25th Annual Vancouver International Privacy & Security Summit
Data Protection & Privacy in a Data-Driven World
February 22-24, 2023, Vancouver, BC

General Information


Presenting the 25th Annual Vancouver International Privacy & Security Summit at the Westin Bayshore Hotel.  This fully in-person summit will offer a platform for 750 security and privacy professionals from around the world to discuss important issues on how we securely live, work, and play as the move to digital platforms accelerates.

Presented by Reboot Communications in partnership with ISACA Vancouver, this three-day summit will provide essential education, training and opportunities for CPD credits for individuals who are responsible for the transformation of the public and private sector into the new digital economy.

Registration Information

February 22nd – Educational & Training Workshops (Westin Bayshore Hotel) – Only 325 Seats available for these sessions!
February 23rd-24th – VIPSS Summit (Westin Bayshore Hotel)

 

Early Bird Rates (until Dec.31st)

Admission Type Public Sector Private Sector
VIPSS Summit & Educational Training Day $795.00 CAD (plus GST)
$1,145.00 CAD (plus GST)
   
VIPSS Summit Only $500.00 CAD (plus GST) $850.00 CAD (plus GST)
   
Educational Training Day Only $495.00 CAD (plus GST)
$750.00 CAD (plus GST)
   
       

Standard Rates (after Dec.31st)

Admission Type Public Sector Private Sector
VIPSS Summit & Educational Training Day $945.00 CAD (plus GST) $1,290.00 CAD (plus GST)    
VIPSS Summit Only $650.00 CAD (plus GST) $995.00 CAD (plus GST)    
Educational Training Day Only $495.00 CAD (plus GST)
$750.00 CAD (plus GST)
   
       

Registration Includes*:

  • Join us live in Vancouver, B.C for our 2-day summit (February 23-24) – option to include the Educational Training & Workshop Day on February 22nd (valued at $750).
  • Collaborate with senior executives who are changing the privacy & security industry
  • Signature keynotes and concurrent keynotes by international subject matter experts in privacy & security
  • Concurrent panel sessions + interactive in-person Q & A
  • Unparalleled in-person networking via 1:1 meetings and small group conversations
  • Exhibit booths for our top tier sponsors
  • Lunch and coffee breaks (Feb.22-24th)
*Subject to provincial guidelines (masks are currently optional).


Social Media

Stay connected and engaged in the conversation leading up to and during the summit by following along on Twitter @VIPSSummit. Use the event hashtag #VIPSS in your tweets to add to the existing discussions. We would appreciate you sharing your voice with our other followers.

www.vipss.ca

 

 

Keynote Speakers

Hansang Bae

Public Sector Chief Technologist, Zscaler

Philippe Dufresne

Privacy Commissioner of Canada

Trey Guinn

Field Chief Technology Officer, Cloudflare

Jason Maynard

Field CTO, Cybersecurity, Cisco Canada

Antoine Saikaley

Technical Director, Trend Micro Canada

Winn Schwartau

FRSA, Fellow, Royal Society of the Arts; Security Theoretician

Speakers

Martin Abrams

Chief Policy Innovation Officer, Information Accountability Foundation

Jeannine Adams

Founder & CEO, s01ve Cyber Solutions

James Armstrong

Senior Vice President & CISO, Shaw Communications

Brent J. Arnold

Partner, Data Breach Coach, Gowling WLG (Canada) LLP

Hansang Bae

Public Sector Chief Technologist, Zscaler

Dr. Colin Bennett

Professor, Department of Political Science, University of Victoria

Sergey Bukharov

Chief Customer Officer, SkyHive

Dr. Gregory Carpenter

Chief Security Officer, Knowledge Bridge International

Elizabeth Denham

Former UK Information Commissioner

Philip Fodchuk

Associate Partner, National Threat Management, IBM Security Services

Dr. Richard Frank

Associate Professor, School of Criminology, SFU; Director, International CyberCrime Research Centre

Dr. Robert Fraser

President and CEO, Molecular You

Bob Gordon

Executive Director, Canadian Cyber Threat Exchange (CCTX)

Robin Gould-Soil

President, RGS Management Consulting Services; CPO, Pentavere

Ray Harishankar

IBM Fellow, IBM Quantum Safe

John Jacobson

Former Deputy Minister, Ministry of Technology, Innovation and Citizens’ Services

Sunny Jassal

Director, Cyber Security, British Columbia Institute of Technology

Koleya Karringten

Co-Founder and CEO, Absolute Combustion; Executive Director, Canadian Blockchain Consortium

Andrew Kirsch

Former Intelligence Officer, CSIS; Founder, Kirsch Group

Brian Lenahan

Founder & Chair, Quantum Strategy Institute

Christian Leuprecht

Class of 1965 Professor in Leadership, Royal Military College and Queen’s University

Penny Longman

Director, Information Security and Data Stewardship, Fraser Health

David Loukidelis, QC

Privacy Consultant, former BC Information and Privacy Commissioner

Dr. Alan Low

Clinical Associate Professor, Faculty of Pharmaceutical Sciences, UBC; Exec. Director, MedAccess BC; Primary Care Pharmacist & Pharmacy Lead, BioPro Biologics Pharmacy

Paul Lucier

Chief Revenue Officer and Senior Sales and Business Development Executive, Crypto4A Technologies

Quinn Mah

Executive Director - Information Management, Alberta Health

Florian Martin-Bariteau

Associate Professor and University Research Chair in Technology and Society, University of Ottawa

Drew McArthur

Principal, The McArthur Consulting Group

Michael McEvoy

Information and Privacy Commissioner for British Columbia

Hardeep Mehrotara

Director, Information Security, Concert Properties

Dr. Bessma Momani

Senior Fellow, Centre for International Governance and Innovation (CIGI); Professor, University of Waterloo

Suzanne Morin

VP, Enterprise Conduct, Data Ethics & Chief Privacy Officer, Sun Life

Ruth Promislow

Partner, Co-Head of Privacy, Data Management and Cybersecurity Group, Bennett Jones LLP

Jennifer Quaid

Executive Director ,Canadian Cyber Threat Exchange (CCTX)

Dr. Teresa Scassa

Canada Research Chair in Information Law and Policy, University of Ottawa

Pam Simpson

Senior Information Security Analyst, TD Bank

Jo-Ann Smith

CISO & Privacy Officer, Long View

Kimberley St. Pierre

Director of Strategic Accounts, Tanium

Sybila Valdivieso

Executive Director, Information Access Privacy and Technology Development Office, Provincial Health Services Authority

Jeannette Van Den Bulk

Deputy Commissioner, Policy, Adjudication, and Audit, Office of the Information and Privacy Commissioner for British Columbia
Print Agenda

*Invited Speaker

Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.

Wednesday, February 22, 2023

9:30 - 9:45am PST

Opening Remarks

9:45 - 10:25am PST

Training Session 1 - Panel Session Part 1: Fusion Centre Model Panel Sessions: Accelerating convergence underway between cybersecurity, fraud and anti-money laundering.

It is needless to say due to yesterday’s silos between cybersecurity, fraud and anti-money laundering, detection of cybersecurity related fraud requires a special multi-disciplinary and innovative playbook built on convergence of the silos in order to establish a clear strategic enterprise vision. This vision and fusion is tomorrow’s fusion centre model - future ready and resilient!

10:25 - 10:40am PST

Morning Break

10:40 - 11:20am PST

Training Session 2 - Panel Session Part 2

11:20 - 11:40am PST

Question Period

11:40 - 12:30pm PST

Lunch Break

12:30 - 1:10pm PST

Training Session 3 - Workshop Session Part 1: Fusion Centre Model Workshop - Foundation for Developing a Fusion Centre

Starting with a foundational understanding of fusion centres and the fusion process, this workshop will provide a summary of fusion centre guidelines, key elements and provide the attendee with the knowledge and resources to develop a fusion centre model within their own organization. The multi-disciplinary integration of people, systems and technology for seamless communication and collaboration.

1:10 - 1:25pm PST

Afternoon Break

1:25 - 2:05pm

Training Session 4 - Workshop Session Part 2

2:05 - 2:20pm

Afternoon Break

2:20 - 3:00pm PST

Training Session 5 - Tabletop Exercise: Fusion Center Model Tabletop Exercise - Third Party Risk

Building on our fusion model panel discussions and foundations workshop on developing a fusion centre model within your own organization we will now discuss the role of the fusion centre as it relates to third party risk. This brief tabletop exercise is designed to be a discussion-based session to highlight the various collaborative and innovative roles within a fusion centre and how they respond to a situation.

3:00 - 3:15pm PST

Afternoon Break

3:15 - 4:15pm PST

Training Session 6

4:15 - 4:25pm PST

Training Sessions 7 & 8 - Introduction to self-paced online courses*

Privacy and Security 101 – (Introduction Courses for Everyone)

We all as employees, citizens, family members and friends, have a shared responsibility to protect personal and confidential information about ourselves and others we work and live with.

By taking a few simple steps we all can make an impact on the data privacy and security of information both at home and at work. The online self-paced training offers two separate one-hour courses in Privacy Foundations and Cybersecurity Foundations.

*Included with training day

4:25 - 4:30pm

Closing Remarks

5:30 - 7:30pm PST

Networking Event @ BCIT Tech Collider

BCIT Tech Collider - 555 Seymour Street, 2nd Floor - Industry networking event.
Light refreshments served.
*Event is included with your training day.

The BCIT Downtown Campus Tech Collider is a new initiative. Dually inspired by a modern sound stage and a Star Trek bridge, the Tech Collider is outfitted with state-of-the-art technology including an immersive gesture-controlled screen to digitized windows. The BCIT Tech Collider will become the central location for industry events and student learning in Vancouver.

Thursday, February 23, 2023

8:15 - 8:20am PST

Call to Conference & Territorial Acknowledgement

8:20 - 8:40am PST

Opening Keynote

8:40 - 9:20am PST

Session 1 - Keynote

9:20 - 10:05am PST

Session 2 - Keynote by Microsoft

10:05 - 10:35am PST

Morning Break

10:35 - 11:35am PST

Session 3 - Concurrent Panel A: Big Data, Big Complexity, Big Healthcare – Security Challenges and Opportunities. Why is Healthcare Such a Target?

Medical information can be worth up to ten times more than any credit card information stolen on the internet. Large amounts of patient data are stolen every year. Data breaches cost millions, take months to resolve and put patient lives in jeopardy. Healthcare boards and executives need to recognize the duty of case issues and provide dedicated funding as cyber incidents are impacting patient welfare and in some cases putting their lives at risk.

10:35 - 11:35am PST

Session 3 - Concurrent Panel B: CISO Discussion on Trending Risks in Cybersecurity (Board Oversight)

With the global situation resulting from the COVID-19 pandemic, increase in state sponsored attacks, and recent financial pressures on companies, the oversight provided by Boards on cyber security is becoming critical. This session will focus on the recent increasing risks and trends in Cybersecurity such as supply chain risks, zero-day vulnerabilities, and rise in ransomware.

Communicating these key concerns, risk and priorities to the Board can be tricky hence this session will discuss:
-Key mechanisms to present information to the board.
-Approaches and techniques to get board buy-in.
-Challenges and approaches on Cyber insurance
-Mechanisms used by organizations to address the constant evolving threat.

10:35 - 11:35am PST

Session 3 - Concurrent Panel C: International Data Flows

A global privacy accord to facilitate data flows would truly make everyone’s life easier. While Canada is adequate under the EU GDPR there are numerous other countries with adequacy requirements. Furthermore, countries are seeing data as national assets, and enacting data localization rules as a “privacy protection.” Elizabeth Denham, former UK ICO and BC Information Commissioner has led a G7 process to develop such an accord. Should we be optimistic, or are all the political and cultural impediments a barrier? Join this session to find out.

11:40 - 12:10pm PST

Session 4A - Concurrent Keynote by Cisco: Advanced Persistent Defenders (APD)!

In this session we discuss the Pyramid of Pain and review each element from an defender and adversarial perspective showcasing the value of defending at the Tactic, Technique, and Procedure level.

We will then shift into Mitre Att&ck and intelligent based defense by understanding frameworks and Mitre Att&ck.

11:40 - 12:10pm PST

Session 4B - Concurrent Keynote by Cloudflare

11:40 - 12:10pm PST

Session 4C - Concurrent Keynote by SentinelOne

12:10 - 1:15pm PST

Lunch Break (Please visit the exhibit booths)

1:15 - 1:55pm PST

Session 5 - Keynote

2:05 - 2:35pm PST

Session 6A - Concurrent Keynote by Fortinet

2:05 - 2:35pm PST

Session 6B - Concurrent Keynote by Arctic Wolf

2:05 - 2:35pm PST

Session 6C - Concurrent Keynote by Iron Spear

2:35 - 3:00pm PST

Afternoon Break

3:00 - 4:00pm PST

Session 7A - Concurrent Panel: Geopolitics: Analyzing the Threats and Opportunities Shaping Global Security

Geopolitics has been playing out through the Internet for years, but the intensity, diversity and impact of this activity is escalating. Formerly the domain of diplomats, operating in hallowed halls using precise language, today statecraft is executed over the Internet by intelligence arms of governments and their proxies such as cyber criminals. The use of proxies and the Internet provide governments a veil of plausible deniability for its actions including theft of intellectual property, sowing disinformation to reduce trust in government institutions, degrading the delivery of essential goods and services. During periods of conflict, the impact of this activity extends beyond the confidentiality, integrity, and availability of data; real world events are impacted.

This panel will examine how geopolitics are shaping the global threat environment, who are the players, and the strategic roles for both private and public sectors in mitigating this threat.

3:00 - 4:00pm PST

Session 7B - Concurrent Panel: The Future of Privacy Law in Canada

With data protection law reform completed in Quebec and well underway at the federal level, it might be reasonable to look to the very busy ‘present’ of privacy law in Canada. Yet we remain in a state of considerable flux and uncertainty when it comes to privacy and data protection law, particularly as powerful data driven technologies continue to evolve. In the not-too-distant future we will need to address the relationship between data protection law and AI governance; the growing proximity of data protection and human rights law; new forms of data governance for data sharing; digital ID; data mobility and open banking; new data-driven business models; and new interpretation and enforcement challenges arising from data protection law reform. In addition, we are set to see important changes in the role of privacy regulators, as well as in the impact that other regulators may have on the use of personal data.
This presentation looks to the future of privacy law in Canada to highlight some of the coming challenges – for law reform, for public policy, and for the interpretation and application of new laws. It will also propose principles and a pathway for navigating our privacy future.

3:00 - 4:00pm PST

Session 7C - Concurrent Panel: Artificial Intelligence & Machine Learning: Why Artificial Intelligence Must Prioritize Data Privacy

4:10 - 4:50pm PST

Session 8 - Keynote by TELUS

4:50 - 5:00pm PST

Day 1 Closing Remarks

5:00 - 5:05pm PST

Message from our Founding Sponsor ISACA

Friday, February 24, 2023

8:15 - 8:20am PST

Administrative Announcements

8:20 - 8:50am PST

Session 9 - Keynote Address

8:55 - 9:35am PST

Session 10 - Keynote Address by IBM

9:40 - 10:20am PST

Session 11 - Keynote Address by Zscaler: Zero Trust Deconstructed and Why It’s a Lie

Today’s cyber protection must expect and account for zero day vulnerabilities. As history proves, if you’re reachable, you’re breachable and in that world, network-based solutions come up lacking – after all, it’s a network not a security blanket. The key to zero trust means that before any connection is made from the user to an application, the identity and transaction must have been vetted. In addition, the application must never accept connections to unknown users. This allows authorized users to continue to operate even if parts of the network are compromised. In effect, Zero Trust maintains the chain of custody over every user, every transaction, and every app. Thereby verifying the identity and context, controlling the risk, and enforcing policy at scale. A true zero trust solution must be able to disaggregate the user and the application from the network without requiring modification to the existing network infrastructure. Zero Trust implemented at the user and application level is the only way to achieve the Dynamic Need to Know concept: removing or adding privileges in Realtime to protect users and applications from threats. In this session, you will understand:
-Why you can never have true Zero Trust,
-Why Zero Trust can never be implemented using the network – with packet proof, and
-The practical advice on rolling out Zero Trust for the biggest bang for the buck.

10:20 - 10:50am PST

Morning Break

10:50 - 11:50am PST

Session 12A - Concurrent Panel: Quantum Computing: The Good, the Bad and the Ugly. Is Quantum Computing One of the Most Serious Threats to Cybersecurity or Might it be the Solution to a More Secure Internet?

Quantum threats refer to the capabilities of true quantum computers that would allow for the hacking of mass quantities of encrypted data including essentially everything sent on the internet.. The future of the internet relies on Quantum research and is so important its drawing new federal funding. Quantum computing could be one of the most serious threats to cybersecurity but it might also be the solution to a more secure internet. The quantum internet could safeguard financial transactions and healthcare data, prevent identity theft and stop hostile state hackers in their tracks.

10:50 - 11:50am PST

Session 12B - Concurrent Panel: Women in Cybersecurity

10:50 - 11:50am PST

Session 12C - Concurrent Panel: Financial Cyber Crimes: The Illicit Uses of Cryptocurrency - Does this Lead to Money Laundering?

11:55 - 12:25pm PST

Session 13A - Concurrent Keynote by BeyondTrust

11:55 - 12:25pm PST

Session 13B - Concurrent Keynote by Forescout

11:55 - 12:25pm PST

Session 13C - Concurrent Keynote by ServiceNow

12:25 - 1:30pm PST

Lunch Break (Please visit the exhibit booths)

1:30 - 2:30pm PST

Session 14A - Concurrent Panel: Ransomware and the Public Sector: What Can Be Done To Strengthen Our Defense Against Ransomware?

The public sector is at increasing risk of experiencing ransomware attacks, and the time to act is now. Studies have shown that municipalities, government agencies, and other public sector organizations - many of which Canadians rely on every day - are reporting attempted ransomware attacks at alarming rates.

Join our moderator and industry expert panelists as they tackle tough questions like, how are public sector organizations being targeted? Once faced with an incident, are they paying ransoms? Are they getting their data back? How are ransomware incidents impacting the populations these organizations support? How can public sector organizations better protect themselves from the ever-present threat of ransomware?

1:30 - 2:30pm PST

Session 14B - Concurrent Panel: Digital ID Platforms for Public Services – “Trust but Verify”

Some might argue that the pandemic has strengthened the case for digital ID cards. They could make it quicker and easier for us to access government services but also could make pandemic track-and-trace systems more effective. For example, if health data were linked to work data, governments might more quickly spot clusters of COVID cases.

What about privacy and security? Can privacy be protected by existing data-protection laws and updated security safeguards, such as two-factor authentication? How could we guard against ID cards being required for other purposes, such as law enforcement?

In addition, creating a digital ID system is complex and expensive. Can digital ID systems be introduced gradually building on existing platforms? What about public trust? If they are reasonably safe, and add convenience for interacting with governments, will citizens sign up for them?

1:30 - 2:30pm PST

Session 14C - Concurrent Panel: Blockchain: The Cornerstone of Web 3.0

2:30 - 3:00pm PST

Afternoon Break

3:00 - 3:30pm PST

Session 15A - Concurrent Keynote by VMware

3:00 - 3:30pm PST

Session 15B - Concurrent Keynote by Check Point

3:00 - 3:30pm PST

Session 15C - Concurrent Keynote by Trend Micro: Mapping the Digital Attack Surface

There’s a simple but powerful dynamic driving cyber risk for most organizations today. The more they invest in digital infrastructure and tooling to drive sustainable growth, the more they may expose themselves to attack. According to experts, digital transformation during the pandemic pushed many organizations over a technology “tipping point” from which they will never return. In short, the future of business is digital—from hybrid working to cloud-powered customer experiences. That creates a challenge for CISOs. This challenge is often articulated in terms of the digital attack surface—that is, the collection of applications, websites, cloud infrastructure, on-premises servers, operational technology (OT) and other elements which are often exposed to remote threat actors. The risks associated with attack can be mitigated if organizations have visibility into all of these assets, calculate their risk exposure accurately and then take steps to secure the attack surface. Yet many struggle to do so. This presentation will provide insights (from a Trend Micro commissioned survey of 6,297 IT security decision makers in 29 countries) into why organizations are struggling to manage cyber risk and how to build a more risk-aware organization.

3:40 - 4:20pm PST

Session 16 - Closing Keynote Speaker

4:20 - 5:20pm PST

Session 17A - Concurrent Panel: Tribute to David Flaherty

David Flaherty passed away in October 2022. This panel of the current, and former BC Commissioners, pays tribute to David’s life and service by discussing his legacies as BC’s first Information and Privacy Commissioner. We discuss his role in establishing the Office in the early 1990s, as well as his overall impact on information and privacy rights in BC, Canada and globally.

4:20 - 5:20pm PST

Session 17B - Concurrent Panel: Canada: The State of the Federation 2022

5:20 - 5:30pm PST

Closing Remarks & Announcements

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Summit Sponsors & Marketing Partners

Westin Bayshore Hotel - Vancouver, BC

If you are attending the 25th Annual Vancouver International Privacy & Security Summit and need to make a hotel reservation we have a room block at the Westin Bayshore Hotel with room rates starting at $219. The room block ends January 24, 2023. To book a room within this room block please click here.

With lush and serene Stanley Park at its doorstep, water lapping the Coal Harbour Shores, snow-capped North Shore mountains in sight, and the vibrant city centre just around the corner, The Westin Bayshore, Vancouver is in perfect balance with its breathtaking surroundings. An elegant base from which to explore Vancouver, this resort-style property is a hub for well-being, whether travelling for leisure or business. A variety of year-round signature wellness programs promote feeling your best, while premier food and beverage offerings recharge the body and mind. Over 71,000 sq. ft. of flexible meeting space, one of Western Canada’s largest hotel ballrooms, and customizable catering options make this iconic hotel an ideal destination for conferences and social events. The Westin Bayshore, Vancouver is your gateway to inspired revitalization.

Call for Speakers

Please note that the call for speakers is now closed.

The Advisory Board for the 25th Annual Vancouver International Privacy and Security Summit is pleased to announce that the Call for Speakers is now closed and we are reviewing all of the submissions.

Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session or keynote address. This three-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.

Date: February 22-24, 2023
Location: Westin Bayshore Hotel, Vancouver, British Columbia

2023 Summit – Suggested Topics:

  • Artificial Intelligence and Machine Learning
  • Blockchain & Crypto Currencies
  • Data Exfiltration
  • Digital ID
  • Financial Cyber Crimes
  • Healthcare Cyber Attacks & Privacy Breaches
  • Hybrid Workplace
  • Internet of Everything
  • Privacy Legislation
  • Quantum Computing
  • Ransomware
  • Smart Cities
  • State Sponsored Terrorism
  • The Metaverse

Deadline:

All entries must be received by midnight of October 31, 2022. Invited speakers will be notified by November 30, 2022.

Submissions:

Submissions will be accepted electronically using the form below.

Have Questions or Need More Information?

Recommended Books

Please find below a list of recommended books that we suggest you check out (all written by various speakers from our events).

Title:  Canada: The State of the Federation 2022 – Financial Crime in Canada
Edited By:  Christian Leuprecht & Jamie Ferrill
Description:  Uncovering the hidden flows of dirty money into, out of, and throughout Canada.

Canada: The State of the Federation 2022 identifies federal and provincial trends that have inadvertently enabled the proliferation of this illicit activity. Showcasing an array of the best multidisciplinary research and experience, the volume demystifies financial crime, thus raising the level of awareness and public debate.

Contributors include Sanaa Ahmed, John Cassara, Garry Clement, Arthur J. Cockfield, Caroline Dugas, Jamie Ferrill, Cameron Field, Michelle Gallant, Peter German, Todd Hataley, Christian Leuprecht, David Mainmon, Katarzyna McNaughton, Denis Meunier, Pierre-Luc Pomerlau, Stephen Schneider, Pamela E. Simpson, and Jeffrey Simser.

(Use code MQTS for a 30% pre-publication discount-  Forthcoming December 2022)

Order Here


Title:  I Was Never Here:  My True Canadian Spy Story of Coffees, Code Names, and Covert Operations in the Age of Terrorism
Author:  Andrew Kirsch
Description:  Andrew Kirsch didn’t grow up watching spy movies, or dreaming about being a real-life James Bond. He was hardly aware that Canada even had its own intelligence service – let alone knew what its officers did. But when a terrorist attack occurred near the office of his financial services job, all of a sudden fighting terrorism meant a lot more to him than the markets. Within 18 months he had landed a job with the Canadian Security Intelligence Service (CSIS) – where he spent the next decade of his life.

In I Was Never Here, Kirsch (now an in-demand security consultant) spills the secrets of what life as an intelligence officer is really like, and dispels a few myths along the way. With humour, honesty, and candour, Kirsch shares his on-the-ground experience (or as much of it as he’s allowed to) of becoming a member of CSIS: from his vetting and training, to his initial desk job as a policy analyst, to his rise up the ranks to leading covert special operations missions. If you’ve ever wondered whether spies can have real dating lives, how they handle family responsibilities, or how they come up with cover stories or aliases, you’re in luck.

From the time he tried to get the code names “Burgundy” and “Anchorman” assigned to human sources (with no luck), to the night a covert operation was almost thwarted by a flyer delivery man, Kirsch takes you behind the scenes with an authentic view of Canada’s spy agency, and the intricate intelligence-sharing apparatus that works day and night to keep us safe. I Was Never Here is also a testament to one man’s drive to serve his country, and the sacrifices, big and small, that he made along the way.

Order Here


Title:  Time Based Security: Adding Measurement, Detection, and Reaction Time to Cybersecurity.
Author:  Winn Schwartau
Description:  Time Based Security in a Nutshell

The model for Time Based Security (TBS) originated with conversations with Bob Ayers, formerly of the Defense Information Systems Agency (DISA) over a period of years.

As a result of many napkin drawings, especially in Warsaw, Poland, TBS was born. In the two years since we spent hours and days arguing over the principles, I have had the opportunity to develop TBS into a workable mathematical model for quantification of security.

I have always maintained that to offer a reasonable defense, one has to know how to attack networks. So, TBS, here we go.

Defensive Products Do Not and Cannot Work.

The current and prevalent methods to defend networks against attack is an approach 10,000 years old based upon classic military strategy: build your defensive walls as high as you can to keep the bad guys out. This is also known as Fortress Mentality. However, it hasn’t worked since the dawn of time and still doesn’t work.

This fundamental error in historical judgement, though, was what modern defensive information security was based on: how can we build the walls around our networks high enough to keep the bad guys out. Oops! Wrong again. They began with the false premise that they could in fact keep the bad guys out and them compounded the error in the erroneous belief that everyone who had access to the networks was already cleared as a good guy; a pro-US gung-ho Marine-like good guy..

When the Trojans let the drawbridge to their city descend to admit the horse, they were networking with the outside world. When the Germans bypassed the Maginot Line, they created a network with the French – right or wrong. When people sailed over or around the Berlin Wall, the network connection was made. Thus, the principle of Fortress Mentality began to collapse as a viable defensive posture.

Order Here


Title:  Analogue Network Security:  Time, Broken Stuff, Engineering, Systems, My Audio Career, and Other Musings on Six Decades of Thinking About it All
Author:  Winn Schwartau.  Design by Kayley Melton
Description:  Why Analogue Security?

The Best Cybersecurity Book of all Time:  Analogue Network Security by Winn Schwartau
https://www.cyberdefensemagazine.com/top-100-cybersecurity-books/

In 1972, the Anderson reference monitor security model was introduced. Static fortress mentality was, (and still is), fundamentally how information security is implemented. Along came Bell, LaPadula, and Biba a few years later, with some enhancements, notably for MLS, multi-level security systems.

In 1987, the U.S. Department of Defense published the Red Book, The Trusted Network Interpretation of the lauded 1983-85 Orange Book that set forth many of the principles for information security. The results were, essentially, “We have no earthly idea how to secure a network.”

Today, we now assume our networks are P0wn3d– already infiltrated by hostiles.
We know that by adding more technology, our security problems will go away. We think of the network as a single thing and attempt to protect it as such. It isn’t, and we can’t.

TCP/IP. It was just an experiment. Today, it is the inter-infrastructural foundation of civilization. The Internet of Things is adding so-called intelligence to some 50+ billion endpoints and trillions of sensors. Where’s the security? The privacy?

Massive new projects, using next generation products, from quarterly profit-incented vendors, promise the same old stuff all over again. The ultimate déjà vu epic fail of security.  Is this any way to run a planet?

C’mon, fifty years of practice and we’re still…? Well, screw it. You’ll see.
Security requires a single, interdisciplinary metric for the cyber, physical, and human domains. Digital is not binary.

Then, for me, things fell into place. I have a few ideas I’d like to share.

Order Here


Title:  BREACHED! Why Data Security Law Fails and How to Improve It
Author:  Daniel J. Solove & Woodrow Hartzog
Description:  A novel account of how the law contributes to the insecurity of our data and a bold way to rethink it.

Digital connections permeate our lives and so do data breaches. It is alarming how difficult it is to create rules for securing our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached!, Daniel Solove and Woodrow Hartzog, two of the world’s leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself.

Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through a different approach to data security rules. Current law is counterproductive. It pummels organizations that have suffered a breach but doesn’t address the many other actors that contribute to the problem: software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.

Order Here