BSides Toronto 2022

Alan McDermott, Cat Coode, Ken Rayner, Chinmayee Paunikar

Alan McDermott

Alan is a virtual CISO with Fractional CISO working with companies to make better informed decisions around data, technology and business risk. He has held numerous technical and security leadership roles over the course of 20+ years in industry along with multiple degrees and certifications in security, risk and privacy.

Cat Coode

Cat Coode is the founder of Binary Tattoo, with a mission to help safeguard your data and protect your digital identity. Backed by two decades of experience in mobile development and software architecture, as well as a certification in data privacy law, Cat helps individuals and corporations better understand cybersecurity and data privacy. She specializes in Privacy Regulation Compliance and delivering privacy education seminars.

Ken Rayner CIP, Certified Cyber Insurance Specialist

An experienced Executive in the Property Casualty business specializing in Management, Underwriting and Marketing.
Ken is President and Co-Founder of Cyber Insurance Solutions, a multi purpose company dedicated to finding the right solutions for businesses, brokers and SMEs in the area of risk management products, cyber education and cyber loss prevention. Ken has been president of Omega General Insurance and Crum and Forster of Canada.
He has owned and managed his own MGA (CULE) specializing in hospitality insurance and has held key executive positions at Aviva and Continental Insurance, now Northbridge.

Chinmayee Paunikar

Chinmayee helps companies develop and manage their cybersecurity programs. Chinmayee has assisted multiple companies improve their cybersecurity and achieve their compliance goals. She is also creating a training program for Jr. Analysts to help them be successful. Chinmayee is a Systems Security Certified Practitioner (SSCP). Chinmayee received a Master of Science degree in Computer Engineering from New York University and a bachelor’s degree in Electronics Engineering from University of Mumbai.

  • Cyber security's new silver bullets - Privacy and Insurance
Avneet Singh

Avneet Singh is a Cyber Security professional with experience in Threat Hunting, Incident Response, Malware Analysis, Detection Engineering and Digital Forensics. He is currently working as a Senior Consultant in EY’s Managed Detection and Response team where he is working on Detection Engineering and Digital Forensics. Avneet likes to work with the malware and reverse engineer them to understand the inner working of it and use that knowledge in the Detection Engineering. He spends most of his time in the lab trying to find the efficient ways to build the resilient detection by running the malware, offensive tools, etc. He is actively involved in the community and he has contributed to the Mitre ATT&CK framework, SigmaHQ via OSCD initiative and he is an active member of TheDFIRReport team. In his free time, he loves to write scripts to automate the tasks. Outside the infosec, Avneet likes to cook and play games.

  • Lesson Learned from Detection Engineering
Craig Barretto

Craig is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. Craig previously was the President of the (ISC)² Toronto Chapter.

- Offensive Security Certified Professional (OSCP)
- Certified Information Systems Security Professional (CISSP)
- GIAC Web Application Penetration Tester (GWAPT)
- Certified Ethical Hacker (CEH)

  • Defrauding merchants like it’s Y2K
Georgia Weidman

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the National CyberWatch Center's National Visiting Committee and an Adjunct Professor. Georgia was previously a New America Cybersecurity Policy Fellow. She presents or conducts training around the world and is regularly featured internationally in media. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah, a graduate of Virginia’s Mach37 cybersecurity accelerator, whose products assess and manage the risk of mobile devices in the enterprise. Georgia was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science; CISSP, Pentest+, and OSCP certifications; and U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing. Georgia is a software engineer in security at Aiven.

  • Controlled Flight into Terrain: How [NOT] to Succeed at Cybersecurity Startups.
Jared Meit

Jared Meit
Jared Meit, OSWE, has always had a passion for taking things apart, learning how they work, and forgetting how to put them back together. He was a professional software developer for 12 years before shifting his focus to Application Security 5 years ago. His dev experience allows him to create tools that developer's will actually want to use.

  • We Taught Burp to Speak GraphQL: Automated Security Scanning of Your GraphQL API With Burp
Katie Knowles

Katie Knowles is a cloud security enthusiast with a passion for keeping new technology secure. In her current role, she is a Senior Manager on PwC’s Threat Response team with a focus on all things cloud. Her previous work includes penetration testing Fortune 500 corporations, securing aerospace networks, and helping run a corporate bug bounty program. She has earned OSCP, GPEN, GCSA, AZ-104, and AZ-500 certifications, and holds a BS in Electrical Engineering from RIT.

  • Layers of Cloud: Azure and the (Mis-)Storage of Secrets
Mangatas Tondang

Mangatas Tondang is currently working as Security Researcher in a Global Technology company, where his main responsibility is to improve their Detection Engineering capabilities by researching novel attacks and create detection mechanisms. Before that he worked in multiple companies such as Big 4 Consulting and Telecommunication, performing and building Threat Hunting and Detection Engineering functions.

He is a seasoned Incident Responder and Threat Hunter with Detection Engineering mindset; he believes after every incident there is always a new detection opportunity. He loves to be involved in the security community and has presented at numerous world class conferences such as SANS Summits and DEF CON BTV. He is also an active contributor to the DFIR Report, where he took part in real attacks analysis and provide the public with high quality threat intelligence report and article. He is also a proud member of CDEF.ID, and Indonesian Security community where he has presented, talked in podcast and is volunteering as a mentor.

Outside of security, he enjoys traveling with friends and family, doing astrophotography and cooking new foods from different part of the world.

  • Lesson Learned from Detection Engineering
Peter Luo

Ph.D. in computer science. Four patents on cyber security solutions.
He co-founded DTonomy, an AI-based security analysis and response company.
Before that, he is tech lead for Microsoft Office 365 SOC center, built the first ML-based EDR protecting Exchange/Sharepoint/One Drive, etc.

  • NoiseTotal - the opposite of VirusTotal
Rahul Raghavan

Rahul Raghavan is a Director of Advisory within the Cyber Risk practice, based in Toronto. Rahul is a leader in application security and leverages more than 12 years of experience in assisting product teams building and scaling software security programs across market verticals, allowing him to customize application security solutions and delivery models for customers.

Prior to joining Kroll, Rahul served as a director of advisory for AppSec and DevSecOps at Security Compass Advisory, which was acquired by Kroll in 2021. Before that, he was one of the founding members of we45, a global application security firm, as well as mentoring and advising early-stage cyber security firms as part of the accelerator program, Rogers Cybersecure Catalyst, at Ryerson University.

Rahul received a Bachelor’s Degree in Information Technology from Anna University. He is also a Certified Information Systems Auditor (CISA). Further, Rahul is a regular speaker on a variety of application security topics – automation, DevSecOps, AppSec tooling and threat modeling in agile engineering – at global conferences and seminars, such as BSides, ISACA, OWASP and ISC2.

  • Threat Modeling Wins for Agile AppSec
Yuk Fai Chan

Yuk Fai is an information security consultant with proven experience advising clients on application security, vulnerability management, threat modelling, penetration testing, incident response, breach preparedness, and cyber security programs. He has also been the Co-Leader of the Open Web Application Security Project (OWASP) Toronto Chapter since 2011.

Yuk Fai is an Offensive Security Certified Professional (OSCP) and a GIAC Certified Forensic Examiner (GCFE).

Craig is an experienced security consultant & researcher who specializes in infrastructure and application penetration testing and threat and vulnerability management. He has extensive experience with mobile testing, specifically API and Android testing. In his spare time, he enjoys finding vulnerabilities in everyday household apps. Craig previously was the President of the (ISC)2 Toronto Chapter.

Craig is an Offensive Security Certified Professional (OSCP), a Certified Information Systems Security Professional (CISSP), a GIAC Web Application Penetration Tester (GWAPT) and a Certified Ethical Hacker (CEH).

  • Defrauding merchants like it’s Y2K