Presenting the 25th Annual Vancouver International Privacy & Security Summit at the Westin Bayshore Hotel. This fully in-person summit will offer a platform for 750 security and privacy professionals from around the world to discuss important issues on how we securely live, work, and play as the move to digital platforms accelerates.
Presented by Reboot Communications in partnership with ISACA Vancouver, this three-day summit will provide valuable education and training opportunities for individuals who are responsible for the transformation of the public and private sector into the new digital economy.
We are proud to announce that delegates within local government and professionals in the industry can obtain CPD/CPE credits through our accreditation with:
🛡️The BC Law Society
🛡️Chartered Professional Accountants of Canada
We acknowledge that gaining approval to attend training conferences can be challenging. As support in your continued privacy and security education, please click here for a sample Justification letter you can customize to build your case in attending. Once you click on the link, select “File” in the upper left corner, and download to edit.
February 22nd – Educational & Training Workshops (Westin Bayshore Hotel) – Only 325 Seats available for these sessions!
February 23rd-24th – VIPSS Summit (Westin Bayshore Hotel)
Early Bird Rates (until Dec.31st)
|Admission Type||Public Sector||Private Sector|
|VIPSS Summit & Educational Training Day||$795.00 CAD (plus GST)
||$1,145.00 CAD (plus GST)
|VIPSS Summit Only||$500.00 CAD (plus GST)||$850.00 CAD (plus GST)
|Educational Training Day Only||$495.00 CAD (plus GST)
||$750.00 CAD (plus GST)
Standard Rates (after Dec.31st)
|Admission Type||Public Sector||Private Sector|
|VIPSS Summit & Educational Training Day||$945.00 CAD (plus GST)||$1,290.00 CAD (plus GST)|
|VIPSS Summit Only||$650.00 CAD (plus GST)||$995.00 CAD (plus GST)|
|Educational Training Day Only||$495.00 CAD (plus GST)
||$750.00 CAD (plus GST)
- Join us live in Vancouver, B.C for our 2-day summit (February 23-24) – option to include the Educational Training & Workshop Day on February 22nd (valued at $750).
- Collaborate with senior executives who are changing the privacy & security industry
- Signature keynotes and concurrent keynotes by international subject matter experts in privacy & security
- Concurrent panel sessions + interactive in-person Q & A
- Unparalleled in-person networking via 1:1 meetings and small group conversations
- Exhibit booths for our top tier sponsors
- Lunch and coffee breaks (Feb.22-24th)
*Subject to provincial guidelines (masks are currently optional).
Stay connected and engaged in the conversation leading up to and during the summit by following along on Twitter @VIPSSummit. Use the event hashtag #VIPSS in your tweets to add to the existing discussions. We would appreciate you sharing your voice with our other followers.
Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.
Wednesday, February 22, 2023
9:15 - 10:30am PST • Salon ABC
Session 1 - Panel: Fusion Centre Model Panel Sessions: Accelerating convergence underway between cybersecurity, fraud and anti-money laundering.
It is needless to say due to yesterday’s silos between cybersecurity, fraud and anti-money laundering, detection of cybersecurity related fraud requires a special multi-disciplinary and innovative playbook built on convergence of the silos in order to establish a clear strategic enterprise vision. This vision and fusion is tomorrow’s fusion centre model - future ready and resilient!
10:30 - 10:45am PST • Grand Ballroom Foyer
10:45 - 12:00pm PST • Salon ABC Presentation Files Session 2 Slides
Session 2 - Workshop: Fusion Centre Model Workshop - Foundation for Developing a Fusion Centre
Starting with a foundational understanding of fusion centres and the fusion process, this workshop will provide a summary of fusion centre guidelines, key elements and provide the attendee with the knowledge and resources to develop a fusion centre model within their own organization. The multi-disciplinary integration of people, systems and technology for seamless communication and collaboration.
Presentation Files Session 2 Slides
12:00 - 1:00pm PST • Salon ABC
1:00 - 2:00pm PST • Salon ABC
Session 3 - Emerging Trends: The Art & Science of Metawar
The Fundamentals of Metawar
Metawar is the art of applying science to create alternate realities, so immersive, as to be indistinguishable from our ‘default’ reality; the one we have been born into. When technology can do that, we will have reached the meta point, from which there may well be no escape.
2:00 - 3:00pm PST • Salon ABC Presentation Files Connor Bildfell Aida Abraha
Session 4 - Panel: Emerging Issues in Workplace Privacy Law: Understanding Data Collection, Electronic Monitoring, and Employee Data Privacy Rights.
This panel brings together privacy, labour, and human rights law experts to examine the state of workplace privacy law in Canada. It will identify emerging privacy issues related to workplace electronic monitoring and other forms of algorithmic management systems. It will also discuss the challenges and pressure points and assess the adequacy of existing employee privacy rights laws. Further, it will discuss recent initiatives undertaken in Canada and abroad to regulate workplace electronic monitoring and AI tools.
Presentation Files Connor Bildfell Aida Abraha
3:00 - 3:15pm PST • Grand Ballroom Foyer
3:15 - 3:45pm PST • Salon ABC Presentation Files Andrew Geider
Session 5 - Data Privacy, Higher Education - Why Should We Care?
Today’s student’s attitudes toward data privacy will shape the policies and practices that govern the internet. As such, society needs to better understand college student attitudes, expectations, and behaviors regarding data privacy, and take a more active role in shaping behaviours. Universities must demonstrate transparency to marginalized students (LGBQ, undocumented immigrants, and people of colour) to ensure students gain the trust of higher educational institutions.
As students have become more aware of this ongoing data collection and use, they have begun to express their concerns and desires to limit the use of their data to guide institutional decision making. Recommendations will address the collection and use of personal data, and how to gain student’s trust in managing their private information.
•Higher education institutions must teach data privacy, ethics, and digital literacy courses to encourage college students to think critically about data privacy.
•To foster trust and cooperation, higher education institutions and technology companies must communicate how and why they collect, use, and share students’ personal information.
•Researchers must conduct further studies on college students’ attitudes, expectations, and behaviors regarding data privacy.
Presentation Files Andrew Geider
3:45 - 4:25pm PST • Salon ABC Presentation Files Session 6 Slides
Session 6 - Business Strategies for Compliance: Utilizing Synthetic Data, Pseudonymization, and Other Privacy Enhancing Techniques to Meet Emerging De-identification Requirements
Bill C27, Bill 64, and EU and US laws are all introducing concepts of de-identification and anonymization, and in different ways. What is this all about and how do you navigate leveraging these tools to enable the rich uses of data? From a safeguarding perspective, how can you use de-identification and anonymization to reduce the risk that your organization's PI isn’t getting out from internal or external sources?
The panel will be looking at the evolution of legislation to the current and anticipated legislation and talking about how technology can enable the enterprise. Technologies like anonymization, tokenization, pseudonymization, and even synthetic data. How to use it, why to use it, and the best applications or use cases for which solution.
By making the data more useful by removing the “identifiable” part of PI, you can help your business -- and even possibly create some ROI from a cost center that classically isn’t a revenue-producing entity, all while doing the right thing.
1. Examples of de-identification,anonymization and synthetic data techniques
2. Practical uses of de-identification, anonymization and synthetic data techniques
3. Building a business case
Presentation Files Session 6 Slides
5:30 - 7:30pm PST •
Networking Event @ BCIT Tech Collider
BCIT Tech Collider - 555 Seymour Street, 2nd Floor - Industry networking event.
Light refreshments served.
*Event is included with your training day.
The BCIT Downtown Campus Tech Collider is a new initiative. Dually inspired by a modern sound stage and a Star Trek bridge, the Tech Collider is outfitted with state-of-the-art technology including an immersive gesture-controlled screen to digitized windows. The BCIT Tech Collider will become the central location for industry events and student learning in Vancouver.
Thursday, February 23, 2023
8:40 - 9:20am PST • Bayshore Grand Ballroom
Session 1 - Keynote: Facing our Futures - 5 themes for the next 10 years
2023 has started and the world not only feels different, it feels more uncertain than ever. This is the territory of futurists, social activists, technologists and policy makers. It’s time for us to step up. Nikolas Badminton will explore 5 themes that will shape the thinking about how we plan for our futures together - Geopolitics, Permacrises, Simulation, Utopia, and Longtermism.
9:20 - 10:05am PST • Bayshore Grand Ballroom Presentation Files John Weigelt
Session 2 - Keynote by Microsoft: Focus on Data to Safeguard your Enterprise
Data spills, ransomware and bad tempered chatbots can stop an enterprise in its tracks. While bad actors are using the latest tools and approaches to find a way into the enterprise, many enterprises continue the status quo to protect their assets. With a focus on data, organizations can develop the insight, processes, and tools to keep ahead of threats. Join John Weigelt, CTO Microsoft Canada, as he outlines how we can rethink our treatment of data, considers how privacy and security safeguards have evolved, and explores AI governance to not only better protect data, but also to enable organizations to do more with the data that they hold.
Presentation Files John Weigelt
10:05 - 10:35am PST • Grand Ballroom Foyer
10:35 - 11:35am PST • Salon ABC
Session 3 - Concurrent Panel A: Big Data, Big Complexity, Big Healthcare – Security Challenges and Opportunities. Why is Healthcare Such a Target?
Medical information can be worth up to ten times more than any credit card information stolen on the internet. Large amounts of patient data are stolen every year. Data breaches cost millions, take months to resolve and put patient lives in jeopardy. Healthcare boards and executives need to recognize the duty of case issues and provide dedicated funding as cyber incidents are impacting patient welfare and in some cases putting their lives at risk.
10:35 - 11:35am PST • Salon EF
Session 3 - Concurrent Panel B: CISO Discussion on Trending Risks in Cybersecurity (Board Oversight)
With the global situation resulting from the COVID-19 pandemic, increase in state sponsored attacks, and recent financial pressures on companies, the oversight provided by Boards on cyber security is becoming critical. This session will focus on the recent increasing risks and trends in Cybersecurity such as supply chain risks, zero-day vulnerabilities, and rise in ransomware.
Communicating these key concerns, risk and priorities to the Board can be tricky hence this session will discuss:
-Key mechanisms to present information to the board.
-Approaches and techniques to get board buy-in.
-Challenges and approaches on Cyber insurance
-Mechanisms used by organizations to address the constant evolving threat.
10:35 - 11:35am PST • Salon D
Session 3 - Concurrent Panel C: International Data Flows
A global privacy accord to facilitate data flows would truly make everyone’s life easier. While Canada is adequate under the EU GDPR there are numerous other countries with adequacy requirements. Furthermore, countries are seeing data as national assets, and enacting data localization rules as a “privacy protection.” Elizabeth Denham, former UK ICO and BC Information Commissioner has led a G7 process to develop such an accord. Should we be optimistic, or are all the political and cultural impediments a barrier? Join this session to find out.
11:40 - 12:10pm PST • Salon ABC Presentation Files Jason Maynard
Session 4A - Concurrent Keynote by Cisco: Advanced Persistent Defenders (APD)!
In this session we discuss the Pyramid of Pain and review each element from an defender and adversarial perspective showcasing the value of defending at the Tactic, Technique, and Procedure level.
We will then shift into Mitre Att&ck and intelligent based defense by understanding frameworks and Mitre Att&ck.
Presentation Files Jason Maynard
11:40 - 12:10pm PST • Salon EF Presentation Files Anand Guruprasad
Session 4B - Concurrent Keynote by Cloudflare: The (Hard) Key to Stop Phishing: How Cloudflare Stopped a Targeted Attack and You Can Too
In July 2022, Cloudflare was targeted in a sophisticated SMS phishing scheme in such a way that we believe most organizations would be likely to be breached. In this session we’ll detail the recent targeted phishing attack we saw at Cloudflare and more importantly, how we stopped it and steps you can take to protect your organization as well. We’ll cover topics like: why not all MFA is created equally, the role of Zero trust network access in rolling out strong authentication, and the importance of a blame-free culture around security.
Presentation Files Anand Guruprasad
11:40 - 12:10pm PST • Salon D Presentation Files Mani Keerthi Nagothu
Session 4C - Concurrent Keynote by SentinelOne: Debunking Common Myths About XDR
There has been a tremendous buzz across the cybersecurity community about the emerging technology known as XDR (eXtended Detection & Response).
Unfortunately for the practitioner, there has yet to be a single definition widely accepted by both analysts and vendors perporting to be knowledgeable on the subject.
What is XDR and why should I consider the technology in my enterprise security stack? What should I expect from vendors who claim to have built the perfect mousetrap? What is reality, and what is just hype?
This session is intended to walk the audience through some generally accepted value statements associated with XDR while attempting to debunk a few common myths that continue to muddy the water for security teams.
Presentation Files Mani Keerthi Nagothu
12:10 - 1:15pm PST • Bayshore Grand Ballroom
Lunch Break - Sponsored by Tenable & iON United (Please visit the exhibit booths)
1:15 - 1:45pm PST • Salon ABC
Session 5A - Concurrent Keynote: Out of the Shadows: An Inside Look at Canada’s Spy Service
This session will take an inside look at what Canada’s spy service does and why it’s important you know more about it. Drawing on entertaining stories from his career; Andrew gives a rarely seen look behind the curtain at what Canada’s security service does, what it’s really like to be a spy, the threats he faced and the challenges to come.
1:15 - 1:45pm PST • Salon EF Presentation Files Werner Vorster
Session 5B - Concurrent Keynote by Rubrik: Backup ≠ Cyber Recovery
It's a matter of when, not if, your organization is breached.
During this session, you’ll hear from Rubrik’s cyber resilience expert, Werner Vorster, as he breaks down the necessary components to raise your organization’s cyber threat preparedness and develop a comprehensive strategy built to withstand today's most pervasive cyber threats.
For decades, data management has been a dysfunctional interdepartmental challenge. Compounding yesterday's data management problem is today's Cyber Risks, especially related to Sensitive and PII Data. You’ll hear how Rubrik takes a holistic view of how organizations can mitigate the associated risks, ensuring compliance across their enterprise and learn about real-life examples of how customers currently leverage Rubrik today.
Presentation Files Werner Vorster
1:15 - 1:45pm PST • Salon D
Session 5C - Concurrent Keynote by Cohesity: Protect, Detect and Recover: The Top Ways to be Cyberattack Ready
From socially engineered phishing attacks that can compromise credentials to malware payloads installed through a tainted URL, bad actors can, often too easily, gain access to your critical data and hold it for ransom. When production data is compromised, you need to be able to quickly protect, detect, and recover. Using real-world examples, we’ll learn how implementing a comprehensive Data Security and Management program with proper controls like multi-factor authentication, role-based access control, data discovery and classification, and threat detection can create a resilient environment, ready to respond when attacks occur.
1:50 - 2:20pm PST • Salon ABC Presentation Files Derek Manky
Session 6A - Concurrent Keynote by Fortinet: Disrupting Advanced Persistent Cybercrime
APT and Cybercriminal organizations are converging with shared infrastructure, resources and targets within both the public and private sector. This talk will show some examples of the Advanced Persistent Cybercrime phenomenon, and also discuss a holistic approach to disruption highlighting industry effort underway.
Presentation Files Derek Manky
1:50 - 2:20pm PST • Salon EF Presentation Files Mike McCleary
Session 6B - Concurrent Keynote by Arctic Wolf: Security Operations in the Age of Cybercrime
Cybercrime is big business and attackers have evolved. Today, cybercrime has become a $1.5 Trillion dollar industry and that number is increasing. The barriers for attacks have been lowered, and the rewards have never been higher. So, who are these cybercriminals and how does an organization protect itself? Our discussion will focus on the common motives and methods of cybercriminal groups along with strategies on how to develop an effective security operations program to safeguard your environment.
Presentation Files Mike McCleary
1:50 - 2:20pm PST • Salon D Presentation Files Jason Grimbeek
Session 6C - Concurrent Keynote by Iron Spear: Cyber Security is Now an Essential Part of Environmental, Social and Governance (ESG) Factors
Institutional investors, business partners and suppliers are all looking to an organization’s ESG practices to ensure they align with their own. Cyber security is fast becoming a key component in ESG as it is a concern up and down the supply chain and companies who are not managing it effectively are being seen as a potential investment risk.
This talk will address why cyber security should be part of your organization’s ESG strategy and give you the non-technical approach to ensuring your cyber program meets the demands of social expectations.
Presentation Files Jason Grimbeek
2:20 - 2:50pm PST • Grand Ballroom Foyer
2:50 - 3:50pm PST • Salon ABC
Session 7A - Concurrent Panel: Geopolitics: Analyzing the Threats and Opportunities Shaping Global Security
Geopolitics has been playing out through the Internet for years, but the intensity, diversity and impact of this activity is escalating. Formerly the domain of diplomats, operating in hallowed halls using precise language, today statecraft is executed over the Internet by intelligence arms of governments and their proxies such as cyber criminals. The use of proxies and the Internet provide governments a veil of plausible deniability for its actions including theft of intellectual property, sowing disinformation to reduce trust in government institutions, degrading the delivery of essential goods and services. During periods of conflict, the impact of this activity extends beyond the confidentiality, integrity, and availability of data; real world events are impacted.
This panel will examine how geopolitics are shaping the global threat environment, who are the players, and the strategic roles for both private and public sectors in mitigating this threat.
2:50 - 3:50pm PST • Salon EF
Session 7B - Concurrent Panel: The Future of Privacy Law in Canada
Bill C-27, also known as the Digital Charter Implementation Act, contains three separate statutes: the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Tribunal Act and the Artificial Intelligence and Data Act. It is now at a critical stage in its parliamentary passage. This panel will focus mainly on the CPPA. Does it “modernize” Canada’s privacy sector privacy legislation, as the government claims? Is it consistent with contemporary international privacy standards? Will it strengthen consumer rights in the face of the enormous power of global internet companies? Does it provide the kind of clarity that Canadian business expects?
2:50 - 3:50pm PST • Salon D
Session 7C - Concurrent Panel: Artificial Intelligence & Machine Learning: Why Artificial Intelligence Must Prioritize Data Privacy
Artificial intelligence (AI) and machine learning have the potential to transform many aspects of our lives, from healthcare and transportation to education and finance. However, the increasing use of AI also raises important questions about data privacy. In this panel session, we will discuss why AI must prioritize data privacy, and explore the ways in which AI systems can be designed and used in a responsible and ethical manner. We will examine the potential risks and consequences of data collection and usage, and discuss strategies for protecting personal information and preventing discrimination. This panel will provide insights and guidance for individuals, organizations, and policy makers looking to understand and address the complex issues related to AI and data privacy.
4:00 - 4:40pm PST • Bayshore Grand Ballroom Presentation Files Aaron Steele
Session 8 - Keynote by TELUS: Cloud Security Expectations vs. Reality: Insights from the TELUS Canadian Cloud Security Study
Is cloud security meeting the expectations of Canadian organizations? Join Aaron Steele, Director of Cybersecurity at TELUS, as he shares insights from the soon-to-be-published TELUS Canadian Cloud Security Study that answer this question.
Based on the feedback of over 500 Canadian organizations, the study explores the current state of cloud adoption and security in Canada, discusses the challenges organizations are facing with security in the cloud, and examines how organizations are detecting and responding to cloud security incidents.
Presentation Files Aaron Steele
4:40 - 4:50pm PST • Bayshore Grand Ballroom Presentation Files ISACA Slides
Message from our Founding Sponsor: Information Systems Audit and Control Association (ISACA) Vancouver Chapter
Presentation Files ISACA Slides
Friday, February 24, 2023
8:25 - 8:30am PST • Bayshore Grand Ballroom Presentation Files Michael McEvoy
Presentation Files Michael McEvoy
8:30 - 9:00am PST • Bayshore Grand Ballroom
Session 9 - Keynote Address: A Culture of Privacy: Rights, Trust and the Public Interest
Privacy Commissioner of Canada Philippe Dufresne will share his vision for protecting and promoting a culture of privacy in Canada, how it informs his views on current practices and the needed modernization of Canada’s federal privacy regime.
9:00 - 9:40am PST • Bayshore Grand Ballroom Presentation Files Evan Anderson
Session 10 - Keynote Address by IBM: Embedding the Attacker’s Perspective - An Inside Look Into How Hackers Prioritize Targets at Scale
Join, Evan Anderson, Co-Founder & Principal Technologist at Randori, an IBM Company, for an exciting session that dives into the fast-paced world of offensive security. It’s clear from talking with hundreds of organizations that attackers and defenders often come to dramatically different conclusions around risk - even when looking at the same information. In this session, switch teams for a day as we pull back the curtain behind the system that keeps one of the world’s most advanced attack platforms on target 24/7/365. Through examples, Evan will show how Randori, (and real attackers) are leveraging AI and decades of experience to discover, classify and prioritize millions of targets daily across some of the world’s largest organizations. He’ll break down the 6 “tempting” factors every vulnerability team should be using to prioritize risk.
Presentation Files Evan Anderson
9:40 - 10:20am PST • Bayshore Grand Ballroom Presentation Files Hansang Bae
Session 11 - Keynote Address by Zscaler: Zero Trust Deconstructed and Why It’s a Lie
Today’s cyber protection must expect and account for zero day vulnerabilities. As history proves, if you’re reachable, you’re breachable and in that world, network-based solutions come up lacking – after all, it’s a network not a security blanket. The key to zero trust means that before any connection is made from the user to an application, the identity and transaction must have been vetted. In addition, the application must never accept connections to unknown users. This allows authorized users to continue to operate even if parts of the network are compromised. In effect, Zero Trust maintains the chain of custody over every user, every transaction, and every app. Thereby verifying the identity and context, controlling the risk, and enforcing policy at scale. A true zero trust solution must be able to disaggregate the user and the application from the network without requiring modification to the existing network infrastructure. Zero Trust implemented at the user and application level is the only way to achieve the Dynamic Need to Know concept: removing or adding privileges in Realtime to protect users and applications from threats. In this session, you will understand:
-Why you can never have true Zero Trust,
-Why Zero Trust can never be implemented using the network – with packet proof, and
-The practical advice on rolling out Zero Trust for the biggest bang for the buck.
Presentation Files Hansang Bae
10:20 - 10:50am PST • Grand Ballroom Foyer
10:50 - 11:50am PST • Salon ABC
Session 12A - Concurrent Panel: Quantum Computing: The Good, the Bad and the Ugly. Is Quantum Computing One of the Most Serious Threats to Cybersecurity or Might it be the Solution to a More Secure Internet?
Quantum threats refer to the capabilities of true quantum computers that would allow for the hacking of mass quantities of encrypted data including essentially everything sent on the internet.. The future of the internet relies on Quantum research and is so important its drawing new federal funding. Quantum computing could be one of the most serious threats to cybersecurity but it might also be the solution to a more secure internet. The quantum internet could safeguard financial transactions and healthcare data, prevent identity theft and stop hostile state hackers in their tracks.
10:50 - 11:50am PST • Salon EF
Session 12B - Concurrent Panel: Digital ID Platforms for Public Services – “Trust but Verify”
Some might argue that the pandemic has strengthened the case for digital ID cards. They could make it quicker and easier for us to access government services but also could make pandemic track-and-trace systems more effective. For example, if health data were linked to work data, governments might more quickly spot clusters of COVID cases.
What about privacy and security? Can privacy be protected by existing data-protection laws and updated security safeguards, such as two-factor authentication? How could we guard against ID cards being required for other purposes, such as law enforcement?
In addition, creating a digital ID system is complex and expensive. Can digital ID systems be introduced gradually building on existing platforms? What about public trust? If they are reasonably safe, and add convenience for interacting with governments, will citizens sign up for them?
10:50 - 11:50am PST • Salon D
Session 12C - Concurrent Panel: Financial Cyber Crimes: The Illicit Uses of Cryptocurrency - Does this Lead to Money Laundering?
New decentralized finance technologies represent a great opportunity for [cyber]theft and money laundering. This panel will discuss how and to what extent cryptocurrencies and their related products, such as NFTs or decentralized derivatives (loans, options, future contracts), are used for illicit purposes. How these uses represent a challenge for law enforcement agencies, policymakers, and anti-money laundering officers in private organizations will also be discussed.
11:55 - 12:25pm PST • Salon ABC Presentation Files Dan Deganutti
Session 13A - Concurrent Keynote by BeyondTrust: Cybersecurity Trends for 2023 and Beyond
Dan Deganutti will review and discuss the top cybersecurity trends for 2023. In this session, you’ll learn more about what security and technology surprises he thinks lie in store for 2023 and the remainder of the roaring 20’s, plus his preparedness plans for those predictions.
Presentation Files Dan Deganutti
11:55 - 12:25pm PST • Salon EF Presentation Files Justin Foster
Session 13B - Concurrent Keynote by Forescout: How to Protect Assets by Balancing Proactive Risk with Reactive Threat
Too many security programs focus on layers of compensating controls without understanding the full perspective. Cyber security starts with an understanding of the assets under your control. You then need to balance resource between a proactive approach to exposure management, with the reactive approach to threats facing your environment. Join us to look at creating a holistic and balanced approach to cyber security.
Presentation Files Justin Foster
11:55 - 12:25pm PST • Salon D Presentation Files Ben de Bont
Session 13C - Concurrent Keynote by ServiceNow: The Modern CISO Mindset: Shifting from Accountability to Action
The threat landscape continues to evolve at a record pace. As a modern CISO in an increasingly complex cybersecurity environment, you're being called to do the same. In this keynote, Ben de Bont, ServiceNow CISO, will discuss the critical mindset shift he has made to drive maximum impact for his organization. He'll offer recommendations on how global CISOs can transform from being accountable for policy, architecture, and guidelines to actively driving and implementing proactive change across the enterprise. You'll walk away with an understanding of how to effectively know and report on the true state of your exposure so you can minimize your organization’s risk and maximize its innovation and productivity.
Presentation Files Ben de Bont
12:25 - 1:30pm PST • Bayshore Grand Ballroom
Lunch Break - Sponsored by Abnormal Security (Please visit the exhibit booths)
1:30 - 2:30pm PST • Salon ABC
Session 14A - Concurrent Panel: Ransomware and the Public Sector: What Can Be Done To Strengthen Our Defense Against Ransomware?
The public sector is at increasing risk of experiencing ransomware attacks, and the time to act is now. Studies have shown that municipalities, government agencies, and other public sector organizations - many of which Canadians rely on every day - are reporting attempted ransomware attacks at alarming rates.
Join our moderator and industry expert panelists as they tackle tough questions like, how are public sector organizations being targeted? Once faced with an incident, are they paying ransoms? Are they getting their data back? How are ransomware incidents impacting the populations these organizations support? How can public sector organizations better protect themselves from the ever-present threat of ransomware?
1:30 - 2:30pm PST • Salon EF
Session 14B - Concurrent Panel: Women in Cybersecurity: Diversity 2023 and Beyond
Diversity as we have come to know it has had its challenges. Engaging the vast number of groups that have been left out is a challenge for many companies. While larger businesses may have the breadth of roles to accommodate diversity, there is still a struggle to achieve this. As for small businesses, the powerhouse of our economies, there is little doubt that hiring for something beyond the skills you need is extremely difficult to do. Add to this the fact that with rapidly changing technologies, the skills sets needed are increasingly hard to find, diversity seems to have hit a very tall barrier.
This panel will talk about how to deliver on the diversity promise. Discussion questions will include what is a diversity mindset? What are the fundamental challenges of businesses when implementing a diversity program? How would diversity of thought change how you approach a traditional diversity program? How has diversity impacted your development of products, services and processes?
1:30 - 2:30pm PST • Salon D
Session 14C - Concurrent Panel: Unlocking Health Data Access to Empower Health Innovation. Individual’s Hold the Key and Blockchain Provides a Solution
Across Canada and the world, we are experiencing a crisis in our healthcare. The need for innovation in healthcare has never been greater. However, for innovation to occur health innovators need access to wellness and health data to enable AI / ML algorithms to solve these large problems. Health data is siloed in a fragmented health system and wellness data is under individual control. Many researchers and industry experts recognize that the most effective way to overcome the siloed data problem would be to give individuals control over the access to their data enabled through blockchain based technologies. Designing and implementing such solutions currently have poor user experience and are hard to universally deploy. Our panel of experts will address this challenge sharing their own experiences and knowledge in discussing how we can move forward in providing individuals’ control of health and wellness data, the technologies that provide for this and how this needs to align with business, privacy and security considerations to enable data access to power innovation in healthcare.
2:30 - 3:00pm PST • Grand Ballroom Foyer
3:00 - 3:30pm PST • Salon ABC Presentation Files Dev Sharma
Session 15A - Concurrent Keynote by VMware: Enforcing a Strong Zero-Trust Ransomware Defense
In a zero-trust world, you have to assume that attackers are already in your network. These threat actors are living off the land, using legitimate pathways to start and progress their attacks. Increasingly, the attacker’s goal is to get into your network and stay there to explore, probe, eventually ransomware, and exfiltrate data. Join this session to learn about the strong and highly differentiated lateral security defense that sees more and therefore stops more, finding and evicting threat actors before they can do damage. Built on the principles of the cloud operating model, this solution delivers better security.
Presentation Files Dev Sharma
3:00 - 3:30pm PST • Salon EF Presentation Files Micki Boland
Session 15B - Concurrent Keynote by Check Point: Cyber Warfare 2023: AI, ChatGPT, and Beyond
Emerging technology is rapidly developing especially OpenAI, with AI ethics policy and governance for Human Centered AI trailing far behind and threat actors/groups rarely concern themselves with ethical use of technology. With the exciting advent of ChatGPT and Microsoft's $1b investment in OpenAI, cybersecurity professionals need to know about utilization of OpenAI by cyber criminals on the Dark Web to develop malicious code and launch automated campaigns. And prepare for battle of the AIs.
Presentation Files Micki Boland
3:00 - 3:30pm PST • Salon D Presentation Files Antoine Saikaley
Session 15C - Concurrent Keynote by Trend Micro: Mapping the Digital Attack Surface
There’s a simple but powerful dynamic driving cyber risk for most organizations today. The more they invest in digital infrastructure and tooling to drive sustainable growth, the more they may expose themselves to attack. According to experts, digital transformation during the pandemic pushed many organizations over a technology “tipping point” from which they will never return. In short, the future of business is digital—from hybrid working to cloud-powered customer experiences. That creates a challenge for CISOs. This challenge is often articulated in terms of the digital attack surface—that is, the collection of applications, websites, cloud infrastructure, on-premises servers, operational technology (OT) and other elements which are often exposed to remote threat actors. The risks associated with attack can be mitigated if organizations have visibility into all of these assets, calculate their risk exposure accurately and then take steps to secure the attack surface. Yet many struggle to do so. This presentation will provide insights (from a Trend Micro commissioned survey of 6,297 IT security decision makers in 29 countries) into why organizations are struggling to manage cyber risk and how to build a more risk-aware organization.
Presentation Files Antoine Saikaley
3:35 - 4:35pm PST • Salon ABC Presentation Files David Flaherty Photos
Session 16A - Concurrent Panel: Tribute to David Flaherty
David Flaherty passed away in October 2022. This panel of the current, and former BC Commissioners, pays tribute to David’s life and service by discussing his legacies as BC’s first Information and Privacy Commissioner. We discuss his role in establishing the Office in the early 1990s, as well as his overall impact on information and privacy rights in BC, Canada and globally.
Presentation Files David Flaherty Photos
3:35 - 4:35pm PST • Salon DEF
Session 16B - Concurrent Panel: Financial Crime in Canada: Launch of the 2022 Edition of The State of the Federation Book Series
Financial crime in Canada remains a mystery: omnipresent, but we know little about its operation. Transactions are cloaked with apparent legality, which makes tracking criminal activity through economic or financial statistics a complex undertaking. A web of clandestine processes disguises its scale and location. As a result, financial crime is difficult to detect, disrupt, deter, and prosecute. This distinctive volume, authored by leading scholars and practitioners, opens the black box of financial crime in the Canadian federation. Its findings will help to inhibit the in-, out-, and through-flows of vast sums of dirty money by enhancing the capacity to investigate and prosecute financial criminals.
With a primary focus on money laundering, Canada: The State of the Federation 2022 identifies federal and provincial trends - including regulatory, legislative, political, institutional, and enforcement trends - that have inadvertently enabled the proliferation of this illicit activity. Showcasing an array of the best multidisciplinary research and experience, the volume demystifies financial crime, thus raising the level of awareness and public debate.
4:40 - 5:20pm PST • Bayshore Grand Ballroom Presentation Files Winn Schwartau
Session 17 - Closing Keynote Speaker: Security and Privacy in the Metaverse
A long time ago, on June 27, 1991, I testified before the US Congress and warned that the then-emerging internet was ripe for Cyberterrorism, Cyberwar, Cybercrime, the loss of privacy, and a potential Electronic Pearl Harbor. I called it Information Warfare.
A Congressman asked me that day, “Mr. Schwartau, why would the bad guys ever want to use the internet?” Today, “Mr. Schwartau, why would the bad guys ever want to use the metaverse?”
Tens of billions of dollars and euros are being spent by global technology giants to digitally terraform the first generation of simulations; multi-user interactive virtual worlds with varying degrees of immersion, meant to captivate hundreds of millions of people.
Yet, is anyone talking about Security & Privacy with the to-be-developed technologies, highly granular and enhanced surveillance capitalism, behavioural monitoring and influence and all the other issues that make a lot of folks very uncomfortable?
Policy-makers and citizens alike need to address complex issues sooner than later:
- The Death of PII and Birth of Behavioral Identity Capitalism
- Is Murder legal in the Metaverse?
- What is ‘Good’ versus ‘Bad’ metaverse experiences?
- Should Meta-Anonymity be allowed?
- Securing the ODDA-Loops of Perception
- Geo- vs. Virtual Localization & Law Enforcement
What has Schwartau come up with this time, 30 some years later?
Presentation Files Winn Schwartau
The 25th Annual Vancouver International Privacy & Security Summit is proudly sponsored by the following companies.
If you would like to sponsor this event, please download the Sponsorship Brochure for more information.
Summit Sponsors & Marketing Partners
Westin Bayshore Hotel - Vancouver, BC
If you are attending the 25th Annual Vancouver International Privacy & Security Summit and need to make a hotel reservation we have a room block at the Westin Bayshore Hotel with room rates starting at $219. The room block ends January 24th. To book a room within this room block please click here.
With lush and serene Stanley Park at its doorstep, water lapping the Coal Harbour Shores, snow-capped North Shore mountains in sight, and the vibrant city centre just around the corner, The Westin Bayshore, Vancouver is in perfect balance with its breathtaking surroundings. An elegant base from which to explore Vancouver, this resort-style property is a hub for well-being, whether travelling for leisure or business. A variety of year-round signature wellness programs promote feeling your best, while premier food and beverage offerings recharge the body and mind. Over 71,000 sq. ft. of flexible meeting space, one of Western Canada’s largest hotel ballrooms, and customizable catering options make this iconic hotel an ideal destination for conferences and social events. The Westin Bayshore, Vancouver is your gateway to inspired revitalization.
Call for Speakers
Please note that the call for speakers is now closed.
The Advisory Board for the 25th Annual Vancouver International Privacy and Security Summit is pleased to announce that the Call for Speakers is now closed and we are reviewing all of the submissions.
Subject matter experts working within the privacy and information security communities are invited to submit papers on their area of expertise. Of particular interest are briefs on cutting-edge subjects and themes suitable for presentation in either a panel session or keynote address. This three-day conference draws an international audience focused on policy, programs, law, research and technologies aimed at the protection of privacy and security.
Date: February 22-24, 2023
Location: Westin Bayshore Hotel, Vancouver, British Columbia
2023 Summit – Suggested Topics:
- Artificial Intelligence and Machine Learning
- Blockchain & Crypto Currencies
- Data Exfiltration
- Digital ID
- Financial Cyber Crimes
- Healthcare Cyber Attacks & Privacy Breaches
- Hybrid Workplace
- Internet of Everything
- Privacy Legislation
- Quantum Computing
- Smart Cities
- State Sponsored Terrorism
- The Metaverse
All entries must be received by midnight of October 31, 2022. Invited speakers will be notified by November 30, 2022.
Submissions will be accepted electronically using the form below.
Have Questions or Need More Information?
- For conference content, themes and agenda questions, please contact: firstname.lastname@example.org
- For venue and conference administration questions, please contact: Reboot Communications Ltd. at 1-250-388-6060, or email@example.com
- For sponsorship questions, please contact Reboot Communications Ltd. at 1-250-388-6060 or firstname.lastname@example.org
- Submissions will only be accepted electronically
Please find below a list of recommended books that we suggest you check out (all written by various speakers from our events).
Title: Facing Our Futures: How foresight, futures design and strategy creates prosperity and growth
Author: Nikolas Badminton
Description: A fascinating insight into how professionals and businesses can develop their foresight and strategy to ensure that they are prepared for an unpredictable future. In Facing Our Futures, Nikolas Badminton draws upon his decades of experience as a consultant and futurist to provide readers with the skillset and outlook they need to prepare their organization, team and themselves for whatever obstacles the future may hold. CEOs, executive teams, government leaders and policy makers need to gain a broader perspective and a firmer grasp on how their relevant industry, society or community is evolving and changing. Once they have acquired this foresight, they need to then discover how to fully harness it – by strengthening their foundations, forecasting and establishing a resilient and adaptable strategy. Facing Our Futures acts as a primer on the value of seeing how bad things can get and the power in imagining these futures. It also provides a proven strategic planning and foresight methodology – the Positive Dystopia Canvas (PDC) – that allows leaders to supercharge their teams to build evocative visions of futures that strengthen planning today.
(Canadian Delegates – Use code FUTURIST at checkout to save 30% when pre-ordering)
(US Delegates – Use code FUTURES at checkout to save 30% when pre-ordering)
Order Here in Canada
Order Here in the US
Title: Canada: The State of the Federation 2022 – Financial Crime in Canada
Edited By: Christian Leuprecht & Jamie Ferrill
Description: Uncovering the hidden flows of dirty money into, out of, and throughout Canada.
Canada: The State of the Federation 2022 identifies federal and provincial trends that have inadvertently enabled the proliferation of this illicit activity. Showcasing an array of the best multidisciplinary research and experience, the volume demystifies financial crime, thus raising the level of awareness and public debate.
Contributors include Sanaa Ahmed, John Cassara, Garry Clement, Arthur J. Cockfield, Caroline Dugas, Jamie Ferrill, Cameron Field, Michelle Gallant, Peter German, Todd Hataley, Christian Leuprecht, David Mainmon, Katarzyna McNaughton, Denis Meunier, Pierre-Luc Pomerlau, Stephen Schneider, Pamela E. Simpson, and Jeffrey Simser.
(Use code MQTS for a 30% pre-publication discount- Forthcoming December 2022)
Title: I Was Never Here: My True Canadian Spy Story of Coffees, Code Names, and Covert Operations in the Age of Terrorism
Author: Andrew Kirsch
Description: Andrew Kirsch didn’t grow up watching spy movies, or dreaming about being a real-life James Bond. He was hardly aware that Canada even had its own intelligence service – let alone knew what its officers did. But when a terrorist attack occurred near the office of his financial services job, all of a sudden fighting terrorism meant a lot more to him than the markets. Within 18 months he had landed a job with the Canadian Security Intelligence Service (CSIS) – where he spent the next decade of his life.
In I Was Never Here, Kirsch (now an in-demand security consultant) spills the secrets of what life as an intelligence officer is really like, and dispels a few myths along the way. With humour, honesty, and candour, Kirsch shares his on-the-ground experience (or as much of it as he’s allowed to) of becoming a member of CSIS: from his vetting and training, to his initial desk job as a policy analyst, to his rise up the ranks to leading covert special operations missions. If you’ve ever wondered whether spies can have real dating lives, how they handle family responsibilities, or how they come up with cover stories or aliases, you’re in luck.
From the time he tried to get the code names “Burgundy” and “Anchorman” assigned to human sources (with no luck), to the night a covert operation was almost thwarted by a flyer delivery man, Kirsch takes you behind the scenes with an authentic view of Canada’s spy agency, and the intricate intelligence-sharing apparatus that works day and night to keep us safe. I Was Never Here is also a testament to one man’s drive to serve his country, and the sacrifices, big and small, that he made along the way.
Title: Time Based Security: Adding Measurement, Detection, and Reaction Time to Cybersecurity.
Author: Winn Schwartau
Description: Time Based Security in a Nutshell
The model for Time Based Security (TBS) originated with conversations with Bob Ayers, formerly of the Defense Information Systems Agency (DISA) over a period of years.
As a result of many napkin drawings, especially in Warsaw, Poland, TBS was born. In the two years since we spent hours and days arguing over the principles, I have had the opportunity to develop TBS into a workable mathematical model for quantification of security.
I have always maintained that to offer a reasonable defense, one has to know how to attack networks. So, TBS, here we go.
Defensive Products Do Not and Cannot Work.
The current and prevalent methods to defend networks against attack is an approach 10,000 years old based upon classic military strategy: build your defensive walls as high as you can to keep the bad guys out. This is also known as Fortress Mentality. However, it hasn’t worked since the dawn of time and still doesn’t work.
This fundamental error in historical judgement, though, was what modern defensive information security was based on: how can we build the walls around our networks high enough to keep the bad guys out. Oops! Wrong again. They began with the false premise that they could in fact keep the bad guys out and them compounded the error in the erroneous belief that everyone who had access to the networks was already cleared as a good guy; a pro-US gung-ho Marine-like good guy..
When the Trojans let the drawbridge to their city descend to admit the horse, they were networking with the outside world. When the Germans bypassed the Maginot Line, they created a network with the French – right or wrong. When people sailed over or around the Berlin Wall, the network connection was made. Thus, the principle of Fortress Mentality began to collapse as a viable defensive posture.
Title: Reverse Deception: Organized Cyber Threat Counter-Exploitation
Authors: Gregory Carpenter, Sean Bodmer, Dr. Max Kilger and Jade Jones
Description: In-depth counterintelligence tactics to fight cyber-espionage
Expose, pursue, and prosecute the perpetrators of advanced persistent threats (APTs) using the tested security techniques and real-world case studies featured in this one-of-a-kind guide. Reverse Deception: Organized Cyber Threat Counter-Exploitation shows how to assess your network’s vulnerabilities, zero in on targets, and effectively block intruders. Discover how to set up digital traps, misdirect and divert attackers, configure honeypots, mitigate encrypted crimeware, and identify malicious software groups. The expert authors provide full coverage of legal and ethical issues, operational vetting, and security team management.
- Establish the goals and scope of your reverse deception campaign
- Identify, analyze, and block APTs
- Engage and catch nefarious individuals and their organizations
- Assemble cyber-profiles, incident analyses, and intelligence reports
- Uncover, eliminate, and autopsy crimeware, trojans, and botnets
- Work with intrusion detection, anti-virus, and digital forensics tools
- Employ stealth honeynet, honeypot, and sandbox technologies
- Communicate and collaborate with legal teams and law enforcement
Title: Analogue Network Security: Time, Broken Stuff, Engineering, Systems, My Audio Career, and Other Musings on Six Decades of Thinking About it All
Author: Winn Schwartau. Design by Kayley Melton
Description: Why Analogue Security?
The Best Cybersecurity Book of all Time: Analogue Network Security by Winn Schwartau
In 1972, the Anderson reference monitor security model was introduced. Static fortress mentality was, (and still is), fundamentally how information security is implemented. Along came Bell, LaPadula, and Biba a few years later, with some enhancements, notably for MLS, multi-level security systems.
In 1987, the U.S. Department of Defense published the Red Book, The Trusted Network Interpretation of the lauded 1983-85 Orange Book that set forth many of the principles for information security. The results were, essentially, “We have no earthly idea how to secure a network.”
Today, we now assume our networks are P0wn3d– already infiltrated by hostiles.
We know that by adding more technology, our security problems will go away. We think of the network as a single thing and attempt to protect it as such. It isn’t, and we can’t.
TCP/IP. It was just an experiment. Today, it is the inter-infrastructural foundation of civilization. The Internet of Things is adding so-called intelligence to some 50+ billion endpoints and trillions of sensors. Where’s the security? The privacy?
Massive new projects, using next generation products, from quarterly profit-incented vendors, promise the same old stuff all over again. The ultimate déjà vu epic fail of security. Is this any way to run a planet?
C’mon, fifty years of practice and we’re still…? Well, screw it. You’ll see.
Security requires a single, interdisciplinary metric for the cyber, physical, and human domains. Digital is not binary.
Then, for me, things fell into place. I have a few ideas I’d like to share.
Title: BREACHED! Why Data Security Law Fails and How to Improve It
Author: Daniel J. Solove & Woodrow Hartzog
Description: A novel account of how the law contributes to the insecurity of our data and a bold way to rethink it.
Digital connections permeate our lives and so do data breaches. It is alarming how difficult it is to create rules for securing our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached!, Daniel Solove and Woodrow Hartzog, two of the world’s leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself.
Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through a different approach to data security rules. Current law is counterproductive. It pummels organizations that have suffered a breach but doesn’t address the many other actors that contribute to the problem: software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.