Research Directions and Industry Trends
Presented by the Information Systems Security and Assurance Management (ISSAM) Department in Mihalcheon School of Management, the monthly InfoSec Seminar Series provides high level talks on research directions and technology trends in the field of ISSAM.
The noon hour seminars are held on the second Thursday of every month from September to June. Talks are open to anyone interested in security research and technologies, not only to Concordia University of Edmonton (CUE) members.
Previous InfoSec Seminars
Missed a seminar? Access the recordings below:
Protecting Your Digitalized Life
Getting to the Internet is a breeze with our enabled devices at home, work, school and vehicles. During the pandemic, we relied heavily on enabled devices, Wi-Fi, other technologies and social media platforms to keep us connected to family members, colleagues, classmates and coworkers. Gain information to safely protect your privacy and devices. During this interactive session, you’re welcome to make adjustments as you learn how to protect your digitalized life.
Speaker: Dr. Bonita Best
From Conception to Delivery: The Journey to Publishing a Blockchain-based Manuscript
In this special seminar, celebrating MISAM’s 10 year anniversary, Dr. Shaun Aghili discusses Blockchain technology’s potentials and security challenges as a disruptive technology in the 2020s. Professor Aghili also shares his experiences and research supervisory procedures related to the publication of his most recent book thanks to the efforts of his research teams in 2021 and 2022.
Speaker: Shaun Aghili, CMA(US), CISSP-ISSMP, CCSP, CISA, CIA, CRMA, CCSA, CFSA, CGAP,
CFE, CBE, CBSA, CBSP, CBPM
Security Architecture and Risk Management in Retail Industry
The seminar introduces Security Architecture and how the Security Architecture Assessment process augments “Secure by Design Concept” in an organization along with Risk Management in the retail industry.
Speaker: Ranbir Singh Bali, MISSM, CEH, Microsoft Security Associate
Security Architect, Cyber Security Department
Sobeys Capital Inc.
What NOT to put in your resume
People are always asking what to put in a resume: what helps me stand out? What should I highlight? What fonts and formats should I use? However, people rarely ask what they should refrain from doing. After seeing nearly a thousand cybersecurity resumes over the years, Michael Spaling has noticed several everyday items that, if included, significantly reduce your chances of getting to the interview stage. In this presentation, Michael highlights these items in a fun and humorous way to ensure you avoid accidentally including them.
Speaker: Michael Spaling
Team Lead, Information Security
Office of the Chief Information Security Officer, University of Alberta
Exploring Microsoft security, compliance, and identity features
During this talk, Mina describes the fundamentals of Security and compliance in Microsoft and how these fundamentals can help companies to protect their environment. Also, it helps organizations manage their regulatory requirements with greater ease. This talk also includes some guidance on Microsoft learning path and certifications.
Speaker: Mina Alinejad
Information Security Specialist, Grant Thornton LLP
Overview of the Communication Security Establishment (CSE) / Canadian Centre for Cyber Security (CCCS) and the cyber skills shortage in Canada
Many cyber security jobs are unfilled at this time across the nation, so how do we ensure to fill the gap and keep Canada and its sectors secure? In this seminar, an historic overview of CSE and CCCS is presented as well as its mandate, role, activities and partnerships. It offers an overview of the current state and trends in the cyber world as well as the cyber skills gap we are facing today and what it means for those joining the workforce, where also promoting the role of women in the Cyber Security field is essential in helping secure the country.
Speaker: Mutaz (Mo) Ahmed
Senior Analyst at the Canadian Centre for Cyber Security
What to know to be hired in Fortinet
In this presentation, Maninder Singh discusses the Fortinet Security Fabric, ZTNA and SDWAN. He also talks about central management and reserves the last few minutes to chat to students about current opportunities at Fortinet and how students can prepare to be successful in interviews.
Speaker: Maninder Singh
TAC Director at Fortinet
For this seminar, two current ISSAM students walk us through their research. Each presentation is around 30 minutes including Q&A.
Talk 1: An overview of Programming Languages in Blockchain Development and Security
Speaker: Lilian Behzadi, M.Sc., P.Eng.
Graduate Student (MISSM) at Concordia University of Edmonton
Talk 2: Exploring SDN vulnerabilities
Speaker: Franco Jaraba
Network Proposal Specialist – Rockwell Automation Company
Components of IT Audit: Understanding the IT Audit Process
The goal of this presentation is to provide an overview of the responsibilities and general duties on an IT Audit engagement. Elements of General IT Controls (GITCs) and IT Automated Controls (ITACs) are explained along with determining the layers where automated controls operate, linking those layers to specific risks arising from the use of IT and linking those risks to the GITCs that address them. This seminar is for anyone considering a career in IT Audit and wants to find out what the job potentially entails.
Speaker: Aman Dharni, M.Sc. (MISAM)
Consultant, Technology Risk Consulting
KPMG
CEC-Council Webinar – Cybersecurity Career Paths
This EC-Council hosted webinar showcases the most sought-after certifications in the demanding cybersecurity industry. Take a deep dive into the desired job roles in Canada, what to expect for entry-level positions, and what certification options are available, plus the benefits of an Academia partnership. Join Wesley Alvarez and the Academia team discussing the cybersecurity workforce demand, career paths and certifications, and plan your next steps for a career in cybersecurity.
Speaker: Wesley Alvarez
Consultant, Technology Risk Consulting
Director of Academics
EC-Council | Academia
Tampa, FL
The Role of the Office of the Information and Privacy Commissioner of Alberta
You may have heard of or read about Alberta’s privacy laws in the news, when you visit your family physician, in your academic program or especially when there are reported privacy breaches or public breach investigations. As a member of the public or as a student, you may be interested in knowing how your personal or health information in the custody or under the control of organizations, custodians and public bodies is protected or you may have expectations on the secure management of your information. When working for organizations (or if you have your own business), public bodies or health care custodians, as an employee or contractor, you are required to comply with the applicable privacy laws in Alberta or you may be part of a team that helps to protect the personal or health information of others. In this presentation you will get to understand the role of the Office of the Information and Privacy Commissioner as an enforcer of the privacy laws in Alberta. You will also get to understand the important role information security plays in the work the Office does from the review of privacy impact assessments and privacy breach reports to conducting privacy investigations including prosecutable (offence) investigations. The Protection of personal and health information is a requirement in all of Alberta’s three privacy laws.
Speakers:
Nji Lionel Nji, M.Sc. (MISSM), CISSP, CDPSE, M.Sc. Phys., B.Sc. Phys.
Senior Information, Privacy and Security Manager
Office of the Information and Privacy Commissioner (OIPC) of Alberta
Christine Wagoner, M.Sc. (MISSM), CISSP, CDPSE, CISA
Senior Information Privacy Manager
Office of the Information and Privacy Commissioner (OIPC) of Alberta
Why is Privileged Access Management Important and How Can it Prevent Breaches from Happening?
Many breaches have happened due to lack of proper Privileged Access Management (PAM) control. A bad actor can gain access to the most crucial assets of organizations by breaking into their Active Directory, powerful accounts, or a service account. Bad actors take advantage of orphan or forgotten powerful IDs in an environment and find ways to infiltrate and gain access to deep local networks. They then exfiltrate this critical data and sell it in the black market. This presentation shows how PAM tools can help protect organizations and stop bad actors from gaining administrator control inside networks.
Speaker: Mohammad Mirheydari, M.Sc. (MISSM)
Senior Information Security Advisor
Scotiabank
The Role of the Office of the Information and Privacy Commissioner of Alberta
You may have heard of or read about Alberta’s privacy laws in the news, when you visit your family physician, in your academic program or especially when there are reported privacy breaches or public breach investigations. As a member of the public or as a student, you may be interested in knowing how your personal or health information in the custody or under the control of organizations, custodians and public bodies is protected or you may have expectations on the secure management of your information. When working for organizations (or if you have your own business), public bodies or health care custodians, as an employee or contractor, you are required to comply with the applicable privacy laws in Alberta or you may be part of a team that helps to protect the personal or health information of others. In this presentation you will get to understand the role of the Office of the Information and Privacy Commissioner as an enforcer of the privacy laws in Alberta. You will also get to understand the important role information security plays in the work the Office does from the review of privacy impact assessments and privacy breach reports to conducting privacy investigations including prosecutable (offence) investigations. The Protection of personal and health information is a requirement in all of Alberta’s three privacy laws.
Speakers:
Nji Lionel Nji, M.Sc. (MISSM), CISSP, CDPSE, M.Sc. Phys., B.Sc. Phys.
Senior Information, Privacy and Security Manager
Office of the Information and Privacy Commissioner (OIPC) of Alberta
Christine Wagoner, M.Sc. (MISSM), CISSP, CDPSE, CISA
Senior Information Privacy Manager
Office of the Information and Privacy Commissioner (OIPC) of Alberta
Ransomware: Evolution and Future Trends
The past few years have seen an exponential growth in the number of Ransomware attacks as well as multiple high-profile incidents with record-breaking ransom demands. In this seminar, we examine the evolution of Ransomware, some of the technical factors that have enabled the surge in the frequency and number of Ransomware attacks, as well as some future trends that we expect to see in this space.
Speaker: Rasha Nasra, EdD
Academic Sector Lead
Canadian Centre for Cyber Security
White-Box Cryptography and Some Implementations
Over the past two decades, the field of cryptanalysis has experienced major changes with the violation of the black-box premise that the attacker only has access to observations external to an implementation of a cryptographic algorithm. Attacks focused on the implementation details of cryptographic primitives in devices are called white-box attacks, which have become common in recent years. With white-box attacks, one can no longer assume that an operating environment can be trusted. An adversary can directly observe and tamper with the implementation to extract information about the cryptographic key. Therefore, the traditional cryptographic algorithms that have been built on the assumption that the adversary has only access to the external data as per a black box model functionality generally incorporate no countermeasures to such attacks. White-box cryptography (WBC) was proposed to address this problem – it aims to provide security even where the attacker is able to perform invasive active attacks on the software implementation of the cryptographic algorithm.
Speaker: Tingting Lin, PhD
Software Developer
Irdeto
Talk 1: Responding to Ransomware Attacks
The presentation explores aspects of the growing ransomware threat taking the audience through the lens of two real attacks. The presentation considers issues around payment as well as issues using blockchain. Mr. Kratz concludes looking at options to recover ransom payments and steps to reduce the risk of these attacks.
Speaker: Martin Kratz, B.Sc., J.D., Q.C
Talk 2: Info Systems Security Panel Discussion
A panel discussion on the need for security professionals in businesses and governments. Our Panelists share their experiences with the latest technology and research trends in information security and what students need to learn and acquire to be successful in finding employment.
Panel Moderator: Tolulope Mabo, M.Sc. (MISAM 2017)
Panelists:
Mohammad Mirheydari, M.Sc. (MISSM 2016)
Parul Khanna, M.Sc. (MISSM 2016), CISSP, CCSP, CISM, CRISC, CDPSE, CCSK
Zeal Ekrebe, M.Sc. (MISSM 2020)
Understanding Data Security, Privacy and Risk Management in Cloud
Organizations are rapidly moving to cloud providers to reduce costs, pursue digital transformation initiatives, and improve the agility of business. This session is centred on discussing fundamental cloud computing concepts, characteristics and services. It delves into how data security is achieved within cloud environment, best practices for systems and applications to protect data and reviews the risk associated with each of the cloud deployment models. In the end, the session also talks about cloud-based certifications and learning resources for folks looking to dive deep into the realms of cloud security.
Speaker: Parul Khanna, M.Sc. (MISSM), CISSP, CISM, CRISC, CDPSE, CCSK, Microsoft AZ-900
Senior Security Risk Advisor
Manulife
Contact
If you have any questions regarding this series, please contact Shawn Thompson or Eslam G. AbdAllah, MISSM, Mihalcheon School of Management.