IN-PERSON

Toronto CISO Executive Summit

December 12, 2023 | Beanfield Centre

December 12, 2023
Beanfield Centre

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Samer Adi

GreenShield
CISO

Patrick Gilbert

Rona
Senior Director, CISO

Sandra Liepkalns

Choice Properties REIT
VP, Information Security & Data Governance

Ranjika Manamperi

Ontario Power Generation
VP Cybersecurity & CISO

Mike Melo

LifeLabs
VP Technology Shared Services & CISO

Ragulan Sinnarajah

Sobeys
VP, Chief Information Security Officer

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Toronto CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

December 11, 2023

evening

December 12, 2023

morning afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Welcome Reception

This is a private reception hosted by and for members of the Toronto/Eastern Canada CISO Governing Body, as well as peers, supporting partners and speakers the evening before our full-day CISO Executive Summit. Join us for an evening of peer networking, dinner and drinks at a Toronto landmark - the Hockey Hall of Fame, located in the heart of downtown Toronto.

7:45am - 8:30am Registration & Breakfast

8:30am - 9:15am Keynote

You Speak, They Swarm — The Power of Story in Reaching Your Audience

Arthur Zards

Thought Leader, TED/TEDx Speaker, Coach & Producer

Speakers want action, not just applause. But busy executives don’t have time to learn complex communication models or esoteric storytelling processes — they need a simple, effective speaking framework that can help them not only connect with any audience, but also elicit real change. Enter the "Swarm Effect."

Join this session with Arthur Zards — a thought leader, TEDster and provocateur — to:

Hone your skills in executive influence
Adopt a more authentic and engaging approach to speaking
Take your next presentation from “understandable” to “compelling"

9:15am - 9:40am Networking Break

9:40am - 10:25am Breakout Session

Our Threats are Your Risks — The Emerging Threat Landscape for Canadian Companies

Terry T

Unit Head, Toronto Region Cyber Investigations Unit

Canadian Security Intelligence Service

Tony Lee

Associate Director, CISO

Apotex

Join this open dialogue with a cyber expert from the Canadian Security Intelligence Service (CSIS) to discuss:

How CSIS views the global and national threat environment, and what they are doing to combat it
Strategies for addressing the emerging threat landscape
How CISOs can build partnerships – with the government and their peers – to improve threat intel sharing

9:40am - 10:25am Executive Boardroom

Lessons Only a Breach Can Teach

Alfio Costantino

Director, IT Infrastructure, Support and Security

Canada Cartage

Ben Blakely

VP, Information Security & CISO

Maple Leaf Foods

Fred Hopper

VP, Security

Giesecke+Devrient Canada

In today's ever-changing threat landscape, data breaches are not an "if" but a "when", even for organizations with mature cybersecurity programs. To navigate a breach successfully and come out stronger, it is essential to communicate to the executive team, the board and regulators swiftly and confidently.

Join this executive boardroom for a candid, peer-driven conversation about:

The reality of breaches and how to learn from them
Fundamental priorities while responding and recovering
The future of cyber breach reporting and recovery

9:40am - 10:25am Executive Boardroom

Securing the Sprawling Endpoint

Mark Pryce

Manager Cybersecurity

Toromont

Clifton Sookdeo

Director Information Security

Element Fleet Management

As enterprises increasingly make access to data more fluid and move assets to the cloud endpoint protection has become vital. These shifting perimeters lack clear definition and require new layers of security through endpoint protection.

Join this executive boardroom to connect with peers on your respective journeys of endpoint management, including concerns over vendor validation, data and asset visibility as well as success and failure stories related to:

Tactics for monitoring a sprawling attack surface of connective devices
Strategies to identify your most vulnerable endpoints
Critical elements of a multi-layer approach to endpoint security

10:25am - 11:00am Networking Break

10:30am - 10:55am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

11:00am - 11:45am Breakout Session

Enabling A Secure Business with a Borderless Data Strategy

Anthony Cammarano

Global VP Security, Privacy & Strategy

Protegrity

Borders come in many forms: geographic, political, cultural, legal, lines of business, third parties, etc. But our increasingly interconnected world has caused some of these previously hard lines to blur. In response, many regulatory bodies across the world have enacted laws governing the data within the borders they do control, leaving global enterprises to navigate a difficult balancing act of complying with a seemingly never-ending sea of red tape and providing enough access to data so teams can operate efficiently and effectively.

Join Anthony Cammarano, Protegrity's Global VP of Security, Privacy and Strategy in this session to discuss:

How some of the world’s largest enterprises are addressing this burgeoning challenge
Real-world examples demonstrating effectively leveraging cross-border and third-party data sharing for advanced AI
Navigating and driving compliance across multiple - and sometimes disparate - data protection laws while maximizing business opportunities

11:00am - 11:45am Breakout Session

Finding Long-Term Success as a Security Leader

Andrew Faber

Director Security Technology Services

Toronto Pearson Airport

Brent Thomas

CISO

Traffic Tech

Being a well-rounded security leader can't be hacked. It takes consistent reflection and reinvention as the role, the industry, the world - and you - evolve. How do you ensure that you are continuing to meet the challenges of the modern security leader, while also making sure the role continues to serve you despite these ever-escalating nature of cybersecurity?

Join this interactive session to discuss:

Identifying common threads of successful security leaders
Building a strong network of support
Sustaining long-term success as a security leader

11:00am - 11:45am Executive Boardroom

Break the Attack Chain — The Importance of Integrated Threat Protection

Brian Reed

Senior Director, Cybersecurity Strategy

Proofpoint

Sohaib Syeed Ahmed

Assistant Vice President, Information Security

First National Financial

Umar Hossain

Global Leader, IT Infrastructure & Operations

Mattr

Raghavendra Kumar

AVP CSOC Detection and Response & Application Security

Hudson's Bay Co

Organizations worldwide are being faced with multistage attacks such as BEC, ransomware, and supply chain, that happen with the same basic steps in the same sequence. It’s been a decade since defenders began referring to this as the attack chain, but the attacks continue to successful with the same tactics, from phishing to Active Directory abuse to data exfiltration. So how do we finally turn the tables on adversaries, and take away what they depend across the attack chain?

Join this interactive round table as CISOs discuss:

Understanding the evolving nature of initial compromises
The art and science of preventing small compromises from becoming big incidents
Reducing your team's workload by using the attack chain to prioritize controls

11:00am - 11:45am Executive Boardroom

Strategic Pitfalls in Third-Party Risk Management

Frank Konig

Sales Director, Canada

RiskRecon - A MasterCard Company

Shakeel Sagarwala

AVP, CISO

Canadian Tire Bank

Paul Min

VP, Technology Operations and Security

Cadillac Fairview

Managing cyber risk across an enterprise IT infrastructure has never been harder. Remote workers, advancing attack methods, and an ever-expanding vendor network are challenging every firm, as total visibility into threats has become nearly impossible. As digital business strategy matures, more organizations are becoming dependent on the cyber posture and protection of third parties. Third-party risks present a unique challenge because you are depending on vendors and partners to operate securely to keep your data and information safe. How are you mitigating the associated risks and demonstrating this to the business to ensure effective security programs?

Join this roundtable session to share and discuss:

Common failings across TPRM programs that led to breach events
How executives can provide strategic direction for third-party risk teams
Key practices being implemented by leading vendor risk firms to maintain strong supply chain risk management

11:45am - 12:30pm Lunch Service

12:30pm - 1:05pm Keynote

Accelerate Secure Digital Transformation with AI/ML and Zero Trust Architecture

Sanjit Ganguli

CTO-in-Residence

Zscaler

New, special demands constantly arise for decision-makers who steer the fortunes of companies. Recently, business success has become linked to IT infrastructure. Seamless and secure connectivity is the key to unlocking innovation and accelerating business outcomes. To reach this state, enterprises are transforming their networks and security to a zero trust architecture augmented by AI/ML capabilities, thereby reducing risk, eliminating cost and complexity and increasing agility.

Join this session and learn:

How zero trust architecture secures users, workloads, IoT/OT devices, and your business partners by addressing critical security shortcomings of legacy network architecture
How to reduce network complexity without exposing your organization to new risks
How AI/ML adds defensive and business analytics capabilities that have the power to turn IT into the engine propelling business success forward

1:05pm - 1:30pm Break

1:30pm - 2:15pm Breakout Session

Prep, Response or Resources — Solving the Puzzle of Threat Remediation

Kees Pouw

CISO

Questrade

Taher Afridi

Deputy Chief Compliance Officer

Marcura

Incidents happen all the time, but not always for the same reason. Sometimes bad actors exploit vulnerabilities. Other times, it's your untested response plan slowing things down. It could be your team's tooling is mismanaged, delaying remediation.

Work with a room of your peers to consider and solve three incident response scenarios in this highly interactive, solution-focused session where you'll:

Discuss the leading challenges of incident response
Consider what you can do to bolster your incident response playbook
Gain perspective and an advantage on the modern threat landscape

1:30pm - 2:15pm Breakout Session

Pulse Check — Benchmarking Security Awareness & Culture

Gennady Duchovich

Head of Cybersecurity

Haventree Bank

Security awareness continues to be a key tool for CISOs in the defense against attacks. Yet, it’s difficult to successfully embed a security culture into your organization and keep at the top of the business agenda year-round.

Join this interactive breakout session to see how your peers feel about the efficacy of their own security awareness and culture programs and participate in an open discussion about:

Making the business case for security awareness and culture initiatives
Developing a strong culture program
Measuring and demonstrating the impact of a strong security culture

1:30pm - 2:15pm Executive Boardroom

Data IS Your Business – How Do You Secure it in the Cloud-Era

Jason Cook

Field CTO Americas

Rubrik

Puroo Maheshwari

CISO, Portfolio Value Creation

CPP Investments

Agnelo Dias

VP, Information Security & IT Risk

IGM Financial

In these times of rapid technological advancement, data stands as the cornerstone of innovation. As we navigate through the information age, it's evident that data residing in the cloud represents the fastest area of growth. To maintain pace with the agility of cloud operations, it is imperative to discover and adopt strategic approaches and robust architectures.

Gather with your C-level peers to:

Start solving the challenge of data visibility in the cloud
Determine who in your organization should own data security (CISO? CDO? CPO?)
Discuss how automation and agility can be accomplished through tooling or processes

1:30pm - 2:15pm Executive Boardroom

Moving Past the Noise — Exploring the Benefits of Generative AI For CISOs

Sandra Liepkalns

VP, Information Security & Data Governance

Choice Properties REIT

Deepak Upadhyaya

CISO, Partner - Digital Tech and Risk

Baker Tilly International

David Jones

Regional Vice President, Solution Engineering

Dynatrace

Generative AI ("Gen AI") is the buzzword of the moment, and it has the potential to bring about transformative changes in the business world. However, it also poses significant risks, such as ad hoc employee adoption that creates new attack surfaces, as well as increased risks to privacy, sensitive data, and intellectual property. Nevertheless, there are ample opportunities for CISOs to capitalize on this AI boom.

Join this boardroom for an open, benefit-focused discussion on leveraging Gen AI to your advantage, including:

Sharing AI uses cases that benefit your cyber team
Striking the balance between security risks and AI innovation
Questioning the limits of where AI can assist your team

2:15pm - 2:50pm Networking Break

2:20pm - 2:45pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:50pm - 3:35pm Breakout Session

Security Show & Tell – Reporting to the Board

Joanne Coles

Vice President, Information Technology & Cybersecurity

Onex

CISOs spend a considerable amount of time and energy quantifying and qualifying security posture for boards of directors/executive leadership. But what if the way risk is being reporting to the board just isn’t resonating? That was exactly the scenario Joanne Coles found herself in when she joined Onex as VP of Information Technology & Cybersecurity.

In this session, Joanne will share highlights, examples and lessons learned along her year-long journey to revamp board reporting, then invite her peers to participate in an open conversation about:

Discovering where and why disconnects are happening
Reviewing, redefining and repositioning risk and security metrics
Using storytelling concepts to ensure reports resonate with the board

2:50pm - 3:35pm Breakout Session

Manual Report – A Simplified Insight Exercise

Mohsen Azari

Director of Cyber Defense

goeasy

In this peer-led session, you’ll weigh in on some of the day’s more prevalent CISO experiences and affirm/deny a few common security maxims.

Join this interactive session and:

Kick start conversations on some of the security field's hottest topics
Consider opposing takes on today’s debated issues
Engage in a friendly debate with your peer leaders

2:50pm - 3:35pm Executive Boardroom

Taking a Data-Driven Approach to Securing Digital Trust

Karim Jessani

Principal: Data & AI Practice / CISO

Kainos

Ray Daoud

Senior Vice-President and Chief Security Officer

CGI

With seemingly constant news of high-profile breaches and increased concerns related to AI and ML, it’s never been more critical for organizations to be able to reassure key stakeholders, customers and employees that they are capable of safeguarding their data and privacy. How can CISOs support and enable the digital processes, interactions and transactions that drive their business, while ensuring that their digital footprint remains secure?

Join this peer-driven roundtable session to discuss and share best practices for:

Establishing a data-centric strategy when protecting your data
Getting more from your existing tech stack to close gaps in your data security strategy
Accelerating visibility, classification, and actionable insight across all types of enterprise data

3:35pm - 4:00pm Break

4:00pm - 4:35pm Keynote

Pivot Points – CISO Stories of Adapting & Adjusting in 2023

Patrick Gilbert

Senior Director, CISO

Rona

Ranjika Manamperi

VP Cybersecurity & CISO

Ontario Power Generation

Sunil Chand

CISO/CSO/Board Advisor

Problem-solving is a core element of cybersecurity, making CISOs some of the best equipped-executives out there to handle adjusting strategies quickly. To close out 2023, members of the Toronto CISO Governing Body Co-Chair group take the stage to share stories about how they have had to change their strategies this year.

4:35pm - 5:00pm Closing Reception & Prize Drawing