IN-PERSON

Toronto CISO Community
Executive Summit

December 10, 2018 | Hotel X Toronto

December 10, 2018
Hotel X Toronto

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Zaki Abbas

Brookfield Asset Management
VP, CISO

Samer Adi

Indigo Books & Music Inc.
Head of Information Security & Internal Controls

Ana Andreasian

Dynacare
Director, Tech. Solutions & Svs.

Susan Berezny

Royal Canadian Mint
Director, Information Security

Adam Evans

Royal Bank of Canada
VP, Cyber Operations & CISO

Bobby Singh

TMX Group
CISO & Global Head of Infrastructure Services

Jeff Stark

IGM Financial Inc.
Vice President, Technology Risk and CISO

Stephen Weston

Canadian Tire
VP, IT Governance & CISO

Agenda

December 10, 2018

mid-afternoon morning afternoon

11:40am - 12:50pm Keynote

The Power of Diversity in the InfoSec Stack

Nancy McCuaig

Senior Vice President, Chief Technology & Data Officer

IGM Financial Inc.

Dave Quigley

Chief Superintendent (CIO)

Ontario Provincial Police

Cheryl Biswas

Strategic Threat Intelligence Analyst; co-founder, The Diana Initiative

TD Bank Group

Studies show that a diverse workforce is more innovative and productive. Thus, when it comes to cybersecurity, companies with better diversity in InfoSec will be more secure. Are you effectively benefiting from the strength of diversity in your organization? Join Cheryl Biswas, co-founder of the nonprofit diversity-in-InfoSec group The Diana Initiative, and a panel of IT and security executives in a wide-ranging discussion of best practices in diversifying the InfoSec workforce – and what’s at stake. During this keynote, you will learn:

The current state of diversity in information security and IT
How your peers are addressing this challenge at their organizations
Tools for improving diversity – and security

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

IoT Security and the Intelligent Era

Olivera Zatezalo

Chief Security Officer

Huawei Technologies Canada

At a time when nearly every new device senses, connects to and analyzes the world around it, the pace of disruption for countless industries is only matched by the rapid emergence of a profound cyber threat landscape. Join this session to learn how cybersecurity is rising to meet some of the biggest trends in IoT, including:

An overview of the current IoT landscape across public and private industry
Typical IoT security incidents
A framework for IoT threat resilience
Tangible use cases for IoT security

1:20pm - 2:10pm Breakout Session

Powering the Business with Information Security

Samer Adi

Head of Information Security & Internal Controls

Indigo Books & Music Inc.

Massive seasonal hiring, huge inventory flows and a 40-fold increase in IT system activity – welcome to the holiday season at Indigo Books and Music, where Samer Adi must ensure the capacity of information security enables the overall enterprise at this critical business juncture. Join Adi for this case study of IT and security leadership at Indigo, and learn how your program can be a better partner to the business.

In this presentation, Adi shares:

How Indigo’s security and IT strategy supports unique business challenges
A highlight of key solutions for security of technology and people
His perspective on security’s role as a business partner

1:20pm - 2:10pm Executive Boardroom

Orchestrating Defense With the Power of ‘Cognitive Security’

Rachel Guinto

CISO

Ontario Pension Board

Tom Verhoog

Global Information Security Manager

Celestica

Dave McGinnis

Partner, Security Services

IBM

With limited resources, skills and budgets, security and risk management leaders are looking for automated tools to replace a myriad of manual processes and to stay ahead of the threat landscape curve. Join this peer discussion covering the latest in automation and orchestration, including:

The latest opportunities for automation and orchestration in security.
Benefits from orchestration in both security posture and staff engagement.
How to evaluate what processes should stay manual – or not – at your organization.

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Nick Hall at 971-717-6666 or nick.hall@evanta.com.

7:00am - 7:45am Registration & Breakfast

7:45am - 8:05am Opening Comments

Welcome to the 2018 Toronto CISO Summit!

7:45am - 8:30am Keynote

A New Era of Risk Management at Equifax

Les Stevens

Vice President, Information Security

Equifax

Imagine if you could empower your entire organization to effectively understand, evaluate and collaborate in managing risk. This is the future of risk management at Equifax — join Les Stevens to learn about the transformative impact of a new generation of internal systems, including:

· How employees across the organization can easily contribute to risk metrics
· The benefit of improved understanding of risk and business impact

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

IAM Meets Business Enablement

Joni Brennan

President

Digital ID & Authentication Council of Canada

What would it mean for the Canadian economy if organizations could forego self-managed authentication systems and simply trust — definitively — the digital identity of their users and customers? Joni Brennan discusses latest challenges in IAM and an effort to establish a national digital identity framework, covering:

How security leaders tackle the tension between IAM security and business agility
Emerging technologies transforming identity management
An update on the Digital ID and Authentication Council of Canada’s Pan-Canadian Trust Framework

9:00am - 9:50am Breakout Session

Ensuring the Firewall Follows the Cloud

Jonathan Nguyen-Duy

Vice President, Strategy & Analytics

Fortinet, Inc.

How does the security executive ensure their best practices, controls and protections migrate to the cloud-based server? Maintaining or improving security posture is key to any enterprise that is moving assets to the cloud, and the CISO must find the way to enable business success while still keeping the organization secure. Jonathan Nguyen-Duy will resolve many stumbling blocks in secure cloud migration, sharing:

A security checklist for organizations with cloud-based servers
Tools for communicating cloud security issues with senior executives
A roadmap to benchmark secure migration progress

9:00am - 9:50am Executive Boardroom

Preparing for Tomorrow’s Threat Landscape

Michael Balenzano

Manager, Network Services

Parmalat Canada Inc.

Christine Coz

Sr. Director Operations and Chief Privacy and Security Officer

Hospital Diagnostic Imaging Repository Services

Eric Skinner

Trend Micro Inc.

Nation states, well-oiled criminal hacking groups and AI-enabled attackers – malicious cyber actors are better equipped than ever before, and CISOs face the growing challenge of keeping their organizations secure. Join your peers to discuss the evolving threat landscape in order to stay one step ahead of areas of concern such as:

Defending against malicious actors with effectively limitless resources
Addressing recent high-profile discoveries of malware and vulnerabilities
Detecting threats across an exploding number of endpoints

To reserve your seat, please contact: Nick Hall at 971-717-6666 or nick.hall@evanta.com.

9:00am - 9:50am Executive Boardroom

Data Discovery – Finding, and Protecting, What’s Important

Sandra Liepkalns

CISO

LoyaltyOne

Jeff Stark

Vice President, Technology Risk and CISO

IGM Financial Inc.

Phil Sewell

Strategic Security Archetect

Micro Focus

Understanding the nature of sensitive data held by an organization forms an important foundation for risk-relevant activities such as incident response. Join this peer discussion focused on effective data discovery, anchoring in areas such as:

How is digital transformation impacting the challenge of data classification and discovery?
How are you measuring and communicating risk in respect to data held by your organization? Do your key stakeholders fully understand what’s at stake?
How does your understanding of the data held by your organization form a foundation that links to how you respond in the event of a possible breach?

To reserve your seat, please contact: Nick Hall at 971-717-6666 or nick.hall@evanta.com.

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

A Smart Guide to Threat Intelligence

Alex Foord

Vice President, Information & Technology Services and CIO

Independent Electricity System Operator (IESO)

Robert Gordon

Executive Director

Canadian Cyber Threat Exchange

Through this story of partnership between the Independent Electricity System Operator and the Canadian Cyber Threat Exchange, learn how Canadian organizations can effectively collaborate in the sharing of threat intelligence to reduce their cyber risk. Leave this session with a better understanding of:

The unique Canadian context for threat intelligence
Metrics and outcomes pertaining to effective threat intelligence
Lessons from a partnership between the IESO and the CCTX

10:20am - 11:10am Breakout Session

From Outsource to Insource—a SOC Transition

Simon Brown

Director, Information Security

The Liquor Control Board of Ontario

Before the decision to transition from an outsourced security operations center to an in-house unit, Simon Brown faced the complex task of definitively evaluating which approach was best for his organization. Follow the journey of a successful transition from outsource to insource that is improving security outcomes at the Liquor Control Board of Ontario, and consider how the lessons from Brown’s initiative could apply at your own organization, including:

The weighing of risk appetite, program maturity, talent, cultural and budgetary factors in deciding the right approach
How to quantify what is currently working – and what is not – for your organization’s SOC
Outcomes from the shift to an in-house program

10:20am - 11:10am Executive Boardroom

The Path to Privacy, Security, Compliance and Data Governance

Craig Delmage

CISO

Algonquin College

Terence Lam

Sr. Manager, Information Security

George Weston Limited

Joe Sturonas

CTO

PKWARE, Inc.

Canadian information security leaders must navigate an increasingly complex matrix of national and foreign data privacy regulations, all key hurdles to enabling the success of the enterprise. Can InfoSec leaders lay the groundwork for tackling any sort of current and future regulatory landscape for data governance?

Join this roundtable session to discuss:

The current landscape of data privacy regulation in Canada and around the world
Data classification strategies that can aid compliance, regardless of regulation
How the role of the CISO is evolving in light of global regulatory trends around data governance

To reserve your seat, please contact: Nick Hall at 971-717-6666 or nick.hall@evanta.com.

11:10am - 11:40am Networking Break

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Interactive Session

Workshop—Harnessing the Best In Security Awareness Training

Ana Andreasian

Director, Tech. Solutions & Svs.

Dynacare

Susan Berezny

Director, Information Security

Royal Canadian Mint

Foad Godarzy

Country Manager, IT and Operations

ENGIE Canada

Security leaders often cite "the human factor" as a major vulnerability, and creative ideas abound for the best ways to teach and track security awareness for a diverse range of users and stakeholders. In this interactive workshop, add your voice to the community of ideas for effective security awareness training addressing today's threat landscape and workforce.

This workshop will solicit the latest thinking in three key areas:

How are the participants in security awareness training today different than in the past, and how is this significant?
What creative approaches are currently in use or under consideration for effective training?
What specific metrics are currently used to track the progress and effectiveness of security awareness training, and what might be more effective?

2:30pm - 3:20pm Executive Boardroom

Is ‘Zero Trust’ a Must?

Michael Ball

CISO

Freedom Mobile

Samprati Vishal

Chief Information Security Officer

Grand River Hospital

Dave Lewis

Advisory CISO (for Duo now Cisco)

Duo Security

With the explosion of connected devices, the challenge of effectively governing user access has never been greater. What are the latest tools and techniques for maintaining control in this complex landscape?

Join your peers to discuss:

Whether zero-trust security is the answer for every organization
How to effectively take inventory of devices and permissions on your network
Account management and network segmentation

To reserve your seat, please contact: Nick Hall at 971-717-6666 or nick.hall@evanta.com.

2:30pm - 3:20pm Executive Boardroom

Collaboration – The Key to Data Security Success

Scott Currie

CISO

The Hospital for Sick Children

Arsen Shirokov

Director, Information Governance & Security / CISO

McMillan

Derek Tumulak

VP, Global Product Mgmt.

Thales

CISOs know that data security programs are most efficient when it is collaborative in nature, with each team playing an important part in keeping the business’ crown jewels secure. Is your organization able to effectively work together in order to adjust to evolving digital approaches and increasing data accessibility?

During this peer-discussion discover:

Effective strategies that will keep your organization’s data safe while providing greater flexibility and customization for the business
New data security trends, threats and solutions that can be applied to a variety of industries including finance, retail, and healthcare.
Advances in automated processes that will increase efficiency

To reserve your seat, please contact: Nick Hall at 971-717-6666 or nick.hall@evanta.com.

3:20pm - 3:40pm Networking Break

3:40pm - 4:20pm Keynote

Securing Agile Transformation

Mohsen Azari

Senior IT Security Manager

Walmart Canada

Michael Castro

Former Head of Information Security and Risk Management

Loblaw Companies

Alan McDermott

AVP, Information Security & IT Risk

Economical Insurance

Bobby Singh

CISO & Global Head of Infrastructure Services

TMX Group

In an era of unprecedented technological disruption, organizations are in a race to supercharge innovation through more agile ways of work. Yet just as DevOps methodologies are shaping the future of business, so too are customer expectations that today’s fast-moving digital economies are secure. Join this cross-industry panel to learn how information security leaders are ensuring they have a leading voice in agile transformation, including: