2020 Toronto Information Security Forum

Forum Agenda

Forum Agenda

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Security Operations

Cutting-Edge Security Operations in the Cloud

with

Security teams know they need to scale their security operations program in the cloud, but how? This session takes attendees through the nuts and bolts of creating a cloud-based, cutting-edge security operations center (SOC), including:

Approaches to automation
How to foster more well-rounded team members who can handle tasks outside their daily focus
Differences between security operations as part of IT, and information security groups that focus on governance and oversight
Understanding when security operations are best insourced or outsourced
Examples of how successful organizations deploy their information security resources around the globe

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Security Operations

Using AI/ML to Optimize SecOps

with

AI/ML technology can help them make more accurate decisions, but only if security teams feed the right data into the machine. This session explains how to grab and input the right data from five primary log data sources:

Network (traffic flows)
Infrastructure (servers)
Database
Applications
Identity and access management (IAM)/people

From there, we explore what clean, relevant, actionable and business-driven data truly looks like.

John Strand

IANS Faculty

Security Operations

Using “Backdoors & Breaches” to Build Faster, Smarter Incident Response

with

“Backdoors & Breaches” is a card game IANS Faculty Member John Strand and his team at Black Hills Security created based on years of experience teaching incident response, conducting penetration tests, helping clients facilitate tabletop exercises and creating educational content. In this symposium, he teaches attendees how to play it and – more importantly – put it into practice in their organizations.

Going through the cards and procedures, why they are there and how they work
Reviewing four classes of attack: the initial attack/compromise; persistence; command and control (C2); and data exfiltration, escalation and lateral movement
Playing the game

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Security Operations

Log Management in the Cloud

with

Getting cloud log management up and running is one thing; tailoring it to your workflows is another. This session outlines the latest cloud log management tools and techniques, including:

Comparing/contrasting vendor tools to grab log data and upload it into threat detection tools
Creating alerts that will pull more meaningful insights from the logs
How to focus on this from cloud to cloud as opposed to on-prem to cloud

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Security Architecture

Beyond Passwords: Where Biometrics Fit In

with

Security teams have explored biometrics as an option to eliminate passwords for authentication. But with such methods as facial recognition under fire, they need to separate sensational headlines from the realities of where biometrics may or may be viable. This session:

Recaps the privacy and legal ramifications of biometrics (e.g., facial recognition)
Explores biometrics use cases, including document validation, authentication and lie detection
Explores the full spectrum of tools worth considering in the pursuit of passwordless authentication

Aaron Turner

IANS Faculty

Security Architecture

IAM and File Security: Advanced Tools and Techniques

with

Employees and contractors still end up with advanced file access permissions when they shouldn’t. Security teams need to know what they’re doing wrong in file security and what tools/techniques can help them fix this problem. This session explores:

How to reduce your attack surface more effectively
How to marry security objectives with compliance/business objectives when setting file access perimeters
Key considerations for cloud and mobile

Mike Rothman

IANS Faculty

Security Architecture

Advancing Cloud Security: A Roadmap

with

Small teams are stuck at the ground level for cloud security and need to mature. Large teams continue to struggle when designing cloud architecture, managing apps and configuring systems. Both need to know what they’re doing wrong and how to do it right. This session begins with a brief overview of the IANS/Securosis Cloud Security Maturity Model and then explores fresh guidance to improve SecOps and DevOps in the cloud, including:

How to build an automation framework for SecOps in the cloud
How to build a library of design patterns that development teams can use to develop stronger code in the cloud
How to know when you’ve reached the point within cloud security where you don’t actually have to be involved because everything is being built into code and infrastructure

Dave Lewis

IANS Faculty

Security Architecture

Zero Trust Principles: Making Them Work for You

with

Security teams need to understand both what zero trust principals are and how to properly implement them across the organization. This session starts with the nuts and bolts that make up zero trust, then delves into:

How zero trust architecture lowers the risk of common attacks, including account takeovers, insider threats, web and cloud app risks, and IoT and device compromises
Real-world examples of successful zero trust in action
Legacy tech that doesn’t play well with zero trust and what to do about it

Aaron Turner

IANS Faculty

Security Architecture

IoT in the Enterprise: Minimizing the Risks

with

There’s no clear consensus on who is responsible for managing risks associated with IoT devices in an organization. Security teams need help clearing up that confusion. This session will review:

Where all the IoT devices are
Who should be in charge of security risks related to IoT
How to assemble a responsibility tree for who does what in the event of an IoT-related compromise

Dave Lewis

IANS Faculty

Threats & Vulnerabilities

Protecting Traveling Employees: Tools and Techniques

with

Employees’ use of mobile devices while traveling makes it easier for sophisticated (often nation-state) attackers to know their location and target them. This session details where autonomous system numbers (ASNs) and geo-blocking tools are useful defenses and where they fall short. Specifically, we explore how to:

Reduce malicious traffic, especially for organizations with limited business locations
Know the limitations of ASN/geo-blocking and act accordingly. You can’t block entire companies, so what does the rest of your strategy look like?
Make exceptions for certain partners/customers without breaking the rules Use web server content blockers like Fail2ban and the Apache module mod_geoip, as well as services such as Country IP Blocks and NirSoft

John Strand

IANS Faculty

Threats & Vulnerabilities

Ransomware: Defense and Recovery Tactics for 2020

with

Ransomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. This session explores:

Case studies from the news: What victims did wrong and what they did right
Tools and techniques to use if an initial attack is successful
A look at how tactics differ for small teams vs. large teams
How to account for ransomware attacks in your incident response plan

John Strand

IANS Faculty

Threats & Vulnerabilities

Threat Hunting Techniques for 2020

with

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores:

Host and network-based techniques for identifying advanced attackers and threats to customer networks
How to position hunt teams to directly increase the overall maturity and return on investment (ROI) of their monitoring and detection capabilities
Detecting abnormal patterns of behavior
Tips to better incorporate threat hunting into purple teaming

Aaron Turner

IANS Faculty

Threats & Vulnerabilities

Defending Against Nation-State Attacks

with

Nation states are increasingly targeting Fortune-class companies in an effort to steal their intellectual property. Large security teams need to learn from case studies of recent attacks and develop strategies and tactics to protect their own environments. This session explores:

Recent nation-state targets and what attackers were looking for
What those companies did right, and what they did wrong in their defenses and incident response
Tools and techniques companies should consider to defend against future attacks

Mike Rothman

IANS Faculty

GRC

Bringing Business Units and Third Parties into Your Risk Management Orbit

with

Legal, human resources and privacy teams tend to be risk averse. while the business side is usually pro-risk, leaving infosec stuck in the middle and often blamed for workflow hold-ups. Security teams need to master the mediator role and ensure accountability is spread out among teams. This session explores:

Managing internal and external risks under one team
Better understanding how other organizations quantify vulnerability risk
Adopting a per-application view of vulnerability management and bundling it into an application risk rating with an umbrella perspective

Mike Rothman

IANS Faculty

GRC

Improving Your Three Lines of Defense

with

The Three Lines of Defense model remains poorly understood. The three lines get blurred within many organizations and security teams need help understanding what they are. This session breaks down the components, clarifies who does what and explores tools that help. Topics include:

How to spread accountability across the board by breaking down which groups fall where inside the three lines of defense
How to optimize RSA Archer, ServiceNow and other good risk management tools
How to find and deal with older technology and procedures nearing end of life

Mike Rothman

IANS Faculty

GRC

Managing Privacy and Risk in the Social Media Age

with

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

Where current methods of tracking employee social media use fail and how to fix it
Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
How well (or not so well) cloud-based email systems interact with social media platforms

4:45 PM - 5:45 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!

2020 Toronto Speakers

Dave Lewis

IANS Faculty

Presentations

Beyond Passwords: Where Biometrics Fit InForum Agenda9:15 AM - 9:20 AM
Zero Trust Principles: Making Them Work for YouForum Agenda9:55 AM - 10:00 AM
Protecting Traveling Employees: Tools and TechniquesForum Agenda10:15 AM - 10:20 AM

Mike Rothman

IANS Faculty

Presentations

Cutting-Edge Security Operations in the CloudForum Agenda8:35 AM - 8:40 AM
Advancing Cloud Security: A RoadmapForum Agenda9:35 AM - 9:40 AM
Bringing Business Units and Third Parties into Your Risk Management OrbitForum Agenda10:55 AM - 11:00 AM
Improving Your Three Lines of DefenseForum Agenda11:05 AM - 11:10 AM
Managing Privacy and Risk in the Social Media AgeForum Agenda11:16 AM - 11:20 AM

John Strand

IANS Faculty

Presentations

Using AI/ML to Optimize SecOpsForum Agenda8:45 AM - 8:50 AM
Using “Backdoors & Breaches” to Build Faster, Smarter Incident ResponseForum Agenda8:55 AM - 9:00 AM
Ransomware: Defense and Recovery Tactics for 2020Forum Agenda10:25 AM - 10:30 AM
Threat Hunting Techniques for 2020Forum Agenda10:35 AM - 10:40 AM

Aaron Turner

IANS Faculty

Presentations

Log Management in the CloudForum Agenda9:05 AM - 9:10 AM
IAM and File Security: Advanced Tools and TechniquesForum Agenda9:25 AM - 9:30 AM
IoT in the Enterprise: Minimizing the RisksForum Agenda10:05 AM - 10:10 AM
Defending Against Nation-State AttacksForum Agenda10:45 AM - 10:50 AM

Sheraton Centre Toronto Hotel

123 Queen Street West, Toronto, ON M5H 2M9

Room Rate:

^$239

per night plus tax

General Information

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Registration Questions

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

What's the registration deadline?

You can register for and IANS event up to the day of the event.

Housing & Travel Questions

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

How can I book a hotel room?

All hotel requests must be made through the registration site.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Is parking provided?

IANS does not cover any parking.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Onsite Questions

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Sponsorship Questions

Are there still sponsorship opportunities?

Please contact Eric Bartczak at sponsorships@iansresearch.com for more information.

Will there be opportunities to network with peers and sponsors?

IANS offers a Silver, Gold and Platinum level sponsorship. Please visit the Event Sponsors Page for more information.