Agenda

• Assorted Pastries, Muffins, and Granola Bars
• Fresh Fruit
• Coffee & Tea
• Fruit Juice

Recent breaches of Fortune 500 companies have highlighted the devastating impact of third-party risk. It’s not a matter of if, but when, a third-party risk will materialize. This presentation will explore the unavoidable risks associated with third-party partnerships and provide actionable strategies for mitigating these threats. We will discuss real-world examples, case studies, and best practices for managing third-party risk, enabling organizations to build resilience and protect their operations, reputation, and bottom line.

• Sandwiches (Selection)
• Fresh Baked Cookies
• Kettle Cookes Potatoe Chips
• Chopped Salad w/ Dressing
• Bottled Water or Soft Drink

Are AI-driven cyberattacks worrying you? Are you seeing an increase in attacks? Where are the attacks coming from? What’s the target? Is it really an attack? What about the Cloud?

Join us for a conversation to find out whether modern SecOps strategies and tools are enough to keep up with the increasing prevalence of AI-enabled cybercriminals. In a world where AI has empowered novice “Hacker” to become faster and more effective than ever, it’s crucial to stay informed and prepared.

Metasploit modules, reverse shells, complex attack chains… being a penetration tester can be very exciting and technically complicated, but the highest severity findings I’ve discovered during my career as a security consultant have been the result of regularly implementing some of the most basic checks that exist.

All critical findings I’ve uncovered have been associated with large industry clients and affected a great deal of user data, how could these security holes exist when these well-funded organizations run security audits on a regular basis? I’ll show you exactly how in this talk, by walking through the pentesting processes that led me to uncover critical and high severity findings in web applications over the past few years using Burp Suite and a handful of manual and automated techniques to push the boundaries of what we assume to be safe.

Are you being asked to implement a SOC, SIEM, SOAR? When was the last time you verified your backups?

Is Bob in accounting still using Dodger123 as his password for everything with no MFA enabled?

Yeah, Saskatoon smb’s don’t need advanced threat protection they need security basics.

As defenders we have been to focused on lower layers of the defensive stack: IPs, domains, URLs, SHAs. We need to elevate in order to compete against the adversary. How do we do that? We climb higher into the defensive stack and understand the adversaries targeting us and test out our capabilities

In this session we will learn about adversarial emulation and how both red and blue teams can benefit from it use. We learn about the tools available to us and then build out an operation leveraging Open Source and Commercial tools without preventive capabilities. We will then review the adversarial outcomes which includes reviewing the outcomes on our passively deployed Security portfolio. The knowledge gained ensures defensive teams understand the opportunity to increase our defenses. We will then turn on our preventive capacities across a variety of security technologies and perform the test again reviewing the results. Understanding how the adversarial approaches their victim and defenders’ ability to layer defense is a recipe for success.

The tools leveraged are used as examples and attendees are encouraged to leverage their tool of choice – the examples are only to highlight the opportunity to elevate defense and nothing more.

Thanks to Open Source Software (OSS), modern software development releases new products at an amazing speed. Open Source has many benefits, but introduces risk into your products. We’ll cover the types of risks OSS brings into your environment, and ways to handle those risks.

This will cover various approaches and tools both free and paid. Importantly, you can’t secure what you can’t see. Let’s explore how to see all your OSS in your environment, all the way up the software supply chain.

As a bonus we’ll go over things you can do to help yourself and the OSS ecosystem.

Just a quick wrap up and thank you for being amazing attendees!