atlantic security conference 2014 · · 2017-02-11the atlantic security conference continues to...
TRANSCRIPT
LEFT
1
ATLANTIC SECURITY CONFERENCE 2014
2
frei
ght
elev
ator
Leve
l 2
Mai
n Lo
bby
Show
Offi
ce
FIREPANEL
Reg
istra
tion
Coa
t Rac
ks
FIREPANEL
B A
R
FIRE EXIT DO NOT BLOCK
Brea
k St
atio
nBr
eak
Stat
ion
Mai
n St
age:
2m
x 7
m@
24"
hig
h wi
th T
CL
Back
drop
200B
Tech
:2m
x 5
m
@ 2
4" h
igh
UNAVAILABLE
Tech
:2m
x 2
m
@ 2
4" h
igh
Mai
n St
age:
2m
x 7
m
@
24"
hig
h wi
th
TCL
Back
drop
200C
20 O
pen-
Ende
d O
vals
of 7
ppl
140
Seat
s
30 T
heat
re-s
tyle
se
ats
36 O
pen-
Ende
d O
vals
of 7
ppl
252
Seat
s
200D
Sou
th 2
200D
Sou
th 1
TCL
Dra
pe
TCL
Dra
pe
Doo
r
Door
BAS
IL
Stor
age
Spea
kers
' R
oom
Atla
ntic
Sec
urity
Con
fere
nce
Thu,
27
- Fri,
28
Mar
ch '1
4
FLOORPLAN
LEFT
3 3
Thank you for attending the 2014 Atlantic Security Conference.
This is our 4th year and we are proud of the quality and the content of this year’s presentations and its speakers. Whether you are in management, a techie or work with security professionals there is something here for everyone. The core philosophy of the Atlantic Security Conference is to deliver relevant information on current trends, emerging threats and exploits within our ever changing and rapidly evolving industry.
We are exceptionally pleased to present what we consider to be well-rounded content; balanced between defensive security measures and current attacks and exploits. The conference drew a lot of international attention and we are excited to hear from the members of our community.
The Atlantic Security Conference continues to grow in both attendance and sponsorship. Some of our sponsors have been here since the very beginning supporting Atlantic Canada. We ask that you please take a moment to visit with them because without their support we could not make this happen.
Please enjoy the presentations, visit with old friends and make some new ones. We have some great prizes and draws and wish you the very best conference experience. Feel free to approach any of us with regards to content, we are always cooking up something and would love to hear your feedback.
~Travis Barlow, Andrew Kozma, Steve Quinn, Darryl Macleod, Scott Walsh and Nick Gyorfi. ~
FROM THE BOARD
LEFT
4
Freelance/Greg Mortensen
color Symantec Sans (Medium, Regular, Light)
7.25” x 9.75”
7.5” x 10”
None
None
None
3
None
None
None
Erik
4/C
None
SRZ.431
Symantec
SRZ.431_Privacy-Security-
Conference_4C_011714.indd
Privacy & Security Conference
1-17-2014 2:46 PM
Job No.:
Client:
File Name:
Title:
Date:
Pubs:
PRODUCTION NOTES
Please examine these publication materials carefully. Any questions regarding the materials, please contact Cindy Jarvis at (415) 217-2831
Live:
Trim:
Bleed:
Mat Close:
1st Insert:
Version:
READER
LASER%
DATE
Studio Manager
Art Director
Copywriter
Account Mgt.
Production Mgt.
Proof Reader
BYAPPROVALS Production:Art Director:
Copywriter:
Account Mgr:
Print Prod:
Color/BW:
Fonts:
Privacy & Security Conference
The security intelligence to keep you safe.
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.
Even as hackers and cybercriminals race to exploit new technologies, Symantec keeps you safe. Our
leading security intelligence identifies and stops mutating malware, protects business data and apps from
mobile to the cloud, and uses advanced behavioral data to prevent malicious insiders from exploiting
sensitive information.
Download the Symantec Government Internet Security Threat Report at symantec.com/threatreport
for an in-depth view of the dynamic threat landscape and how to best defend against these threats.
LEFT
5 5
Time Track 1 Track 2 Track 38:30
8:45:00
10:00:00
Henry Stern - Beyond Zone File Access: Discovering Novel Domain Names Using Passive
DNS
Dale “Dr. Z” Zabriskie - The State of Mobile Security
10:45:00
11:00:00
Russ Doucette - Advanced Malware: Do We Need Other
Layers
Ami Luttwak - An inconvenient Zeus: The rise of SaaS targeted
malware
Marc-Andre Belanger - Using Threat Modeling techniques to develop the ultimate keylogger
11:45:00
13:00:00Guillaume Ross - URL Scheme
Security on iOSDavid Shipley - Securing the
Ivory TowerJean-Francois Gignac - The
Economics of Cybercrime
14:00:00Natalie Oldfield - Protecting
your organization’s most valuable asset
Norbert Griffin - The Blinky-Light Syndrome and why it’s Not Making Us More Secure
Peter Morin - How many times did I use the bathroom today?
An introduction to Open Source Intelligence
14:45:00
15:00:00
Jamie Rees - Information Assurance
Matias Katz - Hacking the Cloud
Ryan Wilson - Advanced Evasion Techniques (AET’s), bypassing NextGen Firewall,
IPS and other network security defenses. How do you keep up?
16:00:0017:00:00
20:00:00Palo Alto Networks Social Mixer
Speakers Dinner (Ticket Required)
Kellman Meghu - Weaponized Security
Opening Remarks & Opening Keynote - Dr. Michael Geist
Catered Lunch - Complements of HP and Mobia David Fraser - Privacy and technology lawyer
Topic: Compliance - Legal & Regulatory Requirements & Obligations
Patrick O’Byrne – Senior Solution Architect, HP Enterprise SecurityTopic: HP Enterprise Security ArcSight – How ArcSight technology can help with audit &
compliance requirements.
Registration
Morning Break
Afternoon Break
DAY 1 AGENDA
6
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2011 Fortune Global 100. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.
eSentire® is the leading innovator in Active Threat Protection platform, the most comprehensive way to defend enterprises from advanced, never-before-seen cyber threats. Our flagship offering, Network Interceptor, challenges legacy security approaches, combining behavior-based analytics, immediate mitigation and actionable intelligence on a 24x7x365 basis. Our dedicated team of security experts continuously monitors customer networks to detect and block cyber attacks in real-time. Protecting over $1.2 trillion in combined assets, eSentire is the trusted choice of security decision-makers in financial services, healthcare, mining, energy, engineering and construction, legal services, and technology companies. For more information visit http://www.esentire.com and follow @esentire.
GOLD SPONSORS
LEFT
7 7
Time Track 1 Track 2 Track 39:00:00
9:15:00
Colin O'Flynn - Hacking Embedded Systems: Power Analysis & Clock Glitching
Derek Manky - Beyond BYOD – Hacking the Internet of
Things
10:00:00
Rick Vanover - Data Protection Security Mishaps
that you can Avoid
Dale O'Grady - Application Identification
10:45:00
11:00:00
Mark Nunnikhoven - Taming Hydra: Updating Your Security
Practice To Handle Hybrid Environments
Mike Doherty - Legal Issues in Computer Security
Research
Matias Katz - HTExploit, bypassing .htaccess and
beyond!
11:45:00
13:00:00
Mark Stanislav - Eyes on IZON: Surveilling IP Camera
Security
Jon Blanchard - 20 top Hacked and Defaced Maritime
Websites
James Placer - Payment Card Industry 3.0 Updates and
Requirements from an Industry Perspective
14:00:00Sandy Fadale - How to Setup
a Framework for the Governance of Enterprise IT
Joseph Malinka - One ring to rule them all” – Using CPU
Features to Enable Any Device to Protect Itself By
Design
Bonnie Butlin - Cyber Surveillance: The 2014
Recalibration of Western Intelligence
14:45:0015:00:0016:00:00
Opening Remarks
Morning Break
Catered Lunch - Complements of VaronisVitaly Levin - Securing Unstructured Data, The Next Evolution of eDiscovery and Data
Loss Prevention
Afternoon BreakClosing Keynote - Brian Krebs
Closing Remarks & Prize Draws
DAY 2 AGENDA
8
SILVER SPONSORS
LEFT
9 9
CLOSING KEYNOTE SPEAKER
Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators.
But you didn’t really want to read my résumé, did you? What most people want to know is how I got into computer security, and whether I have a technical background in the field.
The short answer is “by accident,” and “no,” respectively. I earned a Bachelor of Arts in International Studies from George Mason University in 1994, and at the time I wasn’t much interested in computers, although I had programmed a bit on an Apple II and spent quite a bit of time visiting online bulletin boards as a kid.
It wasn’t until 2001 — when my entire home network was overrun by a Chinese hacking group — that I became intensely interested in computer security. I had been monkeying with a default installation of Red Hat Linux (6.2) on an old Hewlett-Packard system, because for some reason I had it in my head that it would be fun to teach myself how to turn the spare computer into an oversized firewall [ah, the irony]. That is, until the Lion Worm came around and locked me out of my system. Twice.
After that incident, I decided to learn as much as I could about computer and Internet security, and read most everything on the subject that I could get my hands on at the time. It’s an obsession that hasn’t let up.
Much of my knowledge about computers and Internet security comes from having cultivated regular and direct access to some of the smartest and most clueful geeks on the planet. The rest I think probably comes from a willingness to take risks, make mistakes, and learn from them.
I am 40 years old, and live with my wife Jennifer in Northern Virginia. When I’m not at the computer, I most often spend my free time reading, writing, cooking, gardening, studying Russian and playing guitar. I also enjoy corresponding with readers, so shoot me a note and tell me what you think of the blog (http://www.krebsonsecurity.com).
Dr. Michael Geistis a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. He has obtained a Bachelor of Laws (LL.B.) degree from Osgoode Hall Law School in Toronto, Master of Laws (LL.M.) degrees from Cambridge University in the UK and Columbia Law School in New York, and a Doctorate in Law (J.S.D.) from Columbia Law School. Dr. Geist is a syndicated columnist on technology law issues with his regular column appearing in the Toronto Star and the Ottawa Citizen. Dr. Geist is the editor of several copyright books including The Copyright Pentalogy: How the Supreme
Court of Canada Shook the Foundations of Canadian Copyright Law (2013, University of Ottawa Press), From “Radical Extremism” to “Balanced Copyright”: Canadian Copyright and the Digital Agenda (2010, Irwin Law) and In the Public Interest: The Future of Canadian Copyright Law (2005, Irwin Law). He is also the editor of several monthly technology law publications, and the author of a popular blog on Internet and intellectual property law issues.
OPENING KEYNOTE SPEAKER
10
Marc-André BélangerMarc-André Bélanger is in IT since 1997 and in security since the end of the Y2K gold rush. He is currently acting as a Senior Risk Officer within the Insurance Industry and worked, throughout his career, in Retail and Banking. He accumulated extensive experience in Incident Management, computer and mobile forensics and IT risk mitigation. Serious fan of hacking games and contests, hardware hacking and lock picking. He currently holds certifications in Fraud (CFE), Physical Security (CPO), Pen-Testing (CEPT), and Information System Security (CISSP).Securing the Ivory Tower
Mike Dohertyis a well-rounded computer geek. Currently finishing a computer science degree at Dalhousie University, he will be joining Google’s Site Reliability Engineering team in July. Mike has a background in psychology and is interested in the intersection of technology with other fields of study. As a result, he has studied usable privacy and security, and is the lead organizer of CryptoPartyHFX, a practical computer security tutorial for the public, which was the topic of a recent CBC radio interview. You can find him online at https://hashbang.ca
Sandy Fadale is a Senior Manager with Bell Aliant where she is responsible for leading information security across all six provinces served by the organization including a team of 14 highly skilled security and compliance specialists. Sandy is responsible for overall security planning, vulnerability management, risk management, policies and standards, security awareness, Sarbanes-Oxley compliance and remediation, PCI compliance and remediation and logical access control.
Sandy has more than 25 years of in-depth information technology experience in the fields of enterprise computing with an emphasis on information security which includes IT Security, application development and business continuity. Prior to Bell Aliant, Sandy was a Manager with Ernst & Young LLP and Visteon Corporation in their Information Security and Risk Advisory practices. Sandy has also served in the US Military in telecommunications utilizing various encryption techniques.
Sandy is currently the President of Information Security Audit and Control Association (ISACA), Atlantic Provinces Chapter teaches the CISM, CGEIT and CRISC and is a Subject Matter Expert and Published in the 2012, 2013 and 2014 CRISC Review Manual.
Dale “Dr. Z” ZabriskieAs an Evangelist for Symantec Corporation, Dale “Dr. Z” Zabriskie consults with IT professionals across the globe, advising on strategies for securing and managing their information. He is a CISSP (Certified Information Systems Security Professional), certified in Cloud Security Knowledge (CCSK), and is known for his ability to relate both technically and conceptually in an authoritative yet entertaining style. In his 13-plus year tenure with Symantec, Mr. Zabriskie has worked with organizations in over forty countries including a residence in Europe. He has also been a popular moderator and participant in numerous
industry panels. His expertise is supported by over thirty years of career experience in information technology, regulatory compliance, research and development, healthcare, manufacturing, and sales with companies like IBM, SunGard, IKON, and VERITAS.
SPEAKERS
LEFT
11 11
Jean-Francois Gignachas been in the IT Industry for over of 10 years, working with Large enterprise clients, multinationals, public sector and non-profit while working for well recognized names such as Canon, Bell, Fortinet and Websense. With a passion for security and helping raise awareness around today’s challenges in this field he now works for Cisco. Jean-Francois’s background is eclectic and he draws on past experience and lessons from industries who struggled to become IP enabled, secure and re-invent themselves in today’s connected age. Jean-Francois recently came to Cisco from
Sourcefire who was acquired by Cisco. Today he is the Security Account Manager for Cisco and is responsible for Eastern Canada. He lives in Montreal, is a gamer, father and loves the outdoors.
Derek Manky formulates security strategy based on years of threat and industry knowledge, with a goal to make a positive impact towards the global war on cyber crime. Manky has presented research and strategy world-wide at many security conferences, including meetings with leading political figures who help define the future of cyber security. He works globally within the security industry and Computer Emergency Response (CERT) to connect the dots, providing mitigation advice and threat forecasts based on correlated data and personal knowledge. This strategy can be integrated into new, advanced technology to fight cyber
attacks. He has been recognized as a thought leader in the industry. Manky designed a vulnerability disclosure framework, which has been reliably used for years to responsibly fix security issues before criminals discover and attack them.
Manky also sits on a computing program committee with a premier technology institution in Canada, advising on next generation security requirements. He continues to dedicate his career to security, research and education.
David Shipley is a member of the IT Security team at the University of New Brunswick. He is responsible for monitoring UNB’s networks and systems, responding to incidents and assisting in long-term security strategy and planning. David also assists with user education and behaviour change.David is a former business journalist with the New Brunswick Telegraph-Journal. He is currently pursuing his Masters of Business Administration at UNB, with a focus on information technology.
Henry Stern recently joined Farsight Security Inc. as a Senior Distributed Systems Engineer. Henry has a long history of publishing data-driven computer security research and contributing to industry working groups with a focus on spam, malware and tracking online criminal infrastructure. Henry has switched focus to developing new tools for computer security research that will help raise the bar for the community’s defence against online crime.Henry moonlights as the Co-Chair of the Technical Committee at the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) and is a Committer Emeritus of Apache
SpamAssassin. Henry worked as a security researcher at IronPort/Cisco for 7 years prior to joining Farsight. Henry won best paper at the MIT Spam Conference 2009 for “The Rise and Fall of Reactor Mailer.”
SPEAKERS
12
Ami Luttwak is the co-founder and CTO of Adallom, a complete cloud security solution provider for SaaS applications. Prior to that, he was a senior software architect at Phonaris, where he designed the architecture and led the development of the Phonaris agents for the iPhone and Android platforms. Luttwak is an alumnus of the Israeli Defense Force’s 8200 unit.
Vitaly Levin has over 20 years of experience in the financial services, government, telecommunication and software industries. He spent the last 15 years developing enterprise solutions and risk mitigation strategies for multi-national organizations, and associated industry groups. Vitaly has a combination of Business, Technology and Legal background and has been invited to presented at over a dozen events through-out North America.
Kellman Meghu
has delivered security talks in private corporate focused events, at school internet safety classes for training students and teachers, as well as public events including SecureWorld Seattle, The Check Point Experience, Bsides St. Johns, Bsides San Francisco, Bsides Chicago, Bsides Detroit, Secure360, Trilateral Conference, and Sector lunch keynote for 2012. Kellman has contributed to live TV interviews in the Toronto area with CP24, CityNews, and CHCH TV, as well as radio station interviews
and news articles across Canada.
Colin O’flynn analyzes the security of embedded systems, and has spoken extensively about his open-source ChipWhisperer tool which was created as part of his ongoing PhD Research at Dalhousie University. He’s previously been involved with a variety of embedded system designs, including wireless protocols used in smart energy meters. His work on embedded security has led him to speak at a number of security conferences including Blackhat EU/USA.
Joseph Malinka is the Director of Systems Engineering at Bromium. He joined Bromium in June of 2012 when the company was still in stealth mode, and played a crucial role in establishing Bromium’s early customer base and subsequent record growth. Prior to Bromium, Joe was at EMC for 11 years of which the last three years were with RSA, the Security Division of EMC. He has provided engineering, consultative, and architectural expertise in many different security domains, working extensively with medium to large enterprises in the New York City metro area in the financial, legal, and healthcare verticals. He is a Certified Information Systems
Security Professional (CISSP) and received a B.S. in Applied Physics from Brigham Young University.
SPEAKERS
LEFT
13 13
Peter Morin is a Senior Information Security Specialist with Bell Aliant. His position focuses on information security risk management, penetration testing, cyber threat response, application code analysis, malware analysis, and computer forensics. Peter has over 18 years of in-depth information technology experience in the fields of enterprise computing and networking with an emphasis on IT security, application development, business continuity, incident response and forensics. Prior to Bell Aliant, Peter has held positions with KPMG LLP and Ernst & Young LLP as Senior Manager in their IT Security, Risk Advisory & Forensic
practices, as well as worked with numerous tech start-up companies and various government and military agencies. Peter is a frequent speaker on the subject of critical infrastructure protection, risk management, penetration testing, malware analysis and forensics and has presented at numerous events held by the HTCIA, Black Hat, DEFCON, PMI, Computer Security Institute, Interop, SANS, and ISACA. Peter is a frequent guest lecturer at numerous colleges and university throughout North America and has also been featured in numerous publications including SC Magazine. Peter sits on numerous executive boards including the High Technology Crime Investigation Association International Board of Directors, HTCIA International Conference, ISC2, and ISACA - Atlantic Provinces Chapter. Peter holds numerous security-related designations including the CISSP, CISA, CGEIT, CRISC, and GCFA.
Bonnie Butlinis executive director of the Canadian Security Partners’ Forum (CSPF), and managing director of the Canadian Security Executive Forum (CSEF). She has a diverse background in the fields of defence, intelligence, and security; and she was the sole author of a commissioned study for the Federal Court of Canada on National Security and the Administration of Justice. She also was named one of Security
Mark Nunnikhoven Building on an extensive career developing security practices for large organizations and securing complex enterprise environments, Mark speaks regularly on the security challenges facing businesses today.
Focusing on helping businesses as they move from the data centre to hybrid environments to working fully in the cloud, he brings a wealth of practical experience to the table. An active member of the IEEE and ACM, Mark regularly works with clients, partners, and the
community to conduct research and study the real world impact moving to the cloud has on a security practice.
Regularly sought after to speak on cloud computing, usable security systems, and modernizing security practices, Mark is an accomplished speaker and computer scientist.
Dale O’Gradyis a Senior Systems Engineer at Palo Alto Networks with extensive experience in layer 2-7 security. As a 20 year veteran of the Information Technology sector, Dale has had the good fortune of working as a world-wide Product Manager for security solutions such as Firewalls, Proxies, Intrusion Detection/Prevent Systems, Traffic Classification Systems, Mobile Security and Network Access Control. In 2011, Dale decided to move to a dedicated customer facing role to help customers address their real-world security challenges.
SPEAKERS
14
Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor, Michigan-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development.
Mark has spoken nationally at over 70 events including RSA, ISSA, B-Sides, GrrCon, Infragard, and the Rochester Security Summit. Mark’s security research has been featured on web sites
including CSO Online, Security Ledger, and Slashdot. Additionally, Mark is an active participant of local and nationals security organizations including ISSA, Infragard, HTCIA, ArbSec, and MiSec.
Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an Adjunct Lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.
Jamie Rees With 20 plus years in information technology, the majority of that in information security related roles in communications and financial service organizations. Currently Jamie is the Director of Information Assurance - Chief Information Security Officer and the Chief Security Strategist for the Province of New Brunswick, Canada, working for the Executive Council Office. The idea that explaining security in terms of impact on business expected outcomes became evident to Jamie early in his career. Leading him to change his outlook of security programs and the value they bring to business, followed by writing the job descriptions and
building the programs used to deliver information security functions. The value proposition used in delivering these roles was his training ground on how to communicate value in security.
Guillaume K. Rossis an Information Security consultant with a background in IT. He can typically be found in the Montréal area, helping companies from big to too big with their information security programs. He believes in making security as transparent as possible to employees and IT staff as well as using capabilities found in the world of cloud computing that can help secure systems differently and sometimes better than how it is done on physical systems. None of this is relevant to his talk at AtlSecCon 2014, where only his credentials as an Apple geek are useful.
Matias Katz is a Penetration Tester who specializes Web security analysis. He has over 10 years of experience in the field. He is the founder and CEO of Mkit Security, a company that specializes in penetration testing services and hacking training. He loves to build simple tools to perform discovery and exploitation on any software or network. He has spoken at BlackHat, H2HC, Campus party, Ekoparty, OWASP and many other important conferences. He is the founder of Andsec conference (www.andsec.org). Also, he is Super Mario World master!!
SPEAKERS
LEFT
15 15
James Placer is an Information Security and Privacy consultant with a specific focus on network architectures and International compliance requirements. He has spent the last 20 years working primarily with fortune 100 companies in the United States in evaluating, and architecting compliant security solutions He has been a keynote speaker on presentations regarding privacy legislation changes at the state and federal level in the Midwest United States along with being an adjunct professor in Information Assurance at Davenport University in Michigan. He currently splits his time between residences in Tatamagouche, NS
and Allegan, Michigan when he is not on the ski slopes chasing his ski racing daughter.
Russ Doucet
For over 20 years Mr. Doucet has been working in Information Technology, with over 10 years of focus on security appliances. Russ has done many large deployments in corporate, education and government spaces, as well as rollouts and support for retail chains and other distributed organizations. Russ is also an accomplished trainer, having delivered custom-developed as well as certified curriculum for various platforms for hundreds of security professionals over the years. Russ was recognized at the inaugural Canadian Fortinet Xtreme Team technical event as the Xtreme Team MVP in Montreal 2011. Besides training,
implementation, and both pre-sales and post-sales support, Mr. Doucet also frequently speaks at security seminars and conferences on a variety of forward-looking security topics in Ontario and the Eastern provinces. Finally, Mr. Doucet is a court-recognized expert, having testified in court on numerous occasions for criminal and civil matters involving security and forensics.
Norbert Griffin is a Delivery Manager for Security at zedIT Solutions, one of Atlantic Canada’s largest Information Technology (IT) Services firms providing both Strategy and Execution for Large Enterprise clients in the public and private sector. With over sixteen years professional experience in the industry, Norbert has a broad range of knowledge and experience in information security, auditing, penetration testing and security operations and holds several industry recognized security certifications.
Norbert has conducted assessments for Large Enterprise throughout Atlantic Canada and has helped companies develop prioritized security roadmaps and implementation plans based on findings from their assessments. Founder of the annual BSidesStJohns Security Conference in St. John’s, NL, Norbert has been connecting security experts and industry professionals to share ideas, insights, and develop longstanding relationships with others in the province for years.
Ryan Wilson is an experienced security practitioner and leader with over 10 years of information security consulting experience. At McAfee,Ryan is responsible for bringing Stonesoft and the McAfee NextGen Firewall to the Canadian market. Prior to assuming his role at McAfee, Ryan was Director of Security Presales and Engineering at TELUS Security Solutions and held various security related positions at Allstream.
SPEAKERS
16
Natalie Oldfield is known as a passionate and energetic speaker, Natalie has presented to audiences throughout North America, Europe and Asia. Natalie has worked in marketing communications and sales in multinational companies for 20 years.Natalie’s experience working with international ICT organizations drew her to the conclusion that trust is the most important asset a business can protect. That conclusion prompted her extensive study in the field of her Masters degree, How Organizations Build Trust with their External Stakeholders.
She facilitates workshops and training sessions and consults with companies looking to improve revenues, protect and deepen relationships, and gain a competitive edge. Natalie’s sessions offer participants strategies and practical tools to improve relationships, customer experiences and the bottom line.Natalie has also been a part time faculty member at Mount Saint Vincent University in the Communications and Public Relations department, and a part time faculty member in the School of Business at the Nova Scotia Community College. She is a graduate of the University of New Brunswick (Bachelor of Arts), Mount Saint Vincent University (Bachelor of Public Relations), the Dupree College of Management, Georgia Institute of Technology(Certificate in Management), and is a candidate for a Masters in Communications.
Rick Vanover (vExpert, MCITP, VCP) is a product strategy specialist for Veeam Software based in Columbus, Ohio. Rick is a popular blogger, podcaster and active member of the virtualization community. Rick’s IT experience includes system administration and IT management; with virtualization being the central theme of his career recently.
Jon Blanchard is a Speaker, Technology Columnist with Canada.com and the Globe and Mail as well as the Ethics Lead for the Nova Scotia Technology Guild based in Halifax, Canada. Mr Blanchard (@dexterdyne) is a regular and popular presenter on the challenge and promise of hackism at the Atlantic Security Conference(AtlSecCon), High Technology Crime Investigation Association (HTCIA) and Atlantic Internet Marketing (AIM) Conferences - as well as Halifax Area Security Klatch (HASK), Third Wednesdays (3W) and Podcamp Halifax.
SPEAKERS
LEFT
17 17
BRONZE SPONSORS
18
Swag Bag Sponsor
Lunch Day 1
Social Mixer
Lunch Day 2
ADDITIONAL SPONSORS
LEFT
19 19
a SecurityTube.net initiativePentesterAcademy
EDUCATIONAL SPONSORS
20
COMMUNITY SPONSORS
LEFT
21 21
To be entered in the grand prize draw, please visit the sponsor booths listed below and have them stamp next to their logo. At the end of the conference, please tear out this page and give it to a volunteer at the registration booth.*** you must be present at the closing remarks & prize draws at 4:00 pm to have the chance to win!
Name:
PRIZE DRAW
22
Travis Barlowhas over 15 years of experience in the IT field, the majority of it in the IT Security realm. He is the founder of the Atlantic Security Conference (AtlSecCon) and the Halifax Area Security Klatch (HASK), a local security community. He has been recognized by Digital Nova Scotia as an Industry Leader. He is also an avid speaker, having spoken at multiple security events and is frequently booked for future events. When he is not performing penetration testing, incident response or other security related work he enjoys multiple outdoor pursuits such as hunting, fishing, extreme winter survival camping and spending time with his son.
Andrew Kozma is currently the Sr. Security Analyst for the Capital District Health Authority, Nova Scotia’s largest healthcare district. He is responsible for the development of information security policies, standards, procedures, and their management and implementation. In addition to network and security architecture audit responsibility, Andrew is also trained to look for weaknesses and vulnerabilities in target systems and to use his knowledge as a hacker to identify, report and mitigate risk. Andrew is also actively involved with the Halifax Area Security Klatch (HASK).
Steve Quinn manages more than just servers in his current position as Manager of Network Services at Health Association Nova Scotia. As a professional of more than 15+ years in IT, Steve has experience ranging from direct front-line care to back-end and departmental management. As a self-professed generalist, he has had to develop a broad skill-set dealing with clients that range from highly technical to non-computer users. This perspective gives him the ability to look at problems from many angles in the search of solutions both from a technical and ‘big picture’ perspective.
BOARD OF DIRECTORS
LEFT
23 23
Darryl MacLeodis a 13 year veteran of the Atlantic Canadian IT community and works for Heimdall Networks as a Senior Security Researcher. He is a member of the High Technology Crime Investigation Association and is the founder of the Cape Breton Technology Users Group. He currently holds CISSP and CISA certifications.
Scott Walsh currently works for an industry leading vulnerability assessment company. In addition to seeing new security exploits on a daily basis, he builds hardware and software projects to test, and sometimes break, digital and physical security.
Nick Gyorfi is an IT Professional with over 10 years experience in various information technology roles from global organizations to Government and educational institutions. Nick holds a Bachelor of Commerce Degree from Saint Mary’s University, a diploma in Information Technology from Nova Scotia Community College and various IT certifications. Nick has a passion for information security and helps to run the Halifax Area Security Klatch (HASK).
The only security conference in Atlantic Canada focusing on bringing some of the worlds brightest and darkest minds
together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines.
BOARD OF DIRECTORS
LEFT
24
Thank you and see you next year!