CISO Think Tank

At Canada Life, we’re focused on improving the financial, physical and mental well-being of Canadians. Whether handling policy claims, help growing and protecting clients’ retirement and investment savings, providing workplace mental health support for all employers or helping build stronger communities by investing in community projects, we are committed to putting the customer first in all that we do. That trust is built on the dedication, skill and energy of our employees and advisors and their commitment to our customers and to our communities.

Analytical problem-solver who uses technical background to bridge gap between business processes and system design. Responsible for managing information risks (threats, vulnerabilities, and impact). This includes assessing threats and vulnerabilities of information (and information systems) and evaluating how vulnerable information is to threats. Also responsible for providing leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor operational and strategic risks. Actively participates in the sponsorship, design and management of IS&RM process and metrics to ensure a robust and effective organization. Strong directional leadership skills by influence and trust. Entrusted to lead projects that have high impact to the organization.

A results-focused, forward-thinking, business minded Cyber Security, Security Architecture & Risk Management Leader with extensive experience and proven success at enabling business goals while invoking transformational change. Committed to strategic, risk focused innovation that aligns with the business and enables their goals while defending and supporting organizational interests. Recognized as a highly collaborative leader with a long history of managing large, globally distributed teams in high responsibility, error intolerant environments. Heavily invested in the team approach and committed to the maintenance of a positive work culture. Fluent in Spanish. Dated but revivable French. KEY ACCOMPLISHMENTS VALUE CREATION: Establishment of Cyber Security as a key enabler in revenue generation, through the mapping of compliance initiatives to the many government mandated compliance frameworks that gate sales in the current risk landscape (Biden Executive Order, CMMC, FedRAMP, CanRAMP, IRAP, ISMAP) Achievement of cost leadership with dramatic efficiency and efficacy gains through next generation methodologies & process modernization that lower the friction of governance and seamlessly integrate risk into the enterprise fabric. RISK MANAGEMENT: Strategic oversight of advanced risk tactics that leverage the power of Data Analytics, Machine Learning and other associated technologies to enable adaptive, effective and innovative solutions to previously unsolvable risk and security problems. CORPORATE GOVERNANCE: 22 years of successful compliance with Sarbanes-Oxley, SOC1 / 2, OSFI and NERC regulatory governance CORE AREAS OF STRENGTH Strategic Business Vision / Advanced Technology & Tactics Corporate Governance / Risk Management / Risk Analytics Data Protection / Data Loss Prevention / AI / Machine earning PCI-DSS / SOX / SOC 1 & SOC 2 / Privacy Compliance NIST / FIPS / COBIT / PIPEDA / GDPR / NYDFS / HIPPA Application Security – CI / CD, DevOps, DevSecOps Cloud Security Architecture / Zero Trust / IoT / SCADA Project / Program Management / Governance (Agile) $MM Budget Management / Large Team Leadership Executive Presentation & Large Audience Speaking

Arif Hameed is currently the Vice President & Chief Information Security Officer at Munich Re New Ventures. Munich Re New Ventures is the innovation arm of Munich Re Life & Health North America. Prior to joining Munich Re, he had roles in Security Advisory, IT Risk, Supply Chain Cyber Risk, Client Cybersecurity Assurance and IT Audit at major Canadian Banks and a global Credit Bureau. He actively volunteers for professional associations including ISACA, Cloud Security Alliance, Evanta, EC-Council and participates in advisory committees for academic programs in Cybersecurity and IT Audit. He also has presented, moderated and took part in panels for Cybersecurity events including the RSA Conference, SecureWorld, ISMG, secureCISO, BrightTALK etc. He has obtained the CISSP, CISA, CRISC, GSTRT, ISO27001 LA and ABCP certifications. Specialties: -Cybersecurity Strategy -IT Risk Management -Client Security Assurance -Supply Chain Cyber Risk, RFP and Contract Security Schedules -Information Security Advisory -Access Management Lifecycle / Logical Access -Business Continuity Management / Disaster Recovery -Physical and Environmental Security Reviews -Frameworks: NIST CSF / ISO 27xxx / PCI DSS / CCM / SOC / ISF SoGP -Regulations: SOX 404, OSFI, PIPEDA, NYDFS , BaFin VAIT Professional Memberships: ISACA (ISC)2 Disaster Recovery Institute International (DRII) Institute of Corporate Directors High Tech Crime Investigation Association (HTCIA)

David Masson is Darktrace’s Director of Enterprise Security, and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. David is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major international and national media outlets in Canada where he is based. He holds a master’s degree from Edinburgh University.

Recognized as one of the 2022 Top 20 Women in Canada, Octavia Howell has spent her career protecting some of the world’s largest financial institutions from cyber attacks. Today, she serves as Equifax Canada’s Chief Information Security Officer and is the Founder and CEO of Augustus Redefined, an organization focused on the advise ent of Black Women in Cyber. Octavia believes a security leader should mentor, motivate trust, and lead their teams to act with integrity and transparency. She often says, “A team is only as strong as their leaders and each leader casts a shadow that they will be held accountable for.” Octavia is motivated by the belief that we are placed on this earth to help each other achieve greatness (whatever that may be).

Strategic IT Operations Executive with expertise in driving Information Security programs within business units. A big picture visionary delivers business continuity while ensuring best in class security systems; implementing new technologies and process improvements to ensure up to date technology platforms. Leads by example, modelling accountability, ownership, and clear and consistent communication. Adaptable leader, builds and fosters talented teams, champions excellence and innovation. An author, public speaker, motivator, passionate about information security and data privacy. Over the years Samer was able to build DevOps teams from ground up, lead corporate wide complex modernization projects, and move IT operation from on-premises to cloud without causing any business outage. Samer is the IT Security leader and CISO with one of Canada’s largest health benefits providers. Focusing on the security and privacy of members’ data. Also, leading security delivery within a complex digital transformation program. Samer was the Technology Operations and security leader with Canada’s #1 meal kit provider, leading a team of professionals in Cybersecurity, IT Infrastructure and Operations. Samer was the VP Infrastructure and Chief Information Security Officer to the largest payment processing network in Canada, leading a team of 70 professionals. Samer was the Head of Information Security and Internal Controls for one of the well-known retailers in Canada. Leading a team of security professionals to provide the best information security protection possible and maintain compliance with regulator’s requirements. Before, Samer was the CISO for the Canadian office of a Global IT Consultancy company. He Managed a team which was responsible for providing a complete cyber security service externally to the clients and internally within a Global structure. Samer was the CISO for the largest payment processing company in Canada. Samer could maintain PCI-DSS complaint status for the company for 2012 – 2014 and PA-DSS status for all their payment applications. In addition, Samer served with the largest network provider for white label ATMs with the same capacity. Samer have more than 30 years’ experience in Information Security and Information Technology Infrastructure support. Samer holds a degree in Computer Science and Information Technology. PCIISA, PCIP, CISM. Samer published two books in Computer Maintenance. Both books are part of the Grade 11 & 12 curriculum.

With over 30 years of experience in the IT industry, including more than two decades specializing in cybersecurity, I am a seasoned professional known for visionary leadership and comprehensive expertise in safeguarding organizations from evolving cyber threats. Key Highlights: * Cybersecurity Visionary: Throughout my career, I have consistently developed and executed robust cybersecurity strategies that align seamlessly with organizational objectives. I excel at protecting critical assets, data, and systems while proactively identifying and mitigating risks. My specialties encompass advanced threat analysis, cyber risk management, incident response, security architecture design, and regulatory compliance. As a cybersecurity visionary, I have pioneered solutions that fortify organizations against emerging threats. * Agility and Problem-Solving: My career has been marked by my ability to tackle complex challenges with agility and innovation. I leverage my expertise in cybersecurity methodologies, industry best practices, and compliance standards to provide effective solutions. * Mentorship and Leadership: I take pride in guiding and mentoring cybersecurity teams to excel in vulnerability assessment, threat detection, incident response, and recovery. I am deeply committed to fostering a culture of continuous learning and professional growth. * Communication and Work Ethic: My strong work ethic, exceptional interpersonal skills, and adept relationship-building capabilities are complemented by my proficiency in multitasking and effective communication. I thrive on embracing challenging tasks and delivering results. I am passionate about the ever-evolving field of cybersecurity and committed to contributing my expertise to secure and protect businesses in the digital age. Let's connect and explore opportunities to collaborate or share insights in this dynamic industry.

Mr. Zalewski currently provides CISO, security consulting and security advisory services. These include: • International cybersecurity advisor and trainer. • Executive advisory board member for security startups, providing guidance on security market direction and product requirements. • CISO advisory board member for venture capital firms internationally. • vCISO for companies requiring temporary or part-time CISO expertise. Services also include guidance and solutions to address incident response, security program design, security assessment, security due-diligence, vendor/supplier due-diligence, security architecture review, board reporting and other key security leadership requirements. Operational experience in Healthcare, Utilities and International Retail verticals. Key Strengths: •Organizational Management •Strategic Planning & Execution •Enterprise Security Architecture/Strategy •Executive and BOD Security Governance/Reporting •Cybersecurity Incident Response •Security Risk & Compliance Management Additionally, I co-hosts the CISOSeries Defense-in-Depth Podcasts and am a frequent speaker and panel moderator at industry events.

I am a passionate cybersecurity engineering and sales professional with a unique mix of leadership, technical skills and business acumen. I've spent time working in both the public and private sectors, which has allowed me to experience organizations with varying cultures and needs. I work best when solving challenging, complex problems and I am skilled at conveying recommendations in such a way that everyone, especially the non-technical folks in the C-suite, can understand the value in the solution that is being provided. I enjoy working in teams where I can learn from others and provide mentoring to my fellow team members. I've never met a challenge that I won't take head on and, even when I fail, I look at everything I do in life as a learning experience.

Information Technology Leader with a focus on Security, Architecture and Operations. Experienced in regulatory compliances & security frameworks: HIPAA, PCI, SOX, COBIT, ISO, NIST, SANS20. Consistently leading strategic planning, policy development and day-to-day operations of information security function in close coordination with all corporate departments aligned with corporate vision. Proficient in target enumeration, vulnerability assessments, risk analysis and management, open source intelligence gathering, social engineering, IDS/IPS and SIEM tools.