(ISC)² Toronto Chapter Meeting @ SecureWorld Toronto 2019

April 24, 2019 – Both the SecureWorld Toronto 2019 conference and Chapter Meeting were great successes.  The Toronto Chapter successes were made possible by the support and generosity from SecureWorld, our volunteers, our guest speakers, the hard work of our Chapter Team in the months and weeks leading up to the event, and especially the members who attended!

The Chapter Team would like to thank SecureWorld and their organizers, notably Paul Scott, for all of their generosity at the SecureWorld Toronto 2019 conference.   Their team was extremely helpful to the Chapter through providing a booth at the expo and conference room for our Chapter Meeting, as well as ensuring smooth operations throughout the day.

At our booth we met with familiar faces and more than a few new ones.  Our team was able to reaffirm existing and start new relationships with individuals, companies and other organizations with the goal of bringing more value back to our Chapter Members, the Center for Cyber Safety & Education, and to support other Chapter initiatives.

As typical, our Chapter meeting was crammed full with as much content for our members as we could muster. We did a brief overview of Chapter updates and initiatives (see our website and social media for more details in the upcoming weeks!) and had four speakers who generously contributed their time to our members.

Greg Thompson updated the Chapter on the CCSE and fielded questions about the outreach and fundraising efforts underway.  CCSE initiatives are really solidifying and the Chapter is excited about how we can support their objectives to raise cybersecurity awareness with these most at-risk groups.  A truly worthy endeavour!

Karen Nemani introduced the Chapter to the Ontario affiliate of Women in Cyber Security (WiCyS), a group focused on the promotion of women in cybersecurity and focused on assisting with education and career development of their members.  

Sahba Kazerooni presented a personal message of how to more closely align security service vendors with internal CISO teams.  He related from his own experiences of being on both sides of the table of how the perspectives and objectives can be improved for all involved.  Excellent takeaways for both service providers and internal security teams!

Altaz Valani presented a very insightful message based on their research of where a gap exists between high level security policies and execution of those policies, and how to be more effective at closing that gap – an interesting topic certainly worth considering for another follow up to explore in more depth!

To All Attendees:

Please remember to submit your own CPEs for the Secure World conference. As our event ran longer than the actual conference, some of you might not have been able to collect your certificate from their organizers; in this case, please reach out directly to them to get a copy of your certificate for the day.

Chapter Meeting CPEs –

The Chapter must submit the CPEs for the Chapter Meeting on your behalf.  If you completed the survey at the end of the Chapter Meeting, your Chapter team will submit your CPEs for you to (ISC)².  If you had to leave before the end, please contact [email protected] BEFORE May 6th so we can get the info from you to complete that submission.

All of the presentations will be made available shortly in PDF format; please keep an eye out for that message if you would like to have a copy of those items.

Chapter Meeting @ Secure World – UPDATE

Update to the Secure World 2019 eventhttps://bit.ly/2FZ5Mgo

Be sure to use the Chapter discount codes when signing up for Secure World!

The Chapter Team has been working hard to fill our chapter meeting with (ISC)² updates, news and presentations from some great speakers.  Drop by our table at the expo throughout the day to say hello and meet your Chapter Team, join us for our Chapter Meeting (2 CPEs) and stay for the reception.

Questions & Volunteers – please e-mail [email protected]

Chapter Meeting Agenda @ 3PM.

Chapter Update

  • 2019 Activities and Objectives, upcoming events and info from (ISC)² about what they’re working on for their members, Chapters and important membership dues/CPE changes.

Center for Cyber Safety & Education

Greg Thompson (VP, CISO for Manulife) will provide an update on the CCSE’s 2019 initiatives, their upcoming events in the works and developments with the Safe & Secure program.

Ontario Chapter of Women in Cyber Security

Karen Nemani (Director of Risk, Compliance and Projects, IACS for Opentext) will introduce WiCyS Ontario and speak to what their group is doing in 2019.  They will be sharing our booth in the expo throughout the day, so please be sure to stop by and say hello!

Aligning Service Providers with CISO Teams

Sahba Kazerooni (CISO for Aviva Canada), having been on both sides of the table, will be presenting his insights into the disconnects than can exist between how service providers and CISO teams see the cybersecurity world.

Addressing the Gap Between Security Policies and Execution

Altaz Valani (Research Director for Security Compass) will speak to how, in a practical way, organizations can build a P&P pipeline to address the needs of both strategic level resiliencey & risk management and tactical operating procedures for project teams.

Chapter Meeting @ SecureWorld 2019

Your Toronto Chapter Team has been working hard behind the scenes and are pleased to announce our collaboration with SecureWorld for their Toronto event APRIL 24, 2019 at the BEANFIELD CENTER (EXHIBITION PLACE). THIS FLYER has your (ISC)² Chapter discount codes and registration link.

Throughout the day, the Chapter will be manning a table in the Expo area in collaboration. We will be hosting a Chapter Meeting at 3pm EST where we will provide an update on Chapter initiatives for 2019 and where guest speakers will address cybersecurity priorities that affect everyone day in and day out. The chapter will close out this meeting with a reception for networking and catching up with your peers and colleagues.

We have arranged for discounted pricing for (ISC)² Toronto Chapter members and it’s a great opportunity to earn a number of CPEs for 2019.

Please join us at what is to be sure to be a great event!

** If you can volunteer some time to help with part of the trade show table and/or the event, please contact [email protected]. We would certainly appreciate any/all help we can get from our members! **

Kind Regards,

Your (ISC)² Toronto Chapter Team

Safe & Secure

To all (ISC)² Toronto Chapter members who are interested in participating in the Safe and Secure Online initiative, please contact [email protected].

Please include your Full Name, (ISC)² Cert Number, area within GTA that would be most convenient for you, e-mail address and phone number that you can be reached at.

We are working towards developing opportunities for accredited members to raise cybersecurity awareness with students, educators and parents throughout the GTA. We are working with the Center for Cyber Safety and Education to assist those who are interested in volunteering their time to help others. We can assist with the presentation materials, prep work, partnering up on delivery and making introductions.

Additional information can be found at the Safe and Secure site and the CPEs that you can earn are detailed in the CPE Handbook.

Cybersafety is a top priority with educators and they are very appreciative of any assistance with raising the awareness with their students, teachers and parents.

Thank you

The (ISC)² Toronto Chapter Board

(ISC)² DevSecOps Email / Course

As an (ISC)² member you may have received an e-mail from [email protected].com notifying you that you have been enrolled into a course titled ISC2-DEVSECOPS-MBR – DevSecOps: Integrating Security into DevOps.  The e-mail has a link and instructions to login with the e-mail address you associated with (ISC)².

Perhaps, like others, you were wondering what this was about and if it was legit.  Short answer is, yes…it’s a legit education course.  (ISC)² has enrolled  members into this course, and as is with a lot of their other content delivered by Brightspace.

The online course has an intro, 5 modules, an assessment, a survey and a list of references.  Not sure how long it is at this point, but if you go through the material and achieve a min of 70% on the assessment, you’ll receive 5 Class A CPEs.

DevOps, merging agile development with Ops (security incl) throughout the development life-cycle, has gained a lot of traction where business lines want rapid development of systems with reliable delivery.  Add in everyone focusing on security throughout that life-cycle and you get DevSecOps.

ISC2-DEVSECOPS-MBR – DevSecOps: Integrating Security into DevOps

Module 1: What is DevOps, concepts and foundations
Module 2: Develop a Security Strategy within DevOps
Module 3: Changing the Culture: A How-To
Module 4: Implementing a Successful DevSecOps Program
Module 5:  Monitoring and Key Performance Indicators

Chapter Meeting – February 26, 2018

We are pleased to announce our next chapter meeting will be held on Monday February 26th 2018.

Time: 6:00-8:00pm (venue open from 5:30pm, presentations begin at 6pm)
Location: The Gallery, Exchange Tower, 130 King St W

Eren Girgin will discuss how TMX is utilizing the Kenna vulnerability management platform with integrated threat & exploit intelligence and how it helps TMX to make intelligent decisions for remediation and risk assessment efforts.

Eren is a Sr. Security Leader (Director) at TMX responsible for the Security Operations Center. Eren has been practicing information security since 1996 and for the last five years, Eren has been focusing on transforming traditional SOCs into “Threat Intelligence based” security operations centers, including the integration of operational and tactical threat intelligence into security infrastructure and developing use cases for anomaly detection. Eren studied computer science & programming and earned his executive MBA in 1999 through the Manchester School of Business MBA Program. Eren has the CISSP, CRISC and Sarbanes Oxley (CSOE) certifications as well as various certifications for different operating systems and platforms.

Irfahn Khimji will be discussing translating security to the business. As security professionals we are often asked what the heck we are actually doing and why the business should continue to spend money on us. This talk will help put some context around what it is we do and how to convey that to the laymen that sign our paycheques.

Irfahn has been working in the information security space for over ten years focused on vulnerability detection and risk calculation. Most recently, he has been working with large organizations to help prioritize their security spending in areas that yield the most return on investment.


Chapter Meeting – June. 12, 2017

Following our May chapter meeting, (ISC)² Toronto Chapter will be hosting another event following RiskSec Toronto at the St. Andrews Club and Conference Centre. To attend, please register at https://www.risksectoronto.com/ and enter the discount code ISC2MEETING. Select “(ISC)2 Meeting Only” from the list and you will be able to register for FREE. Please note this will not give you access to the conference sessions.

Where: St. Andrews Club and Conference Centre – Room L4 (150 King Street West)
When: June 12th, 2017 & 6pm

Speaker: Neumann Lim, Lead IT Network and Security Architect, Detour Gold Corporation
Neumann Lim is a Enterprise Security Architect responsible for developing Detour’s enterprise security architecture, strategies and methodologies on cyber security. Prior to this role, he worked with enterprises such as, Microsoft, Cognizant, and Johnson Control, specializing in incident response. Neumann has over 8 years of cyber security and networking experience. He currently holds the CISSP, CCNA and CHFI certifications and is an active member of various security organizations such as HTCIA, (ISC)² and the Cloud Security Alliance.

Title: Breach Incident Response Plan: Preparedness is the best defense
Learn why it’s important to have an incident response plan, how to create one and what to do during the first 24 hours of a breach. We’ll explain what you need to know about notifying your customers, or employees based on the upcoming Digital Privacy Law.

Breach Incident Response


Chapter Meeting – May. 23, 2017

Hi All,

Greg Thompson has again graciously offered to host our next (ISC)² chapter meeting at Scotiabank on May 23, 2017 (next Tuesday). The focus of this event will be around data privacy. We have two great speakers lined up. Information below:

Where: 40 King Street West, Main floor , take escalator to second floor atrium.
When: May 23, 2017 – 5:30 – 7:30

Food and beverages will be provided.

Speaker: Nick Van Exan
Privacy & Pwnage: Managing Privacy Law Risks Before and After a Data Breach

Government regulation and class action litigation in the area of privacy law has increased dramatically over the last few years, particularly with respect to data breaches. Companies are now exposed to large risks and liabilities for data breaches, as demonstrated by the recent class action lawsuit against Ashley Madison for $760,000,000. In this talk, you’ll get an overview of the law of privacy as it relates to data breaches, and learn how you as a security professional can help mitigate legal risk both before and after a data breach occurs. Privacy & Pwnage

Speaker: Amalia Steiu
Privacy Analysis of Canada’s New Cyber Security Strategy

This presentation brings the audience up to speed with the proposed 2016 Cyber Security Strategy from Public Safety Canada, the unprecedented global DDoS attack of October 2016 which led to massive outages for Twitter, Paypal and Spotify as well as a host of Canadian organizations, how Canada can protect its national security interests and take the lead in helping the private sector, based on the new proposed Cyber Security Strategy. IAPP_CS17_PrivacyAnalysis_CyberSecurity_Strategy

As always, attendance is free and no preregistration. Hope to see you all there.


Chapter Meeting – Jan. 24, 2017

Greg Thompson has graciously provided us a venue at Scotiabank on January 24, 2017 for our next (ISC)² chapter meeting . The primary focus of this event will be (ISC)²’s Safe and Secure program.

Dan Waddell, who is the (ISC)² Managing Director for the North American region will be speaking about the Safe and Secure program.

You can read about Safe and Secure here:

Location Information:

Where: 40 King Street West (2nd floor atrium) – https://goo.gl/maps/KtuA85mMVDn
When: January 24, 2017 – 5:30 – 7:30

Pizza and beverages will be provided.

Hope to see you all there.

Chapter Meeting – Mar. 16, 2016

The next chapter meeting will be hosted at PwC @ 18 York, March 16, 2016 from 18:00 – 21:00. Come enjoy great talks, pizza & pop, and network with your fellow security peers.

18 York St. – 3rd Floor (Marshall McLuhan/John Kenneth Galbraith)
Toronto, Ontario
M5J 0B2


Paul Langley
Sr. Information Security Advisor | Pragmatic Security Evangelist
CYA – A Pragmatic Approach to Third Party Risk Assurance Current approaches to third party risk assurance typically ask the wrong questions, focus on the wrong things and are generally a waste of time. The talk will discuss risk assurance from two perspectives; as a service provider how and why you need to provide security assurance to prospects and customers and from a customer perspective, how to evaluate the security of service providers.

Ryan Krukoski, CISSP
Network Security & Compliance Consultant at Loblaw Companies Limited
Keys From The Keynotes: A recap of the key messages from RSA 2016

As before, we will track and submit attendance to (ISC)² on behalf of our members through Educredu. If you haven’t done so already, remember to sign-up, add your credentials, and track the event (https://www.educredu.me/p/gc/BWXeJgWtAZ). Also remember to sign-in when you arrive to the meeting, otherwise we may not be able to confirm your attendance.