During a two-day IT security education conference held in Toronto, better known as SecTor, and the first event of its kind in central Canada, over 400 IT professionals from across the country were briefed on the security threats facing the Canadian and global IT industry today.
SecTor was created by the founders of TASK, a North American IT security usergroup, in the hopes that this annual event will help raise awareness around the threats that organizations may or may not know.
CDN recently sat down with Brian Bourne, founder of SecTor to discuss details around the event as well as some emerging threats that are becoming more prevalent in Canada and the rest of the world.
CDN: Give me some background on how SecTor really came into fruition as this is the first ever-event of its kind to be held here in Toronto?
Brian Bourne: Our first TASK event was in February 2005 so we certainly learned a fair bit around what people want to learn about. TASK now has over now has over 2,000 active members. I think it really demonstrates a market need in the security space. People need and want this. What happens in the U.S. are many good conventions and I’m one of the fortunate few who can go to most of them. I always come back frustrated that Canada doesn’t have anything like this going on. What we’ve tried to do at SecTor is we’ve essentially tried to take the best of the greatest things that happen stateside and bring them here with a Canadian perspective. There’s a lot of good security talent here in Canada and an event like this provides an opportunity for them all to connect.
CDN: Why is SecTor so important to you and what are you hoping attendees will take away from this event?
B.B.: I’m very passionate around this whole space. I hope people will learn a lot and they’re able to go back with eyes wide open and be able to better protect their own environment. I think that’s certainly some of the feedback we’re getting. Now with that knowledge, they can go back and do that job better. The other thing that has been fantastic is the speakers are engaging in all kinds of interesting debates with attendees and there’s really a good community coming out of this with people connecting and sharing ideas and coming together to develop them further, and that’s a really great outcome as well.
CDN: If you had to choose one overall, broad message or theme from this event, what would that be and why?
B.B.: It’s definitely tough to choose a single because one of the things we’ve done here is go through a large diversity of topics. From the network layer and the general server structure, right to packet-level attacks to social engineering.
CDN: Do you think Canadian businesses are taking their data and infrastructures seriously enough when it comes to security practices and policies, why or why not?
B.B.: From an overall Canadian perspective, Canadian businesses have an over-confidence with their IT security. That attitude is fairly prevalent, so certainly events like this help raise awareness. The IT practitioners themselves want better understand security in general and let’s face it, security’s a sexy topic.
CDN: What would you say are the three most common underground threats that are facing majority of Canadian and global businesses today and how can businesses better protect themselves from these threats?
B.B.: From a technical level, threats are moving more to the application layer from the network layer. But even on the network layer, there are still some threats that are happening so as an overall trend, things are going from the application layer into the user. So tricking the user into doing things like social engineering. Certainly from a technical standpoint, you’re talking about where the threats are coming from. The network perimeters are usually well secured, whereas the inside is not. So over the last couple of years you hear a lot of people talking about insider threats and I think now it’s becoming more understood what that means and people are starting to really know where to move the protection layers now.
CDN: This is the first year of SecTor and already it had over 400 attendees, so what can we expect to see around this event next year and the years following?
B.B.: SecTor 2008 will be held here again on October 7-8. That ties in nicely to the government’s IT security month, which is going to be October as well. And what you’ll see a bunch of events come together like what happened this year. IT security week happened in a small way this year. Next year we’re hoping to formalize that a bit more. People can come here and get a whole series of relevant training. As far as our event and content goes, we’re going to fine tune what we’ve done. We’re going to follow the same type of format in terms of tracks and we’re going to make sure each session will give people a good diversity of selection to choose from. And overall, we just want to grow our attendance for this event out. I’m very happy that the security community wants to tie together around this event. We’re blown away with the support from all layers, from government to the industry sponsors and all of the speakers that have come here for this great cause. The support has been spectacular.