post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

[sc_events_calendar]

July TASK: Beyond just Ransomware: The Challenge of Securing Clinical Technologies

Wednesday 28-July-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


July TASK (Virtual)

Speaker: Mike Murray
Topic: Beyond just Ransomware: The Challenge of Securing Clinical Technologies

While ransomware is the main story on the news, modern healthcare delivery organizations have unique security challenges across their environment. One of the most difficult for most of them is the wide diversity of Clinical Technologies that are required on a daily basis to deliver care. From large devices like CT scanners to small infusion pumps, nearly every medical device these days is connected to the network and provides a fertile attack surface.

In this talk, Scope Security CEO Mike Murray will walk through the common security challenges around medical devices and help understand not only why these medical technologies present so many security risks, but also walk through many of the technical, political and regulatory challenges that the clinical environment provides, and how to secure them.

Register


This month’s TASK is proudly sponsored by Scope Security.

Scope Security stops ransomware, data breaches and other cyberattacks at hospitals, clinics and large provider systems with its managed detection and response solution. We have custom-built our integrated technology and service platform to enable us to detect the complex attacks that healthcare organizations are facing across their entire technology landscape.

Sign up to learn more.


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/3116268817688/WN_ekJ9XhZ7SOugx-JoukQzPQ

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

June TASK Cancelled

We were unsuccessful in getting you the right speakers this month, so we’ve cancelled our June TASK event.

Stay tuned, we’ll be back in July with something great!

Until then,
TASK Steering Committee

Posted in Events.

May TASK: Quantum Computers Versus Traditional Security: When and How to Prepare

Wednesday 26-May-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


May TASK (Virtual)

Speakers: Michele Mosca, Bruno Couillard, Alexander Truskovsky
Topic: Quantum Computers Versus Traditional Security: When and How to Prepare

Recent advances in quantum computing point to an exciting future, but significant security risk as well. The inevitable day when everything will change is closer. The brightest minds in quantum computing, post-quantum cryptography and preparing for the inevitable, happen to live and work in Canada. Michele Mosca (evolutionQ), Bruno Couillard (Crypto4a) and Alexander Truskovsky (ISARA) form an all-star panel to answer critical questions on the following topics about security in a post-quantum era:

  • Current state. How far along is quantum computing – some big announcements, but what is real versus hype?
  • Quantum encryption vs. quantum computing. We’ll distinguish between quantum encryption and post-quantum computing security risks.
  • When and where. What are the latest estimates regarding when a quantum computer will first be in operations that is capable of running something like Shor’s algorithm? And where might the first quantum computer be built?
  • New security requirements. How will security controls change – or will the post-quantum era look similar to today with updates to existing technology?
  • Mitigations. As more data shifts to the cloud, will actions by the likes of Microsoft, AWS, Salesforce et al., mitigate this security threat if they can become quantum resistant in their services? What are other potential mitigations that might accelerate quantum-resistance? And where is NIST / other standards at with PQC?
  • Canada readiness. Will we be ready when the inevitable happens?

Panelist bios:
Bruno Coulliard has more than 30 years of experience in the security industry with 12 of those years with the Canadian Military and the Communications Security Establishment. He is best known for his leading role in the development of the Luna hardware security module (HSM) and as the co-founder and Chief Technology Officer (CTO) at Chrysalis-ITS (Gemalto). He also contributed to defining the PKCS#11 Standard, the API to cryptographic tokens. Bruno has authored patents on security of root key transfer, time stamping, time synchronization, and other topics, and continues to develop new ones to this day. At Crypto4A, Bruno is developing the next generation HSM to address the looming risk of quantum computers while providing a modern cybersecurity environment for applications deployments adapted for cloud and edge computing. He is recognized as a thought leader in the cybersecurity and key management space and determined to continue improving the underlying security of our evolving digital infrastructure.

Dr. Michele Mosca is CEO and Co-founder, evolutionQ Inc. Dr. Mosca is globally recognized for his drive to help academia, industry and government prepare our cyber systems to be safe in an era with quantum computers. He co-founded and leads evolutionQ Inc. to provide products and services that enable organizations to evolve their quantum-vulnerable systems and practices to quantum-safe ones. He was a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography. He co-founded softwareQ Inc. to help organizations benefit from the power of quantum computers.

He worked on cryptography during his BMath (Waterloo) and MSc (Oxford) and obtained his Doctorate (Oxford) on Quantum Computer Algorithms.
He is a founder of the Institute for Quantum Computing, Professor in the Department of Combinatorics & Optimization at the University of Waterloo, and a founding member of the Perimeter Institute for Theoretical Physics. His research interests include quantum computation and cryptographic tools designed to be safe against quantum technologies. Dr. Mosca’s awards and honours include Fellow of the Institute for Combinatorics and its Applications (since 2000), 2010 Canada’s Top 40 Under 40, Queen Elizabeth II Diamond Jubilee Medal (2013), SJU Fr. Norm Choate Lifetime Achievement Award (2017), and a Knighthood (Cavaliere) in the Order of Merit of the Italian Republic (2018).

Alexander Truskovsky is a seasoned technology professional with over 20 years of experience including software engineering, security architecture, product management, technical sales, global standards and intellectual property. Enjoy solving problems involving the art and science of cryptography. Adept at creating solutions to address real-world problems. Experienced at bringing emerging technologies to market.

Most recently, contributed to the growth of ISARA, a startup bringing quantum-safe cryptography to market, including intellectual property creation, key technology standardization, product creation, market problem definition and go-to-market strategy. Previously, provided technical leadership in the development of core security protocols and features at BlackBerry, and designed and built enterprise software at Oracle.

Hold a Master’s of Computer Science from Concordia University focusing on Applied Cryptography, a Master’s of Business Administration from the Lazaridis School of Business and Economics at Wilfrid Laurier University, CISSP and PMC-VI designations, and 20 patents in areas of security protocols.

Register


This month’s TASK is proudly sponsored by Optiv.

Optiv is a security solutions integrator, delivering end-to-end cybersecurity solutions that transform the way security is approached and consumed. Optiv develops an in-depth understanding of our clients’ environments, leverages the efficiencies of cloud economics for modernized on-demand security services, and creates business-aligned solutions that are designed to deliver the clarity and assurance our clients need to effectively manage organizational risk. Optiv’s approach optimizes and rationalizes existing infrastructure and operations to ensure the right balance of tools, processes and compliance and reporting capabilities. This enables clients to build a sustainable risk-centric foundation for implementing proactive and measurable security programs.

For more information about Optiv, please visit us at www.optiv.com.

Enter to win a $300 Amazon gift card – https://events.optiv.com/taskoptivmaymeeting


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://zoom.us/webinar/register/6916206731932/WN_aYale0YBQwWs7oyE1h-TfQ

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.

April TASK: Debunking Dark Web Myths: Taking Appropriate Defensive Actions

Wednesday 28-April-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


April TASK (Virtual)

Speaker: David Décary-Hétu
Topic: Debunking Dark Web Myths: Taking Appropriate Defensive Actions

Let’s shine some light on today’s dark web to learn what we should and shouldn’t be concerned about – and what actions your organization should take. A decade ago, the dark web seemed to be THE new frontier for understanding criminal activity online. At that time, there was very little technology developed to track offenders on the dark web, and the unknown fueled much discussion, hype, fear, and guesswork. In this talk you will learn what role the dark web plays in today’s crime, what are the challenges to collect and analyze the data therein, what is the structure of its networks? We will discuss these questions by going through the various stages of development of my collection of tools, from the academic world to the world of private security. In doing so, we’ll debunk several myths surrounding dark web data, and how to action it within your business security.

David Hétu has a Ph.D. in criminology from the Université de Montréal and his main research interest is in online illicit markets and the impact of technology on crime, whether it be from the offenders’ point of view or from a regulation point of view. David’s research has been published in the highest academic journals (ex. British Medical Journal) and presented at leading conferences (Botconf, HOPE). He is regularly invited to share his analysis of cybercrime in media outlets. David is a co-founder and Chief Research Officer of Flare Systems. He has developed the DATACRYPTO software tool to monitor darknet activities and has co-developed the BitCluster software tool with Flare Systems’ CEO Mathieu Lavoie.

Register

A special thanks to Zoom for making this happen.

Sincerely,
The TASK Steering Committee

Posted in Events.

March TASK: The Intersection Between Privacy and Security

Wednesday 31-March-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


March TASK (Virtual)

Speaker: Sharon Bauer
Topic: The Intersection Between Privacy and Security

The pinnacle privacy practices all security professionals must know to protect companies against privacy non-compliance and privacy breaches.

Sharon Bauer, the founder of Bamboo Data Consulting, is a privacy consultant and lawyer. She has worked with companies of all sizes and in multiple sectors to improve their privacy posture. Sharon has designed privacy governance structures that enable privacy and security functions to work together to develop a strong defence for the organization.

Register


This month’s TASK is sponsored by Sonatype.

Sonatype helps over 1,200 organizations and over 10 million software developers leverage their reliance on open source software (OSS) to the highest level with premium data intelligence and a dependency management platform. Visit sonatype.com or contact us to find out how application security professionals use Sonatype’s solutions to reduce open source risk and minimize exposure.

Prize Giveaway: Win an Old Fashioned Kit complete with Woodford Reserve Bourbon and all the fixings to craft the perfect cocktail! Enter now at https://www.sonatype.com/event/q1-2021-task-march-meetup-toronto

Sincerely,
The TASK Steering Committee

Posted in Events.

February TASK: Ransomware Attacks: The First Hours

Wednesday 24-February-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


February TASK (Virtual)

Speaker: Julian Pileggi
Topic: Ransomware Attacks: The First Hours

Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack can have major implications on their ability to restore operations. This talk will clearly explain which actions should be taken, and which actions might unintentionally cause an organization much more trouble. This talk will go through a what to do, and not to do when initially facing a ransomware encryption event. This topic is based on real-world situations, not theories, and will cover associated case studies. This information is critical to organizations that will suffer a ransomware attack in the future. Taking the right initial actions can mean the difference between a quick recovery and a recovery that takes weeks or months, and much more time, effort, and money.

Julian Pileggi is a Technical Manager at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations centre team development. Prior to his employment at Mandiant, Julian worked at a large financial institution within the security operations and incident response team.


A special thanks to Zoom for making this happen.

Sincerely,
The TASK Steering Committee

Posted in Events.

January 2021 TASK: Quantifying Application Security Risk

Wednesday 27-January-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access


January TASK (Virtual)

Speaker: Adam Burek
Topic: Quantifying Application Security Risk / Ideas to Bring Structure to Vulnerability Management

There is an abundance of vulnerably sources scattered throughout the organization in code analysis tools, penetration reports, and other formats. Gaining a holistic view of the security posture of applications and conveying it effectively can prove challenging and yet really useful.

In this talk, I will discuss my findings and existing research regarding how to predict if a vulnerability is likely to pose a greater threat in the future with some quantitative approaches sprinkled in. As well, I will go over my proposed framework to aggregate vulnerability information with useful signals to monitor.

This would help to better measure the cybersecurity risk of an application and better predict what vulnerabilities are likely to pose a greater threat in the future.

Adam Burek is a recent Sheridan Information Security Graduate. On his Coop term at Mackenzie Investments, he first came across vulnerability management and has continued to dive deeper into this topic through his capstone project. Among his other roles, he was recently involved in a local startup where he worked as a python API developer and cloud specialist.


A special thanks to Zoom for making this happen.
Sincerely,
The TASK Steering Committee

Posted in Events.

November TASK: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration

Wednesday 25-November-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access


November TASK (Virtual)

Speaker: Arsenii Pustovit
Topic: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration

In this talk we will do a deep dive into the process of discovery and exploitation of a recent privilege escalation vulnerability (CVE-2020-8247) in Citrix ADC / NetScaler Gateway appliances. We will then review potential attack avenues once a threat actor obtains root privileges on a Citrix ADC device and demonstrate one of the attacks in action. Finally, we will have a discussion on improving the security posture of the Citrix ADC / NetScaler Gateway appliances and enhancing visibility into these devices.

Arsenii Pustovit is a member of the RBC Red Team. Prior to joining RBC, Arsenii spent 5 years as a cyber security consultant with Scalar Decisions conducting penetration tests and red team assessments for hundreds of Canadian clients ranging from fintech start-ups to critical infrastructure. Arsenii specialises in offensive cyber operations, Windows Active Directory exploitation and web application security testing.


A special thanks to Zoom for making this happen.
Sincerely,
The TASK Steering Committee

Posted in Events.

No October TASK: See You at BSidesTO & SecTor 2020

Two of Canada’s best cybersecurity conferences are nearly here, and we hope to see you online at both!

Please note there will be no October TASK. But fear not, BSidesTO and SecTor 2020 are here to give you your IT Security fix!

BSidesTO | Virtual | October 17-18 | BSidesTO.ca
All the information you need including speakers, schedule, trainings, activities and tickets can be found at BSidesTO.ca

SecTor 2020 | Virtual | October 17-22 | SecTor.ca
This year’s virtual conference sessions take place on October 21 and 22 with Black Hat Trainings at SecTor held from October 17-20, 2020.
Find out more and register for your FREE Expo Pass today with code TASK2020 at SecTor.ca/register.

We hope you’ll join us at each event and continue to support your local security education conferences. Don’t forget to register early to secure your virtual access!

Until next time,
TASK Steering Committee

Posted in Events.

September TASK: Operationalizing Security AI in 2020: Reality vs Snake Oil

Wednesday 30-September-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Please Pre-Register Here to Gain Access on the Night


September TASK (Virtual)

Speaker: Stephan Jou
Topic: Operationalizing Security AI in 2020: Reality vs Snake Oil

Let’s face it: Artificial Intelligence holds a ton of promise, but there also seems to be a disproportionate amount of marketing confusion and snake oil out there. What works in real-life security operation centers, versus something that is nothing more than buzz?

Join Stephan Jou, who has been helping deploy analytical and AI systems in enterprises and government organizations for nearly a decade, to have a frank discussion about use cases security AI is actually useful and shows promising results, along with the challenges to keep an eye out for when deploying. Specific areas to be covered where human-machine teaming has made a genuine difference to cyber resilience in 2020, including:

  • Security operations
  • Code analysis
  • Identity and authentication
  • Insider threat

Jou will highlight what works and the challenges in different areas, and end with an example of how the principles of effective AI and visualization can even be used to help with a challenge that we are all victims of: the global pandemic.


A special thanks to Zoom for making this happen. Please register here (free) to gain access on the night: https://zoom.us/webinar/register/8716007972652/WN_U00kdo8kRomYSd6LUhjUCw.

Sincerely,
The TASK Steering Committee

Posted in Events.

Our Sponsors