Event Agenda

• What should be our first steps in the scenario of a cyber attack on our OT systems? What should be our priorities in both protection and response?
• How can we best prevent panic in such a scenario? What can we do to ensure that downtime is limited and that impact is minimised?
• How can we best mitigate risk to prevent future attacks? How can we build our teams so they are prepared for such attacks?
• How can we best communicate with our boards in the event of an attack?
• How can we best take care of our teams following an attack? What can we do to tackle stress and anxiety that may occur post an attack?
• What can we do so we are best prepared to respond to a cyber attack?

– Moderator: Caroline Turcotte, Section Head of Information Infrastructure (Water Section), Ville de Montréal
– Christian Moreira, BISO, McKesson
– Martin Laberge, Executive Director / CISO, Énergir
– Prashant Prashant, Senior Cyber Security Advisor, Enbridge
– Matin Foomani, OT Cyber Security Research Engineer, Transport Canada
.

Get a masterclass in ICS/OT cyber governance. Learn how to launch, right-size, and sustain a program, keep momentum alive, and maximize your risk ROI. Walk away with actionable strategies to strengthen security, reduce risk, and deliver business value – whether you lead the program or support it.
.
– Peter Jackson, Principal Industrial Consultant, Dragos

• What the current threat landscape looks like facing operators of critical infrastructure across Canada
• The risks faced to our OT security due to geopolitical instability
• How we can best ensure our assets are protected from dangers brought against our operations due to the biggest risks of today
• How can we best ensure our supply chains are protected from the biggest threats of today
• Where we can develop a geostrategic strategy that ensures security and overcomes significant risks to our OT systems

– Richard Larose, Cyber Principal, Strategic Advisor on Bill C-8, Cyber Partnership, Canadian Center for Cyber Security
.

Join WSP and KPMG for this previously unseen joint conference session, as we share insights on the fundamentals of Cyber-Resilient Business Operations. Discussion will include the evolving technology and threat landscape, prevailing challenges in 2025 and beyond, with a deep-dive on practical implementation of Cyber-Readiness and Incident-Response Program
– Chris Johnson, Senior Director, Industrial OT Cybersecurity | Digital Infrastructure, WSP
– Alexander Rau, Partner – Cyber Security,, KPMG
.

This presentation details Hydro Ottawa’s journey toward a proactive security posture in the face of grid modernization. It introduces a systematic threat modeling process as a strategic approach to address the new challenges of increasingly interconnected Operational Technology (OT) systems. The methodology, which is a blueprint for identifying and mitigating security risks, requires all stakeholders to work on specific OT requirements stemming from the MITRE framework. This unique approach is demonstrated through two real-world use cases showing how a structured process was applied to overcome specific cybersecurity challenges in new OT environments.
.
– Jojo Maalouf, Director, Cybersecurity and IT Infrastructure, Hydro Ottawa & Abdelrahman Eldosouky, Supervisor, Cybersecurity, Hydro Ottawa
.

Consequence boundaries are connections between networks with dramatically different worst-case consequences of compromise – eg: the IT/OT interface. Network engineering deterministically prevents cyber attacks pivoting through consequence boundaries. Both are part of the emerging Cyber-Informed Engineering methodology – making modest changes to physical and automation designs to eliminate entire categories of cyber threats. In this presentation, we introduce CIE, consequence boundaries and network engineering, provide examples of the most widely-used network engineering techniques, and explore in which scenarios / designs each technique is most useful.
.
– Andrew Ginter, VP Industrial Security, Waterfall Security

The rapid automation and digitalisation of transportation operations deliver clear efficiencies but also introduce complex OT cyber security risk. Transport Canada is presenting a case study on Maritime Autonomous Surface Ships (MASS), where incident “frequency” is largely unknown yet a rigorous risk model is required. Transport Canada developed a structured approach that pairs a comprehensive vulnerability inventory with MITRE ATT&CK for both Enterprise and ICS. Vulnerabilities are organized into domain-specific groups and mapped to tactics and techniques to prioritize threats without relying on historical rates. We estimate “severity” using exposure, attacker effort, and the plausibility of ATT&CK chains, augmented by analog OT evidence and scenario-based priors. Key lessons: treat MASS and Remote Operation Center as a system-of-systems; adversary behaviors span IT/OT boundaries; supplier and cloud dependencies shift risk; and the human-in-the-loop remains decisive. Next, we are advancing this work toward a Canadian national standard for MASS cyber security at Transport Canada to enable consistent, evidence-based controls and resilient autonomous maritime operations.
.
– Matin Foomani, OT Cyber Security Research Engineer, Transport Canada

Digital transformation within industrial, critical infrastructure, building automation, and other complex environments is delivering a wide array of benefits, including accelerated productivity, cost savings, improvements in operations, quality of service, and innovation. However, this digital advancement is expanding the enterprise’s attack surface by creating connectivity between previously isolated OT environments and their IT counterparts. This connectivity has far outpaced industrial organisations’ abilities to properly secure their networks–resulting in new attack pathways in extremely valuable and mission-critical CPS environments. This session will hence explore how we can utilise zero trust controls and microsegmentation to protect our networks.
.
– Christian Moreira, BISO, McKesson
.

This session will explore the importance of collaboration, standards and information sharing among stakeholders in the OT security ecosystem. It will delve into a case study of how to deal with issues in the area exploring an example in critical infrastructure. It will explore public-private partnerships, information sharing platforms, and threat intelligence sharing initiatives specific to critical national infrastructure protection. It will discuss how we can establish trust, overcome legal and regulatory challenges, and foster an environment of cooperation among government agencies, industry sectors, and cyber security experts. This will allow attendees to gain insights into effective collaborative approaches and how collective efforts can lead to a stronger OT security posture.
.
– Dawn Nedohin-Macek, CISO, Manitoba Hydro

As cyber security has, and continues to evolve rapidly, many organisations still focus solely on detection and response. The missing piece to this equation is investigation. Investigation is the key to understanding threats, not just reacting to them. Focusing on detection and response alone can lead teams to inefficient practices: chasing down false positives and lacking the contextual insights required to effectively understand the scale and scope of a security incident. With investigation, security teams can understand where threats have impacted the network to improve response efficacy and more strategically mitigate incidents. Join us for a session where we will unpack how you can leverage data analytics in your investigations for smarter, stronger security.
.
– Patrick Blais, Cyber Security Principal Netscout
.

.
T1. – Building Comprehensive Cyber Strategies Despite Budgetary Constraints
Martin Laberge, Executive Director / CISO, Énergir
.
T2. – Beyond the Perimeter: A Proactive Path to OT Visibility and Resilience
Ellen Boehm, SVP, IoT & AI Identity Innovation, Keyfactor
.
T3. – Defending the Frontline: Cyber Security Strategies Across IT and OT Networks
Stephen Nichols, Country Manager, Canada, Acronis

• What is Bill C-8? What provincial regulations do we have here in Quebec?
• Does more need to be done to regulate unregulated OT industries?
• Are regulations a necessity? If so, what should they include? Does compliance with regulations open up a false sense of security?
• Should we look to NIS2 and CISA, and our other allies and use their regulations as standards? What standards can we implement internally to ensure security?
• Are Bill C-8 and other regulations enough to ensure security for both our manufacturers and critical infrastructure companies?

– Moderator: Tom Bornais, CISO, NAV CANADA
– Richard Larose, Cyber Principal, Strategic Advisor on Bill C-8, Cyber Partnership, Canadian Center for Cyber Security
– Dany Guimond-Valcourt, Cybersecurity Lawyer, LCM Avocats inc.
.

• What does an effective OT security business case look like? Why is it important for us to develop a good business case for our cyber security strategies?
• How can we best quantify risk to sell our cyber strategies to our boards? How can we best sell our cyber security cases to board-level executives?
• How can an effective business case help us in mitigating risk?
• How can we overcome vendors moving to subscription models despite lack of budgets internally?
• How can we best sell our business cases beyond board-level executives and implement security throughout our infrastructures?
• What are some easy wins in building a business case that effectively mitigates risk?

– Moderator: Osman Saleem, Program Manager – ICS and OT Cyber Security, Greater Toronto Airports Authority
– Garret Austin, Senior Director of OT/Security and Digital Applications, Agropur
– Alex Charbonneau, CISO, Lassonde Industries
– Danny Fullerton, CISO, Boralex Inc.
– Umang Barman, Sr Director of Product Marketing, Zscaler
– Roberto Suzuki, Senior Director – Operational Technologies, Fortinet
.

According to 2025 Zscaler ThreatLabz research, the manufacturing industry has consistently been the single largest target of ransomware attacks. Despite millions spent on traditional security, cyberattackers are compromising factories at record levels. How? Lateral movement. Join this session and learn:

• How to achieve end-to-end zero trust segmentation without bringing down a single endpoint
• Which legacy security solutions you can now safely remove to reduce cost and sprawl
• An actionable strategy to improve uptime and operational safety while massively shrinking the factory attack surface

– Umang Barman, Sr Director of Product Marketing, Zscaler
.

Artificial intelligence (AI) is playing a massive role in contributing to new cyber attacks, proving to be a “huge challenge” moving forward, according to NATO. Nevertheless, rogue actors are utilising AI quicker than we are to protect our cyber security systems. This session will discuss:

• How we can best overcome new AI threats in light of increasing use of ransomware-as-a-service and geopolitical threats
• Provide a deep-dive into how we can adapt technically to new AI Threats.
• Explore how we can overcome the threats AI brings to the region to build a new strategy

– Sebastien Barthelemy, CISO, Kruger & Sébastien Mayer, OT Cybersecurity Advisor, Kruger
.

• Cyber and physical threats are an ever-present threat to our businesses’ operations. This session will also provide a framework to ensure we can stay one step ahead and implement a disaster recovery plan. It will explore:
• What the biggest threats facing Canadian Critical Infrastructure and Manufacturers are
• Where we can adapt our strategies to ensure we stay cyber resilient
• A framework we can use to ensure early detection and active defense tactics and techniques to prevent future cyber attacks
• What a good disaster recovery plan looks like

.
– Chanez Zahzah, , Corporate Director, Governance, Risk & Compliance, Société d’habitation du Québec
.

When building a comprehensive cyber strategy, it is vital to understand that appropriate governance and cultural transformation within your organisation is more important and integral to the success of any technical transformation. This session will hence explore:
.

• How we can best overcome challenges through our IT-OT Convergence
• Why an effective governance strategy is crucial while our OT Systems are being brought online
• Where we can overcome cultural differences between IT-OT professionals to ensure our systems remain secure.
• Follow a case study example of how effective governance has been achieved through IT-OT convergence

– Osman Saleem, Program Manager – ICS and OT Cyber Security, Greater Toronto Airports Authority
.

In an increasingly connected world, organizations must secure both physical and digital environments while ensuring a seamless user experience. Beyond Passwords and Badges: Biometric Identity for Unified Access Management explores how biometric technologies—such as facial recognition and fingerprint—integrated with identity proofing and verification capabilities within a KYC-enabled platform, are redefining digital management. Leveraging SDK orchestration, these solutions unify physical and logical identities under a single, secure framework. This session highlights how biometric-driven identity verification enhances security, reduces fraud, and streamlines onboarding while showcasing real-world applications and the future of identity management in a high-security environment
.
– Ceres Silva, Solutions Director, IDEMIA

This session will invite the audience to see a simulated OT Cyber Programme, brought to you by Prashant Prashant from Enbridge. N.B. participants must have their own laptop.
.
– Prashant Prashant, Senior Cyber Security Advisor, Enbridge & Rajat Kumar Kundu, OT Network & Cyber Security Specialist, Enbridge
.

T1. – Ramping up Our OT Security Programmes While Staying Operational
– Garret Austin, Senior Director of OT/Security and Digital Applications, Agropur
.
T2. – Discussing The OT Cyber Attack Simulation Further
– Prashant Prashant, Senior Cyber Security Advisor, Enbridge & Rajat Kumar Kundu, OT Network & Cyber Security Specialist, Enbridge
.
T3. – Putting Our Mental Health First: How Can We Ensure Our Teams Stay Motivated Against an Expanding Threat Landscape?
– Bryan Methot, Director of IT, Rebox Corp
.

.

• How can we best assess risk to mitigate against cyber threats to our OT Systems?
• How can standardising a third-party risk management program across all supply chain participants can help protect against risk?
• What can be done to strengthen the regulatory framework in order to protect our supply chains?
• Where can we implement provocative policies to protect our supply chains from cyber attacks into 2026 and beyond?

– Singuyen Vo, CISO, ICAO
.

• What are the most significant threats we face today? How will these threats evolve to present new challenges for the future of cyber security in Canada
• How can we prepare today, through risk mitigation strategies, to defend against tomorrow?
• How do current geopolitical tensions and trade wars exacerbate the current challenges our organisations face? Do they?
• Moving forward, how will AI, Quantum Computing and other new technologies exacerbate the threats of today? What new threats will they create for our organisations?
• What can we do to ensure our organisations are best positioned to deal with the threats of tomorrow?

– Moderator: Martin Laberge, Executive Director / CISO, Énergir
– Ramzi Naouali, Senior Manager of Infrastructure and Cyber Security, Hôpital Montfort
– Kayode Alawonde, ISC2 Saskatchewan Chapter President, ISC2 Saskatchewan
– Sebastien Barthelemy, CISO, Kruger
.