Loading…
AtlSecCon 2022 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, April 7
 

08:15 ADT

Registration & Continental Breakfast
Thursday April 7, 2022 08:15 - 09:15 ADT
AtlSecCon

09:15 ADT

Opening Remarks
Thursday April 7, 2022 09:15 - 09:30 ADT
Track 1 - Ballroom

09:30 ADT

Opening Keynote
Speakers
avatar for Chris Nickerson

Chris Nickerson

CEO, Lares
Chris has spent the last 23 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively... Read More →


Thursday April 7, 2022 09:30 - 10:30 ADT
Track 1 - Ballroom

10:30 ADT

Networking Break
Thursday April 7, 2022 10:30 - 10:45 ADT
AtlSecCon

10:45 ADT

How Not To Get F****ed in the IaaS
Follow up to cloud security talks that shows common pitfalls and risks moving from traditional architecture to software defined networks. Things you should avoid or consider when moving to the cloud.

Speakers
avatar for Kellman Meghu

Kellman Meghu

Global Security Manager, Sycomp
Kellman Meghu is Global Security Manager at Sycomp, with a focus on infrastructure as code for public and private cloud. As part of his role he curates research, testing and development of public cloud infrastructure for Securing Labs.


Thursday April 7, 2022 10:45 - 11:30 ADT
Track 1 - Ballroom

10:45 ADT

Gold Nuggeting: Intuition, Machine Learning and Penetration Testing
Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security assessments, security professionals typically face hundreds - or even thousands - of Web assets early in an engagement. Their ability to focus on priority targets can save dozens of valuable hours. Yet only the most experienced security analyst can do this confidently and effectively: those with intuition developed over years of accumulated experience. Using real world examples and open source tools, this talk demonstrates how to use effective and modern machine learning methods to sift through mountains of simple security assessment data to very quickly narrow down the scope to interesting, valuable and sometimes odd targets: the gold nuggets. In short, a substitution of machine learning for the much scarce expert human intuition!

Batea, an open source, outstanding asset detection tool using unsupervised machine learning techniques is presented. Attendees will gain an intuitive understanding of how Batea works, and how to use it for actionable, day-to-day security and threat modelling improvements. All this without the need for advanced expertise and expensive tools.

Speakers
avatar for Serge-Olivier Paquette

Serge-Olivier Paquette

Engineering Lead, Secureworks
Serge-Olivier Paquette is engineering lead at Secureworks. His research focuses on the ability to infer, through machine learning, the context of security events from incomplete information. He also serves as President for Northsec, a non profit organization that hosts a series of... Read More →


Thursday April 7, 2022 10:45 - 11:30 ADT
Track 2 - Summit Suite - Room 603/604

10:45 ADT

Responsible Disclosures - The Good, The Bad, and The Beg Bounties
Responsible disclosure programs are a key part of any company's information security program, they allow safe harbour for researchers, hackers, and the general public to contact you without fear of reprisal. They can be a wealth of free information on the security of your company and their products but also a endless pit of false information, low level vulnerabilities, and people begging for money.  

In 2018 I helped my company (a Fortune 1000 medical device and informatics company) start their first responsible disclosure program, in the 4 years since this we have learned a wealth of information about how to run, and not to run a program of this. Today I would like to talk to you about this very process and how you can start, or grow a program at your company. We are going to discuss what a program is and why to have one, the concept of rewards, how to advertise your program and how to manage incoming vulnerabilities as well what to look out for along the way.

Speakers
HS

Hayden Stephenson

Security Engineer, ResMed
Hayden is a Security Engineer working with the largest network of connected medical devices in the world. In this role Hayden focuses on establishing  solutions that ensure globally distributed teams can easily achieve security fundamentals and best practices.
avatar for Jeff Hann

Jeff Hann

Senior Security Engineer, ResMed
Jeff has been an application security engineer for 4 years, and before that in development for another 10. He has helped his company grow many programs for overall security including a champions program, responsible disclosure, penetration testing and training.  


Thursday April 7, 2022 10:45 - 11:30 ADT
Track 3 - Summit Suite - Room 608/609

10:45 ADT

The Paradigm of Zero Trust
A unique session on why Zero Trust and XDR work together, which will go over the details about: - The struggles in the SOC - How XDR breaks down silos - Why customers are adopting Zero Trust - Zero Trust network access for remote or in office users

Speakers
avatar for Kent Stevens

Kent Stevens

Senior Security Solutions Engineer, Trend Micro
Kent Stevens is Security Solutions Engineer based out of Halifax, NS. He has a passion for cybersecurity through enablement, education and driving awareness. He has experience in a wide area of security and network related technologies across the Small, Medium and Large Enterprises... Read More →


Thursday April 7, 2022 10:45 - 11:30 ADT
Track 4 - Summit Suite - Room 612/613

11:45 ADT

Lunch
Thursday April 7, 2022 11:45 - 13:00 ADT
AtlSecCon

13:00 ADT

You Are Here: Leading your Security Program with Wardley Maps
There was a time when explaining how a tool, hack or best practice was important to the company  used to be Management's problem. Today, security is everyone’s responsibility. Are you doing the most important thing, right now, to make things better? Does your CTO agree?

This talk is about how we determine and communicate security priorities for hundreds of technical staff across multiple continents developing national-security level software.

Wardley Mapping is an emerging technique for deciding what to work on and how it fits in the big picture. Get good at this, and you'll find yourself in the middle of everything from architecture to business and product strategy.

We'll show you what Wardley Mapping is and how applying it to security allows you to:
- Determine what security activities address your users’ needs (and what don't!)
- Decide what should be built and what should be bought
- Understand what new shiny vulnerabilities and tools mean for your program
- How to structure your teams and decide their areas of responsibility  

Speakers
avatar for John Duffy

John Duffy

Director, ID/Payment Security, Canadian Bank Note Company
If you have made an Interac purchase, bought a lottery ticket, been to a hospital or used your passport to cross a border – you have probably used my products.I’ve been responsible for security and development work that protects over 100M identity documents and systems with millions... Read More →


Thursday April 7, 2022 13:00 - 13:45 ADT
Track 1 - Ballroom

13:00 ADT

Inside and Outside a Security Service Edge
A Security Service Edge (SSE) is a kind of security cloud that promises to simplify security, but do you  need one? And what are the pros and cons of such an approach? This talk looks at the "outside" of  an abstract SSE cloud to understand its potential value, as well as "inside" to understand how its  architecture affects its performance.

Speakers
avatar for Mark Day

Mark Day

Chief Scientist, Netskope
Mark Day is Chief Scientist at Netskope. Mark applies his broad background in  computer systems to technology strategy and competitive analysis, supporting  the technical excellence of Netskope products and services. He is author of the  book Bits to Bitcoin: How Our Digital Stuff... Read More →


Thursday April 7, 2022 13:00 - 13:45 ADT
Track 2 - Summit Suite - Room 603/604

13:00 ADT

Enforcing access control in depth with AWS
Infrastructure Security services are seen as the traditional mechanisms for enforcing protection of data. But now Identity and Access Management has to be considered too to prevent illegitimate access to information, unauthorized usage of services, and tampering of data. This is why, at AWS, Identity and Access Management oriented services is global service in our portfolio. Implementing a least privileged model for your workload requires that you consider what each component must have as permissions. For example: is it better to assign an IAM role to your Compute instance or to impersonate the initial requestor with their roles and permissions? Are the attributes of the requestor important for your access control logic? Can the context of the request influence how the resource should be disclosed?

Answering those questions will allow you to design and implement access control thanks to a composition of multiple mechanisms. Through this session, we will describe how a very simple web store application will benefit from implementing: identity federation, attribute-based access control, and security token exchange through the usage of the appropriate AWS services.

Speakers
avatar for Jeff Lombardo

Jeff Lombardo

Senior Solution Architect, Amazon
Jeff is a Senior Solution Architect with a strong expertise in Identity and Access Management, Application Security, and Data Protection with Privacy conformance. Thanks to his 17 years as Security consultant for Enterprise of all sizes and from all business verticals, he delivered... Read More →


Thursday April 7, 2022 13:00 - 13:45 ADT
Track 3 - Summit Suite - Room 608/609

13:00 ADT

Data Driven Cloud Security
As companies increase their cloud presence and shift to more flexible and complex workloads, they are faced with an evolving security landscape where traditional security tooling struggles with the dynamic and ephemeral nature of the cloud.    

When combined with growing customer requirements, legacy approaches become misaligned with cloud security needs. By using a data driven approach, we explore how a fundamentally different security architecture built for the cloud can enable security by default to accelerate transformative outcomes.

Speakers
avatar for Nicolas St-Pierre

Nicolas St-Pierre

Field CTO, Lacework
Nicolas is Field CTO at Lacework and responsible for providing technical leadership in Cloud Security to our customers, partners and product groups.  He has over 20 years of expertise in security products and virtual platform deployments with global Tier-1 Communication Service Providers... Read More →


Thursday April 7, 2022 13:00 - 13:45 ADT
Track 4 - Summit Suite - Room 612/613

13:45 ADT

Networking Break
Thursday April 7, 2022 13:45 - 14:00 ADT
AtlSecCon

14:00 ADT

Demystifying Zero Trust - Lessons learned from Google's journey
Implementing a zero trust strategy is a top priority for organizations looking to modernize their security program and become more resilient in today’s challenging threat environment. During this keynote, hear lessons learned from Google’s decade long journey embracing zero trust principles, which required a shift in both mindset and how to implement and manage technical capabilities and controls.

Speakers
avatar for Taylor Lehmann

Taylor Lehmann

Director, Office of the CISO, Google
Taylor Lehmann joined Google’s Office of the Chief Information Security Officer (CISO) to advise Google Cloud customers and help them achieve their business goals while adopting a high security bar - one that protects data, operations, and people without compromise or unnecessary... Read More →


Thursday April 7, 2022 14:00 - 14:45 ADT
Track 1 - Ballroom

14:00 ADT

Highlight into Cybersecurity Quandaries
Statistics are speaking loudly! There is a disconnection between defenders’ perceptions of the value of the security controls they implement, and the most common attack vectors leveraged by penetration testers acting as potential attackers. This presentation highlights the key results of a two-year-long research study aimed at understanding this disconnection. The perceptions and practices of 120 cybersecurity professionals were compared with 182 findings from 65 penetration tests conducted across North America. By linking the defenders’ perception with their reported actions and cross-referencing the results with statistics on penetration testing, we uncovered important information gaps. We present dozens of open-source tools and methods to rectify these gaps, but also discuss how the solution may be at the human level. We offer avenues on how to shift the uncovered misaligned perceptions and change the defenders’ decision-making process to, ultimately, start solving the cybersecurity quandary we currently live in.

Speakers
avatar for Masarah Paquet-Clouston

Masarah Paquet-Clouston

Assistant Professor, Université of Montréal
Masarah Paquet-Clouston is an assistant professor at Université of Montréal and a collaborator at the Stratosphere Laboratory. She holds a PhD in criminology from Simon Fraser University and is specialized in the study of profit-driven crime enabled by technologies. In the past... Read More →
avatar for Laurent Desaulniers

Laurent Desaulniers

Vice President of Breach, Detection and Response Services, GoSecure
Laurent Desaulniers the Vice President of Breach, Detection and Response Services GoSecure. He has over 15 years of experience in offensive security and attack simulation. In addition to his experience in intrusion, Mr. Desaulniers had the opportunity to teach at ÉTS, HEC and the... Read More →


Thursday April 7, 2022 14:00 - 14:45 ADT
Track 2 - Summit Suite - Room 603/604

14:00 ADT

Three ways to make your ZT strategy effective
Zero Trust is an architectural approach to improving the security of IT environments. But it can go much further: it can help with industrial control systems and even physical security. We will discuss how zero trust has implications and impact in all three domains, and give attendees a tactical plan for improving resilience and mitigating risk. First, we will define aero trust in a vendor-neutral way. Then, we will see how it applies to cloud and the software supply chain. Next, we turn to the OT domain, and look at with Zero trust in the real world. We close with practical steps to make your enterprise more secure.  

Speakers
avatar for William Malik

William Malik

VP of Infrastructure Strategies, Trend Micro
William Malik is VP of Infrastructure Strategies at Trend Micro. As a founder of Gartner’s Information Security Strategies service in the mid-1990s, Bill has deep expertise in information security matters. He has spoken internationally on information security, identity management... Read More →


Thursday April 7, 2022 14:00 - 14:45 ADT
Track 3 - Summit Suite - Room 608/609

14:00 ADT

Building the modern/automated SOC
In the ongoing battle against cyber threats, it has never been more critical for Cyber Defense or SOC teams to ensure they have the right tools in their arsenal. Automation and Orchestration platforms are rapidly becoming a must-have solution for cyber teams to enable more effective and efficient detection.

In this session, my talk “Building the Modern/Automated SOC” provides a unique view and real-world experience of how I built and operated a highly successful security operations center at global companies. The session also offers a deep dive into the security stack and processes we followed.

What often happens is that a traditional SOC management will feel the need to hire more people as alerts grow. But we designed the modern SOC to be resilient in the face of changing workforce models and new technologies and used prevention-focused technology, automation and machine learning to optimize operations and increase staff productivity.

Sound familiar? Stop being overwhelmed. In this session, I will share my experience on how to work smarter, respond faster, and strengthen your defenses in both on-prem and cloud environments!

Speakers
avatar for Nithin Reddy

Nithin Reddy

Director, Cybersecurity, Ceridian
Nithin Reddy Director, Cybersecurity at Ceridian. He is a senior cybersecurity executive professional with over fifteen years of experience focusing on information security risk management, cyber threat incident response, threat hunting, malware analysis, and computer forensics. Nithin... Read More →


Thursday April 7, 2022 14:00 - 14:45 ADT
Track 4 - Summit Suite - Room 612/613

14:45 ADT

Networking Break
Thursday April 7, 2022 14:45 - 15:00 ADT
AtlSecCon

15:00 ADT

Ransomware Realities, Impacts, and Controls: An Introduction to the TELUS Canadian Ransomware Study
The increase in ransomware seen across the globe has fundamentally changed how organizations think about security. With cyber attacks becoming easier to perpetrate and threat actors casting an ever wider net, the new reality is that anyone can be a target. And Canadian organizations aren’t immune.

Join Kevin Lonergan, Senior Strategy Manager, TELUS Cybersecurity as he shares insights from the TELUS Canadian Ransomware Study. Based on the feedback of over 450+ Canadian organizations, this study shares some surprising realities about how ransomware is impacting organizations, which controls are most effective and how to best protect yourself.


Speakers
avatar for Kevin Lonergan

Kevin Lonergan

Senior Strategy Manager, TELUS Security
Kevin Lonergan is a Senior Strategy Manager with TELUS Security. In this role, Kevin works with various stakeholders to understand market trends, customer needs, and emerging technologies to ensure TELUS is offering a strong portfolio of services to customers now and in the future... Read More →


Thursday April 7, 2022 15:00 - 15:45 ADT
Track 1 - Ballroom

15:00 ADT

When Layered Defences Become Too Redundant
Over the last 30 years organizations have deployed layer upon layer of defence in depth. Although each layer serves a specific function, it’s time to reconsider if all these defences are necessary and to conduct detailed assessments or evaluate potential solution alternatives to multiple layers of defence that could be unnecessarily costing organizations. This discussion highlights the pros and cons to those defences we’ve become dependent on, while demonstrating how new AI based technologies could potentially replace layers of defence.


Speakers
avatar for Elie Nasrallah

Elie Nasrallah

Principal Sales Engineer, SentinelOne
Elie is an Information Security professional with over 26 years of IT Security experience, having worked for companies such as Bell Canada on numerous Government initiatives, RSA, FireEye and Trend Micro.He has worked closely will all industries in Canada including Federal and Provincial... Read More →


Thursday April 7, 2022 15:00 - 15:45 ADT
Track 2 - Summit Suite - Room 603/604

15:00 ADT

Being A Better Defender By Channeling Your Worst Adversary: Lessons Learned Over the Past Five Years Building Adversary Emulations
My background is on the defensive side, but I always had an interest in the red team side of things. After taking SANS Incident Handling 504 back in 2006, who wouldn’t?

Over the past five years, I have built or assisted with building adversary emulations using techniques that adversary groups from around the world utilize. Why? To help blue teamers identify threats and use their tool sets more effectively, as well as demonstrate the value of certain data sets and techniques that can be applied everyday. I’ve been the adversary and I will share with you my experiences, lessons learned, pitfalls that I have encountered and share guidance that may help you.

Attendees will come away with a better understanding of where scenario based adversary emulation fits, how to focus your efforts to ensure that everyone is getting something out of it, guidance on data sets and ideas around where to start when building your scenarios.

Finally, links to existing data sets that we have created will be provided so if you want to see what we produced and use them to improve your own hunting and detection, you can!

Speakers
avatar for John Stoner

John Stoner

Principal Security Strategist, Splunk
John Stoner is a Principal Security Strategist at Splunk. In his current role, he leverages his experience to educate and improve users’ capabilities in Security Operations, Threat Hunting, Incident Response and Threat Intelligence. He has authored multiple hands-on workshops that... Read More →


Thursday April 7, 2022 15:00 - 15:45 ADT
Track 3 - Summit Suite - Room 608/609

15:00 ADT

GDPR – Lessons learned from a Canadian perspective two years after the commotion
Two years ago the EU legislation for data privacy (GDPR) was introduced. Since the regulation contained heavy fines for misusing personal data of Europeans it created a lot of initial fuzz all over the world. Two years later, the new legislation seems to stabilize, although different interpretations and fear mongers still exist. What was the fuzz about and are there any lessons to be learned from a Canadian perspective? This talk will highlight some of the data privacy pain points that organizations struggle with as well as some real world examples from auditing GDPR compliance. It will also discuss emerging practices and the future of data privacy.

Speakers
avatar for Jan Karlsson

Jan Karlsson

Vice President and Senior Advisor, Secure State Cyber
Jan Karlsson is a certified IT auditor (CISA) and risk manager (CRISC) with more than 18 years of experience in governance, risk and compliance for public administration and large organizations.


Thursday April 7, 2022 15:00 - 15:45 ADT
Track 4 - Summit Suite - Room 612/613

15:45 ADT

Networking Break
Thursday April 7, 2022 15:45 - 16:00 ADT
AtlSecCon

16:00 ADT

10 Years of AtlSecCon: Past, Present, Future
Speakers
avatar for Darryl MacLeod

Darryl MacLeod

Board of Directors, AtlSecCon
Darryl MacLeod is a member of the vCISO Advisory Services team at Lares and has been with AtlSecCon for over ten years. Having also worked for such companies as Trustwave, Tenable, MNP and Bell, he has years of experience in developing, managing and assessing information security... Read More →
avatar for Travis Barlow

Travis Barlow

Co-Founder, AtlSecCon
Travis Barlow has over 16 years of experience in the IT field, the majority of it in the IT Security realm. He is the founder of the Atlantic Security Conference (AtlSecCon) and the Halifax Area Security Klatch (HASK), a local security community. He has been recognized by Digital... Read More →
avatar for Steve Quinn

Steve Quinn

Co-Founder, AtlSecCon
Steve Quinn is currently the Director of IT for the Shaw Group LTD. As an IT professional of more than 25 years in IT, Steve has experience ranging from direct front-line customer care, back end system/network administration to companywide strategic IT initiatives/rebuilds. As a self-professed... Read More →
avatar for Andrew Kozma

Andrew Kozma

Co-Founder, AtlSecCon
Andrew is a Sr. Manager in Deloitte’s Atlantic Risk Advisory practice based in Halifax, NS. He has worked in both the public and private sectors managing, designing and auditing network and security infrastructure. He has expertise in identifying, directing and executing business... Read More →


Thursday April 7, 2022 16:00 - 16:30 ADT
Track 1 - Ballroom

16:00 ADT

Don't Pay The Ransom!
Ransomware attacks strike every 11 seconds.
No matter how thick your firewalls are, the bad guys are still getting through. And when ransomware strikes, you either pay the ransom or attempt to recover. Some organizations pay the ransom because they trust in their insurance. But most organizations want to recover so they don’t let the bad guys win.

A Payout isn't the only way out. 
Hackers know that if they can exploit your backups, you’ll have no choice but to pay the ransom. If your backups survive, you’ll need to determine what to recover and how long it’s going to take. If you can’t sufficiently answer those questions, you’re back to paying the ransom. What makes matters worse is that paying the ransom isn’t a guarantee. Even when you get a decryption key, the recovery process can take days or weeks. And once it’s decrypted, you also may find that the hackers didn’t give you everything. All the while, your critical apps are down and your bottom line is suffering. Recovering from a clean backup is really the only way to beat the hackers. Data managed by Rubrik is truly immutable and can’t be encrypted after the fact. Once ingested, no external or internal operation can modify the data. Therefore, your data is immune to ransomware. Since data can’t be overwritten, even infected data later ingested by Rubrik can’t infect existing files or folders.

In this session we'll discuss; 
Analyze backup metadata for unusual behavior.
Quickly identify what data was encrypted and where it lives.
Locate personally identifiable information (PII) that may have been exposed to a data exfiltration attack.
Automatically protect new workloads and lock retention to prohibit backup data from being deleted.



Speakers
avatar for Sean Comrie

Sean Comrie

Senior Sales Engineer, Rubrick
Sean Comrie is a Senior Sales Engineer with Rubrik, Inc. working to help customers protect their data and ensure cyber attackers don't bring down their business.  Sean has worked in IT for 25+ years and worked in organizations such as Cisco and Google Cloud prior to joining the team... Read More →


Thursday April 7, 2022 16:00 - 16:45 ADT
Track 2 - Summit Suite - Room 603/604

17:00 ADT

Vendor Reception
Thursday April 7, 2022 17:00 - 19:00 ADT
AtlSecCon

18:30 ADT

Speakers Dinner
Dinner ticket must be purchased in advance.

Speakers must bring their AtlSecCon badge.

Dinner starts at 7:00. Please take your seat(s) by 6:45. 

Thursday April 7, 2022 18:30 - 22:00 ADT
AtlSecCon
 
Friday, April 8
 

08:00 ADT

Registration & Continental Breakfast
Friday April 8, 2022 08:00 - 09:00 ADT
AtlSecCon

09:00 ADT

Opening Remarks
Friday April 8, 2022 09:00 - 09:15 ADT
Track 1 - Ballroom

09:15 ADT

Opening Keynote - Information Security for the Long Haul: Building a Career That Lasts.
“The Only Constant in Life Is Change.” That's certainly true of information security, where we experience a blinding array of changes over the course of a career. How do you build a career that lasts not only years, but decades? Or even <gulp>... three decades? Talking about specific technologies is largely pointless (other than saying: keep learning). However: there are constants that fuel successful infosec careers, future proofs them, and makes them not only last, but thrive. This talk will explore those constants.

Speakers
avatar for Eric Conrad

Eric Conrad

CTO, Backshore Communications
SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead... Read More →


Friday April 8, 2022 09:15 - 10:00 ADT
Track 1 - Ballroom

10:00 ADT

Networking Break
Friday April 8, 2022 10:00 - 10:15 ADT
AtlSecCon

10:15 ADT

Nicolas Cage, Is That You? The Law and Deep Fake Technology Face Off
Is this person real? Did, insert name of politician here, really say that on live TV? Deep Fake technology is advancing to the point where we can no longer trust audio, images, or video. What is the law doing about it? I’ll explore the existing and emerging legal landscape of deep fake technology.

Speakers
avatar for Anna Manley

Anna Manley

Principal, Manley Law Inc.
Anna Manley is an internet and privacy lawyer based in Sydney, NS. She is the principal of Manley Law Inc. and founder of Advocate Cognitive Technologies Inc. Anna advises companies and individuals on all things law and tech related.


Friday April 8, 2022 10:15 - 11:00 ADT
Track 1 - Ballroom

10:15 ADT

How To Maximize ROI With Frictionless Zero Trust
Security used to be easier when everything could be put into a datacenter and always protected. In today's modern digital transformation, people can work anywhere, and apps live everywhere - on-prem, in the cloud, and multi-cloud, complex environments. This has forced security to go through its own transformation.

As security deployment gets more complicated, it increases costs and breaches. More technology to update and manage, more expertise required to run and chase down detections, means more breaches. If we look a typical Zero Trust architecture as shown here, we can see that to deploy each of the key Zero Trust pieces, there is a lot of work and too much complexity.

So, what is the answer? Frictionless Zero Trust. In this session, we will cover how Crowdstrike approaches Zero Trust in a completely different way. How it leverages the platform to automate the decision process as much as possible and how your Security experts can benefit from automation, all while keeping you secure.

Speakers
avatar for Stephane Asselin

Stephane Asselin

Country Manager, Sales Engineering, Canada, CrowdStrike
Stephane Asselin, with his 29 years of experience in IT, is a Senior Manager for the entire Crowdstrike Canada Technical Team. He has national responsibility for Canada for a team that works with customer at planning, designing, and implementing Security solutions and all processes... Read More →


Friday April 8, 2022 10:15 - 11:00 ADT
Track 3 - Summit Suite - Room 608/609

10:15 ADT

New Pathways into Cybersecurity Careers: Bridging the Workforce Gap with a Diverse Labour Force, Upskilling, and Work-Integrated Learning.
Cybersecurity incidents impacted just over one-fifth (21%) of all Canadian businesses in 2017. Canada ranked third worldwide for the number of data breaches, next to the United States and the United Kingdom. In addition, the Canadian Internet Registration Authority reported in 2018 that 4 in 10 Canadian SMEs experienced phishing and virus attacks: about a third experienced Trojans and spyware, while 27% had been attacked by ransomware.

Canada’s demand for cybersecurity talent is increasing. With each new innovative cybersecurity product entering the market, the pioneers leading the charge behind the scenes represent an increasingly diverse and specialized set of technical skills. In addition, longstanding institutions and sectors in finance, utilities, healthcare, among others, increasingly require in-house cybersecurity personnel to help them guard against digital attacks. Yet, in Canada, the resounding message from employers is that it is difficult to find this skilled personnel.

Addressing the challenge of a dearth of highly skilled, experienced professionals is a complex issue that hinges on a holistic understanding of the cybersecurity ecosystem and career pathways. ICTC will present its analysis of the demand for cybersecurity personnel and identify several constructive opportunities for addressing this issue, as outlined in its study Searching for Hidden Talent.

Speakers
avatar for Tyler Farmer

Tyler Farmer

Manager, Special Projects & Marketing Strategy, Information and Communications Technology Council (ICTC)
Tyler Farmer is the Manager of Special Projects & Marketing Strategy at the Information and Communications Technology Council (ICTC). Prior to joining ICTC, Tyler worked in Nova Scotia’s economic development and tech eco-system collaborating with regional partners to develop world-class... Read More →


Friday April 8, 2022 10:15 - 11:00 ADT
Track 4 - Summit Suite - Room 612/613

11:00 ADT

Networking Break
Friday April 8, 2022 11:00 - 11:15 ADT
AtlSecCon

11:15 ADT

Backups, Off-site Data and IT Security: Don’t Create A Backdoor
When it comes to data protection, the promise is great: restore data in the event of a loss. But there also is a fair question to ask on what happens with data in backup state? Are the standards applied the same there? Different backup technologies offer different opportunities and risks for security the backup data. Additionally, how can backup technology be resilient for ransomware? Backup expert Rick Vanover shares tips for security professionals:

Speakers
avatar for Rick Vanover

Rick Vanover

Senior Director of Product Strategy, Veeam
Rick Vanover (Cisco Champion, VMware vExpert) is a Senior Director of Product Strategy for Veeam Software based in Columbus, Ohio. Rick’s experience includes system administration and IT management; with virtualization, cloud and storage technologies being the central theme of his... Read More →


Friday April 8, 2022 11:15 - 12:00 ADT
Track 1 - Ballroom

11:15 ADT

Your SOC is Doomed to Fail - Collapse It and Automate
How could you handle over 1.2 trillion events a quarter with no major breaches, a small staff under 20 people and still see the SolarWinds attack first? This talk shares the initial SolarWinds attack activities, the tepid response that responsible disclosure elicited and how a modern SOC can automate response to events of this magnitude, months ahead of public disclosure and response.

Speakers
avatar for Garry Coldwells

Garry Coldwells

SE Leader - Public Sector Canada, Palo Alto Networks
Garry is a 25+ year cybersecurity veteran.  He has spoken at conferences across three continents to diverse audiences, including at AtlSecCon, B-Sides and ISACA in Halifax.  These talks have covered topics as diverse as foundational security principles up to technical analyses of... Read More →


Friday April 8, 2022 11:15 - 12:00 ADT
Track 2 - Summit Suite - Room 603/604

11:15 ADT

A Backdoor Lockpick: Analysing the Loopholes in Phicomm's Backdoor Protocol
The recently bankrupt Chinese tech giant Phicomm installed a cryptographically locked backdoor on each and every one of the routers they released over the past several years. In this talk, I will show how I reverse engineered the backdoor protocol and discovered a series of zero day vulnerabilities in that protocol's implementation. I will also demonstrate a tool I developed to exploit these vulnerabilities and gain a backdoor on any Phicomm router released since 2017, including models released on the international market, and which can still be found for sale on Amazon. Since Phicomm is no longer in business, it's safe to assume that there will never be an official patch for these routers, which means that the surest path for securing these devices passes through this very backdoor.

Speakers
avatar for Olivia Lucca Fraser

Olivia Lucca Fraser

Reverse Engineer, Tenable
Olivia Lucca Fraser is a reverse engineer on Tenable's Zero Day Research team. She holds a Masters in Computer Science from Dalhousie University and first presented at AtlSecCon back in 2017.


Friday April 8, 2022 11:15 - 12:00 ADT
Track 3 - Summit Suite - Room 608/609

11:15 ADT

Building An Effective Data Protection Program
Do you have any idea how much time it will take to scan, identify, and secure every organization file containing sensitive information? Me neither, data are everywhere!

Fortunately, you don’t need this information to build an effective enterprise program. In this session, we’ll focus on the scope, processes, and roles & responsibilities. Join Benoit for a pragmatic conversation based on lessons learned and emerging practices.

Speakers
avatar for Benoît H. Dicaire

Benoît H. Dicaire

CTO Canada, Forcepoint
Benoît H. Dicaire leads the Canadian Sales Engineering at Forcepoint. Being just as much at ease in the boardroom, then a war room or even the server room, he collaborates with senior managers and specialists to bring clarity to your information protection program. Benoît is a former... Read More →


Friday April 8, 2022 11:15 - 12:00 ADT
Track 4 - Summit Suite - Room 612/613

12:00 ADT

Lunch
Friday April 8, 2022 12:00 - 13:00 ADT
AtlSecCon

13:00 ADT

How Much Should Security Really Cost?
How much should it cost? Did I spend too much? What is the ROI? What are others spending? What do I do?!?!

These are some of the questions that every IT or security business leader finds themselves asking at some point. Some are told what amount of money has been allocated. Others are simply told to put forth a business case and money will be "found". This simply tells you what you can spend...not what you should spend. Industry experts try to tell us what percentage of the overall IT budget should be spent on security but requesting a flat 10% of a $5m IT may or may not be enough to adequately protect your organization. Then again, maybe it's more than you need. How would you know?

This talk will arm you with one CISO's methods for determining the amount of money that needs to be spent on security for any size of organization and will also present real-world data and tools to justify to the business just how much should be spent for securing YOUR organization to, taking into account real-world constraints such as time, available expertise, business continuity, and <gasp> training.

Speakers
avatar for Andrew Hay

Andrew Hay

CISO, Lares
Andrew Hay is a veteran cybersecurity executive, strategist, industry analyst, data scientist, threat and vulnerability researcher, and international public speaker with close to 25 years of cybersecurity experience across multiple domains. He prides himself on his ability to execute... Read More →


Friday April 8, 2022 13:00 - 13:45 ADT
Track 1 - Ballroom

13:00 ADT

Security Assessment and Authorization for Government Contracts
How do you keep sensitive design material out of the hands of the APTs that want it?

In this talk, Mike explores the practical side of engineering an IT environment designed to resist concerted efforts state actors to access the data within. Often, these adversaries have more resources to leverage in cyber attack than we can apply in defense. 

The intricate series of regulations, standards, guidance, policies, and requirements that underpin this national program are further complicated by the differences and limitations between the military and industrial sectors.

Speakers
avatar for Mike Bobbitt

Mike Bobbitt

Cybersecurity Manager, Halifax Shipyard (J.D. Irving)
Mike is the Cybersecurity Manager at the Halifax Shipyard, responsible for safeguarding the IT systems for programs such as the Arctic Offshore Patrol Ship and Canadian Surface Combatant. He is a Lieutenant-Colonel in the Army Reserves, where he as served in a variety of roles including... Read More →



Friday April 8, 2022 13:00 - 13:45 ADT
Track 2 - Summit Suite - Room 603/604

13:00 ADT

The Risks of RDP and How to Mitigate Them
Remote Desktop Protocol (RDP) is the de facto standard for remoting in Windows environments. It grew in popularity over the last couple of years due to the pandemic. Many remote workers are now relying on it to perform duties on remote systems. RDP is secure when well deployed but, unfortunately, that’s rarely the case and thus clicking through warnings is common. We have spent the last 3 years working on and reimplementing parts of RDP in PyRDP, our open-source RDP library. This presentation is about what we have learned and can be applied to attack and defend against RDP attacks.

From an attacker’s perspective, we will cover conventional RDP attacks such as Monster-in-the-Middle (MITM) of RDP connections, capture of NetNTLMv2 hashes and techniques to bypass conventional defense mechanisms such as Network Level Authentication (NLA). Case in point: Did you know that by default all clients allow server-side NLA downgrades right now This will enable us to understand and identify the risks with RDP.

From the Blue Team’s perspective, we will provide techniques and tools to detect attacks showcased previously.

Finally, we will provide step by step instructions to deploy an accessible RDP server that is both secure and functional.

Speakers
avatar for Olivier Bilodeau

Olivier Bilodeau

Cybersecurity Research Lead, GoSecure
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys luring malware operators into his traps, writing tools for malware research and vulnerability research. Olivier is passionate communicator having spoken... Read More →
avatar for Lisandro Ubiedo

Lisandro Ubiedo

Cybersecurity Research, GoSecure
Lisandro Ubiedo is part of the Cybersecurity Research team at GoSecure. Passionate about all things malware – from reverse-engineering to catching them on-the-go – and doing DevOps to keep attackers entertained. Lisandro also works on programming tools to aid malware analysis... Read More →


Friday April 8, 2022 13:00 - 13:45 ADT
Track 4 - Summit Suite - Room 612/613

13:45 ADT

Networking Break
Friday April 8, 2022 13:45 - 14:00 ADT
AtlSecCon

14:00 ADT

IT Community Building Strats: What D&D Taught Me About Teamwork
Building community and engaging with a team requires knowledge of the strengths and weakness of each member. Weakness are not to be belittled but to be compensated for by the strengths of others. This talk will endeavor to demonstrate the need for good community building skills and techniques in every team. No matter what your team builds or creates they do so relying on the abilities of the members of that team. Recognizing the capabilities and limitations of each member and unleashing their inherent potential will lead to more secure development. Through a process of education and team building exercises this session will strive to express how you can work in or create a team to accomplish your goals - a team that recognizes the inherent weaknesses of each participant and yet capitalizes on their strengths.



Speakers
avatar for The Reverend M. Elliott Siteman

The Reverend M. Elliott Siteman

Pastor, Priest, Teacher, Questioner - occasional Barbarian. I strive to break away from stereotypes and encourage people to see the clergy in new ways: that show them how connected we can really be to all people no matter who they are or what they believe. I am not in the business... Read More →


Friday April 8, 2022 14:00 - 14:45 ADT
Track 1 - Ballroom

14:00 ADT

The Role of the Platform in Security Transformation
Despite the many cybersecurity innovations over the past decade, misconfiguration and misalignment remain treacherous security challenges. The complexity of cyberattacks and the complexity of cybersecurity solutions have grown, as have the dynamics, distribution, decoupling and scale of the systems we are protecting. A central barrier to improvement is that conventional security portfolios operate as protective systems, layered on top of the hosting platform, largely oblivious to how systems should intentionally behave and what authoritative guardrails must be respected.  

This session will dive into the limits of this conventional approach to security, contrasting it with better aligned, more continuous and far more effective, platform-enabled security information architecture. We will consider ideas such as the intrinsic security potential of cloud-native applications, Zero Trust security architecture/policy, and DevSecOps, establishing that individually, none offer a silver bullet to modern threats. We will also discuss how these innovations can work together to improve the efficiency and effectiveness of the entire security portfolio and why the platform is where opportunity for both transformative operational integration and the opportunity for better leveraging standardization resides.

Speakers
avatar for Dennis Moreau

Dennis Moreau

Senior Engineering Architect, VMware
Dennis Moreau is a Senior Engineering Architect at VMware, focusing on security innovation for highly dynamic computing environments. Moreau has decades of experience in the specification, analysis and control of complex system behavior and security. He has been a Sr. Technology Strategist... Read More →


Friday April 8, 2022 14:00 - 14:45 ADT
Track 2 - Summit Suite - Room 603/604

14:00 ADT

Thanks for Leaving the Lights On
This talk focuses on the often forgotten, unpatched, and ignored low-level remote management interfaces that exist in our networks. All the security tools in the world won't save you if a TA can re-initialize your VM storage array.

Speakers
avatar for Adam Doherty

Adam Doherty

Senior Consultant, Strategic Advisory, CrowdStrike
Automator of things, mechanical keyboard enthusiast, and most likely to keep the coffee industry afloat; Adam has been working in IT for over 20 years in various sectors. He is very passionate about making security accessible to anyone old enough to have used VHS tapes, and payphones... Read More →


Friday April 8, 2022 14:00 - 14:45 ADT
Track 3 - Summit Suite - Room 608/609

14:00 ADT

The death of the SIEM as we know it
The SIEM has been the promised land for so many years but never really delivered on its promises. It’s been used mostly as a compliance tool. All the “power” of its correlation, multi-vendor approach sounded like the perfect thing to be the ultimate SOC tool. However it became just another tool that never was the silver bullet it was once touted as. It was heavy, required lots of resources, was expensive and worst of all; mostly reactive. You had all the tools, all the visibility from any data sources available and yet, it took days to stop a threat. What is to become of it? What is the next “SIEM”? What will enterprise need in order to achieve a faster and better turnaround when the next threat comes.

In this session, we will explore what SIEM were supposed to be, what they are and what they are becoming. We will explore other avenues where newer technologies are upsetting this established market.

Speakers
avatar for Sylvain Dumas

Sylvain Dumas

Cortex SE, Palo Alto Networks


Friday April 8, 2022 14:00 - 14:45 ADT
Track 4 - Summit Suite - Room 612/613

14:45 ADT

Networking Break
Friday April 8, 2022 14:45 - 15:00 ADT
AtlSecCon

15:00 ADT

Attacking and Defending the AWS Cloud
Cloud adoption continues to grow at an exponential rate. The rate of change of the AWS cloud  environment also continues at a rapid pace. Having security aligned with this pace and new  operating paradigm is needed to drive business growth in today’s economy.  
This presentation focuses on the AWS Cloud and explores the most common attacks against the  cloud while sharing effective defenses and risk mitigation strategies. We will provide attendees with  tools and techniques to understand their cloud attack surface and how to secure their cloud native  environments. We will cover: 
1. Commonly designed AWS cloud-native environments 
2. Attacks methods for these AWS environments 
3. Methods to secure your AWS cloud 

Speakers
avatar for Elyse Valerie Nielsen

Elyse Valerie Nielsen

Principal Consultant, Webgistixs
Elyse Nielsen is the principal consultant with Webgistixs, a security consulting firm. Webgistixs advises companies how to improve management of their security portfolio achieving project delivery while improving financial and operational performance. Elyse has over a decade of experience... Read More →


Friday April 8, 2022 15:00 - 15:45 ADT
Track 1 - Ballroom

15:00 ADT

Hacking JWT
JWTs are an important part of how modern APIs are used, they assert your identify to the application. You will see them in SOAP, REST, and GraphQL. Many decisions about authorization and access are based on the claims contained within the JWT. If there are vulnerabilities within the framework used to create them, or in implementation decisions, the impact can be high. In this talk , I will discuss how JWTs are generated and used. Security issues can include information disclosure, authentication bypass, authorization control bypass, password cracking, JWT reuse, algorithms such as None, and algorithm exchange. I will demonstrate the None algorithm attack, cracking the secret key used to sign the JWT, and algorithm exchange.

Speakers
avatar for Adrien de Beaupre

Adrien de Beaupre

Senior Cyber/Information Security Consultant, Penetration Tester, Principal SANS Instructor and course author
Today, in addition to being a prolific SANS instructor and course author, Adrien is an independent penetration tester in both the Government and private sectors around the world.A sought-after instructor known for his engaging, straight-forward style, professionalism, and real-world... Read More →


Friday April 8, 2022 15:00 - 15:45 ADT
Track 2 - Summit Suite - Room 603/604

15:00 ADT

The Dirty Dozen - A proven model of human error that can help you reduce cyber risk
The Dirty Dozen refers to twelve of the most common human error preconditions, or conditions that can act as precursors, to accidents or incidents, in the aviation industry. Developed by Canadian Gordon Dupont, it became the cornerstone of the aviation industry's Human Factors safety program in the 1990s. That program was a major part of reducing incidents per million departures from 4.0 to less than .5 over the past 30 years, a nearly 90% reduction.

In this talk, David will discuss the Dirty Dozen and how they can be applied to cybersecurity to significantly improve awareness programs and reduce cyber risk.

Speakers
avatar for David Shipley

David Shipley

Co-Founder and CEO, Beauceron Security
David Shipley is the co-founder and CEO of Beauceron Security, an Atlantic Canadian scale-up that serves more than 150 clients across North America and in Europe and provides a new approach to cybersecurity awareness and risk management. Shipley is the former security lead for the... Read More →


Friday April 8, 2022 15:00 - 15:45 ADT
Track 3 - Summit Suite - Room 608/609

15:00 ADT

Bypassing Authentication On 20+ Arcadyan Routers And Rooting Some Buffalo: A Walkthrough Of My First Router Hacking Experience
In this talk, I will walk through how I rooted my first router, and how during disclosure of those vulnerabilities, I found that one of the issues was much more widespread than I expected and affected 20+ devices across 20 vendors and Internet Service Providers (ISPs) in 11 countries. In the talk I will walk through getting a root shell on the Buffalo WSR-2533 and using that shell to take a closer look at the http server running the web GUI. I will walk through the process of discovering a path traversal vulnerability and a command injection vulnerability which can lead to full device compromise. Additionally, we will look at the discovery of many more affected devices and the disclosure that followed, how the additional devices were found using tools like Shodan and BinaryEdge, and how we leveraged the help of the CERT Coordination Centre during disclosure. Finally, I will speak briefly about how a bug like CVE-2021-20090 should not have persisted for so long, and why vendors selling consumer routers, and especially ISPs need to do a better job of testing the security of devices they provide to customers.

Speakers
avatar for Evan Grant

Evan Grant

Staff Research Engineer, Tenable
Evan is based out of Halifax, Nova Scotia and works with the Zero-Day Research Team at Tenable. He worked with the Canadian Forces Reserves for 8 years as a Signal Operator while attending Dalhousie University in electrical engineering. He got his start in infosec working with the... Read More →


Friday April 8, 2022 15:00 - 15:45 ADT
Track 4 - Summit Suite - Room 612/613

15:45 ADT

Networking Break
Friday April 8, 2022 15:45 - 16:00 ADT
AtlSecCon

16:00 ADT

Closing Keynote - Security Debt, Running with Scissors
Security debt, is “the accumulation of the patches missed, the risks accepted, and the configurations misapplied,” is a serious and common problem for many organizations, especially with the move to cloud com putting and rise of IoT. Part of the problem is that, while organizations might accept the risks they encounter, they often neglect to review them or make a plan for the future, and that risk is compounded when patches are passed from person-to-person through staff changes and/or employee churn. However, it doesn’t have to be this way - to track and address security debt, organizations must develop and implement defined, repeatable processes. They should look to strategies like the zero-trust model, trust but verify, sanitation of inputs and outputs, and of course, make sure to execute patches instead of pushing it onto the next person.

Security debt occurs when a technological debt has manifested as a security issue and the associated risks are accepted but not addressed. The longer organizations wait to address risks, the harder it is to address them to eliminate debt, organizations should create defined and repeatable processes with plans for action.

Speakers
avatar for Dave Lewis

Dave Lewis

Global Advisory CISO, Cisco
Dave has 30 years of industry experience. He has extensive experience in IT operations and management. Dave is a Global Advisory CISO for now Cisco. He is the founder of the security site Liquidmatrix Security Digest and host of DuoTV and the Plaintext podcast. Dave is currently working... Read More →


Friday April 8, 2022 16:00 - 17:00 ADT
Track 1 - Ballroom

17:00 ADT