Discover the highlights of the upcoming Black Hat SecTor Conference in Toronto, featuring insightful discussions on AI, open-source security, and more. Join Steve Wylie, Sean Martin, and Marco Ciappelli as they preview keynotes, summits, and unique aspects of this premier cybersecurity event.
Guest: Steve Wylie, Vice President, Cybersecurity Portfolio
On LinkedIn | https://www.linkedin.com/in/swylie650/
On Twitter | https://twitter.com/swylie650
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
The Black Hat SecTor Conference, scheduled for October 22-24, 2024, in Toronto, promises an array of discussions and insights into the cybersecurity domain. Steve Wylie, General Manager of Black Hat, joins ITSP Magazine's Sean Martin and Marco Ciappelli to preview the upcoming event. Wylie highlights the acquisition of SecTor by Black Hat in 2019, underscoring its unique focus on the Canadian cybersecurity community while maintaining global research standards.
This year's event features three main components: summits, briefings, and a business hall. The summits, including a new AI summit, address various specialized topics, while the briefings provide in-depth research presentations. Keynote speakers like New York University’s Omkhar Arasaratnam, who will discuss security in open-source platforms, further enrich the event. Arasaratnam's focus on the XZ Utils backdoor incident emphasizes the critical nature of open-source security, highlighting both risks and mitigation strategies.
The agenda also includes a diverse range of sessions on AI, reflecting its significant role in current cybersecurity practices. Talks range from AI vulnerabilities to the protection and utilization of AI in enterprise security. Sessions such as "15 Ways to Break Your Co-Pilot" and discussions on deepfake image detection systems present real-world challenges and solutions in this area.
Wylie also discusses the importance of community engagement, noting the sector's provisions for networking and collaboration. The founders of the original event continue to contribute actively, ensuring the event remains closely tied to its original mission of serving Canada's cybersecurity professionals. Martin expresses enthusiasm for meeting regional participants and learning about their unique challenges and solutions, emphasizing the value of shared knowledge and strategies. The event is positioned as a vital convergence point for both local and international cybersecurity insights and advancements.
In summary, SecTor 2024 aims to foster a robust exchange of ideas and solutions, drawing from a wide array of expertise within the cybersecurity field. Attendees can look forward to engaging with high-profile speakers, participating in focused discussions, and exploring the latest industry innovations.
____________________________
This Episode’s Sponsors
HITRUST: https://itspm.ag/itsphitweb
____________________________
Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S
Be sure to share and subscribe!
____________________________
Resources
Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
A Sneak Peek into SecTor 2024: AI, Open-Source, and Cybersecurity Trends | A SecTor Cybersecurity Conference Toronto 2024 Conversation with Steve Wylie | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00]
Sean Martin: Hey,
Marco Ciappelli: Hey, what's up? I'm in the dark.
Sean Martin: you're in the dark. We're in a toque.
Marco Ciappelli: I'm in the dark. I'm in the other, I'm on the other side of the moon, the dark side of the moon.
Sean Martin: Um, I'm too close at the moment, but, uh, I'll be, I'll be wearing mine as I make the, uh, make the drive up from New York city to, uh, beautiful Toronto
Marco Ciappelli: What, what are you going to be doing there?
Sean Martin: I'm, uh, I'm, uh, going to enjoy the city and enjoy friendships and lots of good old conversation at sector. I
Marco Ciappelli: I mean, that's, that's something for a break.
Sean Martin: appreciate it when you're around, but, uh, no, but anyway, we're, uh, yeah, we're, we're covering sector 2024, which is, uh, set for October 22nd through the 24th. There's some. Some summits and some [00:01:00] briefings. It's an extension. Um, maybe probably not going to do this justice, but extension or a pairing to black hat conference in the U S and other places around the world.
And, uh, but this is a special one, obviously in, in Canada, and I'm thrilled to have Steve Wiley on Steve. Good to
Steve Wylie: and Marco, always a pleasure. Thanks for having me on.
Marco Ciappelli: Absolutely. And I was wondering when I saw you, I was like, wait a minute, we're not talking about black hat, but you know, in a way we are, so that's, that's a way, a great way to get things started. I think. Tell me about the connection maybe between a sector and black hat, how did it happen?
Steve Wylie: Yeah. Happy to. So, uh, so sector is a black hat, uh, event. Um, it, uh, it's a business that we acquired back in 2019., it's one of the global events that we operate around the world and, uh, it just happens to take place in, uh, in Canada and really serving the [00:02:00] Canadian public. Uh, community of cyber security professionals from, um, uh, they're from the region or then in and around Toronto, but it's really is Canada's cyber security event.
It's it's the the event in Canada. That's most widely regarded among cyber security professionals. It's it's their very much. Their, um, community event, uh, is one that we were very proud to blackhead events that take place around the world.
Marco Ciappelli: So can am I correct if I say that while black cat is much more of international view on how things go around the world sector is, it's more focused on
Steve Wylie: Yeah, so that's a great question. I mean, I think the research comes from all over the world per sector as it does for all the blackhead events. So we might get research from, you know, from anywhere in Asia, sometimes from the U. S. Um, so the research very global in nature, but the community that is serving is very much Canadian, right?
It is. And you get that sense when you go to the event and Sean, I believe you'll be going up there for the first time this year. So you'll get a sense for that this year as [00:03:00] well. It's a Canadian flavored event. So the, you know, the audience is largely Canadian. Um, Um, the topics can can also veer into the Canadian sometimes like there.
We do get some federal government speakers, for example, sometimes really talking about the context of cyber security in the Canadian federal and provincial governments. So, um, it's, um, it's, it's definitely a twist on the other blackhead events, but I would say all of the other. Regional black events are similar in that in that nature in that they are global in terms of research, but more localized in terms of the community and and some of the topics that are that are covered there
Sean Martin: And correct the thumb. I don't think I am, but the, uh, the, the, the full, well, originally it was Security Education Conference Toronto, hence, uh,
Steve Wylie: that is correct.
Sean Martin: is correct, I really liked the word, I really liked the word education
Steve Wylie: uh, most people assume it's [00:04:00] Security
Sean Martin: my own research.
Steve Wylie: Security Education Conference Toronto and, um, founded by two guys, uh, very much part of the, the community. So Brian Bourne and Bruce Kalper, um, they started the conference, um, I guess 18 years ago now, this is our, uh, 18th anniversary of the conference.
So, um, the, this was two guys that had been attending and actually were involved with black hat for years and thought to themselves that, um, Canada needs a version of black hat. So it's, um, in that sense, it was a pretty sort of an easy acquisition for us to make because it was modeled very much like a black hat event.
So there's a lot of commonalities between the two and yes, you know, to your point, education was at the core, right? So just like black hat. Sector puts the, the conference and the program and educating the community at the foundational level of everything it does. So, um, in that sense, there was a really good, you know, not only just practical alignment there, but also cultural alignment as well with what Bruce and Brian and connected and created and, and, and what we were, uh, [00:05:00] what we stand for as well with the black head events. Everyone needs a blackhead
Sean Martin: Right?
Steve Wylie: We're trying we are trying
Sean Martin: Right, you're working your way toward that. So the first day, Tuesday, the 22nd of October, uh, is a collection of summits, two of which I, I, uh, can get invited to the other, um, I'm banned from just because of the label I wear as a journalist, but, uh, there's an AI summit called security summit and the executive summit, which, uh, that third one is the Chatham house rules.
And, and people like me and Marco aren't allowed there because we might, you know, Might dispute, spill the beans on, uh, all the real stuff that's going on. But tell us a little bit about the three summits for folks who go to Black Hat in, in the US and other places where the summits take place. Are they similar in, in style and
Steve Wylie: yeah very similar in style structure so, um Across all the blackhead events. We're doing more specialized summits and these are [00:06:00] really Um, you know their conference programs embedded within the broader event that are targeted around specific technology sets as a Like as an AI or, or, or cloud security, or it could also be, uh, aligned with a particular, you know, audience sect, like the, um, uh, executive summit or the CISO summit that we do at the black at USA event.
So they're more targeted programs where you've got kind of like minded people in the room for sort of, you know, shared learnings, right? So it's just, uh, it's a nice sort of change from the broader briefings program, where you're, you're in a room. Uh, with, uh, folks with similar, uh, objectives and challenges, et cetera.
Uh, and the conference program itself, the agenda is very much catered towards that particular, um, target, uh, topical area or, or, or audience or what have you, or industry in some cases, uh, as well.
Sean Martin: so the, [00:07:00] so let's dig into that as well. So the, the second, yeah. Second and third day is 23rd and 24th are the, are the briefings. Of course there's the, uh, the companion business hall where you get, you get to. You hear about all the new technologies and offerings, uh, that, uh, organizations are bringing to market to help us solve our security program challenges.
And of course, there's arsenal in there as well. I love the arsenal as many folks know, listen to this, but, um, what are, what are some of the highlights, maybe touch on the keynotes and, uh, and maybe some of the themes and
Steve Wylie: Yeah. So actually you mentioned Arsenal. So that's a really good point to make. So, uh, you know, when we acquired the sector business back in 2019, it had a lot of the same elements, but it didn't have all the same elements. So we, you know, Arsenal is something that we brought to sector last year, the blackhead Arsenal program, which is a very much a mainstay at all the other blackhead events.
Um, that, you know, Was launched there for the first time last year, uh, 2023 very well [00:08:00] received. So I think, you know, I think it, uh, it went over well, but blackhead is investing in the sector event and making sure that it's got all the same sort of, you know, bells and whistles that, uh, the other blackhead events have.
So this will be our second time doing the arsenal program up at the sector, very much the same, um, sort of, you know, Uh, flavor and some of the same experts that drive that program. So we're excited to bring that back. Um, we've also, you know, the addition of the AI summit is, is new, uh, for this year's event.
So, um, we've, this is a program we launched at BlackHat USA this year. You guys probably remember that from our, our, uh, our, our interview then, and, uh, got really great feedback on that program. And we've now expanded that to all the other BlackHat events. So there'll be one taking place at Sector. There's one taking place at BlackHat Europe in December.
We'll have one planned for Black Hat Asia, uh, next year as well. So, uh, you know, the topic of AI and cybersecurity is, you know, still a big, big, you know, theme, uh, and, uh, and an issue for us to [00:09:00] explore within the conference. So you'll see a lot of that, uh, in the agenda. Uh, but really, you know, I would say at a high level, The event is, it's three days.
The first day is heavy summits, right? And we talked a little bit about that. Day two and day three are briefings, very similar to the other Black Hat events. We've got, I think about 45 or 46 different briefings. And for those that are not familiar with that, these are research talks. They're, they're generally, you know, driven by people from the research community that have found interesting and, uh, you know, uh, issues related to cybersecurity, um, vulnerabilities and, and sharing that.
Insight and knowledge with the rest of the world that is the sort of the foundation of black hat and of sector So that's uh what you'll see a lot of but there's you know beyond the sort of the cyber research Uh talks in the briefings. There's also a lot on On just broader trends and issues that everyone needs to be aware of Uh in managing their cyber security for their own organization.
So that's the briefings [00:10:00] program. Uh on this day two and day three We also, as you said, have the business hall. So that's about 140 or so sponsors of the event exhibitors. Um, they're the ones, um, Really, you know, addressing more of the, uh, the product side of cyber security solutions. And we have a number of talks in the business hall related to that as well, where you're, you'll hear from different people from the vendor community on best practices related to their products, related, related to what they're seeing in the market.
So that's a, and also a quite large program at, uh, at sector this year.
Marco Ciappelli: I'm assuming that the AI is going to be completely different. Like everything has changed, right?
Steve Wylie: interesting. As I always do. I was spending some time reading through the agenda for this year's program at sector. And yes, there's a whole AI program that's new this year. But in addition to that, the briefings themselves have a lot of AI in there. So AI remains [00:11:00] the single biggest sort of Topic that's being discussed, uh, in and around our community and therefore, uh, around these, uh, these events.
So it'll be a big, um, yeah, it'll be a, the, the bigger, uh, program happening on that Tuesday for sure will be the AI summit.
Marco Ciappelli: Definitely not, not boring. Not boring. AI. Uh, this is also the time where I'm going to ask you about pick your favorite child. Like what are you looking forward in terms of, Speakers, keynotes, anything
Steve Wylie: Well, I think let's start with the keynote speakers. We've announced one of our two keynote speakers. The other one we'll be announcing later this week. So stay tuned, uh, for that. But our first keynote speaker is. Um, car are a start to him, and he's a New York University cyber fellow, uh, advisory council member and, and, uh, guest lecturer with the university as well.
So he's very prominent, uh, thought leader in the open [00:12:00] source community around cyber security. So he's doing one of the keynote talks, and he is in particular focusing on, uh, security in open source. And he has a talk that really is sort of a. A review back on the XZ utils backdoor. This was something that came out a few months back.
You guys might remember really looking at vulnerabilities in, in Linux. And, uh, and so he's going to be doing a bit of a diagnostic of what happened there and why we all need to be thinking a lot about our. Open source platforms that were that are in use today Um, it was apparently one of the biggest breaches that was avoided because of some of the research done Around uh open source and and linux and avoiding what could have been a really big problem So it's a it's a you know, one a sort of technical review what happened but also a bigger sort of wake up call Uh, and, and call to awareness for all of the open source software that we're [00:13:00] using in the enterprise today.
And, and why we need to be especially mindful around that. So that's going to be, you know, one of the keynote talks and, and, uh, I know, uh, on par is going to be great. So I'm very much looking forward to that. Uh, and then I always like to get just a sense for, you know, it's, it's. So, uh, I'm fine for me going through the briefings and seeing what piques my curiosity, but I'm also especially interested in what piques the review board's curiosity.
Sector program, just like the black hat program comes together via the community, right? So the community submits talks, research talks on what they think is interesting and what they're working on. And the review board for sectors, the one that is the, are the ones that actually select the topics, uh, each year that'll, that'll run at the event.
So, uh, they've done a fantastic job as they always do. These are folks that are, you know, volunteers, uh, with sector. They spend a lot of their own personal time to review a lot of sessions, deeply technical sessions, and come to us with their [00:14:00] recommendations on what would be, uh, some of the most interesting topics for us to cover this year.
And, uh, and so we've got some of those as well. So I think some of them, it's, um, It's interesting sector because of the timing, it always happens just a little bit after black hat USA. So there's generally a couple of talks in this sector lineup that are from black hat USA. And the idea being that, you know, there's, there's, uh, enough, uh, that the review board saw that they.
Feel it needs to be repeated for the Toronto audience for the sector audience. So we've got a couple of those sessions. There's one on breaching AWS accounts through shadow resources. Another black at USA and top RV related one was isolation or hallucination, hacking AI infrastructure providers for fun and weights.
So that was a talk that looked at, um, you know, AI as a service providers and how, uh, Vulnerabilities there could lead to, uh, disclosing proprietary information, uh, [00:15:00] in in those third party a I services that are available. So that I think is an interesting one that I'll definitely want to check out. Uh, we've also got a number of sessions.
That sort of piqued my interest as I went through the agenda, um, that I can cover as well. So, um, there's always a session that, uh, James Arlen, he's on our review board. He leads a session every year called fail by the dozen. So it's, um, it's a collection of, uh, people from our board that really look at just sort of the state of the state and in cybersecurity and in our community, what's working, what's not.
So that's a one that I'm happy to see coming back this year. Uh, we've got a session on third party. Data breach. So it's called a new people centric approach to determining an organization's exposure to third party data breaches Uh, that's a big topic in our industry right now. So I think that one is likely to be a big big draw as well Um, we've got our own bruce calper.
So bruce one of the the founders of sector, uh is leading a session [00:16:00] The various folks from the review board on really Looking at, you know, as they put the program together, what stood out for them, what were some of the things that they see as broader trends that we need to be aware of. So that's a session.
I'm very much looking forward to as well. And then, as I mentioned earlier, that was, you know, a big takeaway for me as well. Looking through the agenda. It was just how much either is. There is a, you know, quite a few sessions that are dealing with AI, both from a standpoint of, you know, protecting the AI, but also how AI is being leveraged by adversaries, how AI needs to be leveraged by people defending the enterprise and everything in between.
So I think, you know, as we've been seeing for quite a long time now, AI changes everything. Uh, turns, uh, on, you know, on its end, many, many thinkings around how we're securing our businesses today because of, of advanced and AI technology that we're going to have to contend with. So I think it's, it's just going to continue to be, you know, I think for us for a long time that we're spending much of our agenda, [00:17:00] really digging into AI related issues.
And there were some really good talks that jumped out at me as I was looking through the, the agenda. So. Um, one was hacking deep fake images. Uh, it's our deep fake image detection system. So really this is, you know, as you know, deep fakes is a, is a big topic of concern around, you know, disinformation, et cetera.
And there are services available to help detect a deep, a deep bake or a synthesized image from an authentic image. These researchers have come to us with, uh, some concerns around how those deep fake, uh, image, Detectors can also be fooled. So, uh, the problem, you know, persists there. There was a session on, um, uh, 15 ways to break your co pilot.
So co pilot is the, is the AI that, uh, that runs within your enterprise from, uh, from Microsoft. And these researchers have come to us with some concerns around, uh, AI vulnerabilities, even AI vulnerabilities in, in, within enterprise, uh, uh, [00:18:00] AI systems which are intended to protect organizations from disclosing private information out onto the public AI, um, there's concerns there as well.
So I think, yeah, again, lots of AI content for us to dig into this year.
Sean Martin: and you've, you've We've overlapped on a few things. We've had a few chats already, chats on the road, as you know, we call them, uh, pre event, uh, teasers, if you will, on some of these topics. And we had a cigar on, uh, for hacking deepfake image detection, an amazing, amazing session he's going to have for sure.
And we had Ashley, Jess on as well, uh, looking at artificially generated malware, disinformation and scam campaigns. Um, both obviously AI. Uh, yeah, AI enabled or oriented and, uh, Ashley was, was amazing too. So looking forward to both of those. And, and you mentioned the [00:19:00] people centric, um, we're actually chatting with Christine shortly.
So that episode will be out soon. So it's, it's nice to know, of course, the agenda is amazing as always, but it's nice to know that we overlap on some of those things and I don't know, maybe we'll get, uh, Mr. Calperon to, uh, to, uh, chat about his session afterwards. Maybe we can do that on location because I think that one, that one's probably be hard to not, uh, give away too many secrets beforehand, but maybe
Steve Wylie: yeah. And that's an important, uh, note there, Sean, that both Bruce Kalper, Brian Boren, the founders of, uh, sector are still very much involved, right? So they're, they're, uh, they're sharing, sharing the conference for us. They'll be the ones up on the stage introducing the, uh, the event and the keynotes. So, uh, we're really happy that they've stayed, uh, you know, involved with sector, uh, as, as, uh, the years have gone, I've gone by, they're very integral to our, Review board and to, you know, what makes sector special in the community up and up in Canada.
So we're happy to host them again as well.[00:20:00]
Marco Ciappelli: You know what, Sean, I'm, I'm curious. What are you looking forward to?
Sean Martin: Well, well, first and foremost is to meet, uh, people in the region and get their perspective on the regional differences and challenges and how we can learn from each other and collaborate to, uh, to drive things forward. And so. Sessions that I wasn't able to line up beforehand. Hopefully I'll get to chat with some of the folks, uh, some of the speakers and panelists, uh, on site, course, always love hearing from the vendors, they have interesting opportunities to help us see the, see the light, if you will, at the end of the tunnel and, uh, so yeah, looking to line up briefings and we ITSP magazine, which Are a huge hit.
So if anybody wants to chat with us, uh, on location there from, uh, from the business hall or in the media room, that would be, that'd be great. But I think it it's, for me, it's all [00:21:00] about connecting with, with the community and, and hearing the stories and sharing those stories with our, with our audience, hopefully
Steve Wylie: a strong community conference as well. Like, I mean, you definitely get, get that sense, walk in the halls there. It's, um, yeah, it's a lot of, you know, people connecting with, with old friends and colleagues. Uh, so that's something always very enjoyable. At conferences is that lobby con, uh, activity and, and sectors definitely got, got a lot of that
Marco Ciappelli: Yes.
Steve Wylie: too cold outside.
You got to stay hunkered down inside the building and with your, with your friends.
Sean Martin: it's not too cold in a couple of weeks, I
Marco Ciappelli: Like, like you need, like you need that excuse. I mean, I mean, I know it's not an excuse, but you don't need that to take advantage of being around an amazing community and being able to spend time together. And that goes even in the heat of, uh, of Las Vegas, which we
Steve Wylie: It's part of our strategy. We host our conferences in either really hot places or really cool [00:22:00] places. Yes.
Sean Martin: Melt us, melt us and freeze us. There we go.
Marco Ciappelli: inside. Well, you know, it works. So yeah, why not?
Sean Martin: we go. Well, it's October 22nd through the 24th. Hopefully not freezing yet. Cold enough to want to stay inside, but not freezing. So you have to, um, and yeah, really looking forward to seeing the team. Um, shout out to Stephanie is always amazing and helping us, uh, cover all the Black Hat events, including this sector event.
Coming up and looking forward to meeting everybody, having some good conversations, sharing some stories, and Yeah, 22nd through 24th, Metro Toronto Convention Center. See everybody at Sector. Steve, thanks. It's always fantastic catching up with you and, uh, Thrilled to see all the, all the success the, the Black Hat brand is having, uh, bringing, bringing folks together, having these conversations.
So thank you
Steve Wylie: Thank you both for having me. Always a pleasure.[00:23:00]
Marco Ciappelli: Always.
Sean Martin: And Marco, I'll send you pictures
Marco Ciappelli: Send me a postcard. Do they still have
Sean Martin: Oh, I think that, I think I could
Marco Ciappelli: Here, here's the challenge. Find a postcard and a nice stamp and send it to me.
Sean Martin: All right, I'll do
Marco Ciappelli: Alright, challenge.
Sean Martin: get it. You'll get it, uh, somewhere that you aren't because it'll arrive
Marco Ciappelli: Eh, you know, whatever. Especially if you send it in Italy. It's gonna take a little longer, I'm sure.
Sean Martin: right. You'll get it next time you go.
Marco Ciappelli: Yep, thank you
Sean Martin: well, uh, do stay tuned to ITSP Magazine. We have a coverage page with all the conversations we've had.
We put all the news up, so Steve teased another keynote coming out, so you can always catch that on the Black Hat website, but we share that news on our page as well. And if you're in Toronto, please look me up, and we'll see you there. Thanks again, Steve. Thanks, everybody.
Marco Ciappelli: Thank you.