International Cyber Risk Management ConferenceApril 15-16, 2019 – Metro Toronto Convention Centre

2018 Agenda

2018 Agenda

2018 THEME


Today’s cyber threats pose as much risk to businesses as overwhelming physical perils. Huge costs, interruption to normal operations or the damage to reputation and brand resulting from a cyber attack can do irreparable harm.

No organization is immune from these threats. The agenda for the fourth annual International Cyber Risk Management Conference will focus on ways cyber risk stakeholders can drive resiliency efforts throughout their organizations.

schedule of events

Wednesday, April 11, 2018

7:30 AM

Registration Opens and Breakfast Sponsored by FireEye

9:00 AM

Welcome and Acknowledgements and Intro Address

Joel Baker

President and CEO
MSA Research Inc.


Adam Segal

ICRMC 2019 Emcee and Director of Cyberspace and Digital Policy Program
Council on Foreign Relations

9:25 AM

The Year in Review: Lessons Learned


Matt Hartley

VP, Global Services & Intelligence Engineering,

10:15 AM

Networking Break Sponsored by Zurich

10:40 AM

Regulatory Framework and Policy Update - Interview With A Policymaker

Chantal Bernier sits down with Mark Holland to discuss federal initiatives, mandatory breach notification and the recent budget announcement on cyber security.


Chantal Bernier

Counsel, Global Privacy and Cybersecurity Group
Dentons Canada LLP


Mark Holland

Parliamentary Secretary of Public Safety and Emergency Preparedness and Member of Parliament of Ajax

12:00 PM

Lunch and Keynote Presentation Sponsored by AIG

Keynote Speaker

Brigadier General R.G. Mazzolin Ph.D., P.Eng., OMM, CD

USCYBERCOM Vice J5 (Policy & Plans) – Coalition Integration
Canadian Forces


José Fernandez

École Polytechnique de Montréal

1:30 PM

Evolving Cyber Risk Management Practices: Views From the Top

In this session, two executives with oversight for information security at two major Canadian banks will discuss how roles and responsibilities in information security and technology are evolving as part of new approaches to mitigating cyber risk. The panelists will talk about how they work with their teams to stay on top of a dynamic and fast-moving threat landscape, and how they view cyber risk in the context of broader technology risk. They will talk about where they act as a first line or second line of defence against different kinds of cyber risks within the technology and operations area of the bank, and challenges associated with maintaining those lines of defence. Additional topics to be discussed include the relationship between cyber security and more traditional physical security for banks (the “3Gs” of guns, guards, and gates), as well as areas of opportunity for cross-industry collaboration on mitigating cyber risk such as in payment modernization.


Adel Melek

Global Vice Chairman, Risk Advisory
Deloitte LLP


David Bruyea

SVP and CISO, Architecture and Information Security,
Canadian Imperial Bank of Commerce


Dr. Steve Anderssen

VP, Global IT Risk
Royal Bank of Canada

3:00 PM

Networking Break Sponsored by CyberScout

3:30 PM

Sensors, Smart Networks and Risk In The Internet of Things (IoT)

Businesses in a growing number of industries today find themselves increasingly reliant on information entering their networks from sensors, smart devices and other machines that are broadly categorized as part of the Internet of Things (IoT). The IoT provides businesses with opportunities for faster, smarter and more dynamic flow of data than ever before. The IoT also introduces a host of new risk management concerns that may be beyond the capabilities of their current information security protocols. This panel discussion will explore a number of issues related to cyber risk and the IoT, including: whether today’s risk management practices are sufficient, or whether a complete reset is required; cost of compliance; and threat modelling. Two of the panel participants come from industries that have a wealth of experience using sensors and networks of connected devices: defense and utility companies.


Abhay Raman

VP - Data and Analytics, Digital Transformation
Sun Life Financial Canada


Imran Ahmad

Miller Thomson LLP


Tyson Macaulay

Board Member,
InfoSec Global

4:30 PM

Cocktail Reception Sponsored by Bermuda Business Development Agency

Thursday, April 12, 2018

7:30 AM

Breakfast Sponsored by Lloyd's

8:30 AM

Shall We Play A War Game? You’ve Been Hacked!

Corporate crisis scenario planning meets dinner theatre in this special interactive session. To help financial institution board members and senior executives better understand the risks of cyberattacks and their ability to respond to them, the Global Risk Institute (GRI) has developed a board-level cybersecurity war game called “You’ve Been Hacked!” Following an outline of the elements that make up a successful war gaming scenario, audience members will have the opportunity to participate in a real game of “You’ve Been Hacked!” GRI President and CEO Richard Nesbitt will play the role of the “CEO” of a fictitious fintech startup that has suffered a breach, while the company’s “CRO” provides periodic updates on the escalating crisis. Audience members will be invited to play “board members” of the fictitious startup and grill their CEO on how the company is responding.


Steve Tenai

Aird & Berlis LLP


Alex LaPlante

Managing Director, Research
Global Risk Institute


Richard Nesbitt

Global Risk Institute

9:30 AM

Resilience: What’s Insurance Got To Do With It?

As cyber attacks and events become more frequent, sophisticated and financially devastating, cyber insurance is playing an increasingly important role in supporting companies’ resiliency. Once a company becomes aware of a cyber event, the costs and capital requirements—for PR firms, investigations, remediations, lawyers and more—start piling up immediately and can continue for years. Insurance can provide critical contingent capital to help companies offset the materiality of the financial burden as well as support for navigating the multitude of issues resulting from a breach. This panel will look at three areas of resilience, discussing the role insurance can play in each: a) brand resilience, with an emphasis on what a good public relations plan and response looks like; b) financial and operational resilience, paying attention to business interruption and business continuity planning; and c) legal and regulatory resilience, such as how insurance can help mitigate the risk of litigation related to a breach.


Greg Markell

President and CEO
Ridge Canada Cyber Solutions


Charles Muggeridge

Senior Vice President & Partner, Reputation Practice
FleishmanHillard Toronto


Ruby Rai, CIPP/C, CRM

Manager, Cyber & Professional Liability
AIG Canada


Brian Rosenbaum

SVP, National Cyber & Privacy Practice Leader,
Aon Reed Stenhouse Inc.

10:30 AM

Networking Break Sponsored by Boldon James Ltd.

11:00 AM

Technology As A Component Of Resiliency

Information Security professionals—from Chief Technology Officers (CTOs), Chief Information Officers (CIOs), Chief Information Security Officers (CISOs) and related roles with responsibility for the security of an organizations’ information assets—are commonly viewed as the most critical line of defence against cyber attacks. With the threat landscape mostly outpacing the technology, operational capacity and procurement budgets to defend against sophisticated attacks, these professionals are often challenged to deliver true resiliency for their organization. Most rely on a complex combination of poorly integrated technology, processes and safeguards that are simply not equal to the task. In this session, the CTO of a major Canadian financial institution will discuss approaches for taking inventory and getting the most from the technology solutions already at hand. The discussion will also include guidance on how to start moving from thinking about existing “brownfield” threats to the newer “greenfield” threats and the role that advancements in technology, including machine learning and security analytics, can play in responding to them. This includes how to remain resilient during an organization’s adoption of new operating models that redefine its perimeter such as cloud computing, mobile technology and Bring Your Own Device (BYOD).

Introduction By

Jonathan Raymond

Senior Manager, Advanced Threat Solutions


Daniel Thanos

Chief Technology Officer, Security
TD Bank Group

12:00 PM

Lunch and Keynote Presentation

Keynote Speaker

Scott Jones

Senior Assistant Deputy Minister Information Technology Security Program,
Communications Security Establishment, Government of Canada

1:30 PM

Cyber Resilience Through Collaboration: Building a Stronger Public/Private Partnership

In 2016, Public Safety Canada began a periodic review of measures to protect critical infrastructure and Canadians from cyber threats. The review included a public consultation period in which members of the public including business leaders were invited to provide feedback. A consistent theme in the feedback Public Safety received was the need for greater collaboration. What does greater collaboration look like? What do large Canadian businesses need from the federal government today to help them be more resilient to cyber threats and vice versa? This session will look for answers to some of these questions through a dialogue between a senior department official from the Ministry of Public Safety and representatives from two major industry groups in the Canadian economy: banking and electricity.


Robert W. (Bob) Gordon

Executive Director
Canadian Cyber Threat Exchange


Neil Parmenter

President and Chief Executive Officer
Canadian Bankers Association


Monik Beauregard

Senior Assistant Deputy Minister, National and Cyber Security Branch
Public Safety Canada


Ben Blakely

Team Lead, Information Security at Independent Electricity System Operator

2:45 PM

Conference Wrap Up