Speakers:
Brett Johnson, Former Most Wanted and "The Original Internet Godfather"
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP
Ryan Duquette, Founder and Principal - Cybercrime and Digital Investigator, Hexigent Consulting

Brett Johnson, referred to by the United States Secret Service as "The Original Internet Godfather" has been a central figure in the cybercrime world for almost 20 years. He founded and was the leader of Counterfeitlibrary.com and Shadowcrew.com. Working alongside the top cyber criminals of our time, he helped design, implement, and refine modern Identity Theft, ATO fraud, Card Not Present fraud, IRS Tax Fraud and countless other social engineering attacks, breaches and hacking operations.

Join Johnson and an expert panel to discuss:

• His involvement in online crime;
• The current state of cybercrime, the crooks and the crimes they commit;
• How to avoid being a cybercrime victim.

Speaker:
Gord Jamieson, Senior Director of Canada Risk Services, Visa

The scale of connectedness we're experiencing is unprecedented. The pace of change and technology advancement in recent years could be compared to another industrial revolution. But the connectedness that allowed us to bring the power and security of the Visa network to each transaction in real time, also created the potential for criminals to reach into the payment system from anywhere in the world. This presentation will examine how Visa is securing the future of digital payments.

Speaker:
Chris Eng, Vice President of Research, Veracode

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by breaching a single vulnerability, which could lead to later incidents of breach. To reduce these risks, development and security teams need strategies to tackle the challenge of securing their applications from vulnerabilities in third-party and open source components.

What you will learn:

• Why development teams use components and how components ultimately create greater risk of breach
• How to reduce risk through strategies including component inventories and developer education
• How software composition analysis technologies can help you keep track of your component use and be ready when a vulnerability hits the news

Speaker:
Shawn Taylor, Customer Evangelist, Systems Engineer, ForeScout Technologies

The concept of deploying multiple layers of security controls throughout IT systems was just the first step in the evolution of cyber warfare. Now organizations are equipped with a broad portfolio of tool sets providing a false sense of security.

View this session, which explores:

• The current dynamics of the marketplace
• The challenges of layered security;
• How an in-depth defense strategy can create overconfidence that paves the way for cybercriminals.

Speaker:
Richard Henderson, Head of Global Threat Intelligence, Lastline

We've spent countless hours and dollars getting ready for the arrival of the EU'S GDPR. In the months since, what's actually changed? How have companies reacted? What should we expect going forward in the EU, and in North America? Has it been all bark and no bite? This session will outline how companies dealt with GDPR's arrival, and how other jurisdictions around the world have put the wheels in motion to create their own sharp-toothed legislations in the wake of the EU's changes.

Speaker:
Robert Falzon, Director, Americas International Engineering, Check Point Software

The concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern and individuals will live their lives.

Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest levels of our shared experience. This session will provide a view into what an IoT future will look like, a summary of the cyber risks that such a future could see and present practical security considerations that enterprises can consider when planning their moves towards wide-spread IoT implementation.

Speaker:
Dan Larson, Vice President of Product Marketing, CrowdStrike

This exclusive session delves into details of some of CrowdStrike's most eye-opening breach investigations of the past year, and their implications for organizations of all sizes, regardless of their industry or country of origin. Also: New research on "breakout time" -the time from initial intrusion to the first signs of lateral movement that precede a breach -and what defenders must do to respond before adversaries can press their attack.

Speaker:
Michael Lynch, Chief Strategy Officer, InAuth

Due to the volume of personally-identifiable information (PII) available on the black market as a result of high profile breaches, fraudsters can open an account with a real identity using a few key pieces of compromised information. Fraudsters have also begun creating synthetic identities by piecing together different data elements from multiple sources to create a new identity. The US alone saw a113% increase in incidence of new account fraud since the EMV shift, which now accounts for 20% of all fraud losses.

Financial services companies must take more stringent measures to combat the rise of fraud in the digital channel, yet doing so can cause more friction and inconvenience for customers. On the other hand, customers are looking for enhanced services on the digital channel with a full 70% of checking and 80% of credit card applicants preferring to apply via the digital channel rather than in person. Given this, how can businesses improve risk decisions when little information is known about the end user as with new digital account opening?

This session will discuss how advanced digital intelligence technologies, leveraging device and user data, can help companies offer account opening as a seamless, yet secure experience for consumers in the digital channel.

Speaker:
Denis Ryan, Senior Director, Field Sales-Email Fraud, Proofpoint

As you know, impostor email continues to be a challenge for most security professionals. We are going to discuss the tactics and targets of impostor email via this Email Fraud Workshop breakout. Denis Ryan, Sr. Director of Email Fraud at Proofpoint, will discuss:

• The email threat landscape;
• How to identify potential exposure and how to leverage authentication methods such as DMARC to protect your employees, brand and customers;
• How to secure the perimeter by applying policy to defensively registered domains and identifying open vulnerabilities from look-alike domains.

Speaker:
Gary Sockrider, Principal Security Technologist, NETSCOUT Arbor

Explore the state of DDoS attacks as observed by network and security professionals directly responsible for operating and securing global networks. This session covers a range of issues from threat detection and IR to managed services and staffing . Hear about the daily operational challenges, as well as strategies adopted to address and mitigate them, including the latest attack techniques and current best practices for defense.

• Gain insight on how IoT botnets are built and weaponized;
• Understand the newest threat to enterprise networks;
• Learn how to defend your network from these attacks.

Speaker:
Dr. Matt Kraning, CTO & Co-Founder, Expanse

An in-depth look at the frequency, magnitude, and manner in which modern enterprise networks change and the risks these changes pose, across all F100 FSI organizations. We highlight different technological and organization processes, such as M&A events, cloud migration, IoT deployment, and network misconfigurations that result in unexpected, large, and rapid changes in modern enterprise networks, and how these types of unexpected changes create exposures that have led to large, well publicized breaches. All insights are sourced from data gathered independently of all organizations.

Speakers:
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP
Ruth Promislow, Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

2018 has been an important year in Canada from a cybersecurity and privacy standpoint. The introduction of Canada's new National Cybersecurity Strategy in June of this year along with the upcoming mandatory breach notification requirements effective November 1, 2018 are just the tip of the iceberg. In a complex world where data protection and privacy laws from multiple jurisdictions collide, it's important for organization to have a clear grasp of what's happening in in Canada. This session will provide an overview of recent key developments from a policy, legal and caselaw standpoint.