2019 making it real - usa-canada.icrmc.com · 2019 making it real agenda monday april 15th 2019 we...

CONFERENCE PROGRAMW W W.ICRMC.COM

2019 MAKING IT REALBecause Cyber Risk Is Everyone’s Business™

5TH ANNUAL INTERNATIONAL CYBER RISK MANAGEMENT CONFERENCE - U.S. & CANADA

APRIL 15-16, 2019 METRO TORONTO

CONVENTION CENTRE

Welcome to the fifth annual International Cyber Risk Management

Conference! “Making it Real” is the theme for this year’s conference

and serves as a call to action for all participants across the scope

of risk management responsibilities to elevate your assessment of

cyber on the present and future threat landscapes.

The quality of the agenda is a testament to the exemplary work of our

advisory committee.

Over the course of these two days, you will hear from an outstanding

array of cyber risk and governance experts while having plenty of

time for mingling and valuable networking.

This year’s agenda features compelling keynote addresses from Sir

Rob Wainwright of Deloitte, Promontory’s Phyllis Schneck, Daniel

Dobrygowski of the World Economic Forum Centre for Cybersecurity,

and a fireside chat between BNN’s Amber Kanwar and David Hickton

Cyber Law, Policy and Security expert and former U.S. Attorney

under U.S. A.G. Loretta Lynch, as well as eight captivating panel

discussions.

The diversity and caliber of delegates at ICRMC 2019 is exceptional,

with strong representation from the insurance/banking/financial

sector, public sector, regulatory, legal community, manufacturing,

industrial, retail, transportation, academia/research, technology and

the consulting arenas.

We encourage you all to participate actively, listen intently and

come away with new and relevant actions to help build resilience

into your organizations and address head on the real threat that

cyber presents. The global cyber risk challenge is top of mind in all

corners of the world and from front lines to boardrooms. It’s real

and it’s everyone’s business.

I personally look forward to

connecting with each and every

one of you over the course of the

next two value-packed days.

Joel Baker President & CEO,

MSA Research Inc.

Joel Baker President and CEO MSA Research Inc.

Thomas Davies Associate Partner, Cyber Security, Financial Services Office, EY

Jennifer Drake Vice President and Legal Consultant, Financial Services Group, Aon

Gregory Eskins Managing Director, Specialties Practice Leader, Marsh Canada Ltd.

José Fernandez Associate Professor, Ecole Polytechnique de Montréal

Greg Markell President & CEO, Ridge Canada Cyber Solutions Inc.

Adel Melek Global Vice Chairman, Risk Advisory, Deloitte LLP

Alexander Rau Senior Manager, Consulting Services, Mandiant

Mike Stramaglia Executive in Residence, Global Risk Institute

Steve Tenai Partner, Aird & Berlis LLP

Kirsten Thompson National Lead of Transformative Technologies and Data Strategy Group, Partner, Privacy and Cybersecurity, Dentons LLP

ICRMC 2019 Advisory Committee

Welcome

PG 2

ICRMC 2019 SPONSORS

Lead Media SponsorVendor Sponsor

Gold Sponsors

Silver Sponsors

Platinum Sponsor

Supporting Sponsors

Other Media Sponsors

Canada’s Association of Information Technology (IT) Professionals.

Monday April 15th 2019

4:00Registration opens Make sure to sign the RIBO sheet at the front desk to receive your accreditation!

Foyer of Room 718

4:45 Welcoming Remarks Room 718

5:00 State of the Union - Understanding the Threat Horizon Room 718

5:45Playing Inside the Trust Economy: Recognizing the Value of Data in Face of Regulatory and Technological Change

Room 718

6:30 Cocktail Reception sponsored by Slice Foyer

7:30 Dinner and Keynote Presentation Room 718

Tuesday April 16th 2019

8:00 Breakfast Room 718

9:00 Opening Remarks Room 718

9:30 Security Practitioners’ Perspective Room 718

10:30 Networking Break sponsored by Cisco Foyer

10:50 Concurrent Session A - Pulling Back the Curtain: The Future of Cyber Insurance Room 718

10:50Concurrent Session B - Corralling Cyber Operational Risk Controls and Measurement - GRI and FAIR Institute

Room 717

11:45 Lunch and Keynote Presentation: The Dark Side of Digitalization sponsored by AIG Room 718

1:15 Mitigating Risk with Technology: What You Need to Consider Room 718

2:15 Concurrent Session A - Success and Failure: Lessons Learned from Recent Breaches Room 718

2:15Concurrent Session B - Actuarial Perspectives on Cyber Pricing/Reserving/Aggregation Management, a Conversation

Room 717

3:00 Networking Break sponsored by EY Foyer

3:20 Two Technologies: The Quantum and Blockchain Cyber Steam Trains Room 718

4:15 Cyber vs. Privacy: What are the differences? Why does it matter? Room 718

5:00 Closing Remarks and Conference Wrap-Up Room 718

ICRMC 2019 Schedule at a Glance

ICRMC 2019 is accredited by RIBO: 8 hours - Management

To receive your certification letter you must sign the RIBO attendance sheet located at the registration desk

2019 MAKING IT REAL

USA-CANADA.ICRMC.COM PG 5

Copyright © 2019 MSA Research Inc.

2019 MAKING IT REAL

Adam SegalEmcee for ICRMC 2019 and Director of Cyberspace and Digital Policy Program, Council on Foreign Relations

Joel BakerPresident & CEO, MSA Research Inc.

Welcoming Remarks - Room 718

4:45 PM

Agenda Monday April 15th 2019

Dr. Phyllis SchneckManaging Director and Global Leader of Cyber Solutions, Promontory, an IBM Company

State of the Union - Understanding the Threat Horizon - Room 718 5:00 PM

The ICRMC app supports all devices.

Visit your app store and search for MSA Research or visit https://msaresearch.quickmobile.mobi/

The ICRMC app is useful before & during the conference. It can be accessed via mobile, desktop or tablet.• View a full list of attending delegates• Message other delegates• View the agenda• Learn more about sessions, speakers, and our

generous sponsors

Mobile Application

Playing Inside the Trust Economy: Recognizing the Value of Data in the Face of Regulatory and Technological Change - Room 7185:45 PM

Panelist

Beth DewittPartner, Risk Advisory, Deloitte LLP

Moderator

Adel MelekGlobal Vice Chairman, Risk Advisory, Deloitte LLP

Panelist

Daniel DobrygowskiHead of Governance & Policy, World Economic Forum Centre for Cybersecurity (C4C)

INTERNATIONAL CYBER RISK MANAGEMENT CONFERENCEPG 6

2019 MAKING IT REAL


We are living in the 4th industrial revolution, which is characterized by advancements in technology, robotics, machine learning/artificial intelligence (AI), and analytics. We know that, in order to thrive in the face of this changing economic and social landscape, organizations need to leverage these new technologies. We also know that critical and strategic decisions are driven through insights gleaned from the data a company holds and buys. Data about people. Data about performance. Data about data. With the proliferation of data breaches and the increasing number of public discussions about the appropriate use of data (recall Facebook-Cambridge Analytica), companies have a strategic and business imperative to ask questions not only about what insights can be derived from data, but also, what ethical obligations do we have to the people who share their data. Increasingly, our digital and data economy is being understood by consumers as a trust economy; one that is premised by a social contract between customer and company to use data appropriately and for good purposes (economic or otherwise). As companies disrupt themselves through the use of new tools like AI, having privacy, security and ethics engrained into the governance, design and ongoing operations of these solutions will greatly minimize reputational as well as operational risk; and, at the same time, will be a differentiator that will not only increase customer adoption of services, but ultimately lead to increased profitability. In this session, our panelists will discuss the evolving regulatory and technological landscape and how this impacts companies with respect to how they managed and use data, their obligations to protect data, and strategies companies can consider to manage privacy and security risks in the 4th industrial revolution.

6:30 PM

Opening Remarks - Room 718 9:00 AM

Cocktail Reception - Foyer Sponsored by:



2019 MAKING IT REAL


Breakfast - Room 718 8:00 AM

Agenda Tuesday April 16th 2019

7:30 PMDinner and Keynote Presentation - Room 718

David HicktonFounding Director, University of Pittsburgh Institute for Cyber Law, Policy and Security and former U.S. Attorney for the Western District of Pennsylvania at the DOJ under U.S. A.G. Loretta Lynch

After the keynote, Mr. Hickton will sit down for a fireside chat with BNN Bloomberg’s Amber Kanwar

Amber Kanwar Anchor/Reporter, BNN Bloomberg

Adam SegalEmcee for ICRMC 2019 and Director of Cyberspace and Digital Policy Program, Council on Foreign Relations


Winner drawn at 2:10 pm on Tuesday, April 16thMUST BE PRESENT TO WIN!

GIVE-AWAY• Ticket to ICRMC Bermuda (December 4-6, 2019)• 3-night hotel stay• Travel voucher

courtesy of


2019 MAKING IT REAL

10:30 AM Networking Break - Foyer Sponsored by:


9:30 AM Security Practitioners’ Perspective - Room 718

Panelist Vivek KhindriaVice President, Cyber Security & IT Risk, Loblaw Company Ltd.

Moderator Doug HowardVice President, Global Service & IT Innovation, RSA

Leading security practitioners handling real-world challenges will share insights in this roundtable session on security trends, compliance, risk management, and effectively communicating risks and solutions in terms that will resonate with corporate stakeholders. Thought leaders from RSA, Dell and Loblaw Company Ltd. will discuss how to effectively consume information in the quick-paced, security-threat landscape, prioritize execution plans, enable risk management and quantification as variables for decision-making, and how to properly balance compliance programs with routine and unscheduled security fires.

Panelist Nick SteeleDeputy CSO, Dell

PG 8

@ICRMConf #ICRMC2019

Join the conversation on Twitter & LinkedIn

ICRMC - International Cyber Risk Management Conference



2019 MAKING IT REAL

Concurrent Session A - Pulling Back the Curtain: The Future of Cyber Insurance - Room 718

10:50 AM

2017 was inarguably the most financially devastating year to date for companies who experienced a cyber breach. Around the world, these incidents resulted in the loss of billions in market capital, the firing or resignation of CISOs and CEOs and large scale government investigations. In a 2018 global survey by the Ponemon Institute, IT security practitioners were more pessimistic than in past years about their ability to protect their organizations from cyber security threats. Yet, despite this apparent increase in the frequency and severity of cyber losses, the cyber insurance market has continued to grow and evolve. This session will consist of a candid conversation concerning the state of the cyber insurance market, the evolution of underwriting cyber risk, the convergence of coverage, and cyber claim trends. More specifically, we will talk through key considerations in building an effective insurance portfolio (including information about the limitations of insurance), dispel the myths concerning coverage and claims, and share our insights from both an underwriting and broking perspective.

Panelist Greg EskinsManaging Director, Specialties Leader, Marsh Canada

Moderator Greg MarkellPresident and CEO, Ridge Canada Cyber Solutions

Panelist Ruby Rai, CIPP/C, CRMManager, Cyber and Professional Liability, AIG Canada

Panelist Brian RosenbaumSVP, National Cyber & Privacy Practice Leader, Aon Reed Stenhouse Inc.


Select slides will be made available at the conclusion of the event. Visit: https://www.usa-canada.icrmc.com/slides


2019 MAKING IT REAL


Panelist Jack JonesCo-founder and Executive Vice President, Research and Development, Risklens and Creator of Factor Analysis of Information Risk (FAIR)

Moderator Mike StramagliaExecutive in Residence, Global Risk Institute

Panelist Thomas DaviesAssociate Partner, Cyber Security, Financial Services Office, EY

Concurrent Session B - Corralling Cyber Operational Risk Controls and Measurement: GRI and FAIR Institute - Room 717

There’s an old saying in marketing that “Half of your marketing dollars are wasted. You just don’t know which half.” Given the common state of cyber risk measurement practices today, you have to wonder whether the same is true of cyber-related controls. In this session, the panel will discuss some of the challenges that currently limit our profession’s ability to identify and focus on the things that matter most, or understand the value of our controls. It will also discuss some of the misperceptions and challenges regarding cyber risk measurement that inhibit broader adoption of better risk measurement methods, and steps you can take to help make a difference.

Lunch and Keynote Presentation - The Dark Side of Digitalization: Data as Friend and Foe in the Fight Against Cyber Crime - Room 718

Panelist Cynthia Rojas SejasVice President, Risk Services, S&P Global Market Intelligence

10:50 AM

11:45 AM

With the continued advancement of digitalization, organisations are faced with a bigger attack surface, a greater degree of vulnerability and an increased risk of business disruption. Modern-day criminals are seamlessly executing increasingly sustained and sophisticated attacks across geographies, industries and institutions, harnessing better capabilities to achieve bigger impacts. Criminal groups are increasingly converging their malicious activities across areas such as cyber, fraud, physical and money laundering domains. A digitally-enabled criminal economy is growing at pace, with data as the new currency.



2019 MAKING IT REAL


Sir Rob WainwrightPartner, North-West Europe, Deloitte and former Executive Director, Europol

Sponsored by:

Security must become a vital part of the digital strategy. Improving intelligence and insight is key to creating the visibility necessary to support earlier detection and better prevention. Collaboration and intelligence sharing across industry is needed to gain better insights into the methods and motives of adversaries as a means of driving a better response. Sir Rob Wainwright, former Executive Director of Europol, shares his first-hand experience of harnessing knowledge and data to gain visibility and drive effect in the fight against global threat actors. Organisations must connect more, to see more, to act better.

Mitigating Cyber Risk with Technology: What You Need to Consider - Room 718

There are scores of technology options for cyber protection but how should an organization go about deciding what is the right technology option for its enterprise and risk profile? Our panel will discuss this issue from a user’s perspective, providing a framework for looking at how businesses should approach procurement decisions around cybersecurity technology and the available options.

Panelist Michael EubanksSVP, Information Technology and CIO, LCBO

Moderator Steve TenaiPartner, Aird & Berlis LLP

Panelist Azam DawoodHead of Technology Procurement, BMO

Panelist Richard WilsonPartner, Cybersecurity and Privacy Consulting, PwC

1:15 PM

Conference AV/Technology sponsored by


2019 MAKING IT REAL


Organizations are constantly battling the onslaught of threat actors attacking their information assets. It has become best practice to work on improving incident response processes on an ongoing basis. Once breached, however, each situation is different and no matter how well you are prepared, things never go as planned. Alexander Rau, Senior Manager with Mandiant, and Rob Labbé, Director of Information Security at Teck Resources, will jointly discuss some of the lessons learned from publicly disclosed breaches to highlight key insights in possible improvements to processes, procedures during an incident response as well as third party engagement. As the co-founder of the MM-ISAC (Mining and Metals Information Technology Information Sharing and Analysis Center), Rob Labbé will also share the advantages of being a member of an ISAC and the benefits of information sharing, training and staff development, working groups and collaboration that come from working with other organizations within your industry.

Concurrent Session A - Success and Failure: Lessons Learned from Recent Breaches and ISAC Success Stories, a Conversation - Room 718

Speaker

Alexander RauSenior Manager, Consulting Services, Mandiant

Speaker

Rob LabbéDirector, Information Security, Teck Resources Ltd.

2:15 PM

Speaker Ben GoodmanFounder and CEO, 4A Security & Compliance

Speaker Jonathan LauxManaging Director and Head of Cyber Analytics, Aon

Concurrent Session B - Actuarial Perspectives on Cyber Pricing/Reserving/Aggregation Management, a Conversation - Room 717

A Cyber Actuary and a Cyber Security Expert Walk into a Bar… Any discussion of cyber risk modeling usually starts with complaints about the evolving threat and scarcity of data. Thus far, actuaries have approached cyber risk with caution, even as the cyber insurance market has grown rapidly around them. Meanwhile, a small number of cyber security experts have taken steps to understand cyber insurance with the aim to establish a quantitative foundation for managing cyber risk. Join us for a conversation between two such individuals as they explore the tough questions and share their insights around cyber aggregation risk, silent cyber exposure, risk selection, reinsurance, and cyber catastrophe events, to name a few.

2:15 PM



2019 MAKING IT REAL


3:00 PMNetworking Break - Foyer

Panelist Laurence CookeFounder and CEO, nanopay

Moderator Mike CookManaging Partner, Financial Services Sector, IBM

Panelist José FernandezAssociate Professor, École Polytechnique de Montréal

Panelist Michele MoscaCEO and President, evolutionQ Inc.

Quantum and Blockchain have gathered much attention in recent years due to their potential as intensely disruptive technologies. Unfortunately, what they really are and what their real impact could be is often misunderstood. The advent of scalable quantum computers will put at risk our current use of public-key cryptography to secure Internet communications and otherwise support our digital economy. This potentially devastating effect requires us to plan and put in place risk mitigation strategies for this so-called “post-quantum era”. On the other hand, the use of blockchains has the potential to create distributed applications in the absence of a trusted third-party. This has vast-reaching implications in many sectors of our economy such as currency, banking, real-estate, supply chain, transport and even management. However, the use of distributed ledgers whose integrity is protected by blockchain technology can be inefficient and, in application domains where a trusted authority exists or is required, it might not be an optimal solution to manage trust. So is blockchain the answer for managing trust in a post-quantum world? Well, it depends... This panel will address this and related questions, with the more general aim of demystifying Quantum and Blockchain, what they are, how they are related, and what it really means to all of us in the future.

Two Technologies: The Quantum and Blockchain Cyber Steam Trains - SWOT Analysis - Room 718

Panelist David VerbeetenDomain Expert (Insurance), ConsenSys

3:20 PM


2019 MAKING IT REAL


Moderator Kirsten ThompsonNational Lead of Transformative Technologies and Data Strategy Group, Partner, Privacy and Cybersecurity, Dentons LLP

Panelist Sooji SeoVice President and Chief Privacy Officer, Dell

Cyber vs. Privacy: What are the differences? Why does it matter? - Room 718

Conference Wrap Up

This panel will discuss the blurring lines between cyber security and privacy management both in terms of operations and regulatory requirements for leading organizations. What is the role of the CISO? And the Chief Privacy Officer? Many see these roles as merging, but should they? Are risk and liability reduced or compounded by a merged role? And what happens in the event of a crisis where the one function judges the other? Join the discussion and debate as this esteemed panel looks at real life crisis, how they were managed, and the outlook going forward under regulations such as GDPR, PIPEDA, and the California Consumer Privacy Act. From the opening views of ICRMC on the cyber threat and regulatory landscape, the panel closes ICRMC by making it real, with takeaways relevant to your organization.

Marilyn HorrickEVP & COO, MSA Research Inc.

4:15 PM

5:00 PM

Panelist Anahi SantiagoCISO, Christiana Care Health System

To learn more and register:www.insurtechnorth.com

Visit our website to learn more aboutthis year’s outstanding agenda andstellar lineup of speakers.

2019May 23RD & 24TH

BEANFIELDCENTRE,TORONTO

Where Insurance Leaders & InnovatorsMeet to Create Opportunity & Growth

Surfing the InsurTech Riptide

2019

Speaker Bios

MAKING IT REALPG 16

Joel Baker has devoted his career to the insurance industry, gaining expertise as one of Canada’s leading authorities on insurance industry analytics. In 2004, he founded MSA Research Inc., the renowned analytical research and financial publishing firm entrusted to provide independent, accurate research and analysis to all those who have a stake in the

Canadian insurance industry. MSA Research Inc.’s clients include the overwhelming majority of Canada’s insurers, reinsurers, brokers, reinsurance brokerages, risk managers, industry associations, regulators, investment bankers and equity analysts.

Joel began his career in the insurance industry with the Sun Alliance Insurance Company of Canada, now part of RSA Canada. In 1994, recognition of his analytical capabilities resulted in him being offered the position of General Manager with the Canadian rating agency, TRAC Insurance Services Ltd., which he led until 1999. When the company was acquired by A.M. Best, he led A.M. Best Canada for four more years, during which time he was heavily involved in the rating process of property and casualty insurers, as well as life insurance companies.

Joel’s depth of understanding of the Canadian insurance industry makes him frequently called upon to comment on industry results. He is often quoted on his unique perspective of the industry. It was Joel’s commitment to the industry that prompted him to create a forum in which all of Canada’s insurance leaders could unite to share ideas, insights and initiatives that would strengthen the country’s property and casualty insurance industry. In 2007, he launched the National Insurance Conference of Canada (NICC), which quickly became the Canadian P&C industry’s pre-eminent leadership forum. The highly anticipated 13th NICC will be held at the Sheraton Centre in Montreal, QC from September 22-24, 2019.

New in 2018, MSA launched InsurTech North. This new forum is designed specifically for digital leaders, entrepreneurs and venture capitalists in the P&C and Life/Health insurance space. The 2nd annual InsurTech North will run from May 23-24, 2019 at the Beanfield Centre in Toronto.

Now going into its fifth year in Canada and into its second year in Bermuda, the International Cyber Risk Management Conference (ICRMC) addresses the most salient and timely issues that will help organizations manage cyber risk internally and effectively transfer it. The ICRMC brings together the most comprehensive spectrum of issues and experts in one place. The Bermudian edition of the ICRMC will run Dec 4-6, 2019 at the Hamilton Princess and Beach Club. The 6th US/Canada edition of ICRMC will be held April 15-16, 2020 at the Metro Toronto Convention Centre.

In 2014, Joel also founded Catastrophe Indices and Quantification Inc. (CatIQ), delivering detailed analytical and meteorological information on Canadian natural and man-made catastrophes. Through its online subscription-based application, CatIQ combines comprehensive insured loss indices and other related information to better serve the risk management needs of the insurance and reinsurance industries. CatIQ’s fifth annual CatIQ Connect Conference will take place at the Metro Toronto Convention Centre, February 3-5, 2020.


Your business may face cyber threats. It takes a partner at the forefront of the cyber curve to help you prepare, respond and recover from the attacks. AIG can guide you through this ever-evolving, 24/7 world. A world that never sleeps. So, we’re always on.

Learn more at AIG.ca/cyberedgeAIG Insurance Company of Canada is the licensed underwriter of AIG property casualty insurance products in Canada. Coverage may not be available in all provinces and territories and is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. © American International Group, Inc. All rights reserved.

2019

Speaker Bios

MAKING IT REALPG 18

Adam Segal is a cybersecurity expert who is at the forefront of this burgeoning field. In his talks and in his new book, The Hacked World Order, he provides meaningful answers to urgent questions about hacking, cyberwar, and surveillance. What’s happening with our data? How

can we protect ourselves? And what are the real, imminent cyber threats that exist in our post-Snowden world?

Adam Segal has testified before Congress and briefed the Joint Chief of Staffs, State Department, Office of the Director of National Intelligence, and Department of Commerce on Chinese cyber espionage. The Director of Cyberspace and Digital Policy Program at Council on Foreign Relations, his talks discuss the intricacies behind U.S./China cyber relations—can the two countries break out of a dangerous cycle of competition and find areas of cooperation?—and what we as individuals and companies need to know and do about privacy, surveillance, and cybersecurity.

He was project director for CFR’s Independent Task Force report Defending an Open, Global, Secure, and Resilient Internet, and is the author of the books Digital Dragon: High Technology Enterprises in China and Advantage: How American Innovation Can Overcome the Asian Challenge. His new book, The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age, exposes how the Internet has ushered in a new era of geopolitical maneuvering, and reveals its tremendous and terrifying implications for our economic livelihood, security, and personal identity. His other writing has appeared in The Economist, The Financial Times, Foreign Policy, The Wall Street Journal, and Foreign Affairs. He writes CFR’s Asia Program blog, Asia Unbound, which is carried by Forbes.

Segal is on the board of the Cyber Conflict Studies Association, has been a visiting scholar at MIT’s Center for International Studies, the Shanghai Academy of Social Sciences, and Tsinghua University in Beijing, and has taught at Vassar College and Columbia University.

Adam SegalICRMC 2019 Emcee and Director of Cyberspace and Digital Policy Program Council on Foreign Relations (NY)

© 2019 SLICE INSURANCE TECHNOLOGIES INC.

Join us at ics.slice.is

Creating innovative solutions through partnerships.

Because there is no such thing as “catch and release”

with this type of phishing.

Our cyber insurance solution for SMBs was created in just 8 weeks.

MAKING IT REALPG 20

2019

Speaker Bios

Phyllis has more than 15 years of government and private-sector experience in senior cybersecurity positions and leads Promontory’s cybersecurity practice.

She joined Promontory from the Department of Homeland Security, where she served as the deputy undersecretary for cybersecurity and communications and led responses to cybersecurity threats against corporations, civilians, and the government. During her DHS tenure, Phyllis led the defensive cybersecurity operational mission to mitigate and respond to cyberthreats across the federal civilian government and private sector. She supported the department’s mission of strengthening the security and resilience of the nation’s critical infrastructure, working with all areas of the department, government agencies, law enforcement, and the private sector. Phyllis led the transformation of signature technology applying analytics to the central cyber protection that the DHS provides to civilian agencies.

Prior to the DHS, Phyllis served as chief technology officer for the global public sector at McAfee, where she was responsible for products and services used by governments to counter global cyberthreats and maintain industrial and telecommunications security. She also led the development of the firm’s crowdsourced real-time cyberthreat intelligence and analytics used to protect critical infrastructure, played a key role in developing McAfee’s cybersecurity policy position, and on several occasions testified before Congress on cybersecurity technology and policy.

Phyllis was a member of the Center for Strategic and International Studies’ commission that advised President Barack Obama on cybersecurity. She was chairman of the board of directors of the National Cyber-Forensics and Training Alliance, a partnership between corporations, government, and law enforcement for using cyber analysis to combat international cybercrime. Phyllis was also vice chairman of the National Institute of Standards and Technology’s advisory board on information security and privacy, and she served for eight years as national chairman of the board of directors of the FBI’s public-private InfraGard program. She has briefed and worked with several foreign governments to form partnerships with the U.S. for information sharing, infrastructure protection, and cybersecurity. Phyllis holds several information-security and technology patents.

Phyllis holds a Ph.D. in computer science from the Georgia Institute of Technology, as well as an M.S. in computer science and a B.S. in computer science and mathematics from John Hopkins University.

Phyllis SchneckManaging Director and Global Leader of Cyber Solutions, Promontory, an IBM Company



2019

Speaker Bios

Adel Melek is Deloitte’s Global Vice Chairman of Risk Advisory and Global Lead Client Service Partner for Royal Bank of Canada.

Adel has over 25 years of diversified professional services experience serving large and complex global organizations on matters related to strategic and operational risk, cyber security, IT controls, financial risk, large scale technology implementations and integration and regulatory compliance. His Deloitte international experience includes advising clients in over 50 countries.

In addition to his client service engagements, Adel has held a wide range of senior leadership roles within Deloitte, including being a member of Deloitte’s Global Executive team, Deloitte’s Global Business Leaders Committee, Enterprise Risk Services Global leader for Global Financial Services Industry (2001-2011), E-Business Leader for Financial Services (1999-2005), National and Global leader for Information and Technology Risk (2005-2011), and National and Global Leader for Security, Privacy & Resiliency (1998 – 2011).

Adel has authored and led a number of research publications, benchmarking studies and surveys, some of which were constantly referenced and used globally, and have been referenced in various high profile research and advisory work including for example the U.S. Presidential Committees on Cyber Security, and more recently in the President’s Identity Theft Task Report, “Combating ID Theft; A Strategic Plan”, and a Cyber Guide for Board of Directors www.deloitte.com/cyberguide.

Adel has been an advisor and member to a number of industry and professional organizations, including the Canadian Cyber-security Information Sharing Hub (which has representation from Canada’s most prominent organizations). He is a board member of Compute Canada and a member of the Public Influence & Advocacy Committee of the Information Systems Audit & Controls Association (ISACA).

Adel has a Masters of Science in Information Systems from DePaul University in Chicago; a Diploma in Information Systems Auditing from the same university; and a Bachelor of Commerce in Accounting.

Adel is a Certified Public Accountant (CPA – US), a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Manager (CISM), a Certified Information Systems Auditor (CISA), Certified in Risk & Information Systems Controls (CRISC), and Certified in the Governance of Enterprise IT (CGEIT).

Adel MelekGlobal Vice Chairman, Risk Advisory, Deloitte LLP

2019

Speaker Bios

MAKING IT REALPG 22

Beth leads Deloitte Canada’s Data Protection and Privacy practice nationally and is partner within Deloitte’s Cyber Risk practice. Beth has a proven track record of establishing business aligned risk management programs to drive growth and innovation for our clients. Beth supports our clients in designing privacy enhancing strategies to enable data driven programs. Beth

also advises our clients on issues relating to cyber risk and protecting critical data assets. Beth is currently advising financial institutions, retailers, utilities and government on Canadian privacy laws, GDPR readiness, and privacy and cyber risk management. Beth has also designed corporate privacy programs, trained chief privacy officers, and conducted dozens of privacy risk assessments, data mapping exercises and incident response simulations. Beth developed the foundational Privacy by Design Certification Assessment methodology in support of the Certification Program launched by Ryerson University and has supported the successful certification of 6 technology platforms in Privacy by Design. Finally, Beth has authored papers on a variety of topics related to privacy and data protection and has spoken a various industry conferences.

Beth DewittPartner, Risk Advisory, Deloitte LLP

Daniel Dobrygowski is the Head of Governance and Policy for the World Economic Forum Centre for Cybersecurity (C4C). He advises the C4C on legal and policy matters, oversees projects and research relating to cybersecurity governance, norms, law, regulation, and standards. The Governance and Policy unit at the C4C also leads efforts to convene business and government

leaders to build consensus on actions aimed at supporting global public goods that sustain technological innovation.

Prior to coming to the Forum as a Global Leadership Fellow, Daniel practiced law in San Francisco and Washington, DC, counselling clients on antitrust/competition, consumer protection, and privacy matters in regulatory proceedings, investigations, and litigation. His expertise and areas of research include cybersecurity & resilience, privacy, competition regulation, intellectual property, internet rights, and corporate governance.

Daniel holds an MPA from Harvard University’s Kennedy School of Government, a JD from the University of California, Berkeley, School of Law (Boalt Hall) where he was an editor of the Berkeley Technology Law Journal, and a BA from the Johns Hopkins University. He began his career teaching high school English with Teach for America.

Daniel DobrygowskiHead of Governance and Policy, World Economic Forum Centre for Cybersecurity (C4C)

With the World Watching…We Deliver. We deliver answers that span the credit spectrum. With complex markets, the credit health of your counterparties and investments evolves constantly.

Our end-to-end suite of credit solutions delivers the tools you need to know more, and know it faster.

To get the full picture of our solutions, visit us at spglobal.com/marketintelligence

MAKING IT REALPG 24

2019

Speaker Bios

David J. Hickton is the founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security. At Pitt, Mr. Hickton also has secondary faculty appointments as professor in the School of Law, the School of Computing and Information, and the Graduate School of

Public and International Affairs. Prior to coming to Pitt, he served as United States Attorney for the Western District of Pennsylvania. He was nominated by former President Barack Obama on May 20, 2010, and was confirmed by the U.S. Senate on Aug. 5, 2010. He was sworn in as the District’s 57th U.S. Attorney on Aug.12, 2010.

Prior to becoming U.S. Attorney, Hickton engaged in the private practice of law, specifically in the areas of transportation, litigation, commercial and white-collar crime. He began his legal career serving as a law clerk for the Honorable U. S. District Judge Gustave Diamond from 1981 to 1983. For more than a decade, Hickton was an adjunct professor at the Duquesne University School of Law, where he taught antitrust.

A fellow of the American College of Trial Lawyers and the Academy of Trial Lawyers of Allegheny County, Hickton has been admitted before numerous courts, including the U.S. Supreme Court and the Pennsylvania Supreme Court. At the request of President Bill Clinton, he previously served on the President’s Advisory Committee on the Arts for the John F. Kennedy Center for the Performing Arts.

Hickton has long been a staunch supporter of many civic organizations, including those that benefit children and the arts. He served as an executive board member and president of Pittsburgh Public Theater and was a member of the Pittsburgh Cultural Trust.

Mr. Hickton is a 1978 graduate of the Pennsylvania State University and a 1981 graduate of the University of Pittsburgh School of Law.

In 2016, Pitt’s School of Law named Hickton one of its Distinguished Alumni. That same year, The Legal Intelligencer named him Pennsylvania Attorney of the Year. Hickton and his wife, Dawne, have been generous supporters of Pitt in a number of projects, including helping to establish the Loren H. Roth, MD, Summer Research Program in the School of Medicine. Pitt recognized Hickton as a Legacy Laureate in 2013 and also that year presented him with its 225th anniversary medallion, an honor bestowed on alumni who have brought particular honor to the university through their work and service.

During his tenure as U.S. Attorney, Hickton’s signature Cyber Threat achievements included:

• Brought first of its kind indictment against five members of the Chinese military for economic espionage against Pittsburgh-based companies and organizations.

• Created a dedicated section in the U.S. Attorney’s Office to focus on cybercrime and national security

• Prosecuted groundbreaking cases such as Darkode, the largest English-speaking cybercrime forum, and Evgeniy Bogachev, creator of GameOver Zeus and Cryptolocker malware, among others.

David HicktonFounding Director, University of Pittsburgh Institute for Cyber Law, Policy & Security, former U.S. Attorney for Western District of Pennsylvania at the DOJ under U.S. A.G. Lynch



2019

Speaker Bios

Amber Kanwar is an anchor and reporter appearing on The Open and The Disruptors. Kanwar is a relentless digger, always looking for ways to break news and bring exclusive information and insight to BNN Bloomberg’s audience.

Amber is a homegrown product of the BNN Bloomberg newsroom, working her way up from intern, to segment producer, and now to anchor. She specializes in equity markets and is constantly seeking out stocks flying under the radar, trends that are about to emerge, and curating research to make it accessible to viewers. She is a leader in breaking news; reporting on Canada’s booming online gaming sector, activist interest in one of Canada’s biggest pipeline companies and one of the most plugged in reporters on the turnaround effort at BlackBerry.

Amber has interviewed CEOs from across Canada’s C-Suite including Blackberry’s John Chen, Manulife’s Don Guloien, and Ontario Teacher’s Pension Plan’s Jim Leech to name a few. Prior to joining BNN Bloomberg, Amber completed her Master of Journalism degree at Ryerson University. Her Master’s thesis was an investigative story into the fertility industry that broke a national scandal and appeared on the front page of The Globe and Mail.

When Amber is not poring over analyst reports, you can find her at Monk’s Café enjoying the big salad or duck hunting in West Monroe, Louisiana.

Amber KanwarAnchor and Reporter, BNN Bloomberg

Doug Howard serves as the Vice President, Global Services for RSA. In this capacity he leads the RSA Risk and Cybersecurity Practice, Customer Success and Support, Education Services, Partner First Services Enablement, the RSA Advanced CyberDefense (ACD) Practice, and the world’s leading Incident Response (IR) Practice. Creating high-value solutions that can be

operationalized and provide the flexibility to evolve based on the risk and threats organizations face, Doug delivers world-class enterprise solutions.

Doug has more than twenty-five years of experience as a technology leader and innovator in security with a highly-developed background in financial analysis, business creation, risk analysis and operational management of complex mission-critical service provider and enterprise environments. He has held notable leadership roles in operations, engineering, business strategy development, marketing and sales, and other executive leadership positions such as COO at BT Counterpane, Chief Strategy Officer at Silversky/Perimeter eSecurity (now part of BAE), Vice President of Security and Business Continuity at AT&T, and CEO of SAVANTURE (now part of Blue Ally).

Former member of the U.S. Air Force, Howard holds a Bachelor’s degree in Management and Marketing from Strayer University.

Doug HowardVice President, Global Service and IT Innovation, RSA

2019

Speaker Bios

MAKING IT REALPG 26

Vivek Khindria, Vice President Cyber Security & Technology Risk, Loblaw Company Limited, CISSP, CISM, BSc. At LCL Vivek leads the cyber security and technology risk program for one of the largest businesses ($50B) in Canada, largest loyalty program, and business services that span across retail, pharmacy, beauty, healthcare, banking, telecom, travel, and insurance.

Vivek experience across a number of sectors, 9 years University/Research environment, 15 years in Financial Services, 6 years in Telecommunications, and currently leading Security and Risk in one of the largest businesses in Canada LCL, which includes over 22 brands, 200K employees across retail, financial services, health and pharmacy, beauty and ecommerce.

Vivek’s experience includes development and implementation of trading floor systems, SOX and PCI-DSS compliance programs, information security benchmarking, Cyber strategies, securing software development, big data analytics for security, project and supplier assurance, web assurance and control frameworks, security standards, security testing, and securing mobile networks, infrastructure and devices.

Vivek was a significant contributor to the creation of the not-for-profit Canadian Cyber Threat Exchange (CCTX.ca) to help business in Canada more easily share information security relate threat information and best practices. Vivek is the elected representative for Canada on the Information Security Forum executive council, which is a member driven global organization comprised of Fortune 500 companies.

Vivek KhindriaVice President, Cyber Security & Technology Risk, Loblaw Company Ltd.

Nick Steele serves as Vice President of Governance Risk and Compliance (GRC) within Dell’s Security and Resiliency Office. In this role, Nick is responsible for leading the development, implementation and assessment of Dell’s security policies and standards, and for the implementation of a risk management framework and platform to assess and manage security

risk across Dell’s businesses, vendors and business partners.

Before joining Dell, Nick served as the Deputy Global Chief Information Security Officer for the Sony Group family of companies, where he was responsible for helping to build Sony’s first global information security and privacy organization, with primary responsibilities for global security governance and risk management, as well as serving as the Executive Information Security Officer for Sony’s global IT organization. Prior to joining Sony, he ran a UK-based security consultancy practice working with numerous clients including global blue-chip organizations to implement security governance frameworks, identify and manage business risk, and helping them achieve various security certifications and accreditations to industry standards such as ISO27001 and PCI DSS. Nick originally comes from an IT operations and management background and has over 30 years’ experience in IT and Information Security practices.

Nick SteeleDeputy CSO, Dell

Cyber everywhere. Go anywhere.Cyber is about starting things. Not stopping them. Sparking the confidence that builds the freedom to create. With human insight, technological innovation, and comprehensive cyber solutions, we’re by your side for all things cyber.

Learn more at deloitte.ca/cyber

© Deloitte LLP and affiliated entities.

MAKING IT REALPG 28

2019

Speaker Bios

Greg Markell is a leading insurance expert on the topic of cyber and privacy liability. He has advised public, private, and non-profit organizations regarding their risk transfer of organizational exposure to cyber-related losses.

Greg began his career underwriting for a large national insurer, starting in property and casualty before quickly moving into executive and professional risk, with a focus on director’s and officer’s (D&O) insurance. He then moved on to join a national brokerage, focusing on specialty insurance products for financial services companies, including D&O and cyber liability. He left this firm as a partner in 2014 and joined a top 10 global broker, where he was a resource for his colleagues for D&O and the practice leader for cyber and privacy liability.

Greg received his Bachelor of Commerce degree with a minor in Economics from Queen’s University. He is a Fellow Chartered Insurance Professional and an accredited Canadian Risk Manager.

Greg MarkellPresident and CEO, Ridge Canada Cyber Solutions

As national practice leader, Greg is charged with helping clients make informed decisions pertaining to emerging cyber risk issues. Specifically, he develops client specific product solutions, manages and fosters market relationships, and assists Marsh offices/colleagues across all industry verticals. He also works closely with Marsh’s Risk Consulting ERM team, helping client’s

assess, analyze, quantify/measure, and transfer va rious cyber perils.

EXPERIENCE Greg joined Marsh in 2006, and was an integral part of the Financial Institutions & Professional Services Industry Practice. He now focuses solely on providing solutions for cyber risk issues in all industry verticals. Greg has vast experience in Directors and Officers Liability, Professional Liability, Financial Institutions Bonds/Crime, Property and Casualty, Technology E&O, and has placed Cyber/Privacy Liability coverage on behalf of some of the country’s largest organizations. Greg speaks regularly on cyber issues, is on the advisory committee of the International Cyber Risk Management Conference, and has been named a top 10 (broker) under 40 by Canadian Insurance Magazine.

PROFESSIONAL DESIGNATIONS & EDUCATION • MBA, Laurentian University • Canadian Risk Management (CRM) • Canadian Accredited Insurance Broker (CAIB)

AFFILIATIONS • Member, Risk and Insurance Management Society (RIMS) • Member, ISACA

Greg EskinsManaging Director, Specialties Leader, Marsh Canada



2019

Speaker Bios

Ruby Rai leads the Cyber and Technology risk portfolio for AIG Canada. She actively participates in public forums to promote AIG’s expertise in cyber insurance and guides the team to stay ahead of the evolving cyber risk market.

Ruby has over 11 years of insurance experience which includes being a financial lines broker and spearheading national cyber practice at a tier 1 brokerage in Canada. In her previous role as a broker, she advised clients in assessing their cyber risks and finding the right solutions for cyber risk transfer.

Ruby is a certified Information Privacy Professional and also holds her CRM designation.

Ruby Rai, CIPP/C, CRMManager, Cyber & Professional Liability, AIG Canada

Brian Rosenbaum joined Aon Reed Stenhouse in November 2006, and is Senior Vice President and the National Director of Aon’s unique Legal and Research Practice (LARP) that works in conjunction with the Financial Services Group. His department provides risk transfer counsel and solutions to many of Canada’s most prominent corporate executives and boards. Currently

considered an authority on insurance matters dealing with management liability, Brian contributes regularly to prominent industry publications and is a much sought after speaker on these issues. Brian is also Aon Canada’s National Cyber and Privacy Practice Leader and in that capacity he was the impetus behind the creation of the first “made in Canada” stand alone Privacy Liability Insurance policy and was regularly consulted during the creation process. Brian has been at the forefront of the privacy breach exposure issue within the Canadian insurance industry and continues to lecture and publish on this important topic.

Prior to his Aon engagement, Brian developed continuing legal education programs with an emphasis on management liability insurance, worked in private practice, and was General Counsel of a Toronto-based group of companies. Brian is a graduate of Osgoode Hall Law School and a member of the Ontario Bar.

Brian RosenbaumSVP, National Cyber & Privacy Practice Leader, Aon Reed Stenhouse Inc.

2019

Speaker Bios

MAKING IT REALPG 30

Michael Stramaglia was appointed as the Global Risk Institute’s first Executive in Residence in January 2014, where he assists GRI management in the development of leading edge ERM research and education programs.

Mr. Stramaglia is the President and Founder of Matrisc Advisory Group Inc., a consulting firm that specializes in the provision of enterprise risk management advisory services to the financial services sector.

He currently serves on the boards of the Equitable Bank, the Economical Insurance Group, Foresters Financial and Munich Re Canada.

Mr. Stramaglia has over 30 years of financial services professional and leadership experience, including over 10 years with Sun Life Financial where he served as a member of the International Executive Team and led the development of one of the insurance industry’s leading ERM practices as Executive Vice-President and Chief Risk Officer for the company’s global operations. He joined Sun Life Financial in 2002 following its acquisition of Clarica, where Mr. Stramaglia held the position of Executive Vice-President and Chief Investment Officer and was also head of the International Reinsurance Business.

Prior to joining Clarica, Mr. Stramaglia worked for over 13 years with the Canadian operations of the worldwide Zurich Financial Services Group, where he held a number of senior executive positions including Chief Actuary, CFO, Chief Operating Officer and President and CEO of the Zurich Life Insurance Company of Canada. His recent consulting experience includes an extended mandate serving as the acting Chief Risk Officer for one of Canada’s largest credit unions.

Mr. Stramaglia is a Fellow of the Society of Actuaries, Fellow of the Canadian Institute of Actuaries and Chartered Enterprise Risk Analyst. He holds the ICD.D designation from the Institute of Corporate Directors and an Honours Bachelor of Mathematics Degree (Actuarial Science and Statistics) from the University of Waterloo.

He maintains a keen interest in advancing risk management best practices and, to this end, he is a frequent speaker and active participant in a wide range of industry and professional forums pertaining to enterprise risk management, capital and solvency.

Mike StramagliaExecutive in Residence, Global Risk Institute

BREACHES ARE INEVITABLE, BEING A HEADLINE ISN’T.

www.FireEye.com

©2019 FireEye, Inc. All rights reserved.

MAKING IT REALPG 32

2019

Speaker Bios

Jack Jones has worked in technology, information security, and risk management for over thirty years. He has ten years of experience as a CISO with three different companies, including five years at a Fortune 100 financial services company. His work there was recognized in 2006 when he received the ISSA Excellence in the Field of Security Practices award at that year’s

RSA conference. In 2012 Jack was honored with the CSO Compass award for leadership in risk management. Jack is an active member in ISACA, serving on the task force that created the RiskIT framework and leading the CRISC certification development. He is also an adjunct professor at Carnegie Mellon University, where he teaches risk measurement and management in the CRO and CISO programs. He is also the creator of the “Factor Analysis of Information Risk” (FAIR) framework adopted by the Open Group as an international standard. Currently, Jack is the EVP Research and Development of RiskLens, Inc., and Chairman of the FAIR Institute, a non-profit organization dedicated to evolving risk management practices. He has also co-authored a book on FAIR entitled “Measuring and Managing Information Risk, a FAIR Approach” which was inducted into the Cyber Security Canon in 2016.

Jack JonesCo-founder and Executive VP, Research & Development, Risklens, and Creator of Factor Analysis of Information Risk (FAIR)

Thomas Davies leads the Canadian Financial Services Cyber Risk practice of Ernst & Young LLP. This advisory practice focuses on providing strategic insight and enablement to the three lines of defense of Business, Risk and Audit functions, throughout the Banking, Insurance, and Wealth Management industries.

Over the past 12 years Thomas has worked for, or advised, Global Financial Institutions in developing risk mitigation solutions for unique requirements relating to Cyber Risk, Insider Threat, Fraud, Customer Identity, Regulatory Response, Process Automation, and Machine Learning use case definition.

Thomas currently supports cyber resiliency risk identification, mitigation and regulatory response for Canadian Banking entities with operations in New York, Hong Kong and the United Kingdom. He is also part of a global team at EY responsible for the development of machine learning techniques for the response to Cyber, Fraud and Money Laundering events.

Thomas DaviesAssociate Partner, Cyber Security, Financial Services Office, EY



2019

Speaker Bios

Cynthia Rojas Sejas is VP of Risk Services at S&P Global Market Intelligence. She is part of the Product Research and Innovation team responsible for identifying market trends, new product and partnership opportunities, and developing growth strategies within Risk Analytics. Cynthia has been leading the Cyber Risk initiative for the firm.

Prior to her current role, Cynthia led Latin American market development for S&P Global Market Intelligence. In this role, she developed regional market strategy, strategic client relationships, and content partnerships. She identified regional priorities for our product offerings, and partnered with sales and industry segment specialists to identify opportunities to serve clients across the region.

Cynthia has over 15 years of experience in strategy and management of financial analytics and research across multiple asset classes, and works with decision makers at sophisticated clients to find the best solutions for their firms. Her previous experience includes roles as Senior Product Strategist and Vice President of Product Management at Moody’s Analytics.

Her experience includes exposure to Financial Institutions, Sovereigns, Corporates, Municipal Finance, and Structured Finance. Cynthia holds a Bachelor of Science degree from the University of Mississippi, and attended the MBA program at the University of North Carolina at Charlotte.

Cynthia Rojas SejasVice President, Risk Services, S&P Global Market Intelligence

• Partner, Deloitte North-West Europe • Leading Board-level engagements with global clients in multiple sectors on cyber and financial crime

• Highly experienced security professional with global profile and reputation • Credited with leading the transformation of Europol into a world-class security institution and centre of innovation on cyber security, terrorism and financial crime • Awarded a Knighthood for services to policing and security by HM The Queen in 2018

Professional/client experience • June 2018: Joined Deloitte as senior partner in cyber, financial crime and other areas of risk • 2009-2018: Executive Director of Europol • 2016: Established the European Counter Terrorism Centre at Europol • 2013: Established the European Cybercrime Centre at Europol • 2010 to present: Leader of public-private cooperation initiatives on cyber at the World Economic Forum • 2000-2009: Senior positions in national law enforcement agencies, UK • 1989-2000: Intelligence Officer, MI5

Sir Rob WainwrightPartner, North-West Europe, Deloitte and former Executive Director of Europol

2019

Speaker Bios

MAKING IT REALPG 34

Steve J Tenai is a partner of Aird & Berlis LLP. His practice focuses on corporate and securities related litigation and he has represented companies and directors/officers over a broad range of commercial issues. Steve has defended public companies and/or directors/officers in numerous securities class actions including for Nortel Networks Corporation, Bell Canada

International, Royal Group Technologies Limited, SunOpta Inc., Gildan Activewear, SNC Lavalin, ArcelorMittal and Baffinland Iron Mines. He also is experienced in responding to investigations by securities regulators, including within the context of cross-border investigations by securities and law enforcement agencies.

Steve was a member of the legal team representing BCE before the Supreme Court of Canada concerning the proposed privatization of BCE; represented one of Research In Motion’s senior officers in OSC settlement proceedings relating to option grants; and was a member of the defence team representing Conrad Black on various matters concerning Hollinger Inc. before the Ontario courts. He represented SNC-Lavalin and its outside directors in a $1 billion securities class action relating to alleged misrepresentations over to its controls and procedures around anti-corruption and bribery. Steve has also advised Boards and senior management on litigation risk mitigation strategies, particularly with respect to class action risk. He has previously written and spoken on such topics as coordinating defences and investigations in cross-border securities litigation, trends in class action litigation, the oppression remedy, derivative actions, directors’ and officers’ liability, and civil litigation practice. Steve was admitted to the Ontario Bar in 1992 and received his LL.B. from the University of Toronto in 1990 and his LL.M. from the University of Michigan in 2000. He clerked at the Supreme Court of Canada.

Steve TenaiPartner, Aird & Berlis LLP

Azam Dawood is the Head of Technology Procurement for the BMO Financial Group and has been in the procurement space in North America for over 15 years. Having built Strategic Sourcing organizations at multiple large institutions and also having negotiated over 150 procurement, outsourcing and M&A agreements, Azam is well versed in the opportunities

and challenges facing the procurement world today. His articles have appeared in numerous publications, including Outsource Magazine and the Huffington Post. Azam holds a Chemistry and Chemical Engineering degree from McGill University and an MBA in strategy from Warwick Business School.

Azam DawoodHead of Technology Procurement, BMO

ZURICH INSURANCE.FOR THOSE WHO TRULY LOVE THEIR BUSINESS.

With the right vantage point, you can have a better view of the risks that could affect the business you love. Zurich’s risk profiling is a structured approach that helps identify, prioritize and mitigate risk. We can help you manage your risk rather than just insure against it, so you can focus more on profit and less on risk.

VIEW OUR RISK PROFILING VIDEO AT zurichcanada.com/rp

The Zurich logo and Zurich are trademarks of Zurich Insurance Company Ltd. This is intended as a general description of certain types of insurance and services available to qualified customers through Zurich Insurance Company Ltd in Canada (“Zurich”). Nothing herein should be construed as a solicitation, offer, advice, recommendation, or any other service with regard to any type of insurance product underwritten by Zurich. Zurich does not guarantee any particular outcome and there may be conditions on your premises or within your organization that may not be apparent to us. You are in the best position to understand your business and your organization and take steps to minimize risk, and we wish to assist you by providing the information and tools to help you assess your changing risk environment. © 2019 Zurich Insurance Company Ltd. All rights reserved

ENJOY A BETTER VIEWOF RISKS ACROSS

YOUR BUSINESS.

MAKING IT REALPG 36

2019

Speaker Bios

Richard is a partner in PwC’s Cybersecurity & Privacy Consulting practice. He helps boards and management teams understand and strategically defend against the rapidly evolving cybersecurity threats today. His unique board cybersecurity framework equips directors and management teams to have the right dialogue about cyber strategies, resources, processes,

systems, and services.

He has 24 years of professional services experience, including 15 years in a CEO or COO role for publically traded and private companies. He has more than a decade of experience advising boards and C-Suites on governance, strategy, organizational planning, risk, and risk response.

Richard has been published in Compliance Week, Canadian Business, and the Globe & Mail and is a keynote speaker on the cybersecurity & risk in Canada, the US, and Mexico. He is a former board member of CPA Canada’s Corporate Oversight & Governance Board.

Richard WilsonPartner, Cybersecurity & Privacy Consulting, PwC

With more than 25 years of entrepreneurial, retail and technology experience, Michael is currently Senior Vice President and Chief Information Officer at the LCBO. His former roles include Co-Founder and Chief Technology Officer for One Inc., Vice Present, Architecture Relationship Management and Technology Strategy at Canadian Tire Corporation, and various

senior technology roles at Best Buy International and the T. Eaton Company LTD.

Michael has been a visible and significant industry representative as the President of Smart Toronto and Vice President of Information Technology E-commerce and Operations at the Retail Council of Canada. He is currently a member of the Board of Governors for North Toronto Soccer Association, The Canadian Club of Toronto, and the Impakt Corporation. Michael is a graduate of York University, University of Toronto Rotman School of Business Institute of Corporate Directors (ICD) Program and the Harvard Business School Executive Program.

Michael EubanksSenior Vice-President, Information Technology and Chief Information Officer, LCBO



2019

Speaker Bios

Rob Labbé, Director of Information Security at Vancouver based Teck Resources Limited has been working in various roles in information security for the past 20 years. The past 6 years at Teck focused on the security of industrial control systems, ensuring safe production trough Teck’s digital transformation. Prior to his current role at Teck Resources, Rob held

progressively senior roles in Microsoft’s internal information security team, and running a successful boutique cyber security consulting company.

In 2017, Rob co-founded the Mining and Metals ISAC, a collaborative community in which threat and incident information is shared in order to improve cyber security of metals and mining companies where he currently serves as chair.

In 2017, he was named to CIM Magazine’s 2017 Names to Know and in 2018 was named as one of the top 20 global security and fire influencers by IFSEC.

Rob LabbéDirector, Information Security, Teck Resources Ltd.

Alexander Rau is a Senior Manager with Mandiant’s Canadian Security Consulting Services practice. Mr. Rau is an IT Security professional with more than 17 years of experience in cyber and IT security, operations and management. His primary responsibilities include leading and delivering incident response and proactive security engagements, practice leadership, and

business development.

Prior to joining Mandiant, Mr. Rau held positions as the National IT Security Strategist for Symantec Canada as well as Sr. IT Security Consulting and Service Delivery Management roles with IBM. He led security teams focused on vulnerability assessment, penetration testing, web application security, and IT Security standard and framework compliance (ISO 27000 series and PCI). He was also the Manager of IT for a small manufacturing company.

Mr. Rau has consulted with many large public and private sector organizations on how to address their security challenges and he holds CISSP and CISM certifications.

Since 2008, Mr. Rau has also been a part-time faculty member at Georgian College in Barrie, ON, teaching computer and network systems security. Combining his experience as Manager of IT and roles in consulting and as an IT security strategist, he is able to bring a unique perspective on how to address the ever changing security landscape and how it impacts organizations.

Alexander RauSenior Manager, Consulting Services, Mandiant

2019

Speaker Bios

MAKING IT REALPG 38

Ben Goodman, CRISC, is the founder and CEO of 4A Security & Compliance, LLC and head of development for CyRisk™ a ground-breaking tool providing data that can be used by Enterprise Risk Managers, insurance underwriters and CISOs as input into their Cyber Risk Analysis models and procedures. Ben has spent the last three decades working in information

technology, technology strategy, and risk management. Ben’s work at 4A Security & Compliance focuses on the intriguing and often nerve-wracking intersection of technology innovation, risk management, and security, working to empower people to transform their cyber-anxiety into awareness, knowledge, and action. His 2017 paper, “The Cyber Risk Ecosystem” won the 2017 Joint CAS/CIA/SOA Risk Management Section, Best Paper Award for Practical Risk Management Applications, and he is also the recipient of ISACA’s CRISC Worldwide Achievement Award. He is a member of the Casualty Actuarial Society’s Cyber Risk Task Force, Cyber Risk Quantification Subgroup. Ben is also a member of the faculty at Drexel University, LeBow School of Business and a Distinguished Fellow of the Ponemon Institute.

Ben GoodmanFounder and CEO, 4A Security & Compliance

Jon Laux is a managing director with Aon Benfield and head of Aon Benfield’s Cyber Analytics practice. Jon leads a global team of actuaries, catastrophe modelers, predictive modelers and cybersecurity professionals focused on helping insurers to grow in cyber insurance and to manage cyber risk effectively through the development of leading edge analytical tools,

business intelligence, and advisory services.

Jon has worked at Aon since 2006 and has held roles spanning strategic, operational, and actuarial functions. Jon most recently served as a senior consultant with Aon Inpoint, the management consulting arm of Aon. He previously held positions in Aon Broking Operations, in the Office of the CEO, and in Aon Benfield’s actuarial team with a focus on management and professional liability.

Jon is a Fellow of the Casualty Actuarial Society, holds graduate degrees from Wright Graduate University and St. John’s College, and an undergraduate degree in Mathematics from the University of Chicago.

Jonathan LauxManaging Director and Head of Cyber Analytics, Aon

Could your biggest cyber risk be the one you can’t see coming?

The better the question. The better the answer. The better the world works. www.ey.com/ca/cyber

MAKING IT REALPG 40

2019

Speaker Bios

Laurence is founder and CEO of nanopay Corporation. Laurence was previously Chief Operating Officer of Bell Mobility and Bell Distribution Inc., where he was responsible for all wireless operations and all retail for Bell Canada. Laurence was VP Wireless at Shaw Communications, a senior executive at Accenture’s London Strategy Practice and co-founder at Xtempus and

Melodeo. Laurence has BSc Computer Science and Economics from the University of Witwatersrand and MBA from London Business School. Laurence currently belongs to two Canadian payment organizations; Finpay and the Stakeholder’s Advisory Council for Payments Canada. He is also a contributor to the United States Faster Payments Task Force.

Laurence CookeFounder and CEO, nanopay

Mike Cook holds two roles within IBM Canada. He is the Managing Partner of IBM’s consulting business (Global Business Services) for clients in the Financial Services Sector. He is also General Manager of the IBM Payments Centre – Canada which integrates Payments solutions and expertise across all of IBM’s business units in Canada. For the past decade and a half, Mike

has been solving problems for clients in the Banking, Financial Markets and Insurance industries. Prior to this, his consulting experience was primarily in the Public Sector with Federal and Provincial governments.

Mike CookManaging Partner, Financial Services Sector, IBM

Dr. Fernandez is an associate professor in the Department of Computer & Software Engineering at the École Polytechnique de Montréal. He heads the Laboratory for Information Security Research (SecSI) and his main area of research is computer security. His current research interests include malware and botnet analysis, security product testing methodologies, critical

infrastructure security and security and integration of logical and physical access control systems. He has several years of professional experience as a practitioner of Information Security in both industry and government.

He holds Bachelor’s degrees in Mathematics and Computer Science and Engineering from MIT, a Master’s from the University of Toronto, and a Ph.D. from the Université de Montréal.

José FernandezÉcole Polytechnique de Montréal



2019

Speaker Bios

Michele Mosca is a founder of the Institute for Quantum Computing, University Research Chair, Professor in the Department of Combinatorics & Optimization at the University of Waterloo, and a founding member of the Perimeter Institute for Theoretical Physics.

He is globally recognized for his drive to help academia, industry and government prepare our cyber systems to be safe in an era with quantum computers. He co-founded evolutionQ Inc. to provide services and products that enable organizations to evolve their quantum-vulnerable systems and practices to quantum-safe ones. He was a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography.

He worked on cryptography during his BMath (Waterloo) and MSc (Oxford) and obtained his Doctorate (Oxford) on Quantum Computer Algorithms.

His current research interests include quantum algorithms and complexity, tools for optimizing the implementation of quantum circuits, and the development of cryptographic tools that will be safe against quantum technologies.

His work has been recognized with several awards and honours including a Knighthood (Cavaliere) in the Order of Merit of the Italian Republic, SJU Fr. Norm Choate Lifetime Achievement Award, Queen Elizabeth II Diamond Jubilee Medal, and Canada’s Top 40 Under 40 (2010).

Michele MoscaCEO and President, evolutionQ Inc.

David Verbeeten is the domain expert in insurance at ConsenSys, a global blockchain venture studio, where he works with a team to create decentralized applications for insurance products and services on the Ethereum network. He was formerly a casualty treaty underwriter at Munich Reinsurance. He is based in Toronto and is a Chartered Insurance Professional by the

Insurance Institute of Canada. He holds a PhD in political history from the University of Cambridge.

As part of his mandate, Dr. Verbeeten engages in public education about blockchains for interested members of the financial industry. His sessions assume no knowledge of the new technology among participants. His presentation begins with a discussion of the core concepts behind blockchains, including double-spending, distributed ledgers, and ownership by communal consensus. He provides an overview of some basic technical aspects, especially private and public keys. He lays out the ways in which blockchains can be extended beyond simple currency transactions to encompass many complex financial contracts. Generic use cases are described, followed by implementations that are more specific to the insurance industry. Dr. Verbeeten’s sessions involve group exercises, including a demonstration of a cryptocurrency transaction, using ‘wallets’ on smartphones.

David VerbeetenDomain Expert (Insurance), ConsenSys

2019

Speaker Bios

MAKING IT REALPG 42

Anahi Santiago is the Chief Information Security Officer at Christiana Care Health System, the largest healthcare provider in the state of Delaware. Prior CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO she has overall responsibility for the organization’s cybersecurity and assurance

program. Santiago leads a team of information security professionals in supporting CCHS’s strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety.

Anahi Santiago holds a B.S. in electrical and computer engineering as well as an executive MBA from Drexel University. She also hold a Certified Information Security Manager (CISM) certification. She is an active contributor and member of several local, state and federal cybersecurity organizations including the Healthcare Sector Coordinating Council’s Cybersecurity Working Group, Delaware Healthcare Cybersecurity Alliance and Philadelphia’s Women and Cybersecurity group.

Anahi SantiagoCISO, Christiana Care Health System

Sooji Seo joined Dell in 2007 as legal counsel for Dell’s Australia and New Zealand business. During her tenure at Dell, Sooji has held various leadership roles in privacy, regulatory compliance and strategic legal advisory support. Sooji currently serves as Vice President and Chief Privacy Officer, which provides a broad range of leadership involving direct support and

execution for the design, development, coordination, implementation and ongoing management of Dell’s global privacy program across Dell’s global enterprise. This position leads a global team of privacy attorneys and certified privacy compliance professionals who are responsible to build, implement and manage a best-in-class and standardized global privacy program, in a highly regulated global environment.

Prior to joining Dell, Sooji was General Counsel for Hunter Douglas Limited and Chubb Australasia. Sooji has over 20 years of legal advisory, compliance risk management and risk governance, regulatory enforcement and commercial litigation experience.

Sooji is also a regular speaker at compliance seminars and conferences in the United States and the Asia Pacific region.

Sooji received her Bachelor of Laws (Honors) from the University of Technology, Sydney and a Bachelor of Computing Science and Mathematics from the University of New South Wales. She is a member of the New South Wales (Australian) Bar Association, the Singapore Corporate Counsel Association and the American Association of Corporate Counsel.

Sooji SeoVice President and Chief Privacy Officer, Dell

Brokers • Underwriters • Claims professionals • Risk managers

DON’T MISS A SINGLE ISSUE

REQUEST A COMPLIMENTARY* SUBSCRIPTION ATCanadianUnderwriter.ca/subscribe

*Canadian Underwriter subscriptions are available free of charge to qualifying P&C insurance professionals.

YOUR GUIDE TO INSURANCE SUCCESS

CUW 19 Subscription half pg Ad .indd 1 2019-03-11 8:27 AM

MAKING IT REALPG 44

2019

Speaker Bios

Kirsten Thompson is a partner in our Corporate group in Toronto and is the national lead of the Transformative Technologies and Data Strategy group. She is also a key member of the Privacy and Cybersecurity group. She has both an advisory and advocacy practice, and

provides privacy, data security and data management advice to clients in a wide variety of industries.

Kirsten’s practice has a particular concentration in data-driven industries and disruptive technologies, and she is a leading practitioner in areas such as Fintech (including blockchain and “smart contracts”), digital identity, Open Data/Open Banking and PSD2 implementation, vehicle telematics and connected infrastructure, Big Data/data analytics applications and enterprise data strategy. She also helps clients prepare for and manage information crises, such as data breaches, investigations and class actions, and has advised financial institutions, insurers, health care providers and providers of critical infrastructure on cybersecurity preparedness and response planning. She has been lead Canadian counsel on some of the largest North American data breaches and has been selected as preferred cybersecurity counsel by a number of Canada’s leading financial institutions and insurance providers.

In her advisory role, Kirsten assists clients in navigating the legal and privacy requirements of new products and technologies, and provides compliance advice both within and across jurisdiction. She counsels clients on issues raised by social media, surveillance, identification and authentication (including biometrics and electronic signatures), vehicle and device telematics (including unmanned vehicles, both aerial and land-based), online behavioural advertising, big data and data analytics, data monetization, and FinTech and open banking. She advises clients on the increasingly significant informational elements of business transactions.

She has extensive knowledge in “Open Banking” and the implications of PSD2 and related regulatory initiatives (e.g. competition, privacy, etc.) affecting the aggregation and use of customer information in the context of financial services.

Kirsten has also advised on enterprise-wide “Big Data” projects, from the initial collection, use, defensible destruction, digitization and data cleaning through to the development of legal and ethical frameworks to guide the use of data analytics (including predictive analytics). She is working with her colleagues on developing a similar framework for the uses of data in artificial intelligence applications.

Kirsten was an early supporter of blockchain, and has been engaged in a number of consultations and pilot projects involving the application of blockchain to identity and authentication issues (including sovereign identity), business licencing processes, and tracking goods/food/drugs through global distribution chains. She has worked with several organizations on “smart contract” projects, and is interested in the possibilities of blockchain for payment security and commercial data security.

She has worked extensively in the “Internet of Things” area and has advised two leading automakers on the consumer-facing agreements with respect to their connected and semi-autonomous vehicles, and several companies in respect of their autonomous aerial vehicles (aka drones) and wearable devices.

Kirsten ThompsonNational Lead of Transformative Technologies and Data Strategy Group, Partner, Privacy and Cybersecurity, Dentons LLP

Join us in Toronto to celebrate, empower and boost the careers of women in insurance.

DON’T MISS OUT ON:

women.insurancebusiness.ca #WomeninInsuranceCA

Save 15% OFF when you register with this code WII15OFF

ANUSHREE PRAKASHDirector,

Operations Personal Insurance Economical Insurance

FOTINI ICONOMOPOULOSCommunication and

Negotiation Consulting Forward Focusing

HEATHER MASTERSONPresident and CEO Travelers Canada

SHARON LUDLOWCorporate Director and Executive in Residence

Global Risk Institute

Essential sessions and panels with industry experts Empowering networking opportunities

Strategies for leadership and mentoring others The lowdown on the issues that matter to you

REG IS TER NOW !

SEPTEMBER 22ND-24TH, 2019LE CENTRE SHERATON MONTREAL

NICCANADA.COMW H ER E I N D US T RY LE A D ER S M EE TTM

FOR MORE INFORMATION: BERMUDA.ICRMC.COM

A n E s s e n t i a l F o r u m f o r R i s k E x p e r t s

DEC 4-6, 2019

HAMILTONPRINCESS &BEACH CLUB

Save The Date

APRIL 15-16, 2020METRO TORONTOCONVENTION CENTRE

2019 making it real - usa-canada.icrmc.com · 2019 making it real agenda monday april 15th 2019 we...

Documents