IN-PERSON

Toronto CISO Executive Summit

December 9, 2019 | Hilton Toronto Downtown

December 9, 2019
Hilton Toronto Downtown

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Zaki Abbas

Brookfield Asset Management
VP, CISO

Samer Adi

Interac
VP Infrastructure and CISO

Susan Berezny

Royal Canadian Mint
Director, Information Security

Adam Evans

Royal Bank of Canada
VP, Cyber Operations & CISO

Jason Hall

Enbridge Inc.
VP CISO

Bobby Singh

TMX
CISO & CTO

Jeff Stark

IGM Financial
Vice President, Technology Risk & CISO

Stephen Weston

Canadian Tire
VP & CISO

Agenda

December 9, 2019

morning mid-afternoon afternoon

7:00am - 7:45am Registration & Breakfast

7:45am - 8:00am Opening Comments

8:00am - 8:30am Keynote

Executive Presence for Lasting Leadership

Chris Ulrich

Body Language Expert & Political Consultant

Author & Thought Leader

Any given gesture — a nod, a point of the finger — unconsciously communicates powerful ideas and feelings that have tangible consequences. Top executives are generally proficient in their ability to interact with others, but the stakes are raised during high-level negotiations, reporting to the board, inspiring and empowering senior managers or dealing with tricky internal matters.

Join body language expert Chris Ulrich as he shares:

Why every movement and action is magnified in high-level situations
Tools and techniques to build rapport quickly
How executives can communicate more effectively

8:30am - 9:00am Networking Break

9:00am - 9:50am Breakout Session

A Security Operations Roadmap

Adam Evans

VP, Cyber Operations & CISO

Royal Bank of Canada

As cyberattacks continue to worsen security operation centers need to stay ahead of these evolving threats. Join Adam Evans as he shares how RBC is building out a joint security operations center, and how he is breaking down institutional barriers to disrupt cybercrime.

In this session, you will explore:

A roadmap for maturing your SOC
How to effectively understand and implement a data-driven approach
Strategies to build a culture of security and gain executive support

9:00am - 9:50am Breakout Session

Leading Your Board to the Next Frontier — Organizational Analytics

Mike Maziarz

Chief Marketing Officer

SecurityScorecard

Today, boards have a fiduciary duty to know about the cybersecurity risks of their organizations. We’ve all seen how a cybersecurity breach can have harsh consequences not just for the company, but for the CISO. In this session, learn how to take charge of your organization’s cybersecurity health and shine as a CISO with leading-edge analytics.

In this session, you’ll explore how to:

Create a trusted dialogue with your board by providing transparency into cybersecurity posture of your entire risk ecosystem
Educate, influence, and get buy-in for cybersecurity investments with predictive insights
Use organizational analytics to develop crystal-clear reporting to enable the board to make informed decisions about budget, people, and tools
Turn your organization’s cybersecurity posture into a differentiator

9:00am - 9:50am Executive Boardroom

Next-Generation Cloud Security

Blair Radbourne

Vice President, Cybersecurity & Technology Risk

OMERS

Deepak Upadhya

VP, CISO

RSM Canada

Stewart Cawthray

Associate Partner, North American Security Services

IBM

As organizations increasingly turn to cloud-based services, security leaders face the immense challenge of ensuring the enterprise’s data remains secure. Join this session to learn the emerging best practices your peers employ to secure the cloud.

In this boardroom we’ll discuss:

Automation, orchestration, AI and machine learning strategies
Nuances for hybrid on- and off-premise systems
Ways to incorporate security into your cloud strategy

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs). To reserve your seat, please contact your event Program Manager, Nick Hall at +1-971-717-6666 or Nick.Hall@evanta.com.

9:00am - 9:50am Executive Boardroom

The People Problem — Security Awareness Training

Foad Godarzy

Head of IT and OT Canada

ENGIE Canada

Gary Smith

VP, Enterprise Tech Relations

EllisDon

Adam Zimmerman

Director, IT Security

Cineplex

Even as security tools become increasingly advanced, the biggest vulnerability in a company continues to be its people. With attacks on the rise, executives must make employee training even more sophisticated.

In this boardroom, you’ll:

Explore innovative ways to take your security awareness program to the next level
Determine how to evaluate the level of training needed
Identify key training components and methods of measuring their efficacy

9:50am - 10:20am Networking Break

10:20am - 11:10am Breakout Session

Reporting Cyber Business Risk to the Board — A Quantitative Approach

Robert Fritz

Director, Cybersecurity

Emera Inc.

Finding metrics that make sense to measure security program success — and make sense to non-technical people — is a challenge, and success is rare. Join Robert Fritz as he shares best practices, he’s seen work well in companies he’s led through security metrics transition, and how it has transformed the way those companies view risk in the business.

In this session, explore strategies to:

Develop clear, concise, and actionable security metrics
Secure organization wide buy-in — from the board down
Create a fully transparent metrics program

10:20am - 11:10am Breakout Session

Incident Detected! — What’s the Worst That Could Happen?!

Joan Ross

Field CISO

Fortinet, Inc.

Join Joan Ross as she exemplifies what a CISO is up against during a cyber-incident response event. She’ll walk through the internal functions of a security team tasked with protecting sensitive information. Better than a murder mystery event because no one dies!

During this session you will:

Discuss the indicators of an attack
Better understand the warning signs and deceptions
Determine if your organization is the target of malicious actors

10:20am - 11:10am Executive Boardroom

Translate Complex Cybersecurity Issues Into Simple Business Context

Simon Brown

Sr. Manager, IT Security & Risk Management

Weston Foods Inc.

Terence Lam

Senior Security & Compliance Officer

Aecon

Evan Tegethoff

Director, Engineering and Consulting

BitSight

It is much easier now to determine what’s important, dangerous and real in your third party ecosystem. Yet, as hacks continue to threaten data and business continuity, the old school of thought around securing the enterprise is no longer relevant.

This boardroom will explore:

Layering traditional tools and new strategies to define goals and deploy resources
Communicate to the board through a holistic risk lens
Developing clear business cases connecting business profitability to risk reduction

10:20am - 11:10am Executive Boardroom

Preparing for Tomorrow’s Big Security Trends

Zaki Abbas

VP, CISO

Brookfield Asset Management

Ben Blakely

Vice President & Chief Security Officer

Hydro One

Susan Berezny

Director, Information Security

Royal Canadian Mint

With 2019 drawing to a close, it is time for CISOs to start preparing for what coming in 2020. However, the future threat landscape is as difficult to predict as a cyber-attack. Join this discussion with your peers as they dive into security trends to expect in the new year.

In this discussion, you will explore:

Lessons learned in 2019
Strategies to protect against the evolving security landscape
Key insights into future cyber trends

10:20am - 11:10am Breakout Session

Office Hours with Chris Ulrich

Chris Ulrich

Body Language Expert & Political Consultant

Author & Thought Leader

What does your body language say about you? What shifts might you make to change how others perceive you? Join this special one-on-one 25-minute session exclusively for Governing Body members with body-language expert, Chris Ulrich for candid feedback on your in-person and online body language. Sessions are 25-minutes and pre-registration is required.

Please contact Jenny Kinsman, Content Manager, if you're interested in this exclusive session.

11:10am - 11:40am Networking Break

11:40am - 12:20pm Lunch & Comments

12:20pm - 12:50pm Keynote

The Mandate for Secure Cloud Transformation

Stan Lowe

Global CISO

Zscaler

Ben Sapiro

Global CISO

Great-West Life Assurance

The new way of work is remote, mobile-first, and cloud-based. Employees expect instant, secure access to applications, information, and resources. Meanwhile, threats proliferate, VPNs lag, hardware costs rise, and little is truly secure. Hub-and-spoke networks employing castle-and-moat security are no longer tenable, and leaders that cling to legacy architectures put enterprises at risk. Ben Sapiro joins Stan Lowe on stage to present Secure Cloud Transformation, a practical cybersecurity approach that prioritizes security and user performance to align with today’s way of working.

In this session, we'll discuss how enterprise IT leaders can:

Improve customer digital experience while safeguarding sensitive information
Increase user performance while minimizing risk
Drive revenue and scalability while controlling costs

12:50pm - 1:20pm Networking Break

1:20pm - 2:10pm Breakout Session

AI and Cyber Security — A Radical Evolution

Mohsen Azari

Senior IT Security Manager

Walmart Canada

As a tool for better protection or a new malware menace, artificial intelligence stands to dramatically transform the world of information security. Join Walmart Canada’s Mohsen Azari to learn some key areas where the machine learning revolution is impacting the role of the security leader, covering:

How AI can empower security’s role in an agile organization
The risks of malicious actors wielding advanced AI technology
How to balance the interplay of human workers and AI systems
An overview of some real-world experimental AI security projects

1:20pm - 2:10pm Breakout Session

Digital Risk Explosion — Managing Risk in a Hyper-Outsourcing World

Tom Bain

Senior Vice President, Marketing

RiskRecon

Ryan Spelman

Senior Manager

Duff & Phelps

Digital transformation has dramatically transformed the enterprise risk surface, automating a vast array of processes while outsourcing a vast array of systems and services. Through this frenetic reshaping, few organizations truly understand the nature of their new risk reality and how to successfully manage it.

In this interactive discussion we will:

Explore the true nature of the enterprise cyber risk surface
Discuss threats and regulations driving organizations to better manage their extended enterprise
Share insights on how to better manage third-party risk (hint: good data!)

1:20pm - 2:10pm Executive Boardroom

Strengthening Your Security Operations Center

David Dowe

Manager, Information Security and Privacy

Trillium Health Partners

Isaac Straley

Chief Information Security Officer

University of Toronto

Olivera Zatezalo

Chief Security Officer

Huawei Technologies Canada

Marcia Sequeira

Country Manager

Trend Micro Incorporated

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they will try another. Therefore, when managing incidents for your enterprise, it is critical to ensure that threats and attacks are properly identified, analyzed, communicated, defended, investigated and reported.

During this boardroom discussion on cyber operations, discover:

How to develop effective principles and procedures for security operations centers
The best way to identify events and incidents in the environment
How to create effective communication and reporting strategies for the entire organization

1:20pm - 2:10pm Executive Boardroom

Board Communication — Translating Insight Into Action

Rachel Guinto

AVP Global Information Risk Management

Manulife Financial

Fred Hopper

Vice President, Security, Quality & Process Improvement

Giesecke+Devrient Mobile Security

Nabeel Yousif

Director Information Security (Head of Info. Sec. and IT Compliance)

goeasy

Unlike the CISO role of just a few years ago – where many could still focus heavily on the bits and bytes – today’s security leader is also expected to be a business leader. Uncover strategies with your peers to help you become fluent in the languages of risk, finance and strategy, and to effectively convey your message, including:

How to educate your board on cybersecurity so they become champions for security in your company
What the board really wants to hear from CISOs
Which metrics will help you craft a compelling story that inspires action

1:20pm - 2:10pm Breakout Session

Office Hours with Chris Ulrich

Chris Ulrich

Body Language Expert & Political Consultant

Author & Thought Leader

Please contact Jenny Kinsman, Content Manager, if you're interested in this exclusive session.

2:10pm - 2:30pm Networking Break

2:30pm - 3:20pm Breakout Session

Welcome to the Solution Room – A Data Governance Workshop

Sandra Liepkalns

CISO

LoyaltyOne

What if, every time you had a data governance dilemma, you had a room full of CISOs to bounce ideas off of? Welcome to that moment. Bring your trickiest question and get ready for an engaging conversation.

In this interactive session, you will:

Discuss your biggest information governance challenges
Strategize ways to align data standards within your organization
Exchange ideas on how to balance governance with operational priorities

2:30pm - 3:20pm Breakout Session

Understand the Risks of Today to Avoid Future Misfortune

Mike Bruchanski

Senior Director of Product Management

BlackBerry Cylance

The traditional concepts of network boundaries, data access, and end-user computing devices are rapidly evolving. Be prepared today, to avoid the risk of bad days in the future.

In this talk, we will discuss the next five years of security risks including:

Endpoint proliferation and the new gaps you may not be seeing
Controlling your data in a borderless environment
Hunting threats from a thermostat to a server

2:30pm - 3:20pm Executive Boardroom

DevSecOps — The Agile Approach to Security

Keith Benedict

Director IT Security, Audit and Compliance

Postmedia Network Inc

Lorri Larstone

Senior Manager, Cyber & Technology Risk

Canadian Tire Financial Services Limited

Vishal Sharma

Global Security Lead

Blackhawk Network

Security from the start and better collaboration are the keys to effectively reducing risks posed to an organization. With DevSecOps methods and principles, security controls can help organizations react faster to attacks.

In this session, learn:

How DevSecOps changes the security team mindset
The benefits of a DevSecOps approach
How to implement DevSecOps in your organization

3:20pm - 3:40pm Networking Break

3:40pm - 3:50pm Closing Comments

3:50pm - 4:20pm Keynote

Battling Today’s Global Privacy and Security Threats

Brent Homan

Deputy Commissioner, Compliance

Office of the Privacy Commissioner of Canada

The emergence of data-driven business models and ever-expanding uses of personal information has had a revolutionary impact in defining today’s digital economy. But as innovative as this digital era has proven, just as innovative are the cyber-risks that threaten its very integrity and vitality. From global breaches at Equifax and Ashley Madison to the attack on the World Anti-Doping Association, to the Facebook Cambridge Analytica scandal, Brent Homan will:

Reveal the latest privacy trends
Illustrate threats that each organization today faces
Explore dynamic security measures that companies must adopt to avoid becoming the next big international headline

4:20pm - 5:00pm Closing Reception & Prize Drawing