Register Now
October 23-26, 2023 Metro Toronto Convention Centre

SecTor Executive Summit

In-person only Event

Wednesday, October 25, 2023

Location

MTCC Level 700, Room 715 A & B


Canada's Premier CISO Event

SecTor Executive Summit offers CISOs and other cybersecurity executives an opportunity to hear from industry experts helping to shape the next generation of information security strategy. The program dissects the latest technologies designed to stay ahead of sophisticated adversaries and provides a peek into future platforms; we'll outline the next-level skills and strategies CISOs need to bolster their relevance and discuss the latest techniques for maintaining a proactive approach to data protection.

We carefully curate the list of who’s invited and ensure the day is of utmost value to each attendee.

If you would like to participate in the 2023 Executive Summit and believe that your role qualifies you as an enterprise CISO, please fill out the form below. Your status will be reviewed, and you will receive further instructions.


Application Portal

Apply Now

All applications will be reviewed by SecTor management, and notifications will be sent to applicants. Attendee guidelines are located within the application form.


*Please note: In order to create an open and candid environment that promotes the sharing of ideas, thoughts, and discussion, the Executive Summit will follow Chatham House Rule; neither media nor event coverage is permitted. This program is designed for executive security practitioners. Solution providers, consultants, and vendor attendees are not permitted, with the exception of event sponsors.


Agenda

Wednesday, October 25

8:00 – 8:50 AM Networking Breakfast
8:50 – 9:00 AM Welcome and Introductions
  • Laura Payne

    Laura Payne has built her career in IT and security over 20 years, starting at one of Canada’s largest financial institutions before moving into consulting, and currently serves as the Chief Enablement Officer & VP Security Consulting at cybersecurity firm White Tuque. Her experience covers a variety of domains, including information security governance and risk, security operations and engineering, and security leadership. She is passionate about bringing people together to solve problems in today’s increasingly complex technical landscape. Outside of work, Laura is actively engaged in mentoring professionals seeking to join the Information Security field, while also volunteering on the advisory board of SecTor, Canada’s largest security conference. In addition, she chairs the Program Advisory Committee for Seneca College’s School of Information Technology Administration & Security. Laura holds an Honors Bachelor of Applied Science in Systems Design Engineering from the University of Waterloo, along with the CISSP, GCED, and GWAPT designations.


9:00 – 10:00 AM Keynote: The New Canadian Internet: How New Rules Are Transforming the Online World and What You Can Do About It

This will be streamed in the room from the Briefings Sessions

10:05 – 10:40 AM Cybercrime in 2023 and Beyond
  • Bhojraj Parmar

    Bhojraj Parmar is a manager at Mandiant Consulting, where he works with executives across governments and critical, national infrastructure organizations.

    Before joining Mandiant in 2019, Bhojraj led cyber security for the largest electricity and gas distributor and smart meter infrastructure provider in New Zealand with a growing presence in Australia.

    He’s worked in the IT industry for 21 years, the last 14 of which focused in cyber security, helping establish and implement security programs and responding to cyber crisis events across Government, Non-Profit, Energy and Finance sectors.


10:45 - 11:00 AM

We Talk the Talk, but Do We Walk the Walk? Tracking Your Vulnerability Remediation Program

In the field of cybersecurity, confidence often outpaces reality. The presentation delves into the essential aspects of tracking vulnerability remediation programs, highlighting the gap between security claims and actual facts. It sheds light on the challenges both IT and security teams encounter in this rapidly evolving digital ecosystem. By offering insights into this changing landscape, the vulnerability management process, and the significance of well-chosen KPIs, this presentation empowers the audience with valuable insights. Its goal is to bridge the divide between mere rhetoric and the actual state of affairs in cybersecurity endeavors.

  • Josh Hankins, Qualys

    Chief Technical Security Officer

    Qualys

    Josh Hankins has over 25 years of experience within the IT field. From the mid '90s to 2006, he worked as a network engineer and held the CCNP certification for 20 years. Since 2006, he worked in various roles within the cybersecurity profession, such as security architect, analyst, engineer and incident handler. These roles spanned businesses ranging from a Fortune 500 financial institution, a credit card processor and a global consulting company. During his tenure as a security leader, Josh successfully built and matured several cyber security programs such as: Vulnerability Management, DevSecOps, Incident Response and Cyber Risk Metrics. Before joining Qualys, he served nine years as the Director of Security and Incident Response working for a data analytics subsidiary for the fifth-largest retailer in the world. Josh holds many industry certifications (such as CISSP) and is a member of his local InfraGard chapter. Josh volunteers his time by mentoring others and serving on the cyber security board for Northern Kentucky University.


11:00 - 11:20 AM Networking Break
11:25 AM – 12:00 PM

Musical Chair of CISOs: Mastering the Governance Beat Amidst Legal Discord

The Joe Sullivan case casts a long shadow over CISOs, intensifying debates about their legal responsibilities in an environment rife with stress and rapid job turnovers. With CISOs frequently changing roles, often citing overwhelming pressures and mental health concerns, there's no denying the added strain from potential legal liabilities associated with their duties.

Delve into the nuanced legal framework enveloping the role of CISOs, the disconnect between their often underprepared involvement in organizational governance and management's unready stance to back cybersecurity decision-making, and the imperatives of establishing collaborative decision-making mechanisms to curb liabilities, reduce stress, and improve cybersecurity resolutions.

Key takeaways include:

  • Understanding your position as a director or officer under Canadian laws.
  • Deciphering the duties tied to these roles.
  • Recognizing the intersections of these obligations with the CISO role.
  • Best practices for assimilating into an organization's governance framework.
  • Strategies to foster collective, cohesive cybersecurity decision-making.

This presentation offers pertinent guidelines peppered with real-world examples, making it invaluable for those involved in or aspiring to be involved in cybersecurity decision-making and governance.

  • Vanessa Henri

    Vanessa Henri is a data governance and cybersecurity attorney. In 2020, she was named one of the most influential women in cybersecurity by IT World Canada. In 2021, she was recognized by Best Lawyers in the "Ones to Watch" category and received the "Women in Leadership" award in 2022. She is an IFSEC Global Influencer in Cybersecurity and a member of the Quebec Ministry of Cybersecurity Expert Committee.

    Prior to co-founding H&W, Vanessa worked as a compliance manager and data protection officer at a Japanese multinational in their cybersecurity division. She has been in private practice at a well-known emerging technology firm and has supported numerous start-ups in their growth.

    She is a certified data protection officer and a leader in the implementation of ISO/IEC 27701. She holds an LL.M. from McGill University and teaches at St. Thomas University in Florida and at Ryerson University in the Rogers Cybersecure program. She is a published author and international speaker.

    Vanessa also participates in several podcasts. Vanessa has extensive experience drafting and negotiating technology agreements, implementing vendor management programs, and supporting legal and compliance departments facing data-driven technology challenges.


12:00 - 1:00 PM Lunch
1:05 – 1:35 PM Privacy Laws in NA: Catching Up to GDPR? And What Does it Mean for Cyber Security
  • Sharon Bauer

     


1:40 – 2:10 PM Law Enforcement and Cyber Crime in Canada
  • Vern Crowley, Det.Sgt. OPP

     


2:10 – 2:40 PM Critical Infrastructure and Resilience
  • Chander Jethwani

    Chander Jethwani is a Lead in Cyber Resiliency serving Canadians as part of the critical infrastructure and finance sector. Leading innovative multistakeholder industry-level initiatives focused on security, risk, and resilience.

    www.linkedin.com/in/chanderj


2:40 - 2:55 PM

Responsible AI: Understanding the Threat

The current imperative on Generative AI into our organizations to improve productivity, cut costs, and provide insights comes with challenges and risks. Understanding these risks and having a more governed, thoughtful strategy and framework for leaders is key to ensuring we are delivering Responsible AI as a core discipline. In this session, we will cover three key risk categories for leaders to think about when considering Generative AI and a basic framework to think through before enterprise deployment.

  • Saqib Khan, Tanium

    Field CIO

    Tanium

    Saqib Khan is the Field CIO for Tanium, he has spent the last 15 years in different roles including Advisory, Management Consulting, Cybersecurity, Risk Management, and Large Global Digital Transformations. Saqib has helped organizations transform with a key focus on delivering digital, cyber, and risk outcomes at scale. He currently focuses on thought leadership advisory into top Fortune 100 organizations at Tanium through strategic partnerships.


2:55 – 3:25 PM Software Supply Chain Security
  • Dmitry Raidman

    Dmitry is a Canadian-Israeli entrepreneur and cybersecurity professional who has been around the technology ecosystem for over two decades. Dmitry’s specialty is in the area of application security, cloud architecture, DevOps, DevSecOps, and automation of cyber-defense mechanisms. Dmitry co-founded Cybeats in 2016. In late 2018 Dmitry joined the NTIA group that worked to shape the SBOM standard. In 2020 Dmitry invented the SBOM Studio solution to help Enterprises consume and manage SBOMs. To give back to the cybersecurity community, Dmitry co-founded the Security Architecture Podcast during COVID19 pandemic in 2020. Today Dmitry leading the innovation, technology, and product in Cybeats as CTO and participates in various working groups to define the future of SBOM, VEX, CSAF.


3:30 – 3:45 PM Networking Break
3:45 – 4:15 PM Pillars of Cybersecurity Strategic Planning and Executive Communication
  • Sarah Qureshi

     



  • Marcus Troiano

     



  • Moderator: Helen Oakley

    Helen Oakley, CISSP, GPCS, is a Lead Security Architect at SAP’s Global Security team, where she defines the strategy and architecture for software supply chain security, as well as requirements for implementation of security capabilities, driving security-by-design and privacy-by-design architecture across all software at SAP. Artificial Intelligence software is one of the technology categories that Helen addresses as part of her overall role, where security controls must incorporate not only the fundamental principles of application security but also specifics for AL/ML, such as AI model security, training data security and AI software transparency. Helen is working on AI software security research together with her colleagues at SAP, and contributing to AI-related forums by Linux Foundation.

    Aside of her work at SAP, Helen is a Co-Founder of Leading Cyber Ladies - a global professional network for women in cybersecurity. Helen is on an advisory board for several cybersecurity startups where she is providing founders and their teams with guidance on the fast-paced cybersecurity market and industry and advising the C-Suite on their corporate security needs. Helen is an educator and a frequent speaker at various conferences, and she was honored by IT World Canada as Top Canadian Women in Cybersecurity for impactful cybersecurity achievements in the field.

    www.linkedin.com/in/helen-oakley


4:15 – 4:55 PM AI in the Enterprise: Responsible Use; Artificial Intelligence and Machine Learning in Security
  • Guillaume Ross

    Guillaume Ross is a cybersecurity professional who currently serves as the Deputy CISO at JupiterOne. Despite his aversion to self-promotion, Guillaume's extensive experience and expertise in the field speak for themselves. He previously held the certification of Certified Information Systems Security Professional (CISSP) until the controversial board decisions of 2022.

    Guillaume is experienced in all areas of blue-teaming as well as corporate IT security, with a proven track record of successfully securing complex systems and networks. He has held several senior cybersecurity positions at top-tier companies and has also provided cybersecurity guidance to a range of clients in different industries in consulting roles.

    Due to his dislike of writing about himself, Guillaume used AI to generate his bio. However, his dedication to protecting organizations from potential cyber threats is clear and makes him a valuable asset to any company in need of strong security leadership.


  • Dominique Payette

     



  • Serge-Olivier Paquette

    Serge-Olivier Paquette is Director of Innovation at Flare, a Cyber Threat Exposure Management solution. He is passionate about developing cutting-edge capabilities and threat analytics using AI and advanced analytics techniques. With experience leading high-performance teams in both small and large teams, he navigates the intersection of mathematics, AI, cybersecurity, software engineering, and innovation management.

    Serge-Olivier's focus is deciphering security events from incomplete information through machine learning and innovative techniques. He also proudly served as President of Northsec, a nonprofit known for hosting top-tier technical cybersecurity events in Montreal.


  • Moderator: Negar Farjadnia

    Negar Farjadnia is Avanade’s Lead for Security practice in Canada. Negar is responsible for driving Avanade Security consulting business and to be the leading cyber security experts in the Microsoft ecosystem.

    Negar also is accountable for delivering the technology capabilities that power Avanade clients and secure their operations worldwide. In addition, Negar and her team, work with clients to ensure they meet their information security obligations.

    She is a passionate diversity advocate and leads Avanade Canada's PRISM employee network where they support the LGBTQ+ employee and create an inclusive workplace.

    Negar has been named one of Canada's top women in Cybersecurity in 2022 and serves as a board member for Pink Triangle press since 2015, where she advises the board on technology and security.


4:55 - 5:00 PM Closing Remarks
5:30 – 7:30 PM Networking Reception

Advisory Board

Bruno Adamo
Negar Farjadnia
Vanessa Henri
Kathy Isaac
Helen Oakley
Laura Payne
Guillaume Ross

Executive Summit Sponsors

The threat landscape is changing. New technologies and evolving threats make cybersecurity more complex and challenging than ever before. Bell understands that your business success and customer trust rely on a solid security foundation. We offer protection against the growing sophistication of advanced threats. With a full suite of managed and professional services, Bell solutions provides insight into the security of your cloud services, data, network and devices.


Cloud4C, named a Visionary in the 2021 Gartner Magic Quadrant for Public Cloud IT Transformation Services is the world’s leading automation-driven, application-focused Cloud Managed Services Provider (MSP). As one of the global leaders in multi-cloud migration and managed services, we support native and hybrid cloud environments with multi-availability zones, offering four-way disaster recovery architecture at zero data loss guarantee, military-grade security under a single SLA.

As certified Azure, GCP, AWS, and Oracle Cloud partners, Cloud4C promises seamless, cost-effective digital transformation on public/private/hybrid/multi-cloud set-ups.


Qualys is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.


Tanium leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Operations, Security, and Risk into one platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy to protect critical information and infrastructure at scale.