IN-PERSON

Toronto CISO Executive Summit

May 13, 2019 | Metro Toronto Convention Centre

May 13, 2019
Metro Toronto Convention Centre

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Zaki Abbas

Brookfield Asset Management
VP, CISO

Samer Adi

Interac
VP Infrastructure and CISO

Susan Berezny

Royal Canadian Mint
Director, Information Security

Adam Evans

Royal Bank of Canada
VP, Cyber Operations & CISO

Bobby Singh

Toronto Stock Exchange
CISO & Global Head of Infrastructure Services

Jeff Stark

IGM Financial
Vice President, Technology Risk and CISO

Stephen Weston

Canadian Tire
VP & CISO

Agenda

May 13, 2019

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

Building Tomorrow's Defense… Today

Jason Clark

CSO

Netskope

For the last 20 years, security leaders have reactively implemented security solutions that are little more than a layering of outdated products. The result? An inefficient and unnecessarily complex defense. Like the attackers that threaten their enterprises, security leaders must constantly rethink how they approach security in order to stay on top.

In this keynote, Jason Clark challenges CISOs to:

Rethink their approach to enterprise security
Prepare to drive fast-paced change
Build a new security blueprint that can be used for years to come

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

Cybersecurity in the Age of Disruption

Farooq Naiyer

CISO

ORION

From the Internet of Things to blockchain, emerging technologies have the potential to disrupt your organization. How are you preparing to embrace the changes?

Join Farooq Naiyer as he explores:

Disruptive technologies on the horizon and associated risk
Legislation related to these technologies
How to communicate risk with business leaders

1:20pm - 2:10pm Breakout Session

Pen Test Your Board Pitch – An Interactive Exercise

Priya Sirwani

CISO

Aimia

Pitching to the board is a skill that must be mastered. CISOs are tasked to use visuals, communicate business value and synthesize complex information in a way that makes sense. Join this interactive session to identify the holes in your board pitch—and improve them for the next time you’re in the hot seat.

In this interactive session, you will work in a group to:

Create and deliver a board pitch
Receive real-time feedback on your pitch
Learn best practices and strategies for communicating with your board

1:20pm - 2:10pm Executive Boardroom

Identifying the Way Forward in IAM

Andrew Faber

Director of Information Security

Greater Toronto Airports Authority

Chris Russel

CISO

York University

Julie Talbot-Hubbard

Global Vice President and General Manager, Digital Identity & Data Services

Optiv

Effective identity access management is increasing in complexity in today’s digital age. Cloud and mobile workforces necessitate new ways of thinking about how users access your company’s most important data. In this interactive roundtable you will discuss:

Implementing a centralized digital IAM solution
Establishing a roadmap, program and resources for success
Determining the controls required to protect your companies most critical data

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to C-level executives). To reserve your seat, please contact Nick Hall at Nick.Hall@evanta.com or 971-717-6666.

7:00am - 7:45am Registration & Breakfast

7:45am - 8:30am Keynote

The CISO Journey - Setting Yourself Up for Success

Jason Hall

CISO

Enbridge Inc.

Samer Adi

VP Infrastructure and CISO

Interac

The role of a CISO is a lot like the cyber threats they protect against – unique and often unpredictable. How can CISOs set themselves up for success as the role continues to evolve? Samer Adi interviews Jason Hall about his journey – from entering the role to changing industries – and advice on practical ways to set yourself up for success.

This engaging keynote will cover:

Lessons learned that can help guide security leaders
Perspectives on how to navigate today’s security environment
Four pillars that make a successful CISO

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

Digital Transformation at the Speed of Business

Irene Zaguskin

COO & CTO

The Printing House Ltd.

Digital transformation is like trying to change a tire when you’re driving 80 mph down the highway. No one understands this better than Irene Zaguskin, who brought security to the forefront of business strategy and customer experience.

Learn how she is:

Driving the next phase of digital transformation within the organization
Enhancing the customer experience through IoT and automation
Protecting customer, employee, and organization data

9:00am - 9:50am Breakout Session

Network Data – Powering the Modern SOC

John Matthews

CIO

ExtraHop

Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data.

In this session, you will learn:

Current attack practices, including abuse of legitimate traffic and encryption
How hunters hide from attackers to avoid counter IR maneuvers
Ways to make analysts faster and more effective at validating and responding to threats
Options for empowering cross-training and on-the-job training to increase analysts' skills
Clarity on how gaining visibility into cloud and encrypted traffic

9:00am - 9:50am Executive Boardroom

Connecting Security, Risk, and IT to Enable a Best-in-Class Program

Todd Dow

Information Security Officer

First Ontario Credit Union

Juan Valbuena

Director Global Cybersecurity

Yamana Gold

Alison Musci

Governance, Risk and Compliance Specialist

ServiceNow

The breaches of the past few years continue to show us that organizations are overwhelmed and struggling with patching software vulnerabilities. But what if the you were able to properly pinpoint the vulnerabilities that represent the most risk and align these risks with overall enterprise risk?

Join this conversation to discuss:

How security, risk, and IT staff can best work together to locate vulnerabilities and remediate cyber risk
Best practices for strengthening governance, risk, and compliance programs
Effective methods for communicating cyber risk to the BOD

9:00am - 9:50am Executive Boardroom

Holistic Risk Management

Alwyn Christian

Director, Information Security and Management

Alberta Teachers' Retirement Fund Board

Dave Quigley

Chief Superintendent (CIO)

Ontario Provincial Police

Neil Correa

Cyber Strategist

Micro Focus

How do you mitigate risk while simultaneously driving productivity and revenue? CISOs need to not only develop high-level risk management strategies, but also communicate business opportunities through a holistic risk lens.

Join this peer-driven discussion, to learn:

How to define risk within your landscape
Strategies for creating flexible controls that protect the organization
Ways to provide business cases that connect profitability to risk reduction

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

SOAR Above Security Challenges

Augusto Barros

VP Analyst

Gartner

Between skills shortages, the escalating sophistication of threats and alert overload, cybersecurity automation is a must. Augusto Barros demystifies ways CISOs can apply orchestration and automation technologies to increase security operations effectiveness and reduce alert fatigue.

Gain best practices-driven insight into:

How organizations are leveraging SOAR tools to improve their incident response practices
Determine where and how to automate, and what are the prerequisites to make it work
Ways to evolve and scale your playbooks as the threat landscape changes

10:20am - 11:10am Breakout Session

Honeywell’s Journey to Frictionless IAM

Davis Arora

Global Cyber Security Director

Honeywell

Foad Godarzy

Head of IT and OT Canada

ENGIE Canada

From access management and compliance to virtualization and automation, CISOs must build comprehensive identity strategies as nimble as the businesses they support. Join Davis Arora as he shares his experience implementing a frictionless identity solution across Honeywell that impacts 160,000 enterprise users and almost a million customers.

Bring your questions to this interactive session where you’ll learn how Davis:

Made IAM core to the identity of Honeywell
Created metrics to measure program maturity
Automated 90% of requests

10:20am - 11:10am Executive Boardroom

Managing the Convergence of Global Data Regulations

Ian Gacayan

Technical Information Security Leader

Procter & Gamble

Ravi Sivapalan

Director, IT Architecture & Information Security

Enercare

Matt Little

Chief Product Officer

PKWARE, Inc.

Information security leaders navigate an increasingly complex matrix of national and foreign data privacy regulations. GDPR caused organizations to scramble to meet data protection directives and reassess risk management through new compliance reporting requirements and potential exposure to financial penalties. Now California has its own Privacy Act set to come into effect, and it’s one of potentially many different pieces of forthcoming regulation and policy. How can organizations create a unified data protection and compliance strategy that meets conflicting requirements?

In this session, discuss:

The current landscape of data privacy regulation around the world
Best practices for managing risk associated with data protection frameworks
Standards and metrics for measuring data protection risk
Data classification strategies to aid compliance, regardless of regulation

10:20am - 11:10am Executive Boardroom

Harnessing the Power of Behavioral Analytics

Rachel Guinto

CISO

Ontario Pension Board

Jeff Stark

Vice President, Technology Risk and CISO

IGM Financial

Sudhir Udipi

Senior Director, Systems Architecture, CISSP, GCNA, GCFA

Securonix

Behavioral analytics may help IT predict and understand consumer trends, but they can help CISOs understand potential threats—and catch them before they wreak major havoc. So how do you harness analytics to capture the best data?

Join this session to discuss:

Using behavior analytics as a framework for detection and response to advanced threats
Identifying potential insider threats
Taking a risk based approach to prioritize threats that need immediate action

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Expanding the Talent Pipeline

Tracy Dallaire

Senior Director of Technology Integration, Academic

Mohawk College

Growing the security talent pool will require organizations, CISOs and higher education institutions to get creative in how they work together to develop and deploy talent. Join Tracy Dallaire for this interactive session where you will:

Map skillsets to specific cybersecurity roles
Determine strategies to connect organizations to the talent pipeline
Create an actionable plan to guide the development of the next generation of security professionals

2:30pm - 3:20pm Executive Boardroom

The Zero Trust Approach

Jeff Curtis

Chief Privacy Officer

Sunnybrook Health Sciences Centre

Tom Verhoog

Global Information Security Manager

Celestica Inc.

Jon Isernia

Regional Sales Director

MobileIron

Mobile devices and cloud services have dissolved the enterprise IT perimeter. Business data flows freely across a wide information fabric spanning a variety of devices, apps, networks, and cloud services. As traditional network perimeters become obsolete, organizations must address these modern security challenges with a zero trust - “always verify, never trust” approach.

In this boardroom, you’ll discuss:

Redefining security strategies to address a perimeter-less environment
Enforcing corporate security without compromising user experience
Using mobile-centric technology to drive business innovation

2:30pm - 3:20pm Executive Boardroom

IoT – Securing the Modern Gold Rush

Michael Balenzano

Manager, Network Services

Parmalat Canada Inc.

Waruna Jay

Head, Infrastructure Operations and IT Workplace Services Canada

Labatt Breweries of Canada

Deepak Upadhya

VP, CISO

RSM Canada

The number of connected devices is expected to reach 20.4 billion by 2020; thrilling for the consumer and often daunting for the CISO. Security teams are increasingly concerned by risks associated with this modern gold rush but struggle to address it quickly.

In this boardroom, you will learn:

How to securely facilitate IoT development
Effective communication tactics for increased visibility
End user education methods for handling personal data

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Privacy and Security – Addressing Current and Emerging Challenges

Michael Bentley

Senior Director, GRM Cyber and Technology Risk Management

Royal Bank of Canada

Holly Shonaman

Chief Privacy Officer

Royal Bank of Canada

It may not seem like it at times, but your organization’s privacy officers and security teams are all working toward the same objective — ensuring the business achieves its goals, safely and securely. Hear how Royal Bank of Canada’s Chief Privacy Officer, Holly Shonaman, and Senior Director, GRM Cyber and Technology Risk Management, Michael Bentley, work together to create a strong and united front.

In this keynote Shonaman and Bentley share: