CISO Forum Canada 2023

CISO Forum Canada is brought to you by siberX, and brings speakers, attendees, & sponsors from all over the world together to discuss the everchanging field of executive information security management. Topics focus on leadership, strategic management, innovation, & cutting-edge solutions to the challenges of leading information security programs.

This event is open to Director level and above security leaders only. The attendee list is reviewed by the advisory. For any vendor/partner registrations, please refer to the sponsorship package.

CISO Forum Canada will mobilize leaders from across Canada as speakers & attendees for keynotes, panel discussions, & round-tables followed by an executive reception.

This event is in-person and online.

Chief Cybersecurity Advisor
Chief Cybersecurity Advisor at Microsoft
Head of Cybersecurity
Head of Cybersecurity at Youth Employment Services
Operating Partner & CISO
Operating Partner & CISO at Craft Ventures
CSO
CSO at CDW Canada
CIO
Chair at CISO Forum Canada Advisory
CISO
CISO at Ruby
VP, IT Operations, Infrastructure & Cybersecurity
VP, IT Operations, Infrastructure & Cybersecurity at DUCA Financial
CISO
CISO at UHN
Strategic Advisor and Corporate Board Director
Strategic Advisor and Corporate Board Director at Descartes Systems Group
CEO & Co-Founder
CEO & Co-Founder at BlokSec Technologies
CISO
CISO at WestJet
vCISO
vCISO at BGIS
Vice President Information Technology
Vice President Information Technology at Enova Power Corp
VP Information Security & CISO
VP Information Security & CISO at Kepler Communications
Director of Cyber Defence
Director of Cyber Defence at GoEasy Ltd
VP, CISO
VP, CISO at Equifax Canada
General Manager, Cybersecurity
General Manager, Cybersecurity & Privacy at Suncor
Global CISO and Head of Global IT Infrastructure
Global CISO and Head of Global IT Infrastructure at Fiera Capital
VP, IT Shared Services & Head of Cyber security
VP, IT Shared Services & Head of Cyber security at Sobeys
CISO & VP, Enterprise Architecture & Digital Technology
CISO & VP, Enterprise Architecture & Digital Technology at Ontario Power Generation
CAO
CAO at Town of Midland
CISO
CISO at Manitoba Public Insurance
CISO
CISO at CN Rail
  • Start your day off with a VIP Breakfast: 

    • Scrambled Eggs
    • Crispy bacon
    • Chicken sausage
    • Crisp fried breakfast potatoes
    • Whole wheat croissants, lemon poppy seed loaf and banana bread
    • Fruit preserves, honey and butter
    • Assorted individual yogurts
    • Fresh sliced fruit and berries
    • Fresh juices, coffee, and assorted teas

     

  • Wendel Clark is a former professional ice hockey player and current team executive. He is best known for his time with the Toronto Maple Leafs, where he captained the team and became a fan favorite for his physical style of play. Throughout his career, Clark was known as a leader on and off the ice, and his passion and dedication to the game made him a role model for aspiring players. Today, Clark serves as an executive for the Leafs and continues to inspire fans with his wisdom and experience. As a keynote speaker, he is sure to motivate and inspire audiences with his stories from the rink and his insights on leadership and teamwork.

  • Once a breach is confirmed, an organization must activate a crisis communications plan. From authorizing spokespersons to disclosing details, each step must be carefully considered and measured against reducing further risk to the organization. In this session, our experts present their thoughts on post-breach communications and discuss how these impact the integrity and availability of their services post breach.

  • Take a refreshing break with warm treats:

    Fresh baked chocolate chip, macadamia white chocolate chip, oatmeal and raisin cookies with mini biscotti, accompanied by soft drinks, fresh coffee and assorted teas. 

  • Offloading Your Cybersecurity. To Outsource or Not? That Is the Question.

    The role that CISOs of today find themselves playing is evolving rapidly. Between dramatic escalations in threat actor sophistication and tactics and the proliferation of regulatory measures intended to control the economic and national security risks those threat actors are presenting, CISOs are having to evolve their own skill sets and tactics to keep up.

    The old, tried, and true strategies are no longer enough to ensure revenue and reputation are adequately protected. They’re also no longer enough to keep CISOs themselves protected from the new trend of lawsuits and criminal prosecutions. At least with publicly traded companies, shareholders holding CISOs legally accountable for shareholder losses, driven cyber security events has security leaders thinking about liability and corporate insurance to protect themselves.

    For smaller to medium-sized companies, in a world where qualified security professionals with the right skills are challenging to find and retain, many are choosing to outsource their security to companies with focused experience and resources that can get it done right. Beware though, as not all providers are created equal in this space. It’s critical to do your homework and make good, well-informed choices on what providers, with what mix of capabilities are needed to produce an effective result. Outsourcing can be a great option, but only if you are careful, and take the time to get it done properly.

    VP of Cyber Security at BlackBerry

    Passwordless…and Other Ways to Make Your Security More Adaptive

    Director of Sales Engineering at ForgeRock

    Employing a Cybersecurity-led Digital Transformation Strategy

    Executive Vice President at ISA Cybersecurity
    Cyber Services Offering Leader at ISA Cybersecurity

  • Cyber Resiliency: A Crucial Foundation of a Connected Society

    Cyber security is a key enabler of technological success. Innovation and enhanced productivity can only be achieved by introducing security measures that make organizations as resilient as possible against modern attacks. As digital threats increase and evolve, it is critical to embed cyber resilience into the fabric of the organization.

    Join us for this session as we discuss developing a holistic approach to cyber resiliency and practical insights for success factors every organization should adopt.  

    Executive Security Advisor at Microsoft Modern Work and Security

    How Did we Fare on our 2022 Predictions and What our Research Team is Predicting for 2023

    Principal Security Researcher at Kaspersky

    Operating in the Age of Cyberattacks: Ransomware Is the New Disaster

    There are three certainties in life: death, taxes, and now, Ransomware. Come learn why many industries across Canada (and globally) are looking at data isolation and recovery solutions. We will discuss trends in the industry and how companies are looking at immutable appliances and SaaS based solutions to isolate their critical data. We will share some of the staggering Ransomware statistics and highlight some customer use cases on how they have recovered their data and quickly resumed operations following a Ransomware attack.

    Technical Field Director at Cohesity

  • Re-energize with a warm lunch:

    • Baby spinach salad with Ravine Farms mushrooms, herbs, and maple mustard vinaigrette
    • Red beet salad with Vidalia onions and house vinaigrette
    • Grilled supreme of chicken with herbs
    • Creamy mashed potatoes
    • Seasonal Holland Marsh vegetable medley
    • Apple and pear crumble with whipped cream
    • Soft drinks, fresh juices, coffee, and assorted teas
  • All broader public sector (BPS) organizations should not only have a cyber security incident response plan in place, but those in cyber security roles should fully understand and be able to fulfill their responsibilities in incident detection and response. This workshop is targeted to IT professionals within BPS organizations that have or could be responsible for cyber security incident response activities. A non-technical course with an emphasis on preparations and security operations processes, the goal is to provide BPS IT professionals with knowledge, skills and tools needed to better prepare themselves and their teams for cyber security incident detection and response.

  • When faced with an ever-increasing number of cyber-attacks and security breaches, many organizations turn to their insurance providers as an additional layer of protection to cover their potential losses. However, not all organizations feel confident that their policies are providing adequate protections. To stay ahead of these growing concerns, Arctic Wolf has conducted research into the current state of the cyber insurance market and found what trends policy holders are faced with. This session will cover current cyber insurance trends from the policy holder perspective and recommendations for those organizations seeking to obtain or renew their coverage.

  • Everybody thinks they are brilliant at communicating with business stakeholders. While some people are right ... we can always be better. When technologists speak about technology, business audiences hear the adults from the old Charlie Brown cartoons, who all sound the same - 'waah, waah, waah, waah.'  Technology leaders want to share everything they know, but business leaders only want the Cliff Notes. Most people assume their audience has the same context and frame of reference as they themselves have and they are frequently mistaken. This results in miscommunication, which leads in turn to poor decision making. Attendees will learn:

    1 - Common mistakes made by IT and security leaders when communicating with their less technical audiences 

    2 - Tips for creating messages that will resonate with business colleagues and leaders

    3 - How we can deliver the message clearly, concisely, effectively and without boring our audience to tears.

  • After identifying and confirming the legitimacy of a threat, SOCs must activate an immediate response to secure and protect mission critical systems. While many challenges can emerge through this, availability of service remains of utmost importance. In this session, we will learn how CISOs keep systems moving in the face of an active and ongoing threat.

  • Take a refreshing break with warm treats:

    Fresh warm mini doughnuts with chocolate filling, and strawberry filling accompanied by soft drinks, fresh coffee and assorted teas. 

  •  

    Hosted by industry leaders from across multiple sectors in Canada, the round table sessions are by registration only and are open exclusively to security practitioners.  The roundtables are in-person (no virtual option available) and will examine practical use cases and best practices will be shared. The Chatham House Rule will be strictly enforced. Its guiding spirit is: share the information you receive, but do not reveal the identity of who said it.  Participants can freely and openly share their experiences, and remarks made by any participant or speaker cannot be publicly or privately attributed to them.

    • Growth, Leadership & Development; The Changing Role of Todays CISO's | George Al-Koura, Jayson Phelps
    • Talent Shortages: How to Fill and Retain the Talent Pipeline | Vaughn Hazen
    • Cybersecurity Technology Stack Consolidation - What You Can and Can’t Consolidate | Tushar Singh
    • The View From the Top - Board Readiness & Corporate Leadership | Kelley Irwin
    • Overall Negotiation / Exit Packages | David Mahdi
    • Get in Where You Fit In - Cybersecurity Domains and Shifting Into the Industry | Octavia Howell
    • Cyber Insurance; The Landscape | Manas Giri
    • It Doesn’t Matter What the CEO Says....Do the Right Thing? (How to Protect Yourself but Also Do the Right Thing) | Bil Harmer
    • Enabling Zero Trust Framework Around Data Protection Strategy and Securing Digital Identity (PHIPA) | Ali Shahidi
    • Building Indigenous Capacity in Cybersecurity | Ryan Healey-Ogden
  • Get ready for an evening of networking at the CISO Forum Canada cocktail reception! This is your chance to mix and mingle with your fellow attendees over cocktails and delicious hors d'oeuvres. This is the perfect opportunity to expand your professional network and make new connections, all while unwinding after a full day of learning and engaging with industry leaders.

  • Start your day off with a VIP Breakfast: 

    • Scrambled Eggs
    • Crispy bacon
    • Chicken sausage
    • Crisp fried breakfast potatoes
    • Whole wheat croissants, lemon poppy seed loaf and banana bread
    • Fruit preserves, honey and butter
    • Assorted individual yogurts
    • Fresh sliced fruit and berries
    • Fresh juices, coffee, and assorted teas
  • Join Kelly Bissel, Corporate VP of Microsoft Security Services, to talk about the future of ransomware attacks. How can organizations battle nation-state threats? What are the best practices that can be put in place to recover from an attack? And what does the future of these attacks look like. 

     

  • Rethinking Your Security Strategy: How to Establish a Security-Aware Organizational Culture

    Technology alone does not provide your organization with foolproof protection against cyberattacks and data breaches. Security awareness programs help educate and empower users to detect and avoid common cyber threats. Moreover, a successful security awareness program should generate a security-conscious organizational culture. Join Theo Zafirakos, CISO of Terranova Security, to learn about different initiatives to help your organization create a winning security-aware organizational culture, using engaging content, gamification, and other elements to drive participation and knowledge retention.

    CISO at Terranova Security

    You’re Going to Need a Bigger Boat - The Reality of Phishing

    Phishing is the biggest threat to the integrity of systems and data within organizations across the globe, and that threat is evolving.

    In this talk Oren J. Falkowitz lifts the lid on the recent evolution of sophisticated methods of phishing and the impact it is having, citing the odd horror story along the way.

    Security Leadership at Cloudflare

    Ignore Cybersecurity in Your [Third-Party | Partner | Vendor | Supply Chain] Ecosystem at Your Own Peril

    Historically, less than a decade ago in fact, third-party risk management was about two things. If legal and finance said OK, we were good to go. But no more! What would happen to your organization if a critical partner got slammed with the latest ransomware and were down for a week, a month, or forever. What would be the impact on you? Real time, continuous visibility into Cybersecurity posture within your ecosystem is no longer a nice to have.

    1. Are questionnaires enough (SPOILER ALERT: No)
    2. What kinds of things should you be looking at to assess cyber risk in your extended ecosystem?
    3. What are best practices in integrating cybersecurity risk into the process of managing your partners?
    SVP, Cyber Risk Evangelist at Black Kite

  • Take a refreshing break with warm treats:

    Fresh baked chocolate chip, macadamia white chocolate chip, oatmeal and raisin cookies with mini biscotti, accompanied by soft drinks, fresh coffee and assorted teas. 

  • ELCH will be hosting their final presentations for their inaugural hackathon LIVE at CISO Forum Canada 2023. During the break, come watch emerging leaders present their final solutions to real-world scenarios common within the industry. Join us in Grand York Ballroom C to watch the final presentations live and provide your feedback to the judges before they decide the final winner!

  • Re-energize with a warm lunch:

    • Baby spinach salad with tomatoes, cucumbers and apple cider vinaigrette
    • Potato salad
    • Smoked bacon wrapped AAA Ontario beef tenderloin medallions with
    • Ravine Farms mushrooms and natural juices
    • Roasted new potatoes
    • Seasonal Holland Marsh vegetable medley
    • Caramel bread pudding with dried Bala cranberries
    • Soft drinks, fresh juices, coffee, and assorted teas
  • *Registration is Required- In-Person Only*

    In Cyber42 Vulnerability Management you will play to win! In this 90-minute game day you will play individually to improve the state of a fictional organization and more effectively handle the vulnerability management. During the game, as developed for MGT516: Building and Leading Vulnerability Management Programs, you will see that the actions you choose can have uncertain outcomes and even unintended consequences!

    This interactive simulation puts you in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that you likely will encounter at work. The decisions you make will impact your organization’s vulnerability management program, leveraging and impacting the available budget, time, and vulnerability management maturity.

    Winning the game is simple. You need to have the highest score, which represents how well you have adapted and implemented the vulnerability management program. It’s not just about implementing security controls, it’s about changing behaviors and culture to create lasting improvements.

    System Requirements: The Cyber42 game is hosted on Amazon Web Services (AWS). Players must have a computer that does not restrict access to AWS services. Corporate machines may have a VPN, intercepting proxy, or egress firewall filter which can cause connection issues communicating with AWS. Players must be able to configure or disable these services to be able to access the Cyber42 game. The Cyber42 app is *not mobile friendly*. 

  • All broader public sector (BPS) organizations should not only have a cyber security incident response plan in place, but those in cyber security roles should fully understand and be able to fulfill their responsibilities in incident detection and response. This workshop is targeted to IT professionals within BPS organizations that have or could be responsible for cyber security incident response activities. A non-technical course with an emphasis on preparations and security operations processes, the goal is to provide BPS IT professionals with knowledge, skills and tools needed to better prepare themselves and their teams for cyber security incident detection and response.

  • Blue is the world’s most popular color.

    But this was not always the case. Originally, it was little used in art and clothing, and in turn had little symbolic cultural value. In the course of a few key decades, however, blue overcame obstacles of sourcing and production, and its popularity exploded—rising to represent some of the highest values of society. Subsequently, a wave of innovation democratized the color, placing it in the hands of “normal people” and cementing its cultural legacy.

    Identity finds itself on a similar path. After a period of relative obscurity, identity has begun its rise over the past decade. Identity is becoming “popular” in security strategy and front of mind for organizations. And like the color blue, identity is rising as it becomes ubiquitous, automatic, and easy to use.

    We’ll discuss the impact of identity from a CISO’s perspective in each of these key areas, extract lessons from the trajectory of the world’s most popular hue, apply them to the arc of identity.

    The color of the world is changing once more.

  • Take a refreshing break with warm treats:

    Fresh warm mini doughnuts with chocolate filling, and strawberry filling accompanied by soft drinks, fresh coffee and assorted teas. 

  • According to Gartner's latest research, by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.  How is your company addressing the inherent risks in your open source software supply chain.  The US has issued Executive Order 14028 to address this risk. Germany and Japan will be follow suit, what is the private sector doing to address these risks?  Join our panel of experts to hear their recommendation and practices around software supply chain risk.

  • Come for the intimate networking and stay for the fantastic food and live music. Taking place on Day 2 of CISO Forum Canada, this is a night you won’t want to miss! 

    Come and join hundreds of cybersecurity professionals across Canada, and speak to leaders in the industry!

    #WeAreCyber

About the Venue

Situated in Richmond Hill, this hotel offers first-rate facilities including a spacious athletic club and comfortable guestrooms with contemporary amenities. The hotel hosts the conference venue and all attendees to CISO Forum Canada 2023 will see signage and notes to additional services and support to ensure a comfortable stay.

Photos
Event Details
Sponsors