Teaser Description The world of cybersecurity is vast and diverse. Building on the concepts we covered last year, I propose to explore the implementation of the “less is more” principle. Come and explore with me the road less traveled, which is to delve deeper into the Microsoft 365 and Azure platforms, with the aim of creating a series of cyber-defenses that will ultimately offer you 360° visibility of what’s going on in your environment.

Teaser Description In 1999, Bruce Scheier popularized the concept that cybersecurity is a matter of people-process-technology. However, more than two decades later, we still seem to be putting more emphasis on technology. How many times have we heard the adage that “humans are the weakest link”? While artificial intelligence (AI) is on everyone’s lips, what about human intelligence (HI)? Drawing on behavioral psychology and neuroscience, as well as real-life examples, learn how HI can help you better understand how to influence and engage stakeholders in cybersecurity and data protection.

Teaser Description A person who has never made a mistake has never tried to innovate (Albert E). Information technology, by its very nature, opens the door to innovation, optimization… and sometimes creativity. But mistakes in IT are never far away, and they can quickly become costly through security breaches. Availability, Integrity, Confidentiality. In our 20 years of experience, we’ve seen some great failure stories that we’d like to share with you, because other people’s mistakes are free.

Teaser Description A person who has never made a mistake has never tried to innovate (Albert E). Information technology, by its very nature, opens the door to innovation, optimization… and sometimes creativity. But mistakes in IT are never far away, and they can quickly become costly through security breaches. Availability, Integrity, Confidentiality. In our 20 years of experience, we’ve seen some great failure stories that we’d like to share with you, because other people’s mistakes are free.

Teaser Description The field of security is opaque to the average person. As professionals, we often discuss threats that are either theoretical, or would affect 0.01% of organizations and individuals. In the media or on social networks, where non-specialists are present, this has a negative effect: why use a password manager if “quantum computing will destroy encryption soon”? This drift is amplified by outdated advice and exaggerated threats, often justified by good old FUD (Fear, Uncertainty, and Doubt).

Teaser Description Discover the latest advances in AI security. This session explores techniques for protecting LLM models, from training to inference, and highlights innovative tools for securing model input and output in production. About the speaker Nicolas Bédard Google Professional Cloud Architect Nicolas Bédard is a Google Cloud solutions architect specializing in cybersecurity. Working in IT for 20 years, Nicolas holds industry certifications such as Google Professional Cloud Architect (PCA), Professional Cloud Security Engineer, Palo Alto Networks PCNSE, Forrester Zero-Trust Strategist and is based in Montreal, Canada.

Teaser Description SMEs have become a prime target for cybercriminals. Typically, this vulnerability is due to the immaturity, or simply absence, of a cybersecurity program in these companies. In this workshop, I will present the theoretical foundations of incident management in small businesses. Then I’ll take a concrete look at how to react to an incident in a small business without preparation, by presenting actions and tools. In this way, you’ll be equipped with the concepts and practical tools you need to intervene more effectively in the event of an incident.

Teaser Description Modern infostealer malware has evolved far beyond simple credential collectors into sophisticated tools that capture the complete digital footprint of their victims. In this in-depth technical analysis, we unveil groundbreaking research into the architecture of this malware, its attack chains and defensive countermeasures. Through the study of real-life compromise scenarios, including desktop screenshots taken at the time of infection, we show how malicious actors exploit compromised ad networks and Trojanized software for mass distribution.

Teaser Description In a world where more than half of all data breaches involve non-malicious users, reinforcing the security posture goes far beyond technology: it relies above all on human behavior. And to change that behavior, we need to communicate better. Do you want to strengthen security within your organization? Communication is the key to explaining clearly, convincing effectively and mobilizing sustainably. Find out how to apply proven techniques to:

Teaser Description As more and more companies migrate to cloud platforms such as Azure, AWS and GCP, we are also seeing an increase in the number of attacks taking place on these platforms. These attacks exploit techniques specific to public cloud providers, and can sometimes also result in surprising threats and risks. Based on several recent incidents in Quebec, we’re going to present the usual threat scenarios, the issues involved in this type of investigation, and the best practices to put in place.

Teaser Retrospective Description In a world where critical infrastructures are increasingly dependent on digital technologies, the cybersecurity of operational technologies (OT) and industrial control systems (ICS) is a crucial issue. My presentation will cover the following points: Definition and importance of industrial cybersecurity: What is industrial cybersecurity, and how does it differ from traditional IT cybersecurity? Why has it become a priority for organizations? Panorama of past TO attacks: An overview of major attacks on critical infrastructures and their devastating impact (Stuxnet, Sandworm, etc.

Teaser Retrospective Description AI is rapidly transforming the world and is poised to revolutionize industries as profound as the Internet, electricity and printing. As a cybersecurity expert at Google, I’ve gained insight into the emerging AI security landscape. Interacting with customers who are implementing AI within their organizations, I’ve seen the breadth of AI security challenges that permeate every aspect of a company’s operations. This session will delve into my experiences at Google, highlighting the urgency of AI security preparedness and equipping you with strategies to proactively address these challenges.

Teaser Retrospective Description As a dynamic and constantly evolving field, cybersecurity requires rapid, informed decision-making. However, an often underestimated aspect of this process is decision fatigue, which can compromise the quality of strategic and operational choices in IT security. This presentation will look at decision fatigue, its specific impact on cybersecurity professionals, and offer concrete strategies for overcoming the challenges of the field without being overwhelmed. Real-life experiences will be shared, illustrating how decision fatigue can negatively influence security operations such as incident management, vulnerability management and offensive security activities.

Teaser Retrospective Description During 2023, Chinese interference in Canada was at the heart of the news. On the digital side, “APTs” attacker groups linked to China have been particularly active, conducting numerous cyberespionage operations. Researchers at ESET – a major provider of security solutions with a research office in Montreal – have acquired expertise in the analysis and intelligence of cyberattacks attributed to China. We have thus identified cyber espionage operations against governments, strategic companies (defense or high technology sectors for example) and individuals linked to the “five poisons” (activists for the independence of Taiwan, the Uighurs, the Tibetans , Falun Gong and pro-democracy activists).

Teaser Retrospective Description Technology is now everywhere and omniscient! It then allows for oppression, violence and even worse in certain conditions and in all spheres of human life and we will see that the spectrum is large and the borders are grayer or even non-existent. Moreover, all this affects all age stages from 7 to 77 years old, there are no longer many limits here either. We will travel this winding and more than rough path in order to know what we expose ourselves to and especially how we expose others and sometimes without really wanting to hurt either.

Teaser Retrospective Description Cybersecurity and compliance are two essential aspects of data management and information protection in today’s digital world. This presentation will explore in depth the links and nuances between these two areas crucial to the security of businesses and organizations. Nadhir Khayati Founder & CEO - Socurely

Teaser Retrospective Description The presentation will shed light on the behind-the-scenes of scientific research by exploring the need to understand and analyze previous studies that arrive at results divergent from ours. Two case studies will be presented. In the first case, we question researchers who claim to observe an increased risk of being a victim of cybercrime during the holiday season. In the second case, we will refute a study which mentions that attackers only use leaked passwords exclusively to carry out brute force attacks.

Teaser Description A true story of the discovery of a Korean “spyware”, which was unknowingly a precursor to new regulations in terms of mobile app privacy. The aim of the story is to highlight the importance of the new privacy laws and expose bad industry practices. These lead to interesting discoveries affecting both companies and their employees in their personal lives. About the speaker Mickael Nadeau Co-Founder CEO/CTO - CYBERDEFENSE AI

Teaser Description Discover one of the most significant phenomena of the technological era: the integration of generative Artificial Intelligence in the field of cybersecurity. The year 2023 was a watershed year, seeing many cybersecurity players adopt this technology to increase analyst productivity, automate processes and refine threat detection. This conference will plunge you into the heart of this revolution, addressing the dazzling speed of the evolution of generative AI and the challenges it raises: from the mitigation of hallucinations to questions of costs and licensing, without forgetting the issues of legal responsibility in an often vague legal framework.

Teaser Retrospective Description While nowadays subcontracting in companies is omnipresent, sometimes even in extreme proportions, this presentation will provide an overview of the issues specific to risk management in a subcontracting context. Starting with the origins of outsourcing and the reasons why companies end up entrusting sometimes critical services to partners, the presentation will address the risks represented by the different types of subcontracting. Using real cases of recent attacks as well as the entry into force of certain regulations, questions on the security of data entrusted to partners will be presented.

Ensuring security through rapid data analysis Learning to analyze data at the speed of the business will ensure your security, fraud, and compliance teams can detect and investigate unwanted activity to quickly find anomalies and reduce loss of resources, reputation, and organizational efficiencies. Explore the world of data through your senses and learn how to search for anomalous behavior, transactional anomalies, and leverage Machine Learning (AI?) to experience data. About the speaker Matthew Joseff At an early age, Matthew had a passion for computers and game theory; he started out setting up computers at trade shows and managed an ISP while at university.

Teaser Retrospective Description The architectures developed over the last two decades are riddled with dark corners and weaknesses that open the door to cybercriminals. When we consider that the goal is to have greater visibility of what’s going on in the environment, we need to rethink the technology selection process to ensure maximum integration. “Less is more”, Simplify, to maximize compatibility, reduce blind spots and, above all, enable operations teams to delve deeper into the selected technology portfolio, instead of mastering a centimeter deep by 1 km wide.

Teaser Retrospective Full conference Description During this presentation, the speaker will walk you through an investigation of a realistic incident representative of the attacks currently observed on this type of environment (AWS). Through this fictitious investigation, a review of the native security controls and their importance will be performed. Additional Open-Source tools, useful in the context of an investigation, will also be presented. The following topics will be covered: network security, logging, automated response, intrusion detection, privilege abuse.

Teaser Retrospective Full conference Description Are you curious to know “How to fail your crisis management”? Great! You’ve come to the right place! We will show you the 8 most effective strategies to sabotage your crisis management, but not only! Because crisis management is serious! We’ll also give you 9 keys to successful crisis management. You will then be able to watch others get their feet wet and say to yourself “oh my, I wouldn’t do that!

Teaser Retrospective Full conference Description The importance of integrating Cyber Threat Intelligence (CTI) into the defense plan of any organization that has reached a certain level of maturity in cybersecurity is clear. CTI allows to enrich existing tools to increase threat detection & identification capabilities and to add context around new attacks to be able to decide the best actions to take to protect against them. If a lot has been said about the use of CTI from the point of view of organizations that use it (or should!

Description Come to the conference to see and hear what Dimitri McKay has in store for us! About the speaker Dimitri McKay Principal Security Strategist / CISO Advisor Dimitri McKay has held a list of positions in the security space through his twenty plus years of working with Fortune 500 companies in and around security best practices, architecture and design. His education began at Harvard University, and continued with a number of acronymed certifications.

Retrospective Full conference Description Remote Desktop Protocol (RDP) allows users to connect to computers remotely. The pandemic has dramatically increased the number of people using RDP services to work from home. The high number of computers accessible via RDP and the popularity of default usernames and weak passwords have made RDP a prime entry point for hackers seeking to break into an organization’s network. As a result, it is likely that any computer exposing RDP to the Internet is of interest to malicious actors and is susceptible to frequent attacks.

Retrospective Full conference Description Remote Desktop Protocol (RDP) allows users to connect to computers remotely. The pandemic has dramatically increased the number of people using RDP services to work from home. The high number of computers accessible via RDP and the popularity of default usernames and weak passwords have made RDP a prime entry point for hackers seeking to break into an organization’s network. As a result, it is likely that any computer exposing RDP to the Internet is of interest to malicious actors and is susceptible to frequent attacks.

Teaser Retrospective Full conference

Teaser Description For years we have heard “it’s not ‘if’ we will suffer a cyber attack, but rather ‘when’”. This sentence is true and it makes sense, but we also underestimate what happens from day 0 of the incident and in the months and years that follow… By dissecting the different phases experienced following a major cyber attack on his organization, Alex will share his experience and his findings that have changed his perceptions on the management of major cyber attacks beyond the technical aspects and theory.

Teaser Retrospective Full conference Description Join us in our overview of different attack vectors studied by the Unit42 research team at Palo Alto Networks and how a DevSecOps approach can help bring security and development teams together and implement the continuous loop of hybrid cloud posture improvement. Docker, Kubernetes, Azure, GCP, SCM, CI/CD and GitOps will be on the menu to unify two traditionally parallel teams. About the speaker Kevin C-Dubois Architecture consultant - Cybersecurity

Teaser Retrospective Full conference Description Over the last decade, the Zero Trust Architecture (ZTA) has become the new standard for IT security: while the basic concepts of ZTA have remained unchanged, the architecture itself has evolved significantly over the same period to add identity, systems, contextual telemetry, feedback loops, continuous assessment, etc., to the initial micro-segmentation concept. Having accompanied many companies in their efforts to deploy their ZTA over the last 10 years, we must admit that few of them have been able to implement it despite their real desire to adopt it.

Teaser Retrospective Full conference Description Several cyber attacks such as NotPetya, Industroyer or BlackEnergy have targeted Ukraine for almost 10 years and tried to paralyze essential sectors of the territory. The 2022 invasion of Ukraine was also accompanied by numerous cyberspace operations. ESET is a leading provider of security solutions in Ukraine. Its research teams, including its including its Montreal office, have been on the front lines of analyzing and responding to these attacks.

Teaser Retrospective Full conference Description Several cyber attacks such as NotPetya, Industroyer or BlackEnergy have targeted Ukraine for almost 10 years and tried to paralyze essential sectors of the territory. The 2022 invasion of Ukraine was also accompanied by numerous cyberspace operations. ESET is a leading provider of security solutions in Ukraine. Its research teams, including its including its Montreal office, have been on the front lines of analyzing and responding to these attacks.

Splunk

Splunk

In-Sec-M

Crise et Résilience

GoSecure

Cyberswat

Fortinet

Hackers Without Borders

PolySécure

Prompt

Cyber Eco

PolySécure

Teaser Description A domain name (NDD in French abbreviated notation or DN for Domain Name in English) is, in the domain name system “DNS”, an internet domain identifier. There is often confusion between Domain Name (NDD/DN) and the Domain Name System/Protocol (DNS) this is surely due to an abuse of language and there are more than 40 of them now. A few years ago, when the Internet was in its infancy, the only way to access the site you wanted to visit was to enter the IP address, that long series of numbers, into the window of your Navigator.

Intrasecure Inc.

Cyber Citoyen

Flare

Cyber Eco

Isaca - Quebec Chapter

PolySécure

Gravure Boréal

Alain Photo

Halexia Event

Alithya

GoSecure

Cyberswat

Flare

Crise et Résilience

Intrasecure Inc.

Fortinet

Cyber Citoyen

PolySécure

Prompt

Cyber Eco

PolySécure

Cyber Eco

Isaca - Quebec Chapter

PolySécure

Gravure Boréal

Alain Photo

Halexia Event

Splunk

Splunk

In-Sec-M

Alithya

Hackers Without Borders