Presentation Information 2025
Presentations
Navigating the Underworld: An Introduction to the Dark Web
Presented by John Cuzzola (Director of Information Security, TRU)
Track: Main
Time & Location: Grand Hall - 10:00-10:45PM
Have you ever wondered what lies beneath the surface of the internet we use daily? This presentation offers a guided exploration of the mysterious world of the dark web. Learn the distinctions between the World Wide Web, the deep web, and the dark web, and dispel common misconceptions about these layers of the internet.
Discover the origins of the TOR network, its role in maintaining anonymity, and its uses—both legitimate and nefarious. Through a layman-friendly explanation and live demonstrations, you’ll gain insights into how the TOR network operates, precautions to take, and why it’s a double-edged sword.
We’ll also compare search results between the World Wide Web and the Dark Web, and take a controlled visit to pre-screened dark web sites, including insights into a popular hacker group.
Time & Location: Grand Hall - 10:00-10:45PM
Have you ever wondered what lies beneath the surface of the internet we use daily? This presentation offers a guided exploration of the mysterious world of the dark web. Learn the distinctions between the World Wide Web, the deep web, and the dark web, and dispel common misconceptions about these layers of the internet.
Discover the origins of the TOR network, its role in maintaining anonymity, and its uses—both legitimate and nefarious. Through a layman-friendly explanation and live demonstrations, you’ll gain insights into how the TOR network operates, precautions to take, and why it’s a double-edged sword.
We’ll also compare search results between the World Wide Web and the Dark Web, and take a controlled visit to pre-screened dark web sites, including insights into a popular hacker group.
Demo - Uncovering Dark Web Threats Through Network Traffic
Presented by Anthony Aighobahi (TRU Faculty)
Track: Technical
Time & Location: Terrace Room - 11:00-12:10PM
The dark web presents unique challenges for cybersecurity, with threats often concealed within seemingly ordinary network traffic. This presentation delves into the art and science of network traffic analysis to identify and investigate these hidden dangers. Using a PCAP file as a practical case study, we will explore methods to establish baseline activity, detect anomalies such as suspicious domains and non-standard protocols, and analyze high-volume data transfers. Attendees will gain practical tools and techniques to extract actionable intelligence, uncover hidden threats, and enhance their ability to safeguard against dark web-related risks.
Time & Location: Terrace Room - 11:00-12:10PM
The dark web presents unique challenges for cybersecurity, with threats often concealed within seemingly ordinary network traffic. This presentation delves into the art and science of network traffic analysis to identify and investigate these hidden dangers. Using a PCAP file as a practical case study, we will explore methods to establish baseline activity, detect anomalies such as suspicious domains and non-standard protocols, and analyze high-volume data transfers. Attendees will gain practical tools and techniques to extract actionable intelligence, uncover hidden threats, and enhance their ability to safeguard against dark web-related risks.
Exploring the Dark Web: Technology, Risks, and Ethics
Presented by Antonio Brandao (BCNET)
Track: Technical
Time & Location: Terrace Room - 1:05-2:45PM
We'll explore best practices for communication using PGP encryption, safe cryptocurrency transactions, and monitoring network traffic. Hands-on activities will include practical demonstrations of creating hidden services, configuring Tor relays, and using tools like OnionShare. The session will also cover advanced topics like ransomware chat simulation using Python, dark web crawling and analysis, and leveraging Docker containers for enhanced security.
With real-world examples and step-by-step demonstrations, this presentation equips participants with the knowledge and tools to engage with the Dark Web for research, cybersecurity, or educational purposes.
Time & Location: Terrace Room - 1:05-2:45PM
We'll explore best practices for communication using PGP encryption, safe cryptocurrency transactions, and monitoring network traffic. Hands-on activities will include practical demonstrations of creating hidden services, configuring Tor relays, and using tools like OnionShare. The session will also cover advanced topics like ransomware chat simulation using Python, dark web crawling and analysis, and leveraging Docker containers for enhanced security.
With real-world examples and step-by-step demonstrations, this presentation equips participants with the knowledge and tools to engage with the Dark Web for research, cybersecurity, or educational purposes.
Zero Trust or Zero Chance
Presented by Luke Timms, Clayton Huston, & Joshua Topnik (Arctic Wolf)
Track: Main
Time & Location: TRUSU Lecture Hall, 1st floor - 1:05-1:50PM
This presentation highlights the challenges of cyber insurance amid ransomware threats and the imperative for proactive organizational strategies. Key takeaways include: the underestimated costs of downtime, potential insurer disputes, and the importance of a robust cybersecurity framework. Cyber insurance has limitations, such as delayed payouts and contested claims. Organizations must prioritize Business Continuity and Disaster Recovery readiness by regularly testing backups and automating recovery processes, as effective data protection is crucial for ensuring resilience against ransomware attacks.
Time & Location: TRUSU Lecture Hall, 1st floor - 1:05-1:50PM
This presentation highlights the challenges of cyber insurance amid ransomware threats and the imperative for proactive organizational strategies. Key takeaways include: the underestimated costs of downtime, potential insurer disputes, and the importance of a robust cybersecurity framework. Cyber insurance has limitations, such as delayed payouts and contested claims. Organizations must prioritize Business Continuity and Disaster Recovery readiness by regularly testing backups and automating recovery processes, as effective data protection is crucial for ensuring resilience against ransomware attacks.
Breakout Session 1
Regaining Focus in Cybersecurity: How to Dig Out and Stay Ahead
Presented by Luke Timms, Clayton Huston, & Joshua Topnik (Arctic Wolf)
Track: Main
Time & Location: Alpine Room, 1st floor - 1:05-1:50PM
IT teams are overwhelmed by the sheer volume of alerts and false positives, leading to wasted time, burnout, and missed threats. This presentation will show you how to break the cycle of alert fatigue by leveraging Arctic Wolf to remove the noise and prioritize what matters most. Learn how Arctic Wolf allows you to focus on high-value security work, reduce false positives, and stay ahead of the evolving threat landscape.
In addition, Arctic Wolf will be joined by Luke Timms, who will be speaking about his experience as an Arctic Wolf customer. Luke will be outlining the tangible value that Arctic Wolf has brought to the City of Kelowna.
Time & Location: Alpine Room, 1st floor - 1:05-1:50PM
IT teams are overwhelmed by the sheer volume of alerts and false positives, leading to wasted time, burnout, and missed threats. This presentation will show you how to break the cycle of alert fatigue by leveraging Arctic Wolf to remove the noise and prioritize what matters most. Learn how Arctic Wolf allows you to focus on high-value security work, reduce false positives, and stay ahead of the evolving threat landscape.
In addition, Arctic Wolf will be joined by Luke Timms, who will be speaking about his experience as an Arctic Wolf customer. Luke will be outlining the tangible value that Arctic Wolf has brought to the City of Kelowna.
The Dark Web and Your Legal Risks and Obligations
Presented by Alex Cameron (Fasken Law Firm)
Track: Main
Time & Location: Grand Hall - 1:05-1:50PM
The Dark Web remains almost completely unknown to most organizations and yet it gives rise to an increasing range of crucial questions about organizations’ legal risks and obligations. Should organizations be monitoring the Dark Web for relevant hits, including about their service providers and data? Is Dark Web monitoring required after a data breach? Would a failure to do so constitute negligence or breach of statutory obligations? What steps must be taken if relevant hits are identified or if law enforcement alerts the organization to a threat? Should organizations pay a ransom to prevent the sale or posting of data on the Dark Web? The Dark Web has the potential to impact all organizations. In this session, we will tackle the answers to some of the key legal questions that intersect with the Dark Web.
Time & Location: Grand Hall - 1:05-1:50PM
The Dark Web remains almost completely unknown to most organizations and yet it gives rise to an increasing range of crucial questions about organizations’ legal risks and obligations. Should organizations be monitoring the Dark Web for relevant hits, including about their service providers and data? Is Dark Web monitoring required after a data breach? Would a failure to do so constitute negligence or breach of statutory obligations? What steps must be taken if relevant hits are identified or if law enforcement alerts the organization to a threat? Should organizations pay a ransom to prevent the sale or posting of data on the Dark Web? The Dark Web has the potential to impact all organizations. In this session, we will tackle the answers to some of the key legal questions that intersect with the Dark Web.
How We Do It: Using the Darkweb for Offensive Security
Presented by Evan Gordenker (Palo Alto Networks)
Track: Main
Time & Location: Summit Room - 1:05-1:50PM
Evan is a Senior Consulting Manager for our Unit 42 Threat intelligence & Incident Response team.
Time & Location: Summit Room - 1:05-1:50PM
Evan is a Senior Consulting Manager for our Unit 42 Threat intelligence & Incident Response team.
DevSecOps: From Buzzword to Business Driver
Presented by Drew Grubb, Chris King (IX Solutions)
Track: Main
Time & Location: Grand Hall - 2:00-2:45 p.m.
How a foundation in DevSecOps can help protect your organization from threat actors. A dive into understanding what DevSecOps is, and how it builds a foundation to help businesses to deliver high quality, reliable, and secure solutions, faster. This session will explore the core concepts of DevSecOps, the practices that make it up, as well as the value it brings to an organization. We will also explore what DevSecOps in an organization might look like, how to get started with DevSecOps and what some of the best practices are for your DevSecOps journey. We will also discuss some of the challenges, risks, and pitfalls organizations commonly face in adopting DevSecOps practices, and how your organization can be prepared to meet them head on.
Time & Location: Grand Hall - 2:00-2:45 p.m.
How a foundation in DevSecOps can help protect your organization from threat actors. A dive into understanding what DevSecOps is, and how it builds a foundation to help businesses to deliver high quality, reliable, and secure solutions, faster. This session will explore the core concepts of DevSecOps, the practices that make it up, as well as the value it brings to an organization. We will also explore what DevSecOps in an organization might look like, how to get started with DevSecOps and what some of the best practices are for your DevSecOps journey. We will also discuss some of the challenges, risks, and pitfalls organizations commonly face in adopting DevSecOps practices, and how your organization can be prepared to meet them head on.
Breakout Session 2
Synergy in Security: How Cross-Functional Teams Safeguard Personal Information Against Dark Web Exploits
Presented by Alma Klarich, Marina Sparks, Vera Merkusheva (Thompson Rivers University)
Track: Main
Time & Location: Grand Hall - 3:00-3:45PM
In an era where personal information is increasingly targeted by malicious actors on the dark web, it is imperative for institutions to adopt a holistic and collaborative approach to security. This session will discuss the successful collaboration between Privacy, Information Security, and Internal Audit at TRU. By leveraging the unique strengths and perspectives of each team, we have maximized our ability to protect our PI landscape. Attendees will gain insights into roles & responsibilities of each area, best practices/guiding principles, governance, and an overview of how MS Purview can be used to mitigate risks. Join us to learn how a unified approach can enhance your institution’s resilience against dark web threats and ensure the protection of sensitive information.
Time & Location: Grand Hall - 3:00-3:45PM
In an era where personal information is increasingly targeted by malicious actors on the dark web, it is imperative for institutions to adopt a holistic and collaborative approach to security. This session will discuss the successful collaboration between Privacy, Information Security, and Internal Audit at TRU. By leveraging the unique strengths and perspectives of each team, we have maximized our ability to protect our PI landscape. Attendees will gain insights into roles & responsibilities of each area, best practices/guiding principles, governance, and an overview of how MS Purview can be used to mitigate risks. Join us to learn how a unified approach can enhance your institution’s resilience against dark web threats and ensure the protection of sensitive information.
Uncharted Waters: Navigating Privacy Risks in a World of Evolving Technologies
Presented by Kunle Adewumi (Kirke-Consulting)
Track: Main
Time & Location: Summit Room, 2nd floor - 3:00-3:45PM
As technology advances at an unprecedented pace, new opportunities for innovation are matched by equally significant risks to personal data privacy. Emerging technologies such as artificial intelligence (AI), machine learning, and the Internet of Things (IoT) are reshaping the landscape of data collection, use, and exploitation. However, these advancements also create fertile ground for both internal and external threats.
Tools like FraudGPT and WormGPT are arming threat actors with sophisticated capabilities, enabling them to exploit vulnerabilities and monetize illegally obtained personal data in ways previously unimaginable. This presentation explores how these evolving technologies are fueling privacy risks and provide actionable insights to future-proof an organization's privacy program. Case studies will also be presented, highlighting recent examples of privacy challenges posed by cutting-edge technologies and the innovative solutions employed to address them.
Time & Location: Summit Room, 2nd floor - 3:00-3:45PM
As technology advances at an unprecedented pace, new opportunities for innovation are matched by equally significant risks to personal data privacy. Emerging technologies such as artificial intelligence (AI), machine learning, and the Internet of Things (IoT) are reshaping the landscape of data collection, use, and exploitation. However, these advancements also create fertile ground for both internal and external threats.
Tools like FraudGPT and WormGPT are arming threat actors with sophisticated capabilities, enabling them to exploit vulnerabilities and monetize illegally obtained personal data in ways previously unimaginable. This presentation explores how these evolving technologies are fueling privacy risks and provide actionable insights to future-proof an organization's privacy program. Case studies will also be presented, highlighting recent examples of privacy challenges posed by cutting-edge technologies and the innovative solutions employed to address them.
The Russian Digital Police State From 1984 to 2024
Presented by Joseph Alexander Brown (TRU Faculty)
Track: Main
Time & Location: Alpine Room, 1st floor - 3:00-3:45PM
The Russian Federation's descent into an authoritarian digital police state demonstrates a case study of the slow degradation of rights for citizens in the digital domain. This talk will examine the gradual process from a state refounded with a constitution with clear individual rights in the 90s to a digitalized police state in a war economy. The problem will be examined from the lenses of the loss of personal rights for Russian citizens and the impact on Canada via digital and informational warfare, such as misinformation campaigns, hacking, and physical attacks on infrastructure.
Time & Location: Alpine Room, 1st floor - 3:00-3:45PM
The Russian Federation's descent into an authoritarian digital police state demonstrates a case study of the slow degradation of rights for citizens in the digital domain. This talk will examine the gradual process from a state refounded with a constitution with clear individual rights in the 90s to a digitalized police state in a war economy. The problem will be examined from the lenses of the loss of personal rights for Russian citizens and the impact on Canada via digital and informational warfare, such as misinformation campaigns, hacking, and physical attacks on infrastructure.
The Dark Web and AI: A New Era of Cyber Threats
Presented by Hank Fordham & Conor Anwyll (X10 Technologies/Darktrace/Styx)
Track: Main
Time & Location: Terrace Room, 2nd floor - 3:00-3:45PM
As organizations embrace zero-trust architectures, the dark web and AI-driven cyber threats present new challenges to securing corporate networks. This session explores the intersection of the dark web, AI, and zero-trust principles, revealing how cybercriminals exploit leaked credentials and sensitive data to bypass traditional defenses. Dive into real-world examples of AI-powered attacks and learn how cutting-edge solutions like Darktrace align with Zero Trust strategies to identify and mitigate threats. Discover how to fortify your organization against the evolving digital threat landscape, ensuring resilience in a world where trust must be earned at every layer.
Time & Location: Terrace Room, 2nd floor - 3:00-3:45PM
As organizations embrace zero-trust architectures, the dark web and AI-driven cyber threats present new challenges to securing corporate networks. This session explores the intersection of the dark web, AI, and zero-trust principles, revealing how cybercriminals exploit leaked credentials and sensitive data to bypass traditional defenses. Dive into real-world examples of AI-powered attacks and learn how cutting-edge solutions like Darktrace align with Zero Trust strategies to identify and mitigate threats. Discover how to fortify your organization against the evolving digital threat landscape, ensuring resilience in a world where trust must be earned at every layer.
Getting Them to Give a Damn: Inspiring Personal Accountability for Cybersecurity Risk Mitigation
Presented by Tim Sweet (Team Work Excellence Leadership Consulting)
Track: Main
Time & Location: Grand Hall - 4:00-4:45PM
Cybersecurity is a critical issue globally, yet the biggest challenge isn’t just the technology—it’s getting people to care enough to act. From employees to customers and the public at large, many disengage because cyber-risk feels too abstract, complex, inconvenient, or unstoppable. This session focuses on how to get people to give a damn, avoid apathy, gain optimism, and take personal accountability for being part of mitigating risks.
Tim Sweet will explore why people often fail to engage in cybersecurity efforts, diving into psychological barriers like apathy, distraction, and the perceived inconvenience of security protocols. More importantly, he’ll explain why many tactics we currently use to motivate are ineffective and offer actionable strategies for leaders to inspire their staff, students and constituents to actively engage in cybersecurity as a shared responsibility.
Time & Location: Grand Hall - 4:00-4:45PM
Cybersecurity is a critical issue globally, yet the biggest challenge isn’t just the technology—it’s getting people to care enough to act. From employees to customers and the public at large, many disengage because cyber-risk feels too abstract, complex, inconvenient, or unstoppable. This session focuses on how to get people to give a damn, avoid apathy, gain optimism, and take personal accountability for being part of mitigating risks.
Tim Sweet will explore why people often fail to engage in cybersecurity efforts, diving into psychological barriers like apathy, distraction, and the perceived inconvenience of security protocols. More importantly, he’ll explain why many tactics we currently use to motivate are ineffective and offer actionable strategies for leaders to inspire their staff, students and constituents to actively engage in cybersecurity as a shared responsibility.
