post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

[sc_events_calendar]

September TASK: Operationalizing Security AI in 2020: Reality vs Snake Oil

Wednesday 30-September-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Please Pre-Register Here to Gain Access on the Night


September TASK (Virtual)

Speaker: Stephan Jou
Topic: Operationalizing Security AI in 2020: Reality vs Snake Oil

Let’s face it: Artificial Intelligence holds a ton of promise, but there also seems to be a disproportionate amount of marketing confusion and snake oil out there. What works in real-life security operation centers, versus something that is nothing more than buzz?

Join Stephan Jou, who has been helping deploy analytical and AI systems in enterprises and government organizations for nearly a decade, to have a frank discussion about use cases security AI is actually useful and shows promising results, along with the challenges to keep an eye out for when deploying. Specific areas to be covered where human-machine teaming has made a genuine difference to cyber resilience in 2020, including:

  • Security operations
  • Code analysis
  • Identity and authentication
  • Insider threat

Jou will highlight what works and the challenges in different areas, and end with an example of how the principles of effective AI and visualization can even be used to help with a challenge that we are all victims of: the global pandemic.


A special thanks to Zoom for making this happen. Please register here (free) to gain access on the night: https://zoom.us/webinar/register/8716007972652/WN_U00kdo8kRomYSd6LUhjUCw.

Sincerely,
The TASK Steering Committee

Posted in Events.

August TASK: What Did You do so Wrong that You Think You Need a Firewall in the Cloud

Wednesday 27-August-2020 // 6:00 – 8:00 PM
Meeting Location: Virtual – Please Pre-Register Here to Gain Access on the Night


August TASK (Virtual)

Speaker: Kellman Meghu
Topic: What Did You do so Wrong that You Think You Need a Firewall in the Cloud

I used to think the cloud was a marketing term for someone else’s computer, and that I knew my place in the world, doing what I loved to do. Now imagine realizing that your whole approach to security and computers, was now wrong. That you had been invalidated by the rapid change of information technology, and a strategy for security that despite being successful, was an impending failure. I made a horrible mistake. I took pride in helping people protect their business, but now I will take ownership for mistakes about to be made. I feel like I forgot the technology was there to serve the needs of the customer and started to think the customer needed the technology. It’s backwards, and we need to go back to delivering services that enable the business goals, including reduction of costs, before we end up bankrupting the whole thing under crippling IT costs. And if that means I need to change everything I worked so hard to build, well so be it.

What to Expect: You will be challenged to think differently about technology and be exposed to transformative IT concepts as related to the cloud. This session aims to be disruptive, and arguments are encouraged.

Speakers: TASK Steering Committee
Topic: TASK Us Anything Panel Discussion + Q&A


A special thanks to Zoom for making this happen, we’re thrilled to be able to bring a version of TASK to you once again.

Please register here (free) to gain access: https://zoom.us/webinar/register/3515973402894/WN_nQCIFZSCQF-Jg5cAU-1I4Q.

Sincerely,
The TASK Steering Committee

Posted in Events.

July TASK (Virtual): Crossing the Widening Security Gaps in Canada / TASK Us Anything Panel

Wednesday 29-July-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Please Register Here to Gain Access


July TASK (Virtual)

Speaker: David Senf
Topic: Crossing the Widening Security Gaps in Canada

Let’s take a wide-angle view of the security landscape to see what’s on the horizon. This talk will help you (re)consider your security purchases, skills training, and overall risks so you and your organization are better prepared for the steep security inflection points to come.

Using data collected from across Canada, David will show where the gaps are widening and actions to consider to safely cross. To deploy the best possible strategy, follow the trend lines from the likely scenarios. In this talk, you will lean:

  • Market forces during the pandemic: how have budgets shifted today and moving forward?
  • How scenarios may play out in the balance of power between attacker versus defender
  • Where gaps will likely widen and what actions need to be taken.

David Senf is an IT research and advisory executive with a particular focus on cybersecurity and emerging technologies. He has spent close to two decades analyzing markets and delivering vendor, channel and end-user guidance. David is focused on technology product / service development, marketing management, channel and sales enablement. He has extensive experience quantifying market dynamics and turning data into successful outcomes.

Previously he was a VP at research firm IDC. David is a frequent keynote speaker. He enjoys hundreds of press appearances in a variety of publications, including The Globe and Mail, CBC, The Star, Wall Street Journal and Wired.

Speakers: TASK Steering Committee
Topic: TASK Us Anything Panel Discussion


A special thanks to Zoom for making this happen, we’re thrilled to be able to bring a version of TASK to you once again.

Please register here (free) to gain access: https://zoom.us/webinar/register/8515953581855/WN_ZuaEcBYJQWienG6cyXUTlg.

Sincerely,
The TASK Steering Committee

Posted in Events.

TASK and COVID-19

March and April TASK events have been cancelled.


TASK exists to provide a monthly facility for members of the security community to share information, connect with one another, network and continue to build the security community in Toronto.

That said, the health and safety of our members is of paramount importance.

As the world struggles to contain and manage COVID-19, the current guidance from health authorities is to practice “social distancing” and to avoid large gatherings. Certainly getting 150 or so professionals together to share a pizza and some good security information would not be consistent with this advice.

So in an effort to keep everyone safe and healthy, we’ll be taking this month and the next off and continuing to monitor the situation. We hope the group will be able to resume in May or June. Until then, keep safe and keep healthy!

Sincerely,
The TASK Steering Committee

Posted in Events.

February TASK: Security Checkpoints for Agile Engineering / Machines that Fight

Wednesday 26-February-2020 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


February TASK

Speaker: Rahul Raghavan
Topic: Security Checkpoints for Agile Engineering

In this age of rapid product engineering, we are amidst the flux of jargon- dropping in a dire attempt to drive home the need for scalable application security models. While Agile Engineering and Security Automation have independently creates waves within product engineering and security engineering communities respectively, the practical realisation of Security Automation WITHIN Agile engineering is far from the ideal.

This “HOW-TO” talk would focus on translating application security objectives into sustainable engineering tasks that can be seamlessly consumed within the product development process. The presenter will delve deep into identifying and designing security checkpoints within the SDLC mapped to the fundamental principles of Design, Build, Develop and Deploy! Finally, the talk would also propose a Plan -Do -Check -Act (PDCA) mechanism through which product engineering teams can extend these checkpoints from ideation to deployment and all the way back.

Speaker: Hisham Qaddoumi
Topic: Machines that fight: State of the Nation of Cybersecurity and AI

Artificial Intelligence is reshaping the security industry. Rapid advances in ML and the creation of machines that can mimic human behaviour raises cybercrime to a level. This talk sheds light on the applied usage of AI in cybersecurity in the fight against cybercrime. As an expert in AI, Hisham will provide an overview of the field and deeper implications for security professionals. He’ll describe where in cybersecurity AI is having the greatest impact toady and explore future possibilities.


This month’s TASK is sponsored by CIBC.

We’re on a mission to build the relationship-focused bank of the future and we’re looking for the passionate collaborators, innovators, advisors, and leaders who can get us there. Our distinct culture is built on a shared commitment to do what’s right for our clients, our people, and our communities, and we strive for excellence in everything we do. Because life at CIBC is not only what you do, but how you do it.

What CIBC Offers
At CIBC, our people are our greatest asset. You’ll become part of a diverse community that acknowledges everyone’s unique talents, and empowers teams to do what’s right for the client, and to do it well. As part of our team, you will:

  • Thrive: Benefit from an open and approachable culture that provides the flexibility and support you need to integrate your life at work and at home
  • Connect: Work in a place where the right technology and infrastructure fosters innovation, collaboration and creativity
  • Develop: Grow your skills and career through our best-in-class onboarding experience, ongoing learning opportunities, individual development planning and comprehensive product training
  • Prosper: Share in our collective success with a competitive salary, incentive pay, banking benefits, health benefits program, and employee share purchase plan

– Stay connected with your Talent Acquisition Partner: Brandon Lee
– Refer your peers to future CIBC events
https://www.cibc.com/en/about-cibc/careers.html


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

January TASK / War in the Fifth Dimension: An Overview of the Weaponization of Information

Wednesday 29-January-2020 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


January TASK

Speaker: Alana Staszczyszyn
Topic: War in the Fifth Dimension: An Overview of the Weaponization of Information

What defines a cyberwar? Does cyberwarfare actually exist, or are cyber attacks just a means of enacting warfare in the kinetic world? And, more importantly, will escalating political tensions ever result in a cyber conflict, or are we already in the middle of a global cyber cold war?

War in the Fifth Dimension explores what military doctrines, academic literature, international legal frameworks, and the media have collectively coined as the newest domain of warfare. Despite this agreeance that cyberwarfare is a plausible concept in the real world, there is little surety as to what exactly counts as an “act of war” in the cyber realm. Where kinetic conflicts are defined by the injury, destruction, or loss of life of people and physically tangible “objects of war”, cyber attacks primarily target activities and “intangible” data that kinetic conflicts would separately consider to be espionage, terrorism, or psychological and economic manipulation – in other words, strictly the affairs of domestic law.

Despite some of the most paradigmatic cyber conflicts targeting electoral systems, civilian-serving infrastructure, or even the annihilation of physical buildings, international legal frameworks struggle to separate to find ways to frame these “domestic” affairs that could quickly and almost instantly have destructive effects on the international community. If the object and purpose of these regulations is to provide for the mutual de-escalation during international conflicts, then we must consider: are the current rules attractive enough for nation-states to willingly adhere to, despite the attractiveness of a cheap, fast, and effective means of attack? And what incentives might there be to inspire them to set regulatory precedent for the future of cyberwarfare?


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

November TASK: Threat Hunting with EDR / Securing Pipes with TACOs

Wednesday 27-November-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


November TASK

Speaker: Julian Pileggi
Topic: Threat Hunting with EDR

As skilled attackers focus on bypassing traditional security mechanisms, the ability to perform threat hunting has become more and more integral to a comprehensive security monitoring and response program. Many organizations have realized that deploying an Enterprise Detection & Response (EDR) platform will help their teams be more effective and provide increased visibility. This talk will go over the current threat landscape, the basics of threat hunting, a vendor-agnostic approach to using an EDR for threat hunting and some interesting examples of threat hunts that you could run in your environment right now.

Speaker: Peter Maddison
Topic: Securing Pipes with TACOs

TACO is an acronym I use with clients to help them map controls from their software delivery pipelines to the organizational controls. TACO stands for Traceability, Access, Compliance, and Operations. The approach consists of a base list of 25 automatable controls that are documented and the control activity, artifacts and SOR identified. After mapping how these controls are handed, we map them to the organizational controls and identify any gaps. This model allows for the creation of opinionated pipelines and helps create a common understanding across teams as to what is required in order to be secure. Taking a TACO approach can be considered a part of implementing a DevSecOps program and I’ve used this approach at multiple banks.

During the talk I’ll run through the different categories of controls, how they are implemented, what the purpose of them is, how to create robust feedback loops for controls such as SAST.


This month’s TASK is proudly sponsored by eSentire.

eSentire® is the global leader in Managed Detection and Response (MDR), keeping organizations safe from cyber attacks that technology alone cannot prevent. Our 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events.

We want to cut through the hype and overblown claims surrounding AI and ML to help our customers successfully tackle their biggest digital transformation challenges. We value each person’s unique contribution, so if you love to solve difficult problems–together–eSentire is the place for you.

eSentire has been recognized in Deloitte’s Technology Fast 50™ and Fast 500™, Canada’s Top Small and Medium Employers, and Gartner’s Market Guide for Managed Detection and Response. For more information, visit www.eSentire.com and follow @eSentire.

Join our team of brilliant, passionate people who protect the world from cyber threats.


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

October TASK: The Mechanics of Malware’s Darskide / Beyond Logs: Why it’s an Exciting Time to be a Defender

Wednesday 30-October-2019 // 6:00 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


October TASK

Speakers: Laura Harris and Yagneshwaran Prabagaran
Topic: The Mechanics of Malware’s Darkside

This presentation will introduce the basics steps of carrying out static and dynamic analysis on malware using disassemblers, debuggers, and amongst other tools. Diving into the dark waters of dissecting malware will allow the audience to understand how to disassemble malware, identify key strings and process, and track the behavioral triggers once placed in a sandbox. It also highlights the limitation of static analysis and hints at the next phases of analyzing an obfuscated malware. The audience will be able to develop basic SNORT and YARA rule based on the information shared.

Speaker: Anton Ovrutsky
Topic: Beyond Logs: Why it’s an Exciting Time to be a Defender

The talk will provide a high-level overview of some newer and perhaps overlooked defensive security tooling that has recently been released. Splunk/Elastic SIEM, Sysmon, KAPE, Moloch and BloodHound will be some of the tooling covered. An overview will be provided into what these tools do and how defenders can quickly extract defensive value from them.


This month’s TASK is sponsored by Micro Focus

Micro Focus helps you run your business and transform it. Our software provides the critical tools you need to build, operate, secure, and analyze your enterprise in a constantly changing world. Right now, that means powering your digital transformation with solutions spanning four key areas:

  • Enterprise DevOps — Build and deliver better software faster.
  • Hybrid IT Management — Operate with agility.
  • Security, Risk, and Governance — Secure what matters most.
  • Predictive Analytics — Analyze in time to act.

By design, these solutions bridge the gap between existing and emerging technologies—which means you can innovate faster, with less risk, in the race to digital transformation.


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

September TASK Cancelled

We were unsuccessful in getting you the right speakers this month so have had to cancel our September event.

But fear not, two of Canada’s best cybersecurity conferences are just around the corner and we hope you’ll join in!

BSidesTO takes place at Ryerson University on October 5-6, followed by SecTor 2019 in the MTCC on October 7-10. We hope you’ll head along, show your support and network while engaging and learning from the best.

Until next time,
TASK Steering Committee

Posted in Events.

August TASK: BlackHat, DefCon, BSidesLV Recap

Wednesday 28-August-2019 // 6:15 – 9:00 PM
Meeting Location: Michener Auditorium at UHN, 222 St. Patrick Street, Toronto


August TASK

This month’s TASK is our ever-popular BlackHat, DefCon, BSidesLV recap special!

Listed below are just a few of this month’s Speakers and the Sessions they’ll be covering:

  • Cheryl Biswas
    • Threat Hunting Talk from BSides
    • Diana Initiative
  • Jason Kendall
    • BSides Overview/Wrap Up
  • Alana Staszczyszyn
    • Hackers are Scary: Why the “Stupid User” is Actually just Afraid
    • BioHacking Village
  • Ilya Komanovich
    • MemHunter
    • Bloundhound from Red to Blue
    • Malproxy
    • Monsters in the Middlesboxes
  • Geoffery Heymann
    • Red Team Village
    • Detection Bypass in MacOS
    • Command Injection in Cloud Environments
  • Robin Wilcoxen
    • OWASP Top 10 (AppSec Village)
  • Ophe Chan
    • Are Quantum Computers Really a Threat to Cryptography?
    • SSO Wars: The Token Menace
    • Hacking Wetware with Open Source Software and Hardware: the DIY Artificial Pancreas
      Do No Harm: A Healthcare Security Conversation
  •  Liz Jaluague
    • BsidesLV Hallway Track
  • Anthony Tam
    • Mixing industrial protocols with web application security flaws in order to exploit OT devices in the internet
    • Blockchain-Security Symbiosis: Security Enabling Blockchains; Blockchains Enabling Security
  • Adam Podgorski
    • Your Phone is Using TOR and is Leaking your PII
  • Jomar Gacoscos
    • Car Hacking Village – CAN Reverse Engineering Challenges by Grimm Cyber
    • Social Engineering Village – I PWN Thee, I PWN Thee Not! by Jayson Street
    • Social Engineering Village – Cold Reading Techniques for Fortune Tellers and Social Engineering by Chris Kirsch
  • Shenalie Fernando
    • Social Engineering Village – The Voice Told Me To Do It
  • Laylee Olsen
    • The Hacker Summer Camp Experience

Come along to see your fellow TASKers present and hear what they learnt!


This month’s TASK is proudly sponsored by eSentire.

eSentire® is the global leader in Managed Detection and Response (MDR), keeping organizations safe from cyber attacks that technology alone cannot prevent. Our 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events.

We want to cut through the hype and overblown claims surrounding AI and ML to help our customers successfully tackle their biggest challenges utilizing human expertise at machine scale. We value each person’s unique contribution, so if you love to solve difficult problems–together–eSentire is the place for you.

eSentire has been recognized in Deloitte’s Technology Fast 50™  and Fast 500™, Canada’s Top Small and Medium Employers, and Gartner’s Market Guide for Managed Detection and Response. For more information, visit www.eSentire.com and follow @eSentire.


Meeting Location: Michener Auditorium, 222 St. Patrick Street, Toronto.

Posted in Events.

Our Sponsors