Toronto CISO Executive Summit

Sensitive data movement can be risky but restricting it outright can create operational and security challenges. In an era of agentic AI, generative AI, and emerging quantum computing, organizations need security frameworks that protect data while ensuring agility. This session explores how modern security platforms enable secure data flow, adapt to diverse use cases and prepare for the post-quantum encryption (PQE) shift.

Join this keynote to learn:

• How to choose the right secure access method for each use case
• Why security must be adaptive to risk, user behavior and AI-driven interactions
• How to prepare for post-quantum encryption and its enterprise security impact

We’re all familiar with the idea that “the best defense is a good offense.” But for cybersecurity – where the mandate has always been “defend and protect” – how do CISOs truly go on the offensive? For Kees Pouw, CISO at Questrade, the answer lies in a high-fidelity cyber testing strategy. 

In this session, Kees shares how he built out an offensive security team that helped propel Questrade’s cybersecurity program, covering:

• Challenges preventing CISOs from doing enough testing to build confidence in controls
• Strategies and resources for building an offensive security strategy, whether inhouse or outsourced
• Considerations on the use of GenAI by inhouse cybersecurity office team

Canadian CISOs aren’t just battling malware—they’re managing analyst burnout, navigating U.S.-Canada political friction, and rethinking trust in their tech stacks. Add in adversarial AI, alert fatigue, and the eternal skills shortage, and you've got a landscape where threat intel can feel more like background noise than actionable signal. Meanwhile, AI is becoming the double-edged sword of our time—accelerating detection on one hand, fueling smarter phishing and deepfake attacks on the other.

Join this closed-door discussion to hear and discuss concrete insights for improving your threat intel program, including:

• Making your threat intelligence program actually usable across strategic, tactical, and technical layers
• Where to focus your limited people, money, and time without inducing a mutiny
• What shifting global alliances and data politics mean for vendor selection, compliance, and resilience

Quantum computing could make traditional cryptography unsafe within five years and break current encryption methods within ten years. Malicious actors are saving encrypted data now to decrypt it later when quantum computers are powerful enough. To protect against these future threats, governments and organizations are developing post-quantum cryptography (PQC) standards. As CISOs, it's important to stay updated with regulations and vendor capabilities for compliance and trust.

Join this roundtable session to:

• Enhance your understanding of the post-quantum cryptography landscape/timeline
• Connect with peers on how they are navigating quantum-readiness conversations
• Delve into essential considerations for leading security teams in a post-quantum era

Connect with like-minded peers in a one-on-one setting through Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

There is no one-size-fits-all method for articulating cybersecurity business value to the board and other stakeholders, often making it a challenge for CISOs to compete for continued investment and buy-in. How can cybersecurity leaders translate the strategic benefits of their programs into business value when quantitative data is limited, unavailable or difficult to defend?

In this session, Gartner Executive Partner Pierre Gourdon leverages the latest insights from the Gartner Research team to facilitate an interactive discussion on:

• Expressing the value of a cybersecurity in terms that relate to the board
• Evaluating the capabilities of your security and risk management program
• Developing a roadmap to balance risk management with facilitating business outcomes

While most cybersecurity programs are trapped in an endless cycle of patches and fixes, true transformation happens when CISOs shift both their mindsets and methods to break free of traditional thinking and welcome innovation.

Join veteran CISO Mike Melo and transformation expert Rob Oddi for a candid dialogue about reimagining the entire mindset of security leadership, addressing key concerns like:

• Reframing the role of security from reactive defense to strategic influence
• Demonstrating business value that resonates from the boardroom to the server room
• Embracing transformative change and driving true organizational impact

Finish the day sharing lessons learned with your peers over light fare and drinks at this closing reception hosted by the Toronto CISO Governing Body.