We are excited about our session line up at GoSec 2022. As you will see below, we have a great selection of industry experts and specialists speaking on a wide variety of topics including audit and governance, risk management, research, and operational security.

Cybersecurity – Should We Care?

A retired four-star Admiral with a distinguished 40-year career of military and strategic leadership, Admiral Fallon led U.S. and Allied forces in eight separate commands and played a leadership role in military and diplomatic matters at the highest levels of U.S. government.

Former head of both U.S. Central Command and U.S. Pacific Command, he has worldwide experience in international security, political and commercial affairs. Through his military service, Admiral Fallon gained insight into the role of cyber security in protecting our nation’s most sensitive communications and critical assets. This experience helped shape his unique perspective and ongoing commitment to ensuring that government and enterprise can actively respond to today’s ever-evolving cyber threats.

Attend this session to hear the Admiral’s thoughts on why we should all care about cybersecurity.

From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack

Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. In this session I will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.

Joe Carson, Chief Security Scientist & Advisory CISO at Delinea, who will take you through the mind of a hacker and follow the footsteps that led to a damaging Crylock ransomware attack. Joe will look at tools and techniques cyber criminals use to hack endpoints, such as the WannaCry vulnerability, RDP Brute Force, Mimikatz, and Responder, and the paths they can take toward your enterprise infrastructure and data. Joe will walk through the attack, step-by-step, showing:

● How attackers gained access to the system
● Established staging
● What tools were used
● What commands were executed
● How the ransomware was delivered
● How AD elevation was achieved

Joe will then cover some of the needed incident response steps, utilizing the same use case but from the viewpoint of defender, including:

● Detection, what triggered alert
● Finding what Cryptor was used
● Cleaning up systems
● Finding patient zero

How Eating Your Own Dog Food Helps Secure the Planet

Dogfooding (a common term in software companies for internally using your own products before they launch) is an important part of Google’s culture, and its practice has driven the creation of advanced security technologies, in some cases years before the broader need for them outside of Google was fully understood. For us, dogfooding is more than using our own products. It represents a comprehensive program of using, testing, and rapidly refining the products in the rigorous operating environment of Google. In this session, we’ll explore how Google structures its dogfooding culture and share examples and experience of how this practice might be the most important criteria security leaders should evaluate when selecting a technology provider.

5 Mistakes I’ll Never Make Again

The demand for cyber security expertise and services is continuing to accelerate faster than we can keep up. Threats are evolving, new regulatory requirements are on the horizon and, most importantly, management is demanding that their business services and corporate initiatives are cybersafe. As cybersecurity leaders and professionals, we need to deliver cybersecurity programs that are agile and effective at an accelerated pace.

In this session we’ll talk about the evolving demands on cybersecurity organizations and how to avoid some of the pitfalls that can slow us down or erode our cybersecurity programs.

API Secrets are weak proxies for Machine Identity

Today most API communication between machines is secured through API Secrets – static keys, tokens or PKI certificates that act like system passwords in order to authenticate machines and broker communication between machines. These machines could be cloud workloads, pods, containers, servers, VMs, microservices, and of course physical machines like servers or IoT devices. Perfect security hygiene would mean each API secret is uniquely assigned to only one machine, never shared, and routinely rotated, AND securely distributed through development and deployment systems to the machine that needs it without worry of being leaked along the way.

The reality is API secrets are often shared across dozens or hundreds of machines and workloads. They are rarely if ever rotated, and secrets distribution and management across different applications and environments is a very arduous task. More recently, the static nature of API secrets has made them ripe targets for adversaries. Secrets are getting leaked in code repositories, CI systems like Jenkins or Travis, orchestration tools like Kubernetes, cloud hosting environments like AWS, GCP and Azure, as well as logging tools like Splunk and Elastic, even collaboration environments like Slack.

In this presentation, Corsha’s Co-founder and CTO Anusha Iyer will walk through why the API secrets are often easy prey for bad actors and weak proxies for machine identity and how to better secure API communication between machines.

Bill 64 is modernizing Québec privacy law – What it involves, why it matters, and what you can do to reduce the risk of non-compliance financial and administrative penalties

The stringent new privacy regulations introduced in Bill 64 will require significant changes for organizations operating in Québec or engaging with Québec residents. Policies and procedure will only take you so far to avoid the serious consequences of non-compliance.

DataStealth is a proven solution that helps organizations discover, classify, and protect sensitive data governed by Bill 64, including obligations regarding data residency and the right to be forgotten. Meet the challenge of compliance head on, without the need for any code changes, API integrations, agent installations, or other changes to your applications or IT environment.

Join us to learn about a simple way to take Bill 64 compliance from paper to an actionable plan that will improve your security and mitigate your risk.

Change Your Perspective: View Your Network Like a Hacker

We all spend a lot of time and a lot of money trying to manage risk, while deploying new IOT devices with little more than wishful optimism. We buy firewalls and NDR and EDR and maybe even XDR, and we buy a SIEM to pull all the logs together into one place we can’t keep up with. We run Vulnerability Assessments and get thousand-page reports on things we probably don’t have time to fix. We pay penetration testing companies a small fortune to find the holes in our network we really thought we’d closed. We hire as many SecOps staff and security analysts as we can afford, and we try to keep them long enough to get something done before they move on. Then we sit back and look at the logs of all the stuff we’re blocking, and we wonder…

● How are those connected devices expanding my attack surface?
● What are we missing?
● What aren’t we seeing?
● Hackers can be in the network for weeks or months without detection – are they here now?
● All these headline breaches – they all deployed similar security technology and staff. If they got hacked, why won’t I?
● At the end of the day, am I safer than I was yesterday? Last month? Last year?

Well, now there’s a better way. What if you could see your network the way an attacker sees it? And what if you could do that every day, and find and prioritize every security gap in your network in real time? By thinking like a hacker and attacking your own devices and networks, you can put that power in your hands. Join us for this presentation and learn now.

Cybersecurity as a Business Opportunity – a Success Story Through Pain and Failure

Cybersecurity is often seen as a necessary evil or pain. Engaging into a cyber security program requires money, highly specialized workforce, technology and support from many stakeholders. The overall total cost just keeps growing and growing every year to reduce this critical risk. New security solutions and processes tend to slow down productivity and impact business velocity.

However, when seen under the lens of “opportunity”, it can also uncover new sources of income, improve marketing reach, enable stronger competitive advantage, enrich business culture and more. Great returns can be realized if approached with a different eye.

This talk aims at tackling the bright side of cyber security investment by exploring the good and the bad we experienced as an SMB. We hope that in the light of this talk, refreshing new discussions might fire up in your own organization and will, perhaps, result in fresh, new, innovative and “profitable” cyber security initiatives.

Cybersecurity on a budget: Securing your code and infrastructure for free

In many organizations, securing a budget to fund cybersecurity is still a problem. Even now, executives are reluctant to fund cybersecurity, seeing it as an expense rather than an investment, despite the fact that cyber attacks increase by 50% year over year and while the media is plagued with reports of newly discovered vulnerabilities and new data breaches. Developers are struggling to ensure that the software that they produce is secure and vulnerability free. What if one of my software dependencies has a vulnerability that I’m unaware of? What if a mistake was made in my infrastructure as code and now I’m exposing a resource publicly on my cloud provider? What if someone has accidentally leaked a secret and a disgruntled employee decides to sell it to malicious actors?

This talk will explore solutions to these topics. More specifically, this talk will cover secret management, code vulnerability scanning, dependency scanning, infrastructure as code scanning and fuzzing from a prevention and developer’s point of view. The solutions proposed will use free (gratis) software and can easily be adapted to almost any developer’s workflow.

Do We Need to Remediate Them All?

Do CVSS scores, news headlines, proprietary vendor ratings and intelligence feeds have you feeling analysis paralysis when it comes to vulnerability remediation? In this talk, we’ll look at the factors to take into consideration when weighing enterprise risk and we’ll talk about how to realize effective risk reduction with efficient remediation efforts.

Enhancing Blue Teaming with Threat Emulation and Purple Teaming

On a regular basis, modern enterprises confront cyber-attacks. Black hat hackers provide no sign that they want to quit. New tactics, techniques, and Procedures (TTP) emerge every day. Thus, organizations must make sure they are ready for a targeted attack. The presentation, through a balanced mix of theory and lab demonstrations, will start by providing a fair understanding of Threat Informed Defense. Later, attendees will explore how to leverage Purple Teaming and Adversary emulation exercises to enhance the effectiveness and maturity level of the defense teams of their organizations in addition to showing how to gain better visibility and monitoring coverage (The coverage is based on the MITRE ATT&CK framework). This talk will present how to plan and execute effective Adversary Emulations and Purple teaming assessments utilizing Open-source and publicly available tools and utilities. From the defensive side, the focus will be on Microsoft Sentinel SIEM/SOAR.

Ensuring Developer Intent Matches Reality

Developers have the control. They write the code, they write the infrastructure-as-code, they deploy it all continuously. Ensuring what’s running is supposed to be running can be difficult, but the cloud provides extreme transparency through APIs to see exactly what exists in your environment.

Executive Security Amidst Professionalization of Cyber Criminal Underground

In this talk, ZeroFox will discuss several real-world use cases from the field to highlight the evolution of this criminal ecosystem, focusing on some of its most effective operators and the risks they pose to C-Suite executives. ZeroFox will also offer recommendations to best protect your “Very Attacked People” against various forms of malicious exploitation from the cybercriminal underground.

Cyber criminals have added additional complexity to executive security programs. These criminals are well funded, highly organized, and can pivot quickly within a dynamic ever-changing cyber threat landscape. Security teams no longer need only to have a competitive edge over their peers but are going toe-to-toe with cyber criminals who continuously innovate, cooperate, and adapt. “Very Attacked People,” like enterprise leadership and high-profile employees, are frequent targets of these criminal actors who aim to exfiltrate data, commit fraud, take over accounts, disseminate false information, or impersonate high-profile employees. By understanding common threat actor behavior and staying abreast of trends in the cybercriminal underground, organizations can develop a proactive response by anticipating threat actors’ next move, help educate the C-Suite, and improve their overall cyber safety posture.

Hackers get your data through weak passwords practices: Understanding why and how to improve password protection

Using authentication to secure data and accounts has grown to be a natural part of using computers. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. People usually have a multitude of different passwords and when they create their passwords, they often use a strategy to make the password easy to remember (Pfleeger, et al., 2015; Stobert & Biddle, 2014; Ur, et al., 2015). This study aims to outlines password creation strategies according to their performance – good versus bad password. Password creation strategy refers to active approaches that can be used by a password creator to create memorable passwords (Zviran & Haga, 1990; Ur, et al., 2015). Using databases with actual passwords that have been leaked to the internet, a comparison is done with the list of passwords of GoSecure clients that have been obtain through cybersecurity tests. Both were compared to observe the differences and the analysis helps reveal different types of passwords strategies and the similarity between actors. Results show that GoSecure clients offers a better performance in term of password strategies. Those results can be used to deepen the understanding of password types and password behavior and to understand better the networks of internet users.

Impact of the Russia – Ukraine Conflict on your Cybersecurity

The Cyberconflict between Russia and Ukraine has spurred numerous “Shields up” warnings from CISA, Certs, our own CCCC, and other agencies. What is the real risk for Canadian businesses? This talk presents the current state of affairs on the cyberwar and some of the tools that can be used to mitigate this new elevated risk.

Into the Abyss: cybersecurity tool selection, rationalization, and decommissioning

The information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? How can we minimize overlap within the highly dynamic toolset we already own, rationalize vendor relationships, and decommission tools that overlap or no longer justify their operating expense?

We are debilitated by too many choices and similarity of products in security where even experienced practitioners find it difficult to understand the rapid technological evolution and the trade-offs in play.

When clear objectives, goals, and decision-making criteria are not present, people often make buying decisions based on less scientific considerations: what they perceive “everyone else” is buying, unsubstantiated “gut feelings,” pre-existing relationships with vendors or sales individuals, or even who invites them to the best parties or nominates them for the most coveted industry awards.

The practice of information security is maturing rapidly. This transition to more scientific approaches to prioritizing security investments is becoming the standard to justify value. Security practitioners must embrace these mature approaches to strategic defense planning and resource allocation. This presentation will discuss ways to make the best choices to maximize defense coverage with appropriate resource allocation.

Perception vs. Reality: Ransomware and BEC in the Cyber Threat Landscape

Colonial Pipeline. CNA Financial. Quanta. Even the NBA. Hardly a week goes by without a ransomware story hitting the news, as organizations worldwide are targeted by an attack. But are there more dangerous threats out there?

Join us to hear Brynna Nery, Cloud Security Architect at Abnormal Security, discuss the real threats in today’s landscape, and why ransomware is only one of your concerns. She’ll answer questions like:
• How has the cyber threat landscape changed over the past decade?
• What drives threat actors to change their methods and tactics?
• Why should stopping business email compromise be at the top of your priority list?
• And what will change as new regulations are put in place?

With full insight into the past, present, and future of the threat landscape, this presentation will provide you with everything you need to understand what could be targeting your organization.

Prepare and Secure Critical Infrastructure for the Future of Digitalization

Digitalization is here to stay, and critical infrastructures are not an exception. Even before the pandemic, we have seen an increased number of connected OT systems to the Internet. It leads to no separation of IT & OT networks due to the increase in data, connectivity, complexity and costs.

What makes the protection for the digitalization of critical infrastructure complex is the convergence between IT & OT. Threats that commonly impact IT can move between cyber and physical environments. Therefore, cyber security is a key factor for the success of digitalized critical infrastructure. Successful long-term protection includes understanding stakeholder expectations, establishing a core cross-functional engagement model, building a roadmap of strategic initiatives and staying relevant with the latest security threats.

The presentation will share key principles and guidelines that I developed and refined over the years working in several industries. The application of the principles has helped prepare and secure critical infrastructure for the future of digitalization holistically and consistently.

Session Overview:
● How to set the foundations for the future of digitalized critical infrastructure
● What the key initiatives are, and how to effectively identify and execute them
● How to ensure long-term protection of digitalized critical infrastructure

Protecting your web applications built on Kubernetes

More and more DevOps teams rely on Kubernetes when developing their next-gen containerized applications.

Learn how you can keep a high level of security without slowly down your fast-paced development cycles using frictionless cyber security solutions.

Ransomware Recovery in 2022

We know that having a reliable backup can be the difference between downtime, data loss and paying a costly ransom. Unfortunately, when it comes to ransomware, most organizations data security strategies aren’t evolving to meet the threat.

During this session we will discuss how you can improve your defenses and reduce the risk of data loss through the lens of Veeam’s ransomware research.

Among the topics we will cover are:
● How you can prepare for a ransomware attack
● Why immutability and air gapping are key to data security
● Best practices for rapid reliable recovery
● And more!

Risk Adaptive Protection with Enterprise DLP – what is it and why do you care?

Secure Your Future: Internet-native Zero Trust Architecture Helps you Transform your Business Faster

We’re all facing more apps moving to the cloud and teams working remotely, amid a growing and evolving security threat landscape. When it comes to security, there’s never a single destination. The largest risk is committing to a network or security approach that locks you out of your own future. Today, organizations of all sizes need highly effective security delivered via an Internet-native architecture that consistently flexes to tackle the challenges of our current landscape, and that innovates at a pace to help you foresee what’s ahead.

Join this session for an in-depth look at an Internet-native approach to security based on zero trust principles and learn how you can ‘secure the future’ of your organization.

Stopping Ransomware with Cyberstorage

Ransomware has become the top concern among security and IT professionals, however solving for that challenge remains elusive as ever. With over $40B in damage caused in the last two years alone, legacy approaches are falling short of mitigating the risk. Edge and endpoint solutions have limited visibility into enterprise data operations, and data protection and backup providers promoting recovery mechanisms like immutable backups typically fall short of complete and timely service restoration. And with new, more destructive strains on the rise, what little impact observer and recovery-based solutions have will quickly soon be neutralized.

Cyberstorage is a new approach to solving data centric security problems through active security mechanisms embedded in the Enterprise data plane. This talk introduces the concept of an active security Enterprise file storage system, and how this type of solution can be a simple and effective answer to the Ransomware problem, both today and for the future.

The first moments | When visibility and artificial intelligence can compensate for the talent shortage

During this session we will be exploring the following topics:
• How are the first minutes of a cyberattack critical to containing the breach?
• How to bridge the chasm between the 208 days before the discovery of the breach and one hour and 12 minutes (1h 12m), which is the average time for a response, to prevent an attack from becoming systemic?

It is indeed one of the most beautiful scenarios for machine learning and automating reactions.

We will demonstrate that the architecture based on the principle of “best-of-breed” has shaped our technological infrastructures, making us now more vulnerable. We will also share the vision of an architecture that will help overcome the talent shortage and allow you to obtain a deep commitment from your existing teams.

The Journey to Zero Trust starts with Secure Identity abstract

Identity powers cyber resilience, and acts as the basis for the secure adoption of modern IT innovations, and for the pursuit of digital transformation initiatives that are essential for business competitiveness. Identity is the core of a Zero Trust strategy: With the perimeter moving to the identity layer, people become the critical component of the Zero Trust ecosystem.

The quest for better pentest reports: Introducing Missing Security Controls

Offensive security professionals are good at breaking into things, but we often fail at properly communicating our findings to the various stakeholders involved in the projects. Tools like CVSS can be useful at communicating risk but have major limitations. This talk focuses on some of those shortcomings and introduces a possible solution to bridge some of the communication gaps between intrusion testers and management.

Visibility, Control, and Change Tracking for Public Cloud Policies

See topology mapping, network analysis, and troubleshooting N/S and E/W traffic for Azure firewall and AWS security controls support.

What to Look for in Your Identity Cloud Provider

Identity cloud providers may seem to offer similar services, but they are not the same. And in today’s environment of escalating threats and growing regulatory requirements, it’s important to know the difference so that you can make an informed choice. You must consider security architecture, privacy controls, performance, and resilience — all essential ingredients of an identity cloud, and key to achieving your goal of stronger security and a great user experience.

Join ForgeRock to unpack the essentials of a modern identity cloud. We will explore various architecture models and their impact on cloud resources. We’ll address data residency and data sovereignty through the privacy lens, and we’ll discuss architectural solutions for better breach protection. You’ll leave this session with a better understanding of the differences in architectural approaches, and you’ll learn what questions to ask identity cloud providers to ensure you get the solution you need.

What has [not]changed with Social Media Manipulation Driven by Malware?

Social media manipulation, the deliberate act of increasing the visibility of specific social media posts or accounts, is as relevant as ever. Used to divide a population’s opinion, increase the popularity of influencers, or manipulate product ratings, such manipulation is a dangerous form of fraud that should be studied and monitored.

In 2019, Masarah and Olivier presented at Black Hat USA and DEF CON the culmination of four years of research on social media manipulation driven by malware. They unveiled an industry in which many actors are involved in the supply chain of such online manipulation, from customer-facing sellers, bulk resellers, reseller panel providers, residential proxy providers, automation software providers and botnet operators.

In this presentation, they will review their research findings in light of today’s ecosystem, three years later. What else has been uncovered about social media manipulation? Are the actors above still active? Are there news actors involved? Attend this interactive session to learn the current state of affairs on security research about social media manipulation, a critical-yet-overlooked factor in the current divide of our society.

* À l’aube du Metavers: L’admissibilité de la preuve issue des médias sociaux

Comme plusieurs d’entre nous passent une partie importante de leur vie sur les réseaux sociaux, ces outils constituent une manne potentielle d’éléments de preuve en cas de poursuite, tant en matière civile que pénale. Or, s’il peut être tentant de consulter le profil Facebook ou le compte Instagram d’un tiers dans le cadre d’une enquête, les tribunaux ont, au fil des ans, établi certaines balises quant aux méthodes pouvant être employées pour ce faire. En effet, selon les caractéristiques du profil, les modes d’accès, de collecte et de mise en preuve de contenus autorisés par les tribunaux pourront différer. La présentation fera ainsi état des enseignements pouvant être tirés de la jurisprudence canadienne quant à l’admissibilité en preuve de contenus issus des médias sociaux afin de mieux vous guider dans le cadre de vos enquêtes.     * Presented in French Only

* Breach Coach et préparation aux incidents, un guide pour s’y retrouver

Le pire moment de considérer la gouvernance et la gestion d’incidents est… pendant un incident. À ce moment, les tensions sont hautes et l’impact d’une erreur est important. Ainsi, cette présentation présente les différents concepts liés à préparation et réponse aux incidents, à la cyberassurance, à la simulation d’incident, à la gestion de crise et présente les principaux cadriciels de réponses aux incidents.     * Presented in French Only

* Comment Prévenir des Attaques de Type Ransomware Avec Une Bonne Gestion de Vulnérabilités

Voyez comment Contileak a permis de mieux comprendre le modus Operandi des groupes criminels tel que Conti.
Les fuites de conversations internes entre les membres du groupe Conti offrent un aperçu unique de ses méthodes de travail internes et fournissent des informations précieuses, notamment des détails sur plus de 30 vulnérabilités utilisées par le groupe et ses affiliés, ainsi que des détails sur ses processus après avoir infiltré un réseau, comme la façon dont il cible Active Directory.
* Presented in French Only