Welcome to SecTor

CISO

Aiven.io

James Arlen is Aiven.io’s CISO bringing a mix of security and engineering background to DBaaS (database as a service). Over the past twenty plus years, James has been delivering information security solutions to Fortune 500, TSE 100, and major public-sector organizations.

James is best described as: “Infosec geek, hacker, social activist, author, speaker, and parent.” His areas of interest include organizational change, social engineering, blinky lights and shiny things. In addition to his work at Aiven.io, James is a Contributing Analyst at the research firm Securosis, blogger/podcaster with Liquidmatrix Security Digest, a frequent speaker at industry conferences, and is a prolific contributor to media and standards including a lead author contribution to the Cloud Security Alliance Security Guidance for Critical Areas of Cloud Computing V4. James holds the CISSP, CISA, and CRISC security certifications.

Chapter Co-Lead

OWASP Toronto

Opheliar Chan spends most of her time trying to make software security more accessible, pragmatic, and FUD-free, both as the lead of Accenture’s Application Security Advisory Services in Canada, and while moonlighting as co-lead of the OWASP Toronto Chapter. For over a decade, she has focused on application security, SDLC process consulting and implementations, program building, penetration testing/vulnerability assessments, and related. Prior to her career in consulting, she worked in security research, web application development, and technical writing.

You can usually find her in-person at OWASP Toronto Meetups, or at opheliar.chan@owasp.org.

Co-Founder

SecTor

Bruce Cowper is a founding member of the Security Education Conference Toronto (SecTor), the Toronto Area Security Klatch (TASK), the Ottawa Area Security Klatch (OASK) and an active member of numerous organizations across North America. Until recently Bruce worked for Microsoft managing security and compliance programs. Cowper joined Microsoft in 2004 and held several positions at Microsoft Canada before moving to the United States, most recently focusing on global Security Policy and Standards, and managing the Microsoft’s Government Security Program. Today he spends his time consulting on various topics from cyber security to wine and beer making.

Co-Founder and Managing Partner

Tetrel Security

Eric Evenchick is a co-founder and Managing Partner at Tetrel Security, specializing in embedded device security and bespoke tool development. His journey into embedded systems began with the development of research vehicles at the University of Waterloo in collaboration with General Motors and the US Environmental Protection Agency.

This experience propelled him into roles involving the development of automotive firmware and reverse engineering vehicle systems at companies including Tesla Motors. Prior to co-founding Tetrel Security in 2023, Eric served as Technical Director at NCC Group and as Principal Research Consultant at Atredis Partners. In these capacities, he conducted security assessments on diverse hardware and software targets, encompassing automotive systems, medical devices, cloud infrastructure, and mobile devices.

Eric holds a Bachelor of Applied Science in Electrical Engineering from the University of Waterloo. He has been a featured presenter at numerous technology and security conferences, including Black Hat, escar, SecTor, ToorCon, NorthSec, and PyCon USA. His work has garnered recognition in publications such as Wired and Forbes. Since 2019, Eric has been delivering training sessions on reverse engineering embedded systems at Black Hat conferences worldwide.

CEO

Autohost.ai

Roy Firestein is a strategist, seasoned hacker and expert in cyber security, business development and project management. He has a background in security, programming, research, management, marketing and sales with a unique ability to manage multi-disciplinary projects while navigating complex cyber challenges. Roy’s passion lies in Big Data and Machine Learning, especially when applied to cyber security. As a multi-linguist of technology-driven business, he speaks fluent geek, marketer, designer, salesperson and investor.

Senior Director, Threat Defense and Response

ServiceNow

Jamie Gamble’s experience extends across many security disciplines. As a consultant he spent years performing incident response, application security (e.g. code reviews, testing, design reviews) and offensive security (network penetration testing, red team) activities for a large range of clients. He built a threat hunting program at a top 5 North American bank whose scope included both cyber and financial crime. Currently he is leading Threat Defense and Response (Incident Response, Red Team, Detection Engineering and Threat Intel) at a large SaaS company. His involvement in the security community runs deep and has helped organize several security conferences.

Operational Security Manager

City of London

Jessica Ireland leads the information security team for the City of London. Prior to her time in the public sector, she worked in the private sector where she managed projects around critical information security processes such as security strategies, risk management governance, policies and technology selection decisions for organizations around the world. Her focus is coaching and empowering the next generation of information security leaders.

Security Engineering at a Canadian Financial Institution

Vicky Laurens is a cybersecurity professional with over two decades of experience spanning diverse industries. For more than eleven years, she has been dedicated to protecting global financial institutions from various information security risks. Vicky is a sought-after speaker at cybersecurity and industry conferences where she shares her expertise on information security and effective leadership strategies. She is a passionate leader who is focused on strategizing, implementing, and deploying new and emerging detective and preventative technologies that keep global financial institutions safe.

SecTor Review Board

Dave Lewis has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is Global Advisory CISO for Cisco. He is the founder of the security site Liquidmatrix Security Digest & podcast as well as the host of DuoTV and the Plaintext podcast. He is currently a member of the board of directors for BSides Las Vegas. Previously he served on the board of directors for ISC2 as well as being a founder of BSides Toronto conference. Dave has been a DEF CON speaker operations goon for over 10 years. Lewis also serves on the Review Board for the Black Hat Sector Security Conference and the CFP review board for 44CON. He is currently working towards his graduate degree at Harvard. Dave has previously written columns for Forbes, Dark Reading, CSO Online, Huffington Post, The Daily Swig and others. For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.

Security Architect

DeepCove Cyber

Kellman Meghu raised their children with a firewall, shamed a large airline into using SSL for check-in, served as front line for the security as some of the biggest corporations went online for the first time, spent 20 years helping every sector define, deploy, and defend their infrastructure, thinks learning a new programming language is a great way to relax on holiday, dreams in key/value pairs, is obsessed with putting everything in containers and is loving every minute of it.

CSO

Quick Intelligence

Dave Millier is a serial entrepreneur, off-road motorcycle rider and food lover. Dave has been involved in cybersecurity for almost 25 years. He founded the InfoSec company Sentry Metrics, one of Canada’s most successful MSSPs. After the sale of Sentry Metrics, Dave’s lifelong passion for reading led him to finally sit down and write his first book, Breached! In late 2014, Dave launched Uzado, a cloud-based InfoSec company focused on helping companies simplify cybersecurity by answering the questions “what now?” or “what next?” Dave sold Uzado in 2019. Dave is currently the CSO of Quick Intelligence, a boutique VAR and cybersecurity consulting company.

Security Practice Manager, AWS Canada;

President, WiCyS Ontario Affiliate

Karen Nemani (she/her) is a Cybersecurity Leader with expertise in cloud security, risk and strategy along with 25 years of cybersecurity experience across multiple domains, Karen is a thought leader in cybersecurity as well as a contributing author and mentor. She launched the first International Women in CyberSecurity (WiCyS) Ontario Affiliate that has since received the Women in Cybersecurity 2022 Affiliate Leadership Award and ITWC honoured Karen as one of Canada’s Top 20 Women in Cybersecurity in 2022. As WiCyS Ontario President, Karen works with her leadership team to build community and open doors to cybersecurity opportunities for Canadian women both in Canada and globally. Karen is part of the 2023 WiCyS Conference Program Committee and co-developed the 2023 WiCyS Mentorship Program content and in 2023 WiCyS honoured Karen with a Special Appreciation award for her many community-building contributions.

Lead Researcher - Threat Response Unit

eSentire

Maryna Neprosta is a threat research lead experienced in digital forensics, incident response and malware analysis. Maryna has successfully handled more than 100 ransomware investigations, business email compromise cases, data leakage and insider threat events. Even though Maryna’s career started with risk and vulnerability management, proactive security quickly became Maryna’s passion and area of expertise. Occasionally Maryna works on software and web development projects (Python, C, JavaScript, C#) to automate IOC & threat hunting. Besides Maryna’s direct job responsibilities, Maryna is interested in cryptography and never skips a good article on artificial intelligence advancements as it may change our industry drastically in the near future.

Chief Enablement Officer & VP Security Consulting

White Tuque

Laura Payne has built her career in IT and security over 20 years, starting at one of Canada’s largest financial institutions before moving into consulting, and currently serves as the Chief Enablement Officer & VP Security Consulting at cybersecurity firm White Tuque. Her experience covers a variety of domains, including information security governance and risk, security operations and engineering, and security leadership. She is passionate about bringing people together to solve problems in today’s increasingly complex technical landscape. Outside of work, Laura is actively engaged in mentoring professionals seeking to join the Information Security field, while also volunteering on the Review Board of SecTor, Canada’s largest security conference. In addition, she chairs the Program Advisory Committee for Seneca College’s School of Information Technology Administration & Security. Laura holds an Honours Bachelor of Applied Science in Systems Design Engineering from the University of Waterloo, along with the CISSP, GCED, and GWAPT designations.

Strategic Advisor

Caledon Ventures

Eldon Sprickerhoff devotes significant time as a strategic advisor to infosec startups.

Eldon is best known as a founder of eSentire, a premier Managed Detection and Response infosecurity services company with global operations.

Ways to connect with Eldon:

• Twitter: @TheEldon
• LinkedIn: www.linkedin.com/in/eldon-sprickerhoff-4ba463

Founder and Principal Consultant

Authoritative Consulting

Gord Taylor is Founder and Principal Consultant at Authoritative Consulting. He is one of Canada’s most sought-after Security and Networking experts, developing and actualizing next generation Security programs for large enterprises and high-growth technology firms.

Gord spent 16 years at one of Canada’s “Big 5” Financial Institutions, serving as resident expert across Information Security, Networking, Distributed Computing, and co-developed the company’s first CSIRT team more than 20 years ago. Since launching Authoritative Consulting in 2012, he has helped enterprise customers, independent software vendors, and service providers to actualize technology and service solutions that work.

A self-proclaimed “geek”, Gord has developed a practical approach to Security that brings cost-effective risk management solutions from promise to practice, drawing from his studies in mathematics and computer science at University of Waterloo and 30+ years of hands-on industry experience. Not afraid to engage in tough conversations, Gord has established himself as one of Canada’s foremost experts in challenging the status quo and driving new value.

Ways to connect with Gord:

• Twitter: @rg0d
• LinkedIn: www.linkedin.com/in/gordt

Security Operations Analyst

Aiven

Afeerah Waqar is a Security Operations analyst at Aiven.io, making her a hands-on cybersecurity professional with practical experience in the industry. As one of the youngest members of the team, Afeerah demonstrates a natural aptitude for learning and adapting to new technologies and trends. She is proficient in programming languages such as Python, Java, and C++, which are crucial for cybersecurity professionals. Additionally, Afeerah is currently pursuing an Honours Bachelor in Cyber Security Degree and working towards earning her certifications, showing her commitment to developing a strong foundation of knowledge and expertise in the field.

Along with her technical skills, Afeerah possesses top people skills such as communication, teamwork, and leadership. Afeerah has a young and intellectual mind and her drive to learn and explore new ideas in cybersecurity is impressive. Her youthful perspective brings a fresh and innovative approach to the field. She is a strategic thinker who is not afraid to challenge conventional wisdom and offer creative solutions to complex problems.