SecTor Review Board

James Arlen is Aiven.io’s CISO bringing a mix of security and engineering background to DBaaS (database as a service). Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations.

James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Aiven.io, James is a Contributing Analyst at the research firm Securosis, blogger/podcaster with Liquidmatrix Security Digest, a frequent speaker at industry conferences, and is a prolific contributor to media and standards including a lead author contribution to the Cloud Security Alliance Security Guidance for Critical Areas of Cloud Computing V4. James holds the CISSP, CISA, and CRISC security certifications.

Opheliar Chan spends most of her time trying to make software security more accessible, pragmatic, and FUD-free, both as the lead of Accenture’s Application Security Advisory Services in Canada, and while moonlighting as co-lead of the OWASP Toronto Chapter. For over a decade, she has focused on application security, SDLC process consulting and implementations, program building, penetration testing/vulnerability assessments, and related. Prior to her career in consulting, she worked in security research, web application development, and technical writing.

You can usually find her in-person at OWASP Toronto Meetups, or at opheliar.chan@owasp.org.

Bruce Cowper is a founding member of the Security Education Conference Toronto (SecTor), the Toronto Area Security Klatch (TASK), the Ottawa Area Security Klatch (OASK) and an active member of numerous organizations across North America. Until recently Bruce worked for Microsoft managing security and compliance programs. Cowper joined Microsoft in 2004 and held several positions at Microsoft Canada before moving to the United States, most recently focusing on global Security Policy and Standards, and managing the Microsoft’s Government Security Program. Today he spends his time consulting on various topics from cyber security to wine and beer making.

Eric Evenchick is a co-founder and Managing Partner at Tetrel Security, specializing in embedded device security and bespoke tool development. His journey into embedded systems began with the development of research vehicles at the University of Waterloo in collaboration with General Motors and the US Environmental Protection Agency.

This experience propelled him into roles involving the development of automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors. Prior to co-founding Tetrel Security in 2023, Eric served as Technical Director at NCC Group and as Principal Research Consultant at Atredis Partners. In these capacities, he conducted security assessments on diverse hardware and software targets, encompassing automotive systems, medical devices, cloud infrastructure, and mobile devices.

Eric holds a Bachelor of Applied Science in Electrical Engineering from the University of Waterloo. He has been a featured presenter at numerous technology and security conferences, including Black Hat, escar, SecTor, ToorCon, NorthSec, and PyCon USA. His work has garnered recognition in publications such as Wired and Forbes. Since 2019, Eric has been delivering training sessions on reverse engineering embedded systems at Black Hat conferences worldwide.

Roy Firestein is a strategist, seasoned hacker and expert in cyber security, business development and project management. He has a background in security, programming, research, management, marketing and sales with a unique ability to manage multi-disciplinary projects while navigating complex cyber challenges. Roy’s passion lies in Big Data and Machine Learning, especially when applied to cyber security. As a multi-linguist of technology-driven business, he speaks fluent geek, marketer, designer, salesperson and investor.

Jamie Gamble’s experience extends across many security disciplines. As a consultant he spent years performing incident response, application security (e.g. code reviews, testing, design reviews) and offensive security (network penetration testing, red team) activities for a large range of clients. He built a threat hunting program at a top 5 North American bank whose scope included both cyber and financial crime. Currently he is leading Threat Defense and Response (Incident Response, Red Team, Detection Engineering and Threat Intel) at a large SaaS company. His involvement in the security community runs deep and has helped organize several security conferences.

Jessica Ireland leads the information security team for the City of London. Prior to her time in the public sector, she worked in the private sector where she managed projects around critical information security processes such as security strategies, risk management governance, policies and technology selection decisions for organizations around the world. Her focus is coaching and empowering the next generation of information security leaders.

With over 20 years of experience in information security, Vicky Laurens is a seasoned leader specializing in cybersecurity and risk management across diverse sectors, particularly within the financial services industry. She has led successful automation initiatives that not only streamlined operations but also resulted in significant cost savings. With a strong commitment to mentoring and developing talent, enhancing cyber security programs, leading regulatory compliance efforts, and fostering a culture of excellence in cybersecurity, Vicky is dedicated to driving strategic initiatives that protect organizations against emerging threats.

Currently serving as Vice President of Security Engineering and Deployment at Scotiabank, Vicky leads a team of experts to implement innovative security technologies for keeping the Bank safe. With a robust educational background, including a master’s degree in systems science, Vicky continues to make impactful contributions to the cybersecurity landscape. In her spare time, she enjoys being active and outdoors.

Dave Lewis has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password.

He is the founder of the security site Liquidmatrix Security Digest & podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory board of Byos.io. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference.

Dave was a DEF CON speaker operations goon for 13 years. Lewis also serves on the advisory board for the SecTor Security Conference in Canada (a Black Hat event) and the CFP review board for 44CON in the UK. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others.

For fun he is a curator of small mammals (his kids), plays bass guitar, grills and is part owner of a whisky distillery and a soccer team.

Kellman Meghu raised their children with a firewall, shamed a large airline into using SSL for check-in, served as front line for the security as some of the biggest corporations went online for the first time, spent 20 years helping every sector define, deploy, and defend their infrastructure, thinks learning a new programming language is a great way to relax on holiday, dreams in key/value pairs, is obsessed with putting everything in containers and is loving every minute of it.

Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 25 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado, a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave sold Uzado in 2019. Dave is currently the CSO of Quick Intelligence, a boutique VAR and cybersecurity consulting company.

Karen Nemani (she/her) is a Cybersecurity Leader with expertise in cloud security, risk and strategy along with 25 years of cybersecurity experience across multiple domains, Karen is a thought leader in cybersecurity as well as a contributing author and mentor. She launched the first International Women in CyberSecurity (WiCyS) Ontario Affiliate that has since received the Women in Cybersecurity 2022 Affiliate Leadership Award and ITWC honoured Karen as one of Canada’s Top 20 Women in Cybersecurity in 2022. As WiCyS Ontario President, Karen works with her leadership team to build community and open doors to cybersecurity opportunities for Canadian women both in Canada and globally. Karen is part of the 2023 WiCyS Conference Program Committee and co-developed the 2023 WiCyS Mentorship Program content and in 2023 WiCyS honoured Karen with a Special Appreciation award for her many community-building contributions.

Maryna Neprosta is a threat research lead experienced in digital forensics, incident response and malware analysis. Maryna has successfully handled more than 100 ransomware investigations, business email compromise cases, data leakage and insider threat events. Even though Maryna’s career started with risk and vulnerability management, proactive security quickly became Maryna’s passion and area of expertise. Occasionally Maryna works on software and web development projects (Python, C, JavaScript, C#) to automate IOC & threat hunting. Besides Maryna’s direct job responsibilities, Maryna is interested in cryptography and never skips a good article on artificial intelligence advancements as it may change our industry drastically in the near future.

Laura Payne has built her career in IT and security over 20 years, starting at one of Canada’s largest financial institutions before moving into consulting, and currently serves as the CEO & Head, Security Consulting at cybersecurity firm White Tuque. Her experience covers a variety of domains, including information security governance and risk, security operations and engineering, and security leadership. She is passionate about bringing people together to solve problems in today’s increasingly complex technical landscape. Outside of work, Laura is actively engaged in mentoring professionals seeking to join the Information Security field, while also volunteering on the Review Board of SecTor, Canada’s largest security conference. In addition, she chairs the Program Advisory Committee for Seneca College’s School of Information Technology Administration & Security. Laura holds an Honours Bachelor of Applied Science in Systems Design Engineering from the University of Waterloo, along with the CISSP, GCED, and GWAPT designations.

Eldon Sprickerhoff devotes significant time as a strategic advisor to infosec startups.

Eldon is best known as a founder of eSentire, a premier Managed Detection and Response infosecurity services company with global operations.

Ways to connect with Eldon:

• X: @TheEldon
• LinkedIn: linkedin.com/in/eldon-sprickerhoff

Gord Taylor is Founder and Principal Consultant at Authoritative Consulting. He is one of Canada’s most sought-after Security and Networking experts, developing and actualizing next generation Security programs for large enterprises and high-growth technology firms.

Gord spent 16 years at one of Canada’s “Big 5” Financial Institutions, serving as resident expert across Information Security, Networking, Distributed Computing, and co-developed the company’s first CSIRT team more than 20 years ago. Since launching Authoritative Consulting in 2012, he has helped enterprise customers, independent software vendors, and service providers to actualize technology and service solutions that work.

A self-proclaimed “geek”, Gord has developed a practical approach to Security that brings cost-effective risk management solutions from promise to practice, drawing from his studies in mathematics and computer science at University of Waterloo and 30+ years of hands-on industry experience. Not afraid to engage in tough conversations, Gord has established himself as one of Canada’s foremost experts in challenging the status quo and driving new value.

Ways to connect with Gord:

• X: @rg0d
• LinkedIn: www.linkedin.com/in/gordt

Tom Tran is a Senior Manager of Offensive Security and cyber security expert who provides expert advice and offensive security services to the Government of Ontario and their various agencies, boards, and commissions.

Tom has always had a passion for the cyber security space since his early BBS days, trading hacking text files on his brand new 386 over his 2400 baud modem. More recently his work involves convincing software companies that getting an NT Authority\SYSTEM terminal is a security vulnerability instead of a feature.

Afeerah Waqar is a Security Response Engineer with a knack for turning threats into clear, actionable solutions. Armed with a diverse array of certifications and a passion for cutting-edge security strategies, she excels at anticipating risks and fortifying defenses in a dynamic digital world. Driven by a deep passion for cybersecurity, she is committed to continuous learning and hard work. She actively seeks opportunities to contribute to and uplift the cybersecurity community, haring knowledge and fostering collaboration to help others find their own space in security. Her dedication extends beyond the technical realm as she engages in mentorship and advocacy to inspire the next generation of cybersecurity professionals. With a proactive mindset and a collaborative spirit, she is always on the lookout for innovative ways to enhance security and drive positive change within the field.