How do you gauge the potential impact of an emerging threat to your organization? How do you evaluate the effectiveness of your security posture to not only prevent but also detect and respond to an attack against your organization?

A red team tabletop exercise differs from other simulations in its adversarial format, which encourages participants to think creatively and collaborate during and after the exercise to challenge their operating assumptions and shift their perspectives to see their environment the way a threat actor might.

During this session, we’ll be discussing threat modeling, requirements for technical and non-technical simulations, and how to leverage red team exercises to assess and improve your operational readiness, and provide context to enterprise risk management decisions.

The information you learn during this session will be helpful in consideration of conducting your own red team tabletop exercises

Speaker Bio:

Mitch Kelsey

Cyber Security Advisor for CDW Canada

Mitch leads discussions related to offensive security, risk advisory consulting, vulnerability management, and cyber security practice maturity development in Western Canada for CDW Canada. Before moving to a presales advisory role, Mitch conducted risk advisory consulting, cyber security practice maturity development, and managed security operations. Mitch has a BA focused on international security and conflict from SFU, CISSP, and PMP backed by international professional advisory experience to Fortune 500 companies.

Mitch started his career in security with a strategic security consultancy’s UAE office where he was engaged on threat risk assessments related to critical infrastructure, diplomatic security and counter-terrorism, as well as cyber security strategy and policy development in the Middle East and internationally. As a result, Mitch takes a broad-spectrum approach to threat modeling and cyber security maturity evaluation to address cyber security risk systematically and ensure customers’ objectives align with their operational readiness and capabilities.

After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advise on matters of information security. On many occasions, after explaining some basic security concept to a customer and outlining what they need to do to be secure, I often heard the retort, “yeah, but we don’t need DoD level security.”

Well, after twenty years in the private sector, and especially over the past 2-3 years with the proliferation of data breaches against major companies, I find myself wanting to reply, “yeah, you really DO need DoD level security!”

What does this mean? Probably not what you are thinking. This talk will start with an overview of the foundation nature of data security, highlight the major tenets or goals of data security, introduce the risk equation, discuss how and why so many companies so often fail at implementing the basics of data security, and explore some ways that a DoD-centric approach to data security might be implemented in the private sector. Brainstorming, discussion, dissension all welcome.

Click to see presentation - Zoom Meeting Recording

Bio:

Respected Information Security advocate, advisor, evangelist, international speaker, keynoter, host of Security and Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers, TOH Red Team, and currently serving in a Consulting/Advisory role for Online Business Systems. Nearly 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified NSA Cryptanalyst. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing & "red team" at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.

A study of common, emerging, and pioneering  capabilities and practices

A presentation based on the annual survey results of the “Third-Party Security Risk Management Playbook.” The Playbook is the definitive study of third-party security risk management practices. Based on in-depth interviews of risk executives from 30 domestic and international firms, it reveals the real-world capabilities and practices employed to manage third-party cyber risk, distilled into 14 capabilities instantiated through 72 practices.

This seminar will

• Explore the Playbook’s framework of common, emerging, and pioneering capabilities
• Discuss how to use continuous surface risk assessment to support many of these key practices
• Learn about tactical and strategic practices
• Understand adoption rates against those identified in the Playbook

Click to see presentation - Zoom Meeting Recording

About the speaker

Peter Kobs, Executive Vice President, Risk Recon

Mr Kobs, brings more than 20 years of B2B sales experience to his role at RiskRecon. Before joining RiskRecon, Kobs served as the CRO for FireMon from 2016 - 2018, was the Vice President of Global Accounts at CommVault since April 2015, and prior to that held the title Vice President of America Sales at the same company.Throughout his career, Mr. Kobs has led high-performance sales organizations at B2B enterprise companies including McAfee, Pedestal Software, KVS, Informatica, Allaire and Platinum Technology. Mr. Kobs holds a B.A in Political Science from Loyola University Chicago.

Click to see presentation - Zoom Meeting Recording

The global COVID-19 pandemic has shifted the paradigm for normal working and living conditions.

Many of us are working remotely, away from hardened corporate infrastructure and with additional considerations, such as balancing the needs of family members who are also likely having their routines disrupted.

This shift has provided opportunity to every class of cyber-criminal in terms of both social engineering and wider attack surface.

This breakout session will provide a look at the current threat landscape to see what shifts have occurred regarding tactics, techniques, procedures, and targeting in the time of COVID-19.

Group discussion should focus on: what kinds of threats are being observed and what kinds of actions can be taken to protect ourselves and our organizations at this time.

Please join my meeting from your computer, tablet or smartphone.

https://global.gotomeeting.com/join/203276973

You can also dial in using your phone.

 Canada (Toll Free): 1 888 299 1889

- One-touch: tel:+18882991889,,203276973#

Canada: +1 (647) 497-9373

- One-touch: tel:+16474979373,,203276973#

Access Code: 203-276-973

More phone numbers:

Join from a video-conferencing room or system.

Dial in or type: 67.217.95.2 or inroomlink.goto.com

Meeting ID: 203 276 973

Or dial directly: This email address is being protected from spambots. You need JavaScript enabled to view it..2 or 67.217.95.2##203276973

New to GoToMeeting? Get the app now and be ready when your first meeting starts: https://global.gotomeeting.com/install/203276973

Speaker Bio 

Daniel Blackford is a threat researcher at Proofpoint. He spends his days hunting through massive amounts of maliflow and cloud data to identify malign threat activity in order to surface and provide context for those threats both directly to clients as well as through tools such as TAP. Daniel also tracks the various actors and TTPs that comprise the threat landscape. 

Prior to his work at Proofpoint, Daniel worked as a malware analyst at the National Cyber Forensics and Training Alliance (NCFTA) on site in Pittsburgh, PA. 

Daniel has a BS in Computer Science from the University of Florida.  

With enterprises globally now supporting a 100% remote workforce and customer base, global organizations may be forever changed. Even the most forward-looking organizations face added risk in these extraordinary times. Layers of security are rendered useless if your new remote workforce, or vulnerabilities in their devices and networks, inadvertently give permission for threat actors to access your data.

Join Canadian experts at our virtual summit to learn how to best adapt and balance productivity, accessibility and security. Registration is complimentary and CPE Credits will be available.

https://www.ismgcorp.com/ismg-summit/registration

Google Meet: https://meet.google.com/kpj-yhza-awm

(OR)

Join by Phone: (CA) +1 289-348-8795‬ PIN: ‪523 659 820‬#

(ISC)2 Alberta Chapter has teamed up with SPIE to bring you yet another exciting virtual session in our member webinar series.

Experts from industry deliver a two part presentation discussing the future of education and employment and the potential impact of digital credentials followed by addressing the gap in Digital Strategy execution and the role of Digital Governance in narrowing this gap.

While the intense focus on Digital during the pandemic is unprecedented, Digital strategy execution gap is a new reality boards of directors across the world are facing while pursuing new models of organizational sustainability. These gaps if not addressed can compromise the performance of any organization and disappoint the shareholders, employees and the broader community alike.

This session uses case studies to explain the digital strategy execution gap. It highlights the board imperative of business-IT alignment, and how to achieve it. And finally, it highlights ethical and cultural issues in digital governance that constrain performance and/or sustainability.

Speakers:

Chami Akmeemana

Chami Akmeemana is the CEO of Convergence.tech and Trybe.ID. He is a Blockchain and AI Specialist. He pursued a Ph.D. in Bioceramic Engineering at Queen Mary, University of London, until deciding to forgo an academic career in favor of Law Enforcement. In 2002, he joined London’s Metropolitan Police.

Chami has had 4 successful exits over the last decade and is passionate about the intersection of technology, business and social good. His experience includes serving as Director of Regulatory and Government Affairs at ConsenSys Inc; Fintech Advisor to the Ontario Securities Commission; Managing Director, Fintech and Blockchain at the Global Risk Institute; and Regulatory Advisor to the Republic of Liberland.

Chami is also the Chairman of the Blockchain Association Australia and an Advisory Board member of doc.ai.

Guy Pearce

Guy has served on governance boards in banking, financial services and a not for profit, and as CEO of a financial services organization. He has played an active role in 10 enterprise digital transformation programs, experiences which led him to create a Digital Transformation course for the University of Toronto SCS. He is a regular speaker at McMaster University on topics such as big data, blockchain, digital transformation and IT governance, and has rich experience in the regulatory requirements for data governance, through regulations such as BCBS239 and GDPR. His experience in enterprise technology and in leveraging data for business benefit extends to the conceptualization, design, development and deployment of enterprise BI, CRM and credit systems impacting 5,000 users at 1,300 branches, big data analytics enabling $95 million in incremental value in six months by big data fusion, and BI value enablement creating $50 million in incremental value in four months, to name a few. He readily shares his experiences by conferences and by publications in journals such as the ICD’s Director Journal, the NACD’s Directorship, and ISACA Journal, and is the recipient of the 2019 ISACA Michael Cangemi best author award for contributions to the field of IT governance. Guy holds a BSc (Comp Sc) from the University of the Witwatersrand (SA), a BCom (Econ and Quants) from the University of South Africa, a MBA from Heriot-Watt University (UK), and is Certified in the Governance of Enterprise IT (CGEIT).

Erik Zvaigzne

Erik has 15 years of experience in corporate IT and systems development, having worked extensively in the government sector as a technical lead and project manager on the ideation, design, delivery, and operations of large-scale enterprise technology solutions. His diverse experience includes building out systems involving sensor networks to aggregate data for flood forecasting, public-facing web based government services portals, and a blockchain-based traceability solutions leveraging mobile devices and RFID technologies for clients in Canada and abroad.

The era of the Internet of Things (IoT) will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats  The Internet of Things consists of various platforms and devices with different capabilities and each system will need security solutions depending on its characteristics. In addition, user privacy will become more important in the IoT environment because a lot of personal information will be delivered and shared among connected things. 

Most Internet of Medical Things (IoMT ) devices were not designed with security in mind, which makes them especially vulnerable to compromise. In fact, one study suggested that there is an average of 164 cyber threats detected per 1,000 connected host devices. Connected medical devices – from Wi-Fi enabled infusion pumps to smart MRI machines increase the attack surface of devices sharing information and create security concerns including impact to patient safety.  IoMT can help monitor, inform and notify not only care-givers, but provide healthcare providers with actual data to identify issues before they become critical or to allow for earlier invention.

Also, in recent years, there have been several targeted attacks on industrial control systems and systems of critical infrastructure by attackers leveraging malware such as Stuxnet, Aurora, Flame, and Havex. The Internet of Things has led several industries such as smart manufacturing to adopt and embrace the advantages of connecting to the Internet, thereby unknowingly exposing themselves and becoming more vulnerable to cyber threats. The world has witnessed a number of ICS (industrial control system) attacks in recent times.

Several security breach events recorded in recent years involving systems of national interest, including both critical infrastructure and government systems, indicate that the global industrial sector is increasingly becoming the target of cyberattacks. As a result, organizations are making substantial investments in ICS security. 

This session will provide an overview of the current connected things threat landscape, covering medical, manufacturing, industrial and smart cities including a focus on  approaches on how to discover and protect yourself from security breaches within these sensitive environments.

Please join my meeting from your computer, tablet or smartphone.

https://global.gotomeeting.com/join/782645133

You can also dial in using your phone.

(For supported devices, tap a one-touch number below to join instantly.)

Canada (Toll Free): 1 888 299 1889

- One-touch: tel:+18882991889,,782645133#

Canada: +1 (647) 497-9373

- One-touch: tel:+16474979373,,782645133#

Access Code: 782-645-133

More phone numbers:

(For supported devices, tap a one-touch number below to join instantly.)

United States (Toll Free): 1 866 899 4679

- One-touch: tel:+18668994679,,782645133#

United States: +1 (571) 317-3116

- One-touch: tel:+15713173116,,782645133#

Join from a video-conferencing room or system.

Dial in or type: 67.217.95.2 or inroomlink.goto.com

Meeting ID: 782 645 133

Or dial directly: This email address is being protected from spambots. You need JavaScript enabled to view it..2 or 67.217.95.2##782645133

New to GoToMeeting? Get the app now and be ready when your first meeting starts: https://global.gotomeeting.com/install/782645133

Speaker Bio; 

Stew Wolfe has over 26 years of technology management consulting, pre-sales, integration and engineer experience, including the past 20 years focused only within the Information Security profession. Key strengths include expressing security and IT needs in business terms. Always in a customer facing role over the past 26 years, he has worked within many industries with a focus in the financial, insurance, and healthcare sectors.