Welcome to SecTor

Canada's Cybersecurity Conference

MTCC, Toronto


Black Hat Trainings Oct 21-22 | Summits Oct 22 | Conference Oct 23-24, 2024

SecTor 2023 Join Mailing List

SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Security Professionals, Managers and Executives to connect with their peers and learn from their mentors.

Connect

The contact information below is for mailing and admin only. SecTor can be reached at the following coordinates:

Email: sector@informa.com
Phone: 1.415.947.6846
USA Toll Free: +1-866-203-8081

SecTor C/O Informa Tech Canada, Inc.
20 Eglinton Ave. West, Suite 1200
Toronto ON
M4R 1K8
Canada

About SecTor

Event Information

Each year, SecTor features Keynotes from the industry’s most respected and trusted experts and Speakers who are true security professionals with depth of understanding on topics that matter. SecTor is a must attend event for every IT Professional.

For Technical Security Professionals

For the technically savvy attendee, there is a wealth of content and learning opportunities. Content is selected based on timeliness, relevance and practicality. We do our best to ensure that the content is both current and useful.

  • Latest technical research. New attacks. New defences
  • Tools Track offering a ‘no-budget-needed’ security option
  • Opportunities for Networking during the event
  • Purist approach – no amount of money can buy a speaking slot in our technical track
  • Experts from around the world

For Management

SecTor was founded on a passion for security and it doesn’t take long to realize that security extends far beyond the bits and bytes. Our promise is to ensure that we provide quality content – current information you can’t get anywhere else. The same rigor and dedication that our advisors apply to the selection of the technical content is also invested in selecting the management track session. Marketing fluff is not allowed or tolerated. Your time is valuable and our commitment to you is to provide the information that you need to know.

  • Latest research, trends and approaches
  • Privacy, Policy, Compliance
  • Opportunities for Networking during the event
  • Purist approach – no amount of money can buy a speaking slot in our management track
  • Experts from around the world

Mission

SecTor is Canada’s premier IT Security Education Conference. The annual event where IT Security professionals gather to learn from and network with the world’s most innovative, intellectual, exciting and entertaining security professionals. SecTor is IT security training at its best.

Background

SecTor was created by founders of TASK, North America’s largest and most successful IT security user group. After many years of attending IT Security events in the United States, and being disappointed that no similar event existed in central Canada, the decision was made to fill the void. SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques. In a non-threatening and productive way, SecTor sheds light on the underground threats and mischief that threaten corporate and personal IT systems. Through identifying, discussing, dissecting and debating these digital threats, the strongest defences can be mounted.

Black Arts Defined

Hacker Slang – black art

A collection of arcane, unpublished, and (by implication) mostly ad-hoc techniques developed for a particular application or systems area (compare black magic)... The huge proliferation of formal and informal channels for spreading around new computer-related technologies during the last twenty years has made both the term black art and what it describes less common than formerly. See also voodoo programming.

Call for Papers

Opening April 2024

SecTor is all about the content that matters to Canadian IT Security Professionals today. The key to SecTor's success, and our primary objective, is quality content and interesting presentations for attendees.


Call for Papers Open: April 2024
Call for Papers Closed: June 2024
Notification to Submitters: August 2024
Briefings Dates/Location: October 23-24, 2024 – Metro Toronto Convention Centre (MTCC), Toronto, Canada

More Details

Briefings Tracks

Management

Tools

Technical

Security Fundamentals

Advisory Board

SecTor is very fortunate to have an impressive group of leading security and industry professionals on our Advisory Committee. These individuals play a critical role bringing the world’s best speakers and minds to the stage for the benefit of all in attendance. If networking and being plugged into the Security Community are priorities for you, then we highly recommend introducing yourself to these folks.

SecTor acknowledges and extends our gratitude for the contributions made by the following persons.

James Arlen
Opheliar Chan
Eric Evenchick
Roy Firestein
Jamie Gamble
Jessica Ireland
Vicky Laurens
Dave Lewis
Kellman Meghu
Dave Millier
Karen Nemani
Maryna Neprosta
Laura Payne
Eldon Sprickerhoff
Gord Taylor
Afeerah Waqar

Presentations

Looking for a solution, inspiration, catching-up on last year’s presentations, or taking a trip down memory lane to see how the IT security industry has evolved over the years? You’re in the right place!

View the history of SecTor Presentations and be sure to also check out our YouTube channel for highlighted topics, sessions, interviews and more.

2023

Keynotes

Welcome to SecTor 2023 – Brian Bourne, Bruce Cowper

Tech Track

Management Track

failGPT - The Eleventh Edition - James Arlen

SECurity FUNdamentals

Sponsor Track

Tools Track

Career Track

2022

Keynotes

Welcome to SecTor 2022 – Brian Bourne, Bruce Cowper
The Future Of CryptographyDr. Whitfield Diffie

Tech Track

Management Track

SECurity FUNdamentals

Sponsor Track

Tools Track

Career Track

Career Panel And Career Fair 2022Max Cizauskas, Roy Firestein, Andrea Stapley, Tom Tran, Afeerah Waqar

2021

Keynotes

Welcome to SecTor 2021 – Brian Bourne, Bruce Cowper
Infosec Halloween 2021: Unmasking The Scary CharactersWendy Nather
The Evolution Of HackingJeff Moss

Tech Track

Behavioral Biometrics – Attack Of The HumanoidJustin Macorin, Iain Paterson
BioHackers: The Invisible ThreatLen Noe
Breaking The Laws Of Robotics: Attacking Automated Manufacturing SystemsStefano Zanero
Common NGINX Misconfigurations That Leave Your Web Server Open To AttackSpencer Perlman
Detecting Illicit Drone FilmingBen Nassi
Explore Adventures In The Underland: Forensic Techniques Against HackersPaula Januszkiewicz
FAIL – Notorious* Number 9James Arlen
Full Circle Detection: From Hunting To Actionable DetectionMathieu Saulnier
Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PROBen Nassi
Hacking & Securing Clinical TechnologyJeremy Richards
HAFL1: Our Journey Of Fuzzing Hyper-V And Discovering A 0-DayPeleg Hadar, Ophir Harpaz
How We Automated Ourselves Out Of On-Call Burnout … And You Can Too!Prima Virani
JavaScript Obfuscation – It’s All About The PackersOr Katz
Large-Scale Security Analysis Of IoT FirmwareDaniel Nussko
Many Stunts, One Design: A Crash Course In Dissecting Native IIS MalwareZuzana Hromcová
MFA-Ing The Un-MFA-Ble: Protecting Auth Systems’ Core SecretsTal Be’ery, Matan Hamilis
Secure And Scalable Development With Microsoft 365 And Azure ADPeter Carson
Siamese Neural Networks For Detecting Brand ImpersonationYuchao Dai, Nitin Kumar Goel, Justin Grana, Jugal Parikh
The Call Is Coming From Inside The House-The Truth About Linux And Cloud SecurityEll Marquez
The Story Of Ghost OneTim Dafoe, Patrick von Sychowski
Towards Developing The Human Risk Assessment PlatformMaria Bada

Management Track

Building Security ChampionsTanya Janca
Epic Journey Of An Enterprise Cloud TransformationHelen Oakley
Harder, Better, Faster, Stronger – Privacy Laws And The Anatomy Of A Breach ResponseStanislav Bodrov
Maturing Your Toolkit With Mental ModelsFernando Montenegro
Redefining Threat Modeling: Security Team Goes On VacationJeevan Singh
The Cross-Disciplinary Challenges Of Data Governance PoliciesAlexander Rasin
The Quantum Threat: Where Are We Today?Michele Mosca

SECurity FUNdamentals

Adventures In Underland: What Your System Stores On The Disk Without Telling YouPaula Januszkiewicz
An Anatomy Of A DevOps Tool Chain AttackAlex Dow
Attacker Techniques: Data ExfiltrationJulian Pileggi
Bot Shops And Info Stealers – Exploring The Dark Web’s Newest FrontierBryan Oliver
Broken Brokers In Boxes: Fuzzing Breaks Everything, Even ErlangJonathan Knudsen
Cloudy With A Chance Of APT: Novel Microsoft 365 Attacks In The WildDoug Bienstock, Josh Madeley
Software Composition Analysis 101: Knowing What’s Inside Your AppsMagno Logan

Sponsor Track

3 Essentials For Automating Security Across Hybrid CloudSattwik Gavli
A Technical Deep Dive Into: Supply Chain Based Triple Extortion Ransomware With DDoS And Scrambled Voice Phone Blackmail And A Review Of Successful Prevention Tactics And StrategiesPete Nicoletti
A Unified Approach To Discover, Protect And Control Your Sensitive DataStephen Kingston
Adopting A Zero Trust Approach To CybersecurityMarc Kneppers
An Introduction To Risk-Based Vulnerability ManagementJerry Gamblin
Best Practices For Open-Source ManagementPete Chestna
Best Practices: PAM Security & Data PrivacyChristopher Hills
Breaking Down Silos Between Security And InfrastructureChad Reaney
Building A Response Strategy To Advanced ThreatsJeff Costlow
Building An Active Defence Program – Why A Traditional SOC Alerting Service Isn’t Good EnoughBill Dunnion
Coverage: How To Get Results From Threat Detection And Response SolutionsAugusto Barros
Data-First SASE Using Behavior Intelligence And Risk AnalyticsBenoît H. Dicaire
Deconstructing A Ransomware Attack: A Case Study In Privileged Account MisuseDaniel Conrad, Bryan Patton
Defending Against Ransomware – Building A Future-Proof ArchitectureBrian Brown
Detection At Scale – Realize Cyber Resilience Using Intelligence-Driven XDRMark Alba
Exposing Ransomware-As-A-Service And Where It’s Going NextJamison Utter
Faster And Smarter Response To Cyber Threats In A Hybrid Cloud EnvironmentDan Jezerinac
For The Greater Good: Challenging The Vulnerability Disclosure Status-QuoLaurent Desaulniers, Olivier Bilodeau
Get It Right, Get It Savvy – Remote Workforce EnablementDiana John
Getting Started With SASE: Connect, Control And Converge With ConfidenceNajib Hatahet
Global Privacy: Keeping Up And Staying AheadLiam McLaughlin
Hindsight Security: Things Breach Victims Wish They Had DoneMatthew Hickey
How To Maximize ROI With Frictionless Zero TrustStephane Asselin
Intelligence-Driven SOARChris Adams
Is Your Defensive Stack Ready For A Targeted Attack?Nelson Santos
Opening XDR To More InsightPeter Cresswell
Poking Around At Scale: One Year Of Scanning The InternetMarc-Etienne Léveillé
Reducing Ransomware At Scale: Exploring The Ransomware Task Force’s RecommendationsJen Ellis
Responsible And Ethical AI For Cyber: Why It’s Important, Why It’s Hard, How To Do ItStephan Jou
Security For Mortals: Think Like A Hacker And Protect Your AssetsLaura Payne, Raheel Qureshi
Security Operations And The End Of Cyber RiskMatthew Trushinski
SOARing To New Heights With TheHive And CortexGeoffrey Roote
Tackling Developer Security TrainingRey Bango
The PrestigeAamir Lakhani
Transforming Cloud Security With SASEJay Reddy
Triple Extortion Attacks On The Rise From Ransomware GangsGary Sockrider
Walking The Cybersecurity Data TightropeTravis Smith
What Elon Musk And SpaceX Can Teach Us About Ransomware And CybersecurityMorgan Wright
Where Is Cybercrime Really Coming From?Luis Carvajal Kim
Why An Integrated Approach To Cybersecurity Is No Longer A ChoiceAndrew Williams
Why The Future Of DevOps Needs HackersWill Kapcio
XDR And SIEM On A Collision Course: What Remains When The Dust Settles?Corey Still

Tools Track

Introducing A New Construct For Advanced Interactive Volatile Memory AnalysisSolomon Sonya
Introducing A New Construct For Advanced Interactive Volatile Memory AnalysisSolomon Sonya
Knocking On Clouds Door: Threat Hunting In Azure AD With AzulaMangatas Tondang
Moving Upstream, Securing The GitOps WorkflowYoni Leitersdorf
Sandboxing In Linux With Zero Lines Of CodeIgnat Korchagin
Zero-Code Data ValidationBernardo Sanchez
Zero-Code Data ValidationBernardo Sanchez

Career Track

2020

Keynotes

“Welcome to SecTor 2020” – Brian Bourne, Bruce Cowper
A Hacker’s Perspective on Your Infrastructure and How to Keep Them Out of Your LifePaula Januszkiewicz
Tech for Good, MaybeTracy Ann Kosa

Tech Track

A DECEPTICON and AUTOBOT Walk into a Bar: Python for Enhanced OPSECJoe Gray
Common Flaws in Public and Private ICS Network ProtocolsMars Cheng, Selmon Yang
Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & KubernetesSheila Berta
Demystifying Modern Windows RootkitsBill Demirkapi
Detecting Access Token ManipulationWilliam Burgess
Detection Mastery – War Stories from the Hunters Side!Ilya Kolmanovich, Felix Kurmish
Escaping Virtualized ContainersYuval Avrahami
Getting Rid of Passwords with FIDO2 and W3C WebAuthnMichael Grafnetter
Heroku Abuse Operations: Hunting Wolves in Sheep’s ClothingAllan Stojanovic, Spencer Cureton
How to Store Sensitive Information in 2020Mansi Sheth
Lamphone: Real-Time Passive Reconstruction of Speech Using Light Emitted from LampsBen Nassi
Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an ImplantDylan Ayrey, Allison Donovan
My Cloud is APT’s Cloud: Investigating and Defending Office 365Doug Bienstock, Josh Madeley
One Malicious Message to Rule Them AllOmer Tsarfati
Policy Implications of Faulty Cyber Risk Models and How to Fix ThemWade Baker, David Severski
Practical Defenses Against Adversarial Machine LearningAriel Herbert-Voss
Security Metrics That MatterTanya Janca
Submarines in Pirate Waters: Cloud Attack StrategiesMoses Frost
The fast and the FAIL 8James Arlen, Dave Lewis, Nick Johnston, Laura Payne
The Paramedic’s Guide to Surviving CybersecurityRich Mogull

Management Track

Are You Doing It Wrong? Highlights into Cybersecurity QuandariesMasarah Paquet-Clouston, Laurent Desaulniers
Can’t Stop This Train – Top Cases in Privacy LitigationStanislav Bodrov
Crown Jewels Lifecycle ManagementAkshat Saxena
DevSecOps: The Right Solution to The Wrong ProblemMark Nunnikhoven
I Promise It’s Not a Computer: Power Grids, Online Voting, and the Lies We TellMark Dillon
Only After Disaster Can We Be Resurrected: Field Lessons in Cyber IncidentsMark Sangster
Solving Security’s People Problem by Expanding the Talent PoolNing Wang

SECurity FUNdamentals

Active Directory Database SecurityMichael Grafnetter
An Introduction to Automotive Security in 2020Eric Evenchick
Compliant Yet Vulnerable: Critical Risks of Measuring Instruments in Production LinePhilippe Lin, Shin Li
Drinking Coffee, Unicorns & Demystifying Zero TrustDave Lewis
PKI Well Revised: Common Mistakes Which Lead to Huge Compromise of IdentityMike Jankowski-Lorek, Paula Januszkiewicz
Ransomware Attacks: Do’s & Don’tsJulian Pileggi
The Great Hotel Hack: Adventures in Attacking the Hospitality IndustryEtizaz Mohsin

Sponsor Track

A Brave New World – Attacks in the Age of COVIDAamir Lakhani
A Decade After Stuxnet’s Printer Vulnerability: Printing Is Still the Stairway to HeavenTomer Bar, Peleg Hadar
A Hackers Dream: Unmanaged PrivilegesChristopher Hills
A New Security Reality: Data IS the PerimeterGina Scinta
A Savvy Approach to Leveraging MITRE ATT&CKTravis Smith
AD Security vs Modern AttacksBryan Patton
Building a Threat Intelligence Team From Scratch on a BudgetLilly Chalupowski
Cloud First It for Dynamic WorkSami Laine
Could Your Business Survive a Ransomware Attack?Dinah Davis, Jonathan Walsh
CryCryptor, the Fake COVID-19 Tracing App That Targeted CanadiansAlexis Dorais-Joncas
Cyber Threat Intelligence and Today’s Complicated Cyber Security EnvironmentsChris Davis
Dissecting Pandemic-Themed Malware and Threat TacticsShyam Sundar Ramaswami
Don’t Be Afraid to Upgrade: Lessons of Speed and Security From High Performance Open Source DevelopmentBryan Whyte
Evolving Your Security CultureRodney Buike
From Security Operations to COVID-19: Security AI State of the Nation, 2020Stephan Jou
How an XDR Approach Helps Speed Response & Improve MITRE ATT&CK CoveragePeter Cresswell
How to Automate Security Validation and Reduce Enterprise Security RiskAviv Cohen
How to Talk to the Board About CybersecurityJeff Costlow
Identifying and Defending the Perimeter With Attack Surface ManagementGeoffrey Roote
Intelligent Network Security: A Paradigm Shift in Cybersecurity!Victor Tavares
Knowing Is Half the battle: Shared Responsibility and Secure Configuration in the CloudDavid Lu
Level Up Your SOC: Meet CyBot, Our Open Source Threat Intel Chat BotTony Lee
Measuring Risk in 2020 – The Enterprise of Things Security ReportShane Coleman
Mitigate Organizational Risk With Integrated Cyber ResilienceThom Bailey
Priority Intelligence Requirements (PIR) Are Not Just for Threat Intel AnalystsJody Caldwell
SOC Automation: Faster Decision Making and ResponseAndy Skrei
Sophistication Advancements in RansomwareJosh Burgess
The Hunt is On!Matthew Balcer
The Impact of Digital Transformation in the Face of Today’s ThreatsNathan Smolenski
The Need for Speed: Collaborative Strategies for Accelerating Security OutcomesJustin Pagano
Threat Hunting IntelligentlyRyan Cobb
Trends in IOT/OT/mIOTSean Tufts
Understanding the Threat LandscapeGary Sockrider
Using Automation to Secure Your Remote WorkforceKarl Klaessig
Using Threat Metrics for Better Information Security Program Efficacy – Leveraging MITRE ATT&CKBrian Brown
Zero Trust Security Starts With IdentityBaber Amin

Tools Track

Achieving PyRDP 1.0 – The Remote Desktop Pwnage MITM and LibraryAlexandre Beaulieu, Olivier Bilodeau
Automating Intuition: Digging for Gold in Network Data with Machine LearningSerge-Olivier Paquette
BHPD: BlueHound Path DestroyerMathieu Saulnier
Detecting AWS Control Plane Abuse in an Actionable Way Using Det{R}ailsFelipe Espósito, Rodrigo Montoro
PE Tree: How Covid19 Spurred a New Malware Reverse Engineering ToolTom Bonner
Recon – The Road Less TraveledRohan Aggarwal
What’s in Your Pipeline? Ups and Downs of Container Image ScannersShay Berkovich

Career Track

2019

Keynotes

“Welcome to SecTor 2019” – Brian Bourne, Bruce Cowper
Creating a Culture to Foster Collaboration, Creativity, and Critical ThinkingRadia Perlman
Toronto Communities KeynoteBrian Bourne, Nick Aleks, Opheliar Chan, Max Cizauskas, Lee Kagan, Helen Oakley
Made in Canada – the Significance of Canadian Security TechnologyBrian O’Higgins, Stephan Jou, Leo Lax, Leah MacMillan, Michele Mosca
Navigating Cyberspace: Identifying a New Path to Defeating Tomorrow’s AttacksSolomon Sonya

Tech Track

Behind the Scenes: The Industry of Social Media Manipulation Driven by MalwareOlivier Bilodeau, Masarah Paquet-Clouston
Cloud Adoption – Trends and Recommendations for Security TeamsFernando Montenegro
Chip.Fail – Glitching the Silicon of the Connected WorldThomas Roth
Cloud Native Security ExplainedTanya Janca
FAIL Panel: I Quit Securi7yJames Arlen, Rich Mogull, Nick Johnston, Dave Lewis
FLAIR (Fuzzy simiLArIty fRamework)Hossein Jazi
Fuzzing for your Offensive and Defensive TeamsRoy Firestein
Hashes, hashes everywhere, but all I see is plaintextWill Hunt
Internet-Scale Analysis of AWS Cognito SecurityAndrés Riancho
Into the Fog – The Return of ICEFOG APTChi-en Shen (Ashley)
IoT Security: An Insiders PerspectiveLee Brotherston
Major Pitfalls to Avoid in Performing Incident Response in AWSJonathon Poling
Malware in Google Play: Latest tactics used to penetrate the official app storeCorneliu Nitu
One-Person Army – A playbook on how to be the first Security Engineer at a companyKashish Mittal
Poisoned RDP Offense and DefenseDana Baril
Post-Quantum ManifestoPhilippe Lamontagne
Powershell is Dead. Long Live C#Lee Kagan
Profiling Fraudsters from the Darknet to ICQMathieu Lavoie
The SOC Counter ATT&CKMathieu Saulnier
Threat hunting in the cloudKurtis Armour, Jacob Grant
Your phone is using TOR and leaking your PIIMilind Bhargava, Adam Podgorski

Management Track

Beyond Spam: Using CASL to Stop the Spread of Malware in CanadaNeil Barratt
Outrunning the Avalanche of Unmanaged, Un-agentable DevicesNadir Izrael
Quantifying Unknown Risks: Data-Driven Ways to Estimate First-Time Hacks, Emerging Risks, and Rare IncidentsDr. Marshall Kuypers
Securing pipes with TACOsPeter Maddison
The Year in Cybersecurity LawDavid Fewer
The Year of Privacy and Its Effect on Cyber SecurityStanislav Bodrov
Pentesting for Success – Critical Success FactorsRobert Beggs

SECurity FUNdamentals

A Few Things Right: Insights from Live and Simulated Incident Response FailuresChad Calease
How to Build an Insecure System out of Perfectly Good CryptographyRadia Perlman
It’s Never DNS…. It Was DNS: How Adversaries Are Abusing Network Blind SpotsEdmund Brumaghin, Earl Carter
OAuth – Everything You Wanted to Know but Not Really!Elaheh Samani, Kevin Watkins
Serverless Security Top 10 RisksTal Melamed
Surviving a Ransomware Attack – Lessons from the FieldWilfred Farias, Marco Maglaviti
The CIS Critical Controls for Free – Defend all the Things!Rob VandenBrink

Sponsor Track

Advanced security automation made simpleAlbert Kramer
AI, Intelligently. A Current Look into AI in Cyber Security.Robert Falzon
ARUBA + ZSCALER = Better Together Network TransformationBil Harmer, Raja Sundarrajan
Beyond the Ones and Zeros: Aligning Effective Infosec and People Leadership PrinciplesMichael Cole
Catching and Cleaning Phish (for O365)Jim Banach
Chaos, order and the road forward – perspectives on evolving cybersecurityGary Miller
Code Signing: What You Don’t Secure Can Hurt YouRyan Sanders, Jack Palivoda
Data Governance for Risk Reduction and Value CreationNeil Correa
Embracing a Risk Adaptive Approach to Data ProtectionCharles Keane
Enabling Zero Trust with Artificial IntelligenceChris Pittman
Expand your cybersecurity program with complete visibility!Mark Holub
Identity – the Foundation of your Zero Trust ArchitectureRobin Wilson, Madhu Mahadevan
Introduction to Advanced Persistent ThreatsJill Sopko
Key elements to prioritizing security vulnerabilities and risksDarren Chin, Benjamin Li
Modern MDR and Machine-Accelerated Human ResponseKarl Ackerman
Phishing Defense: The Art of Human Intuitive RepulsionJason Meurer
Revitalizing the Scotiabank SOC with Big Data Security Analytics and AutomationRob Knoblauch
Risk Transformation: Plan-Build-Run in a World Without TimeChris Gray
The Race Against the Adversary: How to Win in the Era of the 18 Minute BreachSerge Bertini
The Value of Threat IntelligenceDavid Empringham
Threats and Trends of 2019Austin McBride
Tony Stark and CybersecurityAamir Lakhani
Your Tools are Protecting the Network but What is Protecting the Tools?Matthew Adams

Tools Track

Car Hacking on SimulationRohan Aggarwal
OWASP Find Security Bugs: The community static code analyzerPhilippe Arteau
Step by step AWS Cloud HackingAndrés Riancho
The Tools of a Web App PentesterChuck Ben-Tzur
Use the Tools You Have: Threat Detection and Hunting in AzureDaryl Novak
Using Static and Runtime Analysis to Understand Third-Party ApplicationsGuy Acosta
Visualizing Your Security Posture from Link, to Gateway, and BeyondJoe Cummins

Career Track

Career Panel and Career Fair 2019Nick Aleks, Joe Cummins, Inna Danilevich, Kevvie Fowler, Andrea Stapley, Tom Tran

2018

Keynotes

“Welcome to SecTor 2018” – Brian Bourne
Are We Setup to Fail?Mark Nunnikhoven
Collaborating for a Secure CanadaScott Jones
The Future of Cyber Security – From a Friendly Hacker’s PerspectiveKeren Elazari
Translating a Lifetime of Learning into Cyber Risk ManagementBruce Potter

Tech Track

5G: Security Status and OpportunitiesMarc Kneppers
Alexa, what did I do Last Summer?Vladimir Katalov
ATT&CKing the Command Line and Hunting for MoreEvan Gaustad
Conquering Complexity: Addressing Security Challenges of the Connected VehicleTed Shorter
Deep Learning – Classifying Malicious Websites with Image Recognition ModelsAkbar Qureshi
Don’t @ Me Hunting Twitter Bots at ScaleOlabode Anise
Exploiting Hardware Wallet’s Secure ElementSergei Volokitin
Fail Panel: Revenge of the SixthBen Sapiro, Bruce Potter, Dave Lewis, James Arlen, Nick Johnston
HomeBrew: Developing Your Own (Threat) IntelChris Brewer, Chris Woods
How to Select your Future Hardware Security Module (HSM)Bruno Couillard
How to Spot a Fake: Improve Your Security Operations with Real-world AIStephan Jou
Securing Robots at ScaleTalha Tariq
Security is an Illusion: How I Rob BanksFC aka ‘Freakyclown’
Serverless Infections – Malware Just Found a New HomeShimi Eshkenazi
Smart Contract Vulnerabilities: The Most Interesting Transactions on the Ethereum BlockchainJ. Maurelian, Sarah Friend
The Chrome CrusaderLilly Chalupowski
The Hunt is on! Advanced Memory Forensics Meets NextGen Actionable Threat IntelligenceSolomon Sonya
The New Paradigm of Security ControlsJohn Lambert
Twisted Haystack: Protecting Industrial Systems with Dynamic DeceptionLane Thames
Unblockable Chains – Is Blockchain the Ultimate Malicious Infrastructure?Omer Zohar
Why Memory Attacks are on the Rise and How to Stop ThemJosh Fu

Management Track

Ashley Madison: Cybersecurity in a World of DiscretionMatthew Maglieri
How Identity Management is Transforming Modern BusinessSarah Squire
Integrating Privacy Engineering into Your Security PracticesJohn Wunderlich
ISO 27001 & The GDPRAndrew Clearwater
Turning Your Cybersecurity Toddlers into Warriors!Shira Shamban
Who’s Watching the Watchers? Keeping Your Security Provider HonestMark Sangster
Why Can’t We Build Secure Software?Tanya Janca

SECurity FUNdamentals

25 Techniques to Gather Threat Intel and Track ActorsSun Huang, Wayne Huang
A Peep into the Iron Triangle: IoT Purchasing in a ‘Me First’ SocietyTyler Reguly
Building Bespoke Threat Intelligence Enrichment PlatformsSean Tierney
Make Your Own Cloud Security Monitoring SolutionJohn Ventura
PCI for Pen Testers, Now with 100% More Cloud!Joe Pierini
Pragmatic Cloud Security: The Future is NowMike Rothman
Threat Hunting: From Platitudes to Practical ApplicationNeil “Grifter” Wyler

Sponsor Track

Achieving Secure Digital Transformation: Turning the Dream into RealityDavid Millar
Behavior Analytics and Model Driven SecurityLeslie K. Lambert
Breach Readiness, Mandatory Reporting and You!Danny Pehar
Case Studies in Defending Your Digital EnterpriseMatt Broda
Crowd Sourced Security – Applying the Wisdom of the Crowd to Cyber DefencesJohn “Lex” Robinson
Cybersecurity Evolution/Cost Reduction ParadoxAjay Sood
Developing and Implementing an Effective Endpoint Security StrategyKurtis Armour
Encryption is More than a ButtonAlex Loo
Everything or Nothing: Active Defense in the Corporate World?Aamir Lakhani
From Profit to Destruction: Analyzing Today’s Threat LandscapeEarl Carter
Internet of Things: Is Winter Coming?Robert Falzon
Minority Report: A Predictive “Pre-crime” Approach Requires a Human FocusCharles Keane
On the Eve of Quantum Computing: The Definitive Need for Crypto AgilityChris Hickman
Orchestrate. Automate. Accelerate.Jadon Montero
Reinventing PC & Printer SecurityKurt Lysy
Security Powered by Big DataDavid Soto
Standing Up to Cryptojacking – Best Practices for Fighting BackMatthew Hickey
Streamlining Compliance Programs for Operational SecurityMark Holub
The Human Firewall is on Fire – What Do You Do When the Smoke Clears?Mounil Patel
The Real Deal About AIJosh Fu

Tools Track

Angad: A Malware Detection Framework Using Multi-Dimensional VisualizationAnkur Tyagi
Elytron: Next-Generation Security for Java ServersFarah Juma
Extending Your Incident Response Capabilities with SysmonPeter Morin
Heimdall: Vulnerable Host Discovery and Lifecycle Monitoring ToolkitAndrea Braschi
How much Cyber Insurance Do You Need, or Do You Need it at All?Julien Ducloy
Keyspace Reduction in Mechanical LocksSchuyler Towne
Malboxes: Make Malware Analysis More AccessibleOlivier Bilodeau
Weapons of a Pentester – 2018 EditionNick Aleks

Career Track

Developing Your Career in IT Security (2018)Brian Bourne, Dave Millier, Maxwell Shuftan, Laura Payne, Stephan Jou, Donald Messier

2017

Keynotes

“Welcome to SecTor 2017” – Brian Bourne
Fighting Cyber(in)securityDavid Shrier
Prosperity and Security: A Renewed Approach to Cyber Security for CanadaColleen Merchant
Security and Privacy in a Hyper-connected WorldBruce Schneier
Winning DefenseAllison Miller

Tech Track

“BlueBorne” Explained – New Attack Vector Exposing 5B+ DevicesNadir Izrael
A Deep Dive into the Digital Weapons of Mysterious Cyber ArmyChi-en Shen (Ashley)
Attacking Modern SaaS CompaniesSean Cassidy
Botract – Abusing smart contracts and blockchain for botnet command and controlMajid Malaika
Breaking the Laws of Robotics: Attacking Industrial RobotsStefano Zanero
Disrupting the Mirai BotnetChuck McAuley
FAIL Panel Version 5 – EquiFAIL!James Arlen, Dave Lewis, Ben Sapiro, Rich Mogull
Gitting Betrayed: How agile practices can make you vulnerableClint Gibler, Noah Beddome
Improving Incident Response for ICSDean Parsons
Incident Response and Forensics in AWSJonathon Poling
Lies and Damn Lies: Getting Past the Hype Of Endpoint Security SolutionsLidia Giuliano
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need to Adapt)Chris Thompson
Pwning a Smart Home in Under 10 MinutesAditya Gupta
Reverse Engineering Automotive DiagnosticsEric Evenchick
Rootkits vs Ransomware 2.0. Using evil to fight for goodBoris Rudakov
Securing Shopify’s PaaS on GKEJonathan Pulsifer
The Black Art of Wireless Post-ExploitationGabriel Ryan
The Cyberwar Playbook: Financial Services as Critical InfrastructureJennifer Fernick, Louise Dandonneau
The quantum threat: what really matters today?Michele Mosca, Vlad Gheorghiu
Threat Hunting an Evolving Malware Campaign and the Actors Behind ItJeremy Richards
When Two-Factor Authentication is a Foe: Breaking the iCloud KeychainVladimir Katalov

Management Track

Best Practices to Secure Application Containers and MicroservicesAnil Karmel
Does a BEAR Leak in the Woods? What the DNC breach, Guccifer and Russian APT’s have taught us about attribution analysisToni Gidwani
Establishing the CSIRT Team for The Rio 2016 Olympic GamesRômulo Rocha
GDPR for Canadian Organisations – What you need to know!Bruce Cowper
Leveraging Best Practices to Determine Your Cyber Insurance NeedsDave Millier, Matthew Davies
Power Up/Level Up: Supercharging Your Security Program for Cloud and DevOpsRich Mogull
Your Chance to Get It Right: 5 Keys to Building AppSec Into DevOpsChris Wysopal

SECurity FUNdamentals

After the Incident: DIY Forensic CollectionEugene Filipowicz
Barbarians At The Gate(way): An Examination Of The Attacker’s Tool BoxDave Lewis
Breach Happens: Effectively Responding to a Data BreachIain Paterson
Building Your Own Open-source Android Penetration Testing PlatformAmadeus Konopko, Jean-Paul Mitri
Common Attacks Against Active Directory and How to Protect your Organization Against ThemKevin McBride
Frugal Web Application Testing – Can in-house penetration testing achieve industry standard results while saving you money?Harshal Chandorkar, Natalia Wadden
Top SIEM Use Cases You Should Implement TodayJulian Pileggi

Sponsor Track

Boosting Canada’s Cyber Immune System for Internet HealthMatt Broda
Building a Secure Foundation for the Internet of Things (IoT)John Grimm
Building Your Own Automated Malware Analysis Lab for Insights on Active Threats.Kurtis Armour
Cloud Security is Application Security – Securing the Cloud as a TeamJohn Turner
Cyber Crime and Financial Crime: different sides of the same coinTyson Macaulay
Decoding Cyberespionage from Insider MistakesKen Bell
How to Ramp Up Security Operations to Stop Advanced ThreatsDavid Millar
Hunting Ransomware: Automate protection to get ahead of the next global outbreakSean Earhard
Insider Threat Analytics & Anomalous BehaviorsCarl Miller
Moving Up the Security Maturity Curve – The Sisyphean TaskJamie Hari
Prioritizing Vulnerability Remediation From an Attacker’s PerspectiveBharat Jogi
Privileged Access Security for Hybrid Cloud: Secure Amazon, Azure and Google EnvironmentsWade Tongen
Security Automation and Orchestration That Won’t Get You FiredSyra Arif
Security consideration for Microservices using Container TechnologyRalph Janke
Skin​ ​in​ ​the​ ​Game:​ ​How​ ​Security​ ​Teams​ ​are​ ​Scaling​ ​Through​ ​IT​ ​OrchestrationJen​ ​Andre
Take Best Practices to the Next LevelKen Muir
The Future of PrivacyDavid Fewer
The Power Of IntegrationBrian Read
The Spy in Your PocketBobby Buggs
The State of the Phish and ResponseMike Saurbaugh
Threat hunting demystified – Strengthening risk management through proactive investigation and responseMichael Otto

Tools Track

Chkrootkit: Eating APTs at Breakfast Since 1997Nelson Murilo
Extending BloodHound for Red TeamersTom Porter
Metasploit Community: Tips, Tricks and What’s NewJeffrey Martin
NOAH: Uncover the Evil Within! Respond Immediately by Collecting All the Artifacts AgentlesslyPierre-Alexandre Braeken
Security Training in a (Virtual) BoxMarcelle Lee, Joe Gray
TLS Tools for Blue TeamsLee Brotherston
Weapons of a PentesterNick Aleks

Career Track

Developing Your Career in IT Security (2017)Dave Millier, Eric Belzile, Laura Payne, Mike Murray, Nik Alleyne

2016

Keynotes

“Welcome to SecTor 2016” – Brian Bourne
Defense Against the Dark Arts: Examining, Fixing and Fighting for our Cyber Defenses – Edward Snowden
It’s 2016: What can you do about gender balance in Information Security? – Laura Payne and Co., Alexis Lavi, Andrea Stapley, Julie Leo, Karen Nemani, Marilyn Blamire
Retaking surrendered ground: making better decisions to fight cybercrime – Chris Pogue
Securing Our Future – Mikko Hypponen

Tech Track

[Ab]using TLS for defensive wins – Lee Brotherston
AirBnBeware: short-term rentals, long-term pwnage – Jeremy Galloway
CANtact: Open Source Automotive Tools – Eric Evenchick
Control system security, are we living on luck? – Chris Sistrunk
Crash Course in Kubernetes & Security – Matt Johansen
EventID Field Hunter (EFH) – Looking for malicious activities in your Windows events – Rodrigo Montoro
Hack Microsoft by using Microsoft signed binaries – Pierre-Alexandre Braeken
Hiding in Plain Sight – Taking Control of Windows Patches – Travis Smith
How to build a malware classifier [that doesn’t suck on real-world data] – John Seymour
How To Secure Serverless Applications – Kellman Meghu
Jihadism and Cryptography, from internet to softwares – Julie Gommes
Lessons Learned Hunting IoT Malware – Olivier Bilodeau
Making sense of a million samples per day: Behavior-based Methods for Automated, Scalable Malware Analysis – Stefano Zanero
Open Source Malware Lab – Robert Simmons
Practical Static Analysis for Continuous Application Security – Justin Collins
Purple Teaming the Cyber Kill Chain: Practical Exercises for Management – Chris Gates, Haydn Johnson
RTF Abuse: Exploitation, Evasion and Counter Measures – Devon Greene
Securing Network Communications: An Investigation into Certificate Authorities on Mobile – Andrew Blaich
The State of SCADA on the Internet – Kyle Wilhoit
Utilizing Memory and Network Forensics for Scalable Threat Detection and Response – Andrew Case
WiFi Exploitation: How passive interception leads to active exploitation – Solomon Sonya

Management Track

Cybersecurity in an era with quantum computers: will we be ready? – Michele Mosca
Data-Driven Computer Security Defense – Roger Grimes
Getting Business Value from Penetration Testing – Mark Bassegio, Tim West
How to Rob a Bank or The SWIFT and Easy Way to Grow Your Online Savings – Cheryl Biswas
Introducing G.Tool – A batteries included framework for building awesome GRC tools without wasting money. – Ben Sapiro
Safety Should be the Security Paradigm – Chris Wysopal
Security by Consent, or Peel’s Principles of Security Operations – Brendan O’Connor

SECurity FUNdamentals

All roads lead to domain admin, a part of a presentation series: From breach to C.D.E. Part I – Yannick Bedard
Can massive data harvesting drive down the time to breach detection? – Sean Earhard
Expanding Your Toolkit the DIY Way – Chris Maddalena
IPv6 for the InfoSec Pro on the Go – Allan Stojanovic
Lighting up the Canadian Darknet Financially – Milind Bhargava, Peter Desfigies, Philip Shin
The Power of DNS: Gaining Security Insight Through DNS Analytics – Scott Penney
The Security Problems of an Eleven Year Old and How To Solve Them – Jake Sethi-Reiner
Fail Panel – James Arlen

Sponsor Track

An Effective Approach to Automating Compliance Activities – Dave Millier
Defending Against Phishing: Effective Phishing Incident Response Using Employees, Incident Responders, and Intelligence. – Mike Saurbaugh
Eliminating the Automation and Integration Risks of the “Security Frankenstein” – Chris Pogue
Exposing Ransomware: Intelligent cybersecurity for the real world. – Sean Earhard
Global Encryption Usage is on the Rise! – Si Brantley
Held for Ransom: Defending your Data Against Ransomware – James L. Antonakos
Lessons from the Attack Chain: Bolster Your IR Program – Eric Sun
Network virtualization to enhance context, visibility and containment – Bruno Germain
Next-Gen Now, Outsmarting ransomware, exploits and zero-day attacks – Keir Humble
Overwhelmed By Security Vulnerabilities? Learn How To Prioritize Remediation – Amol Sarwate
Rethinking Threat Intelligence – Danny Pickens
Securing a Cloud-Based Data Center – Peter Cresswell
Stopping the Attacker You Know – Brian Read
The Cyber Security Readiness of Canadian Organizations – Ryan Wilson
The Emerging Era of Cognitive Security – Peter Allor
The Industry Need for Cloud Generation Security – Ryan Leonard
Understanding Ransomware: Clear and Present Danger – Raul Alvarez
Threat Landscape, Technology in action – Robert Falzon
Why Technology is Not the Answer to Cybersecurity – Sean Blenkhorn

Career Track

Developing Your Career in IT Security – Panel

2015

Keynotes

“Welcome to SecTor 2015” – Brian Bourne
Big Data Needs Big Privacy … Enter Privacy by Design – Dr. Ann Cavoukian
IT Security Operations: Successful Transformation – Kristin Lovejoy
Globalization of Cybercrime – Jason Brown
Maturing InfoSec: Lessons from Aviation on Information Sharing – Trey Ford

Tech Track

Automation is your Friend: Embracing SkyNet to Scale Cloud Security – Mike Rothman
Breaking Access Controls with BLEKey – Mark Bassegio and Eric Evenchick
Breaking and Fixing Python Applications – Enrico Branca
Complete Application Ownage via Multi-POST XSRF – Adrien de Beaupré
Confessions of a Professional Cyber Stalker – Ken Westin
Cymon – An Open Threat Intelligence System – Roy Firestein
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing – Alex Pinto
DevOps For The Home – Kellman Meghu
Drug Pump and Medical Device Security – Jeremy Richards
Exploitation Trends: From Potential Risk to Actual Risk – Tim Rains
Hijacking Arbitrary .NET Application Control Flow – Topher Timzen
Incoming Threats At the Speed of Retail – Wendy Nather
Learning To Love Your Attackers – Ryan Linn
Making & Breaking Machine Learning Anomaly Detectors in Real Life – Clarence Chio
Malware Activity in Mobile Networks – An Insider View – Kevin McNamee
Software Defined Networking / Attacker Defined Networking – Rob VandenBrink
Stealth Attack From The Produce Aisle – Todd Dow and Keith Benedict
Stealthier Attacks and Smarter Defending with TLS Fingerprinting – Lee Brotherston
UNMASKING MALWARE – Christopher Elisan
What Google knows about you and your devices, and how to get it – Vladimir Katalov
Xenophobia is Hard on Data: Forced Localization, Data Storage, and Business Realities – Brendan O’Connor and James Arlen

Management Track

Bulletproofing Your Incident Response Plan: Effective Tabletops – Reg Harnish
CISO Survival Guide: How to thrive in the C-Suite and Boardroom – Chris Wysopal
Dolla Dolla Bill Y’all: Cybercrime Cashouts – Benjamin Brown
Make Metrics Matter – Jessica Ireland
The Effective Use of Cyber Ranges for Application Performance and Security Resilience – Train Like You Fight! – Bob DuCharme
There’s no such thing as a coincidence – Discovering Novel Cyber Threats – Jim Penrose
What does it take to deliver the most technologically advanced Games ever? – Enzo Sacco and Quang Tu

SECurity FUNdamentals

Agile Incident Management – Bringing the “Win” Back to Data and Privacy Breach Responses – Robert Beggs
Building an Effective Vulnerability & Remediation Management Program – Dave Millier
Ground Zero Financial Services: Targeted Attacks from the Darknet – Joe Pizzo
Peeling The Layers Of Vawtrak – Raul Alvarez
Preventing Home Automation Security Disasters – James Arlen
Run Faster, Continuously Harden – Embracing DevOps to Secure All The Things – Chayim Kirshen
Security for non-Unicorns – Ben Hughes
The Internet of Bad Things and Securing the Software Defined Data Center – Ian Redden and Marc Edun

Sponsor Track

2015 State of Vulnerability Exploits – Amol Sarwate
Advanced Threat Analytics: Adapt as Fast as Your Enemies – Jasbir Gill and Lanny Cofman
Advanced Threats: Eliminating the Blind Spot – Fahmy Kadiri
Browser and Environment Hardening – Kurtis Armour
Building Better Indicators: Crowdsourcing Malware IOCs – Sean Wilson
Business Backed CVEs – The Major Vulnerabilities of the Past Year – Atif Ghauri and Brad Antoniewicz
Certifi-gate: Has your Android device been Pwned? – Shai Yanovski
Changing the Game of Threat Hunting – Jim Penrose
Detecting the Bear in Camp: How to Find Your True Vulnerabilities – Ryan Poppa
Effective Ways to Tackle Vulnerability Remediation – Dave Millier
Ensuring the Success of Your IAM Project – Jeremy Hanlon
Exposing Advanced Threats: How big data analytics is changing the way advanced threat defense is deployed, managed and measured – Sean Earhard
Insider Threat – The Soft Underbelly of CyberSecurity – Harold Byun
Knowing what happened is only half the battle. – Grayson Lenik
Mitigating the Alert – Impact Prevention in a super active security battlefield – Brian Read
One Ring to Rule Them All – Hardware isolation and the future of virtualization security – Simon Crosby
SIEM and the Art of Log Management – Jeff Pold and Ron Pettit
Taking back Endpoint Control! – John Beal
The State of Software Security – Chris Wysopal

2014

Keynotes

“Welcome to SecTor 2014” – Brian Bourne
New Era Risk Management: Using Information to Predict, Understand and Mitigate Organizational Threats – Ray Boisvert
The Connected Car: Security Throwback – Chris Valasek
The Extinction of Trust – Felix ‘FX’ Lindner
$#!T My Industry Says. . . – Kellman Meghu

Tech Track

ALL YOUR MACS ARE BELONG TO US – Christopher Elisan
Attrition Forensics, Digital Forensics For When the Going Gets Tough and the Stakes Are High – Troy Larson
Corporation in The Middle – Lee Brotherston
Demystifying the mobile network – Chuck McAuley
Document Tracking for Fun, Insight, and Profit – Roy Firestein
Elevator Hacking: From the Pit to the Penthouse – Deviant Ollam and Howard Payne
Cybercrime 101 – Christopher Pogue
Hide it with encryption, display it with performance – Brandon Niemczyk and Prasad Rao
How’d That End Up On Pastebin? – Ryan Linn
Hunting Malware on Linux Production Servers: The Windigo Backstory – Olivier Bilodeau
KickaaS Security with DevOps and Cloud – Rich Mogullsau
Mobile Fail: Cracking Open “Secure” Android Containers – Chris John Riley
Pentesting in SDN – Owning the controllers – Roberto Soares
Play Flappy Bird while you pentest Android in style – Chris Liu and Matthew Lionetti
POS Malware Evolved – Josh Grunzweig
Predictions Panel – Moderated by Bruce Cowper
Reverse Engineering a Web Application – For Fun, Behavior & WAF Development – Rodrigo Montoro and Daniel Cid
Stay Out of the Kitchen: A DLP Security Bake-off – Zach Lanier
The Internet of Fails: Where IoT Has Gone Wrong and How We’re Making It Right – Mark Stanislav and Zach Lanier
The Latest Changes to SAP Security Landscape – Alexander Polyakov
Unmasking Careto through Memory Analysis – Andrew Case

Management Track

Asymmetry in Network Attack and Defense – William Peteroy
FAIL Panel Again! Third time’s the charm – Ben Sapiro, Dave Lewis, James Arlen
Human Metrics – Measuring Behavior – Lance Spitzner
Quantitative Risk Analysis and Information Security: An OpenFair Case Study from BMO – Laura Payne
Re-Thinking Security Operations – Dave Millier and Mike Lecky
Scaling Security in Agile Scrum – Chris Eng
Security Awareness Has Failed: A Suggested New Approach! – Francois van Heerden

SECurity FUNdamentals Track

Covering my IaaS: Security and Extending the Datacenter – Brian Bourne and Tadd Axon
Identity in the Age of the Cloud – Madhu Mahadevan
Pulling back the covers on credit card fraud: A detailed look at financial fraudware. – Chester Wisniewski
So, you want to be a pentester? – Heather Pilkington
Stupid H4x0r Tricks v2.0 – Stupid is as Stupid Does – Chris Pogue and Grayson Lenik
The Things You See (and Application Scanners Won’t) – Chuck Ben-Tzur
What’s Behind “Big Data” and “Behavioral Analytics” – Stephan Jou

Sponsors Track

4 Undeniable Truths about Advanced Threat Protection – Patrick Vandenberg
A New Way to Look at Endpoint Security – IT’s Job in a Connected World – Claudio Damaso and Alex Binotto
Anatomy of a Credit Card Stealing POS Malware – Amol Sarwate
Casting Light on a Dark Web – Aamir Lakhaniaaron
Check Point Compliance Software Solutions “Your Second Set of Eyes” – Scott Tripp
CYDBA: Protecting Your Applications’ Rear End – Josh Shaul
Data protection and Identity Management at cloud scale – Jasbir Gill
The Theory of Cyber Security Evolution: Adopting Continuous Active Threat Protection and Security as a Service – Mark Sangster
Getting Into Mobile Without Getting Into Trouble, A Guide for the Stodgy Old Enterprise – Greg Kliewer
How Scalar is Providing Information Security Services to the TO2015 Pan Am and Parapan American Games – Frederic Dorré
Introducing Recog, an open source project utilizing Sonar data for asset and service identification – Ross Barrett & Ryan Poppa
Next Generation SOC: Building a Learning Security Ecosystem Using HP ArcSight Technology – Matt Anthony
OS Legacy Systems – Alexander Rau
Phishers are Boring Party Guests: The Value of Analyzing Stale, Recycled Phishing Content – Aaron Higbee
Security for the People: End-User Authentication Security on the Internet – Mark Stanislav
SilverBlight – Craig Williams
The Rise of Threat Detection and Response – Lucas Zaichkowsky

2013

Keynotes

“Welcome to SecTor 2013” – Brian Bourne
“How the West was Pwned” – G. Mark Hardy
“Why We Need DevOps Now: A Fourteen Year Study Of High Performing IT Organizations” – Gene Kim
“Crossing the line; career building in the IT security industry” – Keynote Panel
“Tech it out ” – Marc Saltzman

Tech Track

“BIOS Chronomancy” – John Butterworth
“Big Data Security, Securing the insecurable” – Kevvie Fowler
“Malware Automation” – Christopher Elisan
“MILLION BROWSER BOTNET” – Matt Johansen
“RATastrophe: Monitoring a Malware Menagerie” – Seth Hardy and Katie Kleemola
“Software Refined Networking – The Path To Hell Is Paved With Good Abstraction” – Christofer Hoff
“Running at 99%, mitigating a layer 7 DoS” – Ryan Huber
“Popping the Penguin: An Introduction to the Principles of Linux Persistence” – Mark Kikta
“Exploiting the Zero’th Hour: Developing your Advanced Persistent Threat to Pwn the Network” – Solomon Sonya and Nick Kulesza
“Swiping Cards At The Source: POS & Cash Machine Security” – Ryan Linn and John Hoopes
“Cryptographically Isolated Virtualized Networks – A Community of Interest Approach” – Robert Johnson
“.NET Reversing: The Framework, The Myth, The Legend” – Kelly Lum
“CeilingCat IS Watching You” – Shane MacDougall
“Build Your Own Android Spy-Phone” – Kevin McNamee
“Weaponized Security” – Kellman Meghu
“The World’s Deadliest Malware” – Christopher Pogue
“Your own pentesting army complete with air support” – Philip Polstra
“BREACH: SSL, Gone in 30 seconds” – Angelo Prado and Yoel Gluck
“Pivoting in Amazon clouds” – Andrés Riancho
“Fiber Channel – Your OTHER Data Center Network” – Rob VandenBrink
“Needle in a Haystack – Harnessing Big Data for Security” – Dana Wolf

Management Track

“Return of the Half Schwartz FAIL Panel w/Tales from beyond the echo chamber” – James Arlen, Dave Lewis, Mike Rothman and Ben Sapiro
“Building a Security Operations Center – Lessons Learned” – Yves Beretta
“Reacting to Cyber Crime: Preserving Crucial Evidence for Law Enforcement” – David Connors and Stéphane Turgeon
“SDN : Radically New Network Architecture, Same Old Cyber Security Protection ” – Llewellyn Derry
“Data in the Cloud. Who owns it and how can you get it back?” – Dave Millier
“Microsoft Security Intelligence Report, Canadian Edition” – Tim Rains
“FUFW: 5 Steps to Re-architecting Your Perimeter” – Mike Rothman

SECurity FUNdamentals

“CRYPTOGEDDON – Sector 2013 Edition: Online Cyber Security War Game ” – Todd Dow
“Watching the watchers: hacking wireless IP security cameras” – Artem Harutyunyan and Sergey Shekyan
“Threat Modeling 101” – Leigh Honeywell
“Appsec Tl;dr” – Gillis Jones
“Frayed Edges; Monitoring a perimeter that no longer exists” – Mark Nunnikhoven
“Vulnerability analysis of 2013 SCADA issues” – Amol Sarwate
“How they get in and how they get caught” – Schuyler Towne

Sponsor Track

“Beyond the Smokers Entrance – Physical Security Assessments in Hardened Environments” – Mark Baseggio and Jamie Gamble
“Analyzing Exploit Packs: Tips & Tricks” – Mohamad AL-Bustami
“It Takes a Village: Reducing the Threat Gap by Allying with Your Competition” – Michael A Barkett
“The Threat Landscape” – Ross Barrett and Ryan Poppa
“Stopping Cross Contamination with Network Access Control…”The ULTIMATE PATCH” ” – Toni Buhrke
“Enterprise Forensics = new category that focuses on user activity and what drives the business (analytics + behavior) ” – Gary Freeman
“How to Connect Security to the Business” – Jeanne Glass
“Information & Risk Mitigation” – Neils Johnson
“Trust No One: The New Security Model for Web APIs” – Greg Kliewer
“The US Department of Homeland Security’s Software Assurance Enumerations” – David Maxwell
“Enabling Access Assurance and Identity Intelligence for a multi-perimeter world ” – Sridhar Muppidi
“Vulnerability Management Programs and Lessons Learned from the Field” – Bill Olson
“Securing Enterprise Mobility beyond MDM” – Danny Pehar and Ali Afshari
“The Bad Boys of Cybercrime” – Christopher Pogue
“Identity & Access Governance: Key to Security or Completely Useless?” – Jackson Shaw
“Modern Malware and APTs – What Current Controls Can’t See” – Ajay Sood
“Ending the information security arms race with end-to-end encryption” – Jill Walsh
“Fortifying Canada’s Cyberspace: Together” – John Weigelt
“Today’s Cyber Threat Landscape – Prevention is no cure” – Lucas Zaichkowsky

2012

Keynotes

“When Does Lawful Access Become Lawful Surveillance: The Future of Lawful Access in Canada” – Michael Geist
“How NOT to do Security: Lessons Learned from the Galactic Empire”
– Kellman Meghu
“Exploring the NFC attack surface” – Charlie Miller
“Global Efforts to Secure Cloud Computing” – Jim Reavis

Tech Track

“With new technologies come new vulnerabilities” – Chuck Ben-Tzur
“Sploitego – Maltego’s (Local) Partner in Crime” – Nadeem Douba
“Pwned in 60 Seconds – From Network Guest to Windows Domain Admin”
– Zack Fasel
“Hadoop Forensics, Tackling the elephant in the room” – Kevvie Fowler
“The More Things Change: The vulnerabilities that time forgot” – Jamie Gamble
“Poortego: An OS-INT correlation tool for the 99%” – Mike Geide
“Recent Advances in IPv6 Security” – Fernando Gont
“APT ALL THE THINGS: are Mac users no longer safe?” – Seth Hardy
“Monday Night Malware” – Jibran Ilyas & Christopher Pogue
“Conquer the Beast – How to Effectively Manage Open-source Intelligence Outbursts” – Kevvie Fowler and Naveed Ul Islam
“Reversing Patches for Exploit Creation, Pen-Testing or Just Fun!” – Bharat Jogi
“Hunting Carders for fun and profit” – Grayson Lenik
“Hey, I just middled you, and this is crazy” – Ryan Linn
“Hacking .NET Applications: The Black Arts (v2)” – Jon McCoy
“Threat Attribution via DNS” – Gunter Ollmann
“Introducing ‘Android Security Evaluation Framework’ – ASEF” – Parth Patel
“Anti-Forensic Techniques and Countermeasures” – Michael Perklin
“Sniper Forensics: Reloaded” – Christopher Pogue
“Microsoft Security Intelligence Report; Canadian Edition” – Tim Rains
“VMware ThinApp: Does Isolation Trim your Risk?” – Tyler Reguly
and Jordan Powers
“Building Dictionaries and Destroying Hashes Using Amazon EC2”
– Steve Werby

Management Track

“*PT, Chinese cyber-something, the summer of breach and doing it wrong”
– Ben Sapiro, Mike Rothman, Dave Lewis and James Arlen
“Cybercrime in Canada: a Law Enforcement Perspective” – Dave Black
“How I Learned to Stop Worrying and Love the Cloud ” – Chris Carpenter
“The Defense RESTs: Automation and APIs for Better Security” – David Mortman
“Controlling BYOD before it Becomes Your Own Demise” – Mike Rothman
“Microsoft’s Response Process: 10 Years of Hard-Knock Learning”
– David Seidman and Jeremy Tinder
“A Forecast of Data Loss in Canada” – Dave Senf
“BlackHat to Black Suit” – James Arlen
“Network forensics – the orphan child of cyber investigations” – Robert Beggs
“Targeted Malware Attacks – Sophisticated Criminals or Babytown Frolics?”
– Josh Grunzweig and Ryan Merritt
“Introduction to Web Application Testing” – Dave Millier and Assef G. Levy
“Physical Security In Context” – Schuyler Towne
“Inside the Blackhole Exploit Kit (BHEK)” – Chester Wisniewski
“DNSSEC: Securing the DNS and beyond” – Paul Wouters

Turbo Track

“Hitting Above The Security Mendoza Line” – Ed Bellis
“Getting Shells When Metasploit Fails” – Ryan Linn
“Security Organizational Behaviour – making people part of the solution”
– John Proctor
“Forget Malicious Links and Fear the QR Code” – Steve Werby

Sponsor Track

“Life’s a Breach! Lessons Learned from Recent High Profile Data Breaches”
– Ross Barrett
“Web Application Scanning in the SDLC” – Will Bechtel
“Best Practices on building and operationalizing Microsoft SCOM for health and performance monitoring.” – Rodney Buike
“Engineering the Social Animal” – Robert Falzon
“Mobile Security: Protecting your Corporate Smartphones from Malware & Targeted Attacks” – Dennis Fisher
“Face Today’s Threats Head-On: Best Practices for a BYOD World”
– Sangameswaran Manikkayam Iyer
“Exposing Enterprise Services to Mobile Platforms” – Greg Kliewer
“Differences between SOA/XML Gateway and a Web Application Firewall”
– Jason Macy
“Importance of integrating network forensics with host forensics” – Jason Mical
“ACTing Out – Automated Compliance Testing” – Dave Millier
“Microsoft Trustworthy Computing Cloud Security, Privacy, and Reliability in a Nutshell” – Tim Rains
“Using a SIEM Solution to Enable the Business” – Matthew Schnarr
“The Kill Chain and Evolution in Intrusion Detection Mechanisms ”
– Eldon Sprickerhoff
“Threat Intelligence: What makes it smart” – C. Thomas
“The Benefit of a “Research-Driven” IT Security Partner, especially in this day of Modern Malware” – William Tysiak and Elvis Gregov

2011

Keynotes

“Trust me, I am a cloud vendor!” – Bruce Cowper
“Thinking Differently: Bringing the Hacker Mindset to the Corporate Environment” – Joe Grand
“Online Attacks and Espionage by Nation-States” – Mikko Hypponen
“The Bizarre Business of Rogue Internet Pharmacies” – Brian Krebs

Tech Track

“Near Field Communications (NFC) mobile security for those with No F’ing Clue” – Corey Benninger and Max Sobell
“FireShark – A Tool to Link the Malicious Web” – Stephan Chenette
“Weaponizing The Smartphone: Deploying The Perfect WMD” – Nicholas Donarski
“Finding Evil in Live Memory” – Michael J. Graven
“What is an APT without a sensationalist name?” – Seth Hardy
“Time and Place: Finding Evil with Atemporal Time Line Analysis” – Dave Hull
“A Replicant by Any Other Name: A Security Analysis of the BlackBerry PlayBook” – Zach Lanier and Ben Nell
“I’m Your MAC(b)Daddy” – Grayson Lenik
“Progression of a Hack” – Ryan Linn
“Browser Security Face-off: Browser Security Edition” – Paul Mehta and Shawn Moyer
“HTTP Header Hunter – Looking for malicious behavior into your http header traffic” – Rodrigo Montoro
“A Technical View on Cloud Security: How Not To Get Your Undies In A Bunch aka Please Don’t Squeeze The Charmin ” – David Mortman
“SSD: Solid State Drives & How They Work For Data Recovery And Forensics” – Scott Moulton
“Targeted and Opportunistic Botnet Building” – Gunter Ollmann
“Malware FreakShow” – Nicholas J. Percoco and Jibran Ilyas
“Sniper Forensics v3.0: Hunt” – Chris Pogue
“Infosec Sheepdogs: Creating an Abstraction/Translation Layer Between InfoSec and Law Enforcement” – Nick Selby
“How to Survive DDoS the Play at Home Game” – Michael Smith
“Bust a Cap in an Android App” – Patrick Szeto and Maxim Veytsman
“Wireless Hacking Techniques and Tips” – Kent Woodruff
“FACEROUTE: Mapping and Harvesting Social Media Sites” – Rob VandenBrink

Management Track

“Security When Nanoseconds Count” – James Arlen
“It’s Not About the “Warm Fuzzy” – How to Plan for a Comprehensive Penetration Exercise” – Kai Axford
“The Search for Intelligent Life” – Ed Bellis
“Built What? Why The Bad Guys Do It Better” – Sean Bodmer
“Change Happens: CISO Survival Through Adaptation” – Jack Daniel, David Mortman, Gal Shpantzer, Michael Smith and Stacy Thayer
“Everything You Need to Know about Cloud Security (and then some)” – Mike Rothman
“Binary Risk Analysis” – Ben Sapiro

Turbo Track

“OSSAMS, Security Testing Automation and Reporting” – Adrien de Beaupré
“Cubical Warfare, The next Arms Race” – Jason Kendall
“Incident Response Kung fu: Tree Style” – Jason Kendall
“Disc Detainer Locks” – Schuyler Towne

Sponsor Track

“Security Testing” – Areg Alimian
“Walking on the Crocs back – when security measures fail” – Travis R. Barlow
“Mapping The Penetration Tester’s Mind – An introduction to a pentester’s approach to security audits” – Nicholas Donarski
“Detecting The Insider Threat- Finding The Needle in Stack of Needles” – Omar Garcia
“Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests” – Rob Havelt
“Be Ready for IPv6 Migration and Beyond! ” – Cricket Liu
“Evolution of Digital Forensics” – Jason Mical
“Building a GRC Strategy” – Dave Millier
“Anatomy of a Data Breach: Exploring the Current Threat Landscape” – Paul Pinkney
“Cybersecurity, the Law, and You” – Bill Roth
“Think outside the enterprise security box” – John Trollinger
“Information Security and Risk pertaining to smart phone and mobile devices” – Nicholas (Nic) Wetton

2010

Keynotes

SecTor 2010 Introduction – Brian Bourne
“The Problem with Privacy is Security” – Tracy Ann Kosa
“Today’s Face of Organized Cyber Crime: A Paradigm for Evaluating Threat” – Steve Kelly
“Attribution for Intrusion Detection” – Greg Hoglund
“Involuntary Case Studies in Data Security” – Mike Rothman

Tech Track

“SCADA and ICS for Security Experts: How to avoid cyberdouchery” – James Arlen
“Starting an InfoSec Company: Three Founder’s Stories” – Robert Beggs, Dave Millier, Brian O’Higgins and Eldon Sprickerhoff
“Building the DEFCON network, making a sandbox for 10,000 hackers” – David Bryan and Luiz Eduardo
“Dissecting the Modern Threatscape: Malicious Insiders, Industrialized Hacking, and Advanced Persistent Threats” – Brian Contos
“Sharingan – A Ninja art to Copy, Analyze and Counter Attack” – Mrityunjay Gautam
“CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity” – Chris Hoff
“Google’s approach to malware on the web” – Fabrice Jaubert
“IPv6, for worse or better” – Joe Klein
“Metasploit Tips and Tricks” – Ryan Linn
“Inside The Malware Industry” – Garry Pejski
“Malware Freakshow 2010” – Jibran Ilyas and Nicholas J. Percoco
“How I Met Your Girlfriend” – Samy Kamkar
“Into the Black: Explorations in DPRK” – Mike Kemp
“What’s Old Is New Again: An Overview of Mobile Application Security” – Zach Lanier and Mike Zusman
“Into the Rabbit Hole” – Rafal Los
“Black Berry Security FUD Free” – Adam Meyers
“Beyond Exploits: Real World Penetration Testing” – HD Moore
“The Four Types of Lock” – Deviant Ollam
“Sniper Forensics v2.0 – Target Acquisition” – Christopher Pogue
“Web Application Payloads” – Andres Pablo Riancho
“Distributed Denial of Service: War Stories from the Cloud Front” – Michael Smith

Management Track

“Gates, Guards, and Gadgets: An Introduction to the Physical Security of IT” – Kai Axford
“SDL Light: A practical Secure Development Lifecycle for the rest of us” – Marisa Fagan
“Mastering Trust: Hacking People, Networks, Software, and Ideas.” – Pete Herzog
“How Many Vulnerabilities? And Other Wrong Questions” – David Mortman
“Smashing the stats for fun and profit v.2010” – Ben Sapiro
“400 Apps in 40 Days” – Sahba Kazerooni and Nish Bhalla
“How do we prevent, detect, respond and recover from CRM failures?” – Kelly Walsh

Turbo Track

“Cloud definitions you’ve been pretending to understand” – Jack Daniel
“64-bit Imports Rebuilding and Unpacking” – Sebastien Doucet
“Building your own secure U3 launchable Windows forensic toolkit” – Jason Kendall
“Securing your network with open-source technologies and standard protocols: Tips & Tricks” – Nick Owen
“Fuzzing Proprietary Protocols – A Practical Approach” – Thomas Proll
“Barcodes: Read it, Write it, Hack it” – Michael Smith
“BLINDELEPHANT: Web Application Fingerprinting with Static Files” – Patrick Thomas
“OMG-WTF-PDF” – Julia Wolf

Sponsor Track

“Microsoft’s cloud security strategy” – Mohammad Akif
“Do it yourself – Security Assessments made easy and FREE” – John Andreadis
“Crime & Carelessness: Gaps that Enable the Theft of Your Most Sensitive Information” – Ryan Boudreau
“Unidirectional Connectivity as a Security Enabler for SCADA and Remote Monitoring Applications” – Lior Frenkel
“Beyond Aurora’s Veil: A Vulnerable Tale” – Derek Manky
“A Day in the life of APT” – Adam Meyers
“Realize More Value From Your Existing security Tools” – Dave Millier
“Metasploit Pro – An HD Moore Production” – HD Moore
“Culture Shift: Social Networking and Enterprise Environments (Security Risk vs Reward)” – John W. Pirc
“Today’s Reality: Living in Compromise to Advanced Persistent Threats” – Charlie Shields
“By The Time You’ve Finished Reading This Sentence, ‘You’re Infected'” – Eldon Sprickerhoff
“Emerging Threats, The Battle for the Access edge” – Mark Townsend

2009

Keynotes

SecTor 2009 Introduction – Brian Bourne
“Cloudification” – Christofer Hoff
“A day in the life of a hacker…” – Adam Laurie (Major Malfunction)
“Consumer Internet Identity” – Andrew Nash , Paypal
 

Sessions

“To cache a thief | Using database caches to detect SQL Injection attacks” – Kevvie Fowler
“w3af – A framework to own the web – Part 1” – Andres Riancho
“Nsploit: Popping boxes with Nmap” – Ryan Linn
“The GhostNet Story” – Nart Villeneuve
“Smashing the stats for fun and profit” – Ben Sapiro
“Weaponizing the Web: More attacks on User-Generated Content” – Nathan Hamiel and Shawn Moyer
“Towards a more secure online banking… ” – Nick Owen
“Game Over, Man: Gamers Under Fire” – Chris Boyd
“Portable Document Malware, the Office, and You – Get owned with it, can’t do business without it” – Seth Hardy
“Your Mind: Legal Status, Rights and Securing Yourself” – James Arlen, Tiffany Strauchs Rad
“When Web 2.0 Attacks – Understanding AJAX, Flash and “Highly Interactive” Technologies” – Rafal Los
“Crimeware: Web Exploitation Kits Revealed” – Roy Firestein
“DNSSEC deployment in Canada” – Paul Wouters, Norm Ritchie
“Sniper Forensics – Changing the Landscape of Modern Forensics and Incident Response”” – Christopher E. Pogue
“Malware Freakshow” – Nicholas Percoco and Jibran Ilyas
“SSLFail.com Panel Discussion” – Jay Graver, Tyler Reguly, Mike Zusman
“Hacking the Privacy Legislation” – Tracy Ann Kosa
“The Past, Present & Future – SQL Injection” – Jerry Mangiarelli
“Massively Scaled Security Solutions for Massively Scaled IT” – Michael Smith
“Cain BeEF Hash: Snagging passwords without popping boxes” – Ryan Linn
“Consumerization and Future State of Information Warfare” – Robert “RSnake” Hansen
“Retaliation: Breaking Attack Vectors in the Infrastructure” – Jennifer Jabbusch
“Deblaze – A remote method enumeration tool for flex servers” – Jon Rose

2008

Keynotes

SecTor 2008 Introduction – Brian Bourne
David Black – The RCMP National Security Criminal Investigations Program
Lunch Panel: Security in the Real World
No-Tech Hacking – Johnny Long
Baggage: What I took with me when I ‘left’ Computer Security – Stephen Toulouse
 

Sessions

Security and Robustness in Backbone Design – Raven Alder
Exploit-Me for Fun and Profit – Jamie Gamble & Tom Aratyn
Security Heretic: We’re Doing It Wrong – James Arlen
Owning the Users with The Middler – Jay Beale
Pwning the proxy – Dino Covotsos
More SCADA/ICS Security: Findings from the field – Mark Fabro
Double Trouble: SQL Rootkits and Encryption – Kevvie Fowler
Googless – Christian Heinrich
The New New Thieves and Contemporary Security Analysis – Pete Herzog
The Four Horsemen Of the Virtualization Security Apocalypse: My Little Pwnie Edition – Christofer Hoff
Under the iHood – Cameron Hotchkies
Network Security Stripped: From layered technologies to the bare essentials – Jennifer Jabbusch (jj)
RFID Unplugged – 3ric Johanson
New Research on Canadian Privacy Breaches – Tracy Ann Kosa
Metasploit Prime – H D Moore
Ten Things Everyone Should Know About Lockpicking & Physical Security – Deviant Ollam
Advanced Spear Phishing Attack Framework – Joshua Perrymon
Novel Malware Detection – Bruce Potter
Tracking Current and Future Botnets – Matt Sergeant
Finding Cryptography in Object Code – Jason Wright
The Future of Snort: Why it must change for network security to live – William Young

2007

Keynotes

SecTor 2007 Introduction – Brian Bourne
Growing The Security Profession – Dr. Richard Reiner
Zen and the Art of Cybersecurity – Ira Winkler
Defending Layer 8 – Steve Riley
A Law Enforcement Perspective – Carole Bird
 

Sessions

Black Ops 2007: DNS Rebinding Attacks – Dan Kaminsky
Cybercrime, CVEs, OVAL, CME and why you must care! – Gary S. Miliefsky
Data on Threat Evolution – What 47 Leading Security Vendors Are Seeing – Ben Sapiro
DNSSEC: Theory and Worldwide Operational Experiences – Paul Wouters
Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch – Nish Bhalla and Rohit Sethi
Hacking Bluetooth for Fun, Fame and Profit – Dino Covotsos
Hacking Hollywood – Johnny Long
How Close is the Enemy – Kevin G. Coleman
Human Factor vs. Technology – Joanna Rutkowska
Modern Trends in Network Fingerprinting – Jay Graver and Ryan Poppa
NAC@ack – Dror-John Roecher and Michael Thumann
Process Control and SCADA: Protecting Industrial Systems from Cyber Attack – Mark Fabro
Security Challenges in Virtualized Environments – Joanna Rutkowska
Securing Commodity Systems using Virtual Machines – David Lie
SQL Server Database Forensics – Kevvie Fowler
State of the Hack – Kevin Mandia
TCP/IP Perversion – Rares Stefan
The Evolution of Phishing to Organized Crime – Rohyt Belani
Web Application Worms: The Future of Browser Insecurity – Mike Shema
Wireless Security – What Were They Thinking – Brad ‘Renderman’ Haines
You’re Just Not Pretty Enough to Do Investigations – Kai Axford and local law enforcement
 

Sustaining Partners