IT Connect is a conference organized yearly by Champlain College Saint-Lambert. In 2019, the theme will revolve around Cybersecurity. The conference presents a great opportunity to see speakers from many high-profile organizations, while also presenting valuable networking opportunities throughout. As a public college, Champlain offers a multitude of IT-related programs and courses, and is both a Cisco Networking Academy as well as an AWS Academy. The IT Connect conference series is thus one of many aspects of Champlain's commitment to IT - and has more than doubled in size in nearly all categories from the first year it was offered.
New technologies are appearing faster than ever before, and as they do, new hacks and cyber-attack opportunities inevitably follow. It is thus important to have a strong understanding of the security efforts taken by organizations, including the latest standards, frameworks, and best practices.
Topics at IT Connect 2019 will include:
|• Threat Intelligence/Management||• General Data Protection Regulation (GDPR)||• Vulnerability Management|
|• IoT Related Threats||• Cloud Security||• Blockchain|
|• Data Protection||• Artificial Intelligence||• Employee Monitoring & Surveillance|
|• Governance, Risk & Compliance||• Security Awareness & Capacity Building|
|Early Bird (online tickets before May 7th) : $50||Day of the event (at the door) : $90|
|Online ticket sales between May 8th – June 6th : $75|
Tickets will be available for sale as of February 2019.
- Being a Secure Ninja: How to Harden Defense Without Impacting the User Experience - Felix Boulet, Opsec Specialist, Devolutions
Being a Secure Ninja: How to Harden Defense Without Impacting the User Experience
IT and security professionals are in everlasting battle against their worst enemy, the user’s endpoint actively targeted by threat actors. While there are many security measures available, many of them are not applicable in real-world scenarios and are often intentionally deactivated, bypassed or simply decommissioned due to poor user buy-in. In this talk, you will learn how to smoothly, and efficiently, defend and harden your anti-virus-deactivating, power-clicking, average user. Our goal has always been not to hinder the user in their daily activity, but to help them maintain their daily productivity and will to participate to the solution. More specifically, quick wins focused on Windows 10 operating system will be revealed to expose convenient features to protect against common attacks such as HID emulation devices like the USB Rubber Ducky, boot loaders, rootkits, and much more.
Opsec Specialist, Devolutions
- Machine Learning for Cyber Security - Steve Como, Cyber Security Specialist, Cisco
Machine Learning for Cyber Security
If every security vendor is claiming the use of machine learning, how do you separate the marketing from the technical value these products deliver? You should not have to become a data scientist to perform this evaluation. Join me as I debunk the hype, define machine learning and outline how it can deliver more effective security and not just hype.
Cyber Security Specialist, Cisco
- Privacy in the Workplace and Threat Monitoring - Marc-Andre Frigon, Information Security Director, Genetec
Privacy in the Workplace and Threat Monitoring
Security risks to organizations are pretty common, but privacy expectations in the workplace vary across the globe. The challenge is how to properly secure a global organization while not crossing the thin line between protecting the organization while not demoralizing employees. Not only would some expect a form of privacy at work, but things like end-to-end encryption have led to new methods that will ensure that security incidents are promptly detected.
Information Security Director, Genetec
- Classification and Information Security - Martin M. Samson, Vice President, Cyberswat
Classification and Information Security
IT and OT security must be efficient. To do so companies must invest wisely. Classification must be the corner stone of Security. In this session we will look at the existing Cyber Threats, view a top 10 of data breaches and how classification can help minimize the risk of a Cyber attack as well as help focus your Security budget.
Martin M. Samson
Martin M. Samson, Vice President, Cyberswat
- Cybersecurity - from Its Humble Beginnings to Current and Future Importance - Oliver Wloch, Managing Director, IT-synapse
Cybersecurity - from Its Humble Beginnings to Current and Future Importance
Computing has come a long way. In the very beginning, people were excited about its possibilities and Cybersecurity did not play big role, yet. It was not missed much, either. However, the more computers were used in everyday life, the more was to be gained from manipulation and theft. Considering the importance computing plays in our daily lifes, even its very foundations are still too fragile.
This talk will give an overview of how Cybersecurity started, what is considered state of the art and which structural weaknesses we can already observe that are going to become tomorrow's challenges
Global Chief Information Security Officer, WSP
- “Insider Secrets” to How Hackers Are Getting In - Terry Cutler, Founder & Ethical Hacker, Cyology Labs
“Insider Secrets” to How Hackers Are Getting In
This particular session will show attendees a “behind the scenes look” at how hackers harvest as much information on you before launching a targeted attack. At the end of this talk, the audience will be more alert as to what they’re posting online and how it can be used against them. Topics include:
- The problem with modern day security
- Threat agents
- Essential terminology
- The phases hackers use to target you
- Social Engineering awareness
- Real-World hacking demonstration
- Defensive tools
- Much more…
Founder & Ethical Hacker, Cyology Labs
- Canadian Cybersecurity Strategy - Véronique Ménard, Centre canadien de cybersécurité
Canadian Cybersecurity Strategy
Last year the federal government launched a new national strategy for cybersecurity and committed to investing $500 million over five years in cybersecurity. Our session will cover the main themes and areas of impacts of the strategy. We will talk about the Canadian Center for Cybersecurity (CCCS), which was an outcome of the strategy, and of its activities. Lastly, we will take a look at the national cyberthreat landscape.
L'an dernier le gouvernement fédéral a lancé sa nouvelle stratégie nationale de cybersécurité et a annoncé des investissement de 500$ millions sur cinq ans pour la cybersécurité. Notre présentation abordera les thèmes principaux de la stratégie ainsi que les domaines sur lesquels elle se concentre. Nous parlerons du nouveau Centre canadien pour la cybersécurité (CCC), résultat de la stratégie, et de ses activités. Et finalement, nous explorerons le panorama des cyber menaces au Canada.
Centre canadien de cybersécurité
- Lessons in Cyber-resilience - Benoit Dupont, Professor, Canada Research Chair in Cybersecurity and the Research Chair for the Prevention of Cybercrime, Université de Montréal
Lessons in Cyber-resilience
Resilience is generally defined as the ability of an organization to cope with and recover after a major shock. It has become very trendy in the cybersecurity field but remains an elusive concept. This presentation will discuss how this concept applies to the practices of cyber-risk managers and incident response teams: why is it becoming so central in their toolbox? What are its origins and components? How is it implemented and what lessons have been learned by those who have had to overcome shocks such as major hacks and massive data breaches? In a world where cyber-risks have become unavoidable, and to a certain extend unpreventable, while posing an existential threat to the survival of digitally-dependent organizations, this presentation will offer some preliminary insights on a research project that examines how the technical and cultural dimensions of cyber-resilience interact in large complex organizations in general and in financial institutions in particular. It will introduce the existing standards, methodologies, practices and metrics advocated to enhance an organization’s cyber-resilience, and will share some of the preliminary results obtained from interviews conducted with the CISOs, CROs, and incident response professionals of major financial institutions, as well as their service providers and regulatory authorities. A core issue will be to identify how organizations can prepare to deal with uncertainty in a highly connected environment where they engage with a sprawling network of partners, competitors, service and security providers.
Professor, Canada Research Chair in Cybersecurity and the Research Chair for the Prevention of Cybercrime, Université de Montréal
- Les données...les diamants des entreprises - Jean Dion, Senior Consultant IT Architecture, Zones-Info
Les données...les diamants des entreprises
Dans le contexte actuel de l'informatique, les données des applications représentent la plus grande valeur des entreprises. Google, Facebook, Amazon, Apple et autres utilisent les données pour dominer leurs marchés respectifs. Au fil du temps, les technologies changent rapidement mes les données demeures la source de toutes décisions. Comment les protéger, les rendre disponibles tout en demeurant conforme aux lois.
Senior Consultant IT Architecture, Zones-Info
- Women in Cybersecurity and Governance - Jenny Dho, Global Chief Information Security Officer, WSP
Women in Cybersecurity and Governance
Jenny and Samira will share their governance mechanisms in cybersecurity and IT compliance and risk management operating in a global organization. They invite participants to ask questions and share their views in the spirit of collaboration. The intent is to provide strategies to ensure continued relevance of information security and risk management programs to the organizational objectives.
Global Chief Information Security Officer, WSP
- Breaking AES like a Bowss! - Martin Lemay, Chief Security Officer, Devolutions.
Breaking AES like a Bowss!
The objective of the workshop is to give attendees a solid and practical understanding on how the most popular encryption standard used today (AES) can be misused and expose applications to data breaches. Examples based on my own experience on various engagements will be used to show multiple attacks on this block cipher including chosen plaintext attacks, chosen ciphertext attacks and padding oracles. Attendees will receive a proper background on AES internals and AES modes of operation from ECB to GCM (including CBC and CTR) before diving into attack concepts and exercices. The following specific topics should fit in 1h50:
- AES internals
- AES ECB vulnerabilities and attacks
- AES CBC vulnerabilities and attacks
- AES CTR vulnerabilities and attacks
- AES authenticated HMAC/GCM solutions and limitations
Chief Security Officer, Devolutions.
Will Blockchain become the defacto way of transferring data across the globe? Being in such an early stage and presenting business challenges and technology gaps, we wonder if this is finally what is coming to revolutionize the data world and how we all perform daily tasks or do business.
What are its benefits, challenges, drawbacks? How can a company jump on this blockchain bandwagon?
Join our panel at IT Connect to get a deeper understanding of Blockchain and what the future behind it holds.
- Mahsa Moosavi
- Louis Roy
- John Shannon
- Sean Stapley
- Oliver Wloch
PhD student, Concordia Institute for Information Systems Engineering (CIISE)
Partner and Blockchain Leader at Raymond Chabot Grant Thornton
Director of Business Development, MLG Blockchain
Managing Director at IT-synapse, Consultant, Trainer
- IoT CyberSecurity – A fragmented challenge
IoT CyberSecurity – A fragmented challenge
Nine out of ten consumers today have concerns about IoT security, with the most common being that: a) a hacker gaining control of devices, or b) personal customer data being leaked through IoT devices. These are understandable and prevalent concerns given the large amount of recent media coverage on large-scale hacks and data leaks.
But is it the same thing from an industrial perspective? IoT security is complex and very fragmented along the full IoT stack. Spending on IoT security should always be split between securing the data, the connectivity, the device and the application access.
As a consumer or as a professional involved in the rise of IoT, join this panel to hear the opinions of our experts and learn about the best practices to implement “IoT Security by Design”.
- Paul Berthier, Cybersecurity Advisor, Rhea inc. Canada
- Dr. Mourad Debbabi, Associate Dean of Research and Graduate studies and leading experts in Cyber Security at Concordia University
- Walter Knitl, IoT expert, founder of Praxiem and the IoT613 event
- Steven Redmond, ORISO
- Philippe Chevry, Futurist, Solution Architect, Hacker, AIoT, Blockchain Tech
- René Breyel, Founder, IoT Canada
Founder, IoT Canada
- Felix Boulet - Opsec Specialist, Devolution
Félix Boulet is a GCIH certified Operational Security Specialist at Devolutions, a top-of-the-line remote access management and IT solution software company. In this role, Félix is deeply involved in all security initiatives that relate to the protection of the organization’s assets. More specifically, he handles security hardening projects, security incidents and detection. He is continuously learning about operational and digital security. Félix tries to stay close to the offensive side, to keep ahead of the current and emerging threats. He is also highly active in the security community, participating in security-focused competitions, local conferences and workshops.
- Steve Como - Cyber Security Specialist, Cisco
Steve Como is an IT professional who has covered multiples roles over his young career. Holder of two CCIE certifications, Steve has a technical background in enterprise networking, data center fabrics, and network security. Prior to joining Cisco Montreal as a Cyber Security Specialist, he was a data center and security pre-sales engineer for Cisco Manhattan. Interesting fact: Steve is a graduate of the Champlain College CCNA program!
- Terry Cutler - Founder & Ethical Hacker, Cyology Labs
Terry Cutler is a government-cleared cybersecurity expert and the founder and CEO of Cyology Labs in Montréal, Canada. He specializes in the anticipation, assessment, and prevention of security breaches for governments, corporations, businesses, and consumers, as well as Internet Safety for Children.
As an award-winning information security strategist for almost 20 years and was recently named #1 most influential cybersecurity expert by IFSEC Global.
Mr. Cutler has advised some of Canada’s largest companies on how to prevent and remedy internal and external security penetration. For the general public, he developed an effective online learning program arranged in modules and updated regularly to keep up with the rapidly changing digital landscape in which “wild-west” internet bandits constantly seek and find ways to break into our lives.
Terry Cutler is a frequent contributor to media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.
Terry Cutler has coined the term Cyologist™ to describe what he does. His mission is to “help individuals and corporations protect themselves from data breaches and other online cyber threats through his videos, media appearances, coaching products and consulting services.”
- Jean Dion - Senior Consultant IT Architecture, Zones-Info
Jean Dion started as customer service engineer for StorageTek in 1983, where he was responsible for the installation and maintenance of large mainframe types of devices including tape drives, tape automation robots, disk storage, SSD storage and printers. He then moved to a presales solutions architect position working with the accounts directors at StorageTek, Sun Microsystems, ESI Technologies and Commvault, with a focus on data management and business continuity. Jean was part of Sun Microsystems as a Data Management Ambassador with a focus on short and long term data retention projects such as government archives, National Libraries, TV broadcasters, manufacturing, financial and medical data retention and governance.
- Jenny Dho - Global Chief Information Security Officer, WSP
Jenny is a risk management executive with focused experienced in information security, information technology and internal audit. Jenny has led information security functions in Industrial Manufacturing, Loyalty management, Financial services and Professional Services. Her broad background in risk management functions and her experience in multiple industries allows her to identify and evaluate risk to and provide management strategies. Her deep understanding of IT also allows her to provide strategies that advance organizational digital initiatives by presenting innovative opportunities for new products or services and improve operational efficiency to drive value.
- Benoit Dupont - Professor, Canada Research Chair in Cybersecurity and the Research Chair for the Prevention of Cybercrime, Université de Montréal
Benoit Dupont is professor of criminology at the Université de Montréal, where he holds the Canada Research Chair in Cybersecurity and the Research Chair for the Prevention of Cybercrime. He is also the Scientific Director of the Smart Cybersecurity Network (SERENE-RISC), one of Canada’s Networks of Centres of Excellence (NCE). SERENE-RISC brings together government, industry, and academic partners in order to facilitate the mobilization and uptake of evidence-based cybersecurity knowledge. His research interests focus on the governance of security and the use of networked initiatives to enhance offline and online safety, as well as the coevolution of crime and technology, and in particular the social organization of the hacking ecosystem, as well as the evaluation of effective and efficient cybersecurity policies.
- Marc-Andre Frigon - Information Security Director, Genetec
Leader chevronné en sécurité de l'information, reconnu pour s'adapter aux objectifs d’affaires et au contexte organisationnel. Ayant un parcours professionnel ponctué de multiples solutions et stratégies efficaces ainsi qu'une saine gestion de la sécurité. Ayant une formation mixe entre divers élément technologiques, la sécurité de l'information et la gestion. Ayant contribuer à l'amélioration de la sécurité de grandes organisations dans différentes industries (services publiques, financier, aérospatial, télécommunication, logiciel, etc.) par la mise en place de programmes sécurité et des solutions technologiques. Création de centres de sécurité opérationel et de surveillance/détection d'incidents dans plusieurs organisations.
- Véronique Ménard - Centre canadien de cybersécurité
Liaison officer at the Communications Security Establishment (CSE) and the Canadian Center for Cybersecurity (CCCS), Veronique generates partnerships with cybersecurity stakeholders in the province of Quebec. Partnerships with industry, academia and not-for-profit cybersecurity stakeholders are essential in implementing Canada's cybersecurity strategy and raising the bar in cybersecurity across the country.
- Oliver Wloch - Managing Director at IT-synapse, Consultant, Trainer
Oliver is a former military officer. He served in IT operations, the elite Cyberattack Unit and the in-house consultancy of the federal armed forces of Germany. After his service time, he founded his own consultancy focusing on cyber security. While making complex systems more secure is his specialty, he understands that there is no truly secure system unless it "is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards" (Gene Spafford).
- Martin M. Samson - Vice President, Cyberswat
Professional in information security, CGEIT, CISM, CRISC and ISO 27001 lead auditor, Mr. Samson has extensive experience in project management related to information security and resource management. As an information security professional, he is involved at various levels in risk management projects related to the security of information. He demonstrates a good team spirit and ability to communicate effectively with a wide variety of audiences in different situations and contexts. He also provides strategic guidance on compliance and information security, in compliance with industry laws, regulations and best practices.
- Martin Lemay - Chief Security Officer, Devolutions Inc.
Martin Lemay is the Chief Security Officer at Devolutions Inc. leading security initiatives from risk management to product security controls. For the past years, he acquired a solid technical background as a security professional specialized in penetration testing and operated in most industry sectors from banking, financial and insurance to energy, healthcare, airlines and telecommunications. He also contributed to some open source projects including the most advanced password cracking software “Hashcat” where he implemented GPU attacks on Blake2b and Chacha20. He also spoke at various local events and schools in Canada with a focus on offensive security topics.
- Paul Berthier - Cybersecurity Advisor, Rhea inc. Canada
Paul Berthier is a cybersecurity advisor for Rhea inc. Canada, specialized in the security of critical infrastructures. He holds a French engineering degree in the field of telecommunication from Telecom ParisTech, Paris and Eurecom, Sophia Antipolis. Paul also attended Polytechnique Montreal, where he developed a secure version of ADS-B, a protocol used by aircraft to broadcast their position. He received his Master of Applied Sciences in Computer Engineering, and spent two years as a research associate in the cybersecurity lab, where he led a research group focused on the security of aviation and Air Traffic Management (ATM).
- Mahsa Moosavi - PhD student, Concordia Institute for Information Systems Engineering (CIISE)
Mahsa is a PhD student at the Concordia Institute for Information Systems Engineering (CIISE). She has a strong research professional with a Master’s Degree focused in information systems engineering from Concordia University. During Summer 2018, she worked as a research intern at autorité des marchés financiers, Montreal, QC, where she was involved in the project that applied blockchain technologies to build decentralized exchange systems. Her research interests include blockchain technologies, Fin-Tech, and TLS and the CA trust model. Mahsa has also given many tutorials to the broader blockchain community.
- Louis Roy - Partner and Blockchain Leader at Raymond Chabot Grant Thornton
Louis Roy has over 25 years of audit experience. He is in charge of carrying out large-scale engagements and has extensive experience with financial institutions, public companies, and regulated and governmental entities. He is a National Assurance Director and is in charge of the Firm’s work methods and tools group.
- Sean Stapley - Director of Business Development, MLG Blockchain
Sean is Director of Business Development at MLG Blockchain, a global venture creation and advisory firm that focuses on blockchain technology development and investor relations services. He and his team lead client acquisition, risk analysis and strategic partnerships across each of MLG’s lines of business.
Prior to MLG, Sean worked at several disruptive Canadian Fintech firms in roles within operations, sales and venture capital, and he has a keen interest in emerging technologies that aim to have a positive social impact.
- Walter Knitl - CEO, Praxiem
Walter is CEO at Praxiem helping clients to discover and deliver their technology innovations through market research, product management, and business development. Also, as Co-Founder and Chief of Business Development at IoT613 he co-produces an annual Internet of Things conference, helping IoT actors learn, interact and connect with each other.
He advocates IoT as a lever for economic growth and social good through Praxiem IoT workshops and talks and the IoT613 conference.
Walter has a record of successful ICT product introductions at Ericsson, Nortel, Mitel, Ontario Centre for Microelectronics and Bell-Northern Research. His extensive experience consists of business roles including Product Management, Account Management, and Commercial Management, as well as technical roles in hardware and software R&D and telecommunication standards development
Submit your proposal to be a speaker or workshop facilitator in one of the following areas mentioned above.
Speaker submissions will be reviewed by the conference committee.
- Your presentation may not contain sales pitches.
- The application deadline is February 1st, 2019.