Security Day - May 2-3, 2023

Last updated on May 16, 2023

Question for you – is your cyber security game up to patch? Vulnerabilities impact all of us - professionally and personally, every day. As cyber threats evolve, and cyber criminals develop and execute more sophisticated attacks, it is critical people understand what a vulnerability is, and how to best manage and mitigate vulnerabilities.

The May, 2023 Security Day event - To Patch or Not to Patch? Silly Question! - discussed best practices around network and device security and tips on how organizations can best handle vulnerability management.

Security Day presentations and workshops provided government and private sector perspectives, and outlined overall best practices for:

vulnerability and patch management
defining, identifying, and resolving vulnerabilities in an exposed system
deep dives into attack/threat surfaces and mitigation, penetration testing, and handling vulnerabilities in your home environments as a remote worker

Following the presentations, on May 3, Security Day will feature three workshops, all of which will provide in-depth approaches to various angles of vulnerability management.

AGENDA: SECURITY DAY: TO PATCH OR NOT TO PATCH? SILLY QUESTION!

PRESENTATION DAY: May 2, 2023
Time	Presentation	Speaker
9-9:05 am	Welcome and Logistics	Host – Brian Horncastle
9:05-9:10 am	Opening Remarks	Minister Lisa Beare (video greetings)
9:10-9:15 am	Opening Remarks	Assistant Deputy Minister Alex MacLennan
9:15-10 am	Vulnerability Management is Giving You a Vulnerability Overload Enter attack surface management traditional approaches to Vulnerability Management (VM) have served the security industry well, providing a proven way for security teams to improve hygiene and ensure a base level of protection against known software vulnerabilities. But as the cloud, endpoints, tools, and the sheer volume of vulnerabilities expands, vulnerability management programs can no longer keep up. While only 5% of all vulnerabilities are ever exploited in the wild, VM programs have no means of determining which 5% they will. Attack surface management solutions provide real-time visibility into vulnerabilities and attack vectors as they emerge. This presentation will break down how organizations can uplevel their vulnerability management program with actionable context in order to prioritize their unique vulnerabilities based on an attacker’s perspective.	Evan Anderson, Principal Technologist and Co-Founder of Randori (an IBM company)
10-10:45 am	Cyber Attack Threat Surfaces and Mitigations A discussion of the various threat surfaces used in a cyber attack and how to mitigate them. Social Engineering, Weak Security, Software and Hardware Vulnerabilities and Insider accesses are exploits which threat actors use to attack and infiltrate systems and access data. Knowing where you’re vulnerable and knowing how to mitigate weakness are critical steps in protecting your data. This presentation will discuss various threat surfaces and tactics used by threat actors and provide a basic overview on the actions you can take to identify and address security weaknesses before they can be exploited.	Vanessa Clowe, Cyber Centre's Partnerships Team
10:45-10:55 am	Break
10:55 am -11:40 am	Enhance Your Vulnerability Management Program The speed at which modern IT has advanced over the past decade has contributed to an exponential rise in system vulnerabilities, matched by a dramatic increase in volume and sophistication of cyber-attacks. This has made it increasingly more difficult to maintain an environment secure. To successfully deal with this challenge, a well-defined Vulnerability Management Program is essential. But what functions and components make up a Vulnerability Management Program? This presentation will explore the functions of a Vulnerability Management Program and show the audience a structured approach to assessing its components against a reference architecture to assist in developing a roadmap to enhance their Vulnerability Management Program.	Luis Castillo, Practice Director, Threat – Vulnerability Management and Remediation Services Cyber Defense and Applied Security, Optiv
11:40 am-12:25 pm	New Vulnerability Management Challenges for Remote Workers Are you truly safe working from home? This presentation will explore the impacts and challenges that remote work has on vulnerability management.	Richard Henderson, Director, Privacy and Security Design
12:25-12:30 pm	Closing Remarks	Host - Brian Horncastle
WORKSHOP DAY May 3, 2023
9:00-9:05 am	Welcome and logistics	Host - Simran Cheema
9:05-9:10 am	Opening Remarks	Host - Simran Cheema
9:10-10:10 am	Workshop 1: Vulnerability Management in DevOps SAST, DAST, IAST, RAST? CI/CD? This workshop will explore processes and tools used in a DevOps build pipeline and describe how to apply vulnerability management best practices in their use.	Nick Corcoran and Bruce Li
10:10-10:15 am	Break
10:15-11:15 am	Workshop 2: Vulnerability Management at Home This presentation will explore the importance of securing your home network and smart appliances, highlighting the potential risks of not doing so. It will provide an overview of the key factors to consider when securing your network and managing your smart appliances, including changing default passwords, keeping software up-to-date, disabling unused features, securing your network, and being mindful of data privacy. By understanding the importance of network and appliance security and implementing best practices, you can help to protect your personal information and safeguard against potential threats. The presentation will emphasize the need to be vigilant and proactive about network and appliance security, and to stay up-to-date with emerging threats and best practices.	Alex Loffler
11:15-11:20 am	Break
11:20 am-12:20 pm	Workshop 3: Patch Management This workshop will outline the Province’s journey to reducing the burden of server patching.	Brian Price
12:20-12:30 pm	Closing	Host - Simran Cheema

May 2, 2023: Presentations

Expand All | Collapse All

Security Day Presentation Day: Introduction

Security Day May 2023 Presentation Day - Brian Horncastle Opening

Minister of Citizens' Services Brian Horncastle introduces Security Day.

Minister Lisa Beare Opening Remarks

Security Day May 2023 Presentation Day - Minister Lisa Beare

Minister Lisa Beare introduces Security Day

Alex MacLennan Opening Remarks

Security Day May 2023 Presentation Day - Alex MacLennan Introduction

Alex McLennan introduces Security Day and the subject of vulnerability management

Vulnerabilty Management is Giving You A Vulnerability Overload

Security Day May 2023 Presentation Day - Evan Anderson's Presentation

Cyber Attack Threat Surfaces & Mitigations

Security Day May 2023 Presentation Day - Vanessa Clowe Presentation

Enhance Your Vulnerability Management Program

Security Day May 2023 Presentation Day - Luis Castillo's Presentation

New Vulnerability Management Challenges for Remote Workers

Security Day May 2023 Presentation Day - Richard Henderson's Presentation

May 3, 2023: Workshops

Expand All | Collapse All

Security Day Workshop Day: Introduction

Security Day May 2023 Presentation Day - Simran Intro

Introduction to the workshops for Security Day

Workshop: Vulnerability Management in DevOps

Security Day May 2023 Presentation Day - Nick and Bruce's Presentation

Workshop: Vulnerability Management at Home

Security Day May 2023 Presentation Day - Alex Loffler's Presentation

Workshop: Patch Management

Security Day May 2023 Presentation Day - Brian Price's Presentation

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics