Canada Summit
Virtual Summit March 8 - 9, 2022
This virtual summit's agenda will cover Zero Trust, IAM, Ransomware, Privacy, Fraud, Payments, IoT, Cryptocurrency, End Point Protection, Cloud Security and more.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Samer Adi
IT Security Leader
Green Shield Canada
Samer Adi is a strategic IT operations executive with expertise in driving information security programs within business units. He is a big picture visionary delivering business continuity while ensuring best-in-class security systems and implementing new technologies and process improvements to...
Ruth Promislow
Partner
Bennett Jones LLP
Ruth Promislow practices commercial litigation with a strong focus on commercial crime, including cybersecurity, Ponzi schemes, investment fraud, employee fraud and anti-money laundering. She has extensive experience with recovery issues relating to commercial crime, including receiverships, tracing, freezing and recovering...
Arif Hameed
CISO and VP
Munich Re New Ventures
Arif Hameed is currently the vice president and CISO at Munich Re New Ventures. Prior to joining Munich Re, he had roles in security advisory, IT risk, vendor cyber risk, client security assurance and IT audit at major Canadian banks...
Tom Field
SVP, Editorial
ISMG
Simon Brown
Director of Cyber Security
Weston Foods
Simon Brown is the director of cybersecurity for Weston Foods Inc., a leader in the North American baking industry. He is responsible for the organization’s cybersecurity strategy and posture. Weston Foods has over 35 facilities across North America and over...
Karen Habercoss
Chief Privacy Officer
U. Chicago Medicine
As the chief privacy officer for The University of Chicago Medicine and Biological Sciences Division, Habercross is responsible for the enterprise multiyear strategy and day-to-day operations of the university's health system privacy program for a workforce of more than 20,000...
Keri Glitch
VP and CISO
MISO Energy
As vice president and chief information security officer for Midcontinent Independent System Operator, Glitch leads both the security and technology organizations and is responsible for MISO's comprehensive strategy, execution and operations. Previously, she was chief security officer at AVANGRID, where...
Garrett Bechler
Senior Director of Worldwide Systems Engineering,
Ermetic
Bechler has over 20 years of IT experience including management of IT/IS, cyber incident response, handling of malware and virus outbreaks, pen testing and more. Using his diverse consulting and operations background, Bechler has designed, architected and implemented some of...
Clive Brennan
Director- Cyber Security Risk
Societe Generale
Brennan joined Societe Generale in April 2021 as part of the RISQ OPE CSR team as a senior operational risk officer covering cybersecurity risk. He has more than 20 years of technology experience in the both the financial services and...
Brian B. Brown, CISM, CDPSE, SABSA SCF
Enterprise Architect, Strategist, Educator
Trellix
Brown is an enterprise architect for Trellix’s North America business unit, helping customers navigate a transformational IT security landscape. His approach focuses on information security program strategy and enterprise security architecture using the SABSA method. As a former information security...
Geoff Pryor-White
Head of Insurance - UK
Corvus Insurance
Pryor-White has over 25 years of experience in the insurance industry, having worked in the U.K. and U.S. for AIG, Travelers, Zurich, Barbican, Tarian and now Corvus Insurance. During his career, he has focused on providing package solutions to customers...
June Leung
Head of Identity Access Management
Moneris
Leung leads PAM, IAM and CIAM at Moneris. She has over 15 years of experience in the information security field, leading identify and access management programs within the financial industry, including RBC, TD, FundSERV and others. Prior to joining Moneris,...
Adam Evans
VP, Cyber Operations & CISO
RBC
Adam Evans is VP, Cyber Operations and Chief Information Security Officer (CISO) for RBC. As CISO, Adam sets RBC’s cyber vision, strategy and program to reduce cyber risks and keep clients, employees, and systems safe. He is responsible for developing...
Shakeel Sagarwala
Director, Information Risk Management
Manulife
Sagarwala works with Manulife Financials in the information risk management space, leading the team of IROs to further strengthen the role within the organization. He has over 21 years of experience in information security, information systems audit and information technology,...
Anna Delaney
Director, ISMG Productions
ISMG
Marco Lattavo
Director, Identity and Access Management
Economical Insurance
Lattavo has almost two decades of experience in cybersecurity and well over a decade of experience in identity and access management. He is the director of IAM at Economical Insurance, delivering an ecosystem to enable digital transformation. Lattavo challenges cultural...
Imran Ahmad
Partner, Canadian Head of Technology
Norton Rose Fullbright
Imran Ahmad is the Canadian head of the technology sector and co-head of the information governance, privacy and cybersecurity practice at Norton Rose Fulbright. He advises clients across all industries on a wide array of technology-related matters, including outsourcing, cloud...
Manny Cancel
SVP and CEO
E-ISAC
Cancel became NERC senior vice president and chief executive officer of the Electricity Information Sharing and Analysis Center (E-ISAC) in January 2020. He is responsible for the management and oversight of the E-ISAC and leads security operations and information sharing,...
Chris Schwiegert
Senior Director of Cybersecurity Operations
TrueBlue Inc.
Dr. Chris Schweigert is the director of cloud security for TrueBlue. He has been in the security space for over 20 years and spent 12 years as a security professional in the U.S. Air Force before moving into the private...
Martin Dinel
Assistant Deputy Minister and Chief Information Security Officer
Government of Alberta
Martin Dinel is a trusted and experienced information technology and cybersecurity professional with over 33 years of leadership experience in the industry. As CISO for the Government of Alberta since August 2015, he defines the province's vision and strategy to...
Tony Kirtley
Director Information Security
Secureworks
Kirtley has more than 21 years of experience in information security. He has built and led cybersecurity incident response teams for Fortune 500 companies in the private sector and the U.S. military. In 2018, he became Secureworks’ first incident commander,...
Sean Comrie
Senior Sales Engineer
Rubrik
Sean is a Senior Sales Engineer at Rubrik, Inc. responsible for accounts in the Greater Toronto Area and Ottawa. Prior to Rubrik Sean was at Google, Cisco, and Riverbed Technology.
Alanna Shuh
Director Fraud
LNRS
Alanna Shuh, Director of Market Strategy for LexisNexis Risk Solutions’ Fraud & Identity products available in Canada, is dedicated to delivering and supporting fraud analytics, identity verification, and authentication solutions for the Canadian Market. Alanna is Canadian and joined LexisNexis...
Kush Sharma
CIO
Aptitude 360 Inc
As the CIO at Aptitude 360, a boutique customer experience firm, Sharma oversees the technology and security organization. Prior to this, he was the inaugural CISO for the city of Toronto and the inaugural cyber executive for Saputo. He was...
Ireen Birungi
CISO
Interac Corp
Ireen Birungi is the Chief Information Security Officer (CISO) at Interac Corp., where she leads the technology and business security strategy and implementation. This includes operationalizing enterprise-wide cybersecurity program that supports continuous improvement; managing security risks and compliance with business,...
Rachel Guinto
AVP, Information Risk Management
Manulife
Guinto is a seasoned information security leader with two decades of experience in the financial services sector. She has held operational, governance and leadership roles at Scotiabank, CIBC and Manulife and was CISO at the Ontario Pension Board. She volunteers...
Ragulan Sinnarajah
VP, IT & Head of Cyber Security
Sobeys
Ragulan Sinnarajah is currently the vice president of IT shared services and head of cybersecurity at Sobeys, one of only two national grocery retailers in Canada. As head of cybersecurity, he leads all aspects of the cybersecurity program, and in...
Farooq Naiyer
vCISO
Gaming Associates
Naiyer has more than 19 years of experience in cybersecurity, privacy, technology compliance and assurance. He currently serves as a cybersecurity leader in a financial and insurance services organization in Canada. He was formerly the CISO for ORION and vCSIO...
Alex Foord
CIO and VP
ISEO
As chief information officer and vice president of information and technology services at IESO, Foord's responsibilities include being accountable for the company's IT solutions and strategies, leading its enterprisewide cybersecurity management program and ensuring oversight of the Smart Metering Entity....
David Masson
Director of Enterprise Security
Darktrace
David Masson is Darktrace’s Director of Enterprise Security, and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he...
Ax Sharma
Senior Security Researcher
Sonatype
Sharma’s work and expert analyses have frequently been featured in leading media outlets such as Fortune, The Register, TechRepublic, CSO Online and BleepingComputer. He is an expert in security vulnerability research, reverse engineering and software development.
Ian Hassard
Director Product Management
Auth0
Hassard has over 10 years of experience building security solutions for consumer, enterprise and telecom markets. He has been an entrepreneur, product executive and solution builder specializing in security operations, cyber risk management and identity security.
Hadas Cassorla
CISO
M1 Finance
Hadas Cassorla, JD, MBA, CISSP has a lot of letters after her name, but the three letters she cares the most about are Y-E-S. Marrying her business, legal, IT and improv backgrounds, she is the CISO of M1 Finance and...
Kimberly Sutherland
VP, Fraud and Identity Strategy
LexisNexis® Risk Solutions
Sutherland leads the Americas commercial market strategy for consumer fraud analytics, identity verification, authentication and fraud investigations. She has over 20 years of experience leading business strategy and product management, from building global professional services practices to developing cross-industry best...
Chris Holden
CISO
Crum & Forster
As CISO for Crum & Forster, Holden is responsible for maintaining the day-to-day security of the organization's information systems and data while adhering to regulatory requirements. He started his career as a forensics analyst for Hewlett-Packard’s global cybersecurity team, where...
View Agenda
Keynote: RBC CISO Adam Evans on Securing the Future
Adam Evans, VP, Cyber Operations & CISO, RBC

Hybrid work models, cloud migration and new digital channels are highlights of the past two years of aggressive digital transformation. But what does the future bring in terms of how we work, conduct commerce and secure our digital assets from ever-evolving, ever-automating cyber adversaries?

Join RBC CISO Adam Evans for a thoughtful discussion on securing the future, with focus on:

  • How we will work; 
  • Turning cybersecurity investments into business value; 
  • The role of cybersecurity in customer relationships.
Adam Evans
  • 09:00 AM
  • 09:29 AM
Cyber Insurance and Risk: What's New in 2022?
Imran Ahmad, Partner, Canadian Head of Technology, Norton Rose Fullbright
Simon Brown, Director of Cyber Security, Weston Foods
Arif Hameed, CISO and VP, Munich Re New Ventures
Geoff Pryor-White, Head of Insurance - UK, Corvus Insurance

When CNA Financial - a top U.S. insurance company - was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How does that fact that ransomware incidents - and ransoms - are now at record highs affect the cyber insurance sector? What are the emerging standards for coverage, as well as legislative trends, affecting the practice?

This exclusive panel tackles these questions as well as:

  • Proving cyber insurance value; 
  • The rising bar for entities to qualify for cyber insurance; 
  •  The growing role of cyber insurance companies in incident response.
Imran Ahmad
Simon Brown
Arif Hameed
Geoff Pryor-White
  • 09:30 AM
  • 10:01 AM
  • 10:00 AM
  • 10:30 AM
Track A
Ian Hassard
Track A: State of Secure Identity
Ian Hassard, Director Product Management, Auth0

Digital identities control access to an ever-growing number of applications, services and critical systems. This makes identity an interesting attack vector for threat actors and highlights the importance of authentication and authorization in preserving trust and security.

The Auth0 State of Secure Identity report highlights the latest trends in identity security, including the types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected and the adoption rates for identity protection technologies.

During this session, we’ll provide greater insight into which industries are:

• Most highly targeted by credential stuffing attacks;
• Most highly targeted by SQL injection attacks;
• Leading the way in MFA adoption to improve overall security posture.

We’ll also shed light on fake account creation, MFA bypass attacks and what defensive measures are being adopted to combat these identity security threats.

Click here to schedule a meeting with Auth0 for your chance to score a "Fun at Home" swag bag! Check out our graphic below for more information on what is included in your bundle.

To learn more about Auth0, click here to visit our booth to chat with a representative.

  • 10:00 AM
  • 10:32 AM
Track B
Tony Kirtley
Track B: Tales from the Trenches with an Incident Commander
Tony Kirtley, Director Information Security, Secureworks

It’s no longer a matter or if, but when, you’re going to be the victim of a ransomware attack. Are you prepared? Learn from Securework’s Tony Kirtley, Director of Incident Command, how to prepare for an attack, but more importantly what to do immediately following with tales from the trenches.


To learn more about Secureworks, click here to visit our booth to chat with a representative. 

  • 10:30 AM
  • 10:44 AM
Track A
Garrett Bechler
Track A: Secure Cloud Infrastructure - Identity First
Garrett Bechler, Senior Director of Worldwide Systems Engineering,, Ermetic

Cloud infrastructure is extremely complex, with thousands of workloads and data resources, service and human identities, and policies and configurations. With so many moving parts, it’s nearly impossible to clearly see or understand what is going on in your AWS, Azure and GCP environments - let alone control it. Efforts are exacerbated by the rapid pace of development, shortages in cloud expertise, and the number of stakeholders.

Ultimately the most important questions are: Is my data exposed? Who can access it? Only with clear, contextual, actionable risk insight into all identities, configurations and resources can you begin to grasp effective access and the risk to your data. Find out how an identity-first approach to cloud security can help you reduce your cloud attack surface and blast radius - and stay compliant.

Be sure to complete our survey below for a chance to win a $100 Amazon gift card! 

To learn more about Ermetic, click here to visit our booth to chat with a representative.

  • 10:30 AM
  • 10:44 AM
Track B
David Masson
Track B: Fast and Furious Attacks: Using AI to Surgically Respond
David Masson, Director of Enterprise Security, Darktrace

Fast-moving cyberattacks can strike at any time, and security teams are often unable to react quickly enough. Join to learn how Autonomous Response takes targeted action to stop in-progress attacks without disrupting your business. The discussion includes real-world threat finds.

Explore today’s threats and challenges and learn how advances in AI have been leveraged to allow for very surgical actions to be taken autonomously - where humans can no longer react fast enough.
 

To learn more about Darktrace, click here to visit our booth to chat with a representative.

  • 10:45 AM
  • 11:14 AM
Track A
Ax Sharma
Track A: Lessons Learned from the Log4j Exploit
Ax Sharma, Senior Security Researcher, Sonatype

The Log4shell vulnerability found in the Log4j logging framework has been recognized as one of the most critical vulnerabilities ever, open source or otherwise. And while the dangers of the Log4j vulnerability remain high, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: If you don’t know what’s in your software supply chain, you’re already behind.

When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.

While this outlook might seem bleak, there are easy steps you can take to significantly mitigate risk. This session will help you do that by answering:

  • Why the Log4j vulnerability is so severe and common remediation measures companies took to secure their code
  • How you can improve your security posture with automation and SBOMs, and better prepared for the inevitable next open source vulnerability that comes along 

To learn more about Sonatype, click here to visit our booth to chat with a representative.

  • 10:45 AM
  • 11:14 AM
Track B
Sean Comrie
Track B: Don't Pay the Ransom
Sean Comrie, Senior Sales Engineer, Rubrik

A ransomware attack strikes every 11 seconds.

Despite thick firewalls, the bad guys will get through. Some businesses pay the ransom but most want to recover, so they don’t let the bad guys win.

A payout isn't the only way out.

If hackers exploit your backups, you pay the ransom. If your backups survive, you need to know what to recover and how long it will take. If you don't, you pay the ransom. But even with a decryption key, recovery takes days or weeks and the hackers may not return all the data.

Recovery from a clean backup is the only way to beat hackers. Data managed by Rubrik can’t be encrypted after the fact. Once ingested, no external or internal operation can modify it. So, your data is immune to ransomware. Since data can’t be overwritten, even infected data ingested by Rubrik can’t infect existing files/folders.

We'll discuss how to:

  • Analyze backup metadata for unusual behavior; 
  • Quickly identify what data was encrypted and where it lives; 
  • Locate PII that may have been exposed to a data exfiltration attack; 
  • Automatically protect new workloads and lock retention to prohibit deletion of backup data.

To learn more about Rubrik, click here to visit our booth to chat with a representative.

  • 11:15 AM
  • 11:47 AM
Track A
Brian B. Brown, CISM, CDPSE, SABSA SCF
Farooq Naiyer
Chris Holden
Track A: Are You Ready for XDR?
Brian B. Brown, CISM, CDPSE, SABSA SCF, Enterprise Architect, Strategist, Educator, Trellix
Farooq Naiyer, vCISO, Gaming Associates
Chris Holden, CISO, Crum & Forster

Is XDR a technology or a capability? Is there one reference architecture, or is there a set of capabilities that define Extended Detection and Response? Gaining a better understanding of threat actor activity requires telemetry and analysis from multiple tools combined with advanced analysis capability. XDR promises to increase detection fidelity and reduce containment and response times while automating and orchestrating key security processes. But is your organization ready to adopt XDR? Do you have the necessary components and capability to be truly effective with XDR? Join our discussion to learn what it takes to begin a journey to XDR and assess your readiness.


To learn more about Trellix, click here to visit our booth to chat with a representative. 

  • 11:15 AM
  • 11:44 AM
Track B
Kimberly Sutherland
Alanna Shuh
Track B: Canadian Fraud Trends and Cybercrime Insights
Kimberly Sutherland, VP, Fraud and Identity Strategy, LexisNexis® Risk Solutions
Alanna Shuh, Director Fraud, LNRS

As Canada continues to shift towards digital, fraudsters are following. In this session, LexisNexis Risk Solutions reveals proprietary cybercrime analysis conducted on over 3B Canadian transactions, as well as industry insights from leading Canadian fraud and risk management executives. With a double-digit increase in both human-initiated and bot attacks, is your organization prepared for an evolving Canadian fraud landscape?    

Kim Sutherland and Alanna Shuh of LexisNexis Risk Solutions will have a discussion with Tom Fields, Editor for ISMG on:

  • Canadian fraud trends and cyber risk insights
  • How leading organizations are focusing on customer experience by leveraging a dynamic, multi-layered fraud prevention strategy and using risk-appropriate friction for authentication

To learn more about LexisNexis, click here to visit our booth to chat with a representative.

Can You Outsource Your Cybersecurity Operations?
Chris Schwiegert, Senior Director of Cybersecurity Operations, TrueBlue Inc.
Samer Adi, IT Security Leader, Green Shield Canada
Hadas Cassorla, CISO, M1 Finance

Well, of course one can outsource cybersecurity operations. The questions are: What's your business case? What is your vendor selection process? What’s in your contract - and how will you monitor the relationship?

Join this diverse panel for a free-ranging discussion on a variety of topics, including:

  • Why outsource? 
  • How do you right-size the engagement to meet your needs? 
  • What are the key SLAs to write into the contract? 
Chris Schwiegert
Samer Adi
Hadas Cassorla
  • 12:00 PM
  • 12:32 PM
  • 12:30 PM
  • 12:59 PM
Track A
June Leung
Marco Lattavo
Track A: Identity & Access Management Strategies: From Applications to Zero Trust
June Leung, Head of Identity Access Management, Moneris
Marco Lattavo, Director, Identity and Access Management, Economical Insurance

Cloud migration, IoT deployment and zero trust architecture have been paradigm shifts for enterprises and their information security teams. But what about the impact on identity and access management? "It's big," says Marco Lattavo, director of IAM at Economical Insurance and a panelist in this session.

Join to learn more about the impending IAM paradigm shift and how to prepare. Discussion points include:

  • The nonhuman identity challenge; 
  • Clearing the MFA hurdles; 
  • The future of passwordless authentication.
  • 12:30 PM
  • 12:59 PM
Track B
Manny Cancel
Keri Glitch
Alex Foord
Track B: Critical Infrastructure Security: Protecting the Electrical Grid
Manny Cancel, SVP and CEO, E-ISAC
Keri Glitch, VP and CISO, MISO Energy
Alex Foord, CIO and VP, ISEO

It's among the critical infrastructures one thinks of first re: a cybersecurity incident. The North American power grid has been described as "the world's largest connected computer." But how does it function, and what are some of the glaring myths and surprising realities about its cybersecurity capabilities and vulnerabilities? This expert panel discusses:

  • The grid's role as a critical infrastructure
  • Top threats and risks
  • The roles of threat intelligence, information sharing and incident response planning in grid security
Risk Management 2022: The New Priorities
Clive Brennan, Director- Cyber Security Risk, Societe Generale
Shakeel Sagarwala, Director, Information Risk Management, Manulife
Rachel Guinto, AVP, Information Risk Management, Manulife

Cloud security, supply chain security, third-party risk - it’s a broad and rich risk management surface for cybersecurity and risk leaders in 2022. And prioritization is a key challenge: Which are the top risks demanding the most resources and talent? Join this panel of risk and security leaders for a discussion about prioritization, as well as: 

  • How to assess business risk; 
  • Asset management in the cloud; 
  • A fresh look at third-party risk management.
Clive Brennan
Shakeel Sagarwala
Rachel Guinto
  • 01:00 PM
  • 01:30 PM
Securing your Data
Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine
Ragulan Sinnarajah, VP, IT & Head of Cyber Security, Sobeys
Kush Sharma, CIO, Aptitude 360 Inc

Data security was challenging enough when all your crown jewels were locked within a single castle. Now that they are on disparate devices, in home offices and in the cloud, it's a game-changing discussion. Join this panel of experts to discuss the new challenges of data security, including: 

  • Identifying your most high-value data assets - they might not always be what you think they are; 
  • Defining your appetite for sharing data - which may change; 
  • Tackling data sprawl.
Karen Habercoss
Ragulan Sinnarajah
Kush Sharma
  • 01:30 PM
  • 01:59 PM
Legal Update – What Non-Lawyers Need to Know
Ruth Promislow, Partner, Bennett Jones LLP
Imran Ahmad, Partner, Canadian Head of Technology, Norton Rose Fullbright

Heightened third-party risk, unrelenting ransomware attacks and a shifting regulatory landscape. These are boom times for cybersecurity and privacy attorneys, but difficult times for non-legal executives trying to make sense of it all.

Join this session and hear straight from two leading attorneys about:

  • Negotiating the tricky ransomware landscape; 
  • Emerging regulatory concerns; 
  • What non-lawyers need to know about cybersecurity and privacy legal issues.
Ruth Promislow
Imran Ahmad
  • 02:00 PM
  • 02:29 PM
New World, New Controls: Updating Yesterday's Cyber Strategy for 2022
Martin Dinel, Assistant Deputy Minister and Chief Information Security Officer, Government of Alberta

Remember when people worked together in central offices, "digital transformation" was a marketing pitch, and cyberattacks on critical infrastructure were far more theory than practice?

That was only two years ago. Today, post-SolarWinds, Colonial Pipeline and Ukraine, it's a different world - and it requires a different cybersecurity strategy.

In this closing keynote, Martin Dinel , CISO of the Government of Alberta, outlines his efforts to update his cyber strategy, including:

  • Digital services by default; 
  • Hybrid work as the norm; 
  • Potential risks from nation-state actors.
     
Martin Dinel
  • 02:30 PM
  • 02:59 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, March 9th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

This virtual summit's agenda will cover Zero Trust, IAM, Ransomware, Privacy, Fraud, Payments, IoT, Cryptocurrency, End Point Protection, Cloud Security and more.
ISMG's agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.

Samer Adi
IT Security Leader
Green Shield Canada
Samer Adi is a strategic IT operations executive with expertise in driving information security programs within business units. He is a big picture visionary delivering business continuity while ensuring best-in-class security systems and implementing new technologies and process improvements to...
Ruth Promislow
Partner
Bennett Jones LLP
Ruth Promislow practices commercial litigation with a strong focus on commercial crime, including cybersecurity, Ponzi schemes, investment fraud, employee fraud and anti-money laundering. She has extensive experience with recovery issues relating to commercial crime, including receiverships, tracing, freezing and recovering...
Arif Hameed
CISO and VP
Munich Re New Ventures
Arif Hameed is currently the vice president and CISO at Munich Re New Ventures. Prior to joining Munich Re, he had roles in security advisory, IT risk, vendor cyber risk, client security assurance and IT audit at major Canadian banks...
Tom Field
SVP, Editorial
ISMG
Simon Brown
Director of Cyber Security
Weston Foods
Simon Brown is the director of cybersecurity for Weston Foods Inc., a leader in the North American baking industry. He is responsible for the organization’s cybersecurity strategy and posture. Weston Foods has over 35 facilities across North America and over...
Karen Habercoss
Chief Privacy Officer
U. Chicago Medicine
As the chief privacy officer for The University of Chicago Medicine and Biological Sciences Division, Habercross is responsible for the enterprise multiyear strategy and day-to-day operations of the university's health system privacy program for a workforce of more than 20,000...
Keri Glitch
VP and CISO
MISO Energy
As vice president and chief information security officer for Midcontinent Independent System Operator, Glitch leads both the security and technology organizations and is responsible for MISO's comprehensive strategy, execution and operations. Previously, she was chief security officer at AVANGRID, where...
Garrett Bechler
Senior Director of Worldwide Systems Engineering,
Ermetic
Bechler has over 20 years of IT experience including management of IT/IS, cyber incident response, handling of malware and virus outbreaks, pen testing and more. Using his diverse consulting and operations background, Bechler has designed, architected and implemented some of...
Clive Brennan
Director- Cyber Security Risk
Societe Generale
Brennan joined Societe Generale in April 2021 as part of the RISQ OPE CSR team as a senior operational risk officer covering cybersecurity risk. He has more than 20 years of technology experience in the both the financial services and...
Brian B. Brown, CISM, CDPSE, SABSA SCF
Enterprise Architect, Strategist, Educator
Trellix
Brown is an enterprise architect for Trellix’s North America business unit, helping customers navigate a transformational IT security landscape. His approach focuses on information security program strategy and enterprise security architecture using the SABSA method. As a former information security...
Geoff Pryor-White
Head of Insurance - UK
Corvus Insurance
Pryor-White has over 25 years of experience in the insurance industry, having worked in the U.K. and U.S. for AIG, Travelers, Zurich, Barbican, Tarian and now Corvus Insurance. During his career, he has focused on providing package solutions to customers...
June Leung
Head of Identity Access Management
Moneris
Leung leads PAM, IAM and CIAM at Moneris. She has over 15 years of experience in the information security field, leading identify and access management programs within the financial industry, including RBC, TD, FundSERV and others. Prior to joining Moneris,...
Adam Evans
VP, Cyber Operations & CISO
RBC
Adam Evans is VP, Cyber Operations and Chief Information Security Officer (CISO) for RBC. As CISO, Adam sets RBC’s cyber vision, strategy and program to reduce cyber risks and keep clients, employees, and systems safe. He is responsible for developing...
Shakeel Sagarwala
Director, Information Risk Management
Manulife
Sagarwala works with Manulife Financials in the information risk management space, leading the team of IROs to further strengthen the role within the organization. He has over 21 years of experience in information security, information systems audit and information technology,...
Anna Delaney
Director, ISMG Productions
ISMG
Marco Lattavo
Director, Identity and Access Management
Economical Insurance
Lattavo has almost two decades of experience in cybersecurity and well over a decade of experience in identity and access management. He is the director of IAM at Economical Insurance, delivering an ecosystem to enable digital transformation. Lattavo challenges cultural...
Imran Ahmad
Partner, Canadian Head of Technology
Norton Rose Fullbright
Imran Ahmad is the Canadian head of the technology sector and co-head of the information governance, privacy and cybersecurity practice at Norton Rose Fulbright. He advises clients across all industries on a wide array of technology-related matters, including outsourcing, cloud...
Manny Cancel
SVP and CEO
E-ISAC
Cancel became NERC senior vice president and chief executive officer of the Electricity Information Sharing and Analysis Center (E-ISAC) in January 2020. He is responsible for the management and oversight of the E-ISAC and leads security operations and information sharing,...
Chris Schwiegert
Senior Director of Cybersecurity Operations
TrueBlue Inc.
Dr. Chris Schweigert is the director of cloud security for TrueBlue. He has been in the security space for over 20 years and spent 12 years as a security professional in the U.S. Air Force before moving into the private...
Martin Dinel
Assistant Deputy Minister and Chief Information Security Officer
Government of Alberta
Martin Dinel is a trusted and experienced information technology and cybersecurity professional with over 33 years of leadership experience in the industry. As CISO for the Government of Alberta since August 2015, he defines the province's vision and strategy to...
Tony Kirtley
Director Information Security
Secureworks
Kirtley has more than 21 years of experience in information security. He has built and led cybersecurity incident response teams for Fortune 500 companies in the private sector and the U.S. military. In 2018, he became Secureworks’ first incident commander,...
Sean Comrie
Senior Sales Engineer
Rubrik
Sean is a Senior Sales Engineer at Rubrik, Inc. responsible for accounts in the Greater Toronto Area and Ottawa. Prior to Rubrik Sean was at Google, Cisco, and Riverbed Technology.
Alanna Shuh
Director Fraud
LNRS
Alanna Shuh, Director of Market Strategy for LexisNexis Risk Solutions’ Fraud & Identity products available in Canada, is dedicated to delivering and supporting fraud analytics, identity verification, and authentication solutions for the Canadian Market. Alanna is Canadian and joined LexisNexis...
Kush Sharma
CIO
Aptitude 360 Inc
As the CIO at Aptitude 360, a boutique customer experience firm, Sharma oversees the technology and security organization. Prior to this, he was the inaugural CISO for the city of Toronto and the inaugural cyber executive for Saputo. He was...
Ireen Birungi
CISO
Interac Corp
Ireen Birungi is the Chief Information Security Officer (CISO) at Interac Corp., where she leads the technology and business security strategy and implementation. This includes operationalizing enterprise-wide cybersecurity program that supports continuous improvement; managing security risks and compliance with business,...
Rachel Guinto
AVP, Information Risk Management
Manulife
Guinto is a seasoned information security leader with two decades of experience in the financial services sector. She has held operational, governance and leadership roles at Scotiabank, CIBC and Manulife and was CISO at the Ontario Pension Board. She volunteers...
Ragulan Sinnarajah
VP, IT & Head of Cyber Security
Sobeys
Ragulan Sinnarajah is currently the vice president of IT shared services and head of cybersecurity at Sobeys, one of only two national grocery retailers in Canada. As head of cybersecurity, he leads all aspects of the cybersecurity program, and in...
Farooq Naiyer
vCISO
Gaming Associates
Naiyer has more than 19 years of experience in cybersecurity, privacy, technology compliance and assurance. He currently serves as a cybersecurity leader in a financial and insurance services organization in Canada. He was formerly the CISO for ORION and vCSIO...
Alex Foord
CIO and VP
ISEO
As chief information officer and vice president of information and technology services at IESO, Foord's responsibilities include being accountable for the company's IT solutions and strategies, leading its enterprisewide cybersecurity management program and ensuring oversight of the Smart Metering Entity....
David Masson
Director of Enterprise Security
Darktrace
David Masson is Darktrace’s Director of Enterprise Security, and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he...
Ax Sharma
Senior Security Researcher
Sonatype
Sharma’s work and expert analyses have frequently been featured in leading media outlets such as Fortune, The Register, TechRepublic, CSO Online and BleepingComputer. He is an expert in security vulnerability research, reverse engineering and software development.
Ian Hassard
Director Product Management
Auth0
Hassard has over 10 years of experience building security solutions for consumer, enterprise and telecom markets. He has been an entrepreneur, product executive and solution builder specializing in security operations, cyber risk management and identity security.
Hadas Cassorla
CISO
M1 Finance
Hadas Cassorla, JD, MBA, CISSP has a lot of letters after her name, but the three letters she cares the most about are Y-E-S. Marrying her business, legal, IT and improv backgrounds, she is the CISO of M1 Finance and...
Kimberly Sutherland
VP, Fraud and Identity Strategy
LexisNexis® Risk Solutions
Sutherland leads the Americas commercial market strategy for consumer fraud analytics, identity verification, authentication and fraud investigations. She has over 20 years of experience leading business strategy and product management, from building global professional services practices to developing cross-industry best...
Chris Holden
CISO
Crum & Forster
As CISO for Crum & Forster, Holden is responsible for maintaining the day-to-day security of the organization's information systems and data while adhering to regulatory requirements. He started his career as a forensics analyst for Hewlett-Packard’s global cybersecurity team, where...

View Agenda
Keynote: RBC CISO Adam Evans on Securing the Future
Adam Evans, VP, Cyber Operations & CISO, RBC

Hybrid work models, cloud migration and new digital channels are highlights of the past two years of aggressive digital transformation. But what does the future bring in terms of how we work, conduct commerce and secure our digital assets from ever-evolving, ever-automating cyber adversaries?

Join RBC CISO Adam Evans for a thoughtful discussion on securing the future, with focus on:

  • How we will work; 
  • Turning cybersecurity investments into business value; 
  • The role of cybersecurity in customer relationships.
Adam Evans
  • 09:00 AM
  • 09:29 AM
Cyber Insurance and Risk: What's New in 2022?
Imran Ahmad, Partner, Canadian Head of Technology, Norton Rose Fullbright
Simon Brown, Director of Cyber Security, Weston Foods
Arif Hameed, CISO and VP, Munich Re New Ventures
Geoff Pryor-White, Head of Insurance - UK, Corvus Insurance

When CNA Financial - a top U.S. insurance company - was struck by ransomware a year ago, it reportedly paid $40 million in ransom to restore access to its network and data. How does that fact that ransomware incidents - and ransoms - are now at record highs affect the cyber insurance sector? What are the emerging standards for coverage, as well as legislative trends, affecting the practice?

This exclusive panel tackles these questions as well as:

  • Proving cyber insurance value; 
  • The rising bar for entities to qualify for cyber insurance; 
  •  The growing role of cyber insurance companies in incident response.
Imran Ahmad
Simon Brown
Arif Hameed
Geoff Pryor-White
  • 09:30 AM
  • 10:01 AM
  • 10:00 AM
  • 10:30 AM
Track A
Ian Hassard
Track A: State of Secure Identity
Ian Hassard, Director Product Management, Auth0

Digital identities control access to an ever-growing number of applications, services and critical systems. This makes identity an interesting attack vector for threat actors and highlights the importance of authentication and authorization in preserving trust and security.

The Auth0 State of Secure Identity report highlights the latest trends in identity security, including the types of attacks Auth0 has observed, the characteristics of these attacks, what industries are most affected and the adoption rates for identity protection technologies.

During this session, we’ll provide greater insight into which industries are:

• Most highly targeted by credential stuffing attacks;
• Most highly targeted by SQL injection attacks;
• Leading the way in MFA adoption to improve overall security posture.

We’ll also shed light on fake account creation, MFA bypass attacks and what defensive measures are being adopted to combat these identity security threats.

Click here to schedule a meeting with Auth0 for your chance to score a "Fun at Home" swag bag! Check out our graphic below for more information on what is included in your bundle.

To learn more about Auth0, click here to visit our booth to chat with a representative.

  • 10:00 AM
  • 10:32 AM
Track B
Tony Kirtley
Track B: Tales from the Trenches with an Incident Commander
Tony Kirtley, Director Information Security, Secureworks

It’s no longer a matter or if, but when, you’re going to be the victim of a ransomware attack. Are you prepared? Learn from Securework’s Tony Kirtley, Director of Incident Command, how to prepare for an attack, but more importantly what to do immediately following with tales from the trenches.


To learn more about Secureworks, click here to visit our booth to chat with a representative. 

  • 10:30 AM
  • 10:44 AM
Track A
Garrett Bechler
Track A: Secure Cloud Infrastructure - Identity First
Garrett Bechler, Senior Director of Worldwide Systems Engineering,, Ermetic

Cloud infrastructure is extremely complex, with thousands of workloads and data resources, service and human identities, and policies and configurations. With so many moving parts, it’s nearly impossible to clearly see or understand what is going on in your AWS, Azure and GCP environments - let alone control it. Efforts are exacerbated by the rapid pace of development, shortages in cloud expertise, and the number of stakeholders.

Ultimately the most important questions are: Is my data exposed? Who can access it? Only with clear, contextual, actionable risk insight into all identities, configurations and resources can you begin to grasp effective access and the risk to your data. Find out how an identity-first approach to cloud security can help you reduce your cloud attack surface and blast radius - and stay compliant.

Be sure to complete our survey below for a chance to win a $100 Amazon gift card! 

To learn more about Ermetic, click here to visit our booth to chat with a representative.

  • 10:30 AM
  • 10:44 AM
Track B
David Masson
Track B: Fast and Furious Attacks: Using AI to Surgically Respond
David Masson, Director of Enterprise Security, Darktrace

Fast-moving cyberattacks can strike at any time, and security teams are often unable to react quickly enough. Join to learn how Autonomous Response takes targeted action to stop in-progress attacks without disrupting your business. The discussion includes real-world threat finds.

Explore today’s threats and challenges and learn how advances in AI have been leveraged to allow for very surgical actions to be taken autonomously - where humans can no longer react fast enough.
 

To learn more about Darktrace, click here to visit our booth to chat with a representative.

  • 10:45 AM
  • 11:14 AM
Track A
Ax Sharma
Track A: Lessons Learned from the Log4j Exploit
Ax Sharma, Senior Security Researcher, Sonatype

The Log4shell vulnerability found in the Log4j logging framework has been recognized as one of the most critical vulnerabilities ever, open source or otherwise. And while the dangers of the Log4j vulnerability remain high, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: If you don’t know what’s in your software supply chain, you’re already behind.

When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.

While this outlook might seem bleak, there are easy steps you can take to significantly mitigate risk. This session will help you do that by answering:

  • Why the Log4j vulnerability is so severe and common remediation measures companies took to secure their code
  • How you can improve your security posture with automation and SBOMs, and better prepared for the inevitable next open source vulnerability that comes along 

To learn more about Sonatype, click here to visit our booth to chat with a representative.

  • 10:45 AM
  • 11:14 AM
Track B
Sean Comrie
Track B: Don't Pay the Ransom
Sean Comrie, Senior Sales Engineer, Rubrik

A ransomware attack strikes every 11 seconds.

Despite thick firewalls, the bad guys will get through. Some businesses pay the ransom but most want to recover, so they don’t let the bad guys win.

A payout isn't the only way out.

If hackers exploit your backups, you pay the ransom. If your backups survive, you need to know what to recover and how long it will take. If you don't, you pay the ransom. But even with a decryption key, recovery takes days or weeks and the hackers may not return all the data.

Recovery from a clean backup is the only way to beat hackers. Data managed by Rubrik can’t be encrypted after the fact. Once ingested, no external or internal operation can modify it. So, your data is immune to ransomware. Since data can’t be overwritten, even infected data ingested by Rubrik can’t infect existing files/folders.

We'll discuss how to:

  • Analyze backup metadata for unusual behavior; 
  • Quickly identify what data was encrypted and where it lives; 
  • Locate PII that may have been exposed to a data exfiltration attack; 
  • Automatically protect new workloads and lock retention to prohibit deletion of backup data.

To learn more about Rubrik, click here to visit our booth to chat with a representative.

  • 11:15 AM
  • 11:47 AM
Track A
Brian B. Brown, CISM, CDPSE, SABSA SCF
Farooq Naiyer
Chris Holden
Track A: Are You Ready for XDR?
Brian B. Brown, CISM, CDPSE, SABSA SCF, Enterprise Architect, Strategist, Educator, Trellix
Farooq Naiyer, vCISO, Gaming Associates
Chris Holden, CISO, Crum & Forster

Is XDR a technology or a capability? Is there one reference architecture, or is there a set of capabilities that define Extended Detection and Response? Gaining a better understanding of threat actor activity requires telemetry and analysis from multiple tools combined with advanced analysis capability. XDR promises to increase detection fidelity and reduce containment and response times while automating and orchestrating key security processes. But is your organization ready to adopt XDR? Do you have the necessary components and capability to be truly effective with XDR? Join our discussion to learn what it takes to begin a journey to XDR and assess your readiness.


To learn more about Trellix, click here to visit our booth to chat with a representative. 

  • 11:15 AM
  • 11:44 AM
Track B
Kimberly Sutherland
Alanna Shuh
Track B: Canadian Fraud Trends and Cybercrime Insights
Kimberly Sutherland, VP, Fraud and Identity Strategy, LexisNexis® Risk Solutions
Alanna Shuh, Director Fraud, LNRS

As Canada continues to shift towards digital, fraudsters are following. In this session, LexisNexis Risk Solutions reveals proprietary cybercrime analysis conducted on over 3B Canadian transactions, as well as industry insights from leading Canadian fraud and risk management executives. With a double-digit increase in both human-initiated and bot attacks, is your organization prepared for an evolving Canadian fraud landscape?    

Kim Sutherland and Alanna Shuh of LexisNexis Risk Solutions will have a discussion with Tom Fields, Editor for ISMG on:

  • Canadian fraud trends and cyber risk insights
  • How leading organizations are focusing on customer experience by leveraging a dynamic, multi-layered fraud prevention strategy and using risk-appropriate friction for authentication

To learn more about LexisNexis, click here to visit our booth to chat with a representative.

Can You Outsource Your Cybersecurity Operations?
Chris Schwiegert, Senior Director of Cybersecurity Operations, TrueBlue Inc.
Samer Adi, IT Security Leader, Green Shield Canada
Hadas Cassorla, CISO, M1 Finance

Well, of course one can outsource cybersecurity operations. The questions are: What's your business case? What is your vendor selection process? What’s in your contract - and how will you monitor the relationship?

Join this diverse panel for a free-ranging discussion on a variety of topics, including:

  • Why outsource? 
  • How do you right-size the engagement to meet your needs? 
  • What are the key SLAs to write into the contract? 
Chris Schwiegert
Samer Adi
Hadas Cassorla
  • 12:00 PM
  • 12:32 PM
  • 12:30 PM
  • 12:59 PM
Track A
June Leung
Marco Lattavo
Track A: Identity & Access Management Strategies: From Applications to Zero Trust
June Leung, Head of Identity Access Management, Moneris
Marco Lattavo, Director, Identity and Access Management, Economical Insurance

Cloud migration, IoT deployment and zero trust architecture have been paradigm shifts for enterprises and their information security teams. But what about the impact on identity and access management? "It's big," says Marco Lattavo, director of IAM at Economical Insurance and a panelist in this session.

Join to learn more about the impending IAM paradigm shift and how to prepare. Discussion points include:

  • The nonhuman identity challenge; 
  • Clearing the MFA hurdles; 
  • The future of passwordless authentication.
  • 12:30 PM
  • 12:59 PM
Track B
Manny Cancel
Keri Glitch
Alex Foord
Track B: Critical Infrastructure Security: Protecting the Electrical Grid
Manny Cancel, SVP and CEO, E-ISAC
Keri Glitch, VP and CISO, MISO Energy
Alex Foord, CIO and VP, ISEO

It's among the critical infrastructures one thinks of first re: a cybersecurity incident. The North American power grid has been described as "the world's largest connected computer." But how does it function, and what are some of the glaring myths and surprising realities about its cybersecurity capabilities and vulnerabilities? This expert panel discusses:

  • The grid's role as a critical infrastructure
  • Top threats and risks
  • The roles of threat intelligence, information sharing and incident response planning in grid security
Risk Management 2022: The New Priorities
Clive Brennan, Director- Cyber Security Risk, Societe Generale
Shakeel Sagarwala, Director, Information Risk Management, Manulife
Rachel Guinto, AVP, Information Risk Management, Manulife

Cloud security, supply chain security, third-party risk - it’s a broad and rich risk management surface for cybersecurity and risk leaders in 2022. And prioritization is a key challenge: Which are the top risks demanding the most resources and talent? Join this panel of risk and security leaders for a discussion about prioritization, as well as: 

  • How to assess business risk; 
  • Asset management in the cloud; 
  • A fresh look at third-party risk management.
Clive Brennan
Shakeel Sagarwala
Rachel Guinto
  • 01:00 PM
  • 01:30 PM
Securing your Data
Karen Habercoss, Chief Privacy Officer, U. Chicago Medicine
Ragulan Sinnarajah, VP, IT & Head of Cyber Security, Sobeys
Kush Sharma, CIO, Aptitude 360 Inc

Data security was challenging enough when all your crown jewels were locked within a single castle. Now that they are on disparate devices, in home offices and in the cloud, it's a game-changing discussion. Join this panel of experts to discuss the new challenges of data security, including: 

  • Identifying your most high-value data assets - they might not always be what you think they are; 
  • Defining your appetite for sharing data - which may change; 
  • Tackling data sprawl.
Karen Habercoss
Ragulan Sinnarajah
Kush Sharma
  • 01:30 PM
  • 01:59 PM
Legal Update – What Non-Lawyers Need to Know
Ruth Promislow, Partner, Bennett Jones LLP
Imran Ahmad, Partner, Canadian Head of Technology, Norton Rose Fullbright

Heightened third-party risk, unrelenting ransomware attacks and a shifting regulatory landscape. These are boom times for cybersecurity and privacy attorneys, but difficult times for non-legal executives trying to make sense of it all.

Join this session and hear straight from two leading attorneys about:

  • Negotiating the tricky ransomware landscape; 
  • Emerging regulatory concerns; 
  • What non-lawyers need to know about cybersecurity and privacy legal issues.
Ruth Promislow
Imran Ahmad
  • 02:00 PM
  • 02:29 PM
New World, New Controls: Updating Yesterday's Cyber Strategy for 2022
Martin Dinel, Assistant Deputy Minister and Chief Information Security Officer, Government of Alberta

Remember when people worked together in central offices, "digital transformation" was a marketing pitch, and cyberattacks on critical infrastructure were far more theory than practice?

That was only two years ago. Today, post-SolarWinds, Colonial Pipeline and Ukraine, it's a different world - and it requires a different cybersecurity strategy.

In this closing keynote, Martin Dinel , CISO of the Government of Alberta, outlines his efforts to update his cyber strategy, including:

  • Digital services by default; 
  • Hybrid work as the norm; 
  • Potential risks from nation-state actors.
     
Martin Dinel
  • 02:30 PM
  • 02:59 PM
Day 2 Agenda

All content from Day 1 will be available on demand from 9 AM - 5 PM ET on Day 2, Wednesday, March 9th. Don’t miss the chance to log-in and consume any content you may not have had the chance to see at your own convenience.

  • 09:00 AM
  • 04:59 PM

Speaker Interviews

March 8 - 9, 2022

Canada Summit