Call For Presenters (CFP)

BSides Ottawa will have one track (with "availability" for additional, ad-hoc talks that come up during the event). The track will be talks voted on/confirmed before the event. 

Please submit a talk by using the following page or by emailing your talk to bsidesottawa@gmail.com. Please note, all talks will be posted on this page so that all may see what kinds of talks to expect.

CFP Selection Committee

Andrew Hay, Senior Analyst, The 451 Group

Justin Foster, Architect, Trend Micro

Jack Daniel, Community Development Manager, Astaro AG

Peter Giannoulis, Principal Consultant, Source 44 Consulting Incorporated

Mike Gibson, Security Architect, Trend Micro

Talk Template:

• Name: (Title) (link/Twitter)
• Title: 
• Length: 20min/50min
• Abstract: 

Talks

Please update with your: name, contact information (email, twitter, website), presentation title, and short description.  Please leave use the example text as a template.  Simply copy and paste it into a new entry, then edit it to fit your talk.   

• Name: Andrew Hay, Senior Analyst, The 451 Group, @andrewsmhay
• Title: Empty Pocket Forensics
• Length: 50min 
  
• Abstract: The perception that forensic investigation and response tools are too costly to be purchased by most organizations is a myth. Many organizations are forced to decide if the costs associated with forensic analysis exercises overshadow the risk of turning a blind eye. However, without knowing the details of how a breach or malware infection occurred, there is no way of knowing how to prevent it from happening again. This presentation will show that the costs of undertaking forensic investigations, using freely available tools, can easily find a place in the smallest of budgets.

• Name: Andrew Hay, Senior Analyst, The 451 Group, @andrewsmhay
• Title: My Life on the Information Security D-List
• Length: 50min 
  
• Abstract: People new to information security often find themselves wondering how to make a name for themselves in the industry. Andrew Hay has lived most of his career on the D-list but has worked hard to increase his status in the hopes of someday landing that coveted A-list position. Through this talk we’ll discuss how to expand your circle of influence, how to build your personal brand, and how to move up from the dreaded Infosec D-List.

• Name: Peter Hillier, CISO MD Physician Services Inc. (A CMA Company), @DeathwishDuck
• Title: So I've adopted an EMR; What's the worst that can happen?
• Length: 50min 
  
• Abstract:  Peter Hillier will discuss the need to properly regulate eHealth in order to ensure security technical controls are assessed in the certification, implementation and use of eHealth solutions across the board. He will outline the current disconnects between the requirements to certify EMR solutions as Class 1 Medical devices and the need to make the residual data private and secure. Current certification bodies do not contain guidance for vendors or physicians. Who should step up?

• Name: Will Gragido Security Researcher / Consultant / Practioner  @wgragido
• Title: “Through the Rabbit Hole: An Expose of Darknets and the Onion Routed Underground”
• Length: 50min
• Abstract: The Internet and cyberspace are far from what they appear to be.  For years an evolution revolution has been underway.  This evolution revolution has seen advancement, growth, adaptation and change occur in order to both propagate and defend against new and advanced threat vectors, many of which do not traditionally reside in the realm of the information security warrior but are swiftly becoming more a part of it.  Among these, the onion routed anonymous network is playing a greater and greater role.   These networks leverage cryptographic ciphers to aid in concealing routing instruction information thus preventing detection by intermediary nodes.   They take on many forms some being embraced and celebrated as voices of free press and expression, while others are used for the trafficking and trade of goods and services within the cyber-criminal sub-ecosystem.  During this presentation you will gain an insight into the realities of these networks, their owner / operators, the conventional wisdom employed by these parties, their clientele and an informed look glimpse of the type of data which is trafficked within these environments. 

• Name: Erich Samuel, Security Analyst, erich@adeptus-mechanicus.com
• Title: Learning from Bruteforcers
• Length: 50min
• Abstract: Can we learn anything from been targeted by 680 odd sources? Can we learn from over 130 thousand bruteforce ssh attempts? And I mean besides "Change the port dummy!".  I think that we can. I believe in basing actions on fact. Fact which can easily be shown and understood by others. So lets take a look at what we can find out and learn from looking at these bruteforcers and what this means for the advice we give and the actions we take.  

• Name: Andrew Hay, Keli Hay, <TBD1>, <TBD2>
• Title: InfoSec Mentors Panel
• Length: 50min
• Abstract: Inspired by the Mentors Workshop at SOURCE Boston 2010, the InfoSec Mentors project hopes to increase the positive impacts of mentoring relationships in the Information Security community.

• Name: Peter Giannoulis, Source44 Consulting
• Title: <pending>
• Length: 50min
• Abstract: <pending>

• Name: Peter Giannoulis, <TBD1>, <TBD2>, <TBD3>
• Title: <pending panel>
• Length: 50min
• Abstract: <pending> 

• Name: Sean Murray-Ford, Access2Networks Inc.
• Title: <pending>
• Length: 50min
• Abstract: <pending>

• Name: Keli Hay, PulseLearning
• Title: <pending>
• Length: 50min
• Abstract: <pending>

• Name: Benoît H. Dicaire, InfoSec Strategist, INFRAX, @BDicaire
• Title: Using ISO 27005 for Risk Assesment 
• Length: 50min
• Abstract: According to ISO/IEC 27001:2005, The risk assessment methodology selected shall ensure that risk assessments produce comparable and reproductible results. However, this International Standard does not provide any specific methodology for information security risk management. Benoît will discuss concepts, models, processes and terminologies described in ISO/IEC 27005 to obtain a systematic approach to information security risk assessment.

• Name: Sherif Koussa @skoussa
• Title: Tweet My Trojan Please
• Length: 50min
• Abstract: Social media became part of our day to day activities, sure it made us more social but how safe are we tweeting, facebooking or getting Linked ! This presentation will delve into the dark side of the social networks and Privacy Commissioner Report's on Facebook. It will explore some of the recent social media attacks trying to answer the question: Are we safe socializing online? and what can we do about it?
• Name: 
• Title: <pending>
• Length: 50min
• Abstract: <pending>

• Name: 
• Title: <pending>
• Length: 50min
• Abstract: <pending>

• Name: 
• Title: <pending>
• Length: 50min
• Abstract: <pending>