2021 Toronto Virtual
Information Security Forum

#IANSToronto #IANSEvents

Thursday, October 21, 2021 | 9:00 AM - 3:30 PM ET
Web Conference, Toronto, Ontario

The Toronto is designed for information security practitioners across all industries to dive deep on specific topics, share insights, and network with peers in a virtual environment. This one-day event incorporates breakouts with IANS Faculty, spotlight sessions on emerging technologies, and opportunities to network with your peers. Topics fall into five tracks:

  • Security Operations
  • Security Architecture
  • Threats and Vulnerabilities
  • Governance, Risk Management, and Compliance
  • Leadership and Career Development

IANS Forum content is geared toward the entire security function. Attendees include but are not limited to CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Let your colleagues know you're coming!

Register Now

* Required Fields
*Receive 1 CPE credit for every hour of attendance at our events.

Agenda

Summer Fowler

Summer Fowler

IANS Faculty

Summer Craze Fowler is an accomplished CSuite executive and cybersecurity expert with over 20 years of experience developing technical strategies and leading engineering teams to achieve aggressive technical goals while also in hyper-growth mode. Summer’s strong technical background is rooted in a business-minded approach supporting her proven ability to effectively disposition cyber security as one of many business risks. She is an experienced board governance professional through her work with both corporate and non-profit boards. Summer was named as one of the Top 25 Women in Cyber Security by The Software Report (2021).

Summer is the Chief Information Officer and Chief Information Security Officer for Argo AI, an artificial intelligence company focused on self-driving vehicle technology. In this role she develops and leads the strategy and execution of both the IT and cyber security teams. Summer also leads Facilities, Logistics, and Physical Security at Argo. She led the technical activities of the successful international acquisition of a 300+ person company in the EU. She is an expert in business continuity and cyber crisis management.

9:00 AM - 9:30 AM

Building Your Personal Board of Directors

with Summer Fowler
Organizations have been using a Board of Directors to govern and advise for hundreds of years starting with the Dutch East India Company early in the 17th century. We have not, however, seen this concept translate officially to individuals as they advance in their careers. This keynote will introduce the idea of your PERSONAL Board of Directors, the advantages of having one, the importance of fostering relationships with your directors, and provide some actionable advice on how to get started building your Board of Directors today.

9:35 AM - 10:20 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

10:20 AM - 11:00 AM Security Architecture

Building a Better Security Champion Program

with George Gerchow

Small security teams lack the staff and tools to communicate and enforce application security best practices across the organization. Security champion programs open lines of communication between security and the rest of the organization, leading to better support, accelerated alert cycles and stronger business/security alignment. This session will provide the necessary guidance to:

  • Properly identify and recruit champions from each developer, IT and operations team
  • Train champions to find and communicate problems quickly and accurately
  • Delegate some of the meatier security work to the champions
  • Identify, obtain and deploy metrics/KPIs to track the program’s effectiveness
rich-mogull

Rich Mogull

IANS Faculty

Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.

Security Operations

Incident Response: Fixing What's Wrong with Crisis Management

with Rich Mogull

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

  • Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
  • Case study: What we can learn from the SEAL team approach
  • How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
  • How agreed-on values and beliefs guide decision-making when pressure is extreme
  • How leaders’ character, substance and style impact those around them
dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Threats & Vulnerabilities

Phishing and Ransomware: Defense and Recovery Tactics for 2021

with Dave Lewis

Ransomware and phishing attack methods continue to evolve, as do protection techniques. Security teams seek updates on what has changed this past year. This session will explore:

  • Case studies from the news: What victims did wrong and what they did right
  • Tools and techniques to use if an initial attack is successful
  • A look at how tactics differ for small teams vs. large teams
  • How to account for ransomware attacks -- including ransomware denial-of-service -- in your incident response plan
11:05 AM - 11:50 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
rich-mogull

Rich Mogull

IANS Faculty

Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.

11:50 AM - 12:30 PM Security Architecture

Navigate the Multi-Cloud with Fewer Bumps

with Rich Mogull

Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments and seek guidance to adapt their approach to cover the differences from one cloud to the next. This session will explore how to:

  • Focus on process rather than tools -- how they want to do this as opposed to what they should buy
  • Build a consistent monitoring capability across clouds
  • Develop key management and encryption approaches that will be better suited for multi-cloud
  • Apply consistent policy and controls
  • Apply one identity system across clouds
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Adversarial Emulation: Perfecting a Purple Team Holy Grail

with Dave Kennedy

Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs. This session will explore how to understand and more effectively use:

  • Attack infrastructure
  • Client/Blue Team planning techniques
  • Targeting systems
  • Purple Team exercise Flow
  • Tools that track the exercise and show value to upper management
dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

GRC

Managing Privacy and Risk in the Social Media Age

with Dave Lewis

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

  • Where current methods of tracking employee social media use fail and how to fix it
  • Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
  • How well (or not so well) cloud-based email systems interact with social media platforms
12:30 PM - 12:55 PM

Networking Lunch

12:55 PM - 1:40 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

1:40 PM - 2:00 PM Leadership

Ask Me Anything: Promoting Inclusivity through Management

with George Gerchow
Diversity has become a critical issue in infosec, and functional managers can promote inclusivity in how they engage with the team members they supervise. In this “Ask Me Anything” session, we’ll address your questions on tangible ways security managers can promote diversity in various forms, including identifying and addressing implicit bias and eliminating language that can exclude team members from conversations.

dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Threats & Vulnerabilities

Ask Me Anything: The Future of Deepfakes/Disinformation

with Dave Lewis
Deepfakes and other kinds of disinformation continue to get more believable and harder to detect by both people and technology. In this “Ask Me Anything” session, we’ll address your questions on what deepfakes are, the likely threats they may pose to your business in the next couple of years and key ways to mitigate their impact.

dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Leadership

Ask Me Anything: Managing Your Team Through an Incident

with Dave Kennedy
The immediate aftermath of an incident puts a strain on teams, and managing the stress is critical in returning to a normal state as effectively as possible. In this “Ask Me Anything” session, we’ll address your questions on setting and adjusting work/life boundaries in the aftermath of an incident, identifying signs of excessive strain among team members and creating processes that position you to take care of your people.

2:05 PM - 2:50 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

2:50 PM - 3:30 PM Security Operations

Optimizing a SOC via Automation and Visualization

with George Gerchow

Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them. This session will provide attendees with a path forward, including:

  • A look at the automation/visualization tools being used in the most advanced SOCs
  • Case studies from faculty on their own SOC challenges and successes when choosing and implementing tools
  • Common mistakes organizations make on the path to better SOC automation/visualization and how to avoid them
rich-mogull

Rich Mogull

IANS Faculty

Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.

GRC

How to Automate Policy in the Cloud

with Rich Mogull
Manually verifying policy compliance is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. This session will offer teams strategies for policy automation and tools to do it with – specifically how to:
  • ID which policies can be automated.
  • Build strategies for automation that take advantage of cloud-based tools that are freely available
  • Know when to stick with manual policies and alerts 
  • Understand if you are following CIS benchmarks and what to do if you are not
  • Create your own policies in Azure that will report users who are not in compliance

dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Where Critical Infrastructure is Threatened and How to Fix It

with Dave Kennedy

Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. This session will offer security teams guidance to better determine their weaknesses and how to fix them, including how to:

  • Use adversarial emulation in IT/OT environments to better understand how attackers think when targeting infrastructure
  • Expand purple teaming to include development/operations to find/fix problems across a wider area
  • Better understand the right tools to bolster defenses (products and categories to consider)
  • Better understand which tools they have that can be repurposed

2021 Toronto Virtual Speakers

Summer Fowler

Summer Fowler

IANS Faculty

Summer Craze Fowler is an accomplished CSuite executive and cybersecurity expert with over 20 years of experience developing technical strategies and leading engineering teams to achieve aggressive technical goals while also in hyper-growth mode. Summer’s strong technical background is rooted in a business-minded approach supporting her proven ability to effectively disposition cyber security as one of many business risks. She is an experienced board governance professional through her work with both corporate and non-profit boards. Summer was named as one of the Top 25 Women in Cyber Security by The Software Report (2021).

Summer is the Chief Information Officer and Chief Information Security Officer for Argo AI, an artificial intelligence company focused on self-driving vehicle technology. In this role she develops and leads the strategy and execution of both the IT and cyber security teams. Summer also leads Facilities, Logistics, and Physical Security at Argo. She led the technical activities of the successful international acquisition of a 300+ person company in the EU. She is an expert in business continuity and cyber crisis management.

Presentations
  • Building Your Personal Board of DirectorsAgenda9:00 AM - 9:30 AM
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • Building a Better Security Champion ProgramAgenda10:20 AM - 11:00 AM
  • Ask Me Anything: Promoting Inclusivity through ManagementAgenda1:40 PM - 2:00 PM
  • Optimizing a SOC via Automation and VisualizationAgenda2:50 PM - 3:30 PM
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Presentations
  • Adversarial Emulation: Perfecting a Purple Team Holy GrailAgenda11:50 AM - 12:30 PM
  • Ask Me Anything: Managing Your Team Through an IncidentAgenda1:40 PM - 2:00 PM
  • Where Critical Infrastructure is Threatened and How to Fix ItAgenda2:50 PM - 3:30 PM
dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Presentations
  • Phishing and Ransomware: Defense and Recovery Tactics for 2021Agenda10:20 AM - 11:00 AM
  • Managing Privacy and Risk in the Social Media AgeAgenda11:50 AM - 12:30 PM
  • Ask Me Anything: The Future of Deepfakes/DisinformationAgenda1:40 PM - 2:00 PM
rich-mogull

Rich Mogull

IANS Faculty

Rich is CEO and Analyst for Securosis, an information security research and advisory firm, in addition to Founder and Vice President of Product at DisruptOPS, a cloud environment monitoring platform. Prior to founding Securosis, he was Research Vice President for Gartner’s security team where he also served as Research Co-Chair for the Gartner Security Summit. Additionally,Rich has served as an independent consultant, web application developer, software development manager, and a systems and network administrator.

Presentations
  • Incident Response: Fixing What's Wrong with Crisis ManagementAgenda10:20 AM - 11:00 AM
  • Navigate the Multi-Cloud with Fewer BumpsAgenda11:50 AM - 12:30 PM
  • How to Automate Policy in the CloudAgenda2:50 PM - 3:30 PM

Web Conference

Registrants will receive a logistics email with web conference meeting information one day prior to the event.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 6 credits through our partnership with (ISC)2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process, then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum opens at 8:30, with the Keynote kicking off at 9:00am.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All IANS Faculty sessions presentation decks will be available after the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located on the lobby page under Resources.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please follow us on Twitter.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers throughout the day. Please use the direct messaging feature with the platform to connect with and chat with colleagues

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events