<< Back to SpeakersMiju Han Miju Han is the Director of Product Management at HackerOne, where she leads a team of product managers, data scientists, and engineers to build and launch practical and actionable tooling for security teams. With a background in both data and security, Miju has a keen eye for spotting increased efficiency and automation in modern security practices. Miju previously served as a Director of Product at GitHub, where she pitched and launched security alerts on top of the dependency graph, one of the first large-scale efforts to embed security best practices into core development tooling. GitHub’s security alerts won a 2018 technology of the year award from InfoWorld, and more importantly, have lead to the patching of almost ten million vulnerabilities. Miju began her career working on data science at content platforms such as YouTube, Beats Music/Apple, and TuneIn. Outside of work she’s an avid painter and competitive powerlifter. She has previously spoken at QCon and Looker JOIN. She keynoted GitHub Universe in 2017.
<< Back to SpeakersChloé Messdaghi Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine’s The Uncommon Journey, and runs the Hacker Book Club.
<< Back to SpeakersChris Roberts Chris is currently serving as a vCISO or advisor for a number of entities and organizations around the globe. He’s most recently been working on a number of projects within the deception, identity, cryptography, and services space. Over the years, he’s founded or worked with a number of organizations specializing in OSINT/SIGING/HUMINT research, intelligence gathering, cryptography, and deception technologies. These days he’s working on spreading the risk, maturity, collaboration and communication word across the industry. Since the late 90’s Chris has been deeply involved with security R&D, consulting, and advisory services in his quest to protect and defend businesses and individuals against various types of attack. Prior to that he jumped out of planes for a living, visiting all sorts of interesting countries and cultures while doing his best to avoid getting shot at too often. (Before that, he managed to get various computers confiscated by a number of European entities.) He’s considered one of the world’s foremost experts on counter threat intelligence and vulnerability research within the Information Security industry. He’s also getting a name for himself in the transportation arena, basically anything with wings, wheels, tracks, tyres, fins, props or paddles has been the target for research for the last 10-15 years…to interesting effect. Chris has led or been involved in information security assessments and engagements for the better part of 25 years and has a wealth of experience with regulations such as GLBA, GDPR, HIPAA, HITECH, FISMA, and NERC/FERC. He has also worked with government, state and federal authorities on standards such as CMS, ISO, and NIST. Chris has been credentialed in many of the top IT and information security disciplines and as a CyberSecurity advocate and passionate industry voice, he is regularly featured in national newspapers, television news, industry publications and several documentaries. He can typically be found waving arms on a stage somewhere on this planet…or hacking into whatever’s taken his fancy…(Cows being one of the more bizarre things, we’ll ignore things in space for now.) As one of the well-known hackers and researchers, Chris is routinely invited to speak at industry conferences. CNN, The Washington Post, WIRED, Business Insider, USA Today, Forbes, Newsweek, BBC News, Wall Street Journal, and numerous others have covered him in the media. And worst case, to jog the memory, Chris was the researcher who gained global attention in 2015 for demonstrating the linkage between various aviation systems, both on the ground and while in the air that allowed the exploitation of attacks against flight control system.
<< Back to SpeakersAdmiral James Stavridis Admiral James Stavridis is an Operating Executive of The Carlyle Group, following five years as the 12th Dean of The Fletcher School of Law and Diplomacy at Tufts University. A retired 4-star officer in the U.S. Navy, he led the NATO Alliance in global operations from 2009 to 2013 as Supreme Allied Commander with responsibility for Afghanistan, Libya, the Balkans, Syria, counter piracy, and cyber security. He also served as Commander of U.S. Southern Command, with responsibility for all military operations in Latin America from 2006-2009. He earned more than 50 medals, including 28 from foreign nations in his 37-year military career. Earlier in his military career he commanded the top ship in the Atlantic Fleet, winning the Battenberg Cup, as well as a squadron of destroyers and a carrier strike group – all in combat. In 2016, he was vetted for Vice President by Hillary Clinton and subsequently invited to Trump Tower to discuss a cabinet position in the Trump Administration. Admiral Stavridis earned a PhD in international relations and has published nine books and hundreds of articles in leading journals around the world. His 2012 TED talk on global security has close to one million views. Admiral Stavridis is a monthly columnist for TIME Magazine and Chief International Security Analyst for NBC News, and has tens of thousands of connections on the social networks.
<< Back to SpeakersDaniel Wiley Daniel Wiley, Head of Incident Response, manages Check Point’s advanced security operations including Check Point Incident Response Service. His core responsibility is to bridge the gap between product and operational security and to provide actionable intelligence to Check Point customers. Daniel is an experienced cyber security leader with over 25 years of experience in the Cyber Security industry, including government, civilian and service provider environments.
<< Back to SpeakersPhilippe Arteau Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.
<< Back to SpeakersFrancis Nadeau Francis Nadeau est président, cofondateur de HydraLab, une société qui développe des technologies de décentralisation. Plus précisément, HydraLab offre un accompagnement complet passant par l’analyse de faisabilité, la conception de processus d’affaires et applicatifs ainsi que le développement de systèmes distribués. Francis est titulaire d’un baccalauréat en gestion des technologies d’affaires de l’Université du Québec. Durant ses études universitaires, il était chercheur associé dans le domaine de l’intelligence artificielle et de la technologie financière. Il occupait le rôle d’analyste blockchain pour le FintechLab, un observatoire sur les technologies financières. Avant de cofonder HydraLab, il a agi à titre d’analyste de produits pour Coveo, un chef de file dans la recherche intelligente. Francis Nadeau possède une solide expertise en technologies émergentes.
<< Back to SpeakersMaxime Laroche Me Maxime Laroche est procureur aux poursuites criminelles et pénales depuis 2010, œuvrant auprès de l’équipe du Centre-du-Québec. Entre 2015 et 2019, il fut prêté pour occuper les fonctions d’expert-conseil juridique de l’École nationale de police du Québec. Il est actuellement collaborateur auprès du Laboratoire de recherche en criminalistique en plus d’être chargé de cours auprès de l’Université de Montréal (Entrevues d’enquête, perquisitions et saisies).
<< Back to SpeakersSabine Lainer Sabine is the Senior Payment Security & Privacy Advisor at GoSecure. Sabine is a graduate of University of Applied Science in Furtwangen Germany, Brunel University in London/UK, University of South Australia, McGill University, Concordia University, and the University of Alberta. She holds too many certificates to list here and is still working to get yet another one at present. She is passionate about everything security and privacy, learning (she maintains a continuous education wish list that never seems to get shorter) and teaching. Sabine won an innovative teaching price in 1997 and was nominated for the Women in IT Award – Security Champion in the UK in 2016. Sabine lived and worked in nine countries and is now a permanent resident of Canada. When not at the computer, Sabine likes long distance running (the speed is gone but the stamina is still there), cycling, hiking, swimming, travelling (well once we are allowed to do so again), bungee jumping, watching, reading and listening to science fiction stories. She is a huge Star Trek fan and is immensely proud to live in the city now, that is the birthplace of William Shatner.
<< Back to SpeakersGreg Young Greg Young has 30 years of experience in enterprise class security. As a Research Vice President with Gartner for 13 years Greg advised thousands of companies and governments on how to better secure themselves, evaluated and advised hundreds of security vendors, and has seen those same technologies successfully used, abused, put on a shelf, or pushed into a deep hole and never to be spoken of again. At Gartner he led research for network security, threat trends, data center security, cloud netsec and microsegmentation. He authored more than 20 Magic Quadrants for firewall, IPS, WAF, and UTM, and was Conference Chair for 4 Security Summits. Greg headed several large security consulting practices, was CISO for the Department of Communications, and was Chief Security Architect for a security product company. Previously, Greg was a commissioned officer in the military police and counter-intelligence branch working as a Certifier/Accreditor at the national authority, and received the Confederation Medal from the Governor General of Canada for his work with smart card security. Greg was named in the “12 Most Powerful Security Companies” and as one of “100 Most Powerful Voices In Worldwide Security”.
<< Back to SpeakersJean-Frédéric Gauron Jean-Frédéric is a cybersecurity research intern at GoSecure. He is passionate about web application security as well as reverse engineering and binary exploitation. As a competitive person, he enjoys testing his abilities in various CTFs and programming competitions. During his studies in software engineering, he spent most of his time at school organizing student clubs in order to get more people interested in cybersecurity. When not on the computer, Jean-Frédéric likes to do mixed martial arts. Competitive in sports as well, he has more than a dozen fights under his belt.
<< Back to SpeakersJulien Pineault Julien is a security analyst and red teamer in the Ethical Hacking team at GoSecure, His areas of expertise are internal and external intrusion, web application testing and OpSec infrastructure. He specializes in getting the initial foothold in red team engagements and setting the stage for the rest of the intrusion team to perform their work. His interest in security sparked from Capture The Flag competitions, and he continues to be active in the Montréal infosec community, competing at a high caliber in CTF events. When not competing or on engagements, Julien spends his time volunteering for community events like MontréHack.
<< Back to SpeakersRomain Carnus Romain is currently working at GoSecure as a pentester in the Ethical Hacking team. In the past, Romain was security evaluator on security products. Romain is interested in all sides of infosec but more particularly in protocol attacks, IoT, and virtualization. When not on the computer Romain likes to travel abroad and discover other cultures.
<< Back to SpeakersMaxime Nadeau Maxime is currently working at GoSecure as an ethical hacker. Jack of all trades, master of some, his areas of interest are wide and include almost anything he feels could be broken. He does have a deeper interest for adversary simulation and physical security. When he is not coding new tools, you will probably find him transforming everyday objects into physical network implants, woodworking or working on one of his unrealistic evil plans.
<< Back to SpeakersStan Lowe Prior to joining Zscaler, Stan served as the VP & Global Chief Information Security Officer for PerkinElmer, where he was responsible for global enterprise security and privacy. As a cybersecurity and technology executive, Stan has successfully led transformational change in large, complex environments, as well as small and mid-size cybersecurity and IT organizations. Stan also has extensive federal experience, serving as the U.S. Department of Veterans Affairs (VA) Deputy Assistant Secretary for Information Security, Chief Information Security Officer, and Deputy Chief Privacy Officer, as well as Deputy Director of the Department of Defense/VA Interagency Program Office. Before joining the VA, Stan served as Chief Information Officer of the Federal Trade Commission. Stan is also a veteran who served in the U.S. Navy.
<< Back to SpeakersKevin Magee As the Chief Security and Compliance Officer for Microsoft Canada, Kevin Magee leads the technical teams who are Microsoft’s architects, practitioners and stewards of trust. He is one of Canada’s leading authorities on cybersecurity and cyber risk governance and often writes, lectures and contributes to curriculum development for Canadian colleges and universities on topics related to cybersecurity, governance, entrepreneurship and criminology. Kevin also holds an ICD.D certification with the Institute of Corporate Directors and has extensive experience advising, educating and serving on boards including the Brant Community Healthcare System. Deeply committed to the development and creation of cybersecurity leadership and technical educational opportunities for aspiring security professionals, he currently serves as an Entrepreneur in Residence for the Rogers Cybersecurity Catalyst at Ryerson University, as a Member of the University of Guelph’s Master of Cybersecurity and Threat Intelligence Advisory Board, as a Member of George Brown College’s Cyber Security Program Advisory Council and as a Member of the Royal Canadian Military Institute. He has also previously served as an Entrepreneur in Residence for Laurier University and advisor for Communitech and MaRS.
<< Back to SpeakersAshwath Murthy Ashwath Murthy is the Sr. Director of Product Management at Palo Alto Networks focused on core network security strategies. Ashwath’s product teams lead the foundational “context” and security engines on the NGFW — App-ID, User-ID, Device-ID, TLS Decryption, and Content Inspection. He has held multiple roles through his tenure at Palo Alto Networks, and has over a decade of experience in the fields of identity security, application security, cryptography, and device security. He holds a Masters’ degree in Computer Science from Cornell University, and currently resides in the San Francisco Bay Area.
<< Back to SpeakersAndy Skrei Andy Skrei is the VP of worldwide sales engineering at Exabeam, a company that provides next-generation security intelligence and management solutions to help organizations protect their most valuable information. He previously worked as a lead security engineer at eBay, developing and deploying technologies for its global SOC.
<< Back to SpeakersBryan Whyte After earning my Masters in Electrical Engineering, I spent over 20 years developing software applications to test hardware such as Torpedoes, Circuit Boards and Digital Subscriber Line (xDSL) modems. During that time I was also able to contribute to the product development for both Embedded and Distributed Enterprise Applications. In 2015 I joined IBM Security as a Technical Pre-Sales Engineer focused on the AppScan tool suite for Static, Dynamic and Mobile Application Security Testing. After spending a few years in Application Security I decided to expand my Cybersecurity proficiency and became a Certified Information Systems Security Professional (CISSP). I joined Sonatype in 2019 because the explosive growth of Open Source Software has made Software Composition Analysis a critical aspect of Application Security. In my free time I enjoy spending time with my wife and two daughters, traveling, sampling craft beers and golfing (poorly).
<< Back to SpeakersChristopher Hills Christopher L. Hills has more than 15 years’ experience as a Senior Security and Architecture Engineer operating in highly sensitive environments. Chris is a military veteran of the United States Navy and started with BeyondTrust after his most recent role leading a Privileged Access Management (PAM) team as a Technical Director within a Fortune 500 organization. In his current position, he has responsibilities as a Senior Solutions Architect consulting on PAM implementations and reports to the Office of the CTO as an acting Deputy CTO. In his free time, Chris enjoys spending time with his family on the water with their 32-foot speedboat in the summer and taking to the sand dunes and off-roading in the winter.
<< Back to SpeakersMaurice Côté Maurice leads and manages the Privileged Access Management program as well as the Operations team at Devolutions. Having evolved in startups for the greater part of his career, although he is a developer by trade, he has had to learn infrastructure management and operational security since, well... there was no one else to do it! He works with analysts, customers, and partners alike and has acquired a deep knowledge of the PAM space.
<< Back to SpeakersNico Popp Nico Poppis the Chief Product Officer for Forcepoint. Popp oversees the global execution and strategic evolution of Forcepoint’s humancentric cloud security platform. This includes leadership of all product development, management, and innovation across Forcepoint products as well as Forcepoint X-Labs. Popp joins Forcepoint from Symantec, where he was Senior Vice President of Cloud and Information Protection leading the data and cloud security product and engineering teams. Prior to Symantec, Popp held senior leadership roles at Verisign, Apple, and NeXT Software. Popp holds more than 30 patents. He received a master’s degree in Aeronautics and Astronautics from Stanford University, and a BA from France’s SUPAERO.
<< Back to SpeakersDerek Manky Derek Manky brings more than fifteen years of experience to a strategic and visionary cyber security role, working with FortiGuard Labs at Fortinet. Manky leads a seasoned threat intelligence team which bridges data science with security strategy, facilitating tactics. He also leads an agile consulting team provides expert advice and is specialized in advanced threat concepts, security research, penetration testing, data insight and threat intelligence/playbook mapping. He consults with leading CSOs/CISOs of Fortune 500 companies worldwide across multiple industries. Manky provides thought leadership to industry and has presented research and strategy worldwide at many premier security conferences. As a cyber security expert, his work has included meetings with leading political figures and key policy stakeholders globally, including law enforcement, which helps define the future of cyber security. Manky orchestrates global threat intelligence initiatives with Fortinet, including the Cyber Threat Alliance (CTA), NATO NICP, INTERPOL Expert Working Group, and the Forum for Incident Response and Security Teams (FIRST). Manky has been with the Cyber Threat Alliance since it was founded in May 2014 and sits on the steering committee, working with leading security executives and CEO direction in industry. His vision is applied to help shape the future of proactive cyber security, with the ultimate goal to make a positive impact towards the global war on cybercrime. He works globally with the security industry and Computer Emergency Response Team (CERT) to connect the dots, streamlining mitigation advice and threat forecasts based on personal knowledge and a team of world class experts at Fortinet and FortiGuard Labs. This strategy is integrated into advanced technology frameworks to fight cyber-attacks, while keeping clients secure. Manky designed a zero-day vulnerability disclosure framework, which has been reliably used for years to responsibly fix security issues before black hat attackers get a chance to exploit victims. Manky sits on a computing science advisory committee, and meets with universities to provide security industry input that he hopes will help shape the bright young minds of tomorrow. In an effort to educate, he is regularly featured in top tier media and guest articles including, but not limited to, CNN, Bloomberg, NBC, MSNBC, Wired, CSO, Forbes, Wall Street Journal, Dark Reading, and the Financial Times. Manky has been recipient of his technical University’s honorable 2019 BCIT Distinguished Alumni Award. Manky has also been the recipient of CRN’s ‘Security Superstar’ award. He continues to dedicate his career to security, research and education.
<< Back to SpeakersJon Rohrich As Technical Specialist – Modern Workplace Security and Compliance, Jon Rohrich helps enterprise organizations in central Canada understand and respond to the modern threat landscape with up-to-date security and compliance solutions. As an expert in current workplace security with a military background, Jon collaborates with financial services, healthcare, legal, and government clients to identify and thwart increasingly sophisticated cyberattacks. Jon is a strong leader and analyst. During his 10+ year career, his passion for security and compliance translated into impressive sales of Microsoft enterprise products and compelling training sessions and presentations to diverse audiences. Before joining Microsoft, Jon worked as a Senior Consultant focused on professional services delivery for New Signature Canada and served five years in the Canadian Armed Forces. Jon earned a Network Engineer Honours diploma from triOS College as he transitioned out of the military. He holds over 15 Microsoft Certifications, and is a Certified Information Systems Security Professional and Certified Ethical Hacker. “I believe that knowledge is power. The more I can help Canadian individuals and organizations understand and adapt to the modern threat landscape, the better.”
<< Back to SpeakersTod Beardsley Tod Beardsley is the director of research at Rapid7. He has over 20 years of hands-on security experience, stretching from in-band telephony switching to modern IoT implementations. He has held IT Ops and IT Security positions in large organizations such as 3Com, Dell, and Westinghouse, as both an offensive and defensive practitioner. Today, Tod directs the myriad security research programs and initiatives at Rapid7. He can be uniquely identified at https://keybase.io/todb.
<< Back to SpeakersBob Rudis Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.
<< Back to SpeakersDavid Carver David Carver manages the Subscriptions and Periodicals Team in Insikt Group, which focuses on providing finished intelligence across many different cadences. David has a background in threat intelligence analysis at iSIGHT Partners and Fireye and has experience in research on hacktivism, information operations, and trends in vulnerability exploitation.
<< Back to SpeakersJonathanEhret Jonathan has been a third-party risk practitioner since 2004. He is co-founder and former president of the Third-Party Risk Association. He has deep experience building and running third-party risk programs in finance and healthcare. He started with RiskRecon in April, 2020.
<< Back to SpeakersNathan Wenzler Nathan Wenzler is the Chief Security Strategist at Tenable, the Cyber Exposure company. Nathan has over two decades of experience designing, implementing and managing both technical and non-technical security solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies alike build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management and the personnel side of a successful security program. As the Chief Security Strategist for Tenable, Nathan brings his expertise in vulnerability management and Cyber Exposure to executives and security professionals around the globe in order to help them mature their security strategy, understand their cyber risk and measurably improve their overall security posture.
<< Back to SpeakersMichael Joyce Currently pursuing a PhD in criminology focusing on cybercrime prevention, Michael is co-director of Serene-Risc. He contributes to the strategic development of Serene-risc's activities and he is in charge of knowledge mobilization activities such as Cybersec 101 and the Digest. Michael has been working on knowledge mobilization in cybersecurity and cybercrime in Canada and abroad since 2011.
<< Back to SessionsThe Impact of Digital Transformation in the Face of Today's Threats Digital Transformation & the rapid need for supporting remote workers for digital business processes took every industry by storm. This change has presented new risks, unlike what companies have seen before, and has created the greatest loss of visibility for security, auditing and quality control professionals since the emergence of the Internet. As companies continue to adopt new technologies like Google Suite, new ways of defending, evaluating, and delivering effective technical control capabilities are required to succeed in what has come to be known as "the new normal."
<< Back to SpeakersMichael Harlev As Customer Success Manager for CyberArk Canada, Michael Harlev serves as a technical advisor, working alongside Fortune 500 organizations to help them develop effective and mature privileged management and security strategies. With over 10 years of experience in the security industry, Michael brings deep technical and business experience to his role, with a niche focus on compliance, governance & risk assessment.