRESENTER:
Scott Perry (CPA, CISA, ISO 27001 Lead Auditor)
RECORDING:
ABSTRACT
The Internet has a trust problem. The Internet was not designed to exchange the monetary and the priceless value of our personal transactions.
The pandemic brought forth a rise in our dependence on digital life: from videoconferencing to shop-at-home applications, to social media. It has also transitioned the crime and espionage centers from physical cities to the Internet. Kim Cameron, Microsoft’s Chief Identity Architect (2004-2019) predicted this when stating in his landmark publication Law of Identity “The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers”.
The centralized control on identity with every merchant, organization and government an individual interacts with has frustrated the public with the requirement to remember hundreds of account/password combinations and the loss of control of sensitive personal data. This has been perpetuated in a societal shift of individuals (with governmental support) demanding more control of their personal information. Despite the warning signs, the Internet has thrived without an architectural construct to bind transactions to verifiable identities.
To revolutionize an established Internet itself, the architectural core of Internet transactions must evolve using new governance blueprints, trust anchors, and secure smartphones overlaying a foundation of decentralized identifiers. The building blocks of this new architecture has been developing over the last nine years and is ready to explode on a global scale.
Speaker Scott Perry, CEO of the Digital Governance Institute and co-Chair for the Governance Working Group for the Trust Over IP Foundation (ToIP), a Linux Foundation sponsored non-profit, will walk through a multi-level technical and governance architecture (“the Trust Over IP Stack”) that outlines greater confidence over the source and content of internet communications is being achieved. He will also walk through existing ecosystems where the exchange of verified digital credentials is transforming industries and societies.
BIOGRAPHY
Scott Perry is the Founder and CEO of the Digital Governance Institute where he provides a variety of governance solutions in the emerging space of governance of digital assets. Scott is a recognized global leader in digital identity, blockchain, and verifiable credential governance and accreditation. He has worked with the world’s most respected SSL certificate issuers, aerospace and defense companies, and government agencies such as the US Senate Sergeant at Arms and Federal Aviation Administration.
He is a Co-Chair of the Trust Over IP Foundation’s Governance Stack Working Group where he has authored and contributed to most of its governance and assurance publications driven to create standards and accountability in decentralized identity and verifiable credential networks.
As a hands-on governance and cybersecurity consultant and auditor, Scott provides deep and impactful advice that you would expect from a leader in the field.
Artificial Intelligence: Overwhelming Risk, or Terrible Mistake?
PRESENTER:
Rob Slade
RECORDING:
ABSTRACT
With the release of the Large Language Models (LLMs) such as ChatGPT and DALL-E, there is a great deal of interest in artificial intelligence. However, there are risks, and there is much confusion, particularly since a lot of people talking about “AI” are actually talking about different things. Artificial intelligence is not a single thing, or even a single field. This presentation looks at the various components of AI, and what they can (and can’t) do, but concentrates on genAI/LLMs, and what we know about how well they are doing so far.
BIOGRAPHY
Oh, you guys want a bio?
I hate writing them, so I asked the AIs to do it for me.
Robert Slade is renowned, with a career spanning several decades, has made significant contributions to the field of cybersecurity, authoring numerous books and papers, with a solid foundation for his expertise, is influential and his publications have served as essential resources for both novices and seasoned professionals, gives engaging presentations with an ability to demystify complex security concepts making him a sought-after speaker and educator, with a career marked by significant achievements and a commitment to advancing the field of information security, his work has been instrumental in shaping the understanding of digital threats and has left an indelible mark on the information security landscape. His legacy serves as a testament to the importance of dedication, expertise, and innovation in the ever-evolving landscape of information security.
You will note that none of these claims are really verifiable, and so they are also basically unchallengeable.
Cryptocurrencies were once primarily associated with illicit activities due to their decentralized and seemingly anonymous nature. However, most of them operate on a pseudonymous basis, making crypto investigations a crucial aspect of modern cybersecurity. This involves a detailed analysis of blockchain transactions to trace the movement of funds. In this talk, we will explore the latest advances in crypto forensics and how to unveil the real-world entities behind cryptocurrency-related crimes. The goal is to equip the audience with the knowledge and skills needed to navigate the complex landscape of cryptocurrency.
BIOGRAPHY
Artem is a cryptocurrency security expert with over four years of experience in crypto forensics. He has developed and utilized advanced blockchain analytics tools to assist in recovering funds from crypto-related hacks and scams. Artem holds a PhD in Physics and several certifications, including Chainalysis Investigation Specialist Certification (CISC) and Cryptocurrency Security Standard (CCSS) Auditor. Before his current role, he served as CISO at Gftd Japan, where he led teams in crypto AML compliance, smart contract audits, and incident response. He is also an active member of the Cryptocurrency Security Standard (CCSS) group, contributing significantly to the field of blockchain and cybersecurity. Currently, Artem is the Manager of IT Security at the City of North Vancouver.
Current Cybersecurity Threats and How to avoid an RGE (Resume Generating Event)
PRESENTER:
Ian H. Moore (CISSP – ENFP)
RECORDING:
ABSTRACT
You are in your security operation center and every node on your network monitoring map starts to flash red. You attempt to ping your domain controller and other key devices but nothing responds. For those that have experienced a breach or a major outage, this scenario seems realistic. Ian Moore will explain to you how to take actions now to help prevent this from happening.
He will cover the differences between a few of the main cyber-attacking organizations and their methods, along with a typical attack process and timeline.
Along the same thread, Ian will explain and discuss the various techniques that attackers use, the common vulnerabilities that they exploit, and how you can employ some key mitigation strategies to protect your enterprise, and lastly, how to keep your leadership off the news and how to prevent you from having to update your resume.
BIOGRAPHY
Supervisory Cybersecurity Advisor (SCSA) for the State of Washington
Cybersecurity and Infrastructure Security Agency (CISA)
Ian serves as the Supervisory Cybersecurity Advisor for the state of Washington for CISA. He supports the Department of Homeland Security (DHS) mission of strengthening the security and resilience of the nation’s critical infrastructure.
His program coordinates cyber preparedness, risk mitigation and incident response, and provides cyber security resources, including assessments, to the state, local, tribal, and territorial government entities, and the nation’s sixteen critical infrastructure sectors.
Prior to joining DHS and CISA, Ian worked in both IT and cybersecurity for over 25 years. He started as an Intelligence Specialist in the U.S. Navy, right out of high school and then transitioned to the University of Washington, Bothell and earned his B.S. in Computing and Software Systems in 2002. Upon graduating college he earned a commission in the U.S. Air Force and worked as a Communication Officer at Offutt AFB in Nebraska. After separating from the Air Force in 2006, Ian took a civilian job doing cybersecurity, software development, and cyberspace planning for USSTRATCOM. During his time at USSTRATCOM, Ian earned his master’s degree in Cybersecurity from Bellevue University in Bellevue, Nebraska. Ian was the first student to graduate from Bellevue University’s Masters in Cybersecurity program in 2012. In 2015, Ian and his family decided to move home to the Northwest and took a job at the Puget Sound Naval Shipyard as a Cybersecurity Engineer. After a promotion and a year of working as the Platform IT (Operational Technology) Branch Manager, he accepted a Cybersecurity Advisor position within CISA. After a year of interviews, security checks and waiting, he was brought on as the Cybersecurity State Coordinator for the state of Washington in March of 2021. On July 1 st of 2024 Ian was promoted to the newly created position of Supervisory Cybersecurity Advisor for Washington state. This position will oversee the cybersecurity activities within the state, both public and private, and develop an overarching cybersecurity strategy for the state.
As the SCSA for Washington State, Ian works with the other three Cybersecurity Advisors and the State Coordinator to support state agencies, counties, and cities/towns and private industry partners to help them shore up their cybersecurity by partnering with them on assessments and offering CISA technical services. Through these partnerships he builds and cultivates relationships and trust throughout the state.
Ian maintains his Certified Information Systems Security Professional (CISSP) certification, since 2014.
Adaptive Cybersecurity – A Relationship-Based Approach
PRESENTER:
Alexandra Landegger
RECORDING:
ABSTRACT
Cybersecurity today demands proactive, strategic planning to uphold enterprise stability and customer trust. Alexandra Landegger, CISO, Collins Aerospace, believes in advanced preparation and encouraging early collaboration with legal and cross-departmental teams to strengthen security posture.
Join this session to hear her share case studies on:
· Fostering flexibility and adaptiveness in response strategies · Adapting swiftly to emerging threats with a focus on prevention · Committing to data-driven decision-making to minimize biases
BIOGRAPHY
As Chief Information Security Officer at Collins Aerospace, Alexandra leads a diverse team of cybersecurity and compliance professionals to protect the company’s digital ecosystem, including IT, OT and hosted services. She also sponsors the RTX Cybersecurity Engagement Council to drive an inclusive, learning and collaborative culture that makes our organization feel like the right “home” for everyone. Prior to joining Collins, Alexandra led Booz Allen Hamilton’s Commercial Aerospace and Automotive practices, advising C-level clients on cybersecurity and digital transformation initiatives.
Different types of banking fraud and how fraudsters steal money from bank customers
PRESENTER:
Siva Ram
RECORDING:
ABSTRACT
This talk will cover the types of banking fraud and how fraudsters steal money from businesses.
This will provide a “from the trenches” look at the different ways fraudsters trick customers, exploit potential weaknesses in banking applications and steal money from people and organizations. This will include some very interesting attack vectors and some very common misconceptions of banking fraud.
BIOGRAPHY
Siva Ram is the Head of Business Security & Fraud risk for wholesale banking digital channels at a global bank. He is responsible for protecting mission critical, global banking applications against cyber and fraud attacks. He has over 25 years of professional experience in the security industry helping organizations of various sizes improve security with penetration testing, security architecture, fraud monitoring and building security programs. Prior to this role, he co-founded and ran a California based security consulting company that was acquired by a multi-national cyber security services company.
New Threats to Democracy in the Era of Generative AI
PRESENTER:
Konstantin Beznosov, Ph.D. (UBC Professor)
RECORDING:
ABSTRACT
In Montreal, on May 24, 2023, in a panel on challenges of artificial intelligence (AI) to modern civilization, world-renowned historian and author Yuval Noah Harari said: “If you are talking with someone, you need to know whether it’s a human or an AI. If we don’t do that, then the public conversation collapses, and democracy cannot survive.” This quote succinctly summarises one of the key growing concerns that the generative AI (GenAI) is posing a real and significant risk to democratic discourse and, as a result, to democratic societies around the globe. To bring it close to home, Prof. Yoshua Bengio, the scientific director of the Mila-Quebec AI Institute and the most prominent Canadian expert in AI, warned the House of Commons Industry Committee on February 5, 2024 that the country is at risk of seriously endangering its democratic institutions. AI-driven manipulation of voice, video, or text “can fool a social media user and make them change their mind on political questions” said Bengio. As some researchers put it, GenAI “threatens to interfere with democratic representation, undermine democratic accountability, and corrode social and political trust.” If this vulnerability is potent, its exploitation by organised criminal groups and/or state-sponsored threat agents (e.g., to influence voters in national elections) can have devastating repercussions on Canada and other democratic societies. This talk will discuss the above vulnerabilities and the corresponding risks to modern democracy.
BIOGRAPHY
Dr. Beznosov founded and directs the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) at the University of British Columbia. His primary research interests are usable privacy and security (UPS), AI and security, and systems security. Prior to joining UBC in 2004, Prof. Beznosov worked as a Security Architect at two start-ups, where he designed and developed products for security integration of enterprise applications, as well as consulted large telecommunication and banking organizations on the architecture of security solutions for distributed enterprise applications. While at UBC, Dr. Beznosov has been actively collaborating with a broad spectrum of experts (most recently: Samsung, Telus, Microsoft Research, Google, UC Berkeley, Honeywell, Oregon State Univ., Univ. of Lisbon, Yahoo!), on diverse research projects from network security to web and mobile privacy & security, to human and social factors of computer security. Over the 20 years of his academic career, Dr. Beznosov served on program committees and/or helped to organise top international conferences in the fields of cybersecurity (ACM CCS, IEEE Symposium on Security & Privacy, USENIX Security, NDSS, ACSAC, SACMAT, NSPW) and human aspects of cyber security & privacy (USENIX SOUPS, Privacy and Security subcommittee of ACM CHI), served as an associate editor of ACM Transactions on Information and System Security (TISSEC) and Elsevier’s Computers & Security. He currently serves on the program committees of USENIX Security ‘24 and ACM CHI ‘24.
Conducting Cyber Security Exercises – Sharing Knowledge From Training and Experience
PRESENTER:
Gerry Sieracki (CISSP, Retired IT – OT – Cyber Security)
RECORDING:
ABSTRACT
This presentation is the sharing of my knowledge gained from years of training and work experience in both the private and public sector. It will cover topics including planning, designing, conducting, post exercise debriefing, and more. It is designed to promote thinking about methods of conducting Cyber Security Exercises. The knowledge shared can also be applied to other types of exercises such as Disaster Recovery Exercises.
BIOGRAPHY
Gerry is a seasoned IT veteran with over 25 years of progressively responsible work in IT. He retired from work as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. Gerry worked closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity and other issues.
Gerry earned his CISSP in May 2015. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure. Gerry has had training on developing Cyber Security and Incident Response Exercises. Gerry has designed and conducted several exercises, and participated in many more.
Why Self-Sovereign ID is Superior to Digital Identity
Self-sovereign identity (SSI) is a decentralized approach to digital identity management that emphasizes individual control and ownership over personal data. In contrast, digital identity (DI) typically involves the use of centralized systems, such as those employed by social media platforms, governments, and financial institutions, to manage and authenticate identity.
BIOGRAPHY
Aaron Arthur Day is an early Internet entrepreneur who started developing commercial sites in 1993 on platforms like Compuserve, Prodigy, and AOL. Born in North Vancouver, raised in Kelowna, British Columbia, and having spent significant time abroad, he is now the President of Lions Gate Digital and the editor of Invest Offshore. Day resides in Vancouver, embracing a life of passion for web design and development.
Why are US-based high-tech companies continuing to accrue the largest fines ever in the EU? What is the disconnect between EU public policy makers and US-based high-tech companies?
PRESENTER:
Tim Rains
RECORDING:
ABSTRACT
2023 marks the 10-year anniversary of Edward Snowden leaking those classified documents about U.S. national security intelligence and surveillance. Are the French, Germans, and other nations in the European Economic Area still concerned about the potential for overreach by U.S. intelligence operations? The answer is yes, very concerned.
Some have suggested that the U.S. has weaponized the U.S. Foreign Intelligence Surveillance Act (FISA) and the CLOUD Act to wage economic espionage against Western European nations among others. Can this be true – what does the available data reveal? Why are CISOs and security teams in the EU so concerned about U.S. government access to data? What do European-based CISOs, and other executives know that you don’t?
Join high-tech industry insider and author, Tim Rains, for a deep dive into these questions.
BIOGRAPHY
Tim Rains is an internationally recognized cybersecurity executive, strategist, advisor, and author of the popular book Cybersecurity Threats, Malware Trends, and Strategies. Currently, Tim is Vice President Trust & Cyber Risk at T-Mobile where he leads cybersecurity strategy, architecture, risk management, conformance, assurance, vulnerability management, and Business Information Security Officers (BISOs). Tim is a Subcommittee Member on the National Security Telecommunications Advisory Committee (NSTAC) helping to develop cybersecurity recommendations for the President of the United States.
Previously, Tim was the Global Security Lead for Worldwide Public Sector at Amazon Web Services helping start AWS’s Public Sector business in Europe, the Middle East and Africa. Before that, he was Executive Director Cybersecurity Strategy at the Las Vegas Sands Corporation, leading cybersecurity strategy and architecture for a dozen casino-hotel-resorts and the world’s largest private airline. Tim spent 17 years at Microsoft in numerous roles including Global Chief Security Advisor; Director of Security, Identity, and Enterprise Mobility; Director of Trustworthy Computing; and founding Technical Lead of Microsoft’s customer-facing Security Incident Response Team.
Alex Pierce, Systems Engineer (Arctic Wolf Networks)
RECORDING:
ABSTRACT
Cybercrime is big business and attackers have evolved. Today, cybercrime has become a $1.5 trillion dollar industry and that number is increasing. The barriers for attacks have been lowered, and the rewards have never been higher. So, who are these cybercriminals and how does an organization protect itself? Our discussion will focus on the common motives and methods of cybercriminal groups along with strategies on how to develop an effective security operations program to safeguard your environment.
BIOGRAPHY
Alex is a CISSP certified, experienced, and motivated Security Systems Engineer based out of Vancouver, British Columbia. In his current role as an Arctic Wolf Systems Engineer, he is responsible for creating innovative technical solutions to solve customers’ complex business issues and objectives.