post view

Meeting Location

TASK meets the last Wednesday of Every Month 6:00 pm to 9:00 pm (with a few exceptions). Our next meeting is located at 55 John Street, Toronto, ON. Meeting room is the Rotunda (On main floor, just past elevators).

[sc_events_calendar]

April TASK: Debunking Dark Web Myths: Taking Appropriate Defensive Actions

Wednesday 28-April-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


April TASK (Virtual)

Speaker: David Décary-Hétu
Topic: Debunking Dark Web Myths: Taking Appropriate Defensive Actions

Let’s shine some light on today’s dark web to learn what we should and shouldn’t be concerned about – and what actions your organization should take. A decade ago, the dark web seemed to be THE new frontier for understanding criminal activity online. At that time, there was very little technology developed to track offenders on the dark web, and the unknown fueled much discussion, hype, fear, and guesswork. In this talk you will learn what role the dark web plays in today’s crime, what are the challenges to collect and analyze the data therein, what is the structure of its networks? We will discuss these questions by going through the various stages of development of my collection of tools, from the academic world to the world of private security. In doing so, we’ll debunk several myths surrounding dark web data, and how to action it within your business security.

David Hétu has a Ph.D. in criminology from the Université de Montréal and his main research interest is in online illicit markets and the impact of technology on crime, whether it be from the offenders’ point of view or from a regulation point of view. David’s research has been published in the highest academic journals (ex. British Medical Journal) and presented at leading conferences (Botconf, HOPE). He is regularly invited to share his analysis of cybercrime in media outlets. David is a co-founder and Chief Research Officer of Flare Systems. He has developed the DATACRYPTO software tool to monitor darknet activities and has co-developed the BitCluster software tool with Flare Systems’ CEO Mathieu Lavoie.

Register

A special thanks to Zoom for making this happen.

Sincerely,
The TASK Steering Committee

Posted in Events.

March TASK: The Intersection Between Privacy and Security

Wednesday 31-March-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


March TASK (Virtual)

Speaker: Sharon Bauer
Topic: The Intersection Between Privacy and Security

The pinnacle privacy practices all security professionals must know to protect companies against privacy non-compliance and privacy breaches.

Sharon Bauer, the founder of Bamboo Data Consulting, is a privacy consultant and lawyer. She has worked with companies of all sizes and in multiple sectors to improve their privacy posture. Sharon has designed privacy governance structures that enable privacy and security functions to work together to develop a strong defence for the organization.

Register


This month’s TASK is sponsored by Sonatype.

Sonatype helps over 1,200 organizations and over 10 million software developers leverage their reliance on open source software (OSS) to the highest level with premium data intelligence and a dependency management platform. Visit sonatype.com or contact us to find out how application security professionals use Sonatype’s solutions to reduce open source risk and minimize exposure.

Prize Giveaway: Win an Old Fashioned Kit complete with Woodford Reserve Bourbon and all the fixings to craft the perfect cocktail! Enter now at https://www.sonatype.com/event/q1-2021-task-march-meetup-toronto

Sincerely,
The TASK Steering Committee

Posted in Events.

February TASK: Ransomware Attacks: The First Hours

Wednesday 24-February-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register


February TASK (Virtual)

Speaker: Julian Pileggi
Topic: Ransomware Attacks: The First Hours

Ransomware attacks are prevalent. The actions taken by a company immediately after a ransomware attack can have major implications on their ability to restore operations. This talk will clearly explain which actions should be taken, and which actions might unintentionally cause an organization much more trouble. This talk will go through a what to do, and not to do when initially facing a ransomware encryption event. This topic is based on real-world situations, not theories, and will cover associated case studies. This information is critical to organizations that will suffer a ransomware attack in the future. Taking the right initial actions can mean the difference between a quick recovery and a recovery that takes weeks or months, and much more time, effort, and money.

Julian Pileggi is a Technical Manager at Mandiant, based in Toronto, Canada. His areas of expertise include enterprise incident response, digital forensics, threat hunting and security operations centre team development. Prior to his employment at Mandiant, Julian worked at a large financial institution within the security operations and incident response team.


A special thanks to Zoom for making this happen.

Sincerely,
The TASK Steering Committee

Posted in Events.

January 2021 TASK: Quantifying Application Security Risk

Wednesday 27-January-2021 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access


January TASK (Virtual)

Speaker: Adam Burek
Topic: Quantifying Application Security Risk / Ideas to Bring Structure to Vulnerability Management

There is an abundance of vulnerably sources scattered throughout the organization in code analysis tools, penetration reports, and other formats. Gaining a holistic view of the security posture of applications and conveying it effectively can prove challenging and yet really useful.

In this talk, I will discuss my findings and existing research regarding how to predict if a vulnerability is likely to pose a greater threat in the future with some quantitative approaches sprinkled in. As well, I will go over my proposed framework to aggregate vulnerability information with useful signals to monitor.

This would help to better measure the cybersecurity risk of an application and better predict what vulnerabilities are likely to pose a greater threat in the future.

Adam Burek is a recent Sheridan Information Security Graduate. On his Coop term at Mackenzie Investments, he first came across vulnerability management and has continued to dive deeper into this topic through his capstone project. Among his other roles, he was recently involved in a local startup where he worked as a python API developer and cloud specialist.


A special thanks to Zoom for making this happen.
Sincerely,
The TASK Steering Committee

Posted in Events.

November TASK: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration

Wednesday 25-November-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Register here to gain access


November TASK (Virtual)

Speaker: Arsenii Pustovit
Topic: Attacking Citrix ADC: Privilege Escalation Zero-Day to Network Infiltration

In this talk we will do a deep dive into the process of discovery and exploitation of a recent privilege escalation vulnerability (CVE-2020-8247) in Citrix ADC / NetScaler Gateway appliances. We will then review potential attack avenues once a threat actor obtains root privileges on a Citrix ADC device and demonstrate one of the attacks in action. Finally, we will have a discussion on improving the security posture of the Citrix ADC / NetScaler Gateway appliances and enhancing visibility into these devices.

Arsenii Pustovit is a member of the RBC Red Team. Prior to joining RBC, Arsenii spent 5 years as a cyber security consultant with Scalar Decisions conducting penetration tests and red team assessments for hundreds of Canadian clients ranging from fintech start-ups to critical infrastructure. Arsenii specialises in offensive cyber operations, Windows Active Directory exploitation and web application security testing.


A special thanks to Zoom for making this happen.
Sincerely,
The TASK Steering Committee

Posted in Events.

No October TASK: See You at BSidesTO & SecTor 2020

Two of Canada’s best cybersecurity conferences are nearly here, and we hope to see you online at both!

Please note there will be no October TASK. But fear not, BSidesTO and SecTor 2020 are here to give you your IT Security fix!

BSidesTO | Virtual | October 17-18 | BSidesTO.ca
All the information you need including speakers, schedule, trainings, activities and tickets can be found at BSidesTO.ca

SecTor 2020 | Virtual | October 17-22 | SecTor.ca
This year’s virtual conference sessions take place on October 21 and 22 with Black Hat Trainings at SecTor held from October 17-20, 2020.
Find out more and register for your FREE Expo Pass today with code TASK2020 at SecTor.ca/register.

We hope you’ll join us at each event and continue to support your local security education conferences. Don’t forget to register early to secure your virtual access!

Until next time,
TASK Steering Committee

Posted in Events.

September TASK: Operationalizing Security AI in 2020: Reality vs Snake Oil

Wednesday 30-September-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Please Pre-Register Here to Gain Access on the Night


September TASK (Virtual)

Speaker: Stephan Jou
Topic: Operationalizing Security AI in 2020: Reality vs Snake Oil

Let’s face it: Artificial Intelligence holds a ton of promise, but there also seems to be a disproportionate amount of marketing confusion and snake oil out there. What works in real-life security operation centers, versus something that is nothing more than buzz?

Join Stephan Jou, who has been helping deploy analytical and AI systems in enterprises and government organizations for nearly a decade, to have a frank discussion about use cases security AI is actually useful and shows promising results, along with the challenges to keep an eye out for when deploying. Specific areas to be covered where human-machine teaming has made a genuine difference to cyber resilience in 2020, including:

  • Security operations
  • Code analysis
  • Identity and authentication
  • Insider threat

Jou will highlight what works and the challenges in different areas, and end with an example of how the principles of effective AI and visualization can even be used to help with a challenge that we are all victims of: the global pandemic.


A special thanks to Zoom for making this happen. Please register here (free) to gain access on the night: https://zoom.us/webinar/register/8716007972652/WN_U00kdo8kRomYSd6LUhjUCw.

Sincerely,
The TASK Steering Committee

Posted in Events.

August TASK: What Did You do so Wrong that You Think You Need a Firewall in the Cloud

Wednesday 27-August-2020 // 6:00 – 8:00 PM
Meeting Location: Virtual – Please Pre-Register Here to Gain Access on the Night


August TASK (Virtual)

Speaker: Kellman Meghu
Topic: What Did You do so Wrong that You Think You Need a Firewall in the Cloud

I used to think the cloud was a marketing term for someone else’s computer, and that I knew my place in the world, doing what I loved to do. Now imagine realizing that your whole approach to security and computers, was now wrong. That you had been invalidated by the rapid change of information technology, and a strategy for security that despite being successful, was an impending failure. I made a horrible mistake. I took pride in helping people protect their business, but now I will take ownership for mistakes about to be made. I feel like I forgot the technology was there to serve the needs of the customer and started to think the customer needed the technology. It’s backwards, and we need to go back to delivering services that enable the business goals, including reduction of costs, before we end up bankrupting the whole thing under crippling IT costs. And if that means I need to change everything I worked so hard to build, well so be it.

What to Expect: You will be challenged to think differently about technology and be exposed to transformative IT concepts as related to the cloud. This session aims to be disruptive, and arguments are encouraged.

Speakers: TASK Steering Committee
Topic: TASK Us Anything Panel Discussion + Q&A


A special thanks to Zoom for making this happen, we’re thrilled to be able to bring a version of TASK to you once again.

Please register here (free) to gain access: https://zoom.us/webinar/register/3515973402894/WN_nQCIFZSCQF-Jg5cAU-1I4Q.

Sincerely,
The TASK Steering Committee

Posted in Events.

July TASK (Virtual): Crossing the Widening Security Gaps in Canada / TASK Us Anything Panel

Wednesday 29-July-2020 // 6:00 – 7:00 PM
Meeting Location: Virtual – Please Register Here to Gain Access


July TASK (Virtual)

Speaker: David Senf
Topic: Crossing the Widening Security Gaps in Canada

Let’s take a wide-angle view of the security landscape to see what’s on the horizon. This talk will help you (re)consider your security purchases, skills training, and overall risks so you and your organization are better prepared for the steep security inflection points to come.

Using data collected from across Canada, David will show where the gaps are widening and actions to consider to safely cross. To deploy the best possible strategy, follow the trend lines from the likely scenarios. In this talk, you will lean:

  • Market forces during the pandemic: how have budgets shifted today and moving forward?
  • How scenarios may play out in the balance of power between attacker versus defender
  • Where gaps will likely widen and what actions need to be taken.

David Senf is an IT research and advisory executive with a particular focus on cybersecurity and emerging technologies. He has spent close to two decades analyzing markets and delivering vendor, channel and end-user guidance. David is focused on technology product / service development, marketing management, channel and sales enablement. He has extensive experience quantifying market dynamics and turning data into successful outcomes.

Previously he was a VP at research firm IDC. David is a frequent keynote speaker. He enjoys hundreds of press appearances in a variety of publications, including The Globe and Mail, CBC, The Star, Wall Street Journal and Wired.

Speakers: TASK Steering Committee
Topic: TASK Us Anything Panel Discussion


A special thanks to Zoom for making this happen, we’re thrilled to be able to bring a version of TASK to you once again.

Please register here (free) to gain access: https://zoom.us/webinar/register/8515953581855/WN_ZuaEcBYJQWienG6cyXUTlg.

Sincerely,
The TASK Steering Committee

Posted in Events.

TASK and COVID-19

March and April TASK events have been cancelled.


TASK exists to provide a monthly facility for members of the security community to share information, connect with one another, network and continue to build the security community in Toronto.

That said, the health and safety of our members is of paramount importance.

As the world struggles to contain and manage COVID-19, the current guidance from health authorities is to practice “social distancing” and to avoid large gatherings. Certainly getting 150 or so professionals together to share a pizza and some good security information would not be consistent with this advice.

So in an effort to keep everyone safe and healthy, we’ll be taking this month and the next off and continuing to monitor the situation. We hope the group will be able to resume in May or June. Until then, keep safe and keep healthy!

Sincerely,
The TASK Steering Committee

Posted in Events.

Our Sponsors