Mechanical Engineering Building- UofT Rm:MC 102 (map)

PLEASE NOTE THE BUILDING CHANGE THIS MONTH. When: Wednesday, 30 May 2012 6:00PM – 9:00PM NEW Location: Mechanical Engineering Building - University of Toronto 5 King’s College Road, Toronto, Ontario -  Room MC 102 Talk 1: Mobile Security in the BYOD World   The presentation explores the trends, threats, and risks enterprises are challenged with when exploring mobile initiatives.  Organizations are presented with pressure from executives and employees to adopt BYOD.  This presentation explores those challenges and identifies additional risks with iOS and Android mobile devices.   Speaker Profile: Gregg Martin is the Director of Mobile Security for FishNet Security. Gregg Martin has over 13 years of experience in IT Security. Gregg leads a nationwide mobile secu...

Leslie L. Dan Pharmacy Building 144 College St. (map)

  Talk 1: The Verizon Data Breach Incident Report Paul Wilson, Verizon The Verizon Data Breach Incident Report (DBIR) is widely recognized in the Security Industry, but some people remain unfamiliar with it. The 2012 edition was released in late March, and is available as a free, no obligation download (http://www.verizonbusiness.com/about/events/2012dbir/index.xml). But who wants to read 80 pages of security analysis? Paul Wilson will provide some highlights from the document, interpret some of the statistics, provide unique insights on what the findings really mean, and answer any of your questions.   Paul Wilson has worked in the data and telecommunications industry since graduating in 1985 from Centennial College as an Electrical Technologist. Since t...

Leslie L. Dan Pharmacy Building 144 College St. (map)

Wednesday, 28 March 2012 6:00PM – 9:00PM NOTE: Back to the "old" location Leslie Dan Pharmacy Building, University of Toronto 144 College Street – Room PB B150 Topic 1: Executive Roundtable Spring is here, and information security companies are hiring!  Senior executives from local security companies (CMS Consulting, DigitalDefence, eSentire, SentryMetrics) will be presenting their perspective on how successfully enter the market.  The discussion will cover subjects such as: The state of the local (GTA) security market, as well as Canada overall. The different types of security jobs available. How do you find the entry level jobs? What are security companies looking for? Education and certifications.... what do you need? Interviewing for a job (and yes, including resumes) I don'...

Wallberg Building - University of Toronto (map)

NOTE: New location Wallberg Building - University of Toronto 184-200 College Street – Room # WB 116 Talk 1: How to Succeed in the Business of Detecting Data Exfiltration Dr. G.S. Graham (University of Toronto) will entertain and dazzle us on how, 'Stealing IP and PI and other initials by copying is a growth industry". When done by an insider who would normally have the authority to access the information, it is difficult to detect. Based on research by Jonathan Grier, G.S Graham will address forensics / file system analysis to identify this type of theft, even where there are no apparent artefacts for a copying operation (even in the Windows Registry).  Using cutting edge data forensics techniques, he will provide an overview of how to detect this major source of data leakage. Talk 2...

Leslie L. Dan Pharmacy Building 144 College St. (map)

NOTE:  The upcoming event is sponsored by AccessData - attendees have a chance of winning the newly released copy of FTK v4! January TASK Meeting:  Forensics and Data Recovery 25 January 2012; 6:00 - 9:00 PM Leslie Dan Pharmacy Building, 144 College Street, Room B150 First TASK event of the year is this week!  We look forward to seeing you there.   Talk 1: Who's watching the gatekeeper? What is the best way to monitor the activities of your privileged users (system administrators!)? This evenings discussion will cover: How to address the administrative control audit and investigation challenge How to incorporate both host data and network data for complete insight and visibility into the matter How to leverage SIEM Technology to supplement the effort Practical techniq...

Leslie L. Dan Pharmacy Building 144 College St. (map)

Binary Risk Analysis: Presented by Ben Sapiro Security risk analysis techniques are either too complex to be understood by the business or too simple to provide repeatable and meaningful results. Without a proper understanding of the risk associated with security events, businesses are likely to misunderstand the risk that security professionals are working to control. This talk will discuss a new, peer reviewed, technique called Binary Risk Analysis. The technique is easy to use, enables quick structured conversations about risk and works with existing risk management frameworks. The technique has been released to the community under a creative commons license.   Ben's Bio: Ben Sapiro is an independent consultant currently working with one ofNorth America's largest mining corporati...

The October 26th meeting for TASK has been cancelled.

We encourage all members to check out SecTor, be sure to check out the expo if you cannot attend the full show.

(Free admission with code TASK-Expo2011)

We'll see you in November with full coverage and feedback.

Leslie L. Dan Pharmacy Building 144 College St. (map)

Security and Non-Profits: Understanding the Challenges and the Opportunities From many years of working for and with various non-profits, Vicki will provide some insight into the security challenges and opportunities of working with non-profits. Similar to the for-profit sector, they range in size and complexity. In order to be successful in working with non-profits, it is important to understand the competitive environment non-profits are all facing, their priorities and their focus. Speaker Bio:  Vicki Mains is the Director, Information Systems at CNIB, a national nonprofit, reliant on technology to deliver service including an online library. Her background includes Sociology, Computer Programmer/Analyst, SQL DBA, CISSP, I.S.P. and ITCP accreditations. Optimizations and implemen...

Leslie L. Dan Pharmacy Building 144 College St.

Health Sciences Building 155 College St. (map)

Soft Skills Part Deux - Business Communications for IT Security Pros Business Communication for IT Security Pros IT pros are measured by their technical prowess AND by their ability to communicate with others. You must have the technical knowledge to do your job BUT you must be able to express yourself both confidently and effectively. Without that combination, you can’t demonstrate your value to an organization or to members of your team, not to mention that it might prevent you from landing your dream job. Business Communication for IT Security Pros is an interactive two-part workshop focusing on verbal and non-verbal communication skills. Note that participants are encouraged to bring questions, situations, and scenarios with them for analysis and discussion. Part 1 focuses on writt...

Health Sciences Building 155 College St. (map)

The world is full of bad security ideas and implementations; information security more so! During this innovative presentation, security practitioners from the GTA will be presenting some of the worst security practices that they have seen.  These from-the-field war stories will help to illustrate why so many high-profile hacks have been occurring, and what can be done to prevent them. Speakers will be covering common "security fail minefields" such as physical security, networking, wireless, mobile devices, web application security, and compliance.  After demonstrating why security has not been successful, brief discussions will highlight what could have been done right. This will be a night of sharing practical knowledge about security; come early, and take advantage of the ...

Health Sciences Building 155 College St.

May TASK Meeting:  Breaking In - News Ways to Exploit the 'Net 25 May 2011; 6:00 - 9:00 PM Health Science Centre, 155 College Street, Room 610 Talk 1: Practical Spearphishing, from Targeting to Exfiltration While most of us understand that users are often our weakest line of defense, most security teams and CSO's don't really grasp the mechanics of actually running a targeted, narrowband "APT" operation against an organization. We'll walk through the process of enumerating targets, identifying which human assets will grant us the highest rate of success and access, constructing payloads that are likely to succeed (without 0days, and even without "patchable" vulnerabilities), demonstrate bypassing AV and network defenses, and talk through escalating that foothold into total control...