In the fast world of Agile development and DevOps, there are many security roadblocks in the race to production. Businesses can't slow down, so security must speed up. This requires a combination of good architecture and strong technology. WestJet’s unique Security Architecture Made Simple (SAMS) combined with Software Defined Security and Automation technology is transforming security operations.

Richard Sillito has logged nearly 25 years in the IT industry; most recently, as a Solution Architect, IT Security for WestJet Airlines Ltd., a Canadian based low-cost airline. Sillito has been a key player in the creation of SAMS, a security architecture model designed to improve the way security is implemented in WestJet’s corporate environments. He has a keen interest in the development of IT infrastructure and his efforts contribute to the success of WestJet as Canada’s preferred airline; working in one of the most revered corporate cultures in the country. He is a graduate of Northern Alberta Institute of Technology (NAIT) with a diploma in Computer System Technology.

As IT Security organizations become larger and more complex, the ability to focus on risks and specific threats to the organization becomes increasingly difficult.  A myriad of on-premise and cloud applications, security technologies, regulations, business requirements, cost and huge data volumes all contribute to difficult and complex problem.  Organizationally, do you have the staff resources, expertise, time and technologies to find that needle in a haystack?  In this session, we will explore three popular approaches to managing security events and incidents – leveraging a SIEM solution, Managed Security Service or a hybrid; an open discussion on the benefits of each to organizations today.

About the Speaker

Dean Carey has spent almost 20 years as a security engineer working with some of the largest security companies in the world - including McAfee, Skyhigh Networks, Blue Coat technologies and now Symantec.  Throughout his career, he has seen first-hand the evolution from the on-premise endpoint and network technologies to cloud technologies and services.

In his current position at Symantec, his role is to work with customers and internal teams to help understand and architect security management solutions.  Whether that involves augmenting existing security management capabilities by integrating intelligence and response, or working with customers to build out a custom Managed Security Service with capabilities that provide visibility, management and expert resources to address security incidents.

Providing Business Value as the Security Guy - how to a talk security to the business.

Many security practitioners spend a lot of time staring at screens in dark rooms at all hours of the day solving incredibly complex problems, but somehow can’t translate that knowledge into business value.

Instead of getting frustrated that nobody wants to hear what you have to say, learn to say it better. This presentation will cover many of the “soft skills” that I have learned presenting, reporting and communicating security topics to various audiences.

I will also discuss why people are more important than technology in the security space and some of the pitfalls I have encountered delivering security solutions, and how to anticipate and avoid them.

About the Speaker:

Stephen is a highly skilled Security Practitioner with more than 15 years of experience in various security roles. This has provided Stephen with an expert level of knowledge in operating system and network internals, and architecting, implementing, supporting and managing a wide variety of network security solutions in corporate IT and industrial control system environments. Stephen identifies business risk for customers through assessments such as penetration testing, vulnerability assessments and other security assessments. He leverages his experience in attacking and assessing networks to provide relevant and actionable guidance, enabling customers to implement defensive measures to reduce their risk, aiming to achieve the greatest possible reduction as efficiently as possible.

In addition to being very capable technically, Stephen is a strong communicator, having taught and mentored multiple security courses for the University of Calgary and for SANS, the leading provider of information security training. Stephen currently teaches multiple SANS courses each year including Industrial Control System Security, Incident Handling, Penetration Testing and Monitoring and Detection. SANS bio page: https://www.sans.org/instructors/stephen-mathezer.

Event Information:

• Date: Thursday May 31, 2018
• Time: 11:30 AM – 1:00 PM
• Location: Fifth Avenue Place, West Tower - 4 Avenue and 2 Street SW, South East corner of intersection, +15 Conference Room (North West corner of the building)

Automation in Cyber-security: Hype, Reality, or Skynet?

We all are familiar with the concept of a self-defending network; we have been promised them since the early 2000’s.  Some solutions showed promise, and some have been abandoned due to high overhead or turning out to being overly impactful on the organizations. Now it is 2018 and organization have started to move the goal posts for security yet again, with the adoption of Cloud and the exploration of new ways to do DevOps.

This talk will explore at a high level the history of automation in cyber-security, the self-defending network idea, and what can be done today. Will we finally be able to use automation in cyber-security to get us closer to the goal of a hands-off holistic solution that can defend against today’s increasingly organized and automated attacks?

About the speaker:

Trevor Richmond is a Senior Security Professional with for over 18 years in the industry. During this time, he held various roles in Solutions Architecture, Incident Response, Professional Services, Managed Services, Public Speaking, and Security Training.

Trevor has traveled much of his career doing consulting through Canada and USA, before making the move from Vancouver and once again calling Calgary home. In his personal time Trevor is an avid skier, enjoys Triathlons and backcountry camping with Wedge, his black lab.

Sgt. Andrew MacLeod will be speaking about the challenges facing police when it comes to cybercrime.  What steps are being taken to combat those challenges, and success’ they have had with cybercrime investigations.  

About the Speaker:

Sgt. Andrew MacLeod has been with the Calgary Police Service for 19 years.  He served on the front line for 8 years and was promoted to the rank of Detective in 2008 where he worked in Major Crimes, Organized Crime, and the Alberta Gang Enforcement Team in ALERT.  He moved to the rank of Sergeant and oversaw the Organized Crime Fraud Team.  Sgt. MacLeod is currently the supervisor for the Calgary Police Service Cybercrime Team where he oversees investigators that look into criminal activity that is primarily committed by way of the internet, mobile phones, and or other technical resources.   

The Peripheral Component Interconnect bus was created in 1992, over 26 years ago.  But we are talking about a different PCI.  The Payment Card Industry.  Specifically, the Data Security Standard AKA the PCI-DSS.

Shawn has been assessing and assisting the PCI DSS Compliance of organizations in Canada since 2007 and he loves to talk about PCI (his only fault?).   

He has assessed:

• the largest and smallest organizations
• the breeched and the yet to be breeched.
• the adhoc and the optimizing
• numerous entities in every vertical including Ecommerce operations, Retail orgs, Financial service entities, gaming, Universities, Municipalities, liquor and cannabis.

He knows how PCI affected these organizations differently and what the winning strategies for leveraging PCI are. He also knows the failing ones.

Shawn doesn’t want to waste time covering topics that you already know, so in addition to some prepared material, we are hoping for an interactive session where you can ask questions or bring your real-world PCI challenges for discussion.

About the Speaker:

Shawn Lukaschuk is a PCI DSS Compliance assessor with Online Business Systems.  Shawn is the editor of ThePCIportal.com website and has presented at the PCI security council North American community meeting on the topic of Scoping. Once the risk of credit card breaches is over, Shawn intends to pursue a career in bartending.

• Overview of the Canadian threat landscape
• Organized crime and other external threats
• Trying to secure a multi-architecture world (Hybrid Cloud, SD-WAN etc.. no longer just your datacenter to secure)
• Protecting yourself with Predictive Threat Intelligence

About the speaker; 

Stewart (Stew) is a certified Information Security professional with 26 years of experience in the Information Technology field of which 20 of those years have been focused specifically within the Information Security field. Throughout his career, Stew has always been customer facing as a system engineer and executive consultant. Stew has worked in multiple sectors but primarily with financial customers since 1995 both in the United States and Canada including working with Royal Bank, CIBC, BNS, TD, Manulife Financial, Sunlife Financial, National Bank and Canadian Tire Financial Services.

Stew also speaks at numerous conferences on various security topics and was published in various magazines as well as newspapers.  Stew started in the security field as a PKI encryption expert and ethical hacker.  After leading the IBM Canada hack team, Stew became an Identity Management specialist.  Stew also has an extensive Managed Security services background and was responsible for interfacing with C-Level banking executives on the delivery of managed services.   

Post IBM, he worked in the Big 4 and led the Canadian Information Security team as a Senior Manager and had a team of executive facing security management consultants.   

In Stew’s last role at Cisco, Stew led the Canadian pre-sales team for security services and also was responsible growing the security business in the U.S. North East territory focused on Cisco’s largest global banks, healthcare and financial institutions.