Security Day - May 2-3, 2023

Question for you – is your cyber security game up to patch? Vulnerabilities impact all of us - professionally and personally, every day. As cyber threats evolve, and cyber criminals develop and execute more sophisticated attacks, it is critical people understand what a vulnerability is, and how to best manage and mitigate vulnerabilities.

The May, 2023 Security Day event - To Patch or Not to Patch? Silly Question! - discussed best practices around network and device security and tips on how organizations can best handle vulnerability management.

Security Day presentations and workshops provided government and private sector perspectives, and outlined overall best practices for:

  • vulnerability and patch management
  • defining, identifying, and resolving vulnerabilities in an exposed system
  • deep dives into attack/threat surfaces and mitigation, penetration testing, and handling vulnerabilities in your home environments as a remote worker

Following the presentations, on May 3, Security Day will feature three workshops, all of which will provide in-depth approaches to various angles of vulnerability management.




May 2, 2023




9-9:05 am

Welcome and Logistics

Host – Brian Horncastle

9:05-9:10 am

Opening Remarks

Minister Lisa Beare (video greetings)


9:10-9:15 am Opening Remarks Assistant Deputy Minister Alex MacLennan

9:15-10 am


Vulnerability Management is Giving You a Vulnerability Overload

Enter attack surface management traditional approaches to Vulnerability Management (VM) have served the security industry well, providing a proven way for security teams to improve hygiene and ensure a base level of protection against known software vulnerabilities. But as the cloud, endpoints, tools, and the sheer volume of vulnerabilities expands, vulnerability management programs can no longer keep up. While only 5% of all vulnerabilities are ever exploited in the wild, VM programs have no means of determining which 5% they will.

Attack surface management solutions provide real-time visibility into vulnerabilities and attack vectors as they emerge. This presentation will break down how organizations can uplevel their vulnerability management program with actionable context in order to prioritize their unique vulnerabilities based on an attacker’s perspective.

Evan Anderson, Principal Technologist and Co-Founder of Randori (an IBM company)

10-10:45 am

Cyber Attack Threat Surfaces and Mitigations

A discussion of the various threat surfaces used in a cyber attack and how to mitigate them. Social Engineering, Weak Security, Software and Hardware Vulnerabilities and Insider accesses are exploits which threat actors use to attack and infiltrate systems and access data. Knowing where you’re vulnerable and knowing how to mitigate weakness are critical steps in protecting your data.  This presentation will discuss various threat surfaces and tactics used by threat actors and provide a basic overview on the actions you can take to identify and address security weaknesses before they can be exploited. 

Vanessa Clowe, Cyber Centre's Partnerships Team


10:45-10:55 am


10:55 am -11:40 am

Enhance Your Vulnerability Management Program

The speed at which modern IT has advanced over the past decade has contributed to an exponential rise in system vulnerabilities, matched by a dramatic increase in volume and sophistication of cyber-attacks. This has made it increasingly more difficult to maintain an environment secure. To successfully deal with this challenge, a well-defined Vulnerability Management Program is essential. But what functions and components make up a Vulnerability Management Program?


This presentation will explore the functions of a Vulnerability Management Program and show the audience a structured approach to assessing its components against a reference architecture to assist in developing a roadmap to enhance their Vulnerability Management Program.


Luis Castillo, Practice Director, Threat – Vulnerability Management and Remediation Services Cyber Defense and Applied Security, Optiv

11:40 am-12:25 pm

New Vulnerability Management Challenges for Remote Workers

Are you truly safe working from home? This presentation will explore the impacts and challenges that remote work has on vulnerability management.


Richard Henderson, Director, Privacy and Security Design

12:25-12:30 pm

Closing Remarks


Host - Brian Horncastle


May 3, 2023

9:00-9:05 am

Welcome and logistics

Host - Simran Cheema

9:05-9:10 am

Opening Remarks

Host - Simran Cheema

9:10-10:10 am

Workshop 1: Vulnerability Management in DevOps


SAST, DAST, IAST, RAST?  CI/CD? This workshop will explore processes and tools used in a DevOps build pipeline and describe how to apply vulnerability management best practices in their use.


Nick Corcoran and Bruce Li

10:10-10:15 am


10:15-11:15 am

Workshop 2: Vulnerability Management at Home


This presentation will explore the importance of securing your home network and smart appliances, highlighting the potential risks of not doing so. It will provide an overview of the key factors to consider when securing your network and managing your smart appliances, including changing default passwords, keeping software up-to-date, disabling unused features, securing your network, and being mindful of data privacy. By understanding the importance of network and appliance security and implementing best practices, you can help to protect your personal information and safeguard against potential threats. The presentation will emphasize the need to be vigilant and proactive about network and appliance security, and to stay up-to-date with emerging threats and best practices.


Alex Loffler

11:15-11:20 am


11:20 am-12:20 pm

Workshop 3: Patch Management

This workshop will outline the Province’s journey to reducing the burden of server patching.

Brian Price

12:20-12:30 pm


Host - Simran Cheema

May 2, 2023: Presentations


Security Day May 2023 Presentation Day - Brian Horncastle Opening

Minister of Citizens' Services Brian Horncastle introduces Security Day.


Security Day May 2023 Presentation Day - Minister Lisa Beare

Minister Lisa Beare introduces Security Day


Security Day May 2023 Presentation Day - Alex MacLennan Introduction

Alex McLennan introduces Security Day and the subject of vulnerability management


Security Day May 2023 Presentation Day - Evan Anderson's Presentation


Security Day May 2023 Presentation Day - Vanessa Clowe Presentation


Security Day May 2023 Presentation Day - Luis Castillo's Presentation


Security Day May 2023 Presentation Day - Richard Henderson's Presentation


May 3, 2023: Workshops


Security Day May 2023 Presentation Day - Simran Intro

Introduction to the workshops for Security Day


Security Day May 2023 Presentation Day - Nick and Bruce's Presentation


Security Day May 2023 Presentation Day - Alex Loffler's Presentation



Security Day May 2023 Presentation Day - Brian Price's Presentation