Security Day

May 2 - 3, 2023



The Province organizes and hosts two “Security Day” events each year (spring and fall), free of charge. 

Cyber security impacts all of us - professionally and personally.

That's why Security Day is open to everyone.

We encourage everyone to attend via webcast. This includes, but is not restricted to: government employees, broader public sector representatives, school districts, post secondary institutions, municipalities, crown corporations, and any individual interested in security.

The theme this May is Vulnerability Management: To Patch or Not to Patch? Silly Question!

Check out the notional agenda below and check back for updates.

Questions? Contact



May 2, 2023




9-9:05 am

Welcome and Logistics

Host – Brian Horncastle

9:05-9:10 am

Opening Remarks

Minister Lisa Beare (video greetings)


9:10-9:15 am Opening Remarks Assistant Deputy Minister Alex MacLennan

9:15-10 am


Vulnerability Management is Giving You a Vulnerability Overload

Enter attack surface management traditional approaches to Vulnerability Management (VM) have served the security industry well, providing a proven way for security teams to improve hygiene and ensure a base level of protection against known software vulnerabilities. But as the cloud, endpoints, tools, and the sheer volume of vulnerabilities expands, vulnerability management programs can no longer keep up. While only 5% of all vulnerabilities are ever exploited in the wild, VM programs have no means of determining which 5% they will.

Attack surface management solutions provide real-time visibility into vulnerabilities and attack vectors as they emerge. This presentation will break down how organizations can uplevel their vulnerability management program with actionable context in order to prioritize their unique vulnerabilities based on an attacker’s perspective.

Evan Anderson, Principal Technologist and Co-Founder of Randori (an IBM company)

10-10:45 am

Cyber Attack Threat Surfaces and Mitigations

A discussion of the various threat surfaces used in a cyber attack and how to mitigate them. Social Engineering, Weak Security, Software and Hardware Vulnerabilities and Insider accesses are exploits which threat actors use to attack and infiltrate systems and access data. Knowing where you’re vulnerable and knowing how to mitigate weakness are critical steps in protecting your data.  This presentation will discuss various threat surfaces and tactics used by threat actors and provide a basic overview on the actions you can take to identify and address security weaknesses before they can be exploited. 

Vanessa Clowe, Cyber Centre's Partnerships Team


10:45-10:55 am


10:55 am -11:40 am

Enhance Your Vulnerability Management Program

The speed at which modern IT has advanced over the past decade has contributed to an exponential rise in system vulnerabilities, matched by a dramatic increase in volume and sophistication of cyber-attacks. This has made it increasingly more difficult to maintain an environment secure. To successfully deal with this challenge, a well-defined Vulnerability Management Program is essential. But what functions and components make up a Vulnerability Management Program?


This presentation will explore the functions of a Vulnerability Management Program and show the audience a structured approach to assessing its components against a reference architecture to assist in developing a roadmap to enhance their Vulnerability Management Program.


Luis Castillo, Practice Director, Threat – Vulnerability Management and Remediation Services Cyber Defense and Applied Security, Optiv

11:40 am-12:25 pm

New Vulnerability Management Challenges for Remote Workers

Are you truly safe working from home? This presentation will explore the impacts and challenges that remote work has on vulnerability management.


Richard Henderson, Director, Privacy and Security Design

12:25-12:30 pm

Closing Remarks


Host - Brian Horncastle


May 3, 2023

9:00-9:05 am

Welcome and logistics

Host - Simran Cheema

9:05-9:10 am

Opening Remarks

Host - Simran Cheema

9:10-10:10 am

Workshop 1: Vulnerability Management in DevOps


SAST, DAST, IAST, RAST?  CI/CD? This workshop will explore processes and tools used in a DevOps build pipeline and describe how to apply vulnerability management best practices in their use.


Nick Corcoran and Bruce Li

10:10-10:15 am


10:15-11:15 am

Workshop 2: Vulnerability Management at Home


This presentation will explore the importance of securing your home network and smart appliances, highlighting the potential risks of not doing so. It will provide an overview of the key factors to consider when securing your network and managing your smart appliances, including changing default passwords, keeping software up-to-date, disabling unused features, securing your network, and being mindful of data privacy. By understanding the importance of network and appliance security and implementing best practices, you can help to protect your personal information and safeguard against potential threats. The presentation will emphasize the need to be vigilant and proactive about network and appliance security, and to stay up-to-date with emerging threats and best practices.


Alex Loffler

11:15-11:20 am


11:20 am-12:20 pm

Workshop 3: Patch Management

This workshop will outline the Province’s journey to reducing the burden of server patching.

Brian Price

12:20-12:30 pm


Host - Simran Cheema


A vulnerability is an exposed weakness with an IT system which a cyber criminal can exploit to cause harm. 

Vulnerabilities impact all of us - professionally and personally - on a daily basis.

As cyber threats continue to evolve, and cyber criminals develop and execute more sophisticated attacks, it is critical that people understand what a vulnerability is, and how to best manage and mitigate vulnerabilities.

Vulnerability management is the process of dealing with weaknesses that have exposures.

Vulnerability management matters because if we don’t patch our systems and if we don’t manage our systems, the software is not kept up to date. 

Over time, more and more vulnerabilities will be discovered for any given piece of software. 

That gives cyber criminals an avenue to potentially breach or gain access to a system and cause lots of harm. 

There could be financial costs and reputational costs from not taking proper measures – this could mean our citizens’ data could be at risk. 

This can result in a loss of data, or finances, and, consequently, governments and organizations can lose their citizens’ or clients’ trust and confidence.