SecureWorld Toronto 2025

Artificial Intelligence (AI) technology enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. AI-based applications (a classic example being a self-driving car) can make detailed recommendations to users and experts and act independently, replacing the need for human intelligence or intervention.

Recognizing the importance of technical standards in shaping development and use of AI, the U.S. President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort… to drive the development and implementation of AI-related consensus standards, cooperation and coordination, and information sharing” internationally.

This PLUS Course focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity. Instructor Larry Wilson breaks down the course into four digestible lessons:

Lesson 1: What Is Artificial Intelligence: Includes an overview of Artificial Intelligence, how AI is used today (case studies), the current / future state of international AI standards.

Lesson 2: AI Security Threats: How threat actors are using AI to automate stages of the attack lifecycle, including reconnaissance, evasion, privilege escalation, lateral movement, and exploitation.

Lesson 3: AI Security Standards: (1) Secure Design – risks and threat modelling; (2) Secure Development – supply chain security, documentation, asset and technical debt management; (3) Secure Deployment – protecting infrastructure from compromise, threat or loss, incident management, and responsible release; and (4) Secure Operation and Maintenance – logging and monitoring, update management and information sharing.

Lesson 4: AI Risk Management Playbook: (1) Govern – policies, processes, procedures and practices across the organization related to the mapping, measuring and managing of AI risks are in place, transparent, and implemented effectively; (2) Map – context is measured and understood; (3) Measure – appropriate methods and metrics are identified and applied; (4) Manage – AI risks based on assessments and other analytical output from the Map and Measure functions are prioritized, responded to, and managed; (5) Roadmap – key activities for advancing the NIST Artificial Intelligence Risk Management Framework.

Upon completion of the class, attendees will have an up-to-date understanding of AI and its impact on cybersecurity. They will learn what actions organizations should take to benefit from the many advancements available with adopting AI into their security design, development, deployment, operations, and maintenance.

Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

• What are the components of the framework?

• Why is the framework is valuable?

• What type of organizations can use the framework?
  

Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

This session is for SecureWorld Advisory Council members only.

As the cybersecurity landscape evolves, the complexity of responsibly disclosing vulnerabilities has extended far beyond traditional bug bounty programs. The stakes are high: improperly handled disclosures can lead to data breaches, reputational damage, and exploitation by malicious actors. This interactive roundtable discussion brings together leading cybersecurity professionals, policymakers, and technology executives to explore the multifaceted challenges and opportunities in modern vulnerability disclosure practices.

This roundtable encourages an open, collaborative dialogue, with attendees sharing actionable insights into creating more effective and ethical vulnerability disclosure programs. Be prepared to leave with a deeper understanding of best practices, innovative strategies, and emerging trends that can help your organizations navigate the complexities of responsible vulnerability disclosure in an interconnected digital world.

Join us for this critical conversation and be part of shaping the future of vulnerability management beyond the bug bounty.

Participating professional associations and details to be announced.

Measuring one’s cybersecurity framework against others in the same industry, or even outside of their vertical, can provide valuable insights into areas to improve or adjust.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

This panel discussion confronts the challenge of building InfoSec teams with the skills to manage stress under pressure. Cybersecurity executive leaders explore how to create team cultures, practices, and processes for proactively building mental well-being instead of addressing mental health from a reactive position. Much like building a security program, the group looks at the role mindfulness can play in helping defenders increase job satisfaction, improve focus, and lower the risk of burnout. Attendees can expect to gain actionable insights and practical steps that can be implemented within their organizations to cultivate this type of resilience.

The rapid adoption of artificial intelligence (AI) and machine learning (ML) technologies is revolutionizing businesses across industries—but it’s also creating new challenges for CISOs and their cybersecurity teams. Compounding the issue is the surge in Shadow IT, where employees adopt unauthorized tools and applications, often powered by AI/ML, to boost productivity. This convergence of trends creates a double-edged sword: while AI/ML offers unprecedented opportunities to strengthen security and drive innovation, it also introduces significant risks. This forward-looking session explores:

• Emerging Trends in AI/ML Adoption: How organizations are leveraging AI/ML to improve efficiency and security, and what new use cases are on the horizon.
• The Shadow IT Explosion: How unsanctioned AI/ML tools bypass security controls, introducing vulnerabilities and compliance challenges.
• Implications for CISOs: The evolving role of CISOs in managing the risks and rewards of AI/ML and Shadow IT while maintaining visibility across sprawling tech ecosystems.
• Balancing Innovation and Security: Strategies for enabling AI/ML adoption responsibly while minimizing risk from Shadow IT practices.
• What’s Next: Predictions for how AI/ML technologies and Shadow IT will shape the future of cybersecurity programs.

Attendees walk away with actionable insights into how to stay ahead of the curve as AI/ML adoption accelerates and Shadow IT continues to grow. Whether you’re a CISO, security practitioner, or IT leader, this session prepares you to navigate the opportunities and risks of this rapidly evolving landscape.

Hear directly how someone who has spent years reviewing and prioritizing bug bounty program submissions approaches the task. In this talk, discover how to craft reports that stand out, ensuring your findings are presented for maximum impact and value. Discover the most common pitfalls to avoid, tips on how to structure your reports for clarity and precision, and hear highlights of the key elements triagers focus on to determine the severity and validity of vulnerabilities.

Tabletops are not new in incident response training. But oftentimes, they’re pretty dull or ridden with anxiety. But, what if we applied gamification and game-based learning techniques? By transforming tabletop exercises into interactive, engaging scenarios, with Dungeons & Dragons-style play, we can make them more memorable and effective!

This approach allows participants to practice critical skills, with a structure that encourages more balanced team involvement and participation, and dice-rolling to determine success and failure (that does a remarkable job in simulating a real-world experience). Enter HackBack Gaming! Why not build incident response “muscle” memory in a fun way? This session provides a foundation for you to start conducting exercises like this yourself right away.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

The human element is both the greatest vulnerability and the most powerful defense in cybersecurity. This interactive session aims to transform security awareness from a mere compliance checkbox into an integral part of your organizational DNA. Through engaging activities, including games, quizzes, and real-world scenarios, participants will learn how to identify risks, spot deepfakes, adopt secure behaviors, and foster a culture of accountability. Compete for awards and leave empowered to become a critical line of defense against cyber threats.

Technical skills are vital in cybersecurity, but soft skills; communication, empathy, adaptability, collaboration – are keys to true success. This session explores how mastering these abilities bridges gaps between technical and business professionals and enhances teamwork. Learn practical techniques through real-world examples to develop these competencies and see how they amplify your impact.

You’ve experienced a cyber incident. Does cyber insurance really pay? What’s actually a recoverable expense? How can insurance help? And when the insurance does pay, how do you balance the amount of insurance with cybersecurity priorities? In this session, we’ll evaluate the data and dig into recent real-world examples of how cyber insurance pays claims, what’s covered, the role of insurance in incident preparation and response, and how organizations are using analytics in decision-making.

Session description to come.

Moderated discussion for SecureWorld Advisory Council members. By invite only.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

Small and medium-sized businesses (SMBs) face more and more challenges in managing GRC functions amid the fast-evolving regulatory, cyber threat, data privacy, and general risks landscape. SMBs are usually limited by smaller teams and limited funds, which makes manual processes ineffective and error prone. In contrast, major organizations frequently have specialized staff to perform these duties. The SMBs search for a solution to efficiently handle GRC functions without taxing resources or spending excessive amounts of money as cybersecurity threats and regulatory demands increase. As regulatory demands are always growing and cybersecurity threats constantly evolve, SMBs are searching for ways to manage GRC functions effectively without straining resources or spending too much dollars. This session goes through a case study of an SMB that successfully transitioned from manual GRC processes to a fully automated system. Through the adoption of GRC automation, the company streamlined its risk management program, reduced human errors, and aligned more easily with highly regulated clients, thus supporting its long-term growth and creating a scalable compliance framework for the future.

Supply chain risk has become a critical concern for organizations worldwide, with vendors facing pressure to demonstrate reasonable cyber assurance. In the past, a simple questionnaire with yes/no answers was often sufficient to address these concerns. However, the landscape has shifted due to increased regulatory scrutiny and high-profile data breaches, significantly raising the bar around due diligence.

This session explores the evolving expectations in supply chain risk from a vendor perspective and provide valuable insights into best practices for:

• Crafting comprehensive questionnaire responses
• Developing and maintaining effective customer trust portals
• Leveraging third-party reports to enhance credibility
• Successfully navigating client audits

The presenters will share practical strategies to help organizations meet the standards of cyber assurance and enhancing trust with customers. Attendees will gain actionable insights to strengthen their risk management processes and better align with latest stringent requirements.

This presentation will cover accelerating skill development and cross-department collaboration efficiently and economically. Key takeaway: How to build a cyber guild and utilize it for expanded upskilling and role development.

Artificial intelligence (AI) and machine learning (ML) have emerged as powerful tools for cybersecurity professionals, offering the potential to revolutionize how organizations and individuals detect, analyze, and respond to cyber threats. Join us as we delve into the world of AI- and ML-powered cybersecurity, exploring the hidden potential of these technologies and their ability to transform cybersecurity superheroes into formidable defenders of the digital realm.

Our panel of experts unravel the intricate world of AI and ML in cybersecurity, shedding light on the latest advancements, emerging applications, and the challenges involved in harnessing the power of these technologies effectively. They discuss the use of AI in threat detection and analysis, ML-powered threat prediction, and the potential of AI-driven automated response capabilities.

Our panel provides a comprehensive overview of AI and ML in cybersecurity, empowering attendees to understand the hidden potential of these technologies and explore how they can be leveraged to enhance their organization’s cybersecurity posture. Learn how to identify and implement AI and ML solutions, overcome the challenges of data privacy and ethics, and embrace the future of AI-powered cybersecurity.

Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

This panel session explores how organizations can effectively integrate incident response playbooks, disaster recovery (DR) strategies, and business continuity (BC) planning to build resilience against disruptions. The discussion focuses on best practices, lessons learned, and actionable insights for ensuring operational stability during crises.

Session description to come.

Phishing is one of the leading cyberattacks worldwide, resulting in numerous social engineering training exercises to train average users to defend against these attacks. This discussion focuses on research that took a pool of users with three different phishing campaigns. Each campaign progressively has a phish that should be more advanced to spot than the previous phish presented. The research shows the psychological reasoning behind why a user will interact with a phish, regardless of educational awareness. Results include why a 0% or 100% report rate is unrealistic and how to use phishing metrics to quantify risk in a business.

In today’s dynamic cyber risk landscape, risk managers must stay informed and adapt their strategies accordingly. Recent global cyber events have had a profound impact on critical functions across multiple sectors, underscoring the gravity of cyber events. Risk managers also face complexities from trends like reliance on third parties and evolving data protection laws.

To successfully navigate these challenges, risk managers are tasked with learning from significant cyber events, implementing best practices for managing third-party cyber risk, and staying updated on privacy regulations. This session assists risk managers in effectively mitigating cyber risks and safeguarding their organizations by discussing strategies for managing third-party cyber risk and providing updates on privacy regulations.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Come join your fellow attendees for an exciting conclusion to the conference with a complimentary Happy Hour prior to a one-of-a-kind event.

The Cyber Pitch Battle Royale reimagines how cybersecurity vendors and senior leaders connect. Brought to life by the hosts of the award-winning cybersecurity podcast, Bare Knuckles and Brass Tacks, this event combines their raw energy with the fun of a comedy roast. The result is an electric atmosphere where vendors brave the stage for five minutes before a crowd that’s encouraged to cheer innovation and jeer jargon. With a panel of five CISO judges and an audience of decision-makers from Canada’s leading organizations, contestants will compete for the Battle of Toronto Champion Belt in a format that strips away traditional corporate pretense. This breakthrough event promises to transform industry networking through authenticity, humor, and high-energy engagement. As one CISO put it, “I didn’t know what to expect, but it blew my expectations. I’d wanna do this again and again!”

NOTE: You must register separately for the complimentary Happy Hour and Cyber Pitch Battle Royale; watch for that separate link to arrive in your conference registration confirmation email.