Leslie L. Dan Pharmacy Building 144 College St. (map)

NOTE:  The upcoming event is sponsored by AccessData - attendees have a chance of winning the newly released copy of FTK v4! January TASK Meeting:  Forensics and Data Recovery 25 January 2012; 6:00 - 9:00 PM Leslie Dan Pharmacy Building, 144 College Street, Room B150 First TASK event of the year is this week!  We look forward to seeing you there.   Talk 1: Who's watching the gatekeeper? What is the best way to monitor the activities of your privileged users (system administrators!)? This evenings discussion will cover: How to address the administrative control audit and investigation challenge How to incorporate both host data and network data for complete insight and visibility into the matter How to leverage SIEM Technology to supplement the effort Practical techniq...

Leslie L. Dan Pharmacy Building 144 College St. (map)

NOTE:  The upcoming event is sponsored by AccessData - attendees have a chance of winning the newly released copy of FTK v4! January TASK Meeting:  Forensics and Data Recovery 25 January 2012; 6:00 - 9:00 PM Leslie Dan Pharmacy Building, 144 College Street, Room B150 First TASK event of the year is this week!  We look forward to seeing you there.   Talk 1: Who's watching the gatekeeper? What is the best way to monitor the activities of your privileged users (system administrators!)? This evenings discussion will cover: How to address the administrative control audit and investigation challenge How to incorporate both host data and network data for complete insight and visibility into the matter How to leverage SIEM Technology to supplement the effort Practical techniq...

Leslie L. Dan Pharmacy Building 144 College St. (map)

Binary Risk Analysis: Presented by Ben Sapiro Security risk analysis techniques are either too complex to be understood by the business or too simple to provide repeatable and meaningful results. Without a proper understanding of the risk associated with security events, businesses are likely to misunderstand the risk that security professionals are working to control. This talk will discuss a new, peer reviewed, technique called Binary Risk Analysis. The technique is easy to use, enables quick structured conversations about risk and works with existing risk management frameworks. The technique has been released to the community under a creative commons license.   Ben's Bio: Ben Sapiro is an independent consultant currently working with one ofNorth America's largest mining corporati...

The October 26th meeting for TASK has been cancelled.

We encourage all members to check out SecTor, be sure to check out the expo if you cannot attend the full show.

(Free admission with code TASK-Expo2011)

We'll see you in November with full coverage and feedback.

Leslie L. Dan Pharmacy Building 144 College St. (map)

Security and Non-Profits: Understanding the Challenges and the Opportunities From many years of working for and with various non-profits, Vicki will provide some insight into the security challenges and opportunities of working with non-profits. Similar to the for-profit sector, they range in size and complexity. In order to be successful in working with non-profits, it is important to understand the competitive environment non-profits are all facing, their priorities and their focus. Speaker Bio:  Vicki Mains is the Director, Information Systems at CNIB, a national nonprofit, reliant on technology to deliver service including an online library. Her background includes Sociology, Computer Programmer/Analyst, SQL DBA, CISSP, I.S.P. and ITCP accreditations. Optimizations and implemen...

Leslie L. Dan Pharmacy Building 144 College St.

Health Sciences Building 155 College St. (map)

Soft Skills Part Deux - Business Communications for IT Security Pros Business Communication for IT Security Pros IT pros are measured by their technical prowess AND by their ability to communicate with others. You must have the technical knowledge to do your job BUT you must be able to express yourself both confidently and effectively. Without that combination, you can’t demonstrate your value to an organization or to members of your team, not to mention that it might prevent you from landing your dream job. Business Communication for IT Security Pros is an interactive two-part workshop focusing on verbal and non-verbal communication skills. Note that participants are encouraged to bring questions, situations, and scenarios with them for analysis and discussion. Part 1 focuses on writt...

Health Sciences Building 155 College St. (map)

The world is full of bad security ideas and implementations; information security more so! During this innovative presentation, security practitioners from the GTA will be presenting some of the worst security practices that they have seen.  These from-the-field war stories will help to illustrate why so many high-profile hacks have been occurring, and what can be done to prevent them. Speakers will be covering common "security fail minefields" such as physical security, networking, wireless, mobile devices, web application security, and compliance.  After demonstrating why security has not been successful, brief discussions will highlight what could have been done right. This will be a night of sharing practical knowledge about security; come early, and take advantage of the ...

Health Sciences Building 155 College St.

May TASK Meeting:  Breaking In - News Ways to Exploit the 'Net 25 May 2011; 6:00 - 9:00 PM Health Science Centre, 155 College Street, Room 610 Talk 1: Practical Spearphishing, from Targeting to Exfiltration While most of us understand that users are often our weakest line of defense, most security teams and CSO's don't really grasp the mechanics of actually running a targeted, narrowband "APT" operation against an organization. We'll walk through the process of enumerating targets, identifying which human assets will grant us the highest rate of success and access, constructing payloads that are likely to succeed (without 0days, and even without "patchable" vulnerabilities), demonstrate bypassing AV and network defenses, and talk through escalating that foothold into total control...

Health Sciences Building 155 College St.

April TASK Meeting - Winning (and Keeping) Your Dream Job 27 April 2011; 6:00 - 9:00 PM Health Science Centre, 155 College Street, Room 610 The so-called "soft skills" (non-technical skills that facilitate good interpersonal relationships) tend to be misunderstood and undervalued in the IT and information security communities.  The April TASK event will introduce you to market leaders who will provide you with the insight to successfully enter and succeed in the information security job force. Session 1:  Entering the Security Workforce Cindy Watral - Recruitment Manager, Nexus Group Harry Benz - Recuritment, Montgomery Benz Glenn Williamson - Director, Security Operations, Sentry Metrics Robert Beggs - DigitalDefence (Moderator) The opening panel will discuss the present jo...

Health Sciences Building 155 College St.

Speaker 1:From the Floor at Shmoocon (Brian Bourne,CMS Consulting) Brian attended the annual east-coast security conference,Shmoocon (http://www.shmoocon.org/schedule), this past January.He'll bereporting on the cutting-edge research that he heard on-stage and off, andgiving us a preview of the types of speakers and content that we'll be seeing atSector this fall. Speaker 2:The Failure of Penetration Testing (Robb Beggs,DigitalDefence) There is enormous "cool" to having an ethical hacker breakinto your network, but this type of security testing is frequently theworst possible control to implement!Robb will discuss what a penetration testis, and isn't, client-side mistakes (especially poorly written RFPs!), and thedelivery pitfalls that plague the testers.Using material based on Canadiancas...

Health Sciences Building 155 College St.

Speaker 1: Exploiting Open Source Intelligence on the Internet - Jim Mulholland, Security Researcher   Jim Mulholland will be discussing his decade long experience as anOSINT researcher and analyst for the Society for Internet Research. Aspart of that discussion he will be briefly explaining how personalcircumstance beginning with the FLQ crisis in 1970, the introduction ofpersonal computing and the Internet, through the events of 9/11 and theconvergence of networking and society, have fundamentally shaped hisinterest and involvement in cyber security across a range of issues.   9/11 was a watershed event that motivated him to understand how theInternet offered resources for propagating social and economicinstability; however, the Internet could also be used in combating thosein...