Sessions

We are excited about our session line up at GoSec 2022. As you will see below, we have a great selection of industry experts and specialists speaking on a wide variety of topics including audit and governance, risk management, research, and operational security.

Keynotes

From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack

Following in the footsteps of a cyber-criminal and uncovering their digital footprint. This is a journey inside the mind of an ethical hacker’s response to a ransomware incident that brought a business to a full stop, and discovering the evidence left behind to uncover their attack path and the techniques used. In this session I will cover a real-world incident response to the CryLock ransomware showing the techniques used by the attackers. The footprints left behind and uncovering the techniques used.

Joe Carson, Chief Security Scientist & Advisory CISO at Delinea, who will take you through the mind of a hacker and follow the footsteps that led to a damaging Crylock ransomware attack. Joe will look at tools and techniques cyber criminals use to hack endpoints, such as the WannaCry vulnerability, RDP Brute Force, Mimikatz, and Responder, and the paths they can take toward your enterprise infrastructure and data. Joe will walk through the attack, step-by-step, showing:

● How attackers gained access to the system
● Established staging
● What tools were used
● What commands were executed
● How the ransomware was delivered
● How AD elevation was achieved

Joe will then cover some of the needed incident response steps, utilizing the same use case but from the viewpoint of defender, including:

● Detection, what triggered alert
● Finding what Cryptor was used
● Cleaning up systems
● Finding patient zero

Joseph Carson

Joseph Carson

Chief Security Scientist and Advisory CISO at Delinea

How Eating Your Own Dog Food Helps Secure the Planet

Dogfooding (a common term in software companies for internally using your own products before they launch) is an important part of Google’s culture, and its practice has driven the creation of advanced security technologies, in some cases years before the broader need for them outside of Google was fully understood. For us, dogfooding is more than using our own products. It represents a comprehensive program of using, testing, and rapidly refining the products in the rigorous operating environment of Google. In this session, we’ll explore how Google structures its dogfooding culture and share examples and experience of how this practice might be the most important criteria security leaders should evaluate when selecting a technology provider.

Taylor Lehmann

Taylor Lehmann

Director, Office of the CISO, Google Cloud

Sessions

API Secrets are weak proxies for Machine Identity

Today most API communication between machines is secured through API Secrets – static keys, tokens or PKI certificates that act like system passwords in order to authenticate machines and broker communication between machines. These machines could be cloud workloads, pods, containers, servers, VMs, microservices, and of course physical machines like servers or IoT devices. Perfect security hygiene would mean each API secret is uniquely assigned to only one machine, never shared, and routinely rotated, AND securely distributed through development and deployment systems to the machine that needs it without worry of being leaked along the way.

The reality is API secrets are often shared across dozens or hundreds of machines and workloads. They are rarely if ever rotated, and secrets distribution and management across different applications and environments is a very arduous task. More recently, the static nature of API secrets has made them ripe targets for adversaries. Secrets are getting leaked in code repositories, CI systems like Jenkins or Travis, orchestration tools like Kubernetes, cloud hosting environments like AWS, GCP and Azure, as well as logging tools like Splunk and Elastic, even collaboration environments like Slack.

In this presentation, Corsha’s Co-founder and CTO Anusha Iyer will walk through why the API secrets are often easy prey for bad actors and weak proxies for machine identity and how to better secure API communication between machines.

Anusha Iyer

Anusha Iyer

CTO and Co-Founder of Corsha

Bill 64 is modernizing Québec privacy law – What it involves, why it matters, and what you can do to reduce the risk of non-compliance financial and administrative penalties

The stringent new privacy regulations introduced in Bill 64 will require significant changes for organizations operating in Québec or engaging with Québec residents. Policies and procedure will only take you so far to avoid the serious consequences of non-compliance.

DataStealth is a proven solution that helps organizations discover, classify, and protect sensitive data governed by Bill 64, including obligations regarding data residency and the right to be forgotten. Meet the challenge of compliance head on, without the need for any code changes, API integrations, agent installations, or other changes to your applications or IT environment.

Join us to learn about a simple way to take Bill 64 compliance from paper to an actionable plan that will improve your security and mitigate your risk.

Ed Leavens

Ed Leavens

CEO at Datex

Change Your Perspective: View Your Network Like a Hacker

We all spend a lot of time and a lot of money trying to manage risk, while deploying new IOT devices with little more than wishful optimism. We buy firewalls and NDR and EDR and maybe even XDR, and we buy a SIEM to pull all the logs together into one place we can’t keep up with. We run Vulnerability Assessments and get thousand-page reports on things we probably don’t have time to fix. We pay penetration testing companies a small fortune to find the holes in our network we really thought we’d closed. We hire as many SecOps staff and security analysts as we can afford, and we try to keep them long enough to get something done before they move on. Then we sit back and look at the logs of all the stuff we’re blocking, and we wonder…

● How are those connected devices expanding my attack surface?
● What are we missing?
● What aren’t we seeing?
● Hackers can be in the network for weeks or months without detection – are they here now?
● All these headline breaches – they all deployed similar security technology and staff. If they got hacked, why won’t I?
● At the end of the day, am I safer than I was yesterday? Last month? Last year?

Well, now there’s a better way. What if you could see your network the way an attacker sees it? And what if you could do that every day, and find and prioritize every security gap in your network in real time? By thinking like a hacker and attacking your own devices and networks, you can put that power in your hands. Join us for this presentation and learn now.

Scott Register

Scott Register

Vice President, Security Solutions at Keysight Technologies

Cybersecurity as a Business Opportunity – a Success Story Through Pain and Failure

Cybersecurity is often seen as a necessary evil or pain. Engaging into a cyber security program requires money, highly specialized workforce, technology and support from many stakeholders. The overall total cost just keeps growing and growing every year to reduce this critical risk. New security solutions and processes tend to slow down productivity and impact business velocity.

However, when seen under the lens of “opportunity”, it can also uncover new sources of income, improve marketing reach, enable stronger competitive advantage, enrich business culture and more. Great returns can be realized if approached with a different eye.

This talk aims at tackling the bright side of cyber security investment by exploring the good and the bad we experienced as an SMB. We hope that in the light of this talk, refreshing new discussions might fire up in your own organization and will, perhaps, result in fresh, new, innovative and “profitable” cyber security initiatives.

Martin Lemay

Martin Lemay

Chief Security Officer at Devolutions Inc.

Cybersecurity on a budget: Securing your code and infrastructure for free

In many organizations, securing a budget to fund cybersecurity is still a problem. Even now, executives are reluctant to fund cybersecurity, seeing it as an expense rather than an investment, despite the fact that cyber attacks increase by 50% year over year and while the media is plagued with reports of newly discovered vulnerabilities and new data breaches. Developers are struggling to ensure that the software that they produce is secure and vulnerability free. What if one of my software dependencies has a vulnerability that I’m unaware of? What if a mistake was made in my infrastructure as code and now I’m exposing a resource publicly on my cloud provider? What if someone has accidentally leaked a secret and a disgruntled employee decides to sell it to malicious actors?

This talk will explore solutions to these topics. More specifically, this talk will cover secret management, code vulnerability scanning, dependency scanning, infrastructure as code scanning and fuzzing from a prevention and developer’s point of view. The solutions proposed will use free (gratis) software and can easily be adapted to almost any developer’s workflow.

Alexandre-Xavier Labonté-Lamoureux

Alexandre-Xavier Labonté-Lamoureux

Student in Software Engineering at the École de Technologie Supérieure

Do We Need to Remediate Them All?

Do CVSS scores, news headlines, proprietary vendor ratings and intelligence feeds have you feeling analysis paralysis when it comes to vulnerability remediation? In this talk, we’ll look at the factors to take into consideration when weighing enterprise risk and we’ll talk about how to realize effective risk reduction with efficient remediation efforts.

Todd Dow

Todd Dow

Technical Security Solutions Specialist at Cisco

Enhancing Blue Teaming with Threat Emulation and Purple Teaming

On a regular basis, modern enterprises confront cyber-attacks. Black hat hackers provide no sign that they want to quit. New tactics, techniques, and Procedures (TTP) emerge every day. Thus, organizations must make sure they are ready for a targeted attack. The presentation, through a balanced mix of theory and lab demonstrations, will start by providing a fair understanding of Threat Informed Defense. Later, attendees will explore how to leverage Purple Teaming and Adversary emulation exercises to enhance the effectiveness and maturity level of the defense teams of their organizations in addition to showing how to gain better visibility and monitoring coverage (The coverage is based on the MITRE ATT&CK framework). This talk will present how to plan and execute effective Adversary Emulations and Purple teaming assessments utilizing Open-source and publicly available tools and utilities. From the defensive side, the focus will be on Microsoft Sentinel SIEM/SOAR.

Chiheb Chebbi

Chiheb Chebbi

Cybersecurity Consultant at Intellisec Solutions

Ensuring Developer Intent Matches Reality

Developers have the control. They write the code, they write the infrastructure-as-code, they deploy it all continuously. Ensuring what’s running is supposed to be running can be difficult, but the cloud provides extreme transparency through APIs to see exactly what exists in your environment.

Mike Milner

Mike Milner

Head of Product Management at Trend Micro

Executive Security Amidst Professionalization of Cyber Criminal Underground

In this talk, ZeroFox will discuss several real-world use cases from the field to highlight the evolution of this criminal ecosystem, focusing on some of its most effective operators and the risks they pose to C-Suite executives. ZeroFox will also offer recommendations to best protect your “Very Attacked People” against various forms of malicious exploitation from the cybercriminal underground.

Cyber criminals have added additional complexity to executive security programs. These criminals are well funded, highly organized, and can pivot quickly within a dynamic ever-changing cyber threat landscape. Security teams no longer need only to have a competitive edge over their peers but are going toe-to-toe with cyber criminals who continuously innovate, cooperate, and adapt. “Very Attacked People,” like enterprise leadership and high-profile employees, are frequent targets of these criminal actors who aim to exfiltrate data, commit fraud, take over accounts, disseminate false information, or impersonate high-profile employees. By understanding common threat actor behavior and staying abreast of trends in the cybercriminal underground, organizations can develop a proactive response by anticipating threat actors’ next move, help educate the C-Suite, and improve their overall cyber safety posture.

Olga Polishchuk

Olga Polishchuk

Senior Director, Tactical Intelligence Operations at Zerofox

Hackers get your data through weak passwords practices: Understanding why and how to improve password protection

Using authentication to secure data and accounts has grown to be a natural part of using computers. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. People usually have a multitude of different passwords and when they create their passwords, they often use a strategy to make the password easy to remember (Pfleeger, et al., 2015; Stobert & Biddle, 2014; Ur, et al., 2015). This study aims to outlines password creation strategies according to their performance – good versus bad password. Password creation strategy refers to active approaches that can be used by a password creator to create memorable passwords (Zviran & Haga, 1990; Ur, et al., 2015). Using databases with actual passwords that have been leaked to the internet, a comparison is done with the list of passwords of GoSecure clients that have been obtain through cybersecurity tests. Both were compared to observe the differences and the analysis helps reveal different types of passwords strategies and the similarity between actors. Results show that GoSecure clients offers a better performance in term of password strategies. Those results can be used to deepen the understanding of password types and password behavior and to understand better the networks of internet users.

Andréanne Bergeron

Andréanne Bergeron

Cybersecurity Researcher at GoSecure

Implementing an Effective Data Protection Program (DPP)

Do you have any idea how much time it will take to scan, identify, and secure every organization file containing sensitive information? Me neither, data is everywhere!

Fortunately, you don’t need this information to implement an effective enterprise program. In this session, we’ll focus on the scope, processes, and roles & responsibilities. Join Benoit for a pragmatic conversation based on lessons learned and emerging practices.

Benoît H. Dicaire

Benoît H. Dicaire

CTO Canada at Forcepoint

Prepare and Secure Critical Infrastructure for the Future of Digitalization

Digitalization is here to stay, and critical infrastructures are not an exception. Even before the pandemic, we have seen an increased number of connected OT systems to the Internet. It leads to no separation of IT & OT networks due to the increase in data, connectivity, complexity and costs.

What makes the protection for the digitalization of critical infrastructure complex is the convergence between IT & OT. Threats that commonly impact IT can move between cyber and physical environments. Therefore, cyber security is a key factor for the success of digitalized critical infrastructure. Successful long-term protection includes understanding stakeholder expectations, establishing a core cross-functional engagement model, building a roadmap of strategic initiatives and staying relevant with the latest security threats.

The presentation will share key principles and guidelines that I developed and refined over the years working in several industries. The application of the principles has helped prepare and secure critical infrastructure for the future of digitalization holistically and consistently.

Session Overview:
● How to set the foundations for the future of digitalized critical infrastructure
● What the key initiatives are, and how to effectively identify and execute them
● How to ensure long-term protection of digitalized critical infrastructure

Dr. Tim Nedyalkov

Dr. Tim Nedyalkov

Technology Information Security Officer at the Commonwealth Bank of Australia and Executive Member of the CyberEdBoard Global Community

Protecting your web applications built on Kubernetes

More and more DevOps teams rely on Kubernetes when developing their next-gen containerized applications.

Learn how you can keep a high level of security without slowly down your fast-paced development cycles using frictionless cyber security solutions.

Tomer Rozentzvaig

Tomer Rozentzvaig

Director of Product Management – AppSec at Radware

Ransomware Recovery in 2022

We know that having a reliable backup can be the difference between downtime, data loss and paying a costly ransom. Unfortunately, when it comes to ransomware, most organizations data security strategies aren’t evolving to meet the threat.

During this session we will discuss how you can improve your defenses and reduce the risk of data loss through the lens of Veeam’s ransomware research.

Among the topics we will cover are:
● How you can prepare for a ransomware attack
● Why immutability and air gapping are key to data security
● Best practices for rapid reliable recovery
● And more!

Eric Amar

Eric Amar

Systems Engineer at Veeam

Secure Your Future: Internet-native Zero Trust Architecture Helps you Transform your Business Faster

We’re all facing more apps moving to the cloud and teams working remotely, amid a growing and evolving security threat landscape. When it comes to security, there’s never a single destination. The largest risk is committing to a network or security approach that locks you out of your own future. Today, organizations of all sizes need highly effective security delivered via an Internet-native architecture that consistently flexes to tackle the challenges of our current landscape, and that innovates at a pace to help you foresee what’s ahead.

Join this session for an in-depth look at an Internet-native approach to security based on zero trust principles and learn how you can ‘secure the future’ of your organization.

John Engates

John Engates

Field Chief Technology Officer at Cloudflare, Inc.

Stop Playing Whack-A-Mole with Your Security Strategy: How to Prioritize Risks for Your Organization

You’ve invested in retooling to fit your cloud environment, you’ve increased your headcount, and you are sprinting all the way through a marathon to secure “All the Things.” But your company was still breached. Why?

Security teams everywhere are struggling to keep up with a fast changing threat landscape. According to the FBI, financial losses from business email compromise accounted for $2.4B in losses in 2021. Supply chain compromise attacks, including invoice fraud and billing account updates, are rampant—with large organizations having a 97% chance of receiving at least one vendor attack each week.

Join us for this session, where Brynna Nery, Cloud Security Architect at Abnormal Security, will discuss how to prioritize the first lines of defense for users. We will dive into:
• Specialized content for security awareness training… after all, it’s more useful than a compliance checkbox
• Supply chain risks and effective mitigation tactics
• Data security, not just storage encryption
• And which core capabilities you actually need to be effective

This presentation will also include a demo of an environment where all the common cloud controls were implemented and still breached, followed by a scenario where we are saved by an alliance of security controls and security heros.

Brynna Nery

Brynna Nery

Cloud Security Architect at Abnormal Security

Stopping Ransomware with Cyberstorage

Ransomware has become the top concern among security and IT professionals, however solving for that challenge remains elusive as ever. With over $40B in damage caused in the last two years alone, legacy approaches are falling short of mitigating the risk. Edge and endpoint solutions have limited visibility into enterprise data operations, and data protection and backup providers promoting recovery mechanisms like immutable backups typically fall short of complete and timely service restoration. And with new, more destructive strains on the rise, what little impact observer and recovery-based solutions have will quickly soon be neutralized.

Cyberstorage is a new approach to solving data centric security problems through active security mechanisms embedded in the Enterprise data plane. This talk introduces the concept of an active security Enterprise file storage system, and how this type of solution can be a simple and effective answer to the Ransomware problem, both today and for the future.

Eric Bednash

Eric Bednash

Co-founder and CEO of RackTop Systems

Visibility, Control, and Change Tracking for Public Cloud Policies

See topology mapping, network analysis, and troubleshooting N/S and E/W traffic for Azure firewall and AWS security controls support.

Raymond Chan

Raymond Chan

Cloud Sales Engineer at Tufin

What to Look for in Your Identity Cloud Provider

Identity cloud providers may seem to offer similar services, but they are not the same. And in today’s environment of escalating threats and growing regulatory requirements, it’s important to know the difference so that you can make an informed choice. You must consider security architecture, privacy controls, performance, and resilience — all essential ingredients of an identity cloud, and key to achieving your goal of stronger security and a great user experience.

Join ForgeRock to unpack the essentials of a modern identity cloud. We will explore various architecture models and their impact on cloud resources. We’ll address data residency and data sovereignty through the privacy lens, and we’ll discuss architectural solutions for better breach protection. You’ll leave this session with a better understanding of the differences in architectural approaches, and you’ll learn what questions to ask identity cloud providers to ensure you get the solution you need.

Jeffrey Carpenter

Jeffrey Carpenter

Director of Product Solutions at ForgeRock

What has [not]changed with Social Media Manipulation Driven by Malware?

Social media manipulation, the deliberate act of increasing the visibility of specific social media posts or accounts, is as relevant as ever. Used to divide a population’s opinion, increase the popularity of influencers, or manipulate product ratings, such manipulation is a dangerous form of fraud that should be studied and monitored.

In 2019, Masarah and Olivier presented at Black Hat USA and DEF CON the culmination of four years of research on social media manipulation driven by malware. They unveiled an industry in which many actors are involved in the supply chain of such online manipulation, from customer-facing sellers, bulk resellers, reseller panel providers, residential proxy providers, automation software providers and botnet operators.

In this presentation, they will review their research findings in light of today’s ecosystem, three years later. What else has been uncovered about social media manipulation? Are the actors above still active? Are there news actors involved? Attend this interactive session to learn the current state of affairs on security research about social media manipulation, a critical-yet-overlooked factor in the current divide of our society.

Olivier Bilodeau

Olivier Bilodeau

Cybersecurity Research Director at GoSecure

Masarah Paquet-Clouston

Masarah Paquet-Clouston

Professor in criminology at Université de Montréal

* À l’aube du Metavers: L’admissibilité de la preuve issue des médias sociaux

Comme plusieurs d’entre nous passent une partie importante de leur vie sur les réseaux sociaux, ces outils constituent une manne potentielle d’éléments de preuve en cas de poursuite, tant en matière civile que pénale. Or, s’il peut être tentant de consulter le profil Facebook ou le compte Instagram d’un tiers dans le cadre d’une enquête, les tribunaux ont, au fil des ans, établi certaines balises quant aux méthodes pouvant être employées pour ce faire. En effet, selon les caractéristiques du profil, les modes d’accès, de collecte et de mise en preuve de contenus autorisés par les tribunaux pourront différer. La présentation fera ainsi état des enseignements pouvant être tirés de la jurisprudence canadienne quant à l’admissibilité en preuve de contenus issus des médias sociaux afin de mieux vous guider dans le cadre de vos enquêtes.     * Presented in French Only

Nicolas Vermeys

Nicolas Vermeys

Director of the Public Law Research Center, Deputy Director of the Cyberjustice Laboratory and Professor at the Faculty of Law of the University of Montreal

* Breach Coach et préparation aux incidents, un guide pour s’y retrouver

Le pire moment de considérer la gouvernance et la gestion d’incidents est… pendant un incident. À ce moment, les tensions sont hautes et l’impact d’une erreur est important. Ainsi, cette présentation présente les différents concepts liés à préparation et réponse aux incidents, à la cyberassurance, à la simulation d’incident, à la gestion de crise et présente les principaux cadriciels de réponses aux incidents.     * Presented in French Only

Laurent Desaulniers

Laurent Desaulniers

Vice President Breach Detect Response Services at GoSecure

* Comment Prévenir des Attaques de Type Ransomware Avec Une Bonne Gestion de Vulnérabilités

Voyez comment Contileak a permis de mieux comprendre le modus Operandi des groupes criminels tel que Conti.
Les fuites de conversations internes entre les membres du groupe Conti offrent un aperçu unique de ses méthodes de travail internes et fournissent des informations précieuses, notamment des détails sur plus de 30 vulnérabilités utilisées par le groupe et ses affiliés, ainsi que des détails sur ses processus après avoir infiltré un réseau, comme la façon dont il cible Active Directory.
* Presented in French Only

Julien Hamel

Julien Hamel

Senior Sales Engineer at Tenable