IN-PERSON

Toronto CISO Executive Summit

June 14, 2022 | Marriott Downtown at CF Toronto Eaton Centre

June 14, 2022
Marriott Downtown at CF Toronto Eaton Centre

Governing Body Agenda Location Partners Contact

Governing Body Co-Chairs

Zaki Abbas

Brookfield Asset Management
SVP, CISO

Samer Adi

Green Shield Canada
CISO

Michael Dundas

Manulife
AVP, Cyber Protection

Sandra Liepkalns

Choice Properties REIT
VP, Information Security & Data Governance

Ranjika Manamperi

Ontario Power Generation
Vice President Cybersecurity & CISO

Mike Melo

LifeLabs
VP Technology Shared Services & CISO

Ragulan Sinnarajah

Sobeys
VP, IT Shared Services & Head of Cyber Security

What to Expect

Interactive Sessions

Hear from CISO practitioners and thought leaders on how they're solving critical challenges impacting your role today in Keynote sessions, and join smaller, interactive discussions with your peers in Breakout and Boardroom sessions.

Community Networking

Make new connections and catch up with old friends in casual conversations during dedicated time for networking designed to better acquaint you with your Toronto CISO community.

Peer-to-Peer Meetings

Connect with like-minded peers in a private, one-on-one setting through Evanta's Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Agenda

June 13, 2022

afternoon

June 14, 2022

morning mid-afternoon afternoon

6:00pm - 8:30pm Governing Body Welcome Reception

Governing Body Private Dinner

On behalf of the Toronto CISO Governing Body, we invite you to "turn back time" with us with an evening of peer networking followed by 1980s-themed trivia games!

Test your knowledge of all things '80s pop culture by participating in a series of trivia-like games covering subjects such as general knowledge, TV and movie clips, pop music hits, iconic automobiles and more! (Walkmans, acid wash jeans, teased hair and leg warmers optional.)

7:30am - 8:15am Registration & Breakfast

8:15am - 9:00am Keynote

Creating and Jumpstarting an Inclusive Culture

Keith Wyche

Vice President, Community Engagement and Support

Walmart

In the wake of major social and political change over the past decade, employers large and small alike have taken steps to increase diversity, equity, and inclusion. Yet despite growing pressure and awareness, progress is slow and most corporate DE&I initiatives are not yet achieving the desired results. With so many steps forward, how come representation still is not where it needs to be at senior levels for almost every diverse group?

Join this session to learn more as Keith Wyche:

Provides real, actionable steps for those who are serious about DE&I, and looking for solutions to improve the experience of Black and other underrepresented groups, colleagues and leaders within the organization
Shares a collection of best practices backed by research and strategies
Provides a roadmap for leaders to create breakthrough change that explores meaningful topics

9:00am - 9:30am Networking Break

9:30am - 10:15am Breakout Session

Leading Through Cyber Crisis — Combating Today’s Emerging Attacks

Rob McLeod

Vice President, Threat Response Unit

eSentire

Ryan Westman

Senior Manager, Threat Intelligence

eSentire

Cybersecurity business leaders must demonstrate vision, agility, and flexibility to build truly responsive security operations capable of combating today’s emerging attacks.

Join eSentire Threat Response Unit (TRU) experts Rob McLeod & Ryan Westman, as they share 3 unique cases of leading through crisis, demonstrating how you too can govern with proactivity and confidence in order to reclaim the advantage over new cyber attack methods.

Case studies and discussions will cover:

How to address targeted and opportunistic threats stemming from global geopolitical tensions
Evolving your defenses to protect the spectrum of ransomware as a service
Containing the impact of aggressive extortion attacks

9:30am - 10:15am Breakout Session

Communicating Risk Through Your Organization

Steve Ferrigni

Chief Information Security Officer and Director of Security

CSA Group

Heloisa Ribeiro

Head of the Cybersecurity Program, Enterprise Information Security

EDC

CISOs aren't just cybersecurity experts with a wealth of experience as practitioners – they're also business leaders. That means being fluent in the technical language of security and risk management isn't enough: CISOs need to know how to effectively communicate and champion security initiatives across all levels of the organization, from technology SMEs to senior leadership and the board.

In this collaborative session, Steve Ferrigni and Heloisa Ribeiro will present a series of real-world risk scenarios and facilitate an interactive discussion on how to systematically evaluate and manage risk and encouraging a culture that embraces risk management across all functions.

9:30am - 10:15am Executive Boardroom

Zero Trust – Hype or Hope?

Phil Fodchuk

National Threat Management Leader

IBM

Davis Arora

Senior Director of Cyber Security

Honeywell

Manas Giri

CISO

WestJet

An organization's ability to achieve successful digital transformation is in large part enabled by the security team. Distributed, loosely connected infrastructure and tools, coupled with the demand for almost any-to-any connectivity, complicates the mission. Regularly defined as being delivered by a single "silver bullet" point solution, the term zero trust is now often held in poor regard. It is however, a highly effective conceptual framework, and perhaps even a cultural shift, that many organizations have been working with for several years.

Join this interactive boardroom hosted by IBM to discuss:

The broader definition of what a zero trust framework is
The foundational control required to build a zero trust program
Strategies for improving the user experience and proving value to get organization-wide acceptance

Executive boardrooms are intimate and interactive sessions designed to foster dynamic dialogue around a specific, strategic topic. These private, closed-door discussions encourage attendee participation and are limited to 15 attendees (seating priority is given to CISOs).

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

9:30am - 10:15am Executive Boardroom

Beyond Initial Intrusion – Defending Against Advanced Threats on the Network

Jappreet Bath

Senior Sales Engineer

ExtraHop

Sandra Liepkalns

VP, Information Security & Data Governance

Choice Properties REIT

Aamir Bhaijiwala

Director Information Security

Chartwell Retirement Residences

Based on Gartner research, 75 percent of cybersecurity budgets go to preventing initial intrusion and only 25 percent on detection and mitigation. However, the real damage to the enterprise happens once the attacker is already inside the network, working their way toward carrying out a costly breach or extortion.

Join this boardroom to discuss:

Key areas to reduce cyber risk and build resilience
The advanced attack techniques that bad actors are forced to rely on and how to spot them
Strategies to increase the speed of detection and mitigation

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

10:15am - 10:45am Networking Break

10:20am - 10:45am Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

10:45am - 11:30am Breakout Session

Third-Party Cyber Risk — Zero-Day Findings and Mitigation

Joel Molinoff

Vice Chairman

BlueVoyant

Managing distributed risk is today’s defining cybersecurity challenge. Mitigation of zero-day vulnerabilities is critical as adversaries exploit supply chain entities. This session explores how to identify all third parties impacted by zero-day vulnerabilities and guide their mitigation efforts. Your vendor, supplier, and partner ecosystem is now your enterprise attack surface.

Join this session hosted by BlueVoyant to learn:

How to manage distributed risk associated with hundreds and even thousands of vendors, suppliers, and partners
Approaches to identify, prioritize, and mitigate active threats and critical/zero-day vulnerabilities
Strategies to reduce supply chain/external ecosystem risk associated with zero-day

10:45am - 11:30am Breakout Session

Actionable Intelligence — Keeping Pace with Relentless Threats

Priya Sirwani

Global CISO

Fiera Capital

Tom Verhoog

Global Information Security Manager

Celestica

Efficiently employing actionable threat intelligence is key to staying ahead of the next wave of threats. A fast-moving threat intelligence program that highlights the latest risks can spell the difference between preventing a breach or becoming the next headline. How can CISOs sift through the deluge of information?

Join this session to hear security leaders discuss:

Pinpointing and using actionable threat intelligence
Better leveraging their peer communities to share threat intel
Keeping up with the evolving nature of today’s threat landscape

10:45am - 11:30am Breakout Session

Data Doesn’t Lose Itself

John Checco

Resident CISO

Proofpoint

Your people are your most valuable asset, your greatest vulnerability, and your best defense. CISOs seeking to prevent data loss from malicious, negligent or compromised users can correlate content, behavior and threats for better insight and streamlined investigations.

Join this session to discuss:

Augmenting your data protection program with the right people and processes
Transforming your employees into effective data defenders
Managing insider threats and preventing data loss at the endpoint

10:45am - 11:30am Executive Boardroom

Defend the Endpoint — Accelerate Recovery

Jeff Worthington

Executive Strategist

CrowdStrike

Dan Di Salvo

VP, Infrastructure & Security Services

Maple Leaf Foods

Jeff Stark

CISO

Fasken

Adversaries are increasingly fast and stealthy, don’t respect time zones or holidays, and often execute damaging intrusions in hours. Every second matters when under attack and the first steps taken in the wake of a threat can determine success or downtime and disruption. How are you ensuring you have the tools and processes to protect your endpoints and the organization from today’s threats?

Join this interactive discussion for strategies to:

Deploy the right endpoint security tools to stop an adversary with speed
Identify resources to appropriately implement, operate and maintain an effective security program
Secure critical applications even in a state of compromise

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

10:45am - 11:30am Executive Boardroom

Elevating AppSec to a Board-Level Discussion

Sohail Iqbal

CISO

Veracode

Sohaib Syeed Ahmed

Information Security Officer

First National Financial

Kush Gidda

Director, Application Security

Zynga

As we’ve all learned (sometimes painfully — or worse, publicly), the open source libraries and resources developers use to build applications faster also come with vulnerabilities that can all-too-easily make it into products. Board members have learned these lessons, too, and now want more frequent updates and insight into security initiatives.

Join this boardroom hosted by Veracode to discuss bringing the AppSec conversation into the boardroom. You'll leave with actionable tips and advice on:

Understanding board members’ concerns and priorities
Presenting information and metrics in a way that board members understand
Getting board buy-in on your plans and budget to stay ahead of the threat landscape and innovation curve

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

11:30am - 11:40am Break

11:30am - 12:30pm Lunch Service

12:30pm - 1:05pm Keynote

Data-Driven Security Can Outpace Threats

Matt Costello

Vice President

Booz Allen Hamilton

Amy Boawn

Principal/Director

Booz Allen Hamilton

Forward-looking organizations understand that data drives everything. Effectively structured and contextualized data creates enterprise-wide visibility that enables organizations to take a proactive approach to security. Failure to embrace a data-driven approach to security risks forgoing significant future revenue growth and leaving your organization exposed.

In this session Booz Allen Hamilton will share how organizations can establish a data-driven culture by:

Building an open architecture with cost-efficient data hubs
Overcoming information overload using data analytics, AI and machine learning
Leveraging talent and technology across security teams to find solutions

1:05pm - 1:20pm Break

1:20pm - 2:05pm Breakout Session

From the Front Lines – The Ransomware Defense Strategies that Worked

Oren Wortman

VP Cyber Security Services, NA

Sygnia

Yotam Meitar

Incident Response Manager

Sygnia

Over the past year, we partnered with more than 100 organizations to defeat ransomware attacks. Join our session to find out what strategies worked for these CISOs, and how you can build on their experience to secure your network. Ransomware attacks have evolved, but if you identify the threat early-on, technologies already in place can eliminate it with no need for additional spend.

Join this session hosted by Sygnia and discover:

Real-world case study: The anatomy of a heavyweight ransomware attack
Key pitfalls commonly overlooked by security teams
Quick wins for preventing ransomware attacks without investing in additional technologies

1:20pm - 2:05pm Breakout Session

Closing the Security Talent Gap

Mike Melo

VP Technology Shared Services & CISO

LifeLabs

Alpha Chan

Staff Sergeant - Cyber Security Lead

Toronto Police Service

Somewhere out there, the next generation of security leaders is maturing. But how can CISOs recruit, train and retain tomorrow’s security executives when today’s talent shortage makes it difficult to fill even the most basic roles? With employee expectations at an all-time high, CISOs are finding that now is the time to get creative.

In this interactive session, Mike Melo and Alpha Chan will share their own experiences sourcing security talent for their organizations and lead an open discussion to hear the challenges and success others are seeing in this increasingly tight labor market.

1:20pm - 2:05pm Executive Boardroom

Security Is a Team Sport

Shamla Naidoo

Head of Cloud Strategy & Innovation

Netskope

Brenda McCulloch

CISO

Teranet

Simon Brown

Senior Director, Cybersecurity & Risk Management

Canopy Growth Corporation

Building trust and resilience across infrastructure and security teams is key to defending the enterprise. As companies execute zero trust strategies, the partnership between CIOs, CISOs, and their teams is more important than ever.

Join this session hosted by Netskope to learn about:

The critical components of a modern zero trust strategy
Proven practices for infrastructure and security collaboration
Improving internal stakeholder relationships to make the right investments and fuel business outcomes

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

1:20pm - 2:05pm Executive Boardroom

You Can Have Both ⁠— Balancing Security and User Experience

Ian Hassard

Director, Product Management

Auth0

Jihad Hazime

Director of DevSecOps & S-SDLC

MarshMcLennan

Waruna Jay

Vice President, Information Technology

Auxly

Today’s threat actors aren’t hacking in — they’re logging in, as attacks on identity systems become more prominent. Traditional access control systems treat legitimate users and attackers the same way ⁠— resulting in unnecessary friction for users, or ease of use for attackers. Historically, companies have been forced to prioritize and compromise between these priorities. Not anymore.

Join us and discuss:

Common attack vectors targeting identity systems
Debunking misconceptions around balancing your security, convenience and privacy
The benefits of upgraded authentication tech (fingerprint, voice authenticators)

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

2:05pm - 2:35pm Networking Break

2:10pm - 2:35pm Peer-to-Peer Meetings

Peer-to-Peer Meetings

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

2:35pm - 3:20pm Breakout Session

Succeeding Amid Rapidly Changing OT Threats

Kyle Miller

Principal

Booz Allen Hamilton

Digital manufacturing and the connected factory are redefining the future. Operational Technology (OT) and Information Technology (IT) are coming together at a speed that challenges the ability of many security teams to keep pace.

Join this session to hear expert insight on:

Lessons learned from executing hundreds of OT cybersecurity assessments
Orchestrating and implementing an OT cybersecurity transformation
Determining how to measure success with metrics that matter

2:35pm - 3:20pm Breakout Session

Stress in Security — An Insidious Insider Threat

Deepak Upadhyaya

CISO, Partner - Digital Tech and Risk

Baker Tilly International

Patrick Gilbert

Sr. Director, Information Security

Lowes Canada

Ranjika Manamperi

Vice President Cybersecurity & CISO

Ontario Power Generation

Within the security function, stress is a given. Between managing vulnerabilities, implementing new solutions, and navigating governance and company-wide risk assessments, it’s not a surprise that security professionals - and especially CISOs - are experiencing such high levels of burnout. What can security leaders do to better support the wellbeing of their teams and ensure their best line of defense against attacks stays strong?

Join this session to hear from a panel of security leaders on:

How to model the work/life balance you want to see on your team
Ways to implement your employee wellbeing strategy
Why trust and openness with your team is key to their mental health

2:35pm - 3:20pm Executive Boardroom

Modernizing Advanced Threats Through Automation

Patrick Vandenberg

Head of Product Marketing

Hunters

Fred Hopper

Vice President, Security, Quality & Process Improvement

Giesecke+Devrient Mobile Security

Craig Newell

VP, Enterprise Information Security

GDI Integrated Facility Services

Between skills shortages and the escalating sophistication of threats, security teams are looking beyond SIEM to overcome data volume, complexity and false positives. CISOs need new approaches to data ingestion and retention, and automation of threat detection/response for increased SOC efficiencies.

Join this peer roundtable discussion, hosted by Hunters, to discuss:

How SOCs are leveraging automation to improve their threat detection, and incident response practices
How to cover the entire attack surface at a predictable, manageable cost for better security outcomes
Ways to incorporate MITRE-ATT&CK and MITRE-D3FEND framework into threat detection and response

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

2:35pm - 3:20pm Executive Boardroom

From Workloads to Identities — Unifying Cloud Management

Eric Kedrosky

CISO

Sonrai Security

Michael Dundas

AVP, Cyber Protection

Manulife

When security and functionality fight, functionality always wins. The pace of innovation and growth in the cloud, combined with increasingly complex business and user needs, demands that security leaders adopt better tools and a new mindset — one that empowers their teams to manage risk at scale.

Join this session hosted by Sonrai Security to discuss:

Why gaining visibility is a growing challenge in multi-cloud
How to help teams more effectively prioritize risks
How to align security solutions to achieve a more unified cloud strategy

To reserve your seat, please contact: Nick Hall at nick.hall@evanta.com.

3:20pm - 3:35pm Networking Break

3:35pm - 4:10pm Keynote

Cybersecurity in Provincial Healthcare — A Collaborative Approach

Kashif Parvaiz

CISO, RSOC Program Director

University Health Network

In response to the rise in cyberattacks on the healthcare sector, the Ontario Ministry of Health launched a province-wide pilot initiative - the Regional Security Operations Centre (RSOC) - to improve the cyber capabilities and maturity level of multiple healthcare organizations across Ontario.

In this session Kashif Parvaiz, CISO of University Health Network and Toronto-area RSOC Program Director, will share how participating healthcare systems have come together to standardize core security capabilities across their organizations and create a cost-effective shared services approach to defending against and responding to cyber threats.

4:10pm - 4:40pm Closing Reception & Prize Drawing

June 13, 2022

afternoon

June 14, 2022

morning mid-afternoon afternoon

We look forward to seeing you at an upcoming in-person gathering

Location

Venue & Accommodation

Marriott Downtown at CF Toronto Eaton Centre

MORE INFORMATION

A block of rooms has been reserved at the Marriott Downtown at CF Toronto Eaton Centre at a reduced conference rate. Reservations should be made online or by calling 1-416-597-9200.

Deadline to book using the discounted room rate of $319 USD (plus tax) is May 26, 2022.

RESERVE ROOM