CYBER THURSDAY | TORONTO – October 17, 2024

SPEAKERS

BRANDON KRIEGER – Director Cyber Strategy and Defense, Arete

HOW TO BUILD A CYBERSECURITY POSTURE IN 2024

We will cover the Threat Landscape, how to properly assess your security posture and build a Strategic, Tactical and Operational Plan. What challenges do most companies run into and how to overcome them.

EVGENIY KHARAM – Co-founder, Security Architecture Podcast

ZERO TRUST SECURITY FRAMEWORK

“Journey to Zero Trust” explores the shift in cybersecurity from traditional perimeter-based defenses to the Zero Trust model, which operates on the principle of “never trust, always verify.” It outlines the evolution of network security, underscores the role of micro-segmentation, Zero Trust Network Access (ZTNA), and Identity and Access Management (IAM) in modern cybersecurity strategies. The content guides through assessing readiness for Zero Trust, developing a strategic roadmap, and leveraging existing tools for implementation, aiming to enhance organizational security posture in the current dynamic IT environment.

VINAY BIRADAR – Associate Director, Security Advisory, Frost & Sullivan

THE NEXT FRONTIER OF OT SECURITY

In today’s interconnected world, the security of operational technology (OT) infrastructure is paramount. As we rely increasingly on digital systems to manage critical infrastructure, the interconnectedness of OT & IT networks has never been more pronounced. This talk delves into the current state and challenges of securing critical infrastructure, explores strategies to address these challenges effectively, and draws insights from Frost & Sullivan’s research on critical infrastructure industries.

SURINDER SINGH – Cyber Security Manager, PwC Canada

SAAS SECURITY GOVERNANCE

The SaaS application footprint is growing exponentially. Organizations are uploading sensitive data and they don’t have much control over it (Complex Shared Responsibility Model). He will present a framework to address challenges and assess the maturity of their SaaS applications. Please note it’s not how the SaaS vendor is managing security but rather what the client needs to do to ensure the security of the SaaS.

RHEA MICHAEL ANTHONY – Product Security Architect Associate, SAP

SECURING THE PATH FORWARD: ENSURING AI SECURITY AND INTEGRITY

AI has emerged as a transformative force, rapidly integrating into our lives. While it has potential to revolutionize human life and businesses, there are significant threats and challenges that needs to be addressed – A new era of innovation and opportunity where the stakes are high. Here, Secure development of AI is of paramount importance in realizing AI’s transformative potential.

This talk will delve into key strategies and opportunities for enhancing trust in AI and harnessing AI for cybersecurity. A comprehensive view of secure AI practices. It will encourage the audience to think critically of threats with AI and explore the intersection of AI and cybersecurity, ultimately ensuring secure innovation and safeguarding digital landscapes.

DAVID SAMPSON – Founder, Perdition Security

GENERATIVE AI AND APPLICATION SECURITY

In the rapidly evolving landscape of cybersecurity, the advent of generative artificial intelligence (AI) marks a significant shift in how we approach application security. This speech, titled ‘Navigating the Future: Generative AI in Application Security,’ aims to demystify the complex world of generative AI and explore its profound implications for cybersecurity strategies. Generative AI, distinct in its ability to create new data and patterns based on extensive training sets, offers unparalleled opportunities for enhancing security measures. Yet, it also introduces novel vulnerabilities and attack vectors that must be addressed with sophisticated, informed strategies.

Drawing upon my extensive experience in cybersecurity and business leadership across Perdition Security Inc., S&T Holdings Inc., and Globys Inc., I will delve into the dual role of generative AI as both a potent tool for security enhancement and a potential threat. The presentation will cover the historical evolution of AI in cybersecurity, highlighting recent advancements and their practical applications in strengthening application security frameworks. Through real-world examples and case studies from my businesses, attendees will gain insights into the challenges and opportunities presented by AI-powered threats and the best practices for integrating generative AI into their security strategies.

Moreover, the discussion will extend to ethical considerations and the imperative of maintaining user privacy in the age of AI-driven security solutions. As we anticipate future trends and developments in generative AI, the speech will outline the responsibilities of businesses and security professionals in fostering a secure, ethical digital environment. Emphasizing collaboration and continuous learning, I will share my vision for making cybersecurity accessible to SMBs and non-profits, ensuring that organizations of all sizes can navigate the complexities of an AI-enhanced security landscape.

This presentation is designed to equip attendees with a comprehensive understanding of generative AI’s impact on application security, fostering a proactive, informed approach to cybersecurity in an era of rapid technological change. By exploring the convergence of generative AI and cybersecurity, we can collectively work towards a future where digital innovations and security measures evolve in tandem, safeguarding our digital world against emerging threats

NELOY BANDYOPADHYAY – Principal Security Architect, Bank of Canada

GRC & CYBER RISK AUTOMATION (PART OF SECURITY AUTOMATION & ORCHESTRATION – HIGHLIGHTING CYBER RISK)

How GRC Framework and a GRC tool can help an organization to automate the operational risk management process and build an integrated governance, risk and compliance framework.

ASHUTOSH TIWARI – Region Head – Cyber Security Practice, Tata Consultancy Services

EMBRACING CYBER RESILIENCE ACROSS INDUSTRIES

In our increasingly interconnected world, the importance of cyber resilience cannot be overstated. With cyber threats becoming more sophisticated and widespread, organizations across industries need to prioritize cyber resilience to protect their operations, assets, and reputation. This presentation delves into the concept of cyber resilience and explores why businesses need to embrace it.

Understanding Cyber Resilience:

Cyber resilience is the ability of an organization to withstand, adapt, and recover from cyber-attacks while continuing to operate effectively. It goes beyond solely focusing on prevention or defense mechanisms; instead, it emphasizes the need to prepare for, respond to, and rapidly recover from cyber incidents. Achieving cyber resilience involves a holistic approach that encompasses people, processes, and technology.

The Importance of Embracing Cyber Resilience:

  • Evolving Threat Landscape: Cyber threats continue to evolve at an alarming rate, with hackers employing increasingly advanced techniques. By embracing cyber resilience, organizations can proactively prepare for future threats and stay a step ahead of cybercriminals.
  • Business Continuity: A cyber incident can have severe consequences, including financial loss, disrupted operations, and damaged reputation. By implementing cyber resilience measures, companies can minimize downtime and ensure continuity, even in the face of a successful attack.
  • Regulatory Compliance: Governments and industry regulators have recognized the criticality of cybersecurity and put in place various standards and regulations. Embracing cyber resilience enables organizations to meet these legal requirements and foster customer trust.
  • Protecting Stakeholders: Cyberattacks don’t just impact the organization; they can also affect customers, partners, and employees. By embracing cyber resilience, companies demonstrate their commitment to safeguarding their stakeholders’ data and privacy.

Building Blocks of Cyber Resilience:

  • Risk Assessment: Conducting regular risk assessments helps organizations identify potential vulnerabilities and prioritize mitigation efforts. This involves evaluating existing security controls, identifying potential threats, and determining the impact of successful attacks.
  • Robust Security Measures: Organizations should establish strong security measures, including robust firewalls, encryption protocols, and multi-factor authentication. Regular updates, patch management, and security training for employees are also crucial to maintain a secure environment.
  •  Incident Response Planning: Having a well-defined incident response plan is essential for effective cyber resilience. This plan should outline clear roles and responsibilities, communication protocols, and steps to follow in the event of a cyber incident, ensuring a swift and coordinated response.
  • Regular Testing and Training: Continuous testing of cybersecurity defenses, including penetration testing and vulnerability assessments, helps identify and remediate weaknesses. Employees should receive regular cybersecurity awareness training to ensure they are equipped to recognize and respond to potential threats.