Canada IT & Security Leaders Forum 2023

With many economists anticipating a recession in 2023, the impact on IT departments is unclear. One would expect companies to pull back across the board and for those cuts to include IT. But the big surprise is that spending on IT is expected to increase.

Moderator: Info-Tech Research Group

Aggressive attacks on Enterprise computer networks are continuing with increased frequency and threatening economic and national security. Actions like vulnerability reduction and passive defenses on their own simply are not cutting it and there needs to be a functional shift in the way we mitigate this substantial threat. Companies can seek to protect their most sensitive data by implementing an environment of actionable intelligence and detection to bring the fight to the adversaries and ensure a proactive approach to securing data. This session will discuss best practices in managing the constant evolution in the security environment.

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Security programs have undergone major changes in recent years, to adapt to the changes that Agile development, DevOps pipelines, and faster deployments bring. New DevSecOps programs and models have resulted in a significant security ownership shift to the development teams. But in order for development teams to truly take responsibility for security, they need to embrace and adopt the new security practices. This is no easy feat! It introduces many organizational, process, and tooling challenges. In this session, we will discuss how others have successfully achieved this, and talk about tips and best practices on how you can improve the developer adoption of your security needs, as well as common pitfalls or problems to avoid.

Presented by: Snyk

Concerns of a Recession looms whether there results in one or not. With a war raging across the ocean, a potential European energy crisis this winter, and inflation numbers in the US refusing to subside, the macroeconomic environment has caused enterprise IT leaders to rethink their strategies. Learn how your peers are changing their plans to deal with the recession.

Presented by: Rimini Street

Your security team manages risks that affect business units and functions across your entire organization. Security is threaded through every aspect of your business, and your decisions have never mattered more. On a daily basis, you make decisions that affect day-to-day operations, data and system security, executive-level strategy and direction and quite possibly, the future success of your organization. Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three of these levels. We’re wearing many hats, often switching between them from meeting to meeting, and it’s imperative that we can effectively communicate and drive decisions that improve and mature our security efforts across the board.

This session will explore ways to enhance engagement with technical teams, business units and executives alike, while still maturing your security program to be more efficient and effective at managing and mitigating risk. Concepts and topics covered will include:

• The 3 levels of decision making you must navigate on a daily basis and how they impact the rest of the organization
• Applying meaningful metrics to demonstrate value to executives and mature program operations for optimal effectiveness
• Finding program gaps where remediation efforts or SLA compliance is lagging, and taking steps to help affected teams improve and succeed
• How Tenable helps to improve operational efficiency, address threats and vulnerabilities faster, and demonstrate tangible business value at all levels of the organization

Presented by: Tenable

The software-defined data center (SDDC) is a concept in which all data center infrastructure is virtualized and delivered as a service. Control is fully automated through software, allowing hardware configuration to be maintained through automated policies. SDDC advances virtualization and cloud computing by supporting both legacy enterprise applications and new cloud computing services. It thus provides a solid base for using public, private, and hybrid clouds. By abstracting applications from hardware, SDDC allows apps to run anywhere and even move from place to place. It also allows for greater automation within a data center and faster, simple orchestration across centers.

It is no secret that technology is changing the fabric of business operations and outcomes, and collaboration between IT and the business is more important than ever before. The conversation is no longer about how to align IT with the business, however in many cases technology is still viewed as a commodity rather than an enabler. So what can we do to successfully change this mindset both within our own organizations and across the industry as a whole? During this session, we will discuss the various challenges IT and digital leaders face when undergoing this cultural shift.

Open seating, Buffet-style lunch. Serving food for all tastes, pallets, and preferences. Vegan, vegetarian, and halal options available

To ensure relevance and competitiveness in today’s customer centric market, enterprises of all types are investing heavily in customer data capture and customer data analytics capabilities. With data being captured from so many new locations and at a deeper and more personal level than ever before privacy issues become more and more important. Enterprises need to constantly review their data capture and usage to determine value vs. risk and whether the incentive offered to the customer is sufficient to overcome any reticence on their part. This session will address privacy issues, how to balance opt in vs opt out requirements and that Data Privacy certainly isn’t a roadblock to data capture but the customer incentive needs to be sufficient to justify the sharing of personal details.

Today, the primary CEO priority is growth, with technology as a key enabler. However, vendor policies pose major roadblocks to innovation, growth, and competitive advantage by forcing you to spend limited budget, resources, and time on projects that may not drive your business. ​Learn how you can take control of your IT roadmap by choosing a Business-Driven Roadmap designed around your business objectives and not the vendor’s. Leverage vendor software, but do it on your terms, on your timetable, and with the flexibility, funding, and freedom to focus on initiatives that support growth and competitive advantage.

Speaker: Mirza Baig, Director of Cybersecurity, Municipal Property Assessment Corporation

Artificial intelligence (AI) has the potential to revolutionize many aspects of our lives, including how we approach cybersecurity. However, it also presents new risks and challenges that need to be carefully managed. Does a new AI model highlight the opportunities and challenges of using ChatGPT Artificial Intelligence? Are we ready for the upcoming Cybersecurity Threat?

There are hidden risks with using ChatGPT regarding security and privacy. Companies targeted with sophisticated phishing emails are subject to data theft, malware, botnets, etc. We expect the security vendors will be more proactive in implementing behavioural AI-based tools to detect these AI-generated attacks. It will be interesting to see what potential uses, positive and negative, come with ChatGPT.

One thing is for sure: The industry cannot merely wait and watch if it creates a security problem. Threats from AI are not a new problem. It has been around, and it’s just that now ChatGPT is showing distinct examples that look scary. What are the security measures for ChatGPT and the guardrails that should be in place for governance and monitoring?

Speaker: Ferris Adi, Director of Cybersecurity, City of Toronto

Enterprises have hordes of data and many opportunities to integrate other data sources. But readying data for AI experimentation is expensive and requires an iterative approach.

This session will focus on finding the best opportunities to experiment with AI and on applying agile practices in machine learning initiatives.

 Check back for updates on this session.

Presented by: Riverbed

Circle back with your Peers on the content so far while grabbing a coffee and a snack

The definition of work-life balance has changed, and the nature of work has changed. Life, family, and work are all integrated, we need software solutions that allow us the flexibility to live our lives and attract a diverse talent. Solutions that improve experience locally while allowing us to operate globally removing the friction, increasing productivity improving employee experience and in turn positively impacting the customer experience. Focused on retention and customer satisfaction.

Presented by: RingCentral

In most markets, there is an abundance of open IT jobs with fewer people able to fill them – and the positions are getting more expensive. Working remotely is the norm, but not optimal (usually). There is less off-shoring and more resources are focused locally or within the same hemisphere.

Additionally, we are still not recruiting enough women and minorities into the rank and file, especially senior IT roles, and we’re losing talent to major tech hubs.

Join us at the roundtable with your peers as we dive into solutions to tackle the following challenges:

• How do you scale staff/team without losing them to major tech hubs?
• How do you create more diversity – not only among race and gender – but diversity of thought Old vs New Thinking?
• How do we mentor universities to implement actionable steps for supplying more IT talent?

Threat actors, Red-Teams, and Ransomware have been abusing Active Directory for years. In fact, attackers have compromised or leveraged AD in 100% of the successful ransomware attacks over the last 3 years.

This discussion will discuss new technologies to help you visualize the risk in your AD and add a layer of security around this very important part of enterprise infrastructure.

The ongoing battle to effectively manage cyber threats and risks is only going to get fiercer and complex. As part of its efforts to fight the cybersecurity battle, a number of organizations are acknowledging the need to build and strengthen their third line of defense i.e. an independent review of cybersecurity measures and conduct by the internal audit function. The Internal audit function plays a critical role in identifying and evaluating prospects to bolster the enterprise security posture. Concurrently, the internal audit function has a responsibility to report to the audit committee and the board on whether controls to protect and defend against cybersecurity threats are designed and operating effectively.

Speaker: Zain Haq, Director- Cybersecurity Audit, Manulife

The result of digital transformation: It’s easier to do business with your customers and partners. But with new architectures, web apps and APIs now deployed from on-prem servers to the cloud, it is harder than ever to get a holistic view of all of these potentially vulnerable assets – never mind defend them.

What are your biggest challenges today in defending these diverse assets? What are the known gaps in your current defenses? What are you seeking in the future to defend your apps and APIs?

Topics covered will include:

• How are adversaries preying upon unprotected web apps and APIs?
• How are traditional web application firewalls deployed, and what are they missing?
• What does the future look like with unified web app and API security solutions?

Circle back with your Peers on the content so far while grabbing a coffee and a snack

Value Stream Management may be the next big thing but seems like a lot to swallow. Even organizations with mature Agile and DevOps processes are unsure how to capitalize on this proven method of process improvement. To front-load success and reduce risk, you’ll need to see value quickly and then build on that success. Properly implemented, VSM can boost time-to-market and a company’s ability to compete and win in the marketplace by maximizing ROI and unifying your organization’s business and technology objectives.

In this session, you’ll learn how OpenText simplifies Value Stream Management by helping organizations track, analyze, and predict resourcing, reduce risk, and identify waste to help you increase value as a product flows from “strategy to delivery” to achieve superior business outcomes:

• Maximize Business Value and Effectiveness: Discover, visualize and manage flow of value from “strategy to delivery” powered by AI and analytics that is easy to deploy
• Accelerate Delivery and Efficiency: Integrates with your existing toolchains to improve productivity and remove friction in the value stream with smart automation
• Gain Competitive Advantage: Differentiate customer experience with high quality value stream insights to manage risk and streamline delivery. Empower continuous feedback, learning and improvement.

Join OpenText for this discussion, including why the time for VSM is now and how to capitalize on it the easy way.

Presented by: Micro Focus by Open Text

You’ve just stepped into your new IT leadership role. Your first 90 days in a new IT leadership role should be focused on learning. Investing this time will help you understand the current state, appreciate the culture and inform your strategy. Prioritize these steps to kickstart improvement:

• Understand your job. Learn the organization and industry you are in
• Define and revise measurements for success
• Articulate your vision and strategy
• Organize people for success
• Build culture
• Revise processes for success & delivery, and suitable for the environment and the times
• Upgrade technologies