Western Canada's #1 Cyber Security Congress


April 26, 2017

Cyber Security Congress 2017

April 26 2017


A tidal wave of cyber security threats continue to rise; compromising the safety of staff, creating financial loss and damaged reputations for corporations in its wake.  While security technology continues to advance and move towards automation, vulnerabilities and exposure continue to increase at an unprecedented rate. As security leaders, it’s important to stay on top of the latest threats and emerging trends in security technology; and to interact with industry peers & experts.

The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.   In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

Attendees will gain insight from industry experts and peers on emerging technology and security trends while earning CPE credits.


Ask the CIO – Interactive Panel

Cloud Security

Business Security Alignment

Cyber Forensics

Mobile Security

The Future of Security Automation

Incident Response

Privacy & The Internet of Things

CISO – Marketing Security

IT Security Risk Management

Industrial Control System (ICS)

Critical National Information Infrastructure



Jerry Davis

Chief Information Officer - NASA Ames Research Center


Christopher Pogue

Chief Information Security Officer - Nuix


Scott Carlson

Technical Fellow - BeyondTrust


John Kindervag

Field CTO - Palo Alto Networks


Dan Waddell

Managing Director, North America Region - (ISC)²


Richard Hannah

Chief Information Officer - Gibson Energy


Shelly Giesbrecht

Senior Incident Response Analyst - Cisco


Steve Biswanger

Director of Information Security - Encana


Philip Fodchuk

Director, Enterprise Information Security - Suncor


Jeff Thomas

Partner, Risk Consulting - KPMG LLP


Dominic Vogel

Chief Security Strategist - CYBER.SC


Toni Buhrke

Director, Systems Engineering - Forescout


Manisha Parmar

NATO Communications & Information Agency


Chris Patteson

Director IT - Transaction Risk, Countermeasures and Intelligence - FedEx


Najo Ifield

(ISC)2 Alberta Chapter Director at Large, Events Chair / (ISC)2 Calgary Congress Director


Ryan Jepson

Inspector, Calgary Police Service


Crystal Moody

Product Manager, Security Intelligence - IBM


Michael C Primeau

President (ISC)² Alberta and Partner CyberSequr


AGENDA (Click session titles for details)

Networking Breakfast and Registration


The Arts Commons

Welcome – Najo Ifield and Michael Primeau


Opening Remarks – Ryan Jepson and Dan Waddell


Keynote Address – The Inevitable Convergence of the Internet of Things and Cybersecurity – Jerry Davis

By the year 2020 it is estimated that there will be more than 50 billion devices connected to the Internet. These devices not only include traditional electronics such as smartphones and other mobile compute devices, but also eEnabled technologies such as cars, airplanes and smartgrids. The IoT brings with it the promise of efficiency, greater remote management of industrial processes and further opens the doors to world of vehicle autonomy. However, IoT enabled technology will have to operate and contend in the contested domain of cyberspace. This discussion will touch on the impact that cybersecurity has on IoT and the people, processes and technology required to mitigate cyber risks.


CIO Perspective – The Business Language of Cybersecurity – Jerry Davis and Richard Hannah moderated by Shelly Giesbrecht

It is a common lament that business leaders don't understand what the "security guy" is talking about. Firewalls, IPS, APTs, DDoS, script kiddies, hacktivists, nation states -- it is all a foreign vocabulary to someone that doesn't live in the trenches. Executives are pretty sure that cybersecurity is important, but there are many parts of the business that are also important and it is a challenge to focus attention and resources on the areas that benefit the most. Successful business units are ones that explain their costs and benefits using "standard business language." Learn from two senior business leaders what messages most resonate with them and how to translate the language of cybersecurity into the language of business.


Networking Break and Refreshments


Using a Risk Vocabulary to Facilitate Change – Steve Biswanger

Do you think you know risk? Does your company have a formal risk assessment process? Is your cyber risk program integrated with your enterprise risk framework? Although you might have all of the checkmarks from the auditors, if your staff look at the security team as a hindrance instead of an enabler -- you aren't doing it right. After years of experience it has become apparent that almost everyone misunderstands risk and it is hurting your business. When done properly people willingly embrace risk assessments and it actually removes roadblocks and speeds innovation. In this session, Steve will highlight what you are doing wrong, and give you a toolkit to effortlessly build a culture of risk management to benefit everyone in your organization.


Foundational Playbook for the First 100 Days – Dominic Vogel

Security is not rocket science. Developing an effective and efficient enterprise security program starts with strong culture and risk communication. The pillars that any CISO should focus on during their first 100 days are: developing a positive security culture, making secure business processes easy, fostering enduring business relationships, constant communication with executives, and getting the biggest bang for your limited bucks with risk prioritization.


CISO Perspective – Developing Excellent Cyber Talent – Phil Fodchuk, Steve Biswanger and Jeff Thomas moderated by Toni Buhrke

Finding cybersecurity talent is notoriously difficult. There aren't enough experts to fill all available positions. Increasing breadth and complexity just makes the problem worse as no longer can a single professional take care of everything that needs attention. And when you do find someone, they are constantly being courted by the competition. Although many cybersecurity functions land in the IT department, traditional IT recruiting techniques may not work. Phil and Steve collectively have decades of experiencing building and transforming cybersecurity teams. In this discussion they will share some of the techniques that have worked for them, and some of the pitfalls to avoid.


Lunch Keynote – Reclaiming Surrendered Ground – Chris Pogue

Every organization that stores, processes or transmits valuable data will fall victim to a cybersecurity breach. But why? If we know the enemy is coming, and how they’re going to attack, why can’t we stop them?  Or even put up a good fight?  New research makes it clear that for the past 15 years we have been fighting the wrong battle.
In this keynote, international cybersecurity expert Chris Pogue will share details of his ground-breaking research into how people make decisions under pressure and why this leads to poor outcomes in the battle against cybercrime. He will lay out a new perspective for security professionals who want to overcome their cognitive biases and take back some of the ground they have surrendered to the enemy. He will show how practical steps, when implemented as part of an advanced defense strategy, can significantly improve your organization’s ability to deflect, detect, respond to and recover from a data breach.
If not now, when?  If not you, then who?  You’re already in the fight. It’s time to start fighting the right battle and take back surrendered ground!


Just Trust Everyone and We Will be Fine… Right? – Scott Carlson

As a security pro, you have been asked why you can’t just trust your employees to do the right thing, what benefits to the business come from technical security controls. You have likely been asked to reduce risk and action every funded project at once. In this session, we will take a realistic approach to consider which projects reduce the risk the quickest, which layers of security are most important, and how things like privilege management, vulnerability control, over-communicating, and simply reducing the attack surface bring peace of mind and actual direct improvements in your information security posture.


Managing Complexity and Chaos – Chris Patteson with Najo Ifield

Cybersecurity threats have changed in kind, not just degree. Strong organizations are no longer responding to incidents, but are learning to create order out of Chaos. Every enterprise is scrambling to manage the big, multilayered consequences of a severe cyber attack. FedEx’s cyber-team actively plans for Chaos. Learn strategies that FedEx is using to tame the complexity of their business risks.


Networking Break and Refreshments


Cyberspace as a Domain – Preparing to Perform Operations in Cyber – Manisha Parmar

At the NATO Warsaw Summit in July 2016, cyber was recognized as the fourth operational domain, alongside Air, Marine and Land. At a high level, operationalizing cyberspace requires two actions to be taken – first, existing Communication and Information Systems (CIS) security must be enhanced to withstand attack from sophisticated adversaries and secondly, cyber capabilities must be extended to elevate cyberspace from being a supporting capability to an operational domain itself. Let’s talk about what this means, what needs to be done to get there and, using scenarios, demonstrate how cyberspace as an operational capability can be leveraged.


Future Cybercrime Defenders – Cognitive Security with Watson – Crystal Moody


Closing Keynote – Empower Your Business Using Zero Trust Architecture – John Kindervag

John will discuss the concept of Zero Trust and explain how it can not only transform network security but function as a business enabler. Zero Trust is revolutionizing network security architecture because it data centric and designed to stop data breaches. Additionally, Zero Trust adds a layer of agility to modern networks that is impossible to do in traditional network designs. These 21st century networks have been adopted by government entities and large enterprises around the world.


Networking Cocktail Reception


Cyber Security Congress Sponsors


logoISA5    pan-logo-badge-blue-dark-kick-up-1     proofpoint    rsa-red-logo     tm-logo   24982w-ibm-logo

BeyondTrust     w-telus-logo    ORIGNIX_Logo-tag-154x65   cybersequr-security-services-logo   forescout_logo_horizontal-color  w-bmc-logo     splunk-logo       DEL_COL   

isc2_logo   hubcitymedia w-scalar-logow-fireeye-logo        sans-logo     spie-logo   Symantec_logo


Cyber Security Congress 2017 is an action-packed, highly interactive, educationally focused full-day, multi-stream conference covering the latest industry topics, tips, tricks and tools.

We will be featuring expert speakers delivering international best practices.

You will also engage with many like-minded and eager to learn peers, through networking discussions.

Be part of Alberta’s premiere event for information security professionals held in Calgary this year!


  • Great networking opportunities with over 150+ local information security professionals and other (ISC)2 members
  • Earn CPEs
  • Interact with your peers
  • 8 hrs of insightful discourse on the latest industry threats and emerging trends
  • Top-notch international industry speakers


The Arts Commons (formerly EPCOR CENTRE for the Performing Arts)

Located at:

205 8 Avenue SE, Calgary, Alberta T2G 0K9

Bordering Olympic Plaza, Arts Commons occupies a full block from 8th Ave to 9th Ave SE and 1st Street to 2nd Street SE.

205 8 Avenue SE
Calgary, Alberta T2G 0K9

Location & Parking


  • Chief Information Officer (CIO)
  • Director of Security
  • Chief Information Security Officer (CISO)
  • IT/ MIS Director / Manager
  • Chief Security Officer (CSO)
  • Network Administrator / Engineer
  • Chief Technology Officer (CTO)
  • Security Consultant
  • Chief Operation Officer (COO)
  • Auditors
  • Those who oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches
  • Those interested in developing their information security career


Interactive SME Panel Discussions


top-notch, industry expert speakers


hours of sessions





Event sponsorship is an excellent way for your company to support the local security community while gaining exposure to senior level, targeted decision-makers attending the Cyber Security Congress 2017. We have set aside a limited number of event sponsorships designed to assist your organization in creating a platform to maximize its exposure at this event.




Platinum Gold Silver Bronze
o   Complimentary Conference Pass 3 2 1 1
o   Logo on Event Website
o   Mention at Conference Opening and Closing  ✓
o   Logo in Email Blast  ✓
o   Prominent Placement of Sponsor Banner  ✓
o   Sponsor Event Booth  ✓
o   Recognition as a Primary Sponsor and
Prominent Logo Placement on All Promotional Material

* (ISC)2 Chapter Alberta reserves the right to adjust sponsorship benefits as required without notice.



Speakers’ Dinner Sponsor – Calgary Economic Development


Breakfast Sponsor – Cybersequr



Morning Network Break Sponsor – BMC



Lunch Sponsor – BeyondTrust



Afternoon Network Break Sponsor – Splunk



Mr. Michael Primeau Ms. Najo Ifield Kalvin Falconar Corey Kaye
President Event Director Director Communications Director