post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

[sc_events_calendar]

October TASK: Security for Businesses on a Budget

Wednesday 28-October-2021 // 6:00 – 7:30 PM
Meeting Location: Virtual – Register


October TASK (Virtual)

Speaker: Michael Argast, CEO of Kobalt.io
Topic: Security for Businesses on a Budget

Tough choices need to be made by many small and mid-sized Canadian organizations that have very limited security budgets – and often little or no full-time security staff. How should limited resources be allocated? The CIS 20 Controls and other frameworks provide some guidance on where to focus attention, but costs can add up quickly. However, there are a series of strategies that SMBs can take to dramatically reduce risk and improve security, while keeping within their budget. In this talk, Michael Argast, CEO of Kobalt.io will cover specific strategies and low hanging fruit to help get security programs moving in the right direction. From his work with hundreds of organizations, Michael will explain:

  • Where organizations tend to overinvest and where the gaps tend to emerge
  • Which skills to consider hiring for as you grow over time
  • How to use key strategies and frameworks despite limited resources

Michael is an experienced cybersecurity professional with over 20 years of industry experience. He is the Co-Founder and CEO of Kobalt.io, a rapidly growing cloud-focused security services provider. Kobalt.io works with over 100 cloud-focused technology companies to help develop their cyber security programs and ensure the security of their organization.

Register


This month’s TASK is proudly sponsored by Optiv.

Optiv Security is the cyber advisory and solutions leader, delivering strategic and technical expertise to more than 7,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.

Win a $300 Amazon gift card, thanks to Optiv: https://events.optiv.com/taskoctobermeeting


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/8116345830203/WN_uozqQrPGTIGiQBk0Rgug_g

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

September TASK: Top 10 steps to better incident response

Wednesday 29-September-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


September TASK (Virtual)

Speaker: Wadeed Mian, Vice President, Digital Forensics and Incident Response, ISA Cybersecurity
Topic: Top 10 steps to better incident response
 

Rapid and effective incident response requires you to take the right steps, at the right time and in the right order to reduce the impact of a breach. Wadeed Mian presents his top ten lessons learned in successfully managing a cyber incident. He will answer your questions as he shares real-life experiences. He’ll cover the tactics, techniques, tools, and technology used by attackers to help you better understand the adversary. He’ll explain how his team identifies IOCs in the race against time to block, contain and eradicate cyber threats. And most importantly, he will pinpoint key areas of improvement for your organization to consider to avoid critical IR mistakes.

Wadeed is an incredibly passionate cybersecurity professional with more than 20 years of experience in IT management, IT security management, and IT enterprise architecture. Throughout his career, he has implemented large information security programs and practices. Wadeed is highly effective at risk and operational management, confident and successful at making critical decisions to protect the availability, integrity, and confidentiality of critical business information and information systems. But as much as Wadeed is recognized for his technical experience and knowledge, he is the epitome of a “people leader,” who’s always there for his team, setting aside time and space to focus on the person standing right in front of him. In his spare time, he loves spending time with his family, eating Chinese cuisine with his friends, and taking on the video gaming world.

Register


This month’s TASK is proudly sponsored by ISA Cybersecurity.

Today’s reliance on complex and interconnected networks, coupled with the sophistication and relentlessness of threat actors, has made cyber incidents a matter of “when”, not “if”. Companies must have an incident response procedure prepared in advance or face the substantial – and potentially existential – financial and reputational risks that come with being unprepared. Do your incident response procedures measure up? Download ISA Cybersecurity’s complimentary whitepaper “The Six Stages of a Successful Incident Response” to find out. It’s packed with expert tips and thought-provoking insights that will help improve your readiness to face a cyber incident. Download our whitepaper by Sept. 30, 2021 and you’ll be entered into a draw to win a $100 Canadian Tire gift card.

ISA Cybersecurity is Canada’s leading cybersecurity-focused company, with nearly three decades of experience delivering cybersecurity services and people you can trust. Our vision is to help create a world in which everyone is safe from cyber threats. We provide a host of incident response services. Contact us today to learn more.


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/4316317215267/WN_cbfkVuBlQzOAcSYzwjS4fQ

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

August TASK: Black Hat / Defcon Recap Special

Wednesday 25-August-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


August TASK (Virtual)

August is our ever-popular Black Hat / Defcon recap special featuring your fellow TASKers presenting a summary of what they learnt at this year’s events.

This month’s TASK Speakers include: 

Helen Oakley

  • Software Supply Chain 101
  • Software Supply Chain 201

Olivier Bilodeau

  • Symbexcel: Bringing the Power of Symbolic Execution to the Fight Against Malicious Excel 4 Macros
  • Cloudy with a Chance of APT: Novel Microsoft 365 Attacks in the Wild
  • PyRDP: Remote Desktop Protocol Monster-in-the-Middle (MITM)

Braveenth Rasanayagam

  • You’re Doing IoT RNG

Bill Graydon

  • Defeating Physical Intrusion Detection Alarm Wires
  • Putting the EICAR virus signature test string onto a QR code
  • Hacking shopping cart immobilisation systems
  • Phishing with OAuth2

Karen Ng

    • Bypassing Locks 101

 

Register


This month’s TASK is proudly sponsored by Scope Security.

Scope Security stops ransomware, data breaches and other cyberattacks at hospitals, clinics and large provider systems with its managed detection and response solution. We have custom-built our integrated technology and service platform to enable us to detect the complex attacks that healthcare organizations are facing across their entire technology landscape.

Sign up to learn more.


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/2616288915636/WN_nsaAKkG_R4S9vCExDnDH_A

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

July TASK: Beyond just Ransomware: The Challenge of Securing Clinical Technologies

Wednesday 28-July-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


July TASK (Virtual)

Speaker: Mike Murray
Topic: Beyond just Ransomware: The Challenge of Securing Clinical Technologies

While ransomware is the main story on the news, modern healthcare delivery organizations have unique security challenges across their environment. One of the most difficult for most of them is the wide diversity of Clinical Technologies that are required on a daily basis to deliver care. From large devices like CT scanners to small infusion pumps, nearly every medical device these days is connected to the network and provides a fertile attack surface.

In this talk, Scope Security CEO Mike Murray will walk through the common security challenges around medical devices and help understand not only why these medical technologies present so many security risks, but also walk through many of the technical, political and regulatory challenges that the clinical environment provides, and how to secure them.

Register


This month’s TASK is proudly sponsored by Scope Security.

Scope Security stops ransomware, data breaches and other cyberattacks at hospitals, clinics and large provider systems with its managed detection and response solution. We have custom-built our integrated technology and service platform to enable us to detect the complex attacks that healthcare organizations are facing across their entire technology landscape.

Sign up to learn more.


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/3116268817688/WN_ekJ9XhZ7SOugx-JoukQzPQ

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

June TASK Cancelled

We were unsuccessful in getting you the right speakers this month, so we’ve cancelled our June TASK event.

Stay tuned, we’ll be back in July with something great!

Until then,
TASK Steering Committee

Posted in Events.

May TASK: Quantum Computers Versus Traditional Security: When and How to Prepare

Wednesday 26-May-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


May TASK (Virtual)

Speakers: Michele Mosca, Bruno Couillard, Alexander Truskovsky
Topic: Quantum Computers Versus Traditional Security: When and How to Prepare

Recent advances in quantum computing point to an exciting future, but significant security risk as well. The inevitable day when everything will change is closer. The brightest minds in quantum computing, post-quantum cryptography and preparing for the inevitable, happen to live and work in Canada. Michele Mosca (evolutionQ), Bruno Couillard (Crypto4a) and Alexander Truskovsky (ISARA) form an all-star panel to answer critical questions on the following topics about security in a post-quantum era:

  • Current state. How far along is quantum computing – some big announcements, but what is real versus hype?
  • Quantum encryption vs. quantum computing. We’ll distinguish between quantum encryption and post-quantum computing security risks.
  • When and where. What are the latest estimates regarding when a quantum computer will first be in operations that is capable of running something like Shor’s algorithm? And where might the first quantum computer be built?
  • New security requirements. How will security controls change – or will the post-quantum era look similar to today with updates to existing technology?
  • Mitigations. As more data shifts to the cloud, will actions by the likes of Microsoft, AWS, Salesforce et al., mitigate this security threat if they can become quantum resistant in their services? What are other potential mitigations that might accelerate quantum-resistance? And where is NIST / other standards at with PQC?
  • Canada readiness. Will we be ready when the inevitable happens?

Panelist bios:
Bruno Coulliard has more than 30 years of experience in the security industry with 12 of those years with the Canadian Military and the Communications Security Establishment. He is best known for his leading role in the development of the Luna hardware security module (HSM) and as the co-founder and Chief Technology Officer (CTO) at Chrysalis-ITS (Gemalto). He also contributed to defining the PKCS#11 Standard, the API to cryptographic tokens. Bruno has authored patents on security of root key transfer, time stamping, time synchronization, and other topics, and continues to develop new ones to this day. At Crypto4A, Bruno is developing the next generation HSM to address the looming risk of quantum computers while providing a modern cybersecurity environment for applications deployments adapted for cloud and edge computing. He is recognized as a thought leader in the cybersecurity and key management space and determined to continue improving the underlying security of our evolving digital infrastructure.

Dr. Michele Mosca is CEO and Co-founder, evolutionQ Inc. Dr. Mosca is globally recognized for his drive to help academia, industry and government prepare our cyber systems to be safe in an era with quantum computers. He co-founded and leads evolutionQ Inc. to provide products and services that enable organizations to evolve their quantum-vulnerable systems and practices to quantum-safe ones. He was a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography. He co-founded softwareQ Inc. to help organizations benefit from the power of quantum computers.

He worked on cryptography during his BMath (Waterloo) and MSc (Oxford) and obtained his Doctorate (Oxford) on Quantum Computer Algorithms.
He is a founder of the Institute for Quantum Computing, Professor in the Department of Combinatorics & Optimization at the University of Waterloo, and a founding member of the Perimeter Institute for Theoretical Physics. His research interests include quantum computation and cryptographic tools designed to be safe against quantum technologies. Dr. Mosca’s awards and honours include Fellow of the Institute for Combinatorics and its Applications (since 2000), 2010 Canada’s Top 40 Under 40, Queen Elizabeth II Diamond Jubilee Medal (2013), SJU Fr. Norm Choate Lifetime Achievement Award (2017), and a Knighthood (Cavaliere) in the Order of Merit of the Italian Republic (2018).

Alexander Truskovsky is a seasoned technology professional with over 20 years of experience including software engineering, security architecture, product management, technical sales, global standards and intellectual property. Enjoy solving problems involving the art and science of cryptography. Adept at creating solutions to address real-world problems. Experienced at bringing emerging technologies to market.

Most recently, contributed to the growth of ISARA, a startup bringing quantum-safe cryptography to market, including intellectual property creation, key technology standardization, product creation, market problem definition and go-to-market strategy. Previously, provided technical leadership in the development of core security protocols and features at BlackBerry, and designed and built enterprise software at Oracle.

Hold a Master’s of Computer Science from Concordia University focusing on Applied Cryptography, a Master’s of Business Administration from the Lazaridis School of Business and Economics at Wilfrid Laurier University, CISSP and PMC-VI designations, and 20 patents in areas of security protocols.

Register


This month’s TASK is proudly sponsored by Optiv.

Optiv is a security solutions integrator, delivering end-to-end cybersecurity solutions that transform the way security is approached and consumed. Optiv develops an in-depth understanding of our clients’ environments, leverages the efficiencies of cloud economics for modernized on-demand security services, and creates business-aligned solutions that are designed to deliver the clarity and assurance our clients need to effectively manage organizational risk. Optiv’s approach optimizes and rationalizes existing infrastructure and operations to ensure the right balance of tools, processes and compliance and reporting capabilities. This enables clients to build a sustainable risk-centric foundation for implementing proactive and measurable security programs.

For more information about Optiv, please visit us at www.optiv.com.

Enter to win a $300 Amazon gift card – https://events.optiv.com/taskoptivmaymeeting


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://zoom.us/webinar/register/6916206731932/WN_aYale0YBQwWs7oyE1h-TfQ

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

April TASK: Debunking Dark Web Myths: Taking Appropriate Defensive Actions

Wednesday 28-April-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


April TASK (Virtual)

Speaker: David Décary-Hétu
Topic: Debunking Dark Web Myths: Taking Appropriate Defensive Actions

Let’s shine some light on today’s dark web to learn what we should and shouldn’t be concerned about – and what actions your organization should take. A decade ago, the dark web seemed to be THE new frontier for understanding criminal activity online. At that time, there was very little technology developed to track offenders on the dark web, and the unknown fueled much discussion, hype, fear, and guesswork. In this talk you will learn what role the dark web plays in today’s crime, what are the challenges to collect and analyze the data therein, what is the structure of its networks? We will discuss these questions by going through the various stages of development of my collection of tools, from the academic world to the world of private security. In doing so, we’ll debunk several myths surrounding dark web data, and how to action it within your business security.

David Hétu has a Ph.D. in criminology from the Université de Montréal and his main research interest is in online illicit markets and the impact of technology on crime, whether it be from the offenders’ point of view or from a regulation point of view. David’s research has been published in the highest academic journals (ex. British Medical Journal) and presented at leading conferences (Botconf, HOPE). He is regularly invited to share his analysis of cybercrime in media outlets. David is a co-founder and Chief Research Officer of Flare Systems. He has developed the DATACRYPTO software tool to monitor darknet activities and has co-developed the BitCluster software tool with Flare Systems’ CEO Mathieu Lavoie.

Register

A special thanks to Zoom for making this happen.

Sincerely,
The TASK Steering Committee

Posted in Events.

March TASK: The Intersection Between Privacy and Security

Wednesday 31-March-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


March TASK (Virtual)

Speaker: Sharon Bauer
Topic: The Intersection Between Privacy and Security

The pinnacle privacy practices all security professionals must know to protect companies against privacy non-compliance and privacy breaches.

Sharon Bauer, the founder of Bamboo Data Consulting, is a privacy consultant and lawyer. She has worked with companies of all sizes and in multiple sectors to improve their privacy posture. Sharon has designed privacy governance structures that enable privacy and security functions to work together to develop a strong defence for the organization.

Register


This month’s TASK is sponsored by Sonatype.

Sonatype helps over 1,200 organizations and over 10 million software developers leverage their reliance on open source software (OSS) to the highest level with premium data intelligence and a dependency management platform. Visit sonatype.com or contact us to find out how application security professionals use Sonatype’s solutions to reduce open source risk and minimize exposure.

Prize Giveaway: Win an Old Fashioned Kit complete with Woodford Reserve Bourbon and all the fixings to craft the perfect cocktail! Enter now at https://www.sonatype.com/event/q1-2021-task-march-meetup-toronto

Sincerely,
The TASK Steering Committee

Posted in Events.

February TASK: Ransomware Attacks: The First Hours

Wednesday 24-February-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


February TASK (Virtual)

Speaker: Julian Pileggi
Topic: Ransomware Attacks: The First Hours

Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack can have major implications on their ability to restore operations. This talk will clearly explain which actions should be taken, and which actions might unintentionally cause an organization much more trouble. This talk will go through a what to do, and not to do when initially facing a ransomware encryption event. This topic is based on real-world situations, not theories, and will cover associated case studies. This information is critical to organizations that will suffer a ransomware attack in the future. Taking the right initial actions can mean the difference between a quick recovery and a recovery that takes weeks or months, and much more time, effort, and money.

Julian Pileggi is a Technical Manager at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations centre team development. Prior to his employment at Mandiant, Julian worked at a large financial institution within the security operations and incident response team.


A special thanks to Zoom for making this happen.

Sincerely,
The TASK Steering Committee

Posted in Events.

January 2021 TASK: Quantifying Application Security Risk

Wednesday 27-January-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access


January TASK (Virtual)

Speaker: Adam Burek
Topic: Quantifying Application Security Risk / Ideas to Bring Structure to Vulnerability Management

There is an abundance of vulnerably sources scattered throughout the organization in code analysis tools, penetration reports, and other formats. Gaining a holistic view of the security posture of applications and conveying it effectively can prove challenging and yet really useful.

In this talk, I will discuss my findings and existing research regarding how to predict if a vulnerability is likely to pose a greater threat in the future with some quantitative approaches sprinkled in. As well, I will go over my proposed framework to aggregate vulnerability information with useful signals to monitor.

This would help to better measure the cybersecurity risk of an application and better predict what vulnerabilities are likely to pose a greater threat in the future.

Adam Burek is a recent Sheridan Information Security Graduate. On his Coop term at Mackenzie Investments, he first came across vulnerability management and has continued to dive deeper into this topic through his capstone project. Among his other roles, he was recently involved in a local startup where he worked as a python API developer and cloud specialist.


A special thanks to Zoom for making this happen.
Sincerely,
The TASK Steering Committee

Posted in Events.

Our Sponsors