Agenda and Speakers

Many times, discussion on software security focuses at the project level. This leads to further discussion on activities like pen testing, code scanning, and user stories. This is like assuming we simply need to inject "security requirements into DevOps". But that is not enough.

When discussing DevSecOps, we actually need to align DevOps, Compliance, Audit, and Business teams. Static DevSecOps models are too rigid and brittle in this regard. What we need to drive DevSecOps is program level thinking. This means discussing future state competencies, governance, and risk management.

In this session, you will learn about how to transition from DevOps to DevSecOps using a more programmatic approach.

When developing a cyber security strategy for your organization two issues need to be top of mind. First, who owns and leads security, and second, whose input and expertise do you need to create effective security and sustainable resilience in the long term.

Many organizations focus on "what" to secure and forget about the "how". In this session, you will hear about the complexity of securing the most sensitive and critical part of any organization: the board.

What happens when you need to secure the boardroom? Is it even possible for the IT guy to secure the C-level? How can you make the chairman comply with any security procedure?

Session details to be advised.

As breaches of cyber security and their associated costs increase, more organizations are looking to cyber insurance to ensure that they have the financial resources to recover.

As the financial costs alone for a breach can be huge, insurance has an obvious appeal. Yet the industry has not grown at the same rate as the exposure to risk. In this session, you will hear about the advantages cyber insurance offers as well as the questions you should be asking when considering using insurance to create greater resiliency for your organization.

The only constant in cybersecurity is change. Advanced cyberattacks threaten our organizations continue to evolve in sophistication and speed. So how do we keep up? In this talk, Shawn will give an overview of the landscape and provide battle-proven solutions which systematically raise the bar to make your organization both responsive and resilient. Additionally, we will take a forward look to discuss some predictions for 2018 and beyond.

In the event of a breach the reputational costs and damage to the brand can be far greater than the direct financial cost. And the damage can be huge and long lasting.

How an organization appears and communicates after an incident has a huge impact. Badly handled communications can lead to lasting irreparable and even terminal damage.

In this session, Andrea Mandel Campbell will discuss what you can do now to prepare for a breach and the specific challenges of cyber incidents—the similarity with other crisis communications. She will share what she has learned as a seasoned communicator from organizations that have acted in a timely and effective manner and those who dropped the ball.

Executing an effective response to a cyber-attack is often one of the most important factors in determining the impact of the breach on the organization and others who may be affected.

A well-handled response will mitigate potentially staggering reputational, operational and legal risks and liability. A poorly-handled response can not only aggravate the consequences of the breach and increase risk and exposure, but also give rise to separate heads of exposure for an organization.

This session will provide key insights and lessons learned for how to handle cybersecurity breaches.

Justin Fong is a Partner at Deloitte, leading the Western Canadian Cybersecurity Practice. Over the last 16 years he has had the opportunity to evolve with this critical risk we all face. This session will provide a high level update on the current cybersecurity landscape to help us better understand what we are up against. What key risks and potential mitigations should be in place for any organization and focus on lessons learned from his past incident response experiences.

Justin will examine what has changed in the field, who are the attackers, what motivates them and lessons learned from numerous breaches.

An overview of the Government of Canada's cyber security landscape (including current challenges and priorities) as it moves forward with its digital transformation agenda.

While quantum computing might sound like science fiction, recent advances and increasing research mean that many experts now believe we could be only a decade away from true quantum computing that is both scalable and fault tolerant. This will have implications for your cybersecurity efforts as when it arrives it will offer the capacity to overcome current cryptography exposing your organization to potentially disastrous breaches.

To prepare yourself, organizations can take steps to integrate quantum-safe solutions into their existing cyber security planning and life-cycle management, where they can be evaluated for functionality, performance, ease of use and other factors. Where necessary, existing infrastructure can be enhanced or replaced. And all this can happen before these changes become critical to the security of the organization.

Dr. Mosca is one of the world's leading scientists in quantum computing, quantum cryptography, and conventional cryptography in an era with quantum technologies. He co-founded Canada's Institute for Quantum Computing, was a founding Faculty Member of Perimeter Institute for Theoretical Physics, and co-authored the respected textbook An Introduction to Quantum Computing. He argues persuasively that the time to start planning for the era of quantum computing is now. In this session, he will explain why and outline the steps you should begin so that you are as ready as possible when the technology becomes available.

Building effective resiliency is about much more than technology and passwords. Critical to this process is educating employees and creating a risk aware culture. Above all else it is a change management exercise.

In this session, you will learn how one organization has gone about raising awareness of cyber security and embedding this in the culture. As this includes what employees need to do before and after a breach this session will connect these two elements of cyber resiliency.

From AI and machine learning, to quantum computing, to the increased vulnerabilities of the Internet of Things, few doubt that the already complex world of cyber security is about to get even more challenging.

This concluding panel will look at what is on the horizon and beyond. This panel will discuss how you should think about the future and prioritize your resources for inevitable risks and the potential damage they may cause.

Post-conference webinar sponsored by:

Webinar details coming soon.